InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Minnesota enacts small-dollar consumer lending and money transmitter amendments; Georgia and Nevada also enact money transmission provisions
On May 24, the Minnesota governor signed SF 2744 to amend several state statutes relating to financial institutions, including provisions concerning small-dollar, short-term consumer lending, payday lending, and money transmitter requirements. Changes to the statutes governing consumer small loans and consumer short-term loans amend the definition of “annual percentage rate” (APR) to include “all interest, finance charges, and fees,” as well as the definition of a “consumer short-term loan” to mean a loan with a principal amount or an advance on a credit limit of $1,300 (previously $1,000). The amendments outline certain prohibited actions and also cap the permissible APR on a loan at no more than 50 percent and stipulate that lenders are not permitted to add other charges or payments in connection with these loans. The changes apply to loans originated on or after January 1, 2024. The amendments also make several modifications to provisions relating to payday loans with APRs exceeding 36 percent, including requirements for conducting an ability to repay analysis. These provisions are effective January 1, 2024.
Several new provisions relating to the regulation and licensing of money transmitters are also outlined within the amendments. New definitions and exemptions are provided, as well implementation instructions that provide the state commissioner authority to “enter into agreements or relationships with other government officials or federal and state regulatory agencies and regulatory associations in order to (i) improve efficiencies and reduce regulatory burden by standardizing methods or procedures, and (ii) share resources, records, or related information obtained under this chapter.” The commissioner may also accept licensing, examination, or investigation reports, as well as audit reports, made by other state or federal government agencies. To efficiently minimize regulatory burden, the commissioner is authorized to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors (CSBS), the Money Transmitter Regulators Association, and others, for all licensees that hold licenses in the state of Minnesota and other states. Additionally, the commissioner has enforcement, examination, and supervision authority, may adopt implementing regulations, and may recover costs and fees associated with applications, examinations, investigations, and other related actions. The commissioner may also participate in joint examinations or investigations with other states.
With respect to the licensing provisions, the amendments state that a “person is prohibited from engaging in the business of money transmission, or advertising, soliciting, or representing that the person provides money transmission, unless the person is licensed under this chapter” or is a licensee’s authorized delegate or exempt. Licenses are not transferable or assignable. The commissioner may establish relationships or contracts with the Nationwide Multi-State Licensing System and Registry and participate in nationwide protocols for licensing cooperation and coordination among state regulators if the protocols are consistent with the outlined provisions. The amendments also outline numerous licensing application and renewal procedures including net worth and surety bond, as well as permissible investment requirements.
The same day, the Nevada governor signed AB 21 to revise certain provisions relating to the licensing and regulation of money transmitters in the state. The amendments generally revise and repeal various statutory provisions to establish a process for governing persons engaged in the business of money transmission that is modeled after the Model Money Transmission Modernization Act approved by the CSBS. Like Minnesota, the commissioner may participate in multistate supervisory processes and information sharing with other state and federal regulators. The commissioner also has expanded examination and enforcement authority over licensees. The Act is effective July 1.
Additionally, the Georgia governor signed HB 55 earlier in May to amend provisions relating to the licensing of money transmitters (and to merge provisions related to licensing of sellers of payment instruments). The Act addresses licensee requirements and prohibited activities, outlines exemptions, and provides that applications pending as of July 1, “for a seller of payment instruments license shall be deemed to be an application for a money transmitter license as of that date.” Notably, should a license be suspended, revoked, surrendered, or expired, the licensee must, “within five business days, provide documentation to the department demonstrating that the licensee has notified all applicable authorized agents whose names are on record with the department of the suspension, revocation, surrender, or expiration of the license.” The Act is also effective July 1.
FTC says COPPA does not preempt state privacy claims
The FTC recently filed an amicus brief in a case on appeal before the U.S. Court of Appeals for the Ninth Circuit, arguing that the Children’s Online Privacy Protection Act (COPPA) does not preempt state laws that are consistent with the federal statute’s treatment of regulated activities. The full 9th Circuit is currently reviewing a case brought against a multinational technology company accused of using persistent identifiers to collect children’s data and track their online behavior surreptitiously and without their consent in violation of COPPA and various state laws.
As previously covered by InfoBytes, last December the 9th Circuit reversed and remanded a district court’s decision to dismiss the suit after reviewing whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulation. At the time, the 9th Circuit examined the language of COPPA’s preemption clause, which states that state and local governments cannot impose liability for interstate commercial activities that is “inconsistent with the treatment of those activities or actions” under COPPA. The opinion noted that the 9th Circuit has long held “that a state law damages remedy for conduct already proscribed by federal regulations is not preempted,” and that the statutory term “inconsistent” in the preemption context refers to contradictory state law requirements, or to requirements that stand as obstacles to federal objectives. The opinion further stated that because “the bar on ‘inconsistent’ state laws implicitly preserves ‘consistent’ state substantive laws, it would be nonsensical to assume Congress intended to simultaneously preclude all state remedies for violations of those laws.” As such, the appellate court held that “COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe the same conduct forbidden by, COPPA. Express preemption therefore does not apply to the children’s claims.” The defendant asked the full 9th Circuit to review the ruling. The appellate court in turn asked the FTC for its views on the COPPA preemption issue, specifically with respect to “whether the [COPPA] preemption clause preempts fully stand-alone state-law causes of action by private citizens that concern data-collection activities that also violate COPPA but are not predicated on a claim under COPPA.”
In agreeing with the 9th Circuit that plaintiffs’ claims are not preempted in this case, the FTC argued that nothing in COPPA’s text, purpose, or legislative history supports the sweeping preemption that the defendant claimed. According to the defendant, plaintiffs’ state law claims are inconsistent with COPPA and are therefore preempted “because the claims were brought by plaintiffs who were not authorized to directly enforce COPPA, and would result in monetary remedies under state law that COPPA did not make available through direct enforcement.” Moreover, all state law claims relating to children’s online privacy are inconsistent with COPPA’s framework, including those brought by state enforcers, the defendant maintained. The FTC disagreed, writing that the 9th Circuit properly rejected defendant’s interpretation, which would preempt a wide swath of traditional state laws. Moreover, COPPA’s preemption clause only applies to state laws that are “inconsistent” with COPPA so as not to create “field preemption,” the FTC said, adding that plaintiffs’ claims in this case are consistent with the statute.
Fintech fined over interest charges billed as tips and donations
A California-based fintech company recently entered separate consent orders with California, Connecticut, and the District of Columbia to resolve allegations claiming it disguised interest charges as tips and donations connected to loans offered through its platform. The company agreed to (i) pay a $100,000 fine in Connecticut and reimburse Connecticut borrowers for all loan-related tips, donations, and fees paid; (ii) pay a $30,000 fine in the District of Columbia, including restitution; and (iii) pay a $50,000 fine in California, plus refunds of all donations received from borrowers in the state. The company did not admit to any violations of law or wrongdoing.
The Connecticut banking commissioner’s consent order found that the company engaged in deceptive practices, acted as a consumer collection agency, and offered, solicited, and brokered small loans for prospective borrowers without the required licensing. The company agreed that it would cease operations in the state until it changed its business model and practices and was properly licensed. Going forward, the company agreed to allow consumers to pay tips only after fully repaying their loans. The consent order follows a temporary cease and desist order issued in 2022.
A consent judgment and order reached with the D.C. attorney general claimed the company engaged in deceptive practices by misrepresenting the cost of its loans and by not clearly disclosing the true nature of the tips and donations. The AG maintained that the average APR of these loans violated D.C.’s usury cap. The company agreed to ensure that lenders accessing the platform are unable to see whether a consumer is offering a tip (or the amount of tip) and must take measures to make sure that withholding a tip or donation will not affect loan approval or loan terms. Among other actions, the company is also required to disclose how much lenders can expect to earn through the platform.
In the California consent order, the Department of Financial Protection and Innovation (DFPI) claimed that the majority of consumers paid both a tip and a donation. A pop-up message encouraged borrowers to offer the maximum tip in order to have their loan funded, DFPI said, alleging the pop-up feature could not be disabled without using an unadvertised, buried setting. These tips and/or donations were not included in the formal loan agreement generated in the platform, nor were borrowers able to view the loan agreement before consummation. According to DFPI, this amounted to brokering extensions of credit without a license. Additionally, the interest being charged (after including the tips and donations) exceeded the maximum interest rate permissible under the California Financing Law, DFPI said, adding that by disclosing that the loans had a 0 percent APR with no finance charge, they failed to comply with TILA.
Arizona amends licensing provisions
On May 19, the Arizona governor signed HB 2010 to amend certain sections of the Arizona revised statutes relating to the Department of Insurance and Financial Institutions. Amendments make changes to several licensing provisions, including the length of time a license remains active and licensure renewal requirements. The Act provides that on or before June 30 of each year, a licensee may renew each license without investigation by paying prescribed fees. Other revisions amend accounting practices and record retention requirements for mortgage brokers, mortgage bankers, and commercial mortgage bankers, among others. HB 2010 is effective 90 days after enactment.
DFPI examines whether some payment services are exempt from MTA
The California Department of Financial Protection and Innovation (DFPI) recently released a new opinion letter covering aspects of the California Money Transmission Act (MTA) relating to whether certain payment services are exempt or subject to licensure. The redacted opinion letter examines three payment services provided by the inquiring company. DFPI first analyzed and determined that payments received by a law firm collection agent from a different entity’s collection attorneys and remitted to said entity are exempt pursuant to MTA Financial Code section 2011. DFPI next considered whether the MTA’s agent of payee exemption applies to certain tax payment transactions wherein a customer’s payment obligation to the company is extinguished once the customer has submitted a payment through a particular contractor. According to DFPI, transactions conducted pursuant to a contract between the company and the contractor (appointed as a limited agent for the sole purpose of receiving payments on the company’s behalf from taxpayers) are exempt from the MTA under the agent of payee exemption. Finally, DFPI considered whether the agent of payee exemption applies to certain payments to government entities. DFPI explained, among other things, that the language contained within the contracts with each government entity “establishes that the government entity has appointed [the company] to act as its agent and that payment to [the company] extinguishes the payor’s payment obligation to the government entity.” As such, DFPI determined that “transactions conducted pursuant to contracts containing such language are exempt from the MTA under the agent of payee exemption.”
Iowa modernizes money transmission provisions
The Iowa governor recently signed HF 675 to revise certain provisions of the Uniform Money Transmission Modernization Act. The Act is designed to eliminate unnecessary regulatory burden and harmonize the licensing and regulation of money transmitters with other states. Among other things, the Act defines terms for when a state money services business (MSB) license is required and adds a process for joint multistate examination and supervision of MSB licensees. The Act also outlines several exemptions, including federally insured depository institutions and certain persons appointed as an agent of a payee who collect and process payments from a payor to the payee for goods or services (other than money transmission itself).
With respect to licensing provisions, the Act states that a person shall not engage in the business of money transmission unless they are licensed. New provisions modify the licensing process, including by requiring that applications be approved 121 days after completion, unless denied or approved earlier by the superintendent. The license will take effect the first business day after expiration of the 120-day period (although the superintendent may for good cause extend the application period). The Act also outlines licensing application renewal procedures, requirements for maintaining licensure, processes for person(s) seeking to acquire control of a licensee or seeking to change key individuals, authorized delegate provisions, net worth and surety bond criteria, permissible investments, and reporting and financial condition requirements, among other criteria. The Act further specifies that a person who engages in the business of money transmission on behalf of a person not licensed under the chapter “provides money transmission to the same extent as if the person were a licensee, and shall be jointly and severally liable with the unlicensed or nonexempt person.” The Act takes effect July 1.
Pennsylvania reaches $11 million settlement with rent-to-own company
On May 15, the Pennsylvania attorney general announced a $11.4 million settlement with a rent-to-own lender and its subsidiaries accused of engaging in predatory practices targeting low-income borrowers and employing deceptive collection practices. According to the AG, the lender disguised one-year rent-to-own agreements as “100-Day Cash Payoffs” and then concealed the balances owed. The AG maintained that consumers were locked into binding 12-month agreements that included high leasing fees (equal to 152 percent APR interest). The AG explained that consumers entitled to restitution and relief “had already satisfied the cash price, the sales tax on the cash price, and the processing fees associated with their purchase – yet still owed [the lender] a balance.” Additionally, the AG accused the lender of using a web-based portal for creating and signing contracts, which made it easy for persons other than the consumer to sign the agreements.
The order requires the lender to pay $7.3 million in restitution that will be distributed to affected consumers, $200,000 in civil penalties, and $750,000 in costs to be paid to the AG to be used for public protection and education purposes. Additionally, the lender is required to reduce the balances of delinquent lease-to-own accounts for certain rental purchase agreements, resulting in a $3.15 million aggregate reduction in balances. The lender has also agreed to, among other things, not represent or imply that failure to pay a debt owed or alleged to be owed “will result in the seizure, attachment or sale of any property that is the subject of the debt unless such action is lawful” or that the lender’s subsidiary intends to take such actions. The lender is also prohibited from collecting any amount, including interest, fees, charges, or expenses incidental to the principal obligation, unless the amount is expressly authorized by the agreement creating the obligation or permitted by law. Furthermore, the lender’s subsidiaries must clearly and conspicuously disclose customer balances during servicing calls and through a customer portal.
Montana becomes the ninth state to enact comprehensive privacy legislation
On May 19, the Montana governor signed SB 384 to enact the Consumer Data Privacy Act (CDPA) and establish a framework for controlling and processing consumer personal data in the state. Montana is now the ninth state in the nation to enact comprehensive consumer privacy measures, following California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, and Tennessee. The CDPA applies to any person that conducts business in the state or produces products or services targeted to state residents and, during a calendar year, (i) controls or processes personal data of at least 50,000 consumers (“excluding personal data controlled or processed solely for the purpose of completing a payment transaction”), or (ii) controls or processes personal data of at least 25,000 consumers and derives 25 percent of gross revenue from the sale of personal data. The CDPA provides several exemptions, including nonprofit organizations, registered securities associations, financial institutions, data governed by the Gramm-Leach-Bliley Act and certain other federal laws, and covered entities governed by the Health Insurance Portability and Accountability Act. Highlights of the CDPA include:
- Consumers’ rights. Under the CDPA, consumers will be able to access their personal data; correct inaccuracies; request deletion of their data; obtain a copy of their data in a portable format; and opt out of the sale of their data. A consumer may also designate an authorized agent to act on the consumer’s behalf to opt out of the processing of their personal data.
- Data controllers’ responsibilities. Data controllers under the CDPA will be responsible for, among other things, (i) responding to consumer requests within 45 days unless extenuating circumstances arise and providing requested information free of charge, one for each consumer during a 12-month period; (ii) establishing a process to allow consumer appeals within a reasonable time period after a controller’s refusal to take action on a consumer’s request; (iii) establishing clear and conspicuous opt-out methods on a website that require consumers to affirmatively and freely choose to opt out of any processing of their personal data (and allowing for a mechanism that lets consumers revoke consent that is at least as easy as the mechanism used to provide consent); (iv) limiting the collection of data to what is adequate, relevant, and reasonably necessary for a specified purpose; (v) securing personal data from unauthorized access; (vi) processing data in compliance with state and federal anti-discrimination laws; (vii) obtaining consumer consent in order to process sensitive data; (viii) providing clear and meaningful privacy notices; and (ix) conducting data protection assessments and ensuring deidentified data cannot be associated with a consumer. The CDPA also sets forth obligations relating to contracts between a controller and a processor, including ensuring that contracts between a controller and a processor do not waive or limit consumer data rights.
- No private right of action but enforcement by state attorney general. The CDPA explicitly prohibits a private right of action. Instead, it grants the state attorney general excusive authority to enforce the law.
- Right to cure. Upon discovering a potential violation of the CDPA, the attorney general must give the data controller notice. The data controller then has 60 days to cure the alleged violation before the attorney general can file suit. The cure provision expires April 1, 2026.
The CDPA takes effect October 1, 2024.
Georgia enacts commercial financing disclosure requirements
On May 1, the Georgia governor signed SB 90 to, among other things, require disclosures in connection with commercial financing transactions of $500,000 or less. The amendments modify the existing state Fair Business Practices Act and apply to “commercial loans” and “commercial open-end credit plans.” The amendments define a “provider” as “a person who consummates more than five commercial financing transactions in this state during any calendar year and includes, but is not limited to, a person who, under a written agreement with a depository institution, offers one or more commercial financing products provided by the depository institution via an online platform that the person administers.” The amendments also establish parameters for qualifying commercial transactions and outline numerous exemptions. Specifically, prior to consummating a commercial financing transaction, a provider must (i) disclose the terms of the transaction as specified within the amendments, and (ii) include a description of the methodology used to calculate any variable payment amount and the circumstances that may cause a payment amount to vary. The provisions apply to any commercial financing transaction consummated on or after January 1, 2024. The amendments also address unfair or deceptive practices relating to brokerage engagements and is effective January 1, 2024.
Crypto company settles NY AG’s hidden-fee claims
On May 18, the New York attorney general announced a settlement with a Brooklyn-based cryptocurrency company to resolve claims that it charged investors “exorbitant and undisclosed fees” to store cryptocurrency in an account that was advertised as being free on its website. The fees charged to investors to use its wallet storage were allegedly so high that they completely cleaned out investors’ accounts, the AG said. The company agreed to the AG’s findings that it regularly charged and increased fees without properly notifying investors. According to the AG’s investigation, the company changed the wallet storage fee structure four times without clearly disclosing the fee increase, which led to some investors being charged fees equal to 96 percent of the value of their account holdings. In total, the company took approximately $4.25 million from investors. The AG maintained that the company also failed to register as a commodity broker dealer in the state for a period of time, and that while it was eventually granted a virtual currency license pursuant to 23 NYCRR Part 200, it failed to file a registration statement. Under the terms of the assurance of discontinuance, the company is required to pay $508,910 in restitution to the state and provide full restitution to all investors who were misled. The company is also required to provide monthly refund status updates to the AG, limit the amount of fees charged for using its wallet service to 0.002 percent per cryptocurrency per month for at least five years, and ensure that it adequately discloses all fees to investors.