InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Tennessee amends its Consumer Protection Act
Recently, the Governor of Tennessee signed into law HB 2711 (the “Act”) which amends, among other things, the state’s Consumer Protection Act. In particular, the Act establishes the factors that a court may consider when determining a civil penalty for violation of the Consumer Protection Act. The court may consider (i) the defendant’s participation in the attorney’s general complaint resolution process; (ii) and the defendant’s restitution efforts prior to the action; (iii) whether there was good or bad faith; (iv) injury to the public; (v) one’s ability to pay; (vi) the public’s interest in eliminating the benefits derived by the violator; and (vii) the state’s interest. Additionally, the Act expands its protection of elderly people to “specially targeted consumers” which includes persons who are at least 60 years old, persons under 18, and current and former military service members. Persons who are found to have targeted specially targeted consumers can be liable for penalties up to $10,000. Furthermore, the Act makes other changes such as procedural requirements for actions brought by the attorney general. The Act is effective immediately.
Florida enacts new requirements for payment transaction classification
On May 2, the Governor of Florida signed into law HB 939 (the “Act”) which, among other things, will expand the definition of “depository institution” and amend the requirements for information returns relating to payment-card and third-party network transactions.
As it will relate to Florida’s commercial financing disclosure law, the Act will expand the definition of “depository institution” to mean a bank, credit union, savings or thrift association, or an industrial loan company doing business under the authority of a charter issued by the U.S., Florida, or any other state or territory which is authorized to transact business in Florida and is insured by the FDIC or NCUA Share Insurance Fund.
Additionally, the Act will require third-party settlement organizations handling transactions for participating payees located in Florida to establish a system to identify whether transactions are for goods and services or are personal payments. Third-party settlement organization will be required to create a mechanism that clearly obligates the sender to classify the transaction type prior to completion. The Act will also set forth how the sender of the payment will be responsible for categorizing the transaction accurately. Furthermore, third-party settlement organizations will be instructed to keep detailed records that reflect the transaction type as specified by the sender. However, this requirement will not be applicable to third-party settlement organizations that are contractually bound to process transactions exclusively for goods and services. The Act will define “participating payee,” “third party network transaction,” and “third party settlement organization” as defined by the Internal Revenue Code. The Act will go into effect July 1.
Maine enacts new money transmission law in line with the Money Transmission Modernization Act
On April 22, the Governor of Maine signed into law LD 2112 (the “Act”) which will codify a new law titled the “Maine Money Transmission Modernization Act.” The Act will amend and repeal many parts of the state’s money transmission laws and brought the law more in alignment with the Money Transmission Modernization Act, the model law drafted with a goal of creating a single set of nationwide standards and requirements. The stated purpose of the Act will be to coordinate with states to reduce the regulatory burden, protect the public from financial crimes, and standardize licensing activities allowed and exempted by Maine.
Among many other new provisions, the Act will require any person which engages in the business of money transmission or advertises, solicits, or holds itself out as providing money transmission to obtain a license. The Act will define “money transmission” as “(i) [s]elling or issuing payment instruments to a person located in [Maine]; (ii) [s]elling or issuing stored value to a person located in [Maine]; or (iii) [r]eceiving money for transmission from a person located in [Maine].” However, the Act will exempt, an agent of the payee to collect and process a payment from a payor to the payee for goods or services, other than money transmission services, provided certain criteria are met. Additionally, the Act will exempt certain persons acting as intermediaries, persons expressly appointed as third-party service providers to an exempt entity, payroll processors, registered futures commission merchants and securities broker-dealers, among others. Anyone claiming to be exempt from licensing may be required to provide information and documentation demonstrating their qualification for the claimed exemption.
The Act also will include a section on virtual currency, which will be defined as “a digital representation of value that: (i) [i]s used as a medium of exchange, unit of account or store of value, and (ii) [i]s not money, whether or not denominated in money.” The Act will specify that “virtual currency business activity” will include, among other activities, exchanging, transferring, storing, or engaging in virtual currency administration, whereas “virtual currency administration” will be defined as issuing virtual currency with the authority to redeem the currency for money, bank credit or other virtual currency.
The Act will require certain reporting, including about the licensee’s condition, financial information, and money transmission transactions from every jurisdiction, among other types of information. The amendments will also outline numerous licensing application and renewal procedures including net worth, surety bond, and permissible investment requirements. Maine will now join several other states that adopted the model law. The Act takes effect on July 16 of this year.
Oklahoma amends SAFE Act licensing provisions
On April 29, Oklahoma enacted SB 1492 (the “Act”) which amends the Oklahoma Secure and Fair Enforcement for Mortgage Licensing Act by, among other things, expanding the definition of “mortgage broker” to include servicing a residential mortgage, defining “servicing” to include holding servicing rights, as well as significantly adjusting fees and annual assessments for licensees. With respect to mortgage servicing, the law defines servicing as “the administration of a resident mortgage loan following the closing of such loan” and further states that an entity will be serviced if it “either holds the servicing rights, or engages in any activities determined to be servicing, including: (a) the collection of monthly mortgage payments; (b) the administration of escrow accounts; (c) the processing of borrower inquiries and requests; and (d) default management.” The definition of “mortgage lender” already includes an entity that “makes a residential mortgage loan or services a residential mortgage loan” and will be approved by HUD, Fannie Mae, Freddie Mac, or Ginnie Mae. The Act adds a new section allowing licensees to permit their employees and independent contractors to work at remote locations, subject to certain conditions regarding policies and procedures for customer contact information and data, maintenance of physical records, and prohibitions on in-person customer interactions, among other things. Finally, the Act will add or amend certain fees and their annual assessment determinations, including assessments based on loan volumes for originated loans and others for serviced loans during the assessment period. The Act will go into effect on November 1.
Florida enacts telemarketing exemption from credit counseling services law
On April 26, the Governor of Florida signed into law HB 1031 (the “Act”), which will amend Florida’s credit counseling services law to provide an exception for telemarketers and sellers that furnish “debt relief services” (as defined under the federal Telemarketing and Consumer Fraud and Abuse Prevention Act and the Telemarketing Sales Rule: i.e., the TSR). Generally, the law places certain disclosure, financial reporting, and fee charging obligations on any person engaged in “debt management services” or “credit counseling services.” The amendment will provide those telemarketers or sellers that “provide any debt relief service” within the scope of the TSR will not be subject to the provisions of Florida’s credit counseling law as long as they do not receive from the debtor or disburse to a creditor any money or items of value. The Act will go into effect on July 1.
FDIC submits amicus brief in Colorado DIDMCA opt-out case
On April 23, the FDIC submitted an amicus brief to the U.S. District Court for the District of Colorado in support of the defendant: the Colorado attorney general. This case involved Colorado HB 23-1229 (the “Act”), which was enacted on June 5, 2023, and will become effective on July 1. As previously covered by InfoBytes, trade groups filed a complaint in the U.S. District Court for the District of Colorado and moved for a preliminary injunction seeking to prevent enforcement of Section 3 of the Act. Section 3 purported to “opt out” of Section 521 of the DIDMCA which had allowed state-chartered banks to export rates of their home state across state borders.
Section 525 of DIDMCA allows any state to enact legislation to opt out of Section 521 with respect to “loans made in such State.” In the brief, the FDIC argued that courts interpreting federal law have concluded “it is reasonable to conclude that interstate loans are made in the state in which the borrower enters into the transaction and in the state in which the lender enters into the transaction” and that “[i]t would be arbitrary and artificial to select one state when the parties enter into the transaction in two different states.” Thus, according to the FDIC, loans would be made in a state if either the borrower or the lender entered into the transaction in that state. Therefore, the FDIC argued that plaintiffs were incorrect in claiming that the opt-out would apply to loans made by out-of-state creditors to borrowers who were physically located in Colorado.
In addition, the FDIC disagreed with plaintiffs’ argument that FDIC General Counsel Opinion No. 11, 63 Fed. Reg. 27282 (May 18, 1998), which set forth the FDIC’s position regarding where a bank is “located” for purposes of section 27 of the Federal Deposit Insurance Act, was applicable to interpreting Section 525. The FDIC’s amicus brief stated that Opinion 11 does not address opt-out or Section 525. Moreover, the FDIC argued that “where a loan is made under Section 525 cannot be equated with where a bank is located under Section 521.” The FDIC disagreed similarly with plaintiffs’ reliance on the 1978 Supreme Court of Marquette Nat’l Bank v. First of Omaha Serv. Corp., on the grounds that it concerned where a bank was located and not considered where a loan is “made.”
The plaintiffs’ reply brief will be submitted by May 7, and a hearing of the pending motion for a preliminary injunction has been scheduled for May 16.
