InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NY AG and others demand cooperation and accountability from big banks; write to CFPB and OCC
On December 7, the Attorney General for the State of New York, Letitia James, led a group of 20 attorneys general in submitting letters to the OCC and the CFPB urging the agencies to ensure that national banks cooperate with state attorneys’ general investigations into violations of state laws. The letters state that in the beginning of the 2000s, banks began to claim immunity from state oversight. The attorneys general argue that this position was furthered by a 2002 OCC advisory letter directing states to refer potential violations of state law to the OCC, and a 2004 rule which expanded the test for when national banks were exempted from state laws. The attorneys general allege that states’ have been limited “in their ability to address a wide range of unfair and deceptive practices that affect their citizens, including bait-and-switch practices and the failure to clearly and conspicuously disclose rate changes, late fees and overdraft fees.” As a result, the attorneys general ask the OCC to “issue supervisory guidance… advising that it is unsafe and unsound, and that it creates a material risk of unfair or abusive acts or practices, for any [b]ank to refuse to cooperate with State AG information requests that seek to further enforcement of applicable state laws.”
Illinois Collection Agency Act oversight transferred to the Division of Financial Institutions
Effective November 20, 2023, the Illinois Department of Financial and Professional Regulation adopted provisions regarding the Illinois Collection Agency Act. According to the Notice of Adopted Repealer, Public Act 102-975 has transferred the oversight of collection agencies from the Division of Professional Regulation to the Division of Financial Institutions. With the Division of Financial Institutions planning to introduce new regulations to align them to the agency’s standards, the Department proposes to repeal the existing regulations from the Division of Professional Regulation.
Maryland finalizes money transmitter regulation; adds agent of the payee exemption
On November 17, the Maryland Commissioner of Financial Regulation recently adopted edits to proposed regulations, Code Md. Code Regs. 09.03.14.01, .03-.18, bringing Maryland generally in alignment with the CSBS Money Transmitter Model Law which has been recently adopted by several other states (covered by InfoBytes here, here, and here). Some provisions in the new regulation conform with the model law, while a few stand out as unique additions in Maryland.
For example, among the newly adopted regulations, amended Regulation .03 provides an exemption for persons appointed as an agent of the payee if (i) there is a written agreement between the payee and agent for payment processing, aligning with Maryland law; (ii) there is public recognition of the agent collecting payments on behalf of the payee; (iii) upon the agent’s receipt of payment, the payor’s obligation ends without risk; (iv) the agent is not serving in an escrow capacity; (v) the agent is not acting as an agent to more than one party; and (vi) the agent mandates prompt, unconditional payment without tying it to future events or performances. This agent of the payee exemption deviates from the model law’s version of the same exemption.
Additionally, amended Regulation .08 establishes corporate governance standards that require money transmitter licensees to maintain a framework that is commensurate with the size, operational complexity, and overall risk profile of the licensee. This standard also sets expectations around internal audit, external audit, and risk management functions of a license. While this concept is not provided for in the model money transmission law, it aligns with the CSBS model state regulatory prudential standards for nonbank mortgage servicers (covered by InfoBytes here).
The final regulation will be effective December 11, 2023.
Mass AG proposes legislation to combat “junk fees”
On November 30, the Massachusetts Attorney General’s office proposed regulations to combat so-called “junk fee” practices and make business payment methods more transparent, according to this press release
The purpose of the new rules is to help define unfair and deceptive practices for imposing fees as well as establishing standards for automatic renewal or continuous service contracts. Under the proposed regulations, the following acts performed by a business would be considered an “unfair and deceptive practice”: failing to disclose the total price of a product; failing to disclose any fees, interest, charges, or other expenses related to a product; and failing to disclose the total price before requiring a consumer to provide any personal information. The proposed regulations also state that, for recurring fees and trial offers, companies must provide a means of contact so that a consumer may cancel and must offer a way for a consumer to terminate a trial period in the same way it was entered.
The AG’s office will be holding a public hearing on the proposal on December 20 and is accepting public comments until then. If enacted, Massachusetts would be only the second state (following California) to issue a rule specifically targeting “junk fees.”
Massachusetts AG settles with household goods rental company for unfair debt collection practices
On November 28, the State AG of Massachusetts filed an assurance of discontinuance with a household goods rental company for unfair and deceptive debt collection practices. The company offers household goods under a rent-to-own payment contract as part of its business model. According to the assurance, customers would rent a good and then pay it off over several months to several years to obtain ownership; however, the assurance of discontinuance alleges that, for customers who failed to make payment or never returned the item, the company resorted to aggressive tactics: sending employees out to collect payments by making house visits, “pounding on doors, turning doorknobs to see if they were unlocked, and demanding to be let in.”
In addition to these collection tactics, the assurance of discontinuance states that the company would file criminal complaints. The AG of Massachusetts finds this to be an improper use of “the criminal process, [such as] the threat of arrest or prosecution, as a [d]ebt collection tool.” Additionally, if a customer failed to make timely payments or return the rented property, the company would file a criminal complaint alleging their customers were committing larceny. In the assurance, the company agrees to pay $8.75 million, and the company must cease filing criminal complaints against customers.
