Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB approves of Illinois’ new regulations on appraisal discrimination

    State Issues

    On April 9, the CFPB released a comment letter supporting the Illinois Department of Financial and Professional Regulation’s decision to propose three rules prohibiting discrimination related to appraisals. The CFPB interpreted and issued rules under ECOA and would enforce its requirements. Illinois’ three proposed rules (38 IAC 345.280(c)(1)(A); 38 IAC 185.280(c)(1)(A); and 38 IAC 1055.240(c)(1)) would all update the Illinois code to prohibit discrimination under ECOA or the FHA, including a provision to deny loan applications where they should have been granted due to discrimination. “Discrimination against applications on a prohibited basis in violation, for example of the [ECOA] or [FHA], including… relying on giving force or effect to discriminatory appraisals to deny loan applications where the covered financial institution knew or should have known of the discrimination[.]” The CFPB commented in their letter that these provisions accurately described ECOA. The CFPB also noted that TILA’s Appraisal Independence Rule, which it has rulemaking authority under, does not conflict with a lender’s obligations to comply with civil rights laws including ECOA.

    State Issues ECOA TILA CFPB Illinois Comment Letter

  • District Court grants MSJ for defendant for not acting as a debt collector


    On January 22, the U.S. District Court for the Northern District of Illinois granted a defendant’s motion for summary judgment in an FDCPA case. According to the order, a hospital that treated plaintiff referred his medical bills to defendant, who services hospitals throughout revenue cycles and acts as an extension of the hospital to service patient accounts. In a letter sent by defendant to plaintiff, defendant stated that the amount was not currently in default but emphasized the importance of hearing from plaintiff. After receiving this first statement from defendant, plaintiff’s attorney contacted defendant explaining plaintiff’s situation, and advised defendant to cease communications. Despite the request, defendant sent a follow-up statement, similar to the first, which plaintiff assumed meant that the debt was in default and required urgent attention. Subsequently, plaintiff paid the outstanding medical debt.

    Plaintiff then filed a lawsuit against defendant, alleging that the statements sent by defendant did not comply with disclosures mandated by the FDCPA. Defendant filed a motion for summary judgment, contending that it is not a debt collector covered by the Act. The defendant further argued that since the FDCPA’s definition of “debt collector” expressly excludes “any person collecting or attempting to collect any debt owed… which was not in default at the time that it was obtained by such person,” defendant was not a debt collector because they never treated the medical debt as in default. Although the FDCPA does not define when a debt is “in default,” the court found that the hospital and defendant never treated the debt as defaulted at the time of assignment, and since it did not acquire a defaulted debt to collect, defendant is therefore not considered a covered debt collector under the FDCPA. The court also found issues with plaintiff’s assertations, concluding that they were not applicable to defendant, as it is not a “debt collector” nor a “collection agency,” and that there was no genuine issue of material fact on the question of whether plaintiff’s debt was “in default” at the time it was assigned. As such, the court granted defendant’s motion for summary judgment as a matter of law, indicating that, based on the reasons provided, defendant is not considered a debt collector under the FDCPA.

    Courts Debt Collection Illinois

  • Illinois proposes rule to evaluate mortgage community reinvestment

    State Issues

    Recently, the Illinois Department of Financial and Professional Regulation issued a proposed rule pursuant to the Illinois Community Reinvestment Act (ILCRA). The ILCRA is modeled off the Community Reinvestment Act but expands its scope of covered financial institutions to include credit unions and licensed entities. The proposed rule will help the Department administer and enforce the ILCRA in an equitable manner. The rule establishes a framework and criteria by which the Department will evaluate a covered mortgage licensee’s record of helping to meet the mortgage credit needs of Illinois, including low- and moderate-income neighborhoods and individuals, through different tests and performance standards depending on the number of loans made by a covered mortgage licensee. Tests and considerations for evaluating licensees’ record include a lending test, service test, performance record, data collection and reporting, and content and recordkeeping of information received from the public.

    To mitigate the impact on small businesses, a licensee that has made less than 200 home mortgage loans in Illinois in the last calendar year will not be subject to the service test. Furthermore, licensees that made less than 100 home mortgage loans in Illinois in the previous calendar year will have less frequent examinations than those with more than 100. Based on the licensee’s performance under the lending and service tests, the proposed rule specifies that a licensee’s rating of “outstanding”; “satisfactory”; “needs to improve”; or “substantial noncompliance” will affect how frequent they are evaluated. Compliance with the proposed rule is required six months from its effective date, and comments are due by February 26. 

