Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 2, Oregon Governor Kate Brown signed into law House Bill 2356 (HB 2356), which establishes provisions relating to debt collection practices in the state. Among other things, the law (i) details the practices a debt buyer, or debt collector acting on behalf of a debt buyer, is required to follow to legally collect debt; (ii) specifies the type of notice and documents that a debt buyer must provide to a debtor; (iii) requires persons engaged in debt buying to obtain or renew their licenses through the Department of Consumer and Business Services; and (iv) specifies duties of licensees, outlines prohibited conduct, and identifies unlawful collection practices. The law takes effect January 1, 2018.
On July 31, the New York Department of Financial Services (NYDFS) announced the launch of an online cybersecurity portal for businesses to securely report cybersecurity events as required by the state’s cybersecurity regulation that took effect March 1. (See previous InfoBytes summary here.) The regulation, Cybersecurity Requirements for Financial Services Companies, requires all banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain cybersecurity programs to safeguard consumers’ private data. The cyber portal is designed to facilitate easy reporting of cybersecurity events and will allow regulated entities to file compliance certifications. Starting August 28, 2017, all entities required to comply with NYDFS cybersecurity regulations “must file certain notifications to the [Financial Services] Superintendent including notices of certain cybersecurity events within 72 hours from a determination that a reportable event has occurred.” A cybersecurity event is reportable if it: (i) “impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body”; or (ii) “has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity.” Additionally, covered entities are required to file a certificate of compliance confirming compliance for the previous calendar year no later than February 15, 2018.
On June 27, Massachusetts Attorney General Maura Healey announced a $1 million settlement with the largest debt collection law firm in the state to resolve allegations that the firm engaged in unfair and unlawful debt collection practices. According to a lawsuit filed by the Attorney General’s office in 2015, the firm began filing tens of thousands of debt collection lawsuits each year beginning in 2011, at times targeting the wrong consumers or filing claims based on unsubstantiated debts. The firm also allegedly demanded payment from consumers who relied on social security or other exempt income, despite being provided evidence that the income was exempt from court-ordered collection. Under the terms of the settlement, the company is required to reform its debt collection practices by adhering to guidelines including the following:
- The firm is required to obtain and review “original account-level documentation” prior to initiating a collection to determine whether a consumer is obligated to pay the debt such as, among others, (i) an authenticated bill of sale reflecting the transferred ownership of debt; (ii) original documents reflecting the charge-off balance; (iii) contractual terms and conditions; and (iv) original consumer signed documents showing proof the account was opened;
- The firm is prohibited from engaging in threatening actions to collect on a debt initiated on behalf of a collector or debt buyer, and is further restrained from commencing a collection suit without possessing a final judgment or execution against the consumer, or acceptable account-level documentation;
- The firm cannot initiate a collection suit against a consumer until an attorney listed on the company in the collection suit has reviewed the pertinent information and made the determination that the debt owed is not subject to bankruptcy proceedings and certifies in writing that the collection suit is in compliance.
The settlement terms also stipulate that the firm must comply with collection terms and restrictions concerning exempt and protected income, must adhere to time-barred debt collection restrictions, is enjoined from using false and misleading affidavits to collect debts, and must submit enhanced compliance reporting to AG Healey for review. Additionally, the firm previously paid $1 million to the state to be used in one or more of the following ways: (i) as payments to consumers; (ii) to assist with final judgment facilitation; (iii) to be added to the state’s general fund and/or the Local Consumer Aid Fund; and (iv) to fund programs that “address the negative effect of unfair and deceptive practices related to debt collection.”
On July 20, North Carolina Governor Roy Cooper signed into law Senate Bill 415 (S.L. 149), which amends the state’s collection agency law to exclude persons engaged in routine billing services from the definition of a “collection agency.” Specifically, a “collection agency” does not include “corporations or associations engaged in accounting, bookkeeping, or data processing services where a primary component of such services is the rendering of statements of accounts and bookkeeping services for creditors.” The law went into effect July 20, 2017.
On July 11, Connecticut Governor Dannel Malloy signed into law Public Act No. 17-233 (H.B. 7141), which makes various revisions to the state’s banking laws. Among other things, the law (i) applies certain mortgage servicers’ and student loan servicers’ prohibited acts to other licensees; (ii) requires non-depository licensees to maintain and enforce compliance policies and procedures; (iii) allows the banking commissioner to require the use of electronic bonds for licensed or registered individuals to participate in the Nationwide Mortgage Licensing System; (iv) reduces pre-licensing education requirements for mortgage loan originators, loan processors, and underwriters; and (v) sets limits for money transmitters regarding virtual currency transactions and timeframes for transmitting money. The law takes effect October 1, 2017, with provisions relating to compliance policies and procedures taking effect July 1, 2018, and pre-licensing education requirements taking effect January 1, 2019.
On July 5, Hawaii Governor David Y. Igge signed into law H.B. 651, which was devised to protect children and certain other individuals from identity theft and credit fraud. The law applies to “protected consumers,” defined as minors under the age of 16 years, incapacitated persons, and individuals with appointed guardians or conservators.
Based on research suggesting that minors may be targeted for identity theft due to their clean credit reports, the legislation permits representatives of protected consumers to place and remove security freezes on protected consumers’ credit files. Because one impediment to requesting such a freeze is the lack of an existing credit file, the legislation also requires consumer credit reporting agencies (CRAs) to create records for the protected consumers. A CRA may not release the protected person’s file when it is in a security freeze until the representative requests a removal of the freeze. In order to request a security freeze or a freeze removal, a protected person’s representative must provide proper identification and evidence of authority to the CRA. Additionally, with a few exceptions, the CRA may charge a fee not to exceed five dollars for each freeze or removal of a freeze to a protected person’s credit file.
The law will go into effect on January 1, 2018.
On June 21, LD 1251, “An Act Regarding Certain Abandoned Vehicles and Notice to the Secretary of State Regarding Those Vehicles” became law in Maine. The law applies to a vehicle left at a business after authorized repairs were made at the request of the vehicle owner, and to a vehicle left in storage when the vehicle owner has not paid the storage fee. The law requires the owner of a repair or storage facility or the owner’s agent to notify the Secretary of State within 14 days after the earliest date that the vehicle owner becomes responsible for unpaid repair or storage and towing fees. After notice is provided by the facility (or facility’s agent), the Secretary of State must notify the vehicle’s owner and lienholder that the vehicle is being claimed unless the charges against the vehicle are paid. If the Secretary of State is not notified within 14 days using the prescribed form, the owner of the auto repair business or storage facility cannot charge the vehicle owner more than 14 days of storage fees. The law will take effect 90 days following the adjournment of the legislative session.
On June 12, the General Assembly of North Carolina ratified Senate Bill 577, which amends the North Carolina Retail Installment Sales Act. Specifically, Senate Bill 577 modifies the late charge on an installment sale contract to be a flat fee of fifteen dollars, which is an increase from the prior limit of the lesser of five percent of the installment payment amount or six dollars. The amendment became effective on June 26 and applies to defaults from that day forward.
On June 15, Texas Governor Greg Abbott signed SB 2065. The law modifies a number of motor vehicle-related regulations and licensing requirements. Specifically, the law:
- eliminates the Vehicle Protection Product Act;
- abolishes the Vehicle Protection Product Warrantor Advisory Board;
- requires the warrantor of a vehicle protection product to pay expenses to the person who purchases the product or system if loss or damage occurs due to failure of the product or system;
- prohibits a retail seller from requiring a vehicle buyer—“as a condition of a retail installment transaction or the cash sale of a commercial vehicle”—to buy a vehicle protection product that is not installed on the vehicle at the time of the transaction, classifying this violation as a “false, misleading, or deceptive act or practice” actionable under the Deceptive Trade Practices-Consumer Protection Act; and
- eliminates the licensing requirements for boot operators and boot companies, but requires a booting company to remove a boot within an hour of being contacted by the owner or forfeit all removal fees.
The law takes effect September 1.
On June 23, Florida Governor Rick Scott signed H.B. 1379, which will incorporate virtual currency into the Florida Money Laundering Act. Specifically, the Bill adds virtual currency to the list of currency and negotiable instruments classified as “monetary instruments” under the Act. In addition, virtual currency will be included in the definitions section as a “medium of exchange in electronic or digital format that is not a coin or currency of the United States or any other country.” The law goes into effect on July 1.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference