Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI reminds financial institutions of their sanctions compliance obligations
On March 4, the California Department of Financial Protection and Innovation (DFPI) issued guidance, in light of the evolving situation in Ukraine, to remind financial institutions of their sanctions compliance obligations under state and federal law. Licensees are reminded that they are prohibited from participating in financial transactions with individuals and entities listed on the SDN List, and encouraged to review specific, more limited sanctions that have been placed on several Russian entities. This information can be found on OFAC's website.
Additionally, licensees are strongly encouraged to immediately ensure their systems, programs, and processes comply with OFAC regulations, and review and monitor all transactions (particularly trade finance transactions and funds transfers) to identify and block transactions subject to sanctions. Licensees should also follow OFAC directions related to blocked funds.
DFPI further warned that Russia’s invasion of Ukraine increases the risk that listed individuals and entities will attempt to evade sanctions by using virtual currency transfers, and encouraged licensees to review OFAC Guidance to protect against these risks. Licensees engaged in transactions involving virtual currencies are instructed to implement policies, procedures, and processes to protect against the unique risks posed by virtual currencies and should “consider virtual currency-specific control measures including sanctions lists, geographic screening, and any other measures appropriate to the licensee’s specific risk profile.”
Additionally, DFPI cautioned that the “Russian invasion significantly elevates the cyber risk for the U.S. financial sector,” and licensees are instructed to take measures to mitigate cybersecurity threats, including adopting core cybersecurity hygiene measures, eliminating any non-essential networking protocols, ensuring procedures are able to address a ransomware attack, and reevaluating “plans to maintain essential services, protect critical data, and preserve customer confidence considering the realistic threat of extended outages.” Licensees are encouraged to track alerts from the Cybersecurity and Infrastructure Security Agency.
Licensees conducting business in Ukraine and/or Russia should also “take increased measures to monitor, inspect, and isolate traffic from Ukrainian or Russian offices and service providers,” and “segregate networks for Ukrainian or Russian offices from the global network.”
NYDFS also recently issued similar guidance for New York state regulated entities on its cybersecurity and virtual currency regulations in response to the Russian invasion and recently imposed sanctions. (Covered by a Buckley Special Alert.)
DFPI reminds licensees of March 15 CFL annual report filing deadline
On February 17, the California Department of Financial Protection and Innovation (DFPI) issued a reminder to all licensees under the California Financial Law (CFL) that annual reports are due to the commissioner by March 15. Forms and instructions for submitting the 2021 annual report are available on DFPI’s CFL webpage. DFPI also warned licensees that the commissioner may suspend or revoke a licensee’s license if an annual report is not submitted by the deadline. Specifically, Financial Code section 22715(a) states that the “commissioner may by order summarily suspend or revoke the license of any licensee if that person fails to file the report required by Section 22159 within 10 days after notice by the commissioner that the report is due and not filed. If, after an order is made, a request for hearing is filed in writing within 30 days and the hearing is not held within 60 days thereafter, the order is deemed rescinded as of its effective date.” DFPI also provided a penalty matrix reflecting assessable penalties based on a late-filing date.
States settle with company on fraudulent MLO certifications
On February 10, the Conference of State Bank Supervisors announced that the California Department of Financial Protection and Innovation, Maryland’s Office of the Commissioner of Financial Regulation, and the Oregon Division of Financial Regulation have reached a settlement agreement with the owner of a California-based company for providing false certificates claiming that mortgage loan originators (MLOs) took mandatory eight-hour continuing education courses as required for licensure under state and federal law. The three state financial regulators brought separate enforcement actions alleging violations of the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) against the individual and his family (collectively, “respondents”) for their role in the “multi-state fraud scheme that involved hundreds of mortgage loan originators.” According to the announcement, the respondents have “agreed to fully cooperate and provide testimony against implicated mortgage loan originators,” and have “agreed to a lifetime restriction from direct and indirect involvement in businesses that provide mortgage lending-related education.” In addition to a $75,000 monetary penalty (which will be divided between the three states), the respondents have agreed to a non-compliance penalty of $15 million should they fail to fully comply with the terms of the settlement agreement.