    State Issues Illinois Agency Rule-Making & Guidance Mortgage Origination CRA Consumer Finance

  • CFPB, seven State AGs file suit against debt-relief company

    Federal Issues

    On January 19, the CFPB and seven state attorneys general (Colorado, Delaware, Illinois, Minnesota, New York, North Carolina, and Wisconsin) announced a lawsuit against a debt-relief company, its subsidiaries, and its two individual owners (defendants) for allegedly facilitating an unlawful debt relief service. According to the complaint, the company used third parties to solicit consumers with large debts and direct them to contact defendants. The company then, allegedly, advised consumers to enroll in their debt-relief service that will negotiate reduced payoff amounts with consumers’ creditors and represent consumers. Additionally, individual defendants implicated in the action created law firms paired with one of the company’s subsidiaries, which performed little to no work on behalf of consumers, while non-attorney negotiators from the company were tasked with renegotiating a consumer’s debt. The CFPB and the AGs alleged that the company charges fees ($84 million since 2016) before and during the service, that left consumers with additional debt, lower credit scores, lawsuits with creditors, and had none of their original debts settled or reduced.

    Among other things, the CFPB claimed the company violated the Telemarketing Sales Rule (TSR) by (i) charging advance fees before a consumer has made at least one payment under a debt settlement plan; (ii) collecting fees after settling some of a consumer’s debts when the fees are not proportional to the amount of debt defendant successfully settled or based on a fixed percentage of the amount saved; and, (iii) supporting its subsidiary law firms that the company knew or knowingly avoided knowing engaged in abusive acts or practices. The complaint sought permanent and preliminary injunctive relief, redress for consumers, and a civil money penalty. On January 11, the court granted the Bureau’s request for a temporary restraining order.

    Federal Issues CFPB State Attorney General Colorado Delaware Illinois Minnesota New York North Carolina Wisconsin Debt Relief

  • Illinois adopts regulatory changes as part of its Collection Agency Act

    State Issues

    On December 1, the State of Illinois’s Department of Financial and Professional Regulation promulgated final regulations implementing provisions of the Illinois Collection Agency Act. As previously covered by InfoBytes, Illinois transferred oversight of collection agencies from the Division of Professional Regulation to the Division of Financial Institutions under Public Act 102-975 in November.

    Illinois proposed the new rules to “help the Division of Financial Institutions fulfill its newly-granted statutory responsibility and align these rules with regulatory requirements” set forth by the Illinois Collection Agency Act. Adoption of the new rules will not result in any substantive changes for Illinois Collection Agency licensees but will mirror the previous rules governing collection agencies at 68 Ill. Admin. Code 1210; additionally, the new rules have been adjusted to bring collection agencies in alignment with other industries regulated by the Division of Financial Institutions. Specifically, the new rules adjust the previous collection agency rules “regarding definitions, officers, applications for or changes to licensure, communications, pseudonyms, changes in ownership, recordkeeping, fees, payments, and the granting of variances to better reflect the standards of the Division of Financial Institutions.”

    Lastly, the rules add three new sections: (i) Administration and Enforcement of the Act, which grants the director administrative and enforcement power over collection agencies; (ii) Reports, which requires licensees to file written reports (upon at least 45-day notice by the Division); and, (iii) Investigations and Examinations, which generally states that licensees may be “examined from time to time” to ensure compliance. The rules went into effect on November 20, 2023.

    State Issues Licensing Illinois Debt Collection

  • Illinois Collection Agency Act oversight transferred to the Division of Financial Institutions

    State Issues

    Effective November 20, 2023, the Illinois Department of Financial and Professional Regulation adopted provisions regarding the Illinois Collection Agency Act. According to the Notice of Adopted Repealer, Public Act 102-975 has transferred the oversight of collection agencies from the Division of Professional Regulation to the Division of Financial Institutions. With the Division of Financial Institutions planning to introduce new regulations to align them to the agency’s standards, the Department proposes to repeal the existing regulations from the Division of Professional Regulation.

    State Issues Illinois Debt Collection

  • District court declines to reconsider BIPA accrual ruling


    On August 14, an Illinois District Court denied in part and granted in part a tech company’s motion to dismiss a class-action suit that alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”). The complaint alleged that the tech giant failed to safeguard the facial data in its photo service as closely as it protected other types of data and violated its own policy governing biometric identifier storage. BIPA requires companies to store, transmit, and protect biometric data using the reasonable standard of care within the company’s industry and to protect that data in either the same or more protective manner as it protects other types of confidential data. 

    In permitting the complaint to move forward, the court noted that the defendant’s internal documents allegedly show that it made minimal investment in its photo service and made no attempt to identify flaws in the system. Further, the court referred to allegations in the complaint that the defendant devotes fewer resources and staffing to protecting the photo service. The court noted that the allegations were sufficient because the lack of protocols made consumers’ critical metadata “vulnerable to attacks.”

    In granting the motion related to violation of the defendant’s policies, the court noted that plaintiffs did not show they were personally injured by the alleged violation. The defendant’s policy requires it to delete files for accounts that have been abandoned for two years, for which image recognition was disabled, or where user deleted their photo account. However, the court concluded that the complaint did not allege that plaintiffs did any of these actions.

