Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Oklahoma regulator amends working from home guidance

    State Issues

    On September 23, the Oklahoma Department of Consumer Credit extended, for the third time, its interim guidance to regulated entities on working from home (see herehere, here and here for previous coverage). The guidance sets forth data security standards that regulated entities must meet in order to satisfy the department guidance. The guidance also provides that the department will expedite and waive fees for change of address applications in the event that a licensed location is compromised by Covid-19 or is undergoing decontamination. The guidance was extended through October 31, 2020.

    State Issues Covid-19 Oklahoma Consumer Credit Privacy/Cyber Risk & Data Security Licensing

    Share page with AddThis
  • Colorado amends executive order regarding eviction protections

    State Issues

    On September 22, the Colorado governor issued Executive Order 2020 202, which amends Executive Order 2020 101, as amended and extended by earlier orders. The amendment provides that an individual is prohibited from filing or initiating actions for forcible entry and detainer (i.e. eviction), including any demand for rent, unless the individual has notified the tenant in writing of the federal protections against eviction provided by the Centers for Disease Control and Prevention’s Temporary Halt in Residential Evictions To Prevent the Further Spread of Covid-19. The individual must provide as notice a copy of the CDC’s order. Certain aspects of Executive Order 2020 101, including the amendments pursuant to Executive 2020 202, will expire 30 days from September 2020. Other aspects of Executive Order 2020 101 will remain in full force and effect as originally promulgated. Previous coverage relating to Colorado’s eviction orders can be found here, here, and here.

    State Issues Covid-19 Colorado Mortgages Evictions

    Share page with AddThis
  • California AG settles privacy covers with fertility-tracking mobile app

    Privacy, Cyber Risk & Data Security

    On September 17, the California attorney general announced a settlement with a technology company that operates a fertility-tracking mobile app to resolve claims that security flaws put users’ sensitive personal and medical information at risk in violation of state consumer protection and privacy laws. According to the complaint filed in the Superior Court for the County of San Francisco, the company’s app allegedly failed to adequately safeguard and preserve the confidentiality of medical information by, among other things, (i) allowing access to user information without the user’s consent, by failing to “authenticate the legitimacy of the user to whom the medical information was shared”; (ii) allowing a password-change vulnerability to permit unauthorized access and disclosure of information stored in the app without the user’s consent; (iii) making misleading statements concerning implemented security measures and the app’s ability to protect consumers’ sensitive personal and medical information from unauthorized disclosure; and (iv) failing to implement and maintain reasonable security procedures and practices.

    Under the terms of the settlement, the company—which does not admit liability—is required to pay a $250,000 civil penalty and incorporate privacy and security design principles into its mobile apps. The company must also obtain affirmative authorization from users before sharing or disclosing sensitive personal and medical information, and must allow users to revoke previously granted consent. Additionally, the company is required to provide ongoing annual employee training concerning the proper handling and protection of sensitive personal and medical information, in addition to training on cyberstalking awareness and prevention. According to the AG’s press release, the settlement also includes “a first-ever injunctive term that requires [the company] to consider how privacy or security lapses may uniquely impact women.”

    Privacy/Cyber Risk & Data Security Courts Settlement Data Breach State Issues State Attorney General

    Share page with AddThis
  • Virginia governor announces expansion of grant program for small businesses, nonprofits

    State Issues

    On September 21, the Virginia governor announced the expansion of the Rebuild VA, the $70 million economic recovery fund for small businesses and nonprofits impacted by Covid-19. As a result of the expanded eligibility requirements, businesses that received funding from the federal CARES Act and supply chain partners of businesses whose normal operations were impacted by the Covid-19 pandemic will be eligible to receive grants of up to $10,000. The Rebuild VA funding may be used for, among other things, payroll support, employee salaries, and mortgage payments, rent, and utilities. The announcement provides additional information regarding eligibility for the grants.

    State Issues Covid-19 Virginia Small Business CARES Act Mortgages

    Share page with AddThis
  • New York governor extends moratorium on commercial evictions

    State Issues

    On September 21, the New York governor issued Executive Order 202.64, which extends the moratorium on Covid-19-related commercial evictions until October 20. The eviction moratorium, which was first issued on March 20, has been extended several times. For our previous coverage, see here.

    State Issues Covid-19 New York Mortgages

    Share page with AddThis
  • California Department of Real Estate issues FAQs regarding licensing process

    State Issues

    On September 21, the California Department of Real Estate issued FAQs on licensing processes during Covid-19. The FAQs respond to questions regarding, among other things, how to determine whether an exam has been cancelled and how to reschedule the exam, the best way to complete a renewal of an expiring real estate license, completing continuing education requirements, and whether the DRE will accept electronic signatures on licensing documents.

    State Issues Covid-19 California Licensing Examination Real Estate Mortgage Licensing

    Share page with AddThis
  • NYDFS enforces its debt collection regulation for the first time

    State Issues

    On September 16, NYDFS filed a statement of charges against a debt collector for allegedly failing to honor consumers’ requests for substantiation of debt. This is the first enforcement action alleging violations of New York’s Debt Collection Regulation, 23 NYCRR Part 1, which was promulgated in 2015. New York law dictates that substantiation must be provided within 60 days after receiving a request, and specifies what documentation must be provided to substantiate the debt. Charges filed against the company allege that requests made by consumers for information proving the validity of the debt and the company’s right to collect the debt were not honored in several ways, such as failing to provide (i) any substantiation to dozens of consumers; (ii) sufficient substantiation to hundreds of consumers, for example, by omitting a complete chain of title or underlying transaction documents; and (iii) substantiation within the required timeframes. NYDFS maintains that the company’s actions violate 23 NYCRR Part 1, Section 1.4, and that such violation carries civil penalties of up to $1,000 per offense under state law. Additionally, NYDFS claims that “each failure to provide any substantiation, timely substantiation, or sufficient substantiation of debt constitutes an independent offense.” A hearing is scheduled for January 12, 2021 before a hearing officer to be appointed by the Superintendent of Financial Services.

    State Issues NYDFS Debt Collection Enforcement

    Share page with AddThis
  • New York AG settles data breach lawsuit with national coffee chain

    Privacy, Cyber Risk & Data Security

    On September 15, the New York attorney general announced a settlement with a national franchisor of a coffee retail chain to resolve allegations that the company violated New York’s data breach notification statute and several state consumer protection laws by failing to protect thousands of customer accounts from a series of cyberattacks. As previously covered by InfoBytes, the AG claimed that, beginning in 2015, customer accounts containing stored value cards that could be used to make purchases in stores and online were subject to repeated cyberattack attempts, resulting in more than 20,000 compromised accounts and “tens of thousands” of dollars stolen. Following the attacks, the AG alleged that the company failed to take steps to protect the affected customers or to conduct an investigation to determine the extent of the attacks or implement appropriate safeguards to limit future attacks. The settlement, subject to court approval, would require the company to (i) notify affected customers, reset their passwords, and refund any stored value cards used without permission; (ii) pay $650,000 in penalties and costs; (iii) maintain safeguards to protect against similar attacks in the future; and (iv) develop and follow appropriate incident response procedures.

    Privacy/Cyber Risk & Data Security Courts Settlement Data Breach State Issues

    Share page with AddThis
  • CSBS announces single exam for money transmitters

    State Issues

    On September 15, the Conference of State Bank Supervisors (CSBS) announced the launch of a single, streamlined examination for money transmitters operating nationwide (i.e., in 40 or more states), known as “MSB Networked Supervision.” The single exam—which will apply to “78 of the nation’s largest payments and cryptocurrency companies”—will be led by one state overseeing a group of examiners sourced from around the country. MSB Networked Supervision is a result of recommendations from the CSBS Fintech Industry Advisory Panel and CSBS Vision 2020 (covered by InfoBytes here).

    State Issues Money Service / Money Transmitters State Regulator Examination Supervision Vision 2020 Licensing CSBS Fintech

    Share page with AddThis
  • Joint settlement requires forgiveness on $330 million of student loans

    Federal Issues

    On September 15, the CFPB filed a complaint and proposed stipulated judgment against a trust, along with three banks acting in their capacity as trustees to the trust, for allegedly providing substantial assistance to a now defunct for-profit educational institution in engaging in unfair acts and practices in violation of the Consumer Financial Protection Act. The Bureau asserted that the trust owned and managed private loans for students attending the defunct institution, even though the trust “allegedly knew or was reckless in not knowing that many student borrowers did not understand the terms and conditions of those loans, could not afford them, or in some cases did not even know they had them.” The Bureau alleged that the defunct institution induced students to take out loans through several unfair practices, including “using aggressive tactics, and in some cases, gaining unauthorized access to student accounts to sign students up for loans without permission.” These loans, the Bureau contended, carried default rates well above what was expected for student loans. According to the Bureau, the trust was allegedly actively involved in the servicing, managing, and collection of these student loans.

    If approved by the court, the Bureau’s proposed settlement would require the trust to (i) cease collection efforts on all outstanding loans owned and managed by the trust; (ii) discharge all outstanding loans owned and managed by the trust; (iii) ask all consumer reporting agencies to delete information related to the trust’s loans; and (iv) notify all affected consumers of these actions. The Bureau estimated that the total amount of loan forgiveness is roughly $330 million.

    This settlement is the third reached by the Bureau in relation to the defunct institution’s private loan programs. In 2019, the defunct institution reached a settlement with the Bureau (covered by InfoBytes here), which required the payment of a $60 million judgment. Additionally, the Bureau entered into another settlement in 2019 with a different company that managed student loans for the defunct institution’s students, which required the loan management company to comply with similar requirements as the trust (covered by InfoBytes here).

    Also on September 15, attorneys general from 47 states plus the District of Columbia reached a national settlement with the trust.

    Federal Issues CFPB Enforcement State Attorney General State Issues Settlement UDAAP Unfair Student Lending

    Share page with AddThis

Pages

Upcoming Events