InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI proposal would consider ISAs as student loans
On September 9, the California Department of Financial Protection and Innovation (DFPI) issued a notice of proposed rulemaking to adopt new regulations and amend current regulations implementing the Student Loan Servicing Act (Act), which provides for the licensure, regulation, and oversight of student loan servicers by DFPI (formerly the Department of Business Oversight) (previously covered by InfoBytes here). The proposed rulemaking also outlines new clarifications to the Student Loans: Borrower Rights Law, which was enacted in 2020 (effective January 1, 2021) to provide new requirements for student loan servicers (previously covered by InfoBytes here).
In its initial statement of reasons for the new regulations, DFPI noted that since the Act took effect five years ago, additional private student loan financing products have emerged, such as income share agreements and installment contracts, which use terminology and documentation distinct from traditional loans. DFPI commented that while lenders and servicers of these products have asserted that their products do not fall within the definition of a student loan and are not subject to the statute’s requirements, these education financing products serve the same purpose as traditional loans—“help pay the cost of a student’s higher education"—and are therefore student loans subject to the Act, and servicers of these products must be licensed and comply with all applicable laws. The proposed rulemaking, among other things, (i) defines the term “education financing products,” which now fall under the purview of the Act, along with other related terms; (ii) amends various license application requirements, including amended financial requirements for startup applicants; (iii) outlines provisions related to non-licensee (e.g., servicers that do not require a license but that are subject to the Student Loans: Borrower Rights Law) filing requirements; and (iv) specifies that servicers of all education financing products must submit annual aggregate student loan servicing reports to DFPI. The proposed rulemaking also removes certain unnecessary requirements based on DFPI’s experience in administering the Act to reduce the regulatory burden.
Comments on the notice of proposed rulemaking are due October 28.
States, Democrats urge card companies to create gun-store MCC
On September 2, the California and New York attorneys general sent a letter to the CEOs of three credit card companies asking for the establishment of a unique merchant category code (MCC) for gun store purchases, writing that a specially-designated MCC would help companies flag suspicious activity. The letter follows recent requests sent by several congressional Democrats to the same companies urging them to establish an MCC code for guns. According to the Democrats’ letter, MCCs are four-digit codes maintained by the International Organization for Standardization (ISO) that classify merchants by their purpose of business and are used “to determine interchange rates, assess transaction risks, and generally categorize payments.” The letter noted that according to ISO’s criteria, “a new MCC may be approved if (a) the merchant category is reasonable and substantially different from all other merchant categories currently represented in the list of code values; (b) the merchant category is separate and distinct from all other industries currently represented in the list of code values; (c) the proposal describes a merchant category or industry, and not a process; (d) the minimum annual sales volume of merchants included in the merchant category, taken as a whole is, US$10 million; and (e) sufficient justification for the addition of a new code is found.” The letter stated that a “new MCC code could make it easier for financial institutions to monitor certain types of suspicious activities including straw purchases and unlawful bulk purchases that could be used in the commission of domestic terrorist acts or gun trafficking schemes,” and could garner coordination between financial institutions and law enforcement to aid efforts across the federal government to identify and prevent illicit activity. The letters requested feedback to better understand the companies’ positions.
District Court says tech company not liable for app in crypto theft
On September 2, the U.S. District Court for the Northern District of California granted a defendant California tech company’s motion to dismiss a putative class action filed by users who claimed their cryptocurrency was stolen after they downloaded a “phishing” program that posed as a legitimate digital wallet. Plaintiffs alleged that the illegitimate app (developed by a third-party and not the defendant) caused them to lose thousands of dollars in cryptocurrency. Claiming that the app was a spoofing and phishing program that obtained consumers’ cryptocurrency account information and routed that information to hackers’ personal accounts, plaintiffs sued, asserting claims under the federal Computer Fraud and Abuse Act, Electronic Communications Privacy Act, California Consumer Privacy Act, California’s Unfair Competition Law, California Consumer Privacy Act, California Consumer Legal Remedies Act, Maryland Wiretap and Electronic Surveillance Act, Maryland Personal Information Protection Act, and Maryland Consumer Protection Act. The defendant moved to dismiss, arguing that it was immune from liability under § 230(c)(1) of the Communications Decency Act. The court agreed with the defendant, ruling that it is granted protection under the Act because it qualifies as an “interactive computer service provider” within the meaning of the statute, is treated as a publisher, and provides information from another information content provider. “Here, plaintiffs’ computer fraud and privacy claims are based on [defendant’s] reproduction of an app [] intended for public consumption, via the App Store,” the court wrote. “But, as [defendant] notes, its review and authorization of the [] app for distribution on the App Store is inherently publishing activity.” Moreover, the court concluded that, among other things, the defendant’s liability provision contained within its terms, which states that it is not liable for conduct of a third party, is valid and enforceable.
