Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • NY AG Schneiderman Releases Guidance on Student Loan Cancellation

    Agency Rule-Making & Guidance

    On April 21, New York Attorney General Eric T. Schneiderman released guidance for eligible individuals who attended certain programs operated by a group of for-profit post-secondary education California-based colleges. The colleges—which ceased operations in 2015—allegedly made misrepresentations about the employment success of graduates of certain programs and used “false promises of career success to lure students, leaving many with enormous debt and few job prospects.” As a result, students who enrolled in those programs during specified time periods are eligible for the discharge of their federal student loans. It is estimated that up to 3,000 students in New York are eligible for federal loan cancellations based on the findings of an investigation conducted by the U.S. Department of Education (DOE). New York joins 43 other states and the District of Columbia in an outreach effort to assist students in submitting loan cancellation applications. If a student’s application is approved by the DOE, the loan(s) will be cancelled and payments previously made will be refunded.

    Agency Rulemaking & Guidance State Issues Lending Student Lending State AG

    Share page with AddThis
  • CFPB Releases Updates to Rulemaking Ex Parte Policy

    Agency Rule-Making & Guidance

    On April 18, the CFPB issued a release revising its Policy on Ex Parte Presentations in Rulemaking Proceedings. The Policy, originally posted on the Bureau’s website on August 16, 2011, generally requires public disclosure of ex parte communications made to the CFPB’s decision-making staff about pending rules. Per the release, the Bureau asserts that the updates are based on feedback from the public as well as the Bureau’s experiences in implementation and are intended to ensure “fairness and transparency in [the Bureau’s] rulemaking proceedings while also encouraging candid input from state entities.” The majority of the revisions are non-substantive and serve to “clarify the Policy’s provisions and requirements, ensure consistency in terminology . . ., make technical amendments, and facilitate compliance with the procedures in the Policy.” However, the revision includes two key updates. First, it adds an exemption for state entities, similar to the exemption that exists for Federal agencies. These state entities include state attorneys general or their equivalents, state bank regulators, and “state agencies that license, supervise, or examine consumer financial products or services.” The Bureau states that due to the sometimes sensitive nature of the communications from the entities, it “believes that these entities are likely to provide more frank and robust feedback if communications are not subject to the disclosure requirements of the Policy.” A second key update to the Policy specifies that outside parties no longer bear responsibility for both sending ex parte communications to the Bureau and posting them to Rather, stakeholders are instructed to send communications directly to the Bureau, and Bureau staff will post the communications to the public docket. The updated Policy also extends the time period for outside parties to summarize meetings and presentations from three to ten business days.

    Agency Rulemaking & Guidance CFPB State AG

    Share page with AddThis
  • California Joins 49 States and the District of Columbia in Settlement with Global Money Services Business

    Consumer Finance

    On April 12, California Attorney General Xavier Becerra announced that California has joined a multistate settlement between state attorneys general from 49 states and the District of Columbia and a global money services business to resolve allegations that scammers used the company’s wire transfer services to defraud consumers (see previous InfoBytes post). Under the terms of the settlement, California consumers who made a wire transfer during the period of January 1, 2004 through January 19, 2017, may be eligible for a share of more than $65 million in refunds. As previously covered in InfoBytes, on January 19 of this year, the global money services business entered into a Deferred Prosecution Agreement with the DOJ and FTC requiring, among other things, the business to pay $586 million in refunds to consumers to settle allegations that the company had failed to maintain an effective anti-money laundering program and aided and abetted wire fraud.

    Consumer Finance State AG Enforcement DOJ FTC

    Share page with AddThis
  • New Mexico Enacts Data Breach Notification Act

    Privacy, Cyber Risk & Data Security

    On April 6, New Mexico Governor Susana Martinez signed into law the Data Breach Notification Act (H.B. 15), making New Mexico the 48th state to pass a data breach notification law. Under the new law—which is scheduled to take effect on June 16—companies are now required to notify any New Mexico residents (and in certain circumstances consumer reporting agencies and the state’s attorney general) following the discovery of a “security breach” involving that resident’s “personal identifying information.”  The Act—which unanimously cleared both New Mexico’s House and Senate—also establishes standards for the secure storage and disposal of data containing personal identifying information and provides for civil penalties for violations.