NYDFS settles with title insurance company for $1 million
On November 27, the NYDFS entered into a consent order with a title insurance company, which required the company to pay $1 million for failing to maintain and implement an effective cybersecurity policy and correct a cybersecurity vulnerability. The vulnerability allowed members of the public to access others’ nonpublic information, including driver’s license numbers, social security numbers, and tax and banking information. The consent order indicates the title insurance company discovered the vulnerability as early as 2018. The title insurance company’s failure to correct these changes violated Section 500.7 of the Cybersecurity Regulation.
In May 2019, a cybersecurity journalist published an article on the existence of a vulnerability in the title insurance company’s application, that led to a public exposure of 885 million documents, some found through search engine results. The journalist noted that “replacing the document ID in the web page URL… allow[ed] access to other non-related sessions without authentication.” Following the cybersecurity journalist’s article, and as required by Section 500.17(a) of the Cybersecurity Regulation, the title insurance company notified NYDFS of its vulnerability, at which point NYDFS investigated further. The title insurance company has been ordered to pay the penalty no later than ten days after the effective date.
DFPI shares trends in consumer crypto complaints
DFPI recently published a report on consumer crypto-related complaints collected through its new online complaint portal. According to the third-quarter 2023 CSO report, some of the most common complaints include (i) consumers being scammed into transferring digital assets from a legitimate crypto account to a fraudulent platform; (ii) consumers losing access to funds after transferring to an unknown wallet; (iii) consumers who invest in sham crypto investments by sending US dollars to a scammer’s platform, wallet, or bank; (iv) consumers making additional investments to scammers after receiving the first and only return; (v) consumers with concerns regarding their account activity on legitimate crypto platforms; and (vi) consumers approached by scammers via text message and social media. DFPI shared tips on how consumers can protect themselves against scams as well, noting that “[i]f it seems too good to be true, it probably is.”
DFPI orders desist and refrain against investment firm
On November 16, under California Corporations Code § 25532, the California Division of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a securities investment platform for allegedly making false representations and material omissions to investors.
The DFPI alleges the investment platform sold securities in California on its website and the platform referred to them as “certificates.” The platform claimed that the certificates paid investors returns ranging from 2.5 percent to five percent in addition to guaranteed monthly returns. To solicit investors, the platform allegedly engaged in a multi-level marketing (MLM) structure that would have investors influence others to send money. DFPI alleged that the certificates were not qualified under the California Corporate Securities Law. DFPI also alleged that the platform omitted material information to investors, which included (i) falsely representing that the platform was partnered with a particular forex broker; (ii) representing that it was a licensed bank (while omitting that the “license” was granted by a “fictitious regulator”); (iii) using the terms “bank” and “banking” while omitting that it was not authorized to engage in the business of banking in California; (iv) misrepresenting profits and risk of loss; and (v) failing to disclose that its securities were not qualified in California.
NYDFS introduces guidelines for coin-listing and delisting policies in virtual currency entities
On November 15, NYDFS announced new regulatory guidance which adopts new requirements for coin-listing and delisting policies of DFS-regulated virtual currency entities, updating its 2020 framework for each policy. After considering public comments, the new guidance aims to enhance standards for self-certification of coins and includes requirements for risk assessment, advance notification, and governance. It emphasizes stricter criteria for approving coins and mandates adherence to safety, soundness, and consumer protection principles. Virtual currency entities must comply with these guidelines, requiring DFS approval for coin-listing policies before self-certifying coins, and submitting detailed records for ongoing compliance review. The guidance also outlines procedures for delisting coins and necessitates virtual currency entities to have an approved coin-delisting policy.
As an example under coin listing policy framework, the letter states that a virtual currency entity risk assessment must be tailored to a virtual currency entity's business activity and can include factors such as (i) technical design and technology risk; (ii) market and liquidity risk; (iii) operational risk; (iv) cybersecurity risk; (v) illicit finance risk; (vi) legal risk; (vii) reputational risk; (viii) regulatory risk; (ix) conflicts of interest; and (x) consumer protection. Regarding consumer protection, NYDFS says that virtual currency entities must “ensure that all customers are treated fairly and are afforded the full protection of all applicable laws and regulations, including protection from unfair, deceptive, or abusive practices.”
Similar to the listing policy framework, the letter provides a fulsome delisting policy framework. The letter also stated that all virtual currency entities must meet with the DFS by December 8 to preview their draft coin-delisting policies and that final policies must be submitted to DFS for approval by January 31, 2024.
NY AG report reveals racial disparities in homeownership and offers proposed solutions
On October 31, New York AG Letitia James released a report detailing racial disparities in homeownership and access to home financing in New York. The report states that Black and Latino New Yorkers are “underrepresented” among mortgage applicants, and white households are overall more likely to own homes than Black, Latino, or Asian households. The report also found that regardless of credit score, income, size of the loan and other factors, all applicants of color are denied mortgages at a higher rate than white applicants. In addition, the report found that disparities between white borrowers and borrowers of color persist in the context of refinance transactions and are also present in loans made by “[n]ew private-sector, non-depository lenders.”
The report identified policy solutions that could reduce these disparities, including (i) subsidizing down payments and interest rates for first-generation homebuyers; (ii) increasing state funding for nonprofit financial institutions that support underserved communities of color; (iii) passing the New York Public Banking Act, which would create a regulatory framework for the establishment of public banks, thereby expanding access to affordable financial services in underserved areas; (iv) bolstering resources for government agencies to conduct fair lending investigations and enhancing New York’s Human Rights Law to explicitly prohibit discriminatory lending practices; and (v) exploring options for offering state-provided banking services in accessible locations to increase access to traditional banking services.