Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Coalition of state Attorneys General encourages FCC to create rules to block illegal robocalls

    State Issues

    On October 8, a collation of 35 state Attorneys General submitted reply comments in response to a public notice seeking ways the FCC could create rules that will enable telephone service providers to block illegal robocalls. In their comments to the FCC, the coalition encourages the FCC to implement rules and additional reforms that go beyond the agency’s 2017 call-blocking order, which allows phone companies to proactively block illegal robocalls originating from certain types of phone numbers. (See previous InfoBytes coverage here.) “Many illegal robocallers, however, simply do not care about the law and have a more insidious agenda — casting a net of illegal robocalls to ensnare vulnerable victims in scams to steal money or sensitive, personal information,” the coalition stated. “[C]riminals are estimated to have stolen 9.5 billion dollars from consumers through phone scams in 2017.” The coalition encourages collaboration between states, federal counterparts, and the domestic and international telecommunications industry, and applauds recent progress on the implementation of frameworks such as the “Secure Telephone Identity Revisited” and “Secure Handling of Asserted information using toKENs” protocols that assist service providers in identifying illegally spoofed calls.

    State Issues State Attorney General FCC Robocalls Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Washington state Attorney General says debt buyers are collection agencies, files lawsuit for operating without a license

    State Issues

    On September 21, the Washington state Attorney General announced that it filed a lawsuit against several collection agencies and their owner (defendants) for allegedly purchasing and suing on charged-off consumer debts in violation of the Washington Collection Agency Act (WCAA) and the Washington Consumer Protection Act (WCPA). The complaint alleges that defendants bought and then obtained judgements on at least 3,500 consumer debts without first obtaining a collection agency license under the WCAA. Under the WCAA, a debt buyer is a collection agency and must therefore “be licensed as a collection agency if it enters into contracts with sellers of debt accounts or takes other affirmative steps to acquire accounts for collection, either directly or through an agent.” Failure to obtain a license as required under the WCAA  amounts to a per se violation of the WCPA. Because defendants bought and sued on consumer debts before obtaining a license in 2013, the Attorney General claimed that they violated the WCAA and the WCPA. The complaint seeks civil money penalties of up to $2,000 per violation for each violation of the WCPA, restitution for affected consumers, and reimbursement of legal costs and fees.

    State Issues State Attorney General Debt Buyer Licensing Consumer Finance

    Share page with AddThis
  • New York prohibits auto lenders from remotely disabling a vehicle without providing notice

    State Issues

    On October 2, the New York governor signed SB 2484, which prohibits auto lenders from remotely disabling a vehicle without first providing notice of the disabling to the debtor. The act amends the state’s uniform commercial code and the general business law, in significant part, by: (i) defining a “payment assurance device” (“any device installed in a vehicle that can be used to remotely disable the vehicle”); (ii) requiring written notice of the possible remote disabling of a vehicle “in the method and timetable” agreed in the initial contract between the parties; (iii) identifying permissible methods of notice transmittal; and, (iv) specifying the permitted period between the postmarking of the notice and the date on which the auto lender or its agent obtains the right to disable the vehicle. The act takes effect immediately.

    State Issues State Legislation Auto Finance

    Share page with AddThis
  • NYDFS adds check cashing and virtual currency businesses to nationwide licensing system

    State Issues

    On October 1, NYDFS announced the commencement of the final phase of its initiative to manage the license application and regulation of all non-depository financial institutions operating in the state through the Nationwide Multistate Licensing System and Registry (NMLS). As such, NYDFS now allows financial services companies holding check casher and virtual currency business activity licenses to transition those licenses to NMLS. Additionally, companies applying for new licenses may now submit applications through NMLS. As previously covered in InfoBytes, licensed budget planners, sales finance agencies, money transmitter licensees, and mortgage providers have already made the transition to NMLS. 

    State Issues NYDFS NMLS Licensing Virtual Currency

    Share page with AddThis
  • California to appoint “blockchain” working group

    State Issues

    On September 28, the California governor signed AB 2658, which requires the Secretary of the Government Operations Agency to appoint a blockchain working group by July 1, 2019. (The act defines blockchain as “a mathematically secured, chronological, and decentralized ledger or database.”) The working group is charged with evaluating, among other things, (i) the risks and benefits associated with the use of blockchain by state government and California-based businesses; (ii) the legal implications of the use of blockchain; and (iv) best practices for enabling blockchain technology to benefit the state and its businesses and residents. The act, which has a sunset date of January 1, 2022, requires the working group to provide a report to the legislature by July 1, 2020.

