Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • California Supreme Court says loans not subject to state interest rate caps may still be unconscionable

    State Issues

    On August 13, the Supreme Court of California held that interest rates on consumer loans of $2,500 or more could be considered unconscionable under Section 22302 of California’s Financial Code, notwithstanding Section 22303’s maximum interest rate cap for loans under $2,500. The U.S. Court of Appeals for the 9th Circuit asked the Supreme Court of California to address Section 22302’s application to higher cost consumer loans. In the class action that is before the 9th Circuit, consumers alleged that a lender violated the “unlawful” prong of California’s Unfair Competition Law (UCL) with an unsecured $2,600 loan carrying an APR between 96 percent and 136 percent and argued the product is “unconscionable” under Section 22302. To resolve this question, the California Supreme Court held that unconscionability is a “flexible standard” that includes the larger context surrounding the contract. The court held that, although Section 22303 specifies interest rate limitations on loans under $2,500, it does not affect whether a loan in excess of $2,500 is unconscionable, and a court may consider a loan’s interest rate in determining that a loan above this threshold violates Section 22302.

    State Issues Courts Usury Consumer Finance Installment Loans Ninth Circuit Appellate

    Share page with AddThis
  • Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions

    State Issues

    On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.

    State Issues State Legislation Blockchain Bitcoin Virtual Currency Electronic Signatures

    Share page with AddThis
  • NYDFS reminds covered entities of upcoming cybersecurity regulation compliance dates; updates FAQs

    State Issues

    On August 8, the New York Department of Financial Services (NYDFS) issued a reminder for regulated entities required to comply with the state’s cybersecurity requirements under 23 NYCRR Part 500 that the third transitional period ends September 4. Banks, insurance companies, and other financial services institutions (collectively, “covered entities”) that are required to implement a cybersecurity program to protect consumer data must be in compliance with additional provisions of the cybersecurity regulation by this date. As of September 4, a covered entity must (i) start presenting annual reports to the board by the Chief Information Security Officer on “critical aspects of the cybersecurity program”; (ii) create an “audit trail designed to reconstruct material financial transactions” in case of a breach; (iii) institute policies and procedures to ensure the use of “secure development practices for IT personnel that develop applications”; and (iv) implement encryption to protect nonpublic information it holds or transmits. Covered entities are also required to have policies and procedures in place “to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.” Covered entities are further reminded that they have until March 1, 2019, to assess the risks presented by the use of a third-party service provider to ensure the protection of their security systems and data.

    In coordination with the reminder, NYDFS provided new updates to its FAQs related to 23 NYCRR Part 500. The original promulgation of the FAQs was covered in InfoBytes, as were the last updates in February and March. The four new updates to the FAQs add the following guidance:

    • Clarifies that in certain circumstances, an entity can be a covered entity, an authorized user, and a third party service provider, and therefore must comply fully with all applicable provisions;
    • Outlines specific compliance provisions for covered entities that have limited exemptions from the NYDFS cybersecurity requirements;
    • Identifies a covered entity’s responsibilities when addressing cybersecurity risks with respect to bank holding companies; and
    • Clarifies situations and requirements for when a covered entity can rely upon the cybersecurity program that another covered entity has implemented for a common trust fund.

    Find continuing InfoBytes coverage on NYDFS’ cybersecurity regulations here.

    State Issues NYDFS Privacy/Cyber Risk & Data Security 23 NYCRR Part 500

    Share page with AddThis
  • Washington state updates mortgage provisions of Consumer Loan Act

    State Issues

    On July 24, the Washington Department of Financial Institutions adopted new mortgage-related provisions of the state’s Consumer Loan Act (CLA). In addition to technical changes and certain definition modifications, the rulemaking, among other things, (i) adds a requirement that if electronic records are stored using a closed service, the service must be located in the U.S. or its territories; (ii) prohibits certain servicing activities, such as receiving payments and collection activities, from being conducted outside the U.S. or its territories; and (iii) requires servicers to maintain a compliance management system with the functionalities that are described in the CFPB’s Supervision and Examination Manual. The rulemaking is effective September 1.

    State Issues State Regulators Mortgages Mortgage Servicing Compliance Examination CFPB

    Share page with AddThis
  • Georgia Attorney General reaches settlement with mortgage company to resolve allegations concerning unauthorized third-party fees

    State Issues

    On August 1, the Georgia Attorney General announced a settlement with a New Jersey-based mortgage company to resolve allegations that it charged unauthorized fees to Georgia consumers in violation of the state’s Fair Business Practices Act. According to the Attorney General’s office, the company allegedly marketed various third-party products and services, such as insurance products and home warranty programs, for certain mortgages it serviced and added the charges for these products and services to consumers’ monthly mortgage bills without their knowledge. Under the settlement terms, the company is required to (i) comply with the Fair Business Practices Act; (ii) refrain from soliciting third-party products and/or services to Georgia consumers; (iii) cease all billing for the alleged third-party products and services; (iv) notify consumers currently being billed for the alleged third-party products and services that the remainder of their contracts may be cancelled without penalty; (v) pay $25,000 in restitution; and (vi) pay $50,000 to the Attorney General’s office to go towards fees, penalties, investigation and litigation costs, and future consumer protection and education costs.