Tennessee amends caller ID law
On April 22, Tennessee enacted HB 2504 (the “Act”), which amends the Tennessee Consumer Protection Act of 1977 to specify that it is illegal for: (i) “[a] person, in connection with a telecommunications service or an interconnected VoIP service, to knowingly cause any caller identification service to transmit misleading or inaccurate caller identification information to a subscriber with the intent to defraud or cause harm to another person or to wrongfully obtain anything of value”; and (ii) “[a] person, on behalf of a debt collector or inbound telemarketer service, to knowingly cause any caller identification service to transmit misleading or inaccurate caller identification information, including caller identification information that does not match the area code of the person or the debt collector or inbound telemarketer service the person is calling on behalf of, or that is not a toll-free phone number, to a subscriber with the intent to induce the subscriber to answer.”
The Act is effective on July 1.
Nebraska enacts a comprehensive data privacy law
On April 17 Nebraska enacted LB 1074 (the “Act”), establishing a comprehensive consumer data privacy law. The Act applies to a person that is not a small business (as determined under the federal Small Business Act) who conducts business in Nebraska or produces a product or service used by Nebraska consumers and who processes or sells personal data. The Act includes exemptions for certain classes of data, including data subject to the Gramm-Leach-Bliley Act, as well as for certain entities including state agencies, financial institutions and their affiliates, nonprofits, higher education institutions, and covered entities or business associates governed by the privacy, security, and breach notification rules issued by the Department of Health and Human Services.
The Act grants consumers the right to (i) request information about whether their data is being processed; (ii) access their data; (iii) correct inaccuracies; (iv) delete their data; (v) obtain a portable copy of their data; and (vi) opt out of certain uses of their data, such as targeted advertising, sale, or “profiling in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.” Controllers, defined as persons that determine the purpose and means of processing personal data, must respond to authenticated consumer requests within 45 days and may extend the period once by another 45 days if necessary. If a request is denied, consumers must be informed of the reasons and instructed on how to appeal to the Attorney General. Controllers must offer a free response to two requests per year from each consumer but may charge a fee or refuse to act if requests are unfounded or excessive. Controllers also must establish an appeals process for consumers whose requests are denied, and inform the consumer of the outcome of their appeal within 60 days.
Rights afforded to consumers under the Act cannot be waived or limited by contract or agreement. Further, under the Act, controllers must provide consumers with a clear privacy notice including information similar to that required under the Gramm-Leach-Bliley Act.
The Act is effective on January 1, 2025, and enforceable by the Attorney General and does not provide a private right of action.
CFPB supports Connecticut’s bill to ban medical debt on credit reports
On April 15, the CFPB released a letter written by Brian Shearer, the Assistant Director within the Office of Policy Planning and Strategy, throwing the Bureau’s support behind Connecticut’s new bill to bar medical debt on credit reports. The proposed bill, SB 395, has passed its committee in the first chamber. This legislation would align Connecticut with similar legislation in Colorado and New York, and the CFPB noted that the “preemption of state law is narrow under both the [FDCPA] and the [FCRA], and states may… limit the inclusion of information about a person’s allegedly unpaid medical bills on consumer reports.” The CFPB announced in September 2023 its NPRM to prohibit creditors from using medical bills in underwriting decisions (as covered by InfoBytes here). According to the letter, “[m]edical debt is categorically different from most types of consumer tradelines that typically appear on consumer reports. Consumers frequently incur medical bills in unique circumstances that differ from other forms of credit extension, and CFPB research has found that medical debt is less predictive of future consumer credit performance than other tradelines.”
Iowa enacts new money transmission provisions
On April 10, Iowa’s governor signed into law HF 2262 (the “Act”) relating to money transmission services. The Act will exempt a person appointed as an agent of a payor for purposes of providing payroll processing services from licensure, provided that their agreement and services meet certain conditions. The Act will also allow the superintendent to suspend or revoke a licensee’s license, should they, among other things: (i) violate the Act; (ii) fail to cooperate with an examination or investigation conducted by the superintendent; (iii) engage in willful misconduct or blindness and, which leads to a conviction of an authorized delegate for violating a state or federal anti-money laundering statute, or violates the Act, a rule adopted under the Act, or an order issued under the Act; or (iv) engage in an unsafe or unsound practice. Further, the Act will detail different scenarios in which the superintendent may pursue an enforcement action. For instance, if the superintendent determined any violations were “likely to cause immediate and irreparable harm to the licensee, the licensee’s customers, or the public, or cause insolvency” the superintendent may issue a cease and desist order. Finally, the Act will provide guidelines for investigations, civil penalties, criminal penalties, and administrative proceedings. The Act became effective upon enactment and will apply retroactively to July 1, 2023.