Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Utah enacts financial institution provisions

    State Issues

    On March 24, the Utah governor signed SB 183 into law, which amends the state’s provisions related to financial institutions. Among other things, the bill: (i) modifies the definition of “control” for purposes of the Financial Institutions Act and provides penalties for failure to comply with registration and disclosure requirements. Additionally, the bill enacts the Commercial Financing Registration and Disclosure Act, which requires individuals who provide certain commercial financing products to register with the Department of Financial Institutions and make certain disclosures in connection with each commercial financing product.

    State Issues Utah State Legislation Commercial Finance Disclosures

    Share page with AddThis
  • Arizona and Utah modify various licensing provisions

    On March 24, the Arizona governor signed HB 2612, which eliminates requirements for there to be a finding on whether an applicant is law abiding, honest, trustworthy, and of good moral character in order to be eligible for a license, permit, or certification. This applies to bank or in-state financial institution acquisitions, banking, consumer lenders, trust companies, escrow agents, mortgage brokers, mortgage bankers, commercial mortgage brokers, loan originators, financial institution holding companies, premium finance companies, real estate appraisers and appraisal management companies, among others. The bill also makes other technical and conforming changes and takes effect 90 days after adjournment of the legislature.

    Earlier, on March 23, the Utah governor signed HB 69, which modifies various licensing provisions under the state’s Residential Mortgage Practices and Licensing Act. The bill also makes various amendments under the Real Estate Licensing and Practices Act related to licensing, fees, and disciplinary actions. Among other things, the bill amends the general qualifications of licensure to make residential mortgage loans, including provisions related to mandatory education requirements for both state applicants and applicants licensed in other states and criminal background checks. Specifically, the bill removes a provision that states a “license is immediately and automatically revoked if the criminal background check discloses the applicant fails to accurately disclose a criminal history involving: (A) the real estate industry; or (B) a felony conviction on the basis of an allegation of fraud, misrepresentation, or deceit.” Additional amendments authorize the commission to impose sanctions against licensees and unregistered persons that were found to be in violation of a provision of the act; discuss the process for filing a written request for the vacation of a license revocation; address pending transactions should the death of a principal broker occur; and remove provisions regarding the payment of certain expenses and costs. The bill takes effect 60 days after adjournment of the legislature.

    Licensing State Issues State Legislation Utah Arizona Mortgages

    Share page with AddThis
  • Utah becomes fourth state to enact comprehensive privacy legislation

    Privacy, Cyber Risk & Data Security

    On March 24, the Utah governor enacted the Utah Consumer Privacy Act (UCPA), which establishes a framework for controlling and processing consumers’ personal data in the state. Utah is now the fourth state in the nation to enact comprehensive consumer privacy measures, following California, Colorado, and Virginia (covered by Buckley Special Alerts here and here and InfoBytes here). As previously covered by InfoBytes, under the UCPA, consumers will have rights to, among other things (i) confirm whether their personal data is being processed and access their data; (ii) delete their data; (iii) obtain a copy of their previously provided data; and (iv) opt out of the processing of their data for targeted advertising and the sale of their data. The UCPA also outlines data controller responsibilities, including a requirement that data processors must adhere to a controller’s instructions and enter into a contract with clearly specified instructions for processing personal data. The UCPA also requires controllers to provide privacy notices to consumers disclosing certain information regarding data collection and sharing practices. While the UCPA explicitly prohibits its use as the basis for a private right of action, it does grant the state attorney general excusive authority to enforce the law and seek penalties of up to $7,500 per violation. Additionally, upon discovering a potential violation of the UCPA, the attorney general must give the controller or processor written notice and 30 days to cure the alleged violation before the attorney general can file suit. The UCPA takes effect December 31, 2023.

    Privacy/Cyber Risk & Data Security State Issues State Legislation Utah Consumer Protection

    Share page with AddThis
  • Utah legislature passes privacy bill

    Privacy, Cyber Risk & Data Security

    Recently, the Utah legislature passed SB 227, which would enact the Utah Consumer Privacy Act and establish a framework for controlling and processing consumers’ personal data in the state. (See also senate and house approved amendments here.) Highlights of the bill include:

    • Applicability. The bill will apply to a controller that conducts business in the state or produces products or services for consumer residents that also “has annual revenue of $25,000,000 or more” and “controls or processes personal data of 100,000 or more consumers” or “derives over 50% of the entity’s gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more consumers.” Certain entities are exempt from the bill’s requirements, including governmental entities and third parties under contract with a governmental entity that acts on behalf of that entity; tribes; institutions of higher education; nonprofits; certain types of health information subject to federal health privacy laws; consumer reporting agencies, furnishers, and consumer report users of information involving personal data bearing on a consumer’s credit; financial institutions and affiliates subject to federal privacy disclosure requirements; personal data regulated by certain federal regulations; and air carriers. Additionally, a controller will be considered to be in compliance with the bill’s parental consent obligations provided it complies with verifiable parental consent mechanisms under the Children’s Online Privacy Protection Act.
    • Consumer rights. Under the bill, consumers will be able to, among other things (i) confirm whether their personal data is being processed and access their data; (ii) delete their data; (iii) obtain a copy of their previously provided data; and (iv) opt out of the processing of their data for targeted advertising and the sale of their data.
    • Controllers’ and processors’ responsibilities. Under the bill, data controllers will be responsible for responding to consumers’ requests within 45 days (an additional 45-day extension may be requested under certain circumstances). Responses to consumers’ requests must be provided free of charge, “unless the request is the consumer’s second or subsequent request during the same 12-month period.” Data processors must adhere to a controller’s instructions and enter into a contract with clearly specified instructions for processing personal data. The bill also requires controllers to provide privacy notices to consumers disclosing certain information regarding data collection and sharing practices (including sharing with third parties), and if the controller sells a consumer’s personal data to third parties or engages in targeted advertising, the controller must disclose how consumers may exercise their rights under the bill. Controllers also will be prohibited from processing sensitive personal data without first presenting a consumer with the opportunity to opt out. The bill further specifies requirements for processing deidentified data or pseudonymous data.
    • Private right of action and state attorney general enforcement. The bill explicitly prohibits a private right of action. Instead, it gives the Division of Consumer Protection investigative power and grants the state attorney general excusive authority to enforce the law and seek penalties of up to $7,500 per violation. The attorney general may also recover reasonable investigation and litigation expenses.
    • Right to cure. Upon discovering a potential violation of the bill, the attorney general must give the controller or processor written notice. The controller or processor then has 30 days to cure the alleged violation before the attorney general can file suit.

