InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
West Virginia passes bill amending licensing requirements for mortgage loan originators
On March 22, the West Virginia governor signed HB 4285, which amends provisions under the West Virginia Safe Mortgage Licensing Act (Act) related to licensing requirements for mortgage loan originators, including those related to continuing education. HB 4285, among other things, (i) updates requirements for applicants registering for mortgage loan originator licenses; (ii) requires nonresident mortgage loan originators licensed under the Act to “acknowledge that they are subject to the jurisdiction of the courts of West Virginia”; (iii) outlines provisional license exceptions for loan originators; and (iv) specifies prelicensing and relicensing education requirements. The amendments take effect May 31.
Multiple states pass bills addressing GAP waiver framework
On March 28, HB 4186, which amends the Code of West Virginia by adding a section related to guaranteed asset protection waivers (GAP waivers), became law without the governor’s signature. Among other things, HB 4186 clarifies that GAP waivers are not insurance, and that GAP waivers issued after the bill’s effective date are exempt from West Virginia insurance laws. The bill also (i) specifies terms and conditions when offering GAP waivers; (ii) provides requirements for offering GAP waivers, including “contractual liability” obligations, certain disclosures, and cancellation/non-cancellation terms; and (iii) outlines exemptions, such as commercial transactions and GAP waivers sold or issued by federally regulated depository institutions. Additionally, HB 4186 clarifies the procedures a borrower must follow to activate benefits under a GAP waiver. The bill will apply to all GAP waivers in effect on or after July 1.
On March 28, the Wisconsin governor signed Assembly Bill 663 (AB 663), which amends statutes related to GAP waivers sold in connection with the credit sale or lease of a vehicle. Among other things, AB 663 prohibits creditors from requiring borrowers to purchase GAP waivers and requires creditors to provide written disclosures to borrowers prior to, or at the time of execution, which include that (i) the purchase of a GAP waiver is optional; (iii) outlines the costs and terms; and (iii) specifies procedures borrowers are required to follow to receive GAP waiver benefits. AB 663 also addresses cancellation provisions for borrowers. Furthermore, the bill clarifies that GAP waivers are not insurance and that any cost to a borrower must be separately stated as part of the finance agreement and cannot be considered a finance charge or interest. AB 663 becomes effective September 1.
Finally, on March 26, the Mississippi governor signed SB 2929, which clarifies that GAP waivers are not insurance and are therefore exempt from Mississippi insurance laws. Provisions promulgated under SB 2929 provide a framework for which GAP waivers may be offered to borrowers in the state and include (i) requirements for contractual liability and other policies to insure a GAP waiver; (ii) disclosure requirements; and (iii) cancellation policies for GAP waivers and procedures for borrowers to obtain a refund in the instance of cancellation or early termination. Similar to Wisconsin AB 663, any cost to a borrower associated with a GAP waiver must be separately stated as part of the finance agreement and cannot be considered a finance charge or interest. The act takes effect July 1.
Alabama enacts data breach notification law
On March 28, the Alabama governor signed SB 318, The Alabama Data Breach Notification Act of 2018 (Act), which requires entities doing business in the state to (i) notify consumers within 45 days if their personal data has been compromised in a data breach; and (ii) notify the state Attorney General and consumer reporting agencies if more than 1,000 individuals have been impacted. The Act also states that third-party agents, entities that have been contracted to maintain, store, process, or otherwise access sensitive personally identifying information in connection with providing services to a covered entity, are required to notify the covered entity of a breach of security “no later than 10 days following the determination of the breach of security or reason to believe the breach occurred.” Additionally, the Act gives the state Attorney General authority to prosecute a failure to disclose a data breach as an unlawful act or practice under the Alabama Deceptive Trade Practices Act, which can result in daily penalties of up to $5,000 per violation. However, entities that follow the notice requirements of industry-specific state or federal laws or regulations are exempt from the Alabama legislation. The law is effective June 1.
Massachusetts securities division halts five initial coin offerings
On March 27, Massachusetts’s Office of the Secretary of the Commonwealth Securities Division (Division) entered into separate consent orders with five companies that allegedly violated the Massachusetts Uniform Securities Act by promoting initial coin offerings (ICOs) using unregistered securities. The five companies, which conduct business in Massachusetts, offered the ICOs via websites, including social media platforms. Under the terms of the consent orders, the companies are prohibited from selling unregistered or non-exempt securities in the state and are censured by the Division.
Visit here for additional InfoBytes coverage on ICOs.
