InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
New York AG Action Targets Out-Of-State Retail Installment Obligation Finance Companies
On April 30, New York Attorney General (AG) Eric Schneiderman announced that four out-of-state companies alleged to have financed retail installment obligations (RIOs) at rates in excess of the state’s usury cap agreed to recast the RIOs at a rate of not more than 16% and provide repayment or credits to impacted New York consumers. The settlements are the latest in a series of actions in New York targeting out-of-state or online lenders and finance companies that make loans in New York without obtaining a license to operate in that state.
The companies financed elective medical and surgical procedures through RIOs offered by medical providers to patients, an activity the AG believes required the companies to obtain a state license to operate as sales finance companies or lenders. The AG’s Health Care Bureau initiated the investigation after it received complaints about an online lead generation site. As described in the AG’s release, that lead generator requested information regarding a consumer’s employment and credit history, automatically set the APR and RIO repayment terms, and submitted the completed application to sales finance companies. The AG explains that once a finance company agreed to purchase the RIO, the medical provider and the patient both signed a financing agreement that the medical provider immediately assigned to the finance company. The finance company then transferred the funds to the medical provider who agreed to accept less than their usual and customary fees in exchange for upfront payments from the finance company. The patient, however, would be required to repay to the financier full fees plus interest, which in this case allegedly exceeded the statutory usury cap, up to 55% in some instances. State law restricts unlicensed lenders to charging an APR of up to 16%, and establishes criminal penalties for unlicensed lenders that charge interest at a rate exceeding 25% APR.
In addition to revising existing loans and providing approximately $230,000 in remediation to 317 consumers, the agreements require the companies to (i) collectively pay $35,000 in penalties; (ii) cease all conduct as unlicensed sales finance companies in New York; and (iii) notify any consumer reporting agencies to which they gave consumer information to delete all references to the transactions from customers’ credit records. The agreements do not include any criminal penalties.
In addition to extending the state’s licensing enforcement focus, this is at least the second financial services case initiated in recent months by the AG’s Health Care Bureau. In June 2013, the AG announced a settlement with a credit card issuer related to alleged illegal deferred interest products offered through medical provider offices.
Illinois AG Licensing Enforcement Actions Target Payday Loan Lead Generator, Lenders
On April 7, Illinois Attorney General (AG) Lisa Madigan sued a payday loan lead generator to enforce a 2012 cease and desist order issued by the state’s Department of Financial and Professional Regulation. The regulator and the AG assert that the state’s Payday Loan Reform Act (PLRA), which broadly defines “lender” to include “any person or entity . . . that . . . arranges a payday loan for a third party, or acts as an agent for a third party in making a payday loan, regardless of whether approval, acceptance, or ratification by the third party is necessary to create a legal obligation for the third party,” required the lead generator to obtain a license before operating in Illinois. The AG claims that the lead generator violated the state’s Consumer Fraud and Deceptive Business Practices Act by offering and arranging payday loans in knowing violation of the PLRA’s licensing and other requirements. The suit also alleges that the lead generator knowingly matched Illinois consumers with unlicensed members of the generator’s payday lender network. The AG is seeking a permanent injunction and a $50,000 civil penalty. On the same day, the AG also announced it filed suits against four online payday lenders for failing to obtain a state license, making payday loans with interest rates exceeding state usury caps, and otherwise violating state payday loan limitations. Those suits ask the court to permanently enjoin the lenders from operating in Illinois and declare all existing payday loan contracts entered into by those lenders null and void, with full restitution to borrowers.
Iowa Adds AG Data Breach Notice Requirement
On April 3, Iowa Governor Terry Branstad signed SF 2259, which amends the state’s data breach notice law to add a requirement that businesses that experience a data breach notify the state attorney general’s office within five days of discovering or being notified of the breach. Previously, state law required that businesses notify only consumers after discovery or notification. Several existing exemptions to the consumer notice requirement, including for businesses subject to Title V of the Gramm-Leach-Bliley Act, also apply to the attorney general notice requirement. SF 2259 also amends (i) the definition of “breach of security” to cover personal information maintained in any medium that was transferred to that medium from computerized form, e.g., printed records originally maintained in electronic form; and (ii) the definition of “personal information” to include encrypted, redacted, or otherwise protected data. The changes take effect July 1, 2014.
NY AG Announces Agreement To Limit Online Title Lending
On April 1, New York Attorney General (AG) Schneiderman announced that 10 repossession companies agreed to discontinue repossessing vehicles at the request of title loan companies. The AG states that out-of-state or online lenders offer title loans, which he characterizes as a type of payday loan with high interest rates, to New Yorkers without obtaining a New York license, and offer loans in excess of the 16% interest rate cap applicable to unlicensed lenders. In September 2013, the AG settled with five companies that collected debts on allegedly illegal payday loans, part of a broader effort by New York authorities to address alleged usurious online lending.