The action follows a multistate $1.2 million settlement reached last month with 441 MLOs. As previously covered by InfoBytes, the enforcement action included the participation of 44 state agencies from 42 states, and required the settling MLOs to surrender their licenses for three months, pay a $1,000 fine to each state that is a signatory to the consent order in which the MLO holds a license, and take pre-licensing and continuing-education courses before petitioning or reapplying for an MLO endorsement or license.
Agencies file lawsuit in scheme targeting the elderly
On February 1, the California Department of Financial Protection and Innovation (DFPI), along with the CFTC and 26 other state regulators, announced a complaint against a precious metals dealer and its owner (collectively, “defendants”) for allegedly perpetrating a $68 million fraudulent scheme against more than 450 individuals nationwide, specifically against the elderly. According to the complaint, the defendants allegedly utilized false statements on its website regarding the risk and safety of their traditional retirement accounts and used fear tactics to convince senior citizens to purchase the precious metals. The complaint alleged that the company violated the federal Commodity Exchange Act by targeting the elderly and advising them to dissolve their savings and traditional retirement accounts in order to purchase their highly inflated and overpriced products, and that defendants had misrepresented their credentials and advised customers that the products were “a safe and conservative investment.” The complaint seeks disgorgement, civil monetary penalties, restitution, permanent registration and trading bans, and a permanent injunction against further violations of the Commodity Exchange Act, state regulatory laws, and CFTC regulations.
The same day, the SEC filed a complaint against the defendants in the U.S. District Court for the Central District of California for allegedly violating the antifraud provisions of the federal securities laws. The complaint seeks permanent injunctions, disgorgement, plus interest, and civil penalties.
DFPI addresses several MTA licensing exemptions
Recently, the California Department of Financial Protection and Innovation (DFPI) released two new opinion letters covering aspects of the California Money Transmission Act (MTA) related to the purchase and sale of digital assets and agent of payee rules. Highlights from the redacted letters include:
- Purchase and Sale of Digital Assets; Payment Processing Services. The redacted opinion letter examines whether the inquiring company’s client is required to be licensed under the MTA. The letter describes two types of transactions proposed to be conducted on the client’s online trading platform: (i) transactions in which customers purchase and sell digital assets from the company in exchange for fiat currency (Direct Purchase Transactions); and (ii) transactions in which merchants use the platform as a payment processor to accept digital assets from customers in exchange for non-fungible tokens (Payment Processing Transactions). DFPI concluded that the Direct Purchase Transactions do not require an MTA license because they do not “involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” DFPI similarly concluded that the Payment Processing Transactions do not require licensure at this time because DFPI has “not yet determined that payment processing transactions involving digital assets constitute receiving money for transmission[.]” Notwithstanding, DFPI added that it has been “studying the cryptocurrency industry closely” and that “[a]t any time, the Department may determine these activities are subject to regulatory supervision. The Department may also adopt regulations or issue interpretive opinions that significantly restrict [the contemplated] business operations.”
- Agent of Payee. The redacted opinion letter addresses whether the inquiring company’s proposed payment processing activities are exempt from the MTA’s licensing requirements. The letter explains that the company proposes to process payments related to purchases of apps through a virtual marketplace that operates on the company’s point of sale terminals. Through the virtual marketplace, customers (generally small businesses or merchants) may purchase apps that are developed and licensed to customers by third-party developers. Pursuant to a developer agreement, the company is appointed by such third-party developers to act as an “agent” of the developers “to collect and hold all Gross Revenue on [the developers’] behalf and to remit the Remittance Amount to [the developers’] Payment Account.” DFPI concluded that receiving funds from a customer for the purposes of transmitting payments to the developer “constitutes ‘receiving money for transmission.’” However, DFPI noted that these activities also satisfy the “agent of payee” exemption requirements because, pursuant to the developer agreement, the company acts as an agent of the developer, and the company’s receipt of payment satisfies “the customer’s (payor’s) obligation to the Developer for goods or services.” Accordingly, DFPI concluded that while the activities described constitute “money transmission” the company is exempt from the MTA’s licensure requirement.
DFPI reminded the companies that its determinations are limited to the presented facts and circumstances and that any change could lead to different conclusions.
DFPI reminds licensees about submitting annual reports
On January 5, the California Department of Financial Protection and Innovation (DFPI) announced that, pursuant to Financial Code section 22159(a), all DFPI California Financing Law licensees are required to submit their annual reports by March 15, even if the licensee had no business activity during the 2021 calendar year. According to DFPI, pursuant to Financial Code section 22715(b), failing to submit the annual report by March 15 will result in penalties. Among other things, DFPI also noted that the form and instructions for submitting the Annual Report are available on DFPI’s website, and that the annual report must be submitted electronically through the DFPI portal.
States reach $1.2 million settlement with MLOs over fraudulent SAFE Act education certifications
On January 18, the Conference of State Bank Supervisors (CSBS) announced that 441 mortgage loan originators (MLOs) have agreed to pay approximately $1.2 million to settle allegations that they falsely claimed to have completed annual mortgage education programs required under the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act). The enforcement action, which included the participation of 44 state agencies from 42 states, targeted a mortgage education scheme offered by a California-based company and its owner that provided false certificates claiming that MLOs took mandatory eight-hour continuing education courses as required for licensure under state and federal law. (See additional background information on the enforcement action here.) The states’ investigation—led by the California Department of Financial Protection and Innovation—revealed that the owner allegedly, in some instances, completed online education courses on behalf of the MLOs, and in other instances “granted course credit to [MLOs] who had enrolled in his approved course but who neither attended the course nor completed the required coursework necessary to receive course credit.” Administrative enforcement actions have been taken against the company, the owner, and members of the owner’s family. The settling MLOs have agreed to surrender their licenses for three months, pay a $1,000 fine to each state that is a signatory to the consent order in which the MLO holds a license, and take pre-licensing and continuing-education courses before petitioning or reapplying for an MLO endorsement or license. CSBS noted that MLOs implicated in the investigation that did not sign a consent order will face further enforcement actions with their appropriate state financial regulator for additional disciplinary action against their MLO licenses.
DFPI enters into a settlement with a rent-to-own furniture provider
On January 10, the California Department of Financial Protection and Innovation (DFPI) announced a settlement with a Los Angeles-based rent-to-own furniture provider for allegedly failing to comply with the Karnette Rental-Purchase Act (Karnette Act) in connection with its subscription agreements. This settlement constitutes the first action against a rent-to-own firm for violating the California Consumer Financial Protection Law (CCFPL). According to the settlement, in addition to charging excessive late fees, the company failed to: (i) disclose whether the property subject to the rental-purchase agreement is new or used; (ii) clearly and conspicuously provide the Karnette Act’s mandated contractual disclosures; and (iii) adhere to the Karnette Act’s prescribed formula for calculating the maximum cash price, among other things. As part of the settlement, the company must desist and refrain from violating the CCFPL, refund customers late fee overcharges, offer its rent-to-own products and services in compliance with the Karnette Act and applicable consumer laws, and report on its activities semi-annually to the DFPI. According to DFPI Commissioner Clothilde V. Hewlett, the consent order “reminds California businesses and consumers that the DFPI will be exercising its expanded authority under the new law.”
DFPI adopts debt collector license application and requirements
On December 22, the California Department of Financial Protection and Innovation (DFPI) adopted regulations, beginning at section 1850, title 10 of the California Code of Regulations, under the Debt Collection Licensing Act. As previously covered by InfoBytes, in July, DFPI issued a notice of proposed rulemaking to incorporate changes to its debt collection licensing requirements and application. Among other things, the regulations set forth the: (i) application form and procedures for filing a license application through the Nationwide Multistate Licensing System & Registry (NMLS); (ii) requirements for a licensee to maintain information filed through the NMLS current; and (iii) procedures for surrendering a license as a debt collector.
DFPI acknowledges challenges in obtaining a NMLS account
On December 23, the California Department of Financial Protection and Innovation (DFPI) released a notice on its website regarding DFPI’s awareness of a “temporary slowdown in obtaining a new Nationwide Multistate Licensing System or NMLS account.” DFPI noted that it is “working cooperatively with the NMLS team to be able to verify those that have attempted to apply.” DFPI observed that “[w]ith various DFPI year-end deadlines, the NMLS team is experiencing an unprecedented volume of account requests.” DFPI further acknowledged the “predicament this puts entities in who are trying to comply with the new debt collector licensing requirement to apply for a license by Dec. 31, 2021,” and stated it “will not take any action against a debt collector solely on the basis of the temporary slowdown with NMLS.”
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit