InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI says escrow trust accounts are not stored value under MTA
The California Department of Financial Protection and Innovation recently released a new opinion letter covering aspects of the California Money Transmission Act (MTA) and the Escrow Act related to persons engaging in business as an escrow agency within the state. The redacted opinion letter examines a request from the inquiring company for confirmation that it does not require either an internet escrow agent license or a money transmitter license in the state of California in connection with its proposed business model (details on the model have been omitted). DFPI responded that under the Escrow Law, “it is unlawful for any person to engage in business as an escrow agent within this state except by means of a corporation duly organized for that purpose licensed by the commissioner as an escrow agent.” The definition of an “internet escrow agent,” DFPI explained, was added to Financial Code section 17003, subdivision (b) to mean “any person engaged in the business of receiving escrows for deposit or delivery over the Internet.” DFPI concluded that based on the facts asserted within the request, the inquiring company has not demonstrated that its proposed model is exempt from the Escrow Law.
DFPI further considered whether the inquiring company’s proposed model meets the definition of stored value under the MTA, and whether it qualifies for several exemptions under the statute. DFPI explained that the transactions under consideration are not considered “stored value under the definition in Financial Code section 2003, subdivision (x), because they do not represent a claim against the issuer; rather, the money comes under [the inquiring company’s] possession and control and therefore must be placed in an escrow trust account. “An escrow trust account is not the same as stored value,” DFPI said, adding that since the transaction is not stored value, it is unnecessary to address the remaining arguments regarding the MTA.
FDIC announces California and Tennessee disaster relief
On April 13, the FDIC issued FIL-15-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of California affected by severe winter storms, straight-line winds, flooding, landslides, and mudslides that began February 21 and continue to affect the region. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructs institutions to contact the San Francisco Regional Office for consideration. The same day, the FDIC issued FIL-16-2023 to provide similar regulatory relief to financial institutions and help facilitate recovery in areas of Tennessee affected by severe storms, straight-line winds, and tornadoes between March 31 and April 1.
California joins multistate settlement with securities brokerage
On April 6, the California Department of Financial Protection and Innovation (DFPI) joined a multi-state settlement with a securities brokerage company stemming from an investigation spearheaded by state securities regulators from Alabama, Colorado, California, Delaware, New Jersey, South Dakota, and Texas relating to certain alleged operational and technical failures. According to DFPI, the investigation was triggered by a March 2020 incident in which the brokerage company experienced several platform outages during a period in which hundreds of thousands of investors relied on the company’s app to make trades, thus preventing some users from being able to process trades. The settlement order sets out multiple alleged violations by the brokerage company, including negligently disseminating inaccurate information to customers, failing to have a “reasonably designed customer identification program,” inadequately supervising critical technology, having a deficient system for dealing with customer inquiries, failing to exercise due diligence before approving certain option accounts, and failing to report all customer complaints to FINRA and state securities regulators.
While the company neither admitted nor denied the findings, it agreed to pay up to $10.2 million in penalties and will continue to implement recommendations to address the alleged misconduct. DFPI noted in its announcement that it “found no evidence of willful or fraudulent conduct” by the company, and said the company fully cooperated with the investigation.
California OAL approves CCPA regulations
On March 30, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law (OAL) approved the agency’s first substantive rulemaking package for implementing the California Consumer Privacy Act (CCPA). The approved regulations are effective immediately. The CPPA noted that the approved regulations update existing CCPA regulations to harmonize them with amendments adopted under the California Privacy Rights Act (CPRA), which was approved by ballot measure in November 2020 to amend and build on the CCPA. In February, the CPPA voted unanimously to adopt and approve the regulations, which have not been substantively changed since the CPPA voted on modifications last year (covered by InfoBytes here). The final regulations and supporting materials are now available on the CPPA’s website.
The CPPA has already begun additional rulemaking. The agency issued a preliminary request for comments on cybersecurity audits, risk assessments, and automated decision-making to inform future rulemaking in February. Comments were due at the end of March.
Crypto lender to provide refunds to Californians
On March 27, the California Department of Financial Protection and Innovation (DFPI) announced that a New Jersey-based crypto lending platform has agreed to provide more than $100,000 in refunds to California residents. The refunds, subject to bankruptcy court approval, stem from the lender’s conduct following the collapse of a major crypto exchange last November. As previously covered by InfoBytes, in December, DFPI moved to revoke the lender’s California Financing Law license following an examination, which found that the lender “failed to perform adequate underwriting when making loans and failed to consider borrowers’ ability to repay these loans, in violation of California’s financing laws and regulations.” At the time the lender announced it was limiting platform activity and pausing client withdrawals. The lender eventually filed a petition for chapter 11 bankruptcy. An investigation also revealed that due to the lender’s failure to timely notify borrowers that they could stop repaying their loans, borrowers remitted at least $103,471 in loan repayments to the lender’s servicer while they were unable to withdraw funds and collateral from the platform. A hearing on the lender’s petition to direct its servicer to return borrowers’ loan repayments is scheduled for April 19.