Pelosi cites preemption concerns in federal privacy bill
On September 1, Speaker of the House Nancy Pelosi (D-CA) released a statement commending the House Energy and Commerce Committee’s work on advancing the American Data Privacy and Protection Act (ADPPA) to the House floor (covered by InfoBytes here). However, Pelosi also recognized preemption concerns raised by the California governor, the California Privacy Protection Agency, and other top state leaders. “With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights,” Pelosi said. “California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians—and states must be allowed to address rapid changes in technology.” Praising measures in the ADPPA that would give consumers the right, for the first time, to seek damages in court for violations of their privacy rights, Pelosi said the House “will continue to work with Chairman Pallone to address California’s concerns.” As previously covered by InfoBytes, the ADPPA also received criticism from several state attorneys general who argued, among other things, that “Congress should adopt a federal baseline, and continue to allow states to make decisions about additional protections for consumers residing in their jurisdictions,” instead of preempting areas of state privacy regulation.
California bankruptcy court says a forbearance that modifies the original loan is subject to state usury laws in certain instances
Earlier this year, the United States Bankruptcy Court for the Northern District of California granted in part and denied in part cross-motions for summary judgment in an action concerning “piecemeal exemptions” to California’s usury law. Plaintiffs entered into a loan agreement secured by their residence carrying an interest rate of 11.3 percent and a default interest rate of 17.3 percent (plus late fees) with a then-unlicensed lender. They also signed a promissory note, which stated that should they fail to make a monthly payment within 10 days of the due date they would be assessed a late charge equal to 10 percent of the monthly payment. After plaintiffs struggled to make payments, the parties entered into an extension agreement to supplement and amend the original loan (but not replace it), which slightly lowered the initial interest rate but increased the monthly payments and default interest rate. The extension also included language adding a charge on the final balloon payment that was not part of the original loan. Plaintiffs again began to miss loan payments and sought to refinance the loan with a different lender. A payoff quote provided by the defendant included what was originally called a “prepayment penalty” but was later changed to represent a late charge on the principal balance in line with the extension.
Plaintiffs sued the defendant and related parties in state court, seeking damages and alleging claims related to breach of contract, fraud, and intentional interference. After the court denied plaintiffs’ motion for preliminary injunction, plaintiffs filed an appeal on the same day one of the plaintiffs filed for bankruptcy. The defendant eventually filed a motion for summary judgment on the claims in the amended complaint, whereas plaintiffs sought partial summary judgment on several new claims, including that (i) the extension violated state usury law; (ii) the defendant “demanded an illegal acceleration penalty” from plaintiffs; and (iii) the defendant illegally charged multiple late fees on a single loan payment.
In a case of first impression, the court held that under California law, a loan extension that modifies the original loan, including by extending the maturity date, is considered a forbearance subject to state usury laws because there was no other sale, lease, or other transaction involved. The court noted that the statute “provides a restricted definition of the term ‘arranged’ in relation to a forbearance,” and that it also “painstakingly sets forth the instances in which a forbearance negotiated by a real estate broker would be exempt under usury law: when that broker was previously involved in arranging the original loan and that loan was in connection with a sale, lease, or other transaction, or when that broker had previously arranged for the sale, lease or other transaction for compensation.” The court further stated that “[c]onspicuously absent from those instances is a scenario in which a forbearance is arranged on a simple loan of money secured by real estate, with no other sale, lease, or other transaction involved,” adding that it “cannot create an exemption here to save [the defendant].” In the subject transaction, the real estate broker involved when the original loan was made was not involved in the extension, the court said.
The court also held that the loan forbearance violated California usury laws although the original loan was exempt from usury laws, disagreeing with the defendant’s position that “an originally non-usurious transaction cannot be transformed into a usurious transaction at a later point.” The court pointed out the distinction in this case from others cited by the defendant, stating that the “difference between a non-usurious loan and a loan subject to an exemption is slight but distinct. . . . Once the exemption (no real estate broker involved) ceased to apply, the exemption disappeared, and the transaction became subject to the full consequences of the usury law.” Because the extension’s interest rate and default interest rate both violated state usury law, the defendant is entitled only to the principal balance of the extension minus the amount of usurious interest paid.
