Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Conference of State Bank Supervisors announces single, national exam for mortgage loan originator licensing


    On August 8, the Conference of State Bank Supervisors announced that all states and U.S. territories now use a single, common exam to assess mortgage loan originators (MLOs) in order to simplify the licensing process and streamline the mortgage industry. MLSs who pass the National SAFE MLO Test with Uniform State Content (National Test) will no longer be required to take additional state-specific tests in order to be licensed within any state or U.S. territory. The National Test is part of CSBS’ Vision 2020, which is geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers. 

    Find continuing InfoBytes coverage on CSBS’ Vision 2020 here.

    Lending CSBS Mortgage Origination Licensing Vision 2020

    Share page with AddThis
  • Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions

    State Issues

    On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.

    State Issues State Legislation Blockchain Bitcoin Virtual Currency Electronic Signatures

    Share page with AddThis
  • NYDFS reminds covered entities of upcoming cybersecurity regulation compliance dates; updates FAQs

    State Issues

    On August 8, the New York Department of Financial Services (NYDFS) issued a reminder for regulated entities required to comply with the state’s cybersecurity requirements under 23 NYCRR Part 500 that the third transitional period ends September 4. Banks, insurance companies, and other financial services institutions (collectively, “covered entities”) that are required to implement a cybersecurity program to protect consumer data must be in compliance with additional provisions of the cybersecurity regulation by this date. As of September 4, a covered entity must (i) start presenting annual reports to the board by the Chief Information Security Officer on “critical aspects of the cybersecurity program”; (ii) create an “audit trail designed to reconstruct material financial transactions” in case of a breach; (iii) institute policies and procedures to ensure the use of “secure development practices for IT personnel that develop applications”; and (iv) implement encryption to protect nonpublic information it holds or transmits. Covered entities are also required to have policies and procedures in place “to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.” Covered entities are further reminded that they have until March 1, 2019, to assess the risks presented by the use of a third-party service provider to ensure the protection of their security systems and data.

    In coordination with the reminder, NYDFS provided new updates to its FAQs related to 23 NYCRR Part 500. The original promulgation of the FAQs was covered in InfoBytes, as were the last updates in February and March. The four new updates to the FAQs add the following guidance:

    • Clarifies that in certain circumstances, an entity can be a covered entity, an authorized user, and a third party service provider, and therefore must comply fully with all applicable provisions;
    • Outlines specific compliance provisions for covered entities that have limited exemptions from the NYDFS cybersecurity requirements;
    • Identifies a covered entity’s responsibilities when addressing cybersecurity risks with respect to bank holding companies; and
    • Clarifies situations and requirements for when a covered entity can rely upon the cybersecurity program that another covered entity has implemented for a common trust fund.

    Find continuing InfoBytes coverage on NYDFS’ cybersecurity regulations here.

    State Issues NYDFS Privacy/Cyber Risk & Data Security 23 NYCRR Part 500

    Share page with AddThis
  • District Court dismisses ADA claim against credit union on standing grounds


    On August 7, the U.S. District Court for the Northern District of Illinois dismissed claims that a credit union’s website violated the Americans with Disabilities Act (ADA), holding that the plaintiff lacked standing because he was not (and was ineligible to be) a member of the credit union. According to the opinion, the plaintiff is permanently blind and alleged that the credit union’s website did not comply with ADA requirements that are applicable to online website accessibility. The district court granted the credit union’s motion to dismiss on standing grounds, finding the plaintiff had no plausible reason to use the credit union’s website because the website was directed at members of the credit union, and the plaintiff was not (and was ineligible to be) a member.

    Courts Americans with Disabilities Act Credit Union

    Share page with AddThis
  • Fannie Mae issues updated mortgage industry alert in California

    Federal Issues

    Recently, Fannie Mae’s Mortgage Fraud Program issued an industry alert to mortgage companies operating in California regarding the use of false employment information by mortgage loan applicants. (See previous coverage in InfoBytes here). Fannie Mae extended its alert to Northern California and identified additional employers whose existence could not be verified by Fannie Mae. The alert provides “red flags” to help lenders and originators identify potential mortgage fraud when reviewing employment information.

    Federal Issues Fannie Mae Mortgages Fraud State Issues

    Share page with AddThis
  • CFPB settles unauthorized payday loan allegations

    Federal Issues

    On August 10, the CFPB announced a settlement with multiple defendants that allegedly made unauthorized payday loans. The settlement results from a 2014 complaint that alleged, among other things, that the defendants accessed consumer checking accounts to illegally deposit the proceeds of payday loans and withdraw related fees without consumer consent. The stipulated final judgment and order, among other things, (i) imposes a penalty of up to approximately $69 million if the defendants fail to fully comply with the operative terms of the settlement; (ii) prohibits the defendants from performing similar activities in the future; and (iii) assesses a civil money penalty of $1, in part based on the defendants’ inability to pay.

    On July 23, as previously covered by InfoBytes, a court approved a stipulated final judgment and order against one of the defendants, who neither admitted nor denied the Bureau’s allegations, for a civil money penalty of $1 (based, in part, on his inability to pay) and agreement to fully cooperate with the Bureau.

    Federal Issues CFPB Enforcement Payday Lending

    Share page with AddThis
  • OCC, FDIC provide guidance to institutions affected by California wildfires

    Federal Issues

    On August 9, the OCC issued a statement permitting OCC-regulated institutions to close their offices affected by wildfires in California. OCC Bulletin 2012-28 provides further guidance on natural disasters and other emergency conditions. (See previous InfoBytes coverage here). On the same day, the FDIC also provided guidance related to California wildfires in FIL-41-2018. Among other things, the FDIC is encouraging institutions to consider extending repayment terms and restructuring existing loans that may be affected.

    Federal Issues OCC FDIC Disaster Relief

    Share page with AddThis
  • Maryland Court of Appeals holds foreign securitization trusts do not need to be licensed in the state as collection agencies


    On August 2, the Maryland Court of Appeals, in a consolidated appeal of four circuit cases, held that foreign statutory trusts are not required to obtain a debt collection agency license under the Maryland Collection Agency Licensing Act (MCALA) before filing foreclosure actions in state circuit courts. The decision results from two cases consolidated before the Court of Special Appeals and two actions appealed directly from circuit court proceedings, in which substitute trustees acting on behalf of two Delaware statutory trusts initiated foreclosure proceedings on homeowners who had defaulted on their mortgage payments. The homeowners challenged the foreclosure actions, arguing that the Delaware statutory trusts acted as collection agencies under MCALA by “obtain[ing] mortgage loans and then collet[ing] mortgage payments through communication and foreclosure actions” without being licensed. The lower courts dismissed all four foreclosure actions, finding the Delaware statutory trusts did not fall under the trust exemption to MCALA and were in the business of collecting consumer debts and therefore, subject to the MCALA licenses requirements, which both trusts had not obtained.

    The overarching issue presented in the consolidated appeal was whether the Maryland General Assembly intended a foreign statutory trust, as owner of a delinquent mortgage loan, to obtain a license as a collection agency before directing trustees to initiate foreclosure proceedings. The court concluded that the plain language of MCALA was ambiguous as to the question and therefore, analyzed the legislative history and other similar statutes in order to determine the intent of the 1977 version of the law, as well as the reason the Department of Labor Licensing and Regulation revised the law in 2007 by departmental bill. Ultimately, the appeals court found the lower courts erred in dismissing the foreclosure actions against the homeowners, holding the General Assembly did not intend for MCALA to apply to foreclosure proceedings generally and therefore, foreign statutory trusts are not required to obtain a license under MCALA to initiate foreclosure proceedings.

    Courts State Issues Securitization Debt Collection Licensing

    Share page with AddThis
  • 5th Circuit affirms dismissal of automatic stay violation claim on grounds of judicial estoppel


    On July 27, the U.S. Court of Appeals for the 5th Circuit affirmed a district court’s decision following a bench trial to dismiss plaintiffs’ allegations that a bank violated an automatic stay imposed during one of the plaintiff’s (debtor) bankruptcy schedules when it took foreclosure action, holding that the plaintiffs were barred by judicial estoppel from pursuing claims because the debtor failed to amend his bankruptcy schedules to disclose a quitclaim deed for his mortgage or note a change in his financial status. In this case, the debtor filed a Chapter 13 bankruptcy, but failed to list the address or creditor information for a property in which he had entered into an equity sharing agreement with his son. When the son signed a quitclaim deed conveying the property to the debtor, the deed was recorded but not listed on the bankruptcy schedules.

    According to the appellate court, the debtor failed to “disclose an asset to a bankruptcy court, but then pursue[d] a claim in a separate tribunal based on that undisclosed asset” when it filed a lawsuit against the bank for wrongful foreclosure. The doctrine of judicial estoppel requires that three elements be met: (i) “the party against whom estoppel is sought has asserted a position plainly inconsistent with a prior position”; (ii) “a court accepted the prior position”; and (iii) "the party did not act inadvertently.” The court held the first two elements were met by the plaintiff’s failure to amend his bankruptcy schedules to disclose the quitclaim deed or his legal action against the bank. The court noted, however, the debtor’s actions were not inadvertent because he was aware of the inconsistency and had a motive to conceal the asset. The appellate court specifically noted the motive to conceal was “self-evident” because the debtor’s failure to disclose his changed financial status had the potential to provide a financial benefit to the debtor. The appellate court further held that the district court did not abuse its discretion in denying plaintiffs' motion for a new trial, and that, moreover, the plaintiffs failed to show that the district court abused its discretion when it chose to exclude several of their exhibits.

    Courts Appellate Fifth Circuit Mortgages Bankruptcy Foreclosure

    Share page with AddThis
  • Court rejects mortgage company’s motions to dismiss in two separate TCPA actions


    On August 2, the U.S. District Court for the District of New Jersey denied a mortgage company’s motions to dismiss in two putative class actions (opinions available here and here) alleging violations of the Telephone Consumer Protection Act (TCPA) for unsolicited phone calls. In both cases, the mortgage company requested the court dismiss the action or, in the alternative, stay the proceedings pending guidance from the FCC regarding what constitutes an automatic telephone dialing system (autodialer) in light of the D.C. Circuit decision in ACA International v. FCC. (Covered by a Buckley Sandler Special Alert; InfoBytes coverage on the FCC’s notice seeking comment on what constitutes an autodialer, available here.) In each of the actions, consumers allege the company violated the TCPA by placing unsolicited calls to their phones using an autodialer. In denying both motions, the judge rejected the company’s argument, in one case, that it was not using “a random or sequential number generator” because the preloaded numbers belonged to the company’s customers rather than members of the public, reasoning that just because the population of numbers which may be dialed are pre-selected does not make the calling system, the next number being dialed, less random. Moreover, in the second case, the judge rejected the company’s assertion that written consent was not needed because the calls were placed to a number of customers with existing debt. The court noted the calls were regarding refinancing services and “calls to customers soliciting refinance are ‘telemarketing’ calls for a new product requiring prior express written consent under the TCPA.” As for the requests to stay the proceedings, the court held in both cases that it is unnecessary to stay the case because “whatever guidance the FCC may issue in the future will not alter the statutory definition of an [autodialer]” or previous unchanged FCC guidance pursuant to which the court decided the motions to dismiss.

    Courts ACA International TCPA Autodialer Class Action

    Share page with AddThis