InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS Issues Interpretative Guidance Regarding Banking Law Approval Requirements
On May 22, the New York State Department of Financial Services (NYDFS) announced it was issuing interpretative guidance regarding the New York Banking Law requirement that mandates prior NYDFS approval for an acquisition or change of control of a banking institution. The guidance was released in response to a request by the New York Bankers Association amid concerns that some investors have been developing non-transparent methods of acquiring and controlling banking institutions without obtaining NYDFS’ review and approval. According to the guidance, “control” is achieved by having direct or indirect power to direct or cause the direction of a banking institution’s management and policies through the ownership of voting stocks or otherwise, and that control is achieved when individuals or entities work together or act in concert to acquire control of a banking institution but with each individual or entity staying below the threshold required for seeking NYDFS’ prior review and approval. The Superintendent of Financial Services, Maria T. Vullo issued a reminder to state-chartered banks that “all proposed changes of control in any banking institution must be submitted to the Department for prior approval under our mandate to safeguard the institutions we supervise and regulate, and to protect the public they serve.”
The guidance was released the same day Vullo testified at a New York State Assembly hearing on the “Practices of the Online Lending History,” which sought to “explore . . . predatory online lending practices which need to be mitigated, and potential regulatory or legislative action which may be needed to address [this issue].” Vullo urged legislators to clarify the statutory definition of “making loans” to include a wider range of companies and “to include situations where an entity, in addition to soliciting a loan, is arranging or facilitating the funding of a loan, or ultimately purchasing or acquiring the loan.”
NYDFS Files Independent Lawsuit Against OCC Fintech Charter
Following the April 26 lawsuit filed by the Conference of State Bank Supervisors (CSBS) opposing the OCC’s fintech charter (see previous InfoBytes post), the New York Department of Financial Services (NYDFS) filed its own lawsuit on May 12, asking the court to block the OCC from creating a new special purpose fintech charter. “The OCC’s charter decision is lawless, ill-conceived, and destabilizing of financial markets that are properly and most effectively regulated by New York and other state regulators,” NYDFS Superintendent Maria T. Vullo said in a statement announcing the lawsuit. “This charter puts New York financial consumers . . . at great risk of exploitation by newly federally chartered entities seeking to be insulated from New York’s strong consumer protections.” NYDFS’s complaint, filed in the U.S. District Court for the Southern District of New York, alleges that the OCC’s charter would include “vast preemptive powers over state law.” Specific concerns include the risk of (i) weakened regulatory controls on usury, payday loans, and other predatory lending practices; (ii) consolidation of multiple non-depository business lines under a single federal charter, thus creating more “too big to fail” institutions; and (iii) creating competitive advantages for large, well-capitalized fintech firms that could overwhelm smaller market players and thus restrict innovation in financial products and services. The complaint also asserts that the “OCC’s action is legally indefensible because it grossly exceeds the agency’s statutory authority.” Finally, the complaint claims that the proposed fintech charter would injure NYDFS monetarily because the regulator’s operating expenses are funded by assessments levied by the OCC on New York licensed financial institutions. According to NYDFS, every non-depository financial firm that receives a special purpose fintech charter from the OCC in place of a New York license deprives NYDFS of crucial resources that are necessary to fund its regulatory function.
Citing violations of the National Bank Act and conflicts with state law in violation of the Tenth Amendment of the U.S. Constitution, NYDFS seeks declaratory and injunctive relief that would declare the fintech charter proposal to be unlawful and prohibit the OCC from taking further steps toward creating or issuing the charter without express Congressional authority.
In a press release issued the same day, the CSBS said it “strongly supports the [NYDFS] lawsuit” and reiterated that the OCC “does not have the authority to issue federal charters to non-banks, and its unlawful attempt to do so will harm markets, innovation and consumers.”
Conference of State Bank Supervisors Announce Initiatives to Obviate Need for Fintech Charter, New York Joins Nationwide Mortgage Licensing System for Fintechs
On May 10, the Conference of State Bank Supervisors (CSBS) announced a “series of initiatives to modernize state regulation of non-banks, including financial technology [fintech] firms.” The draft of initiatives, branded “Vision 2020,” appear to be generally geared towards streamlining the state regulatory system so that it is capable of supporting business innovation, while still protecting the rights of consumers. As explained by CSBS Chairman and Texas Commissioner of Banking Charles G. Cooper, the CSBS is “committed to a multi-state experience that is as seamless as possible,” and, to this end, “state regulators will transform the licensing process, harmonize supervision [and] engage fintech companies.”
