Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 4, the U.S. District Court for the Central District of California granted the California DFPI’s motion for summary judgment which challenged the DFPI’s commercial financing regulations. According to the DFPI’s press release, the proposed regulations would require commercial financing providers to disclose key metrics to small businesses to help them understand their financing options, including the amount of funding provided, APR, finance charge, and payment amounts.
In their complaint, the plaintiffs argued that the regulations violated the First Amendment and were preempted by TILA. The court disagreed, holding that (1) the regulations do not violate the First Amendment under the test for compelled commercial speech since the required disclosures under the Regulations are “reasonably related” to substantial government interest and are not “unjustified or unduly burdensome”; and (2) because the CFPB made a “rational conclusion” that TILA does not preempt commercial financing regulations, the court would defer to the CFPB’s determination.
On November 28, the State AG of Massachusetts filed an assurance of discontinuance with a household goods rental company for unfair and deceptive debt collection practices. The company offers household goods under a rent-to-own payment contract as part of its business model. According to the assurance, customers would rent a good and then pay it off over several months to several years to obtain ownership; however, the assurance of discontinuance alleges that, for customers who failed to make payment or never returned the item, the company resorted to aggressive tactics: sending employees out to collect payments by making house visits, “pounding on doors, turning doorknobs to see if they were unlocked, and demanding to be let in.”
In addition to these collection tactics, the assurance of discontinuance states that the company would file criminal complaints. The AG of Massachusetts finds this to be an improper use of “the criminal process, [such as] the threat of arrest or prosecution, as a [d]ebt collection tool.” Additionally, if a customer failed to make timely payments or return the rented property, the company would file a criminal complaint alleging their customers were committing larceny. In the assurance, the company agrees to pay $8.75 million, and the company must cease filing criminal complaints against customers.
On November 27, the NYDFS entered into a consent order with a title insurance company, which required the company to pay $1 million for failing to maintain and implement an effective cybersecurity policy and correct a cybersecurity vulnerability. The vulnerability allowed members of the public to access others’ nonpublic information, including driver’s license numbers, social security numbers, and tax and banking information. The consent order indicates the title insurance company discovered the vulnerability as early as 2018. The title insurance company’s failure to correct these changes violated Section 500.7 of the Cybersecurity Regulation.
In May 2019, a cybersecurity journalist published an article on the existence of a vulnerability in the title insurance company’s application, that led to a public exposure of 885 million documents, some found through search engine results. The journalist noted that “replacing the document ID in the web page URL… allow[ed] access to other non-related sessions without authentication.” Following the cybersecurity journalist’s article, and as required by Section 500.17(a) of the Cybersecurity Regulation, the title insurance company notified NYDFS of its vulnerability, at which point NYDFS investigated further. The title insurance company has been ordered to pay the penalty no later than ten days after the effective date.
On November 20, DFPI announced it is seeking public comment before it begins its formal rulemaking process on its Digital Financial Assets Law (DFAL), which was enacted on October 13. As previously covered by InfoBytes, DFAL created a licensing requirement for businesses engaging in digital financial asset business activity and is effective on July 1, 2025.
For comments that recommend rules, DFPI encourages comments that “propose specific rule language and provide an estimate, with justification, of the potential economic impact on business and individuals that would be affected by the language.” Additionally, DFPI requests metrics, applicable information about economic impacts, or quantitative analysis to support comments. Among other topics, DFPI especially asks for comments related to (i) application fees and potential fee adjustments based on application complexity; (ii) surety bond or trust account factors; (iii) if capital minimums should vary by the type of activity requiring licensure; and (iv) its stablecoin approval process.
Comments must be received by January 12, 2024. On January 8, 2024, DFPI will host a Virtual Informal Listening Session with stakeholders to discuss feedback on this informal invitation for comments.
DFPI recently published a report on consumer crypto-related complaints collected through its new online complaint portal. According to the third-quarter 2023 CSO report, some of the most common complaints include (i) consumers being scammed into transferring digital assets from a legitimate crypto account to a fraudulent platform; (ii) consumers losing access to funds after transferring to an unknown wallet; (iii) consumers who invest in sham crypto investments by sending US dollars to a scammer’s platform, wallet, or bank; (iv) consumers making additional investments to scammers after receiving the first and only return; (v) consumers with concerns regarding their account activity on legitimate crypto platforms; and (vi) consumers approached by scammers via text message and social media. DFPI shared tips on how consumers can protect themselves against scams as well, noting that “[i]f it seems too good to be true, it probably is.”
On November 16, under California Corporations Code § 25532, the California Division of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a securities investment platform for allegedly making false representations and material omissions to investors.
The DFPI alleges the investment platform sold securities in California on its website and the platform referred to them as “certificates.” The platform claimed that the certificates paid investors returns ranging from 2.5 percent to five percent in addition to guaranteed monthly returns. To solicit investors, the platform allegedly engaged in a multi-level marketing (MLM) structure that would have investors influence others to send money. DFPI alleged that the certificates were not qualified under the California Corporate Securities Law. DFPI also alleged that the platform omitted material information to investors, which included (i) falsely representing that the platform was partnered with a particular forex broker; (ii) representing that it was a licensed bank (while omitting that the “license” was granted by a “fictitious regulator”); (iii) using the terms “bank” and “banking” while omitting that it was not authorized to engage in the business of banking in California; (iv) misrepresenting profits and risk of loss; and (v) failing to disclose that its securities were not qualified in California.