    If enacted in its current form, the bill would take effect December 31, 2023. 

    Privacy/Cyber Risk & Data Security State Issues State Legislation Consumer Protection Utah

    Share page with AddThis
  • FTC hits investment scheme with $111 million judgment

    Federal Issues

    On February 16, the FTC and the Utah Division of Consumer Protection reached a settlement in an action taken against a Utah-based company and its affiliates (collectively, “defendants”) for allegedly using deceptive marketing to persuade consumers to attend real estate events costing thousands of dollars. As previously covered by InfoBytes, the FTC and the Utah Division of Consumer Protection claimed that the defendants violated the FTC Act, the Consumer Review Fairness Act (CRFA), and Utah state law by marketing real estate events with false claims and using celebrity endorsements. The defendants allegedly promised consumers they would (i) earn thousands of dollars in profits from real estate investment “flips” by using the defendants’ products; (ii) receive 100 percent funding for their real estate investments, regardless of credit history; and (iii) receive a full refund if they do not make “a minimum of three times” the price of the workshop within six months. Additionally, consumers who received refunds were allegedly required to sign agreements preventing them from speaking with the FTC, state attorneys general, and other regulators; submitting complaints to the Better Business Bureau; or posting negative reviews. Under the terms of the settlement, the defendants are, among other things, permanently banned from marketing or selling any real estate or business coaching programs, and are restrained from making misleading earnings claims or misrepresenting any material aspect of the performance or nature of goods or services that are the subject of a sales offer. Additionally, the defendants are permanently banned from using contract terms to suppress customers’ ability to review their products or speak to law enforcement agencies, and may not release customer information in connection with any activity related to the subject matter of the order. The settlement also includes monetary judgments totaling more than $111 million.

    Federal Issues FTC Enforcement State Issues Utah Consumer Protection FTC Act Consumer Review Fairness Act

    Share page with AddThis
  • Utah amends mortgage practices and licensing rule provisions

    Recently, the Utah Department of Commerce adopted amendments to the Utah Residential Mortgage Practices and Licensing Rules to eliminate unnecessary and redundant licensee expenses for criminal background checks and credit reports. Among other things, the amendments provide that if a licensee submits a fingerprint background report to the Nationwide Multistate Licensing System & Registry (NMLS) “that is current according to the NMLS and is dated within 90-days of the date of the application to renew, the Division shall use that fingerprint background report in satisfaction of the requirement of. . .subsection [R162-2c-204]. If there is no current fingerprint background report in the NMLS, the licensee shall submit a fingerprint background report to the NMLS with the licensee’s application to renew.” The same condition also applies to current credit reports dated within 30-days of the date the renewal application was submitted to the NMLS. The amendments also update certain license qualification provisions related to moral character and felony convictions, and eliminate provisions concerning employee incentive programs related to licensed entities. These provisions took effect October 26.

    Licensing Mortgages State Issues Utah NMLS

    Share page with AddThis
  • Utah governor issues temporary moratorium on residential evictions

    State Issues

    On April 1, Utah Governor Gary Herbert issued an order instituting a moratorium on residential evictions for individuals out of work or otherwise unable to pay rent as a direct result of Covid-19 provided certain conditions are met. The temporary order went into effect immediately and is effective through May 15. Herbert’s announcement did not institute rent forgiveness during the leniency period.

    State Issues Utah Governors Covid-19

    Share page with AddThis
  • Utah Dept. of Financial Institutions approves suspended/reduced hours

    State Issues

    On March 12, the Utah Department of Financial Institutions sent an email permitting regulated entities to temporarily reduce or suspend operations or reduce operating hours without Department approval so long as the entity provides adequate notice to customers and sends an email to the Department informing it of the actions taken.

    The Utah Department of Commerce, Division of Real Estate announced on their website that due to Covid-19 concerns, real estate and appraisal licensees that have not completed their RAP Back Fingerprinting enrollment in advance of their March or April 2020 license renewal will have their license expirations temporarily postponed until further notice. 

     

    State Issues Covid-19 Utah

    Share page with AddThis
  • Utah Department of Financial Institutions issues guidance to credit unions

    State Issues

    On March 16, the Utah Department of Financial Institutions issued a statement encouraging credit unions to take steps to meet the financial services needs of members and communities affected by Covid-19. Credit unions are encouraged to, among other things, waive certain fees (e.g., ATM, overdraft, late payment fees), increase ATM daily cash withdrawal limits, ease restrictions on cashing out-of-state and non-member checks, increase credit card limits for credit worthy borrowers, and offer payment accommodations. Prudent efforts to modify the terms on existing loans for affected members will not be subject to examiner criticism and, generally, the department supports and will not criticize efforts to accommodate members in a safe and sound manner. The guidance also addresses: (i) financial condition review, supervisory response, and regulatory relief; (ii) regulatory reporting requirements; and (iii) alternative service options.

    State Issues Covid-19 Utah Credit Union Bank Compliance

    Share page with AddThis