The lender agreed to an interim suspension of its lending license while the bankruptcy and revocation actions are pending. It also agreed to a final order to discontinue unsafe or injurious practices, as well as a desist and refrain order. Among other things, the lender has agreed to continue to direct its agents to pause collection of repayments on loans belonging to California residents while its license is suspended (including turning off autopay), will continue to set interest rates to 0 percent, and continue to not levy any late fees associated with any payments or report any loans that became delinquent or defaulted on or after November 11, 2022, to credit reporting agencies while the bankruptcy and revocation actions are pending.
DFPI releases more proposed CCFPL modifications on complaints and inquiries
On March 23, the California Department of Financial Protection and Innovation (DFPI or the Department) released a second round of modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to consumer complaints and inquiries. As previously covered by InfoBytes, DFPI issued a notice of proposed rulemaking (NPRM) last May to implement Section 90008 subdivisions (a) (b), and (d)(2)(D) of the CCFPL. Subdivisions (a) and (b) authorize the DFPI to promulgate rules establishing reasonable procedures for covered persons to provide timely responses to consumers and the DFPI concerning consumer complaints and inquiries, and subdivision (d)(2)(D) permits covered persons to withhold certain non-public or confidential information when responding to consumer inquiries. The first round of proposed modifications to the NPRM was released in December (covered by InfoBytes here).
DFPI considered comments received on the initially proposed text and the proposed modifications and is now proposing the following additional changes:
- Applicability. The proposed modifications clarify that Sections 1072, 1073, and 1074 apply only to covered persons required to be licensed by the DFPI or registered with the DFPI “pursuant to Financial Code sections 90009 and 90009.5, including any rules promulgated thereunder.”
- Amended definitions. The proposed modifications add an additional exclusion from the definition of “complaint[,]” excluding a “notice of error filed with a remittance transfer provider.” “Complainant” is amended to clarify that it does not include individuals who are not residents of California at the time “the act, omission, decision, condition, or policy giving rise to the complaint was applied to the consumer.”
- Complaint processes and procedures. Among other things, the proposed modifications add requirements that (i) covered persons issue initial and annual disclosures to California residents that include the procedures for filing a complaint; (ii) the main home page or main contact page include the set hours a live representative is normally available to accept oral complaints; (iii) all written communications—not just the final decision—related to a complaint must be submitted in the language in which the contract was negotiated; and (iv) make changes to DFPI’s annual complaint report requirements, including a new category related to nuisance complaints.
Comments are due April 7.
CFPB: TILA does not preempt state commercial financial disclosures
On March 28, the CFPB issued a determination that state disclosure laws covering lending to businesses in California, New York, Utah, and Virginia are not preempted by TILA. The preemption determination confirms a preliminary determination issued by the Bureau in December, in which the agency concluded that the states’ statutes regulate commercial financing transactions and not consumer-purpose transactions (covered by InfoBytes here). The Bureau explained that a number of states have recently enacted laws requiring improved disclosure of information contained in commercial financing transactions, including loans to small businesses. A written request was sent to the Bureau requesting a preemption determination involving certain disclosure provisions in TILA. While Congress expressly granted the Bureau authority to evaluate whether any inconsistencies exist between certain TILA provisions and state laws and to make a preemption determination, the statute’s implementing regulations require the agency to request public comments before making a final determination. In making its preliminary determination last December, the Bureau concluded that the state and federal laws do not appear “contradictory” for preemption purposes, and that “differences between the New York and Federal disclosure requirements do not frustrate these purposes because lenders are not required to provide the New York disclosures to consumers seeking consumer credit.”
After considering public comments following the preliminary determination, the Bureau again concluded that “[s]tates have broad authority to establish their own protections for their residents, both within and outside the scope of [TILA].” In affirming that the states’ commercial financing disclosure laws do not conflict with TILA, the Bureau emphasized that “commercial financing transactions to businesses—and any disclosures associated with such transactions—are beyond the scope of TILA’s statutory purposes, which concern consumer credit.”
DFPI clarifies licensing provisions for several state laws
The California Department of Financial Protection and Innovation (DFPI) recently filed a notice of proposed rulemaking with the Office of Administrative Law, seeking to add several sections to Title 10, Chapter 3 of the California Code of Regulations relating to the California Consumer Financial Protection Law (CCFPL), the California Financing Law (CFL), the California Deferred Deposit Transaction Law (CDDTL), and the California Student Loan Servicing Act (SLSA). (See also DFPI initial state of reasons here.) Among other things, the proposed regulations provide specific registration requirements for covered persons under the CCFPL and outline requirements for exemption from registration under the CCFPL for licensees under the CFL, CDDTL, and SLSA.
According to DFPI’s notice, the CCFPL grants the Department authority to require covered persons engaged in the business of offering and providing a consumer financial product or service to be registered but does not specify requirements for registration. The proposed regulations clarify these requirements, which include establishing an application process, outlining fees, and specifying persons and conditions for exemption. The proposed regulations also establish annual reporting requirements for filing reports with DFPI. The Department explained that “[e]xisting law exempts from CCFPL registration certain licensees who provide consumer financial products or services ‘within the scope of’ their licenses issued under other Department laws.” The proposed regulations clarify the meaning of “within the scope of” and specify that licensees under the CFL and the CDDTL are exempt from registering under the CCFPL. “[E]xempt licensees who provide products or services that would otherwise be subject to registration under the CCFPL [are required] to submit supplemental information on these activities in their annual reports required under their license,” DFPI explained.
With respect to the SLSA, DFPI noted that “[a]lthough an SLSA license does not confer upon a licensee the authority to originate financing within the scope of their license, the regulations exempt SLSA licensees from registration requirements for education financing when they meet specified requirements.”
The proposed regulations also clarify the applicability of the CFL to certain activities, by, among other things, providing that “an advance of funds to be repaid from a consumer’s future earned or unearned pay is a loan subject to the CFL” and that “providers of income-based advances and education financing who are registered under the CCFPL and whose charges do not exceed the charges permitted under the CFL” are exempt from licensure under the CFL. The proposed regulations also clarify provisions relating to collecting loan payments, monthly subscription fees, and loan contracts.
Comments on the proposed regulations are due May 17.
District Court approves $1.75 million data breach settlement
On March 3, the U.S. District Court for the Central District of California granted final approval of a $1.75 million class action settlement resolving allegations related to a 2020 data breach that compromised nearly 100,000 individuals’ personally identifiable information, including financial information, social security numbers, health records, and other personal data. The affected individuals are students, parents, and guardians who were enrolled in a system used to manage student data in a California school district. According to class members, by failing to adequately safeguard users’ login credentials and by failing to timely notify individuals of the breach, the company violated, among other things, California’s unfair competition law, the California Customer Records Act, and the California Consumer Privacy Act.
Under the terms of the settlement, the company is required to pay a non-reversionary settlement amount of $1.75 million, which will be used to compensate class members and pay for attorney fees and costs, service awards, and administrative expenses. Additionally, as outlined in the motion for preliminary approval of the class action settlement, class members are eligible to submit claims for “ordinary losses” (capped at $1,000 per person), as well as “extraordinary losses” (capped at $10,000 per person). Ordinary losses include expenses such as bank fees, long distance phone charges, certain cell phone charges, postage, gasoline for local travel, “[f]ees for additional credit reports, credit monitoring, or other identity theft insurance products,” and up to 40 hours of time, at $25/hour, for at least one full hour used to deal with the data breach. Extraordinary losses are described as those “arising from financial fraud or identity theft” where the “loss is an actual, documented, and unreimbursed monetary loss” and is “fairly traceable to the data breach” and not already covered by another reimbursement category. Class members must also show that they made “reasonable efforts to avoid, or seek reimbursement for, the loss.” All class members will be offered 12 months of credit monitoring and identity theft protection at no cost, and the company will implement “information security enhancements” to prevent future occurrences.
Biden administration urges states to join fee crack down
On March 8, the Biden administration convened a gathering of state legislative leaders to hold discussions about so-called “junk fees”—described as the “unnecessary, unavoidable, or surprise charges” that obscure true prices and are often not disclosed upfront. While the announcement acknowledged actions taken by federal agencies over the past few years to crack down on these fees, the administration recognized the role states play in advancing this effort. The Guide for States: Cracking Down on Junk Fees to Lower Costs for Consumers outlined actions states can take to address these fees, and provided several examples of alleged junk fees, including hotel resort fees, debt settlement fees, event ticketing fees, rental car and car purchase fees, and cable and internet fees. The guide also highlighted “the banking industry’s excessive and unfair reliance on banking junk fees.” The administration pointed out that a number of businesses have changed their policies in response to the increased scrutiny of junk fees and said several banks have ended fees for overdraft protection. The same day, the CFPB released a new Supervisory Highlights, which focused on junk fees uncovered in deposit accounts and the auto, mortgage, student, and payday loan servicing markets (covered by InfoBytes here).
Additionally, HUD Secretary Marcia L. Fudge published an open letter to the housing industry and state and local governments, encouraging them to “limit and better disclose fees charged to renters in advance of and during tenancy.” Fudge noted that “actions should aim to promote fairness and transparency for renters while ensuring that fees charged to renters reflect the actual and legitimate costs to housing providers.”
California Attorney General Rob Bonta also issued a statement responding to the administration’s call to end junk fees. “Transparency and full disclosure in pricing are crucial for fair competition and consumer protection,” Bonta said, explaining that in February the state senate introduced legislation (see SB 478) to prohibit the practice of hiding mandatory fees.