Additionally, the court determined that under California law, the liquidated damages provision of the loan extension was separate from the interest charged by the extension, and a late charge on top of a balloon payment under extension was an unenforceable penalty provision instead of a valid provision for liquidated damages. The court also declined to consider punitive or other damages and said it will make a determination in the future as to what the defendant is entitled to by way of reimbursements or costs, as well as any interest accrued and owed after the extension’s maturity date.
California broadens DFPI commissioner’s enforcement authority
On August 26, the California governor signed AB 2433, which broadens DFPI’s unlawful practices oversight and enforcement power over any person currently engaging in or having engaged in the past, in unlicensed activity. Among other things, the bill amends the DFPI commissioner’s enforcement of various laws, such as the California Commodity Law, Escrow Law, California Financing Law (CFL), Property Assessed Clean Energy (PACE), Student Loan Servicing Act, and California Residential Mortgage Lending Act. The bill establishes that the commissioner may act “upon having reasonable grounds to believe that a broker-dealer or investment advisor has conducted business in an unsafe or injurious manner.” The bill also permits the DFPI to “act upon having cause to believe that a licensee or other person has violated the CFL.” The CFL provides for the licensure and regulation of finance lenders, brokers, and specified program administrators by the Commissioner of Financial Protection and Innovation to issue a citation to the licensee or person and to assess an administrative fine, as specified, among other things. The CFL also regulates certain persons acting under the PACE program, including PACE solicitors and PACE solicitor agents. The new bill establishes that “if the commissioner, upon inspection, examination, or investigation, has cause to believe that a PACE solicitor or PACE solicitor agent is violating any provision of that law, or rule or order thereunder, the commissioner or their designee is required to exhaust a specified procedure before bringing an action.” Additionally, bill specifies that certain “procedures apply when the commissioner has cause to believe that a PACE solicitor or solicitor agent has violated any provision of that law or rule or order thereunder.” The bill also mentions the Student Loan Servicing Act, which “provides for the licensure, regulation, and oversight of student loan servicers by the commissioner,” and establishes that the commissioner is required, upon having reasonable grounds after investigation to believe that a licensee is conducting business in an unsafe or injurious manner, to direct, by written order, the discontinuance of the unsafe or injurious practices. This bill specifies “that these procedures also apply if, after investigation, the commissioner has reasonable grounds to believe that a licensee has conducted business in an unsafe or injurious manner.” The bill is effective immediately.
California issues remote work guidance to CFL licensees
On August 26, the California governor signed AB 2001, which amends the California Financing Law (CFL) regarding remote work. According to the bill, a licensee would be authorized “under the CFL to designate an employee, when acting within the scope of employment, to perform work on the licensee’s behalf at a remote location, as defined, if the licensee takes certain actions, including that the licensee prohibits a consumer’s personal information from being physically stored at a remote location except for storage on an encrypted device or encrypted media.” Currently, the CFL provides that a licensee cannot engage in loan business or administer a PACE program in any office, room, or place of business that any other business is solicited or engaged in, or in association or conjunction therewith, under certain circumstances. Additionally, “a finance lender, broker, mortgage loan originator, or program administrator licensee shall not transact the business licensed or make any loan or administer any PACE program provided for by this division under any other name or at any other place of business than that named in the license except pursuant to a currently effective written order of the commissioner authorizing the other name or other place of business.”
California fines cosmetics chain for privacy violations
On August 24, the California attorney general announced that following an investigative sweep into online retailers, it entered into a $1.2 million settlement with a cosmetics chain for its alleged failure to disclose to consumers that it was selling their personal information, failure to process user requests to opt-out of such sale via user-enabled global privacy controls, and failure to cure such violations within the 30-day period allowed by the California Consumer Privacy Act (CCPA). The action reaffirms the state’s commitment to enforcing the law and protecting consumers’ rights to fight commercial surveillance, AG Bonata said, emphasizing that “today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law. My office is watching, and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers, and process opt-out requests made via user-enabled global privacy controls.”
According to a complaint filed in California Superior Court, third parties monitored consumers’ purchases and created profiles to more effectively target potential customers. The company’s arrangement with these third parties constituted a sale of consumer personal information under the CCPA, therefore triggering certain basic obligations, including telling consumers that it is selling their information and allowing consumers to easily opt-out of the sale of their information. According to the complaint, the company failed to take any of these measures.