On November 15, NYDFS announced new regulatory guidance which adopts new requirements for coin-listing and delisting policies of DFS-regulated virtual currency entities, updating its 2020 framework for each policy. After considering public comments, the new guidance aims to enhance standards for self-certification of coins and includes requirements for risk assessment, advance notification, and governance. It emphasizes stricter criteria for approving coins and mandates adherence to safety, soundness, and consumer protection principles. Virtual currency entities must comply with these guidelines, requiring DFS approval for coin-listing policies before self-certifying coins, and submitting detailed records for ongoing compliance review. The guidance also outlines procedures for delisting coins and necessitates virtual currency entities to have an approved coin-delisting policy.
As an example under coin listing policy framework, the letter states that a virtual currency entity risk assessment must be tailored to a virtual currency entity's business activity and can include factors such as (i) technical design and technology risk; (ii) market and liquidity risk; (iii) operational risk; (iv) cybersecurity risk; (v) illicit finance risk; (vi) legal risk; (vii) reputational risk; (viii) regulatory risk; (ix) conflicts of interest; and (x) consumer protection. Regarding consumer protection, NYDFS says that virtual currency entities must “ensure that all customers are treated fairly and are afforded the full protection of all applicable laws and regulations, including protection from unfair, deceptive, or abusive practices.”
Similar to the listing policy framework, the letter provides a fulsome delisting policy framework. The letter also stated that all virtual currency entities must meet with the DFS by December 8 to preview their draft coin-delisting policies and that final policies must be submitted to DFS for approval by January 31, 2024.
On October 31, New York AG Letitia James released a report detailing racial disparities in homeownership and access to home financing in New York. The report states that Black and Latino New Yorkers are “underrepresented” among mortgage applicants, and white households are overall more likely to own homes than Black, Latino, or Asian households. The report also found that regardless of credit score, income, size of the loan and other factors, all applicants of color are denied mortgages at a higher rate than white applicants. In addition, the report found that disparities between white borrowers and borrowers of color persist in the context of refinance transactions and are also present in loans made by “[n]ew private-sector, non-depository lenders.”
The report identified policy solutions that could reduce these disparities, including (i) subsidizing down payments and interest rates for first-generation homebuyers; (ii) increasing state funding for nonprofit financial institutions that support underserved communities of color; (iii) passing the New York Public Banking Act, which would create a regulatory framework for the establishment of public banks, thereby expanding access to affordable financial services in underserved areas; (iv) bolstering resources for government agencies to conduct fair lending investigations and enhancing New York’s Human Rights Law to explicitly prohibit discriminatory lending practices; and (v) exploring options for offering state-provided banking services in accessible locations to increase access to traditional banking services.
On October 30, the Minnesota Attorney General’s office filed a complaint against a Montana tribal economic development entity claiming that the entity’s lending subsidiaries violated state and federal usury laws through deceptive trade practices and false advertising. The complaint alleges that “[d]efendants ignore these laws and have in recent years made thousands of loans to consumers in Minnesota at interest rates exponentially higher than what is permitted. They do so while deceiving Minnesotans to believe the defendant lenders are immune from Minnesota law because they are owned by a federally recognized Indian tribe. But even sovereign entities and their subsidiaries must comply with Minnesota and federal law when they transact business in Minnesota.” The complaint claims that the company’s lending subsidiaries charged interest rates up to 800 percent and led state residents to believe that the entity was exempt from state laws that protect against predatory loans. Minnesota laws cap interest rates for written contracts at 8% unless otherwise exempted. Loan contracts that violate the law may be voidable and have no legal effect. The Attorney General is seeking an injunction to block the company from operating in Minnesota, a declaration that “marketing, offering, issuing, servicing, collection, and providing of [these] loans” is in violation of federal and state laws, and compensation for the residents affected by the defendants’ actions.
On October 23, DFPI announced enforcement actions against four debt collectors for engaging in unlicensed debt collection activity, in violation of Debt Collection Licensing Act and unfair, deceptive, or abusive acts or practices, in violation of the California Consumer Financial Protection Law. In its order against two entities, the department alleged that the entities contacted at least one California consumer and made deceptive statements in an attempt to collect a payday loan-related debt, among other things. In its third order against another two entities, DFPI alleged that a consumer was not provided the proper disclosures in a proposed settlement agreement to pay off their debts in a one-time payments. Additionally, DFPI alleged that the entity representatives made a false representation by communicating empty threats of an impending lawsuit.
Under their orders (see here, here, and here), the entities must desist and refrain from engaging in illegal and deceptive practices, including (i) failing to identify as debt collectors; (ii) making false and misleading statements about payment requirements; (iii) threatening unlawful action, such as a lawsuit, because of nonpayment of a debt; (iv) contacting the consumer at a forbidden time of day; (iv) making false claims of pending lawsuits or legal process and the character, amount, or legal status of the debt; (v) failing to provide a “validation notice” ; and (vi) threatening to sue on time-barred debt.
The entities are ordered to pay a combined $87,500 in penalties for each of the illegal and deceptive practices.