InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Maryland establishes student loan servicer provisions, prohibits unfair, abusive, or deceptive trade practices
On March 13, the Maryland governor signed HB 594, which establishes various provisions with respect to student loan servicing in the state. Among other things, student loan servicers are prohibited from (i) employing—either directly or indirectly—“any scheme, device, or artifice to mislead a student loan borrower”; (ii) engaging in any unfair, abusive, or deceptive trade practice with regard to the servicing of student loans; (iii) misrepresenting or omitting material information, including fees, payment amounts, repayment options, terms and conditions, or student borrower obligations; (iv) obtaining property through the misrepresentation or omission of material fact; (v) knowingly or recklessly misapplying or refusing to correct a misapplication of payments to the balance of any student loan; (vi) providing inaccurate information to a consumer credit reporting agency; (vii) refusing to communicate with a student loan borrower’s authorized representative; (viii) making false statements or omitting material facts in connection with an investigation; and (ix) violating federal laws concerning student loan servicing. In addition, on or after February 1, 2020, student loan servicers are also prohibited from “allocat[ing] a nonconforming payment in a manner other than as directed by the student loan borrower” provided the borrower meets certain criteria. The Act also requires student loan servicers to respond to a borrower’s inquiry or complaint within 30 days of receipt, authorizes the Commissioner of Financial Regulation (Commissioner) to enforce the Act’s provisions, and provides that the Student Loan Ombudsman many refer borrower complaints to the Commissioner for investigation. The Act is effective October 1.
Indiana amends delinquency charge provisions for consumer credit sales and consumer loans
On May 6, the Indiana governor signed HB 1136, which amends the state’s Uniform Consumer Credit Code (UCCC) to, among other things, revise provisions related to authorized delinquency charges on consumer credit sales and consumer loans. Specifically, the amendments authorize a creditor to collect a delinquency charge of not more than (i) $5 for installments not paid in full within 10 days after the scheduled due date if installments are due every 14 days or less; (ii) $25 for installments not paid in full within 10 days after the scheduled due date if installments are due every 15 days or more; or (iii) $25 on single installments due at least 30 days after the consumer loan is made if the installment is not paid within 10 days after its scheduled due date. Furthermore, creditors are prohibited from collecting—whether directly or indirectly—a delinquency charge on any payment that (i) is paid within 10 days following its scheduled due date; and (ii) “is otherwise a full payment of the payment due for the applicable installment period. . .if the only delinquency with respect to a consumer credit sale, refinancing, or consolidation is attributable to a delinquency charge assessed on an earlier installment.” In addition, HB 1136 amends the maximum transaction fee for revolving loan accounts to the greater of 2 percent of the transaction amount or $10. The amendments take effect July 1.
11th Circuit continues flood insurance action against mortgage servicer
On May 8, the U.S. Court of Appeals for the 11th Circuit affirmed in part and reversed in part the dismissal of a consumer’s putative class action against her reverse mortgage servicer for the alleged improper placement of flood insurance on her home. The consumer claimed violations of the FDCPA and multiple Florida laws, including the Florida Deceptive and Unfair Trade Practices Act (FDUTPA), based on allegations that the mortgage servicer improperly executed lender-placed flood insurance on her property, even though the condo association had flood insurance covering the property. The lender-placed flood insurance resulted in $5,200 in premiums added to the balance of the loan, and an increase in financing costs on the mortgage. The district court dismissed the action, concluding the mortgage servicer was required by federal law to purchase the flood insurance and the monthly account statements were not collection letters under the FDCPA or state law.
On appeal, the 11th Circuit agreed with the district court that the monthly account statements of the reverse mortgage, which prominently stated “this is not a bill” in bold, uppercase letters, and did not request or demand payment, were not an attempt to collect a debt under the FDCPA. Additionally, the appellate court concluded that the consumer failed to allege the mortgage servicer was a debt collector within the meaning of the FDCPA because the complaint does not allege that the debt was in default. The appellate court also affirmed the district court’s dismissal of the state debt collection claims for similar reasons. However, the appellate court reversed the district court’s dismissal of the consumer’s FDUTPA claims, noting that the mortgage servicer failed to cite to a state or federal law requiring it to purchase flood insurance “when it has reason to know that the borrower is maintaining adequate coverage” in the form a condo association insurance.
States enact data breach notification requirements
On May 10, the New Jersey governor signed S 52, which amends the state’s data breach notification provisions. The amendments expand the definition of “personal information” to include “user name, email address, or any other account holder identifying information, in combination with any password or security question and answer that would permit access to an online account.” The amendment further permits breached entities to provide individuals, whose account access credentials have been compromised, with the opportunity to promptly change online account information, so long as the notification is not sent to an email account subject to the security breach. The amendments take effect on September 1.