NYDFS updates cybersecurity regulation FAQs
On March 23, the New York Department of Financial Services (NYDFS) provided a second update to its answers to FAQs relating to 23 NYCRR Part 500, which took effect March 1, 2017 and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. The original promulgation of the FAQs was covered in InfoBytes, as was the last update in February. The new update to the FAQs adds the following guidance:
- An individual filing a Certificate of Compliance for his or her own individual license with no Board of Directors is acting as a Senior Officer as defined by 23 NYCRR 500 and should complete the filing process in that manner; and
- Entity ID is defined as an entity’s state-issued unique license or charter number. Specific information is provided for insurance companies and mortgage loan originators in the FAQs.
Florida enacts legislation prohibiting the misrepresentation of a residential mortgage loan as a business purpose loan
On March 21, the Florida governor signed HB 935, which prohibits the misrepresentation of a residential mortgage loan as a business purpose loan. HB 935 defines “business purpose loan” and requires that “a person must refer to the official interpretation” of the CFPB under 12 C.F. R. Section 1026.3(a) to determine if a loan is for a “business purpose.” It also provides penalties for knowingly or willfully misrepresenting a residential mortgage loan as a business purpose loan. Additionally, HB 935 defines the phrase “hold himself or herself out to the public as being in the mortgage lending business” to include representing to the public through advertisements or solicitations that the individual or business is a licensed mortgage lender. The law is effective July 1.
Nebraska enacts legislation amending certain provisions related to the recording of real property interests
On March 21, the Nebraska governor signed Legislative Bill 750 (LB 750), which amends and clarifies provisions related to the rights and responsibilities of secured creditors and the recording of real property interests. Among other things, LB 750 addresses (i) recording requirements for licensed mortgage bankers and (ii) the liability of a secured creditor that fails to timely record a deed of reconveyance or a release of mortgage when the obligation has been satisfied and a written request to record it has been received from the trustor, mortgagor or grantor. It also provides that “the transfer of any debt secured by a mortgage shall also operate as a transfer of a security of such debt.” The bill takes effect July 18.
Arizona creates first state regulatory sandbox for fintech innovation
On March 22, the Governor of Arizona signed HB 2434, which creates the first state “sandbox” program for companies to test innovative financial products or services without certain regulatory requirements. Arizona’s Regulatory Sandbox Program (RSP) will be administered by the state Attorney General and requires, among other things, that applicants describe the innovation desired to be tested, including an explanation of potential benefits and risks to consumers. Within 90 days, the Attorney General will notify the applicant if they are approved for the program. Details of the RSP program include a window of 24 months to test the product, requirements for seeking extensions to that time limit, a cap on the number of individuals who may participate in testing a product, and required disclosures to consumers. Participants are required to retain records and documents produced in the normal court of business for their product, and the Attorney General is allowed to seek those records and to establish regular reporting requirements. The RSP also places additional restrictions on certain participants, including consumer lenders and money transmitters, and requires compliance with Arizona consumer financial laws and all statutory limits and caps related to financial transactions.
The RSP is effective on April 26 and terminates on July 1, 2028.
Tennessee amends interest rate legislation
On March 23, the Governor of Tennessee signed HB 1944, which amends lending provisions of the Tennessee Code Annotated to change the application of interest rates to the amount financed instead of the total amount of the loan with regard to certain loans made by Tennessee industrial loan and thrift companies. The following interest rate requirements under present Tennessee law now apply to the amount financed: (i) under $100, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 18 percent per annum; (ii) between $100 and $5,000, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 30 percent per annum; (iii) greater than $5,000, no interest shall be charged on the principal or on the unpaid balance due after maturity in excess of a maximum effective rate of 24 percent per annum; and (iv) for open-end credit plans, a maximum effective rate of 24 percent per annum applies to the principal or on the unpaid balance due after maturity. HB 1944 is effective immediately and applies to loans made on or after March 23.
Multiple states update security freeze legislation
On March 23, the Governor of Tennessee signed HB 1486, which prohibits credit reporting agencies from charging a fee to a consumer for the placement or removal of a security freeze if the need to place or remove the security freeze was caused by the credit reporting agency. Tennessee already prohibited charging a fee for a security freeze if the consumer is a victim of identity theft and presents a copy of a police report (or other official documentation) to the credit reporting agency at the time of the request. Under Section 47-18-2108 of the Tennessee Code Annotated, the state still allows charging a fee of up to seven dollars and fifty cents for all other placements of a security freeze and up to five dollars to permanently remove a security freeze. HB 1486 is effective immediately.
On March 20, the Governor of Idaho signed SB 1265, which amends existing law to prohibit credit reporting agencies from charging a fee to a consumer for the first placement of a security freeze and for the first temporary lift of a security freeze during a twelve-month period. The law allows for a fee of up to six dollars for the second placement or temporary lift within a twelve-month period. SB 1265 still allows for a fee of up to $10.00 for the reissuance of a personal identification number or password. The legislation is effective July 1.