Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Real estate brokerage firm settles claims of discriminatory practices

    State Issues

    On March 15, the New York attorney general announced a settlement with a real estate brokerage firm to resolve claims that it allegedly discriminated against Black, Hispanic, and other homebuyers of color on Long Island. According to the announcement, the Office of the Attorney General commenced investigations into several brokerage firms, in which it found that agents employed by the brokerage firm at issue violated the Fair Housing Act and New York state law when they allegedly “subjected prospective homebuyers of color to different requirements than white homebuyers, directed homebuyers of color to homes in neighborhoods where residents predominantly belonged to communities of color, and otherwise engaged in biased behavior.” In certain instances, agents allegedly disparaged neighborhoods of color and “warned white potential homebuyers about the diverse racial makeup of the neighborhood but did not share the same comments with Black and Hispanic potential homebuyers.”

    Under the terms of the assurance of discontinuance, the brokerage firm agreed to stop the alleged conduct, will offer comprehensive fair housing training to all agents, and will provide a discrimination complaint form on its website. The brokerage firm will also pay $20,000 in penalties and $10,000 to Suffolk County to promote enforcement and compliance with fair housing laws. This is the fourth action taken by the AG’s office against real estate brokerage firms in the state. As previously covered by InfoBytes, last August three Long Island real estate brokerage firms entered settlements to resolve claims of discriminatory practices.

    State Issues Enforcement Consumer Finance Discrimination Fair Lending State Attorney General Fair Housing Act

  • New York AG continues crackdown on unregistered crypto trading platforms

    On March 9, the New York attorney general filed a petition in state court against a virtual currency trading platform (respondent) for allegedly failing to registeras a securities and commodities broker-dealer and falsely representing itself as a cryptocurrency exchange. The respondent’s website and mobile application enable investors to buy and sell cryptocurrency, including certain popular virtual currencies that are allegedly securities and commodities. The AG noted that this is one of the first times a regulator is making a claim in court that one of the largest cryptocurrencies available in the market is a security. According to the announcement, this cryptocurrency “is a speculative asset that relies on the efforts of third-party developers in order to provide profit to the holders.” As such, the respondent was required to register before selling the crypto assets, the AG said, further maintaining that the respondent also sells unregistered securities in the form of a lending and staking product. According to the AG, securities and commodities brokers are required to register with the state, which the respondent allegedly failed to do. Additionally, the respondent claimed to be an exchange but failed to appropriately register with the SEC as a national securities exchange or be designated by the CFTC as required under New York law. Nor did the respondent comply with a subpoena requesting additional information about its crypto-asset trading activities in the state, the AG said, noting that the respondent has already been found to be operating in multiple jurisdictions without proper licensure. The state seeks a court order (i) preventing the respondent from misrepresenting that it is an exchange; (ii) banning the respondent from operating in the state; and (iii) directing the respondent to undertake measures to prevent access to its mobile application, website, and services from within New York. 

    Last month the AG filed a similar petition against another virtual currency trading platform alleging similar violations (covered by InfoBytes here). 

    Licensing State Issues New York State Attorney General Digital Assets Cryptocurrency Enforcement

  • States receive $245 million judgment against robocall operation

    State Issues

    On March 6, the U.S. District Court for the Southern District of Texas entered stipulated orders and permanent injunctions against two individuals who, along with their companies (also named as defendants in the litigation), allegedly operated a massive robocall campaign to sell extended car warranties and health care services. (See orders here and here.)  Eight states attorneys general alleged violations of the TCPA and the Telemarketing Sales Rule, as well as various state consumer protection laws, claiming that the defendants initiated millions of robocalls to individuals nationwide without their prior express consent, spoofed caller ID numbers to mislead recipients, and called people whose numbers were on the Do Not Call Registry. Under the terms of the orders, the individual defendants (who neither admitted nor denied the allegations) are permanently banned from initiating or facilitating (or causing others to initiate or facilitate) any robocalls, working in or with companies that make robocalls, or engaging in any telemarketing. The court also ordered each individual defendant to pay a $122.3 million monetary judgment; however, these payments are mostly suspended in favor of the more permanent bans due to their inability to pay. The states noted that they are continuing their cases in the same action against others who allegedly worked with the individual defendants to facilitate the robocalls.

    State Issues State Attorney General Robocalls TCPA Telemarketing Sales Rule Do Not Call Registry Enforcement

  • House subcommittee discusses CFPB reform proposals

    Federal Issues

    On March 9, the House Financial Services Committee’s Subcommittee on Financial Institutions and Monetary Policy held a hearing to discuss proposals that would alter the structure and authority of the CFPB. The subcommittee heard from several witnesses, including the CEO of the American Financial Services Association (AFSA), the Bureau’s former deputy director, and the Minnesota attorney general.

    During the hearing, members discussed legislation that would reform the Bureau, including: (i) the Consumer Financial Protection Commission Act, which would make the Bureau an independent commission; (ii) the Transparency in CFPB Cost-Benefit Analysis Act, which would require the Bureau to include a statement justifying any proposed rulemaking (including “why the private market, State, local, or tribal authorities cannot adequately address the problem”), as well as provide qualitative and quantitative cost assessments and data or studies used in preparing a proposal; (iii) the CFPB-IG Reform Act, which would create a separate inspector general for the Bureau; and (iv) the Taking Account of Bureaucrats’ Spending (TABS) Act, which would make the Bureau an independent agency from the Federal Reserve System called the “Consumer Financial Empowerment Agency” that would be funded through congressional appropriations rather than the Fed.

    In his prepared testimony, the AFSA CEO alleged several examples of regulatory overreach taken by the Bureau, including: (i) imposing limits on arbitration, despite the Bureau’s own finding that arbitration benefits consumers; (ii) releasing guidance, instead of legislative rulemaking, which creates ambiguity for companies and consumers; (iii) using “regulation by enforcement” to change TILA and creating an ability to repay standard that does not exist in any consumer financial law or regulation; (iv) issuing press releases that serve as regulations and provide recommendations inconsistent with the plain language of laws such as the SCRA; and (v) creating potential harm to servicemembers through misinterpretations of the Military Lending Act. He further explained that a press release issued by the Bureau last year on junk fees (covered by InfoBytes here) “goes beyond its authority” and creates confusion for both depository institutions and finance companies who are unsure what the rules are. He emphasized that “the best way to protect consumer is to protect access to credit,” and the best method for achieving this “is to have clearly defined terms and conditions that both industry and the regulatory community can understand and follow.”

    The former CFPB deputy director also asserted in his prepared testimony that the agency is prone to exceeding statutory limits or requirements. He commented that “[w]hile one or two of these actions could perhaps be dismissed as over-exuberance, the frequency with which these issues arise suggests that the agency lacks adequate internal or external controls to ensure it operates within the law,” and that in “the absence of these controls . . . [it] compels the conclusion that the CFPB is ripe for reform.” He also maintained that having the Bureau go through the annual appropriations process would help the agency “focus its priorities” and “improve its effectiveness and efficiency.” He further noted that expanding the Bureau’s UDAAP authority to cover conduct it observes in the marketplace (such as applying UDAAP credit discrimination laws to any decision making by a financial institution) is “a decision fundamentally for Congress.”

    The Minnesota attorney general, however, highlighted joint enforcement actions taken with the Bureau in his prepared testimony, stating that by serving “as a critical enforcement partner,” the agency is operating as Congress intended when it created the Bureau in response to the 2008 financial crisis. “The CFPB’s destruction would topple the whole system like dominos,” he stressed, adding that the funding arguments fall short as several federal agencies are not funded by Congress.

    Senators Sherrod Brown (D-OH), Chair of the Senate Banking Committee, and Representative Maxine Waters (D-CA), Ranking Member of the House Financial Services Committee, issued a statement strongly disagreeing with the introduced legislation. “We will continue to work with our colleagues to stop any anti-consumer bill and protect the CFPB so that consumers can continue to have an agency solely dedicated to protecting their hard-earned money,” the lawmakers said.

    Federal Issues House Financial Services Committee CFPB State Issues Enforcement Federal Legislation Consumer Finance Funding Structure Constitution State Attorney General

  • Biden administration urges states to join fee crack down

    Federal Issues

    On March 8, the Biden administration convened a gathering of state legislative leaders to hold discussions about so-called “junk fees”—described as the “unnecessary, unavoidable, or surprise charges” that obscure true prices and are often not disclosed upfront. While the announcement acknowledged actions taken by federal agencies over the past few years to crack down on these fees, the administration recognized the role states play in advancing this effort. The Guide for States: Cracking Down on Junk Fees to Lower Costs for Consumers outlined actions states can take to address these fees, and provided several examples of alleged junk fees, including hotel resort fees, debt settlement fees, event ticketing fees, rental car and car purchase fees, and cable and internet fees. The guide also highlighted “the banking industry’s excessive and unfair reliance on banking junk fees.” The administration pointed out that a number of businesses have changed their policies in response to the increased scrutiny of junk fees and said several banks have ended fees for overdraft protection. The same day, the CFPB released a new Supervisory Highlights, which focused on junk fees uncovered in deposit accounts and the auto, mortgage, student, and payday loan servicing markets (covered by InfoBytes here).

    Additionally, HUD Secretary Marcia L. Fudge published an open letter to the housing industry and state and local governments, encouraging them to “limit and better disclose fees charged to renters in advance of and during tenancy.” Fudge noted that “actions should aim to promote fairness and transparency for renters while ensuring that fees charged to renters reflect the actual and legitimate costs to housing providers.”

    California Attorney General Rob Bonta also issued a statement responding to the administration’s call to end junk fees. “Transparency and full disclosure in pricing are crucial for fair competition and consumer protection,” Bonta said, explaining that in February the state senate introduced legislation (see SB 478) to prohibit the practice of hiding mandatory fees.

    Federal Issues CFPB Consumer Finance Junk Fees Overdraft Biden State Issues HUD California State Attorney General

  • New York AG sues crypto trading platform for failing to register

    State Issues

    On February 22, the New York attorney general filed a petition in state court against a virtual currency trading platform (respondent) for allegedly failing to register as a securities and commodities broker-dealer and falsely representing itself as a cryptocurrency exchange. The respondent’s website and mobile application enable investors to buy and sell cryptocurrency, including certain popular virtual currencies that are allegedly securities and commodities. According to the AG, securities and commodities brokers are required to register with the state, which the respondent allegedly failed to do. The AG further maintained that the respondent claimed to be an exchange but failed to appropriately register with the SEC as a national securities exchange or be designated by the CFTC as required under New York law. Nor did the respondent comply with a subpoena requesting additional information about its crypto-asset trading activities in the state, the AG said. The state seeks a court order (i) preventing the respondent from misrepresenting that it is an exchange; (ii) banning the respondent from operating in the state; and (iii) directing the respondent to undertake measures to prevent access to its mobile application, website, and services from within New York.

    State Issues Digital Assets New York State Attorney General Courts Virtual Currency Securities SEC CFTC

  • Massachusetts AG reaches $6.5M settlement over deceptive auto-renewal and collection practices

    State Issues

    The Massachusetts attorney general recently reached a $6.5 million settlement with a home security services company, its sister companies, and its CEO to resolve allegations that the defendants violated Massachusetts consumer protection laws by trapping customers in auto renewal contracts and engaging in illegal debt collection practices. The final judgment by consent, filed in Suffolk County Superior Court, resolves a 2019 lawsuit alleging the defendants engaged in unfair and deceptive tactics to prevent customers from canceling their contracts, charged for services during system outages or for services that were never provided, steered customers into contract renewal instead of cancellation, and engaged in aggressive and illegal debt collection practices. Under the terms of the settlement, the defendants are required to pay $1.8 million and waive and forgive $4.7 million of outstanding customer debt. Although they denied the allegations, the defendants have agreed to implement changes to their business practices, including taking measures to come into compliance with the attorney general’s debt collection regulations, offering credits to customers who purchased non-functional systems that cannot be repaired, implementing new complaint procedures, and permitting existing customers to cancel their contracts by telephone, email, and web portal. Additionally, the defendants will make several revisions to the terms of their contracts relating to auto-renewal practices, monitoring charges, cancellation policies and procedures, late fees and other costs.

    State Issues State Attorney General Massachusetts Settlement Debt Collection Consumer Finance

  • Colorado releases privacy act updates

    Privacy, Cyber Risk & Data Security

    Last month, the Colorado attorney general released a third version of draft rules to implement and enforce the Colorado Privacy Act (CPA). A hearing on the proposed draft rules was held February 1. As previously covered by a Special Alert, the CPA was enacted in July 2021 to establish a framework for personal data privacy rights. The CPA, which is effective July 1, 2023 with certain opt-out provisions taking effect July 1, 2024, provides consumers with numerous rights, including the right to access their personal data, opt-out of certain uses of personal data, make corrections to personal data, request deletion of personal data, and obtain a copy of personal data in a portable format. Under the CPA, the attorney general has enforcement authority for the law, which does not have a private right of action. The attorney general also has authority to promulgate rules to carry out the requirements of the CPA and issue interpretive guidance and opinion letters, as well as the authority to develop technical specifications for at least one universal opt-out mechanism. The attorney general previously released two versions of the draft rules last year (covered by InfoBytes here and here).

    The third set of draft rules seeks to address additional concerns raised through public comments and makes a number of changes, including:

    • Clarifying definitions. The modifications add, delete, and amend several definitions, including those related to “bona fide loyalty program,” “information that a [c]ontroller has a reasonable basis to believe the [c]onsumer has lawfully made available to the general public,” “publicly available information,” “revealing,” and “sensitive data inference” or “sensitive data inferences.” Among other things, the definition of “publicly available information” has been narrowed by removing the exception to the definition that had excluded publicly available information that has been combined with non-publicly available information. Additionally, sensitive data inferences now refer to inferences which “are used to” indicate certain sensitive characteristics.
    • Right to opt out and right to access. The modifications outline controller requirements for complying with opt-out requests, including when opt-out requests must be completed, as well as provisions for how privacy notice opt-out disclosures must be sent to consumers, and how consumers are to be provided mechanisms for opting-out of the processing of personal data for profiling that results in the provision or denial of financial or lending services or other opportunities. With respect to the right to access, controllers must implement and maintain reasonable data security measures when processing any documentation related to a consumer’s access request.
    • Right to correct and right to delete. Among other changes, the modifications add language providing consumers with the right to correct inaccuracies and clarify that a controller “may decide not to act upon a [c]onsumer’s correction request if the [c]ontroller determines that the contested [p]ersonal [d]ata is more likely than not accurate” and has exhausted certain specific requirements. The modifications add requirements for when a controller determines that certain personal data is exempted from an opt-out request.
    • Notice and choice of universal opt-out mechanisms. The modifications specify that disclosures provided to consumers do not need to be tailored to Colorado or refer to Colorado “or to any other specific provisions of these rules or the Colorado Privacy Act examples.” Additionally, a platform, developer, or provider that provides a universal opt-out mechanism may, but is not required to, authenticate that a user is a resident of the state.
    • Controller obligations. Among other things, a controller may choose to honor an opt-out request received through a universal opt-out mechanism before July 1, 2024, may respond by choosing to opt a consumer out of all relevant opt-out rights should the universal opt-out mechanism be unclear, and may choose to authenticate that a user is a resident of Colorado but is not required to do so.
    • Purpose specification. The modifications state that controllers “should not specify so many purposes for which [p]ersonal [d]ata could potentially be processed to cover potential future processing activities that the purpose becomes unclear or uninformative.” Controllers must modify disclosures and necessary documentation if the processing purpose has “evolved beyond the original express purpose such that it becomes a distinct purpose that is no longer reasonably necessary to or compatible with the original express purpose.”
    • Consent. The modifications clarify that consent is not freely given when it “reflects acceptance of a general or broad terms of use or similar document that contains descriptions of [p]ersonal [d]ata [p]rocessing along with other, unrelated information.” Requirements are also provided for how a controller may proactively request consent to process personal data after a consumer has opted out.
    • User interface design, choice architecture, and dark patterns. The modifications provide that a consumer’s “ability to exercise a more privacy-protective option shall not be unduly longer, more difficult, or time-consuming than the path to exercise a less privacy-protective option.” The modifications also specify principles that should be considered when designing a user interface or a choice architecture used to obtain consent, so that it “does not impose unequal weight or focus on one available choice over another such that a [c]onsumer’s ability to consent is impaired or subverted.”

    Additional modifications have been made to personal data use limitations, technical specifications, public lists of universal opt-out mechanisms, privacy notice content, loyalty programs, duty of care, and data protection assessments. Except for provisions with specific delayed effective dates, the rules take effect July 1 if finalized.

    On February 28, the attorney general announced that the revised rules were adopted on February 23, but are subject to a review by the attorney general and may require additional edits before they can be finalized and published in the Colorado Register. 

    Privacy, Cyber Risk & Data Security State Issues State Attorney General Colorado Colorado Privacy Act Consumer Protection

  • States support DOE’s overhaul of IDR plans

    State Issues

    On February 13, a coalition of state attorneys general led by California and Massachusetts submitted a letter in support of the Department of Education’s (DOE) proposed changes to income-driven repayment plans (IDR) for federal student loan borrowers. As previously covered by InfoBytes, last month the DOE announced a notice of proposed rulemaking (NPRM) designed to reduce the cost of federal student loan payments. According to the NPRM, the DOE is proposing to amend the regulations governing income-contingent repayment plans by amending the Revised Pay as You Earn (REPAYE) repayment plan, and is looking to restructure and rename the repayment plan regulations under the William D. Ford Federal Direct Loan Program, including combining the Income-Contingent Repayment and the Income-Based Repayment (IBR) plans under the umbrella term of IDR plans. The NPRM would ensure that a borrower’s balance would not grow due to accumulation of unpaid interest if the borrower otherwise makes the monthly payments, and would also establish that for individuals who borrow $12,000 or less, loan forgiveness can occur after making the equivalent of 10 years of payments. That period increases by one year for each additional $1,000 that is borrowed. 

    In their letter, the states expressed support for the DOE’s NPRM, but urged the department to take further steps to support struggling borrowers. The states urged the DOE to expand the scope and reach of the proposed reforms by, among other things, creating a simple path for borrowers in default to enroll in IBR or REPAYE, counting all past forbearance and repayment periods and certain deferment periods towards borrowers’ loan forgiveness, making Parent PLUS loans eligible for REPAYE, and expanding the reach of its reforms to “provide more retroactive relief” to borrowers impacted by widespread servicing errors that prevented them from enrolling in IDR. According to the letter, the DOE should also raise the discretionary income threshold to make debt more manageable for borrowers with the greatest need, eliminate the reverse amortization of IDR loan balances, shorten the period in which borrowers must make payments to receive forgiveness under REPAYE, provide viable repayment options, and automatically enroll delinquent borrowers in IDR plans before they face negative credit reporting and default, among other measures.

    State Issues State Attorney General Department of Education Income-Driven Repayment Student Lending Student Loan Servicer Consumer Finance

  • California investigating mobile apps’ CCPA compliance

    Privacy, Cyber Risk & Data Security

    On January 27, the California attorney general announced an investigation into mobile applications’ compliance with the California Consumer Privacy Act (CCPA). The AG sent letters to businesses in the retail, travel, and food service industries who maintain popular mobile apps that allegedly fail to comply with consumer opt-out requests or do not offer mechanisms for consumers to delete personal information or stop the sale of their data. The investigation also focuses on businesses that fail to process consumer opt-out and data-deletion requests submitted through an authorized agent, as required under the CCPA. “On this Data Privacy Day and every day, businesses must honor Californians’ right to opt out and delete personal information, including when those requests are made through an authorized agent,” the AG said, adding that authorized agent requests include “those sent by Permission Slip, a mobile application developed by Consumer Reports that allows consumers to send requests to opt out and delete their personal information.” The AG encouraged the tech industry to develop and adopt user-enabled global privacy controls for mobile operating systems to enable consumers to stop apps from selling their data.

    As previously covered by InfoBytes, the CCPA was enacted in 2018 and took effect January 1, 2020. The California Privacy Protection Agency is currently working on draft regulations to implement the California Privacy Rights Act, which largely became effective January 1, to amend and build upon the CCPA. (Covered by InfoBytes here.)

    Privacy, Cyber Risk & Data Security State Issues State Attorney General California CCPA Compliance Opt-Out Consumer Protection CPRA

Pages

Upcoming Events