    State Issues State Attorney General Enforcement Fees Consumer Finance Settlement

    Share page with AddThis
  • Bipartisan group of state Attorneys General seek legislative enhancements to combat anonymous shell companies

    State Issues

    On August 2, a bipartisan group of 24 state Attorneys General sent a letter to ranking leaders of the House Financial Services Committee expressing support for legislation that requires disclosure of the owners of companies at the time of incorporation—in order to prevent “individuals from using anonymous shell companies to evade accountability”—but encouraged the adoption of additional components. The letter emphasizes that the use of anonymous shell companies allows criminals to launder and spend money attained through activities such as human trafficking and drug dealing, and legislative change could assist states in their investigation and enforcement against these crimes. Specifically, the letter requests that legislation addressing anonymous shell companies include the following components: (i) availability of information to state and local law enforcement to assist in civil and criminal investigations and provide states authority to enact relevant state laws; (ii) continued access to information throughout the investigation; and (iii) the definition of “beneficial ownership” does not allow loopholes that can be exploited by criminals.

    State Issues State Attorney General Beneficial Ownership House Financial Services Committee

    Share page with AddThis
  • Ohio Governor signs bill limiting payday lending

    State Issues

    On July 30, Ohio’s Governor signed into law HB 123, which “modifies the Short-Term Loan Act, specifies a minimum loan amount and duration for loans made under the Small Loan Law and General Loan Law, and limits the authority of credit services organizations to broker extensions of credit for buyers.” Under these amendments, payday lenders in the state will now be restricted to short-term loans of $1,000 or less, with terms for a single short-term loan set at a 91-day minimum and a one year maximum. Exemptions provided under the legislation will allow short-term loans with a minimum term of less than 91 days if the total monthly payments do not exceed an amount greater than six percent of the borrower’s verified gross monthly income or seven percent of the borrower’s verified net monthly income. Moreover, lenders are: (i) prohibited from demanding collateral for short-term loans; (ii) restricted to a small-dollar loan cap—including both fees and interest—set at 60 percent of the original principal; and (iii) required to grant borrowers three business days to rescind loans without interest. HB 123 further prohibits credit service organizations from extending credit in amounts of $5,000 or less, with repayment terms of one year or less, or with annual percentage rates exceeding 28 percent. The amendments, which take effect 90 days after the governor’s signature, will “apply only to loans that are made, or extensions of credit that are obtained, on or after the date that is [180] days after the effective date of this act.”

    State Issues Payday Lending State Legislation

    Share page with AddThis
  • Illinois amends law to clarify that debt collection law firms are not student loan servicers

    State Issues

    On July 27, Illinois’s Governor signed HB 4397, which amends the state’s Student Loan Servicing Rights Act to specify that the definition of “student loan servicer” does not include a law firm or a licensed attorney that is collecting a post-default debt. The amended law is effective December 31.

    State Issues Student Lending State Legislation Student Loan Servicer Consumer Finance

    Share page with AddThis
  • Georgia Department of Banking and Finance issues cease and desist over licensing violation involving bitcoin

    State Issues

    On July 26, the Georgia Department of Banking and Finance (Department) announced the issuance of a cease and desist order against a bitcoin trading platform. According to the Department, the company allegedly engaged in the sale of payment instruments and money transmissions without first acquiring a valid license or applicable exemption in violation of the state’s financial institutions code. Licensure requirements in the state apply to persons engaged in transactions involving virtual currency.

    State Issues State Regulators Licensing Enforcement Bitcoin

    Share page with AddThis
  • Conference of State Bank Supervisors supports legislation to coordinate federal and state examinations of third-party service providers

    State Issues

    On July 12, the Conference of State Bank Supervisors (CSBS) issued a statement to the Senate Banking Committee, offering support for legislation that would “enhance state and federal regulators’ ability to coordinate examinations of, and share information on, banks’ [third-party technology service providers (TSPs)] in an effective and efficient manner.” H.R. 3626, the Bank Service Company Examination Coordination Act, introduced by Representative Roger Williams, R-Texas, would amend the Bank Service Company Act to provide examination improvements for states by requiring federal banking agencies to (i) consult with the state banking agency in a reasonable and timely fashion, and (ii) take measures to avoid duplicating examination activities, reporting requirements, and requests for information. Currently, 38 states have the authority to examine TSPs, however, according to CSBS, amending the Bank Service Company Act would more appropriately define a state banking agency’s authority and role when it comes to examining potential risks associated with TSP partnerships. In its statement, CSBS also references a recent action taken by eight state regulators against a major credit reporting agency following its 2017 data breach that requires, among other things, a wide range of corrective actions, including improving oversight and ensuring sufficient controls are developed for critical vendors. (See previous InfoBytes coverage here.) The House Financial Services Committee advanced H.R. 3626 on June 24 on a unanimous vote.

    State Issues State Regulators CSBS Federal Legislation Third-Party Privacy/Cyber Risk & Data Security

    Share page with AddThis

Pages