InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Nevada expands collection agency licensing requirements
On June 16, the Nevada governor signed SB 276 (the “Act”) to revise certain provisions relating to debt collection agencies and make amendments to the state’s collection agency licensing law. While existing law requires collection agencies to be licensed, the amendments expand the type of activities that trigger collection agency licensure. Notably, the Act now requires any “debt buyer” to hold a license, which is defined as “a person who is regularly engaged in the business of purchasing claims that have been charged off for the purpose of collecting such claims, including, without limitation, by personally collecting claims, hiring a third party to collect claims or hiring an attorney to engage in litigation for the purpose of collecting claims.” Mortgage servicers, however, are now exempt unless the “mortgage servicer is attempting to collect a claim that was assigned when the relevant loan was in default.” The amendments also repeal provisions governing foreign collection agencies and now require that such agencies be licensed in the same fashion as domestic collection agencies.
In addition to licensed mortgage servicers the amendments also exclude others from the definition of the term “collection agency,” including an expanded list of certain financial institutions (as well as their employees), persons collecting claims that they originated on their own behalf or originated and sold, and other persons not deemed to be debt collectors under federal law. The term “collection agent” has also been refined to exempt persons who do not act on behalf of a collection agency from requirements governing collection agents.
The Act revises requirements relating to “compliance managers” (formerly referred to as “collection managers”) – including an avenue to request a waiver from the Nevada compliance manager examination requirement if certain experiential requirements are met – and makes changes to certain record retention and application requirements, including amendments to the frequency with which the commissioner reviews a licensee’s required bond amount (annually instead of semiannually). A provision requiring applicants to pursue branch licenses for second or remote locations is also repealed. Instead, collection agencies must simply notify the commissioner of the location of the branch office. Further, collection agencies are now required to display license numbers and certificate identification numbers of compliance managers on any website maintained by the collection agency.
Additionally, the Act now authorizes collection agents to work remotely provided the agents meet certain criteria, including: (i) signing a written agreement prepared by the collection agency that requires the agent to maintain agency-appropriate security measures to ensure the confidentiality of customer information; (ii) refraining from disclosing details about the remote location to a debtor; (iii) refraining from conducting collection activity-related work with a debtor or customer in person at the remote location; (iv) allowing work conducted from the remote location to be monitored; and (v) completing various compliance and privacy training programs. Remote collection agents must adhere to certain practices requirements and restrictions set forth by both the Act and the FDCPA. Collection agencies must also maintain records of remote collection agents, provide oversight and monitoring of collection agents that work remotely, develop and implement a written security policy governing remote collection agents, and establish procedures to ensure collection agents working remotely are not acting in an illegal, unethical, or unsafe manner.
Finally, the Act imposes new prohibitions against collection agencies and their agents and employees. Among other things, a collection agency (and its compliance manager, agents, or employees) is banned from suing to collect a debt when it knows or should have known that the applicable statute of limitations has expired. The amendments further clarify that the applicable limitation period is not revived upon “payment made on a debt or certain other activity relating to the debt after the time period for filing an action based on a debt has expired.” Certain notice must also be given to a medical debtor notifying that such a payment does not revive the applicable statute of limitations. A collection agency may also not sell “an interest in a resolved claim or any personal or financial information related to the resolved claim.”
The Act becomes effective immediately for the purpose of adopting any regulations and performing any preparatory administrative tasks that are necessary to carry out the provisions of the Act and on October 1, 2023 for all other purposes. “Debt buyers” have until January 1, 2024 to submit a collection agency license application pursuant to the new provisions.
Connecticut joins states enacting commercial financing disclosures and lender and broker registration requirements
On June 28, Connecticut became the latest state to require certain providers of sales-based commercial financing to provide disclosures to borrowers and that such providers and brokers register with the state. SB 1032 (the “Act”) defines “commercial financing” as any extension of sales-based financing by a provider in amounts of $250,000 or less, which the recipient does not intend to use primarily for personal, family, or household purposes. A “provider” is defined by the Act as “a person who extends a specific offer of commercial financing to a recipient” and includes, unless otherwise exempt, a “commercial financing broker,” but does not include “a bank, out-of-state bank, bank holding company, Connecticut credit union, federal credit union, out-of-state credit union or any subsidiary or affiliate of the foregoing.” “Sales-based financing” means a transaction that is repaid by the recipient to the provider over time (i) as a percentage of sales or revenue, in which the payment amount may increase or decrease according to the volume of sales made or revenue received by the recipient, or (ii) according to a fixed payment mechanism that provides for a reconciliation process that adjusts the payment to an amount that is a percentage of sales or revenue. The Act establishes parameters for qualifying commercial transactions and outlines numerous additional exemptions.
Under the Act, when extending a specific offer for sales-based financing, the provider must disclose the terms of the transaction as specified within the Act. As a condition of obtaining commercial financing, should the provider require a recipient to pay off the balance of existing commercial financing from the same provider, the provider would be required to include additional disclosures. The Act also discusses conditions and criteria when using another state’s commercial financing disclosure requirements that meet or exceed Connecticut’s provisions may be permitted. Providers may rely on a statement of intended purpose made by the “recipient” (defined as “a person, or the authorized representative of a person, who applies for commercial financing and is made a specific offer of commercial financing by a provider”) to determine whether the financing is commercial financing.
Further, the Act provides that a commercial financing contract entered into on or after July 1, 2024, may not contain any provisions waiving a recipient’s right to notice, judicial hearing, or prior court order in connection with the provider obtaining any prejudgment remedy. Additionally, a provider may not revoke, withdraw, or modify a specific offer until midnight of the third calendar day after the date of the offer. Notably, there is a requirement that providers and brokers of commercial financing be registered with the state banking commissioner, in addition to adhering to the prescribed disclosure requirements, no later than October 1, 2024.
Finally, the banking commissioner is authorized to adopt regulations to carry out the Act’s provisions. Providers who violate the Act’s provisions, or any adopted regulations, will be subject to civil penalties. The commissioner may also seek injunctive relief against providers who knowingly violate any of the provisions.
The Act takes effect July 1, 2024.
DFPI orders crypto platform to halt operations
On June 27, the California Department of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a digital asset trading platform and two of its promoters for allegedly selling unqualified securities and making material misrepresentations and omissions to investors, a violation of California securities laws.
DFPI alleges that the platform leveraged a “multi-level marketing scheme” to award its promoters who sold unqualified securities to investors in the form of investment contracts and received cash investments ranging from $5,000-$20,000. Allegations also include that the platform “purported” to provide educational classes designed to empower the Latino community with respect to crypto asset trading. The order details that through these efforts to garner more investors, “misrepresentations of material fact [were made] to investors and potential investors, namely that investors would receive a return on their initial investment every three months.” Investors have allegedly not received any return on their initial investment. The commissioner found that the platform “fail[ed] to provide the promised returns on their purported investments” and that “[d]espite multiple requests, investors have not had their funds returned.”
The order requires the platform to desist and refrain from the offer and sale of securities and stop making misrepresentations about returns in California.
26 state AGs support FTC’s proposal on Negative Option Rule
On June 26, a coalition of 26 state attorneys general from New York, Pennsylvania, Alabama, Arizona, California, Colorado, Connecticut, Delaware, District of Columbia, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Jersey, North Carolina, North Dakota, Oklahoma, Oregon, Vermont, Washington, and Wisconsin, submitted a comment letter in support of the FTC’s proposed amendments to its Negative Option Rule. While the Negative Option Rule is intended to combat unfair or deceptive practices related to subscriptions, memberships, and other recurring-payment programs, the FTC maintained that current laws and regulations do not clearly provide a consistent legal framework for these types of programs. (Covered by InfoBytes here.)
In March, the FTC issued a notice of proposed rulemaking (NRPM), which would apply to all subscription features in all media (including “the internet, telephone, in-print, and in-person transactions”) and would regulate additional types of negative-option practices, including automatic renewals, free trial offers, and continuity plans. The NPRM proposes to add a new “click to cancel” provision making it as easy for consumers to cancel their enrollment as it was to sign up. Sellers would be required to first ask consumers whether they want to hear about new offers or modifications before making a pitch when consumers are trying to cancel their enrollment. Sellers further must provide consumers who are enrolled in negative option programs with an annual reminder involving anything other than physical goods before they are automatically renewed.
In their letter, the states expressed support for the FTC’s NPRM, in particular, the provisions that would preserve state authority to regulate negative-option marketing and to enact greater protections and stricter laws than those proposed by the FTC. The states also agreed that the NPRM provides additional guidance and clarity on how businesses can comply with existing legal frameworks. However, the states urged the FTC to consider additional clarifications and improvements, including (i) requiring businesses to “clearly and conspicuously inform consumers of any conditions (or lack thereof) concerning cancellation”; (ii) requiring businesses to obtain an additional round of consent before charging a consumer at the end of a free trial; (ii) clarifying businesses’ cancellation mechanisms must be cost effective, timely, simple, and easy to use; (iii) expanding the methods that a consumer may use to cancel a recurring contract and allowing “all consumers to cancel through any medium that the seller uses to sell subscriptions or memberships, regardless of the medium through which that particular consumer signed up”; and (iv) requiring businesses to provide negative option reminders in additional ways—“not only through the same medium that the consumer used to consent to the negative option feature but also through any other medium that the seller uses to communicate with the consumer.”
Court orders credit union to pay $5 million to settle overdraft allegations
On June 27, the U.S. District Court for the Northern District of New York granted final approval of a class action settlement, resulting in a defendant credit union paying approximately $5.2 million to settle allegations concerning illegal overdraft/non-sufficient funds (NSF) fees and inadequate disclosure practices. As described in plaintiffs’ unopposed motion for preliminary approval, the defendant was sued in 2020 for violating the EFTA (Regulation E) and New York General Business Law (NY GBL) § 349. According to plaintiffs, defendant charged overdraft fees and NSF fees that were not permitted under its contracts with its members or Regulation E. Plaintiffs’ Regulation E and NY GBL liability theories are premised on the argument that defendant’s “opt-in form did not inform members that these fees were charged under the ‘available balance’ metric, rather than the ‘actual’ or ‘ledger’ balance metric”—a violation of Regulation E and NY GBL § 349. The plaintiffs’ liability theory was that defendant’s “contracts did not authorize charging overdraft fees when the ledger or actual balance was positive.”
Under the terms of the settlement, defendant is required to pay $2 million, for which 25 percent of the settlement fund will be allocated to class members’ Regulation E overdraft fees, 62.5 percent will go to class members’ GBL overdraft fees, and 12.5 percent will be allocated to class members’ breach of contract overdraft fees. Defendant is also required to pay $948,812 in attorney’s fees, plus costs, and $10,000 service awards to the two named plaintiffs. Additionally, the defendant has agreed to change its disclosures and will “forgive and release any claims it may have to collect any at-issue fees which were assessed by [defendant] but not collected and subsequently charged-off, totaling approximately $2,300,000.”
4th Circuit upholds sanctions against debt relief operation
On June 23, the U.S Court of Appeals for the Fourth Circuit upheld a default judgment entered against a debt relief operation and related individuals accused of violating the TCPA and the West Virginia Consumer Credit and Protection Act (WVCCPA). Plaintiff-appellee alleged she received multiple telemarketing phone calls regarding debt relief offered through lower interest rates on credit cards from the defendants (including the appellants). During discovery, defendants allegedly engaged in “evasive discovery tactics” and “relentless sandbagging,” which resulted in a magistrate judge entering multiple orders to compel. Defendants allegedly continued to call the plaintiff-appellee for more than a year after she filed her initial complaint. Additional defendants (including some of the appellants) were added via amended complaints as she discovered defendants had allegedly “formed a vast and complex web of corporate entities.”
The district court eventually sanctioned the appellants and struck their defenses for, among other things, engaging in a “pattern of concealing discoverable material” and failing to obey court orders. Appellants filed a motion for reconsideration, claiming the sanctions were too harsh and came as a surprise, the discovery abuses were “inadvertent,” and the plaintiff-appellee had not been prejudiced. Plaintiff-appellee then filed a renewed motion for sanctions outlining continued violations by appellants. Eventually, the district court entered a default judgment against the appellants for failing “to respond fulsomely and accurately to discovery requests and to comply with court orders pertaining to those requests.” The sanctions imposed an $828,801.36 judgment plus costs.
On appeal, the 4th Circuit concluded the district court did not abuse its discretion in finding appellants acted in bad faith and entered default judgment against them. The appellate court explained that there are certain circumstances, including this action, “where the entry of default judgment against a defendant for systemic discovery violations is the natural next step in the litigation, even without an explicit prior warning from the district court.” The appellate court further concluded the record contradicted each of the appellants’ arguments and held appellants “had fair ‘indication that sanctions might be imposed against [them]’ for their continued discovery and scheduling order violations.” With respect to appellants’ arguments that the district court awarded damages for the same purported calls pursuant to both the TCPA and the WVCCPA, the 4th Circuit found that penalties under these statutes are not exclusive and that they separately penalize different violative conduct. “[D]amages under the WVCCPA may be awarded in addition to those under the TCPA for a single communication that violates both statutes,” the appellate court wrote, adding that a plaintiff can also “recover separate penalties under separate sections of the TCPA even if the violations occurred in the same telephone call.”
