Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • DFPI requests comments on proposed CCFPL consumer complaint rules

    State Issues

    On August 18, the California Department of Financial Protection and Innovation (DFPI) released a new invitation for comments on proposed rulemaking to implement the California Consumer Financial Protection Law (CCFPL). As previously covered by InfoBytes, last September the California governor signed AB 1864, which enacts the CCFPL and authorizes DFPI to establish rules relating to the covered persons, service providers, and consumer financial products or services outlined in the law. The newest invitation for comments builds on responses to initial comments received from a request for comments made in February (covered by InfoBytes here), and seeks comments on draft language implementing certain subdivisions of section 90008 related to consumer complaint regulations.

    Among other things, the draft regulations would (i) require covered persons to create a complaint form accessible via their website and at each physical location, as well as maintain a toll-free number for consumers to orally file complaints; (ii) outline instructions for how covered persons must investigate and respond to complaints, including tracking complaints and communicating with consumers (covered persons will be required to provide written decisions to consumers within 15 calendar days of receiving a complaint); (iii) require covered persons to maintain a written record of each complaint for a minimum of five years from the date the complaint was initially filed; (iv) prohibit discrimination during the complaint process on any basis prohibited by law; (v) require complaint reports to be filed quarterly with DFPI describing the volume and types of complaints; (vi) outline requirements for determining whether a consumer inquiry should be handled as a complaint; and (viii) define nonpublic or confidential information. Comments on the draft regulations must be received by September 17.

    State Issues State Regulators DFPI Consumer Complaints Consumer Finance

  • Illinois amends state Human Rights Act

    State Issues

    On August 13, the Illinois governor signed SB 1561, which amends the Illinois Human Rights Act to include provisions regarding third-party loan modification service providers. According to the bill, it is a civil rights violation for a third-party loan modification service provider because of unlawful discrimination, familial status, or an arrest record, to (i) refuse to engage in loan modification services or to discriminate in making such services available; or (ii) alter the terms, conditions, or privileges of such services. The bill also clarifies that a third-party loan modification service provider is a person or entity, licensed or unlicensed, that “provides assistance or services to a loan borrower to obtain a modification to a term of an existing real estate loan or to obtain foreclosure relief,” but does not include lenders, brokers or appraisers of mortgage loans, or the servicers, subsidiaries, affiliates, or agents of the lender. Among other things, the bill provides that, in relation to real estate transactions, the failure of the Department to notify a complainant or respondent in writing for not completing an investigation on the allegations set forth in a charge within 100 days shall not deprive the Department of jurisdiction over the charge. This bill is effective January 1, 2022.

    State Issues State Legislation Illinois Consumer Lending Third-Party

  • Maryland affirms penalties of over $3 million against auto lender

    State Issues

    On August 11, the Maryland attorney general announced that a circuit court in Maryland affirmed that an auto-lending company’s transactions were illegal loans, not pawn transactions, and upheld the Consumer Protection Division’s imposition of $2.2 million in restitution and a $1.2 million penalty. In its press release, the AG alleged that the company “made predatory loans at outrageous interest rates, illegally repossessed cars, and preyed on Maryland consumers,” in violation of the Maryland Consumer Loan Law, the Maryland Interest and Usury Law, and the Installment Loan-Licensing Provision. According to the memorandum of the court, the loans issued by the company were not considered to be title pawn transactions, but were instead illegal consumer loans which “violated the consumer protection statutes as respondents were not licensed to make loans in Maryland, failed to make the required disclosures to the consumer, engaged in unfair trade practices, exceeded the statutory interest rate caps, took unpermitted security interests for loans of less than $700.00 and engaged in illegal repossession activities.”

    State Issues State Attorney General Maryland Auto Finance Interest Rate Usury

  • DFPI again modifies draft regulations for commercial financing disclosures

    State Issues

    On August 9, the California Department of Financial Protection and Innovation (DFPI) issued a second draft of proposed regulations implementing the requirements of the commercial financing disclosures required by SB 1235 (Chapter 1011, Statutes of 2018). As previously covered by InfoBytes, in 2018, California enacted SB 1235, which requires non-bank lenders and other finance companies to provide written consumer-style disclosures for certain commercial transactions, including small business loans and merchant cash advances. In July 2019, California released the first draft of the proposed regulations, and last September, California initiated the formal rulemaking process with the Office of Administrative Law (covered by InfoBytes here and here). The second modifications to the proposed regulations follow a consideration of public comments received on the initial proposed text, as well as additional comments received on modifications made to the proposed text in April. Among other things, the proposed modifications (i) amend several terms including “approved advance limit,” “approved credit limit,” and “amount financed”; (ii) clarify the definition of “at the time of extending a specific commercial financing offer”; (iii) replace the London Interbank Offered Rate (LIBOR) with the Secured Overnight Financing Rate as one of the benchmark rate options; (iv) add several terms including “broker,” “recipient funds,” “average monthly cost,” “estimated monthly cost,” and “prepaid finance charge”; (v) provide that for disclosure purposes, “a provider shall assume that there are 30 days in every month and 360 days in a year” and specify that the annual percentage rate must be expressed to the nearest ten basis points; (vi) amend certain disclosure requirements and thresholds; (vii) clarify methods for estimating monthly sales, income, or receipt projections for sales-based financing; (viii) amend duties and requirements for financers and brokers; and (ix) clarify APR calculation requirements and tolerances and outline disclosure criteria for specifying the amount of funding a recipient will receive.

    Comments on the second modifications must be received by August 24.

    State Issues State Regulators DFPI Disclosures Commercial Finance Small Business Lending APR Merchant Cash Advance

  • Georgia settles with debt collection company

    State Issues

    On August 12, the Georgia Attorney General announced that it entered an assurance of voluntary compliance with a debt collection company resolving allegations that the company committed multiple violations of the FDCPA and the Georgia Fair Business Practices Act. According to the AG, the company deceived consumers by, among other things: (i) threatening consumers with jailtime if a debt was not paid; (ii) failing to disclose that they were debt collectors; and (iii) failing to provide consumers, within five days after the initial communication, a written notice containing certain information required by law. Under the settlement, the company must cease collections on all Georgia consumer accounts it owns and turn those accounts over to the AG, which represents over $19.8 million in purported consumer debt. In addition, the company must pay $41,500 in penalties and fees, and fully comply with the FDCPA and the Georgia Fair Business Practices Act. Finally, if the company violates any provisions of the settlement during a three-year monitoring period, it must immediately pay an additional $41,500 payment to the state.

    State Issues State Attorney General Enforcement FDCPA Debt Collection

  • District Court: State law right-to-cure provisions preempted by National Bank Act

    Courts

    On August 4, the U.S. District Court for the Western District of Wisconsin granted defendants’ motion for partial summary judgment in an action alleging claims under the FDCPA and the Wisconsin Consumer Act (WCA). The defendants were a debt-purchasing company and a law firm hired by the company to recover outstanding debt and purported late fees on the plaintiff’s account in a separate state-court action. After the plaintiff failed to make payments on his outstanding balance, the original creditor (a national bank) charged late fees and mailed him a “right to cure” letter advising him of the minimum payment due and the deadline to make the payment. The account was eventually sold to the debt-purchasing company after the plaintiff failed to make any minimum payments. The law firm sent the plaintiff two letters on behalf of the debt-purchasing company, one which outlined his right to dispute the debt and one which provided a “notice of right to cure default.” A small claims action was filed against the plaintiff in state court, in which the plaintiff argued for dismissal, contending in part that the notice of default failed to itemize delinquency charges as required under Wisconsin law. The plaintiff then filed this suit in federal court alleging violations of the FDCPA and the WCA, claiming that the defendants “falsely represented the status of his debt in violation of § 1692e by purporting to have properly accelerated his debt and filed suit against him despite [the plaintiff] never being provided an adequate right to cure letter pursuant to Wisconsin law.”

    First, in reviewing whether the plaintiff had standing to sue, the court determined that the “costs, time, and energy” incurred by the plaintiff to defend himself in the state-court action amounted to a “concrete injury in fact” that established his standing in the federal-court action. However, upon reviewing the WCA’s right-to-cure provisions as the basis for the plaintiff’s claims that the defendants violated federal and state laws by allegedly falsely representing that they could accelerate the plaintiff’s debt and sue him, the court examined whether the state law’s notice and right-to-cure provisions were federally preempted by the National Bank Act (NBA), as the original creditor’s rights and duties were assigned to the debt-purchasing company when the account was sold. The court determined that while the WCA right-to-cure provisions “do relate in part to debt collection,” they also “go beyond that by imposing conditions on the terms of credit within the lending relationship.” The court ultimately concluded that the WCA provisions “are inapplicable to national banks by reason of federal preemption,” and, as such, the court found “that a debt collector assigned a debt from a national bank is likewise exempt from those requirements” and was not required to send the plaintiff a right-to-cure letter “as a precondition to accelerating his debt or filing suit against him.”

    Courts Debt Collection FDCPA State Issues Consumer Finance National Bank Act

  • District Court: Cloud computing company must face class action CCPA claims in data breach suit

    Courts

    On August 12, the U.S. District Court for the District of South Carolina issued a ruling in a consolidated putative class action against a cloud software company alleging several state consumer protection and data reporting law violations related to a 2020 data breach. The plaintiffs asserted that the data breach was a result of the company’s “deficient security program” and contended that the company “failed to comply with industry and regulatory standards by neglecting to implement security measures to mitigate the risk of unauthorized access, utilizing outdated servers, storing obsolete data, and maintaining unencrypted data fields.” They further claimed, among other things, that the company’s narrow internal investigation did not address the full scope of the ransomware attack (in which it was eventually revealed that Social Security numbers and other sensitive personal data were compromised) and that plaintiffs were not provided timely and adequate notice of the data breach.

    The court found that the plaintiffs failed to adequately plead their claims for violations of consumer protection laws in New Jersey, Pennsylvania, and South Carolina, but allowed certain claims to proceed, including plaintiffs’ allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to implement and maintain reasonable security procedures. The CCPA, which became effective January 1, 2020 (covered by a Buckley Special Alert), provides for a limited private right of action for actual or statutory damages to “[a]ny consumer whose nonencrypted and nonredacted personal information . . . is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information[.]” The company countered, however, that it is not a “business” regulated under the CCPA.

    The court disagreed, writing that “the plain text of the statute is instructive” and that the plaintiffs had adequately alleged that the company qualified as a “business” under the statute because it (i) uses consumers’ personal data to provide, develop, improve, and test its services; (ii) “develops software solutions to process its customers’ patrons’ personal information”; (iii) has annual gross revenues of more than $25 million; and (iv) is allegedly registered as a “data broker” in California under a law that “provides that a ‘data broker’ is a ‘business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.’” The court also rejected the company’s contention that because it qualifies as a “service provider” under the CCPA it is not a “business.” The court further allowed claims under New York General Business Law Section 349 to proceed, finding the plaintiffs had sufficiently alleged that the company had misrepresented its security measures and the scope of the breach and had prevented consumers from protecting their data. The court also allowed the plaintiffs to seek declaratory and injunctive relief under Florida’s Deceptive and Unfair Trade Practices Act.

    Courts CCPA Privacy/Cyber Risk & Data Security Data Breach Class Action State Issues

  • District Court allows CFPB, Massachusetts AG’s telemarketing suit to proceed

    Courts

    On August 10, the U.S. District Court for the District of Massachusetts denied a motion to dismiss filed by a credit repair organization and the company’s president and owner (collectively, “defendants”) in a joint action taken by the CFPB and the Massachusetts attorney general, which alleged the defendants committed deceptive acts and practices in violation of the Consumer Financial Protection Act (CFPA), the Massachusetts Consumer Protection Law, and the FTC’s Telemarketing Sales Rule (TSR). As previously covered by InfoBytes, the complaint alleges the defendants, among other things, claimed their credit-repair services could help consumers substantially improve their credit scores and promised to fix “unlimited” amounts of negative items from consumers’ credit reports, but, in “numerous instances,” the defendants failed to achieve these results. The defendants also allegedly violated the TSR by engaging in abusive acts and by requesting and collecting fees before achieving any results related to repairing a consumer’s credit. The defendants moved to dismiss, arguing that they were governed by the Credit Repair Organizations Act (CROA), which cannot be reconciled with the TSR, the TSR definition of “telemarketing” is vague and violates the Due Process Clause, and that applying the TSR’s definition of telemarketing would place an unfair content-based restriction on speech that restricts when they can collect payments for their services. Moreover, the defendants claimed, among other things, that the FTC “exceeded its authority in promulgating rules targeting their conduct because Congress intended that only unsolicited telemarketing calls would be addressed by the FTC’s regulations.”

    The court disagreed, holding first that that the CROA and the TSR do not conflict. “[C]ompliance with the TSR’s payment requirement would not cause defendants to violate the CROA,” the court stated. “The TSR simply adds a precondition to requesting payment…” Additionally, the court noted that the TSR’s “restriction is on conduct—the timing of the payment—not on speech,” adding that while “Congress directed the FTC to create rules regarding specific telemarketing activities. . ., Congress also authorized the FTC to create additional rules addressing ‘deceptive telemarketing acts or practices’ at its discretion.” As such, the court held that defendants did not show that “Congress intended the FTC to exclusively address unsolicited telemarketing calls.” Furthermore, the court held that the plaintiffs adequately defined the defendants’ allegedly deceptive conduct and that the alleged violations of state law are plausible.

    Courts CFPB Enforcement Telemarketing Consumer Finance CFPA State Issues Telemarketing Sales Rule Credit Repair Organizations Act State Attorney General

  • DFPI proposes small-dollar lending pilot

    On August 6, the California Department of Financial Protection and Innovation (DFPI) issued a notice of proposed rulemaking (NPRM) to amend certain codes under the California Code of Regulations and to implement the Pilot Program for Increased Access to Responsible Small Dollar Loans (Pilot Program). The Pilot Program is administered by DFPI and established under the California Financing Law (covered by a Buckley Special Alert here). According to DFPI, the proposed regulations implement SB 235, “which authorizes a finder, defined as an entity that brings together a licensed lender and prospective borrower to negotiate a contract, to perform additional services on behalf of a lender,” and AB 237 “which, among other things, increases the upper dollar limit for a permissible Pilot Program loan from $2,500 to $7,500 and requires participating lenders to conduct reasonable background checks on finders.” The proposal would amend regulations of DFPI’s Pilot Program by, among other things: (i) revising general information and instructions to forms; (ii) increasing the upper limit from $2,500 to $7,500 on the amount of a permissible loan; (iii) “requir[ing] Pilot Program applicants to submit the policies and procedures they must maintain to address customer complaints and respond to questions raised by loan applicants and borrowers, including questions about finders”; (iv) permitting finders to disburse funds on behalf of lenders, collecting loan payments from borrowers, and issuing notices and disclosures to borrowers or perspective borrowers; and (v) removing a provision that prohibits finders from discussing marketing materials or loan documents with a borrower or prospective borrower.

    Licensing State Issues State Legislation Small Dollar Lending DFPI

  • DFPI grants license to ISA servicer

    On August 5, the California Department of Financial Protection and Innovation (DFPI) announced an agreement to issue a license to a New York-based company that partners with educational institutions to offer Income Share Agreements (ISAs) to students to finance their post-secondary education and training. The agreement reflects DFPI’s decision to “treat these private financing products as student loans” for purposes of the California Student Loan Servicing Act (SLSA)” and represents “a significant first step toward providing greater oversight of the ISA industry.” As previously covered by InfoBytes, in 2018, the California governor approved AB 38 to amend the state’s Student Loan Servicing Act, which provides for the licensure, regulation, and oversight of student loan servicers by the California Department of Business Oversight (now DFPI). The agreement is the first of its kind to subject an ISA servicer to state licensing and regulation. In the agreement, DFPI explains that the SLSA defines a “student loan” “by the purposes for which financing is used,” and includes an “extension of credit” that is “solely for use to finance post-secondary education.” The SLSA expressly excludes certain types of credit, but does not exclude contingent debt or ISAs. Therefore, the agreement concludes, “the Commissioner finds that ISAs made solely for use to finance a postsecondary education are ‘student loans’ for the purposes of the SLSA.”

    As part of the agreement, the company, among other things: (i) must submit all audited financial statements; (ii) must report any ISAs it services as “student loans” for purposes of the SLSA; and (iii) “shall not service any ISAs or other forms of credit extended to California consumers that have been determined or declared unenforceable or void by the DFPI or any regulatory agency that licenses, charters, registers, or otherwise approves the issuer of the ISA.” In addition, DFPI will issue the company a regular, unconditional California SLSA license “within 5 business days of the Commissioner’s approval of [the company’s] Audited Financials.” According to DFPI, “some ISA issuers have contended that state and federal lending laws are inapplicable to ISAs, and students who finance education under ISAs did not enjoy the same regulatory protections as other borrowers,” and DFPI “expects to clarify requirements for ISA providers and servicers through future rulemaking.”

    Licensing State Issues DFPI Income Share Agreements Student Lending Student Loan Servicer

Pages

Upcoming Events