InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS announces investigation into rent-to-own as predatory lending
On April 16, the New York Department of Financial Services (NYDFS) announced an investigation into whether rent-to-own and land installment home purchase agreements constitute unlicensed, predatory mortgage lending in New York. NYDFS acknowledged the ongoing investigation while releasing a consumer alert to New Yorkers about rent-to-own and land installment contract pitfalls. The alert notifies consumers that the agreements may violate certain New York laws and regulations governing fair lending, mortgage protection, interest rates, habitability, and property condition. NYDFS encourages consumers to consider a traditional leasing option and be aware of the state of disrepair the property may be in before signing the agreement.
2nd Circuit affirms dismissal of class action against international bank for alleged AML control misrepresentations
On April 13, the U.S. Court of Appeals for the 2nd Circuit affirmed a district court’s dismissal of a proposed class action alleging an international bank misrepresented the effectiveness of internal controls to investors, during a time Russian traders were laundering more than $10 billion through the bank. In May 2016, investors filed a class action complaint against the bank alleging securities law violations for touting its compliance efforts while Russian clients were engaging in “mirror trades.” The district court dismissed the complaint for failing to sufficiently allege how the bank misled investors. Specifically, the district court noted that general statements about reputation and compliance amount to “puffery” and are regularly held to be non-actionable. In affirming the district court’s decision, the 2nd Circuit agreed that the plaintiffs failed to adequately allege scienter. The panel rejected the plaintiff’s reliance on, among other things, a consent order between the New York Department of Financial Services (NYDFS) and the bank (previously covered by InfoBytes here) as evidence the bank was aware of Russian wrongdoing during the time it made its alleged misrepresentations, stating “the consent order thus contradicts the plaintiffs’ argument that the individual defendants were aware of any wrongdoing at the time they made their alleged misrepresentations.”
Conference of State Bank Supervisors releases nationwide list of fintech innovation contacts
On April 10, following a nationwide fintech forum for state banking regulators and financial services executives co-hosted by the New York Department of Financial Services and the Conference of State Banking Supervisors (CSBS), CSBS issued a press release announcing that regulators from all 50 states and the District of Columbia have designated an “Innovation Staff Contact” within each of their offices to facilitate and streamline communications between state regulators and the financial services industry. Fintech topics include money transmissions, payments, lending, and licensing. According to the president of CSBS, “State regulators see how fintech is reshaping the financial services industry. And an Innovation Contact is but the latest step that states are taking to engage with industry and modernize nonbank regulation.” Last year, as previously covered in InfoBytes, CSBS introduced “Vision 2020,” an initiative geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers. Additionally, this past February, CSBS announced that financial regulators from seven states have agreed to a multi-state compact that will offer a streamlined licensing process for money services businesses, including fintech firms. (See previous InfoBytes coverage here.)
NYDFS launches online portal for anti-terrorism and anti-money laundering regulation compliance certification
On April 9, the New York Department of Financial Services (NYDFS) announced the launch of a new online portal that regulated entities may use to securely file certifications required under New York’s risk-based anti-terrorism and anti-money laundering regulation. This regulation took effect January 1, 2017, and regulated entities must file their first certification of compliance by April 16 and annually thereafter. The regulation requires regulated entities to maintain programs to monitor and filter transactions for potential Bank Secrecy Act/anti-money laundering violations, and ban transactions with sanctioned entities. The announcement states that filing through the online portal is preferred over alternative filing mechanisms.
NYDFS updates cybersecurity regulation FAQs
On March 23, the New York Department of Financial Services (NYDFS) provided a second update to its answers to FAQs relating to 23 NYCRR Part 500, which took effect March 1, 2017 and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. The original promulgation of the FAQs was covered in InfoBytes, as was the last update in February. The new update to the FAQs adds the following guidance:
- An individual filing a Certificate of Compliance for his or her own individual license with no Board of Directors is acting as a Senior Officer as defined by 23 NYCRR 500 and should complete the filing process in that manner; and
- Entity ID is defined as an entity’s state-issued unique license or charter number. Specific information is provided for insurance companies and mortgage loan originators in the FAQs.
NYDFS issues cybersecurity compliance certificate reminder
On March 5, the New York Department of Financial Services (NYDFS) published FAQs for regulated entities that have not yet filed cybersecurity certifications of compliance (Certification of Compliance) required under 23 NYCRR 500. The deadline to file was February 15 and notices recently were sent to regulated entities. Among other things, the FAQs state that a separate Certification of Compliance must be filed for each license an entity holds, and that entities who have failed to submit a Certification of Compliance must do so “as soon as possible.” Entities that received a reminder to certify their compliance but filed for an exemption under Section 500.19 are still required to file the Certificate of Compliance to “confirm that they are in compliance with those provisions of the regulation that apply.”
Find continuing InfoBytes coverage on NYDFS’s cybersecurity regulation here.
NYDFS releases new updates to cybersecurity regulation FAQs
On February 21, the New York Department of Financial Services (NYDFS) updated its answers to FAQs relating to 23 NYCRR Part 500, which was last updated in December 2017. As previously covered in InfoBytes, 23 NYCRR Part 500 took effect March 1, 2017, and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. This week’s updates to the FAQs add the following guidance:
- Due to increasing cybersecurity risks facing financial institutions, NYDFS “strongly encourages all financial institutions, including exempt Mortgage Servicers, to adopt cybersecurity protections consistent with the safeguards and protections of 23 NYCRR Part 500”;
- Not-for-profit mortgage brokers are Covered Entities under the cybersecurity regulation;
- Covered Entities, when acquiring or merging with a new company, must conduct a factual analysis of how the cybersecurity regulation applies to the acquisition or merger. In addition, NYDFS emphasized that Covered Entities must have in place serious due diligence processes and ensure cybersecurity is a priority; and
- Health Maintenance Organizations and continuing-care retirement communities are Covered Entities and must comply with the cybersecurity regulation requirements.
As previously covered in InfoBytes, on January 22, NYDFS issued a reminder to all NYDFS-regulated banks, insurance companies, and other financial services institutions that the deadline to file cybersecurity certifications of compliance was February 15.
Coalition of state attorneys general urge Department of Education to reject accreditor’s application
On February 20, Massachusetts Attorney General Maura Healey, along with 20 other state attorneys general and the Executive Director of the Hawaii Office of Consumer Protection, issued a letter to U.S. Department of Education (DOE) Secretary Betsy DeVos in opposition to an application submitted by the Accrediting Council for Independent Colleges and Schools (ACICS) to regain its status as a nationally recognized accreditor. According to Healey’s letter, which was submitted in response to the DOE’s January request for comments concerning ACICS’ application, “ACICS’ systemic accreditation failures and refusal to fulfill its obligations to students and taxpayers have enabled predatory schools to ruin the lives of hundreds of thousands of students. . . . Given the gravity of these failures, the Department should not grant any application for recognition made by ACICS without verifying that ACICS has corrected every deficiency and complied with all Departmental requirements effectively and consistently.” As previously covered in InfoBytes, this is not the first time that state attorneys general have reached out to the DOE concerning ACICS’ actions. The DOE upheld the decision to terminate ACICS’ recognition in December 2016.
NYDFS issues policies and procedures reminder to virtual currency companies
On February 7, the New York Department of Financial Services (NYDFS) issued a guidance document reminding virtual currency entities (VC entities) licensed by the state or chartered as limited purpose trust companies that they are required to have policies and procedures in place to guard against fraud, and that they should be particularly vigilant concerning efforts at market manipulation. The guidance requires VC entities to implement written policies that will (i) identify and assess fraud-related areas of risk, including market manipulation; (ii) provide procedures and controls to protect against identified risks; (iii) allocate risk monitoring responsibilities; (iv) periodically evaluate and revise risk monitoring processes to “ensure continuing effectiveness” and “compliance with all applicable laws and regulations; and (v) “provide for the effective investigation of fraud and other wrongdoing.” NYDFS also requires VC entities to submit incident reports detailing any identified wrongdoing, follow-up reports outlining any material developments, measures taken or to be taken concerning the developments, and a statement outlining any changes to the VC entity’s operations to prevent repeat occurrences.
NYDFS adjusts minimum interest requirements of escrow accounts
On January 29, the New York Department of Financial Services (NYDFS) announced an order adjusting the minimum rate of interest that New York State-chartered banks and other New York State-chartered financial institutions (collectively, “covered institutions”) must pay on certain mortgage escrow accounts. Prior to the order, covered institutions were required to pay a minimum rate of two percent per annum on certain residential escrow accounts. To more closely align with requirements for federal banking institutions, the order adjusts the minimum rate of interest that covered institutions must pay to the lesser of two percent or the six-month yield on United States Treasury securities.