Split 9th Circuit: Nevada’s medical debt collection law is not preempted
The U.S. Court of Appeals for the Ninth Circuit recently issued a split decision upholding a Nevada medical debt collection law after concluding the statute was neither preempted by the FDCPA or the FCRA, nor a violation of the First Amendment. SB 248 took effect July 1, 2021, in the wake of the Covid-19 pandemic, and requires debt collection agencies to provide written notification to consumers 60 days “before taking any action to collect a medical debt.” Debt collection agencies are also barred from taking any action to collect a medical debt during the 60-day period, including reporting a debt to a consumer reporting agency.
Plaintiffs, a group of debt collectors, sued the Commissioner of the Financial Institutions Division of Nevada’s Department of Business and Industry after the bill was enacted, seeking a temporary restraining order and a preliminary injunction. In addition to claiming alleged preemption by the FDCPA and the FCRA, plaintiffs maintained that SB 248 is unconstitutionally vague and violates the First Amendment. The district court denied the motion, ruling that none of the arguments were likely to succeed on the merits.
In agreeing with the district court’s decision, the majority concluded that SB 248 is not unconstitutionally vague with respect to the term “before taking any action to collect a medical debt” and that any questions about what constitute actions to collect a medical debt were addressed by the statute’s implementing regulations. With respect to whether SB 248 violates the First Amendment, the majority held that debt collection communications are commercial speech and thus not subject to strict scrutiny. As to questions of preemption, the majority determined that SB 248 is not preempted by either the FDCPA or the FCRA. The majority explained that furnishers’ reporting obligations under the FCRA do not include a deadline for when furnishers must report a debt to a CRA and that the 60-day notice is not an attempt to collect a debt and therefore does not trigger the “mini-Miranda warning” required in a debt collector’s initial communication stating that “the debt collector is attempting to collect a debt.”
The third judge disagreed, arguing, among other things, that the majority’s “position requires setting aside common sense” in believing that the FDCPA does not preempt SB 248 because the 60-day notice is not an action in connection with the collection of a debt. “The only reason that a debt collector sends a Section 7 Notice is so that he can later start collecting a debt,” the dissenting judge wrote. “It is impossible to imagine a situation where a debt collector would send such a notice except in pursuit of his goal of ultimately obtaining payment for (i.e., collecting) the debt.” The dissenting judge further argued that by delaying the reporting of unpaid debts, SB 248 conflicts with the FCRA’s intention of ensuring credit information is accurately reported.
Florida enacts commercial financing disclosure requirements
On June 23, the Florida governor signed HB 1353 (the “Act”), creating the Florida Commercial Financing Disclosure Law and imposing several requirements on commercial financing providers and brokers. The Act defines a “provider” as “a person who consummates more than five commercial financing transactions with a business located in [Florida] in any calendar year.” The definition “also includes a person who enters into a written agreement with a depository institution to arrange a commercial financing transaction between the depository institution and a business via an online lending platform administered by the person.” The Act clarifies, however, the “fact that a provider extends a specific offer for a commercial financing transaction on behalf of a depository institution may not be construed to mean that the provider engaged in lending or financing or originated that loan or financing.” A “commercial financing transaction” is defined broadly and means a secured or unsecured commercial loan, an account receivable purchase transaction, or a commercial open-end credit plan.
The Act establishes parameters for qualifying commercial transactions and outlines numerous exemptions, including federally insured depository institutions; transactions secured by real property, a lease, or a certain purchase money obligations; transactions of at least $50,000 where the recipient is a motor vehicle dealer or rental company (or an affiliate of such company); providers licensed as money transmitters in any state; and commercial financing transactions greater than $500,000.
Specifically, at or prior to consummation of a commercial financing transaction, a provider must (i) disclose the terms of the transaction as specified within the Act; (ii) outline the manner and frequency of the payments, including a description of the methodology used to calculate any variable payment amount and the circumstances that may cause a payment amount to vary; and (iii) disclose any costs or discounts associated with prepayment. Disclosures must be in writing and may be based on an example of a transaction that could occur under the agreement. The Act further specifies that only one disclosure is required for each commercial financing transaction. Subsequent disclosures are not required as a result of a modification, forbearance, or change to a consummated commercial financing transaction.
The Act also defined a “broker” as “a person who, for compensation or the expectation of compensation, arranges a commercial financing transaction or an offer between a third party and a business in [Florida] which would, if executed, be binding upon that third party.” The definition excludes “a provider and any individual or entity whose compensation is not based or dependent upon the terms of the specific commercial financing transaction obtained or offered.” In addition, the Act outlines prohibited conduct and establishes unique broker requirements. Specifically, a broker may not “[a]ssess, collect, or solicit an advance fee from a business to provide services as a broker” (a business may pay for actual services required to apply for a commercial financing transaction), and may not make any false or misleading representations when engaging in the offering or sale of its brokering services.
The Act explicitly prohibits a private right of action, but instead grants the Florida attorney general exclusive enforcement authority. The AG may seek fines of $500 per incident (not to exceed $20,000 for all aggregated violations). Fines will increase to $1,000 per incident (not to exceed $50,000 for all aggregated violations) for continued violations following receipt of written notice or a prior violation.
The Act takes effect on July 1.
Texas is most recent state to enact comprehensive privacy legislation
On June 18, the Texas governor signed HB 4 to enact the Texas Data Privacy and Security Act (TDPSA) and establish a framework for controlling and processing consumer personal data in the state. Texas follows California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, Tennessee, and Montana in enacting comprehensive consumer privacy measures. Earlier this month, Florida also enacted privacy legislation, but the requirements focus on specific digital controllers with global gross annual revenues of more than $1 billion.
The TDPSA applies to a person that conducts business in the state or produces products or services consumed by state residents, processes or sells personal data, and is not a small business as defined by the U.S. Small Business Administration, except to the extent that it sells sensitive data which requires consumer consent. Unlike other states, there is no data-processing volume threshold. The TDPSA only protects consumers acting in an individual or household capacity and does not cover individuals acting in a commercial or employment context. Additionally, the TDPSA provides several exemptions, including financial institutions or data governed by the Gramm-Leach-Bliley Act and certain other federal laws, nonprofit organizations, higher education institutions, covered entities governed by the Health Insurance Portability and Accountability Act, and certain utility companies.
Highlights of the TDPSA include:
- Consumers’ rights. Under the TDPSA, consumers will be able to access their personal data; confirm whether their data is being processed; correct inaccuracies; request deletion of their data; obtain a copy of their data in a portable format; and opt out of the processing of their data for targeted advertising, the sale of their data, or certain profiling.
- Data controllers’ responsibilities. Data controllers under the TDPSA will be responsible for, among other things: (i) responding to consumer requests within 45 days (unless extenuating circumstances arise) and providing requested information free of charge; (ii) establishing a process to allow consumer appeals after a controller’s refusal to take action on a consumer’s request; (iii) providing at least two methods for consumers to exercise their rights; (iv) limiting the collection of data to what is adequate, relevant, and reasonably necessary for a specified purpose; (v) securing personal data from unauthorized access; (vi) establishing easy opt-out methods that require consumers to affirmatively and freely choose to opt out of any processing of their personal data; (vii) processing data in compliance with state and federal anti-discrimination laws; (viii) obtaining consumer consent in order to process sensitive data; (ix) providing clear and reasonably accessible privacy notices; and (x) conducting and retaining data protection assessments and ensuring deidentified data cannot be associated with a consumer. The TDPSA also sets forth obligations relating to contracts between a controller and a processor, including ensuring that contracts between a controller and a processor do not waive or limit consumer data rights.
- No private right of action. The TDPSA explicitly prohibits a private right of action. Instead, it grants the state attorney general excusive authority to enforce the law.
- Right to cure. Upon discovering a potential violation of the TDPSA, the attorney general must give the data controller notice. The data controller then has 30 days to cure the alleged violation before the attorney general can file suit and seek up to $7,500 for each violation, as well as injunctive relief, attorney’s fees, and other expenses.
The TDPSA takes effect July 1, 2024, except for certain provisions relating to methods for submitting consumer requests, which shall take effect January 1, 2025.
Texas has new licensing requirements for digital-asset platforms
In June, the Texas governor signed HB 1666 (the “Act”) to add practice restrictions to digital asset service providers, defined as electronic platforms that facilitate the trading of digital assets on behalf of a digital asset customer and maintain custody of the customer’s digital assets. The Act applies to a digital asset service provider conducting business in Texas that holds a money transmission license and either services more than 500 digital asset customer in the state or has at least $10 million in customer funds. Digital asset service providers are required to comply with certain provisions in order to obtain and maintain a money transmission license including provisions relating to the commingling of funds, customer access to funds, accounting requirements, annual reporting requirements. The Texas Department of Banking has the authority to suspend and revoke a license if these requirements are not met and may impose a penalty for violations of the Act. The commissioner also has examination authority and may promulgate rules to administer and enforce the Act’s provisions. The Act is effective September 1. Certain financial institutions and entities not required to hold a money transmission license are exempt.