Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • State AGs announce settlement to resolve alleged data security breach

    Privacy, Cyber Risk & Data Security

    On July 26, a coalition of state attorneys general, co-led by the New Jersey AG and Pennsylvania AG, announced a settlement with a Pennsylvania-based convenience store chain related to an alleged data breach that compromised payment cards of consumers. According to the Assurance of Voluntary Compliance, the company experienced a breach of security between April 2019 and December 2019 that exposed consumer payment card data, including customers’ card numbers, expiration dates and cardholder names in New Jersey, Pennsylvania, Florida, Delaware, Maryland, and Virginia, as well as Washington, D.C. The AGs alleged that the company “failed to employ reasonable data security measures,” in violation of the states’ Consumer Protection Acts and Personal Information Protection Acts. Under the terms of the settlement, the company—without admitting to the allegations—has agreed to pay an $8 million fine, of which New Jersey is to receive approximately $2.5 million. The settlement also requires the company to strengthen its network protections and take measures to better protect consumer payment data.

    Privacy, Cyber Risk & Data Security State Attorney General State Issues New Jersey Pennsylvania Data Breach Settlement

    Share page with AddThis
  • New Jersey warns licensed “teams” about violating state real estate statute

    On July 12, the New Jersey Department of Banking and Insurance issued Bulletin No. 22-07 to remind real estate licensees (particularly licensees operating as a “team”), and brokers of record who are responsible for managing and supervising teams, of the requirement to ensure compliance with the Real Estate Broker and Salesperson Act and related regulations. Explaining that real estate “teams” are a growing trend in the industry, the Bulletin warned that while a team may “appear to operate independent of the brokerage firm through which they are licensed,” the team is not actually a separate brokerage, and “teams, their team leaders, team members and their supervising brokers must comply with the act and regulations.” The Bulletin continued that “[l]icensees can only accept compensation, including commissions, from their employing broker, and not a member of their team or their team leader. . . . Further, teams may not operate out of a separate, satellite office, unless such location is properly licensed with the New Jersey Real Estate Commission and maintained and supervised in accordance with the act and regulations.” The Bulletin also addressed advertising and webpage requirements for licensees.

    Licensees who fail to comply with the regulations may be subject to fines, potential license suspension or revocation. Brokers who fail to supervise licensees or team members are subject to these penalties as well.

    Licensing State Issues New Jersey Mortgages State Regulators

    Share page with AddThis
  • N.J. appeals court says debt collector may file suit during the pandemic


    On June 29, the Superior Court of New Jersey, Appellate Division affirmed a lower court’s granting of summary judgment in favor of a plaintiff debt collector in an action over whether a suit could be filed during the Covid-19 pandemic despite a clause in an agreement with the original creditor that barred collection actions in a disaster area. According to the opinion, the plaintiff purchased a portfolio of debts, including two credit card debts owned by the individual defendant. The plaintiff sued the defendant after attempts to collect on the debts were unsuccessful. The defendant filed a third-party complaint against the plaintiff asserting counterclaims accusing the plaintiff of violating the FDCPA, and stating that collection agencies were barred by an executive order that allegedly prohibited the initiation and adjudication of debt collection matters during the pandemic. A lower court granted the plaintiff’s motion for summary judgment, after finding no genuine issue of material fact which would prevent summary judgment in favor of the plaintiff. Specifically, the lower court “found that plaintiff provided sufficient, credible evidence in the record that established the nexus between the accounts and defendant,” and “also found the executive order and FDCPA argument meritless,” as “no directive existed that prevented agencies from initiating debt collection matters during the COVID-19 pandemic.” The defendant appealed.

    On appeal, the defendant argued, among other things, that the lower court had “improperly relied on inadmissible hearsay documents” and erred in finding the executive order and FDCPA inapplicable. The defendant referred to a clause in an agreement she had with the original creditor, which said: “Without limiting the foregoing, [plaintiff] further represents and warrants that it shall: . . . (x) upon declaration by [the Federal Emergency Management Agency] or any appropriate local, state or federal agency that a location is a disaster area, [plaintiff] agrees to temporarily suspend its collection activities within said area until such time as is reasonable and practicable.” The appeals court agreed with the lower court’s reasoning, and called the defendant’s argument “baseless.” According to the appeals court, the defendant “failed to present evidence that an executive order prohibited the commencement and adjudication of debt collection matters during a state emergency related to the COVID-19 pandemic” and failed to establish “that there is a contractual bar to plaintiff filing a debt collection suit in a disaster area.”

