Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 18, the Department of Energy released new best practices guidelines for residential Property-Assessed Clean Energy (PACE) mortgages, which provide homeowners a way to finance energy-efficient home improvements through property tax assessments. The new guidelines are intended to help state and local governments as they expand their PACE programs, and address the various problems that have emerged in the market since the PACE framework was first established in 2009. Among other things, the guidelines suggest that PACE programs confirm property owners’ ability to repay their assessments, and that state and local governments work with program administrators to establish underwriting guidelines and criteria for PACE programs.
In a press release issued November 9, Governor Andrew M. Cuomo announced that a leading mortgage services provider and its affiliate, agreed to pay a $28 million fine and engage a third-party auditor as part of a settlement agreement and consent order with the NY Department of Financial Services. The matter arose after a series of audits conducted by the NYDFS had revealed inconsistencies in how mortgage foreclosures were documented and processed. As part of the settlement agreement, the company has agreed to allow an independent third-party auditor to help identify borrowers entitled to refunds.
New NYDFS Regulation Requires All Institutions of Higher Education to Immediately Provide Uniform Financial Aid Award Information Sheet
On November 3, Governor Andrew M. Cuomo announced that the state Department of Financial Services has adopted a new regulation requiring all institutions of higher education and vocational schools in New York to immediately begin providing a uniform Financial Aid Award Information Sheet to undergraduate students when responding to financial aid applications. The U.S. Department of Education utilizes a similar form, however it is less extensive and is not mandatory – except for schools that accept assistance to make loans to military students. Additional information concerning the regulations and model forms can be found here.
State AGs Urge the CFPB to Ensure that States Maintain the Right to Set Usury Caps on High Cost Loans
In October, New York AG Eric T. Schneiderman, along with seven other state AGs (Connecticut, Maryland, Massachusetts, New Hampshire, Pennsylvania, Vermont and the District of Columbia), submitted a letter to the CFPB in response to the agency’s proposed rule addressing payday loans, vehicle title loans, and certain high-cost installment loans. While commending the CFPB for introducing additional consumer protections, the letter urges the CFPB to integrate the following language from the preamble of the proposed rule into the body of the final rule: “The protections imposed by this proposal would operate as a floor across the country, while leaving State and local jurisdictions to adopt additional regulatory requirements (whether a usury limit or another form of protection) above that floor as they judge appropriate to protect consumers in their respective jurisdictions.” The letter explains that because the CFPB does not have the authority to set interest rates – or usury caps – for loans, it is “crucial” that states maintain their right to do so.
On October 11, the New York Department of Financial Services (NYDFS) issued new guidance regarding incentive compensation arrangements, advising “all regulated banking institutions that no incentive compensation may be tied to employee performance indicators, such as the number of accounts opened, or the number of products sold per customer, without effective risk management, oversight and control.” At a minimum, the guidance requires that a bank’s incentive compensation arrangement address the following principles: (i) balance between risks and rewards; (ii) effective controls and risk management; and (iii) effective corporate governance. NYDFS stated that a bank’s lack of compliance with the guidance will be reflected in its regulatory examination rating and may result in additional regulatory action.
The NYDFS’s recently released guidance comes in the wake of a September action taken jointly by the OCC and the CFPB over a bank’s alleged sales practices under which, in an effort to meet sales goals and earn financial rewards under the bank’s incentive compensation program, employees purportedly opened deposit and credit card accounts for consumers without obtaining those consumers’ consent.
The California legislature amended the California Finance Lenders Law (CFLL) allowing persons to make one commercial loan in a 12-month period without obtaining a license. This change effectively reenacts a de minimis exemption that was repealed in 2014, and is effective January 1, 2017 through January 1, 2022.
Effective September 28, 2016, the implementing regulations to the CFLL and California Residential Mortgage Lending Act (CRMLA) were amended such that subsidiaries and affiliates of exempt institutions are no longer exempt, by nature of this association, from the licensing requirements with respect to consumer and residential mortgage loans. The Department of Business Oversight filed the action to reverse through regulation previous Commissioner opinions that interpreted licensing exemptions under the CFLL and CRMLA to apply broadly to include subsidiaries of exempt financial institutions.
The definition of a lender under the CRMLA was also amended and now includes a person, other than a natural person, and a natural person who is also an independent contractor, who engages in the activities of a loan processor or underwriter for residential mortgage loans, but does not solicit loan applicants, originate mortgage loans, or fund mortgage loans. Further, the Commissioner may require a licensee who is engaged in the processing or underwriting of residential mortgage loans to continuously maintain a minimum tangible net worth in an amount that is greater than $250,000, but that does not exceed the net worth required of an approved lender under the Federal Housing Administration.
On October 3, Connecticut AG Jepsen, alongside Banking Commissioner Jorge Perez, resolved a four-year investigation into a Connecticut-based investment bank’s residential mortgage-back securities (RMBS) practices. According to the consent order, from January 2005 to December 2008, the investment bank was the lead securities underwriter of about 250 RMBS deals with a value of more than $250 billion. The state alleged, among other things, that the bank’s due diligence process on the 250 RMBS deals was “inadequate and resulted in omissions and misstatements in the representations made to the public and investors about the securities.” The $120 million settlement is Connecticut’s largest single settlement in history.
On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises."
Given the concentrated position of financial service companies in New York and the regulation’s definition of a Covered Entity – which includes “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law” – it could create an almost de facto national standard for medium to large financial services companies, regardless of where they keep their servers or suffer a cyberattack. This type of state-level regulation is not unprecedented. In 2003, California passed a data breach notification law that requires companies doing business in California to notify California residents of the breach and more recently amended the law to require 12 months of identity protection and strengthen data security requirements. In 2009, Massachusetts enacted a regulation mandating businesses implement security controls to protect personal information relating to state residents.
The DFS designed the regulation to protect both consumers and the financial industry by establishing minimum cybersecurity standards and processes, while allowing for innovative and flexible compliance strategies by each regulated entity. Yet the proposed regulation goes further than to just ask financial entities to conduct a risk assessment and to design measures to address the identified risks.
* * *
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
California AG Harris Announces Settlement with San Francisco-Based Bank Over Consumer Privacy Violations
On March 28, California AG Harris announced an $8.5 million settlement with a San Francisco-based bank for alleged violations of California consumer privacy laws. Specifically, AG Harris’s and five district attorneys’ investigation into the bank found that its employees failed to “timely and adequately disclose the recording of communications they had with members of the public” in violation of sections 632 and 632.7 of the California Penal Code. Without admitting liability, the bank agreed to (i) implement changes to its policies; (ii) comply fully with California’s laws concerning the recording of communications between the bank and California consumers, making a clear, conspicuous, and accurate disclosure (the Recorded Call Disclosure) at the beginning of any communication that is subject to recording; and (iii) implement an internal compliance program to “promote full compliance with the requirements of Penal Code sections 632.7 and 632, and the Recorded call disclosure.” Of the $8.5 million civil money penalty, $384,000 will be used to reimburse the prosecutors’ investigative costs, and $500,000 will be contributed to two California organization dedicated to advancing consumer protection and privacy rights.
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer and Dan Ladd to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Tim Lange to discuss "Update from 2019 NMLS Conference" at the California Mortgage Bankers Association Mortgage Quality & Compliance Committee webinar
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jon David D. Langlois to discuss "Transaction management-issues surrounding purchase & sale agreements, post acquisition integration & trailing docs" at the Investment Management Network Residential Mortgage Servicing Rights Forum
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program