    Courts Privacy, Cyber Risk & Data Security BIPA Biometric Data Illinois Consumer Protection

  • Illinois Supreme Court declines to reconsider BIPA accrual ruling

    Privacy, Cyber Risk & Data Security

    On July 18, the Illinois Supreme Court declined to reconsider its February ruling, which held that under the state’s Biometric Information Privacy Act (BIPA or the Act), claims accrue “with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” Three justices, however, dissented from the denial of rehearing, writing that the ruling leaves “a staggering degree of uncertainty” by offering courts and defendants little guidance on how to determine damages. The putative class action stemmed from allegations that the defendant fast food chain violated BIPA sections 15(b) and (d) by unlawfully collecting plaintiff’s biometric data and disclosing the data to a third-party vendor without first obtaining her consent. While the defendant challenged the timeliness of the action, the plaintiff asserted that “a new claim accrued each time she scanned her fingerprints” and her data was sent to a third-party authenticator, thus “rendering her action timely with respect to the unlawful scans and transmissions that occurred within the applicable limitations period.”

    In February, a split Illinois Supreme Court held that claims accrue under BIPA each time biometric identifiers or biometric information (such as fingerprints) are scanned or transmitted, rather than simply the first time. (Covered by InfoBytes here.) The dissenting judges wrote that they would have granted rehearing because the majority’s determination that BIPA claims accrue with every transmission “subvert[s] the intent of the Illinois General Assembly, threatens the survival of businesses in Illinois, and consequently raises significant constitutional due process concerns.” The dissenting judges further maintained that the majority’s February decision is confusing and lacks guidance for courts when determining damages awards. While the majority emphasized that BIPA does not contain language “suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business,” it also said that it continues “to believe that policy-based concerns about potentially excessive damage awards under [BIPA] are best addressed by the legislature,” and that it “respectfully suggest[s] that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under [BIPA].”


    Privacy, Cyber Risk & Data Security Courts State Issues Illinois BIPA Enforcement Consumer Protection Class Action

  • Illinois amends mortgage licensing provisions

    On June 30, HB 2325 (the “Act”) was signed by the Illinois governor to amend The Residential Mortgage License Act of 1987. According to the amendments, residential mortgage licensees in Illinois must register every physical office where they conduct business with the Secretary of Financial and Professional Regulation. However, they are allowed to permit mortgage loan originators to work from a remote location if certain conditions are fulfilled. Conditions include but are not limited to: (i) the licensee must have written policies and procedures for supervising remote mortgage loan originators; (ii) access to company platforms and customer information must comply with the licensee's information security plan; (iii) mortgage originators' residences cannot be used for in-person customer interactions unless the residence is a licensed location; (iv) physical records cannot be stored at remote locations; and (v) electronics used at remote locations must be able to securely access the company’s systems. Moreover, "remote location" is not considered a full-service office as defined by the regulations. If the loan originator works remotely, their primary office is the office registered on the Nationwide Multistate Licensing System and Registry record, unless they choose another licensed branch.

    The Act is effective January 1, 2024.

    Licensing State Issues State Legislation Mortgages Loan Origination Illinois NMLS

  • 7th Circuit: Insurer required to cover BIPA defense


    On June 15, the U.S. Court of Appeals for the Seventh Circuit upheld a district court’s ruling requiring an insurance company to defend an Illinois-based IT company against two putative class actions alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The insurance company sued for a declaration that, under its business liability insurance policy, it has no obligation to indemnify or defend the IT company in the two class actions. Class members alleged the IT company acted as a vendor for a company that “scraped” more than 3 billion facial scans and converted them into biometric facial recognition identifiers, which were then paired to images on the internet and sold via a database to the Chicago Police Department, in violation of BIPA.

    The insurance company’s policy bars coverage for any distribution of material in violation of certain specific statutes or in violation of “[a]ny other laws, statutes, ordinances, or regulations” and asserted that this catch-all provision includes BIPA. The district court disagreed, ruling that the language of the policy’s statutory violations exclusion was “intractably ambiguous” and did not explicitly bar coverage of the underlying suits.

    On appeal, the 7th Circuit agreed that the district court was correct in determining that a plain-text reading of the insurance policy’s “broad” and ambiguous catch-all coverage exclusion for “personal or advertising injury” would “swallow a substantial portion of the coverage that the policy otherwise explicitly purports to provide.” The 7th Circuit held that “the broad language of the catch-all exclusion purports to take away with one hand what the policy purports to give with the other in defining covered personal and advertising injuries.”

    Although the 7th Circuit considered whether there was a “common element” related to privacy in the enumerated statutes that could be read to include BIPA, ultimately the appellate court determined that nothing in the exclusion language “points to privacy as the focus of the exclusion.”

    Courts Privacy, Cyber Risk & Data Security Appellate Seventh Circuit BIPA Insurance Consumer Protection Class Action Illinois


Upcoming Events