The initial set of actions that CSBS and state regulators are taking includes the following:
- Redesign the Nationwide Multistate Licensing System (NMLS). CSBS plans to redesign the NMLS, which is a web-based system that allows non-depository companies, branches, and individuals in the mortgage, consumer lending, money services businesses, and debt collection industries to apply for, amend, update, or renew a license online. In particular, the CSBS’s redesign will “provide a more automated licensing process for new applicants, streamline multi-state regulation, and shift state resources to higher-risk cases.”
- Harmonize multi-state supervision. CSBS has created “working groups to establish model approaches to key aspects of non-bank supervision,” to “enhance uniformity in examinations, facilitate best practices,” and “capture and report non-bank violations at the national level.” CSBS also intends to “create a common technology platform for state examinations.”
- Form an industry advisory panel. CSBS will “establish a fintech industry advisory panel to identify points of friction in licensing and multi-state regulation, and provide feedback to state efforts to modernize regulatory regimes.”
- Assist state banking departments. CSBS intends to start “education programs” that “will make state departments more effective in supervising banks and non-banks.”
- Make it easier for banks to provide services to non-banks. CSBS is also “stepping up efforts to address de-risking—where banks are cautious about doing business with non-banks, due to regulatory uncertainty – by increasing industry awareness that strong regulatory regimes exist for compliance with laws for money laundering, the Bank Secrecy Act, and cybersecurity.”
- Make supervision more efficient for third parties. CSBS also intends to “support[] federal legislation that would allow state and federal regulators to better coordinate supervision of bank third-party service providers.”
By harmonizing the supervision and licensing system and working more closely together, state regulators appear to want to eliminate a key reason to seek the OCC charter, namely the ability to deal with one federal agency and follow a single set of rules. As previously covered in InfoBytes, the CSBS and a number of individual stakeholders have fiercely opposed the OCC’s other main fintech initiative—the development of a special purpose national bank charter for payments processors, online lenders and other new entrants in the financial industry. CSBS sued the OCC last month, arguing it lacked the legal power to move forward. The overall initiative appears to be a response to the OCC’s own “responsible innovation” efforts, which—as previously covered in InfoBytes—culminated in the creation of a new office last year to correspond with fintechs and the banks interested in partnering with them.
Concurrent with CSBS’s Vision 2020 initiatives, on May 11, the New York State Department of Financial Services (NYDFS) announced that beginning July 1, 2017, it will transition to the NMLS to manage the license application and ongoing regulation of all nondepository financial institutions conducting business in the state, commencing with money transmitters. Specifically, on July 1, 2017, financial services companies holding New York money transmitter licenses will have the opportunity to transition those licenses to NMLS, and companies applying for new licenses will be able to apply through NMLS. As previously covered in InfoBytes, NMLS—a secure, web-based licensing system—will allow for easier on-line licensing renewal and enable NYDFS to “provide better supervision of the money transmitter industry by linking with other states to protect consumers.” Financial Services Superintendent Maria T. Vullo stressed that “[b]y working with the CSBS, which is leading the modernization of state regulation through Vision 2020, DFS is supporting the strong nationwide regulatory framework created by states to provide improved licensing and supervision by State regulators.”
Additional information about NMLS can be accessed through the NMLS Resource Center.
Gov. Cuomo Announces New Title Insurance Regulations Target Business Gifts, Ancillary Fees and Transactions with Affiliates
On May 1, New York Governor Andrew M. Cuomo announced two new proposed regulations to “crack down on unscrupulous practices in the title insurance industry.” According to the Governor, the proposed measures were drafted in response to an investigation by the state Department of Financial Services (“NYDFS”), which found that “meals, entertainment, gifts” and other “inducements” provided in exchange for referring business to a title insurance company or agents, were charged to customers under the guise of “marketing expenses.” The first proposed regulation would, among other things, clarify the rules about “meals and entertainment” expenses, and other ancillary fees that title agents or title insurers may charge a customer. The second proposed regulation would require title insurance companies or agents that generate a portion of their business from affiliates to function separately and independently from any affiliate and obtain business from other sources. Importantly, a press release issued by NYDFS explains that “emergency” versions of both of these regulations have already been adopted by NYDFS (in response to the aforementioned investigation). As explained by NYDFS, the emergency rules, which are currently in effect, will remain in effect until final regulations are adopted.
