Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Federal Reserve Board fines national bank $8.6 million for legacy mortgage documentation deficiencies

    Federal Issues

    On August 10, the Federal Reserve Board (Board) announced a settlement with a national bank for legacy mortgage servicing issues related to the improper preparation and notarization of lost note affidavits. Under the consent order, the Board assessed an $8.6 million civil money penalty for alleged safety and soundness violations under Section 8 of the Federal Deposit Insurance Act. The Board emphasized that the bank’s servicing subsidiary replaced the documents with properly executed and notarized affidavits and, as of September 2017, the subsidiary no longer participated in the mortgage servicing business. The Board also announced the termination, due to “sustainable improvements,” of a 2011 enforcement action against the national bank and its subsidiary related to residential mortgage loan servicing.

    Federal Issues Enforcement Civil Money Penalties Mortgages FDI Act

    Share page with AddThis
  • District Court rules student loan servicer must turn over Department of Education borrower records to Bureau


    On August 10, the U.S. District Court for the Middle District of Pennsylvania ordered a loan servicer hired by the Department of Education (Department) to service loans it owns to turn over certain Department-owned student loan borrower documents to the CFPB, which relate to the servicer’s collection and management of its federal student loan borrowers’ payments. During the course of the ongoing litigation (see previous InfoBytes coverage here), the servicer withheld the documents in discovery on the grounds that they belonged to the Department and were therefore protected from disclosure by the Privacy Act. Moreover, the servicer asserted that the dispute was really between the Bureau and the Department because, in order to turn over the documents, the servicer would first have to obtain permission from the Department.

    However, according to the opinion issued by the court, turning over the documents would not violate the defendants’ agreement with the Department or violate federal privacy law. Specifically, the court stated that “there is no dispute that the borrower documents at issue are in the possession of [d]efendants, even if, as [d]efendants assert, they are owned by the Department,” and as such, under the Federal Rules of Civil Procedure, “requests can be made for production of documents, electronically stored information, and things in ‘the responding party’s possession, custody or control.’” Furthermore, the court stated that “the Privacy Act’s general prohibition on disclosure of records . . . does not create a qualified discovery privilege” and cannot be used as a means to “block the normal course of court proceedings, including court-ordered discovery.”

    Courts Student Lending CFPB Department of Education

    Share page with AddThis
  • Conference of State Bank Supervisors announces single, national exam for mortgage loan originator licensing


    On August 8, the Conference of State Bank Supervisors announced that all states and U.S. territories now use a single, common exam to assess mortgage loan originators (MLOs) in order to simplify the licensing process and streamline the mortgage industry. MLSs who pass the National SAFE MLO Test with Uniform State Content (National Test) will no longer be required to take additional state-specific tests in order to be licensed within any state or U.S. territory. The National Test is part of CSBS’ Vision 2020, which is geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers. 

    Find continuing InfoBytes coverage on CSBS’ Vision 2020 here.

    Lending CSBS Mortgage Origination Licensing Vision 2020

    Share page with AddThis
  • Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions

    State Issues

    On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.

    State Issues State Legislation Blockchain Bitcoin Virtual Currency Electronic Signatures

    Share page with AddThis
  • NYDFS reminds covered entities of upcoming cybersecurity regulation compliance dates; updates FAQs

    State Issues

    On August 8, the New York Department of Financial Services (NYDFS) issued a reminder for regulated entities required to comply with the state’s cybersecurity requirements under 23 NYCRR Part 500 that the third transitional period ends September 4. Banks, insurance companies, and other financial services institutions (collectively, “covered entities”) that are required to implement a cybersecurity program to protect consumer data must be in compliance with additional provisions of the cybersecurity regulation by this date. As of September 4, a covered entity must (i) start presenting annual reports to the board by the Chief Information Security Officer on “critical aspects of the cybersecurity program”; (ii) create an “audit trail designed to reconstruct material financial transactions” in case of a breach; (iii) institute policies and procedures to ensure the use of “secure development practices for IT personnel that develop applications”; and (iv) implement encryption to protect nonpublic information it holds or transmits. Covered entities are also required to have policies and procedures in place “to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.” Covered entities are further reminded that they have until March 1, 2019, to assess the risks presented by the use of a third-party service provider to ensure the protection of their security systems and data.

    In coordination with the reminder, NYDFS provided new updates to its FAQs related to 23 NYCRR Part 500. The original promulgation of the FAQs was covered in InfoBytes, as were the last updates in February and March. The four new updates to the FAQs add the following guidance:

    • Clarifies that in certain circumstances, an entity can be a covered entity, an authorized user, and a third party service provider, and therefore must comply fully with all applicable provisions;
    • Outlines specific compliance provisions for covered entities that have limited exemptions from the NYDFS cybersecurity requirements;
    • Identifies a covered entity’s responsibilities when addressing cybersecurity risks with respect to bank holding companies; and
    • Clarifies situations and requirements for when a covered entity can rely upon the cybersecurity program that another covered entity has implemented for a common trust fund.