    Courts State Issues Debt Collection FDCPA Consumer Finance Covid-19 Appellate New Jersey

    Share page with AddThis
  • 3rd Circuit affirms decision that creditors can collect after issuing 1099-C notice


    On June 14, the U.S. Court of Appeals for the Third Circuit affirmed a district court’s dismissal of a class action alleging a national bank (defendant) violated state laws in New Jersey by attempting to collect on a debt after it had issued a 1099-C notice to the plaintiff to cover the debt that was discharged. According to the opinion, the defendant obtained a judgment against the plaintiff and his wife for an unpaid debt, which the plaintiff did not satisfy. The defendant issued an IRS 1099-C form to the plaintiffs, indicating that $199,427.80 of the $244,248.49 was discharged. After issuing the 1099-C, the defendant notified the plaintiff that such filing had not caused the defendant to release the judgment and that the plaintiff needed to either pay the judgment or reach a settlement. The plaintiff sued, alleging the defendant violated the New Jersey Consumer Fraud Act and other state laws based on defendant’s issuance of a 1099-C IRS Form for cancellation of debt. The district court granted a motion to dismiss filed by the defendant, which the plaintiff appealed.

    On appeal, the plaintiff argued the creditors should not send 1099-C notices unless the debt has actually been canceled, and that sending such a notice while still intending to collect on the debt constitutes an “unlawful practice.” The 3rd Circuit disagreed, holding that the text of the governing IRS regulation, 26 C.F.R. § 1.650P-1(a)(1), indicates that “the filing of a Form 1099-C is a reporting requirement that does not depend on whether the debt has been ‘actually discharged,’ or the debtor has actually been released from his obligations on the underlying debt.” The appellate court further noted that “[t]he satisfaction of this reporting requirement, additionally, does not operate to forgive or extinguish a debtor’s obligations to repay the debt at issue.”

    Courts Appellate Third Circuit IRS Consumer Finance State Issues New Jersey

    Share page with AddThis
  • New Jersey Superior Court grants summary judgment in favor of debt buyer


    On January 21, the Superior Court of New Jersey granted a defendant debt buyer’s cross-motion for summary judgment following the Appellate Division’s partial remand. The plaintiff filed a proposed class action lawsuit in 2017, claiming that the defendant violated the New Jersey Consumer Fraud Act (CFA) by unlawfully acquiring defaulted credit card accounts without obtaining a license to engage as a sales finance company or a consumer lender. The case was dismissed, but later partially remanded on appeal. The Superior Court struck the portion of the complaint alleging class claims and focused on the remaining individual claim concerning the plaintiff’s account. The Superior Court ultimately determined that the plaintiff’s CFA claim failed because the alleged conduct did not rise “to the level of deception, fraud, or misrepresentation in connection with the sale of merchandise or services” required for a claim under CFA. According to the Superior Court, the CFA requires that claimants show an ascertainable loss. The plaintiff’s claim that she suffered a loss by paying the defendant rather than the bank that originally extended the credit was not convincing, the Superior Court stated. The plaintiff admitted “that after the [account] was sold to Defendant, [the bank] did not seek payment of the credit card account. Thus, the record establishes that Plaintiff has not suffered any harm. Without an ascertainable loss, Plaintiff’s CFA claim fails,” the decision said. The Superior Court also disagreed with the plaintiff’s assertion that the defendant was required to obtain a consumer lending license under the New Jersey Consumer Finance Licensing Act. Noting that the defendant is a debt buyer and not a consumer lender, the Superior Court held that the defendant was not required to be licensed.

    Courts Debt Buyer State Issues New Jersey Debt Collection Licensing

    Share page with AddThis
  • New Jersey settles CFA and HIPAA matter with fertility clinic

    State Issues

    On October 12, the New Jersey attorney general and the Division of Consumer Affairs announced an action against a healthcare provider alleging that the defendant violated the New Jersey Consumer Fraud Act, the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, and the HIPAA Security Rule by removing administrative and technological safeguards for protected health information (PHI) and electronic PHI (ePHI). The settlement resolves allegations that the defendant’s data breach allowed instances, between August 2016 and January 2017, of unauthorized access to the defendant’s network, which permitted at least one intruder to access consumer ePHI. Among other things, the defendant’s alleged violations include failing to: (i) ensure the confidentiality, integrity, and availability of ePHI; (ii) implement a mechanism to encrypt ePHI; (iii) review and modify security measures; (iv) implement proper procedures for creating, changing, and safeguarding passwords; and (v) implement verification procedures. According to the consent order, the defendant must pay $412,300 in civil penalties and $82,700 in investigative costs and attorney fees. The defendant is also required to implement extensive reforms to its data security system and encryption protocols to protect clients' PHI and prevent future breaches.

    State Issues New Jersey Privacy/Cyber Risk & Data Security State Attorney General Data Breach Consumer Protection

    Share page with AddThis
  • New Jersey, Texas flag company for crypto practices

    State Issues

    On September 17, the New Jersey Bureau of Securities (Bureau) announced a cease and desist order against a blockchain-based marketplace company for allegedly selling unregistered securities in the form of interest-earning crypto-asset accounts that raised approximately $14 billion. According to the Bureau, the company funded its cryptocurrency lending operations and proprietary trading partially through unregistered securities sales, in violation of the New Jersey Securities Law. The company allegedly solicited investments by depositing certain eligible cryptocurrencies into investors’ accounts at the company and pooling these cryptocurrencies together to fund its income generating activities, including lending and trading operations. According to the order, the company’s website fails to disclose that its product is not currently registered with any federal or state securities regulator, even though it is subject to such requirements. The Bureau also notes that this is the “second time in less than two months that the Bureau has taken action against a cryptocurrency firm for selling unregistered securities in New Jersey.” (Covered by InfoBytes here.)

    The same day, the Texas State Securities Board issued a notice of hearing to determine whether to issue a proposal for decision for the entry of a cease and desist order against the company for allegedly violating the Securities Act by offering and selling securities in Texas without being registered as dealers or agents, among other things.

    State Issues Digital Assets New Jersey Texas Securities Cryptocurrency State Regulators Enforcement Fintech

    Share page with AddThis
  • DOJ settles SCRA violations with New Jersey student lending authority

    Federal Issues

    On September 20, the DOJ announced a settlement with a New Jersey’s student lending authority, resolving allegations that the authority obtained unlawful court judgments in violation of the Servicemembers Civil Relief Act (SCRA) against two military servicemembers who co-signed student loans . According to the press release, the DOJ launched an investigation into the authority after receiving a report from the Coast Guard that the authority obtained a default judgment in 2019 against a Coast Guard petty officer who co-signed on behalf of the two student loans. The complaint, filed by the DOJ in the U.S. District Court for the District of New Jersey, states that the authority “obtained default judgments against two SCRA-protected servicemembers” by failing “to file true and accurate affidavits indicating the military status of [the two service servicemembers].” According to the DOJ, lenders can verify an individual’s military status by utilizing a defense data center’s free and public website, or by reviewing their files to confirm military status. The authority allegedly filed affidavits in state court that inaccurately stated that the servicemembers were not in military service, even though the authority had conducted searches in the defense data center’s website that confirmed that the individuals were active military servicemembers.

    The settlement notes that the authority must pay $15,000 each to the two servicemembers who had default judgments entered against them, and must pay a $20,000 civil penalty. Among other things, the settlement also requires the authority to provide compliance training to its employees and to develop new policies and procedures consistent with the SCRA. The settlement also notes that the authority, since the opening of the investigation, has been fully cooperative and has “taken steps to improve its compliance with the SCRA.” 

    Federal Issues DOJ SCRA Military Lending New Jersey Student Lending Courts Enforcement Servicemembers

    Share page with AddThis
  • New Jersey orders company to stop selling unregistered securities


    On July 19, the New Jersey Bureau of Securities (Bureau) announced a cease and desist order against a financial services company for allegedly selling unregistered securities in the form of interest-earning cryptocurrency accounts and failing to explain to investors that the accounts were not licensed in New Jersey. According to the order, the company has been funding its lending operations and proprietary trading business since 2019 by selling interest-bearing cryptocurrency accounts that are not protected by or registered with any federal or state securities regulator. The order notes that the company “held the equivalent of $14.7 billion from the sale of these unregistered securities in violation of the Securities Law.” In addition, the order, which become effective July 22, requires the company to stop selling any unregistered security or violating any securities law. According to the Bureau, the recent action “comes amid rising concerns over the proliferation of decentralized finance platforms like [the company] that seek to reinvent traditional financial systems such as banks and brokerages for digital asset investors,” and that “[u]nlike traditional, regulated banks and brokerage firms, however, investors’ losses are not insured against or protected by the Federal Deposit Insurance Corporation or Securities Investor Protection Corporation.”

    Securities Digital Assets State Issues New Jersey Cease and Desist Cryptocurrency

    Share page with AddThis
  • New Jersey stops accepting temporary insurance producer applications

    State Issues

    On January 21 the New Jersey Commissioner of Banking and Insurance issued Bulletin No. 21-02 declaring that the department will no longer accept temporary insurance producer applications after January 31 because remote producer examinations are now available. Temporary licenses previously issued will remain in force subject to certain conditions set forth in the bulletin.

    State Issues Covid-19 New Jersey Insurance Examination

    Share page with AddThis