NYDFS Authorizes Coinbase to Offer Trading of Digital Currencies in New York
On March 22, the New York State Department of Financial Services (NYDFS) announced the approval of Coinbase, Inc.’s application to offer Ether and Litecoin to New York customers. “Ether” is a “digital cryptography-based asset” of the Ethereum network, “similar to how bitcoin is the digital cryptography-based asset of the Bitcoin network.” Litecoin, developed as a modification of the Bitcoin protocol, is the first alternative virtual currency to Bitcoin to gain public acceptance. NYDFS also approved Coinbase’s linked debit card service “Shift Card”—a VISA debit card that allows Coinbase users in select U.S. states and territories to use Bitcoin anywhere VISA is accepted. As discussed in a previous InfoBytes post, NYDFS recently issued a virtual currency and money transmitter license to Coinbase, which permits the company to operate as a service for buying, selling, sending, receiving, and storing Bitcoin. Financial Services Superintendent Maria T. Vullo noted, “DFS has proven that the state regulatory system is the best way to supervise and cultivate a thriving fintech industry, like virtual currency. New York will remain steadfast in pushing back against federal encroachment efforts like the OCC’s proposal to impose a one-size-fits-all national bank charter that increases risk and seeks to usurp state sovereignty.”
New York AG Announces Settlements with Three Mobile Health Application Developers over Misleading Marketing Practices and Privacy Policies
On March 23, the New York Attorney General’s (NYAG) office announced settlements with U.S.-, Austria-, and Israel-based mobile application (app) developers who allegedly participated in misleading marketing practices and the mismanagement of consumer information—both of which are violations of New York Executive, Education, and General Business Laws. Two of the three developers claimed their health-related apps accurately measured heart rates, and a third allegedly claimed its app would measure a fetal heartbeat. However, all three failed to test the apps for accuracy, conduct comparisons to other approved products, or obtain approval by the U.S. Food and Drug Administration. The developers have agreed to provide additional testing information, will correct misleading advertisements, obtain affirmative consent from consumers for developers’ privacy policies, and will pay $30,000 in combined penalties to the NYAG’s office. Furthermore, all three developers have also made changes to their privacy policies and disclose the collecting and sharing of information that “may be personally identifying” including “users’ GPS location, unique device identifier, and ‘deidentified’ data that third parties may be able to use to reidentify specific users.”
Governor’s Proposed NY State Executive Budget Includes More Online Lending Supervision; State Assembly Budget “Rejects” Proposed Change
Article 7 of the New York State Constitution requires the Governor to submit an executive budget each year, which contains, among other things, recommendations as to proposed legislation. On February 16, New York Governor Andrew Cuomo released a proposed 2017-18 Executive Budget that includes a proposed amendment to the New York Banking Law that would provide the New York Department of Financial Services (“NYDFS” or “DFS”) expanded licensing authority over online and marketplace lenders. (See Part EE (at pages 243-44) of the Transportation, Economic Development and Environmental Conservation Bill portion of the Executive Budget).[1]
According to a Memorandum in Support of the Governor’s Budget, the proposed amendment would (i) address “[g]aps in the State’s current regulatory authority [that] create opportunities for predatory online lending,” and (ii) “ensure that all types of online lenders are appropriately regulated,” by (a) “increase[ing] DFS’ enforcement capabilities,” and (b) “expand[ing] the definition of ‘making loans’ in New York to not only apply to online lenders who solicit loans, but also online lenders who arrange or otherwise facilitate funding of loans, and making, acquisition or facilitation of the loan to individuals in New York.” If enacted, the NYDFS’s new authority would, under the Governor’s current proposal, become effective January 1, 2018.
This proposal in the Governor’s Executive Budget has, however, been challenged by the New York State Legislature. On March 13, after several hearings on the Governor’s proposed budget, the New York State Assembly released its own 2017-18 Assembly Budget Proposal (“Assembly Budget”), which, among other things, expressly rejected the aforementioned proposed amendment to the banking law found in “Part EE.” The Senate is now expected to release its own budget proposal shortly. And, once it is released, the two house of the State Legislature will reconcile the two bills in committees and pass legislation that stakes out the House’s position on the Governor’s proposals. From there, negotiations will begin in earnest between the Legislature and the Executive, with the goal of reaching a budget agreement on or before March 31, 2017.
[1] See also N.Y. Banking Law § 340; N.Y. Gen. Oblig. Law § 5-501(1); N.Y. Banking Law § 14-a(1); N.Y. Gen. Oblig. Law § 5-521(3); N.Y. Ltd. Liab. Co. Law § 1104(a).
Payroll Card Regulations in New York Are Struck Down
In a Decision released on February 16, the New York Industrial Board of Appeals struck down the portions of a New York Department of Labor regulation (12 NYCRR 192), set to go into effect on March 7, that would have restricted a New York employers’ ability to pay its employees via payroll debit card. Specifically, the board ruled that the Department had exceeded its authority under New York labor law and encroached upon the jurisdiction of banking regulators when imposing fee limits and other restrictions on the cards.