State AGs, Mexico Agree To Form AML Working Group
On March 25, California Attorney General (AG) Kamala Harris announced that she and four other state AGs—Suthers (CO), Bondi (FL), Cortez Masto (NV), and King (NM)—signed a letter of intent with the President of the National Banking and Securities Commission of Mexico to establish a bi-national working group on money laundering enforcement. The working group will be tasked with (i) establishing the scope of coordination between Mexico and U.S. state AGs on money laundering enforcement issues; (ii) developing a plan for mutual technical assistance and training on combating money laundering; and (iii) sharing best practices on money laundering enforcement techniques and other enforcement issues of mutual concern, including the impact of money laundering on the border region of the U.S. and Mexico.
Illinois AG Sues To Enforce Dodd-Frank "Abusive" Prohibition
On March 19, Illinois Attorney General (AG) Lisa Madigan announced a suit against a lender for allegedly offering a short-term credit product designed to evade the state’s usury cap. The AG claims the lender offers a revolving line of credit with advertised interest rates of 18 to 24%, and then adds on “account protection fees.” The AG characterizes those fees as interest substantially in excess of the state’s 36% usury cap. According to the AG, after a borrower takes out the short-term loan, the lender allegedly provides a payment schedule and instructs the borrower to make minimum payments, which consumers who filed complaints with the AG’s office believed was a timeline to pay off the full debt. The complaint is the AG’s first under the Dodd-Frank Act and claims that the lender’s practices take unreasonable advantage of consumers and constitute abusive practices. The complaint also alleges violations of the state Consumer Fraud and Deceptive Businesses Practice Act and seeks restitution, civil penalties, disgorgement, and an order nullifying all existing contracts with Illinois consumers and prohibiting the company from selling lines of credit and revolving credit in Illinois.
California AG Suggests Cybersecurity Measures
On February 27, California Attorney General Kamala Harris issued a guide to assist small businesses in defending against the threat of cybercrime. The guide, which was developed with the California Chamber of Commerce and Lookout, a mobile security company, stresses that small businesses should assume that they are a target for cybercrime and act accordingly. In addition to providing actionable steps to prevent cyber-attacks, the guide encourages every small business to develop a “game plan” for responding to the inevitability of an actual incident: “Experience has shown that many organizations wait until they have actually suffered a serious data breach before attempting to come up with a process for dealing with such a situation – which amounts, effectively, to building an airplane in the air.”
Nevada Judge Sanctions State AG In Robosigning Suit
On January 30, Nevada’s Clark County District Court ordered the State AG to pay attorneys’ fees in connection with a mortgage servicing vendor’s attempts to obtain discovery in the state’s case alleging the company facilitated fraudulent residential foreclosures, including through so-called “robosigning” tactics. Nevada v. Lender Processing Svcs., Inc., No. A-11-653289-B, (Nev. Dist. Ct. Jan. 30, 2014). The company asserted that the AG abused the discovery process by repeatedly failing to produce materials sufficient to support its claims under the Nevada Deceptive Trade Practices Act. The court rejected the AG’s defense, among others, that the alleged discovery deficiencies simply reflect disagreements between the parties over the evidence necessary to support a claim under state law. Although not a direct issue in this case, the company’s brief repeatedly calls out the AG’s use of outside counsel and notes a challenge to the AG’s use of an outside firm on a contingency fee basis, which is pending before the state supreme court.
Missouri AG Action Indicates Focus On Auto Service Contracts
On January 28, Missouri Attorney General Chris Koster announced a settlement with the owners of a vehicle extended-service-contract seller alleged to have marketed limited-time extend warranty programs for vehicles. The AG alleged that the company attempted to sell vehicle breakdown coverage with a generalized and often misleading description of the coverage, and that many customers later discovered their contracts were actually provided by a third party and did not contain the coverage promised. The AG stated that consumers who asked for refunds faced numerous objections and delays. The settlement requires the owners to pay $60,000 to resolve claims of deception, unfair practices, and unlawful insurance practices, and also permanently prohibits them from selling “additive contracts” in Missouri. The AG stated that the settlement "highlights [his office’s] efforts to clean up the auto service contract industry in Missouri and protect consumers from future deceptive sales practices."
California Attorney General Files Suit Over Untimely Data Breach Notice
On January 24, the California Attorney General (AG) sued a health care company over its alleged failure to timely submit notice of a 2011 data breach. According to the complaint, the company learned of the breach at the end of September 2011, completed a preliminary investigation in December 2011, and subsequently continued the investigation through mid-February 2012. The company allegedly did not begin mailing notice letters to affected individuals until mid-March. The complaint alleges the company failed to provide such notice in the most expedient time possible, which the AG alleges could have commenced in December 2011. The complaint also includes allegations regarding the actual breach at issue. The AG is seeking statutory penalties of $2500 per violation. Among other things, the suit demonstrates the AG’s inclination to take privacy and data security actions beyond the California Online Privacy Protection Act.