    Find continuing InfoBytes coverage on NYDFS’ cybersecurity regulations here.

    State Issues NYDFS Privacy/Cyber Risk & Data Security 23 NYCRR Part 500

    Share page with AddThis
  • District Court dismisses ADA claim against credit union on standing grounds


    On August 7, the U.S. District Court for the Northern District of Illinois dismissed claims that a credit union’s website violated the Americans with Disabilities Act (ADA), holding that the plaintiff lacked standing because he was not (and was ineligible to be) a member of the credit union. According to the opinion, the plaintiff is permanently blind and alleged that the credit union’s website did not comply with ADA requirements that are applicable to online website accessibility. The district court granted the credit union’s motion to dismiss on standing grounds, finding the plaintiff had no plausible reason to use the credit union’s website because the website was directed at members of the credit union, and the plaintiff was not (and was ineligible to be) a member.

    Courts Americans with Disabilities Act Credit Union

    Share page with AddThis
  • Fannie Mae issues updated mortgage industry alert in California

    Federal Issues

    Recently, Fannie Mae’s Mortgage Fraud Program issued an industry alert to mortgage companies operating in California regarding the use of false employment information by mortgage loan applicants. (See previous coverage in InfoBytes here). Fannie Mae extended its alert to Northern California and identified additional employers whose existence could not be verified by Fannie Mae. The alert provides “red flags” to help lenders and originators identify potential mortgage fraud when reviewing employment information.

    Federal Issues Fannie Mae Mortgages Fraud State Issues

    Share page with AddThis
  • CFPB settles unauthorized payday loan allegations

    Federal Issues

    On August 10, the CFPB announced a settlement with multiple defendants that allegedly made unauthorized payday loans. The settlement results from a 2014 complaint that alleged, among other things, that the defendants accessed consumer checking accounts to illegally deposit the proceeds of payday loans and withdraw related fees without consumer consent. The stipulated final judgment and order, among other things, (i) imposes a penalty of up to approximately $69 million if the defendants fail to fully comply with the operative terms of the settlement; (ii) prohibits the defendants from performing similar activities in the future; and (iii) assesses a civil money penalty of $1, in part based on the defendants’ inability to pay.

    On July 23, as previously covered by InfoBytes, a court approved a stipulated final judgment and order against one of the defendants, who neither admitted nor denied the Bureau’s allegations, for a civil money penalty of $1 (based, in part, on his inability to pay) and agreement to fully cooperate with the Bureau.

    Federal Issues CFPB Enforcement Payday Lending

    Share page with AddThis
  • OCC, FDIC provide guidance to institutions affected by California wildfires

    Federal Issues

    On August 9, the OCC issued a statement permitting OCC-regulated institutions to close their offices affected by wildfires in California. OCC Bulletin 2012-28 provides further guidance on natural disasters and other emergency conditions. (See previous InfoBytes coverage here). On the same day, the FDIC also provided guidance related to California wildfires in FIL-41-2018. Among other things, the FDIC is encouraging institutions to consider extending repayment terms and restructuring existing loans that may be affected.

    Federal Issues OCC FDIC Disaster Relief

    Share page with AddThis
  • Maryland Court of Appeals holds foreign securitization trusts do not need to be licensed in the state as collection agencies


    On August 2, the Maryland Court of Appeals, in a consolidated appeal of four circuit cases, held that foreign statutory trusts are not required to obtain a debt collection agency license under the Maryland Collection Agency Licensing Act (MCALA) before filing foreclosure actions in state circuit courts. The decision results from two cases consolidated before the Court of Special Appeals and two actions appealed directly from circuit court proceedings, in which substitute trustees acting on behalf of two Delaware statutory trusts initiated foreclosure proceedings on homeowners who had defaulted on their mortgage payments. The homeowners challenged the foreclosure actions, arguing that the Delaware statutory trusts acted as collection agencies under MCALA by “obtain[ing] mortgage loans and then collet[ing] mortgage payments through communication and foreclosure actions” without being licensed. The lower courts dismissed all four foreclosure actions, finding the Delaware statutory trusts did not fall under the trust exemption to MCALA and were in the business of collecting consumer debts and therefore, subject to the MCALA licenses requirements, which both trusts had not obtained.

    The overarching issue presented in the consolidated appeal was whether the Maryland General Assembly intended a foreign statutory trust, as owner of a delinquent mortgage loan, to obtain a license as a collection agency before directing trustees to initiate foreclosure proceedings. The court concluded that the plain language of MCALA was ambiguous as to the question and therefore, analyzed the legislative history and other similar statutes in order to determine the intent of the 1977 version of the law, as well as the reason the Department of Labor Licensing and Regulation revised the law in 2007 by departmental bill. Ultimately, the appeals court found the lower courts erred in dismissing the foreclosure actions against the homeowners, holding the General Assembly did not intend for MCALA to apply to foreclosure proceedings generally and therefore, foreign statutory trusts are not required to obtain a license under MCALA to initiate foreclosure proceedings.

    Courts State Issues Securitization Debt Collection Licensing

    Share page with AddThis