    According to the Act, “personal identifying information” consists of an individual’s first name or first initial and last name in combination with any one or more of the following data elements: (i) Social Security number; (ii) driver's license number or government issued identification number; (iii) account number, credit card, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; or (iv) biometric data. As with many other states’ breach notice laws, the term “security breach” is defined as “the unauthorized acquisition of unencrypted computerized data, or of encrypted computerized data and the confidential process or key used to decrypt the encrypted computerized data, that compromises the security, confidentiality or integrity of personal identifying information maintained by a person.” However, notice to affected residents is not required if the entity “determines that the security breach does not give rise to a significant risk of identity theft or fraud.” The Act also sets out the required contents of, and methods for providing, notification—which generally must be made no later than 45 days after the breach was discovered—including substitute methods if certain criteria are met. Certain entities, including those subject to GLBA or HIPAA, are exempt from the requirements of the Act.

    Notably, the Act does not provide its citizens with a private right of action, but rather charges the state’s attorney general with enforcing the Act through legal actions on behalf of affected individuals. The Act provides for the issuance of injunctive relief and/or damages for actual losses including consequential financial losses. For knowing or reckless violations of the Act, a Court also may impose civil penalties of $25,000, or in the case of a failure to notify, a penalty of $10 per instance up to a maximum penalty of $150,000.

    Privacy / Cyber Risk & Data Security State Issues Data Breach State AG

    Share page with AddThis
  • State AGs, Industry Groups Submit Comments Addressing CFPB’s Proposed Delay of Prepaid Accounts Rule

    State Issues

    As previously covered in InfoBytes, the Bureau released its final rule (the “Prepaid Accounts Rule”) on prepaid financial products in October of last year in order to provide consumers with additional federal protections under the Electronic Fund Transfer Act and also to offer consumers standard, easy-to-understand information about prepaid accounts. Recently, however, the CFPB announced its intention to delay the effective date of its Prepaid Accounts Rule by six months. If approved, the proposed extension would push back the current October 1, 2017, effective date to April 1, 2018. According to the proposed rule and request for public comment published by the Bureau in the March 15 Federal Register, the extension comes in response to comments received from “some industry participants” who “believe they will have difficulty complying with certain provisions.” The CFPB has taken the position that extending the deadline for compliance “would, among other things, help industry participants address certain packaging-related logistical issues for prepaid accounts that are sold at retail locations.” Comments on the proposal were due April 5.

    State AG’s Letter. On April 5, attorneys general from 17 states and the District of Columbia submitted a letter to congressional leaders presenting various arguments against pending House and Senate resolutions (S.J. Res. 19, H.J. Res. 62, and H.J. Res. 73) providing for congressional disapproval and effectively nullifying the CFPB’s Prepaid Accounts Rule. The state attorneys general—including AGs for the District of Columbia, California, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Minnesota, Mississippi, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, and Washington, along with the Executive Director of the Hawaii Office of Consumer Protection—argued, among other things, that consumer protections provided by the Rule are important because, among other things, “consumers frequently report concerns about hidden and abusive fees as well as fraudulent transactions that unfairly deplete the funds loaded onto prepaid cards.” The AGs’ letter notes further that prepaid cards are often used by “vulnerable consumers” who have limited or no access to a traditional bank account. Notably, although they characterize these congressional resolutions as a “misplaced effort,” the state AGs acknowledge that the Congressional Review Act “gives Congress, with the President’s signature, a window to veto a rule from going into effect.”

    American Bankers Association (ABA) Letter. In another comment letter, submitted on April 3, the ABA commended the CFPB for “proposing to extend the deadline” because, among other things, “some industry participants, especially those offering prepaid cards in retail stores, may have difficulty complying with certain provisions.”  The ABA also noted that the extension of time presents an opportunity for the Bureau to “consider making adjustments as appropriate to ensure unnecessary disruption to consumers’ access to, and use of, prepaid accounts.” As explained in the letter, the ABA’s primary concern about the Prepaid Accounts Rule “remains the inconsistency and lack of clarity of the regulation’s distinction between checking accounts and prepaid accounts.” To this end, the ABA recommends that the Bureau use the extra time to “remove inconsistencies in the Rule and clarify the distinction between a prepaid account and a checking account to ensure that banks do not inadvertently violate the regulation and risk significant potential liability and supervisory actions.” The ABA’s letter also calls for “similar changes” to the “definition of ‘payroll account’” in order to further distinguish product types.

    Independent Community Bankers of America (ICBA) Letter. Also on April 3, the ICBA also submitted a short comment letter stating, among other things, that it “fully supports extending the effective date” as the additional time will “ensure that systems and technology changes could be made to facilitate compliance.”

