InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI amends requirements for Increased Access to Responsible Small Dollar Loans Program
On May 10, the California Department of Financial Protection and Innovation (DFPI) issued a notice of approval of amendments to regulations under the California Financing Law (CFL) related to the agency’s pilot program for increased access to responsible small-dollar loans (RSDL program). The RSDL program, which became operative in 2014, allows finance lenders licensed under the CFL and approved by the DFPI commissioner to charge specified alternative interest rates and charges, including an administrative fee and delinquency fees, on loans subject to certain requirements.
The approved amendments, among other things, increase the upper dollar loan limit from $2,500 to $7,500, require applicants to submit mandatory policies and procedures for addressing customer complaints and responding to questions from loan applicants and borrowers, require lenders report additional information about the finders they use, and allow lenders to use qualified finders to disburse loan proceeds, collect loan payments, and issue notices and disclosures to borrowers. (See also DFPI’s final statement of reasons, which outlines specific revisions and discusses the agency’s responses to public comments.) The amendments are effective July 1.
Connecticut becomes fifth state to enact comprehensive privacy legislation
On May 10, the Connecticut governor signed SB 6, establishing a framework for controlling and processing consumers’ personal data in the state. Connecticut is now the fifth state in the nation to enact comprehensive consumer privacy measures, following California, Colorado, Virginia, and Utah (covered by Buckley Special Alerts here and here and InfoBytes here and here). As previously covered by InfoBytes, Connecticut consumers will have the right to, among other things, (i) confirm whether their personal data is being processed and access their data; (ii) correct inaccuracies; (iii) delete their data; (iv) obtain a copy of personal data processed by a controller; and (v) opt out of the processing of their data for targeted advertising, the sale of their data, or profiling to assist solely automated decisions. The Act also outlines data controller responsibilities, including a requirement that controllers must respond to consumers’ requests free of charge within 45 days unless extenuating circumstances arise. The Act also limits the collection of personal data “to what is adequate, relevant and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer,” and requires controllers to implement data security protection practices “appropriate to the volume and nature of the personal data at issue” and conduct data protection assessments for processing activities that present a heightened risk of harm to consumers. While the Act explicitly prohibits its use as a basis for a private right of action, it does grant the state attorney general exclusive authority to enforce the law. Additionally, upon discovering a potential violation of the Act, the attorney general must give the controller or processor written notice and 60 days to cure the alleged violation before the attorney general can file suit. The Act takes effect July 1, 2023.
Georgia updates license exemption provisions
On May 2, the Georgia governor signed HB 891, which updates provisions related to licensing exemptions. The bill establishes that, starting on July 1, in addition to all other fees, license fees, fines, or other charges now or hereafter levied or assessed on the licensee, there is a fee of 0.125 percent of the gross loan amount. Further, such per loan fee becomes due on the making of any such loan, including, but not limited to, the closing of a loan, the renewal or refinancing of a loan, or a modification of a loan which results in the execution of a new or amended loan agreement. Additionally, the bill clarifies that the Department of Banking and Finance can issue cease and desist orders to persons that are not licensed. The bill also establishes that an individual cannot engage in the business of making installment loans or acting as an installment lender in Georgia unless that person is licensed. Among other things, the bill also makes conforming changes, provides definitions, and repeals conflicting laws.
Georgia amends mortgage lender/broker licensing provisions
On May 2, the Georgia governor signed SB 470, which amends state provisions related to mortgage lender and broker licensing. Among other things, the act: (i) defines a “covered employee” as “any employee of a mortgage lender or mortgage broker who is involved in residential mortgage loan related activities for property located in Georgia,” including but not limited to, “a mortgage loan originator, processor, or underwriter, or other employee who has access to residential mortgage loan origination, processing, or underwriting information”; (ii) adds “covered employee” to the list of persons for whom the Department of Banking and Finance may not issue a license or must revoke a license due to a felony conviction; and (iii) authorizes the Department to obtain conviction data with respect to a “covered employee.” The act is effective immediately.
Oklahoma adjusts loan finance charge thresholds
On May 4, the Oklahoma governor signed SB 1687, which adjusts the amounts a supervised lender may charge in lieu of a loan finance charge on loans carrying principals of $3,000 or less. Previously, the principal limit was $300. The amendments outline specific allowable loan charges based on principal amount that may be made on qualifying loans. Additionally, for loans greater than $1,620 but not more than $3,000, lenders are allowed an acquisition charge for making the loan that may not exceed one-tenth of the amount of the principal. The threshold rate changes are effective July 1.
District Court dismisses privacy class action claims citing absence of jurisdiction
On May 5, the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss a putative class action concerning invasion of privacy claims related to the collection of consumer data over an online shopping platform. The Canada-based e-commerce company and two of its wholly-owned subsidiaries operate an e-commerce platform that hosts merchants’ websites and facilitates and verifies customers’ payment information. According to the plaintiff, the defendants’ platform intercepts payment information and collects shoppers’ sensitive personal information through the use of cookies, including names, addresses, and credit card information. The plaintiff alleged that the defendants compile the data into individualized profiles, which is shared with merchants, and also share shoppers' data with other non-merchant third parties. Shoppers are not required to consent to any of these activities and are supposedly unaware that their sensitive information is being tracked and shared, the plaintiff stated, claiming violations of California’s Invasion of Privacy Act, Computer Data Access and Fraud Act, and Unfair Competition Law, among other things. In dismissing the action, the court concluded that the plaintiff’s privacy claims against the defendants are too general and fail to identify which defendant is responsible for the plaintiff’s alleged injuries. The court noted that it would normally permit the plaintiff to amend his complaint to address the issue, but said that in this case the court lacks both general and specific jurisdiction over any of the defendants. The court explained that the plaintiff failed to argue that any of the three entities (based either in Canada or Delaware) are subject to general jurisdiction in California. Simply stating that the platform “enables merchants to sell products online . . . does not represent an intentional act directed at California residents,” the court stated.
Connecticut issues CDO against unlicensed small-dollar marketplace lender
On May 4, the Connecticut Banking Commissioner issued a temporary cease and desist order against an unlicensed California-based marketplace lender after determining it had reason to believe the respondent allegedly violated several provision of the Connecticut General Statutes, as well as Section 1036 of the CFPA. The respondent operates a mobile application to help consumers take out small-dollar loans and solicits lenders via its website through advertisements claiming it “takes the work out of lending by vetting and organizing a marketplace of loan requests” where “[b]orrowers set their own terms and provide appreciation tips to lenders who agree to fund a loan, allowing for mutually beneficial financial outcomes.” Consumers initiate loans on the respondent’s platform for a certain amount, which includes optional monetary tips for both the lender and the respondent of up to 12 and 9 percent of the loan amount respectively. The Commissioner’s investigation noted that while the respondent touted the tips as being optional and not required for submitting a loan request or receiving funding, 100 percent of the loans originated to Connecticut consumers from June 2018 to August 2021 included a tip. When the tips were factored into the finance charge, the APRs of the Connecticut consumers’ loans ranged from 43 percent to over 4,280 percent. During the identified time period, loan disclosures identified the amount of the tips for each loan; however, starting in April 2021, the revised disclosures and promissory notes removed any itemization of the tips, and promissory notes allegedly “failed to indicate any obligation of the borrower to pay tips on their loans.” According to the Commissioner, the corresponding disclosures “stated that only one payment, for the principal loan amount, was due at the end of the loan,” however on the loan’s due date, the total loan amount including tips was withdrawn from the consumer’s account. Additionally, disclosures allegedly informed consumers that the APR on the loans was zero percent even though all the loans carried much higher APRs.
The Commissioner further concluded that the respondent prohibited direct communication between consumers and lenders and charged several fees on delinquent loans, including late fees and recovery fees for its collection efforts. Moreover, at least one of the contracted collection agencies was not licensed in the state, nor was the respondent licensed as a small loan company in Connecticut, and nor did it qualify for a licensure exemption.
In issuing its order to cease and desist, order to make restitution, and notice of intent to impose a civil penalty and other equitable relief, the Commissioner stated that the respondent’s “offering, soliciting, brokering, directly or indirectly arranging, placing or finding a small loan for a prospective Connecticut borrower, without the required license” constitutes at least 1,600 violations of the Connecticut General Statutes. The Commissioner cited additional violations, which included engaging in unlicensed activities such as lead generation and debt collection, and cited the respondent for providing false and misleading information related to the terms and costs of the loan transactions in violation of both state law and the CFPA’s prohibition against deceptive acts or practices. In addition to ordering the respondent to immediately cease and desist from engaging in the alleged violations, the Commissioner ordered the respondent to repay any amounts received from Connecticut consumers in connection with their loan, plus interest.
States urge Biden to forgive student debt
On May 2, a coalition of state attorneys general, led by New York Attorney General Letitia James, announced that they are urging President Biden to cancel all outstanding federal student loan debt. In the letter, the AGs argue that full cancellation of student debt is necessary to address: the (i) enormity of the debt owed; (ii) effects of the Covid-19 pandemic; (iii) “systemically flawed repayment and forgiveness system”; and (vi) disproportionate impact on the borrowers’ debt burden, among other things. The AGs further noted that using resources to help individuals who have been “tricked” into forbearance plans, suing contractors who “bungle critical processes,” and protecting consumers from “aggressive” and “predatory” for-profit colleges have provided the AGs with a “deep understanding of the systemic challenges” facing federal student loan borrowers. The AGs stated that President Biden has authority to act under the Higher Education Act, and that such action “would benefit millions of borrowers and be one of the most impactful racial and economic justice initiatives in recent memory.”
District Court allows data sharing invasion of privacy claims to proceed
On May 4, the U.S. District Court for the Central District of California partially dismissed the majority of a putative class action accusing several large retailers and a data analytics company (collectively, “defendants”) of illegally sharing their consumer transaction data, allowing only an invasion of privacy claim to proceed. In 2020, plaintiffs’ claimed the retail defendants shared consumer data without authorization or consent, including “all unique identification information contained on or within a consumer’s driver’s license, government-issued ID card, or passport, e.g., the consumer’s name, date of birth, race, sex, photograph, complete street address, and zip code,” with the data analytics company who used the information to create “risk scores” that purportedly calculated a consumer’s likelihood of retail fraud or other criminal activity. The court permanently dismissed the plaintiffs’ California Consumer Privacy Act claims, finding that the state law was not in effect when some of the plaintiffs allegedly attempted returns or exchanges and that the law does not contain an express retroactivity provision. Additionally, while plaintiffs argued that the retail defendants engaged in “a pattern or practice of data sharing,” the court concluded that plaintiffs failed “to allege that they are continuing to return or exchange merchandise at these retailers such that their data is disclosed” to the data analytics company. The court also dismissed the FCRA claims, ruling that the data analytics company’s risk report is not a “consumer report” subject to the FCRA because it does not “bear on Plaintiff’s eligibility for credit.” Plaintiffs’ claims for unjust enrichment and violations of California's Unfair Competition Law were also dismissed. However, the court concluded that the plaintiffs had plausibly alleged a reasonable expectation of privacy against the defendants, pointing to “the wide discrepancy between Plaintiffs’ alleged expectations for Retail Defendants’ use of their data and its actual alleged use.”
“The court finds dismissing this claim at the pleading stage particularly inappropriate where, as is the case here, defendants are the only party privy to the true extent of the intrusion on Plaintiffs’ privacy,” the court stated. “Reading the Complaint in a light most favorable to Plaintiffs, Plaintiffs sufficiently allege that [] defendants’ intrusion into Plaintiffs’ privacy was highly offensive.”
New York enacts new consumer protection measures
Recently, the New York governor signed legislation regarding consumer protections and student transcripts. The first piece of legislation, S.1684/A.8293 directs NYDFS to conduct a study of underbanked communities and households in the state and to make recommendations on improving access to financial services. The bill, among other things, updates the data on households that are unbanked and underbanked and analyzes the data to develop an assessment for NYDFS. Additionally, S.4894/A.1693 prohibits banking institutions from issuing unsolicited mail-loan checks, defined by NYDFS as “an unsolicited loan offer that is sent by mail and once cashed or deposited binds the recipient to the loan terms, which may include high interest rates for multiple years.”
The New York governor also signed legislation that prohibits colleges and universities from withholding transcripts from individuals who owe the schools money. This legislation, S.5924/A.6938 establishes, among other things, that no institution, under certain circumstances, can “condition the provision of a transcript on a student's payment of a debt to such institution or school.”