On May 7, the Washington governor signed HB 1071, which amends the state’s data breach notification law to, among other things, (i) narrow the window for post-breach notification to affected individuals and to the state Attorney General, if applicable, from 45 days to 30 days after discovery; (ii) require notifications to contain the date of the breach and the date of the discovery of the breach, if known; (iii) permit electronic notification to affected individuals, which must instruct them to promptly change passwords and security questions or answers, as applicable; and (iv) significantly expand the items included in the notice to the Attorney General, including a summary of steps taken to contain the breach. In addition, HB 1071 expands the definition of “personal information” to include, among other things, the full birth date; a private key unique to an individual that is used to authenticate or sign electronic records; student, military, or passport ID numbers; health insurance identification numbers; biometric data or medical history; and user names and email addresses combined with passwords or security questions. The amendments take effect March 1, 2020.
Indiana amends towing notification laws
On May 6, the Indiana governor signed HB 1183, which amends the state statute concerning the release of an abandoned motor vehicle that has been towed to a storage yard or towing facility. Among other things, the bill revises notification requirements for towed vehicles, providing that a public agency or towing service must conduct a search of the National Motor Vehicle Title Information System or an equivalent database to attempt to obtain the name of the person who owns or holds a lien on the vehicle and contact that person within three days regarding charges and the potential to auction the vehicle if not claimed. The bill also provides inspection rights for owners and lienholders of vehicles and allows for a towing service or storage yard to charge an inspection fee for inspections or retrievals from the vehicle. The bill is effective July 1.
State AGs support safe harbor for marijuana banking
On May 8, a bipartisan group of 38 state and territorial Attorneys General wrote to congressional leaders to urge the advancement of legislation that would allow banks to do business with marijuana-related businesses in states and territories that have legalized certain uses of marijuana. Specifically, the letter expresses support for the SAFE Banking Act (HR 1595), which “would provide a safe harbor for depository institutions that provide a financial product or service to a covered business in a state that has implemented laws and regulations that ensure accountability in the marijuana industry.” The letter notes that banks providing services to state-licensed cannabis businesses, or even to their vendors, could find themselves subject to criminal and civil liability under the federal Controlled Substances Act and certain federal banking statutes because the federal government classifies marijuana as an illegal substance. Because the revenues of the legalized marijuana industry are currently handled outside of the banking system, the letter argues that it is difficult to track revenues for taxation and regulatory compliance purposes, and further contributes to potential public safety issues as “cash-intensive businesses are often targets for criminal activity.” Emphasizing that the support of the SAFE Banking Act is not an endorsement for the legalization of marijuana-related transactions, the letter notes that allowing banks the safe harbor provided in the legislation would bring billions of dollars into the banking industry and would render state and federal regulatory bodies more effective in monitoring and taxing marijuana businesses.
Indiana sues credit reporting agency over 2017 data breach
On May 6, the Indiana Attorney General announced a lawsuit filed against a national credit reporting agency in response to its 2017 data breach, alleging the company “chose increasing revenue over protecting the safety of consumers’ sensitive personal information.” According to the complaint, the state alleges the company violated the Indiana Deceptive Consumer Sales Act by failing to secure 3.9 million residents’ personal data while representing to consumers that its payment systems were compliant with Payment Card Industry (PCI) standards. The complaint alleges among other things that the company “knew the system was storing payment card information in clear text, which was a known violation of the [PCI standard]” and “[d]espite its knowledge, … made a conscious choice to break the rules.” Indiana is seeking civil penalties, consumer restitution, costs and injunctive relief.
New York legislature introduces bills to protect small businesses, regulate merchant cash advance transactions
On May 1, S5470 was introduced in the New York State Senate and is now sitting with the Committee on Banks, which would establish consumer-style disclosure requirements for certain commercial transactions. Similar to the legislation enacted in California last September, previously covered in InfoBytes here, the bill requires financing entities subject to the law to disclose in each commercial financing transaction “the total cost of the financing, expressed as a dollar cost, including any and all fees, expenses and charges that are to be paid by the recipient and that cannot be avoided by the recipient, including any interest expense.” For open and closed-end commercial financing transactions, the bill requires that the disclosures must include, among other things, (i) the amount financed or the maximum credit line; (ii) the total cost of the financing; (iii) the annual percentage rate; (iv) payment amounts; (v) a description of all other potential fees and charges; and (vi) prepayment charges. The bill sets out analogous, but separate, disclosure requirements for accounts receivable purchase transactions, such as merchant cash advance and factoring transactions.
Importantly, the bill does not apply to (i) financial institutions (defined as a chartered or licensed bank, trust company, industrial loan company, savings and loan association, or federal credit union, authorized to do business in New York); (ii) lenders regulated under the federal Farm Credit Act; (iii) commercial financing transactions secured by real property; (iv) a technology service provider; and (v) a lender who makes no more than one applicable transaction in New York in a 12-month period or any person that makes commercial financing transactions in New York that are incidental to the lender’s business in a 12-month period.
Additionally, the New York legislature is also considering a number of other bills that would affect commercial financing transactions:
- A03637, would amend the state’s banking law to deem asset-based lending transactions (defined as, “a transaction in which advances are made which are contingent on the recipient forwarding payments received from one or more third parties for goods such recipient has supplied or services such recipient has rendered to that third party or parties.”) to be loans for all purposes. On its face, this legislation would subject typical merchant cash advance and factoring transactions, which New York courts have in many recent court cases deemed to be non-loan transactions, to lending law restrictions, which would include potential licensure requirements and usury restrictions.
- A03636, would amend the state’s business law to prohibit the inclusion of a confession of judgment (COJ) in a contract or agreement for a financial product or service provided by an entity regulated by the New York Department of Financial Services for the purpose of consumer or investor protection, which is specifically defined by the bill as: (i) any product or service for which registration or licensing is required or for which the offeror or provider is required to be registered or licensed by state law; (ii) any product or service as to which provisions for consumer or investor protection are specifically set forth for such product or service by state statute or regulation; and (iii) securities, commodities and real property subject to the provisions of article 23A of the general business law. COJs are contractual clauses in which a debtor waives in advance his or her right to be notified of a court hearing, or to present his or her side of the case, which are prohibited under federal law for consumer contracts by the FTC Credit Practices Rule (16 C.F.R. pt. 444). In conjunction with potential licensure required under AO3637 above, the passage of both pieces of legislation in New York could result in the prohibition of COJ clauses in merchant cash advance agreements, a common feature of such agreements and generally permitted under New York law.
- A03638, would extend the majority of the state’s consumer protections with respect to loans made to small businesses (defined by the bill as, a “small business shall be deemed to be one which is resident in this state, independently owned and operated, not dominant in its field and employs one hundred or less persons.”). Specifically, the bill would amend the state’s general obligations law to extend all rights and privileges granted under the title to small businesses and would also amend Section 173 and Section 380-e of the state’s banking law to extend all the rights and privileges granted by the section to small businesses.
Relatedly, the FTC recently held a forum on small business marketplace lending practices, see detailed InfoBytes coverage on the forum here.
Maryland amends security breach notification requirements
On April 30, the Maryland governor signed HB 1154 to amend current law related to security breach notification requirements. Among other provisions, HB 1154 (i) requires businesses that own, license, or maintain computerized data that includes a resident’s personal information to conduct a reasonable, prompt investigation in the event of a security breach to determine whether the personal information has been, or is at risk of, being misused due to the breach; (ii) requires business to provide notice to the affected individuals; (iii) stipulates that businesses may not charge fees when providing necessary information to an owner or licensee who is required to provide notice to affected individuals; and (iv) provides restrictions concerning the use of the computerized data relative to the security breach. The amendments take effect October 1.
Trustee allowed to file amended complaint concerning RMBS breach of contract claims
On April 25, the New York Supreme Court, Appellate Division held that a trustee for two residential mortgage-backed securities (RMBS) trusts is entitled to file an amended complaint concerning “express breach of contract claims.” The issue arose from whether the sponsor breached its agreements with the trustee when it allegedly failed to disclose breaches of representations and warranties discovered during a due diligence review of the RMBS trusts after the transactions closed. According to the opinion, the sponsor claimed that no fraud or misrepresentations had occurred with respect to the loans, but it was later discovered that this was not true. However, the sponsor still moved to dismiss, arguing it was not bound under the mortgage purchase agreements to disclose any breach of the representations and warranties. The trial court dismissed the claims and blocked the trustee from filing an amended complaint after it determined the sponsor was not obligated to relay the loans’ issues after they were discovered.
On review, the appeals court found that the relevant contractual language, requiring the sponsor, upon discovery of any breach to give written notice of the breach to itself, was ambiguous, but opined that “[a]llowing the clause to remain as written would render this provision meaningless”—an important fact since “courts should avoid interpretations that would render contractual language mere surplusage.” The trustee claimed that because the sponsor is included on the list of parties required to provide notice, there must be another unnamed party, other than the sponsor, available to receive notice, whereas the sponsor argued that its inclusion on the list of parties required to give notice was “due to ‘alleged drafting imperfections’” since it is the party that is entitled to receive such notices. Because both parties presented “reasonable competing interpretations,” the appeals court noted, additional proceedings are necessary.