    State Issues State AG CFPB Prepaid Rule EFTA ABA ICBA

    Share page with AddThis
  • North Carolina AG Announces Settlement with Student Loan Debt Relief Company

    State Issues

    On March 27, the North Carolina Department of Justice announced it had settled a lawsuit against a student loan debt relief company for allegedly charging upfront fees while failing to perform promised debt relief services. NC Attorney General Josh Stein stated that the terms of the consent order will provide restitution of more than $375,000 to 377 affected borrowers and will further prohibit the company from engaging in similar conduct in the future.  The consent order is not presently available to the public.

    State Issues Student Lending State AG

    Share page with AddThis
  • New York AG Announces Settlements with Three Mobile Health Application Developers over Misleading Marketing Practices and Privacy Policies


    On March 23, the New York Attorney General’s (NYAG) office announced settlements with U.S.-, Austria-, and Israel-based mobile application (app) developers who allegedly participated in misleading marketing practices and the mismanagement of consumer information—both of which are violations of New York Executive, Education, and General Business Laws. Two of the three developers claimed their health-related apps accurately measured heart rates, and a third allegedly claimed its app would measure a fetal heartbeat. However, all three failed to test the apps for accuracy, conduct comparisons to other approved products, or obtain approval by the U.S. Food and Drug Administration. The developers have agreed to provide additional testing information, will correct misleading advertisements, obtain affirmative consent from consumers for developers’ privacy policies, and will pay $30,000 in combined penalties to the NYAG’s office. Furthermore, all three developers have also made changes to their privacy policies and disclose the collecting and sharing of information that “may be personally identifying” including “users’ GPS location, unique device identifier, and ‘deidentified’ data that third parties may be able to use to reidentify specific users.”

    State Issues NYDFS NYAG State AG FinTech Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • NY AG Schneiderman Releases List of “Top Ten” Frauds for 2016

    State Issues

    On March 6, 2017, New York Attorney General Eric T. Schneiderman released the state’s 2016 top ten list of consumer fraud complaints. For the past 11 years, Internet-related complaints concerning service providers, data privacy and security, and consumer fraud topped the list, closely followed by complaints about automobile sales, service, financing, and repairs. Credit complaints about debt collection, billing, debt settlement, payday loads, credit repair and reporting agencies, and identity theft were sixth. Complaints related to mortgages were ninth. Not on the top ten list but highlighted by the Attorney General’s office were complaints involving scam student debt relief companies as well as two common schemes known as the IRS scam and the Grandparent scam. Also provided were tips consumers should use to protect themselves and their families.

    State Issues Consumer Finance Consumer Complaints Fraud State AG

    Share page with AddThis
  • 28 State AGs File Amicus Brief with Supreme Court in Debt Collection Case

    State Issues

    On February 24, the New Mexico Attorney General, along with 27 other states and the District of Columbia, announced that his office had joined in an amicus brief filed with the Supreme Court supporting the plaintiff in Henson v. Santander. As previously covered in Infobytes, the defendant argued below—and the Fourth Circuit agreed—that the FDCPA did not apply to a consumer finance company that purchased and then sought to collect a debt in default on its own behalf because it was not a debt collector as defined in the statute. In their amicus brief, the attorneys general  oppose the Fourth Circuit holding and argue that any “company that regularly attempts to collect defaulted debt that it has purchased is a ‘debt collector’ as the FDCPA defines [the] term,” and therefore, the obligations and restrictions of the FDCPA should apply. The Supreme Court set oral arguments for April 18 of this year.

    State Issues Courts Debt Collection FDCPA State AG U.S. Supreme Court

    Share page with AddThis
  • Colorado Issues Advisory on Entities Required to File UCCC Sales Finance Notifications

    State Issues

    On December 28 of last year, the Colorado Attorney General’s Office, through the Administrator of the Uniform Consumer Credit Code (UCCC), issued an advisory for entities filing sales finance notifications. The advisory strongly recommends that purchasers and assignees of consumer credit transactions subject to the UCCC develop and implement a due diligence process to confirm that the retail credit sellers originating those contracts have filed the proper notice under UCCC Section 5-6-203(4). As explained in the advisory, if notice is not properly filed, consumers “may not have an obligation to pay the finance charge due on those consumer credit transactions.” The list of retail credit sellers who currently file notifications with the department can be accessed here.

    State Issues Consumer Finance Credit Sellers Customer Due Diligence UCCC State AG

    Share page with AddThis