The new rule – which was adopted by the Department of Labor in September 2016, and codified at section 192 of the New York Labor Law – set forth numerous regulations clarifying and/or specifying the acceptable methods by which employers in New York State may pay wages to certain employees. Among other things, the regulation required that an employer provide written notice to the employee and obtain written consent from the employee at least seven business days prior to taking action to issue the payment of wages by payroll debit card. The new rule would also have prohibited many fees, including charges for monthly maintenance, account inactivity and overdrafts, and for checking a card’s balance and contacting customer service.
At issue before the Industrial Board of Appeals was a petition submitted by a single payroll debit card vendor challenging the Department of Labor’s authority to regulate payroll debit cards. Ultimately, the Board agreed with the vendor, finding that the Department sought to improperly regulate banking services provided by financial institutions – an area subject to the exclusive jurisdiction of the New York Department of Financial Services. In reaching this holding, the Board noted that that the Department of Financial Services already regulates and has issued guidance concerning the fees that financial institutions may charge for banking services, including those related to checking accounts and licensed check cashers. The Board also noted that, should the Department of Labor wish to challenge the Decision, it may bring an Article 78 proceeding in New York Supreme Court, or, alternatively, it may choose to revise the Prepaid Card-related provisions identified in the Decision.
NYDFS Landmark Cybersecurity Rule Set to Take Effect on March 1
On February 16, New York Governor Andrew Cuomo announced that with the New York Department of Financial Services’ (NYDFS) publication of a Final Regulation, New York’s “First-in-the-Nation Cybersecurity Regulation” is set to take effect on March 1. As discussed previously in InfoBytes, the regulation—which requires banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain a cybersecurity program designed to protect consumers’ private data—imposes broad and, in some cases proscriptive, data security and cybersecurity requirements on Covered Entities that venture into new territory for both state and federal financial regulators. Indeed, as described by Governor Cuomo, the regulation reflects New York’s efforts to “lead[] the nation” through “decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises.”
Moreover, as detailed in a follow-up InfoBytes Special Alert, NYDFS issued a updated proposed regulation on December 28 in response to over 150 comments and testimony presented at a hearing before New York State lawmakers. Though the updated proposed regulation did not differ drastically from the original, the revised proposed regulation provided for somewhat greater flexibility in how covered entities could go about implementing the requirements. Among other things, the December 28 revisions provided for: (i) longer timeframes for compliance with its requirements; (ii) more flexibility for compliance with certain requirements and acknowledgement that some requirements may not be applicable to all financial institutions; and (iii) clarifications to certain key definitions.
The newly released Final Regulation retains the revisions incorporated in the December 28 revision, but also contains the following notable revisions:
- Record retention requirements for audit trail materials relating to Cybersecurity Events were reduced from five years to three years.
- Clarification that Covered Entities’ policies and procedures for reporting by Third Party Service Providers of Cybersecurity Events only apply to the Covered Entity’s Nonpublic Information.
- The limited exemption for small businesses to certain requirements of the rule has been narrowed by including a Covered Entity’s New York affiliates when calculating its number of employees and annual revenue.
- Further clarification on the exemptions for companies regulated under New York’s Insurance Law.
With the expiration of the 30-day comment period and the publication of the Final Rule, New York’s Cybersecurity regulation is officially cleared to become effective upon publication in the New York State Register on March 1.
InfoBytes will continue to monitor the rollout of this pioneering regulation as it progresses.
NYDFS Fines German Bank $425 Million for Deficient Money Laundering Controls
On January 30, the New York Department of Financial Services (NYDFS) announced that it had assessed a $425 million fine against a German bank as part of a consent order addressing allegations that the bank allowed $10 billion in “mirror trades” involving Russian investors by failing to properly enforce protections against money laundering. According to the press release, the bank and several of its senior managers allegedly “missed key opportunities to detect, intercept and investigate a long-running mirror-trading scheme facilitated by its Moscow branch and involving New York and London branches.” Specifically, the consent order claims the bank (i) conducted its business in an unsafe and unsound matter; (ii) implemented weak “Know Your Customer” processes; (iii) failed to accurately rate its country and client risks for money laundering throughout the relevant time period and lacked a global policy benchmarking its risk appetite; (iv) maintained ineffective, understaffed anti-financial crime, AML, and compliance units; and (v) had a flawed corporate structure and organization.
In addition to the $425 million monetary penalty, the bank must, within 60 days of the consent order, engage an independent monitor to “conduct a comprehensive review of the [b]ank’s existing BSA/AML compliance programs, policies and procedures.” Furthermore, the bank must submit in writing for NYDFS review an action plan outlining enhancements to its current BSA/AML compliance programs.