Under the terms of the settlement, the company is required to pay a $1.2 million penalty and must disclose to California customers that it sells their personal data and provide a mechanism for consumers to opt out of a sale of their information, including through user-enabled global privacy controls like the Global Privacy Control (GPC). Additionally, the company must ensure its service provider agreements meet CCPA requirements and provide reports to the AG related to its sale of personal information, the status of its service provider relationships, and its efforts to honor the GPC.
The press release also announced that notices were sent to several businesses alleging non-compliance concerning their failure to process consumer opt-out requests made via user-enabled global privacy controls. The AG reiterated that under the CCPA, “businesses must treat opt-out requests made by user-enabled global privacy controls the same as requests made by users who have clicked the “Do Not Sell My Personal Information” link. Businesses that received letters today have 30 days to cure the alleged violations or face enforcement action from the Attorney General.”
California appellate court overturns ruling for collector that stapled note to summons
On August 23, the California Sixth Appellate District overturned summary judgment in favor of a collector (defendant) that was sued for FDCPA and the Rosenthal Fair Debt Collection Practices Act violations. According to the court, the plaintiff incurred an unpaid medical debt, which was referred to the defendant for collection. The defendant sent the plaintiff eight letters; however, the plaintiff was allegedly not aware that the hospital assigned the debt to a debt collector and did not pay the debt. The defendant filed a collection suit against the plaintiff, seeking to recover the unpaid medical debt. The defendant stapled a typewritten note to the summons, which read, “If you have any questions regarding this matter, please contact: []” in English and Spanish. The plaintiff filed a complaint, accusing the defendant of violating the FDCPA and the Rosenthal Act, alleging that “it was unlawful for [the defendant] to send the attachment with the summons and the complaint because the attachment appeared to be a message from the court and did not contain language disclosing that it was sent by a debt collector.” The trial court granted the defendant’s motion for summary judgment, ruling that the communication was lawful, and denied the plaintiff’s cross-request for summary judgment.
On the appeal, the defendant argued that "the attachment is not a ‘communication’ within the meaning of either statute, on the theory that the attachment itself says nothing about the debt." However, the appellate court wrote that the note was not sent “in a vacuum: The attachment, summons, and complaint comprised a collection of documents delivered by a process server—personally to [the plaintiff’s] girlfriend and then by mail to [the plaintiff].” The appellate court further noted that the reference to “this matter” in the note “unmistakably signified the litigation initiated by the accompanying complaint pleading [the plaintiff’s] indebtedness and the amount and source of indebtedness in a common count cause of action.” With regard to whether the note was a communication in connection with the collection of a debt, the appellate court noted that it “fail[ed] to conceive of any subject other than debt collection [the defendant] might think the communication was in connection with. The message in the attachment refers to the existence of a debt, conveys information regarding the debt, and serves the purpose of debt collection by enticing the recipient to contact the debt collector.” The appellate court concluded that “[b]y omitting the mandatory disclosure that this attachment was from [the defendant], a debt collector, [the defendant] made it reasonably likely that the least sophisticated consumer would believe the suggestion to call [the defendant] was from the court that issued the summons to which the suggestion was affixed. [The defendant’s] communication was therefore deceptive.”
DFPI orders crypto lender to cease offering unqualified securities
On August 8, the California Department of Financial Protection and Innovation (DFPI) issued a desist and refrain order to a now-bankrupt cryptocurrency lender and its CEO after determining that the company allegedly made material misrepresentations and omissions in the offering of crypto interest accounts, particularly with respect to understating the risks of depositing digital assets with the company. According to DFPI, since June 2018, the company funded part of its lending operations and proprietary trading through the sale of unqualified securities in the form of digital asset interest-earning accounts known as “Earn Rewards” accounts. DFPI found that the company allegedly offered these accounts to consumers without first qualifying them as securities in compliance with California’s Corporate Securities Law. Additionally, DFPI contended that the company failed to fully disclose material aspects of its business and Earn Rewards accounts, and claimed that the CEO failed to disclose material aspects of the company’s business, made materially misleading statements, or omitted material facts necessary to ensure the statements were not misleading. In June, the company suspended the fulfillment of customer withdrawals from its crypto interest accounts and filed for Chapter 11 bankruptcy reorganization on July 13.
DFPI ordered the company and CEO to desist and refrain from further offers and sale of securities in California, including but not limited to the Earn Rewards accounts, unless such sale has been qualified under California law or unless the security or transaction is exempt from qualification. The company and CEO were also both ordered to desist and refrain from offering securities in California by means of untrue statements of material fact or omissions of material fact.