    State Issues State Legislation Blockchain Fintech

    Share page with AddThis
  • New California law requires non-bank lenders and other finance companies to provide commercial financing disclosures

    State Issues

    On September 30, the California governor signed SB 1235, which requires non-bank lenders and other finance companies to provide written consumer-style disclosures for certain commercial transactions, including small business loans and merchant cash advances. Most notably, the act requires financing entities subject to the law to disclose in each commercial financing transaction — defined as an “accounts receivable purchase transaction, including factoring, asset-based lending transaction, commercial loan, commercial open-end credit plan, or lease financing transaction intended by the recipient for use primarily for other than personal, family, or household purposes”— the “total cost of the financing expressed as an annualized rate” in a form to be prescribed by the California Department of Business Oversight (DBO).

    Although the act is effective immediately, the act requires the DBO to first develop regulations governing the new disclosure requirements, and lenders are not required to comply with the provisions of the act until the final regulations are adopted and become effective. Once final regulations are in place, recipients of commercial financing offers will have to sign the disclosures, which are to be provided at the time of the offer. The disclosures must include (i) the total amount of funds provided; (ii) the total dollar cost of the financing; (iii) the term or estimated term; (iv) the method, frequency, and amount of payments; (v) a description of prepayment policies; and (vi) the total cost of the financing expressed as an annualized rate. Finance companies subject to the law are required to provide the annualized financing rate until January 1, 2024, at which time that portion of the disclosure requirement sunsets. The act also allows for finance companies who offer factoring or asset-based lending to provide alternative disclosures using an example transaction that could occur under the agreement.

    Importantly, the act does not apply to (i) depository institutions; (ii) lenders regulated under the federal Farm Credit Act; (iii) commercial financing transactions secured by real property; (iv) a commercial financing transaction in which the recipient is a vehicle dealer, vehicle rental company, or affiliated company, and meets other specified requirements; and (v) a lender who makes no more than one applicable transaction in California in a 12-month period or a lender who makes five or fewer applicable transactions that are incidental to the lender’s business in a 12-month period. The act also does not cover (i) true leases, but will apply to bargain-purchase leases; (ii) commercial loans under $5,000, which are considered consumer loans in California regardless of any business-purpose and subject to separate disclosure requirements; and (iii) commercial financing offers greater than $500,000.

    State Issues Small Business Lending Fintech Disclosures APR Commercial Finance

    Share page with AddThis
  • California law establishes small dollar lending pilot program

    State Issues

    On September 30, the California governor signed AB 237, which establishes a pilot program under the California Financing Law with the stated purpose of encouraging lenders to provide affordable small dollar loans to consumers. Significant features of the program include: (i) an increase to the upper limit of a permissible loan, from $2,500 to $7,500; and (ii) the authorized imposition of specified alternative interest rates and charges on unsecured loans of at least $300 and less than $2,500.

    Under California’s Pilot Program for Increased Access to Responsible Small Dollar Loans (Pilot Program), licensees who choose to participate in the Pilot Program will be required to apply and pay a specified fee to the Commissioner of Business Oversight (Commissioner). Participating licensees will also be required, among other things, to (i) determine a borrower’s ability to repay the loan, factoring in all verifiable outstanding credit and capping total monthly debt service payments at 50 percent of the borrower’s gross monthly income for loans of $2,500 or less and 36 percent for loans greater than $2,500; (ii) establish terms of 180 days or more for loans with principal balances of at least $1,500, but less than $2,500, upon origination; (iii) establish terms of no less than one year and no more than five years for loans with principal balances exceeding $2,500; (iv) implement policies and procedures for the purpose of answering borrower questions and performing reasonable background checks on any finders associated with the licensee’s participation in the Pilot Program (AB 237 permits approved licensees to use the services or one more finders); and (v) reduce the interest rate of each subsequent loan made to the same borrower by a minimum of one percentage point under certain conditions. In addition, AB 237 allows the Commissioner to charge a licensee certain fees associated with the use of a finder, stipulates examinations requirements for licensees and finders, and establishes deadlines and requirements for the Commissioner when submitting required findings from the Pilot Program. The Pilot Program will run through January 1, 2023.

    Governor Brown issued a message in conjunction with his signing AB 237 expressing his concern, among others, that increasing the cap on small dollar loans without also providing stricter regulatory oversight may lead to “unintended consequences.” Governor Brown requested that the state’s Department of Business Oversight “increase their vigilance and more carefully oversee both lenders and finders to ensure their actions comply with existing law.”

    State Issues State Legislation Small Dollar Lending Consumer Lending Licensing

    Share page with AddThis
  • Global ride-sharing company settles with state Attorneys General for $148 million over data breach

    State Issues

    On September 26, the California Attorney General announced that a global ride-sharing company reached a joint settlement with all 50 state Attorneys General and the District of Columbia for $148 million to resolve allegations that the company failed to safeguard user data and to notify authorities after a 2016 data breach. As previously covered by InfoBytes, in November 2017, the company disclosed, via press release, a 2016 data breach that exposed the personal data of 57 million riders and drivers, where hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. During subsequent state investigations, authorities discovered that, after the company discovered the breach, it paid hackers $100,000 to delete the acquired data and to keep silent about the breach.

    According to the California announcement, the $148 million settlement benefits all 50 states and the District of Columbia, with California receiving $26 million. In addition to the penalty, the settlement allegedly requires the company to implement various conduct provisions, including (i) integrating privacy considerations and protections into the development and design of products; (ii) implementing and maintaining robust data security practices and accurately representing them; (iii) developing and maintaining a comprehensive information security program; (iv) reporting data security incidents to states on a quarterly basis for two years; and (v) maintaining a “Corporate Integrity Program.”

    State Issues Privacy/Cyber Risk & Data Security State Attorney General Settlement Data Breach

    Share page with AddThis
  • Colorado regulator exempts certain cryptocurrency exchanges from money transmitter licensing requirements

    State Issues

    On September 20, the Colorado Department of Regulatory Agencies Division of Banking (Division) issued interim guidance exempting certain types of cryptocurrency exchanges from the state’s money transmitter licensing requirements. Under the interim guidance—which outlines the Division’s interpretation of Colorado’s existing Money Transmitters Act (the Act)— the Division determined that the Act regulates the transmission of money, meaning legal tender, and that cryptocurrencies are not legal tender under the Act. As a result, virtual currency exchanges operating in Colorado do not require a license if transmitting only cryptocurrencies without any legal tender issued and backed by a government (fiat currency) involved in the transaction. However, if fiat currency is present in a transaction, then a virtual currency exchange may require a license. Additionally, a virtual currency exchange must obtain a license when it performs all of the following: (i) it engages in the business of selling and buying cryptocurrencies for fiat currency; (ii) it allows a Colorado customer to transfer cryptocurrency to another customer within the exchange; and (iii) it allows the transfer of fiat currency through the medium of cryptocurrency within the exchange. If a virtual currency exchange offers the ability to transfer fiat currency through the medium of cryptocurrency, the Division encourages the exchange to contact the Division to determine whether it must obtain a license.

    State Issues State Regulators Fintech Cryptocurrency Licensing Virtual Currency Money Service / Money Transmitters

    Share page with AddThis
  • California law requires credit reporting agencies to address security vulnerabilities

    State Issues

    On September 19, the California governor signed AB 1859, which requires a credit reporting agency “that owns, licenses, or maintains personal information about a California resident” or a third party that maintains such personal information on behalf of a credit reporting agency to implement available software updates to address security vulnerabilities. Specifically, a credit reporting agency, or applicable third party that knows, or reasonably should know, that a system maintaining personal information is subject to a security vulnerability must, within three days, begin testing for implementation of an available software update, and complete the update no later than 90 days after becoming aware of the vulnerability. The law requires the credit reporting agency to employ “reasonable compensating controls” to reduce the risk of breach until the software update is complete. Additionally, whether or not a software update is available, the law requires the credit reporting agency to keep with industry best practices, including by (i) identifying, prioritizing, and addressing the highest risk security vulnerabilities most quickly; (ii) testing and evaluating compensating controls and how they affect security vulnerabilities; and (iii) requiring, by contract, that third parties implement and maintain appropriate security measures for personal information. The legislation is expected to take effect January 1, 2019.

    State Issues State Legislation Credit Reporting Agency Privacy/Cyber Risk & Data Security Data Breach

    Share page with AddThis

Pages