Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
State AGs, Industry Groups Submit Comments Addressing CFPB’s Proposed Delay of Prepaid Accounts Rule
As previously covered in InfoBytes, the Bureau released its final rule (the “Prepaid Accounts Rule”) on prepaid financial products in October of last year in order to provide consumers with additional federal protections under the Electronic Fund Transfer Act and also to offer consumers standard, easy-to-understand information about prepaid accounts. Recently, however, the CFPB announced its intention to delay the effective date of its Prepaid Accounts Rule by six months. If approved, the proposed extension would push back the current October 1, 2017, effective date to April 1, 2018. According to the proposed rule and request for public comment published by the Bureau in the March 15 Federal Register, the extension comes in response to comments received from “some industry participants” who “believe they will have difficulty complying with certain provisions.” The CFPB has taken the position that extending the deadline for compliance “would, among other things, help industry participants address certain packaging-related logistical issues for prepaid accounts that are sold at retail locations.” Comments on the proposal were due April 5.
State AG’s Letter. On April 5, attorneys general from 17 states and the District of Columbia submitted a letter to congressional leaders presenting various arguments against pending House and Senate resolutions (S.J. Res. 19, H.J. Res. 62, and H.J. Res. 73) providing for congressional disapproval and effectively nullifying the CFPB’s Prepaid Accounts Rule. The state attorneys general—including AGs for the District of Columbia, California, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Minnesota, Mississippi, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, and Washington, along with the Executive Director of the Hawaii Office of Consumer Protection—argued, among other things, that consumer protections provided by the Rule are important because, among other things, “consumers frequently report concerns about hidden and abusive fees as well as fraudulent transactions that unfairly deplete the funds loaded onto prepaid cards.” The AGs’ letter notes further that prepaid cards are often used by “vulnerable consumers” who have limited or no access to a traditional bank account. Notably, although they characterize these congressional resolutions as a “misplaced effort,” the state AGs acknowledge that the Congressional Review Act “gives Congress, with the President’s signature, a window to veto a rule from going into effect.”
American Bankers Association (ABA) Letter. In another comment letter, submitted on April 3, the ABA commended the CFPB for “proposing to extend the deadline” because, among other things, “some industry participants, especially those offering prepaid cards in retail stores, may have difficulty complying with certain provisions.” The ABA also noted that the extension of time presents an opportunity for the Bureau to “consider making adjustments as appropriate to ensure unnecessary disruption to consumers’ access to, and use of, prepaid accounts.” As explained in the letter, the ABA’s primary concern about the Prepaid Accounts Rule “remains the inconsistency and lack of clarity of the regulation’s distinction between checking accounts and prepaid accounts.” To this end, the ABA recommends that the Bureau use the extra time to “remove inconsistencies in the Rule and clarify the distinction between a prepaid account and a checking account to ensure that banks do not inadvertently violate the regulation and risk significant potential liability and supervisory actions.” The ABA’s letter also calls for “similar changes” to the “definition of ‘payroll account’” in order to further distinguish product types.
Independent Community Bankers of America (ICBA) Letter. Also on April 3, the ICBA also submitted a short comment letter stating, among other things, that it “fully supports extending the effective date” as the additional time will “ensure that systems and technology changes could be made to facilitate compliance.”
In March, Utah passed SB 175 amending its Unclaimed Property Act. Among the changes incorporated through the new law was the expansion of the law’s coverage to include “virtual currency”—a term the law defines as “a digital representation of value used as a medium of exchange, unit of account, or store of value, which does not have legal tender status recognized by the United States.” Notably, this definition explicitly excludes “(i) the software or protocols governing the transfer of the digital representation of value; (ii) game-related digital content; (iii) a loyalty card; (iv) membership rewards” and “(v) a gift card.” Virtual currency subject to Utah law must be turned over to the state’s treasury after it has been “presumed abandoned” for a prescribed period of time. The law contains a detailed test for when property has been presumed abandoned, when the clock starts ticking, and under what circumstances that clock may be paused and/or reset. In a March 15 press release, Utah Treasurer David Damschen, “applauded the final passage of SB 175,” but also explained that “there are certain changes in the law related to properties held by the banking and insurance industries that we may still have to make,” including, for example “certain prepaid debit card account balances.”
On March 27, the North Carolina Department of Justice announced it had settled a lawsuit against a student loan debt relief company for allegedly charging upfront fees while failing to perform promised debt relief services. NC Attorney General Josh Stein stated that the terms of the consent order will provide restitution of more than $375,000 to 377 affected borrowers and will further prohibit the company from engaging in similar conduct in the future. The consent order is not presently available to the public.
New York AG Announces Settlements with Three Mobile Health Application Developers over Misleading Marketing Practices and Privacy Policies
On March 23, the New York Attorney General’s (NYAG) office announced settlements with U.S.-, Austria-, and Israel-based mobile application (app) developers who allegedly participated in misleading marketing practices and the mismanagement of consumer information—both of which are violations of New York Executive, Education, and General Business Laws. Two of the three developers claimed their health-related apps accurately measured heart rates, and a third allegedly claimed its app would measure a fetal heartbeat. However, all three failed to test the apps for accuracy, conduct comparisons to other approved products, or obtain approval by the U.S. Food and Drug Administration. The developers have agreed to provide additional testing information, will correct misleading advertisements, obtain affirmative consent from consumers for developers’ privacy policies, and will pay $30,000 in combined penalties to the NYAG’s office. Furthermore, all three developers have also made changes to their privacy policies and disclose the collecting and sharing of information that “may be personally identifying” including “users’ GPS location, unique device identifier, and ‘deidentified’ data that third parties may be able to use to reidentify specific users.”
On April 3, the U.S. Supreme Court granted certiorari in a case challenging a Texas law that bars retailers from imposing credit card surcharges, and remanded the case to the Fifth Circuit in light of its ruling last week in Expressions Hair Design, that a similar statute in New York regulated merchants’ First Amendment rights. In Rowell, a landscaping business, a computer networking company, a self-storage facility, and an event design and production company sought to challenge a Texas law allowing merchants to charge different prices to customers who pay with cash and customers who pay with a credit card, but barring merchants from describing the price difference as a surcharge for credit cards, leaving them to describe it instead as a discount for using cash. The Fifth Circuit held that the Texas law did not violate the retailers’ free speech rights, aligning it with the Second Circuit in its September 2015 ruling in the Expressions Hair Design litigation against New York State.
As previously reported on InfoBytes, the Supreme Court last week in the Expressions case unanimously rejected the Second Circuit’s conclusion that the New York credit card law regulates conduct alone, rather than speech. As explained in the Supreme Court’s opinion, the law at issue “is not like a typical price regulation,” which regulates a seller’s conduct by dictating how much to charge for an item. Rather, the Court explained, the law regulates “how sellers may communicate their prices.” (emphasis added). The Supreme Court, however, did not address the question of whether the law unconstitutionally restricts speech.
On March 29, Arizona Governor Doug Ducey signed H.B. 2417, which recognizes blockchain signatures and smart contracts under state law. H.B. 2417 amends Title 44, Chapter 26, of the Arizona Revised Statutes, and defines “blockchain technology” as “distributed ledger technology . . . protected with cryptography . . . [that] provides an uncensored truth.” The amendment, cleared by the Senate in a 28-1 vote on March 23, addresses signatures and records and states “a signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” Furthermore, the amendment also discusses the legality and enforceability of a smart contract, defined by the bill as an “event-driven program, with state, that runs on a distributed, decentralized, shared and replicated ledger . . . that can take custody over and instruct transfer of assets on that ledger.” Smart contracts, therefore, “may exist in commerce . . . and may not be denied legal effect, validity or enforceability,” thus presenting a new option of delivering information via blockchain.
On March 29, the U.S. Supreme Court vacated and remanded a lawsuit challenging a New York law—N.Y. Gen. Bus. Law § 518—which provides that no seller “may impose a surcharge on a holder who elects to use a credit card” instead of a cash payments. (See Expressions Hair Design, et al. v Schneiderman.) Plaintiffs, a group of New York merchants, argued that the law violates the First Amendment by regulating how they communicate their prices. Plaintiffs further alleged that the law is unconstitutionally vague. In its defense, the State of New York asserted that the law merely prevents unfair profiteering, consumer anger, and deceptive sales tactics. After the district court ruled in favor of the Plaintiffs, the Court of Appeals for the Second Circuit vacated the judgment with instructions to dismiss. The Second Circuit appellate panel reasoned that the law is a “price regulation” that regulates conduct rather than speech and, as such, is immune from scrutiny under the First Amendment.
Writing for the Supreme Court—which was unanimous in the judgment—Chief Justice John G. Roberts disagreed with the Second Circuit panel’s conclusion that the law regulates conduct alone. Specifically, Justice Roberts notes in his opinion that Section 518 “is not like a typical price regulation,” which regulates a seller’s conduct by dictating how much to charge for an item. Rather, the Chief Justice explained, the law regulates “how sellers may communicate their prices.” Notably, the majority opinion declined to delve into the First Amendment issues raised by the parties, including whether the law is a valid commercial speech regulation, citing its status as “a court of review, not of first view.”
Justice Stephen G. Breyer filed a concurring opinion in which he noted that because the law’s interpretation is unclear, on remand, the Second Circuit should ask New York's highest court to clarify it, as this “is a matter of state law.” Justice Sonia M. Sotomayor, joined by Justice Samuel A. Alito, Jr., also filed a concurring opinion in which she called the majority's ruling a “quarter-loaf outcome,” because the holding failed to address whether the law unconstitutionally restricts speech. The Second Circuit erred by not certifying the question of the statute's interpretation to the N.Y. Court of Appeals “and this Court errs by not correcting it,” Sotomayor reasoned. The Justice indicated that she would have “vacate[d] the judgment below and remand with instructions to” certify the question for a definitive interpretation.
Federal District Court Allows Discovery in Class Action Concerning Internet Company’s Collection of Biometric Data
In a Memorandum Opinion and Order handed down on February 27, a District Court in the Northern District of Illinois declined to dismiss a putative class action alleging that a cloud-based photographic storage service offered by an Internet company (the Company) violated the Illinois Biometric Information Privacy Act (BIPA) by automatically uploading plaintiffs’ mobile photos and allegedly scanning them to create unique face templates (or “faceprints”) for subsequent photo-tagging without consent. Specifically, the Court rejected the Company’s argument that application of BIPA to facial geometry scanning by by an internet service located outside of Illinois is an improper extraterritorial application of Illinois law.
The Plaintiffs alleged that the Company failed to both (i) obtain the necessary authorization or consent to the creation and subsequent storing of “faceprints” by the photo storage service, or (ii) make publicly available a data retention and destruction schedule as required under the BIPA. In responding to these claims, the Company argued that the term “biometric identifier,” as defined in the BIPA, does not extend to “in-person scans of facial geometry” and does not cover photographs or information derived from photographs. The Company also sought to dismiss the case on jurisdictional grounds, arguing that under principles of federalism, pre-emption, and the extra-jurisdictional application of state law, the BIPA cannot properly regulate activity – such as the storage of data on the Company’s servers – that does not occur “primarily and substantially” within the state of Illinois.
In analyzing the Company’s argument, the Court looked to the following two definitions set forth in the Illinois law:
- “Biometric identifier,” which is defined as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” and explicitly “do[es] not include writing samples, written signatures, photographs. . . .”; and
- “Biometric information,” which is defined as “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual,” and explicitly “does not include information derived from items or procedures excluded under the definition of biometric identifiers.”
Ultimately, the Court disagreed with the Company’s reading of “biometric data” because, among other reasons, “nothing in the text of [the BIPA] directly supports this interpretation.” The Court deferred deciding on the Company’s arguments that the claims would require extraterritorial application of the statute and/or would violate the Dormant Commerce Clause by reaching beyond state boundaries, because, among other reasons, “[d]iscovery is needed to determine whether there are legitimate extraterritoriality concerns.”
On March 9, the Company filed a motion seeking permission to file an interlocutory appeal to the Seventh Circuit, with a request for a stay of further proceedings pending the appellate court’s decision on the request for an appeal.
Amendment to Utah Law Clarifies “Deferred-Deposit” Lender Registration Process; Adds Criminal Background Check
On March 17, Utah Governor Gary Herbert signed an amendment to HB. 40, Utah’s Check Cashing and Deferred Deposit Lending Registration Act, which modifies registration requirements relating to the disclosure of criminal conviction information for individuals engaged in the business of cashing checks or deferred deposit lending. The amendment requires that the registration or renewal statement shall disclose whether there has been a criminal conviction involving an “an act of fraud, dishonesty, breach of trust, or money laundering” regarding any officer, director, manager, operator, principal, or employee. This information must be obtained through either a Utah Bureau of Criminal Identification report or by conducting an acceptable background check similar to the aforementioned report.
The amendment also addresses operational requirements for deferred deposit loans. Interest and fee schedules are required to be conspicuously posted, as should contact information for filing complaints and listings of states where the deferred deposit lender is authorized to offer loans. The amendment also provides clarification on rescinding loans, partial payment allowances, and restrictions on loan extensions.
Governor’s Proposed NY State Executive Budget Includes More Online Lending Supervision; State Assembly Budget “Rejects” Proposed Change
Article 7 of the New York State Constitution requires the Governor to submit an executive budget each year, which contains, among other things, recommendations as to proposed legislation. On February 16, New York Governor Andrew Cuomo released a proposed 2017-18 Executive Budget that includes a proposed amendment to the New York Banking Law that would provide the New York Department of Financial Services (“NYDFS” or “DFS”) expanded licensing authority over online and marketplace lenders. (See Part EE (at pages 243-44) of the Transportation, Economic Development and Environmental Conservation Bill portion of the Executive Budget).
According to a Memorandum in Support of the Governor’s Budget, the proposed amendment would (i) address “[g]aps in the State’s current regulatory authority [that] create opportunities for predatory online lending,” and (ii) “ensure that all types of online lenders are appropriately regulated,” by (a) “increase[ing] DFS’ enforcement capabilities,” and (b) “expand[ing] the definition of ‘making loans’ in New York to not only apply to online lenders who solicit loans, but also online lenders who arrange or otherwise facilitate funding of loans, and making, acquisition or facilitation of the loan to individuals in New York.” If enacted, the NYDFS’s new authority would, under the Governor’s current proposal, become effective January 1, 2018.
This proposal in the Governor’s Executive Budget has, however, been challenged by the New York State Legislature. On March 13, after several hearings on the Governor’s proposed budget, the New York State Assembly released its own 2017-18 Assembly Budget Proposal (“Assembly Budget”), which, among other things, expressly rejected the aforementioned proposed amendment to the banking law found in “Part EE.” The Senate is now expected to release its own budget proposal shortly. And, once it is released, the two house of the State Legislature will reconcile the two bills in committees and pass legislation that stakes out the House’s position on the Governor’s proposals. From there, negotiations will begin in earnest between the Legislature and the Executive, with the goal of reaching a budget agreement on or before March 31, 2017.
 See also N.Y. Banking Law § 340; N.Y. Gen. Oblig. Law § 5-501(1); N.Y. Banking Law § 14-a(1); N.Y. Gen. Oblig. Law § 5-521(3); N.Y. Ltd. Liab. Co. Law § 1104(a).
- Daniel P. Stipano to discuss "Regulatory changes: Proposed AML regulatory changes, marijuana banking and hemp/CBD" at the ACAMS Carolinas Chapter AML and OFAC Symposium-Technology and Hot Topics
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference