InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Maryland and Georgia prohibit security freeze fees
On May 15, the Maryland governor signed SB 202, which prohibits consumer reporting agencies from charging consumers, or protected consumers’ representatives, a fee for the placement, removal, or temporary lift of a security freeze. Previously, Maryland allowed for a fee, in most circumstances, of up to $5.00 for each placement, temporary lift, or removal. The law takes effect October 1.
On May 3, the Georgia governor signed SB 376, which amends Georgia law to prohibit consumer reporting agencies from charging a fee for placing or removing a security freeze on a consumer’s account. Previously, Georgia law allowed for a fee of no more than $3.00 for each security freeze placement, removal, or temporary lift, unless the consumer was a victim of identity theft or over 65 years old. Under SB 376, consumer reporting agencies may not charge a fee to any consumer at any time for the placement or removal of a security freeze. This law takes effect July 1.
Maryland governor signs provisions amending Maryland Consumer Loan Law’s small lending requirements
On May 15, the Maryland governor signed legislation to establish requirements for lenders making covered loans in the state. Among other things, HB1297 increases the threshold for which a loan is subject to small lending requirements within the Maryland Consumer Loan Law (MCLL) from $6,000 to $25,000. The law also prohibits (i) lenders who are not licensed in the state from making loans of $25,000 or less, unless the person is exempt from requirements under MCLL; (ii) a person contracting “for a covered loan that has a rate of interest, charge, discount, or other consideration greater than the amount authorized under state law”; and (iii) covered loans that would be a violation of the Military Lending Act. Loans that violate these provisions are deemed void and unenforceable except in limited circumstances. The law takes effect January 1, 2019.
Georgia amends state code provisions related to financial institutions
On May 3, the Georgia governor signed into law an act amending provisions of the Official Code of Georgia applicable to the state’s Department of Banking and Finance (Department) and financial institutions generally, including banks, credit unions, licensed sellers of payment instruments, and mortgage lenders and brokers. Among other things, HB 780 grants the Department and/or its commissioner (i) powers to authorize state chartered financial institutions to exercise powers authorized by federal law but not authorized under state law; (ii) the authority to remove individuals employed by state chartered financial institutions, including officers and directors; and (iii) the ability to establish a process for state chartered financial institutions to “exercise rights and powers authorized solely under federal law.” HB 870 also amends the Official Code of Georgia to provide for the Department’s licensing of mortgage lenders and brokers. The law took effect on May 3, and does not apply to litigation pending as of March 9.
Maryland expands scope of unfair and deceptive practices under the Maryland Consumer Protection Act, increases maximum civil penalties
On May 15, the Maryland governor signed HB1634, the Financial Consumer Protection Act of 2018, which expands the definition of “unfair and deceptive trade practices” under the Maryland Consumer Protection Act (MPCA) to include “abusive” practices, and violations of the federal Military Lending Act (MLA) and Servicemembers Civil Relief Act (SCRA). The law also, among other things:
- Civil Penalties. Increases the maximum civil penalties for certain consumer financial violations to $10,000 for the initial violation and $25,000 for subsequent violations
- Debt Collection. Prohibits a person from engaging in unlicensed debt collection activity in violation of the Maryland Collection Agency Licensing Act or engaging in certain conduct in violation of the federal FDCPA.
- Enforcement Funds. Requires the governor to appropriate at least $700,000 for the Office of the Attorney General (OAG) and at least $300,000 to the Office of the Commissioner of Financial Regulation (OCFR) for certain enforcement activities.
- Student Loan Ombudsman. Creates a Student Loan Ombudsman position within the OCFR and establishes specific duties for the role, including receiving, reviewing, and attempting to resolve complaints from student loan borrowers.
- Required Studies. Requires the OCFR to conduct a study on Fintech regulation, including whether the commissioner has the statutory authority to regulate such firms. The law also requires the Maryland Financial Consumer Protection Commission (MFCPC) to conduct multiple studies, including studies on (i) cryptocurrencies and initial coin offerings and (ii) the CFPB’s arbitration rule (repealed by a Congressional Review Act measure in November 2017).
New York Senate introduces bill to enact state charters for on-line lenders
On May 2, the New York Senate introduced a bill that, if passed, would establish a new article under the state’s banking law to provide for the chartering and regulating of internet lending services corporations (on-line lenders). Among other things, the “New York limited state charter for internet lending services,” S8340, would (i) authorize the New York Department of Financial Services (NYDFS) to issue limited state charters to on-line lenders who “engage in the business of making loans over an internet or electronic platform”; (ii) allow chartered on-line lenders to approve or deny consumer loan applications submitted through NYDFS-approved electronic means; (iii) limit the principal amount of personal loans to $25,000 and $50,000 for business and commercial loans, as well as require the adherence to legally authorized interest rates; (iv) require that chartered on-line lenders be able to demonstrate fiscal solvency with “a minimum capital requirement of not less than $250,000”—an amount five times higher than what is required of brick and mortar-based licensed lenders; and (v) grant NYDFS the authority to regulate chartered on-line lenders.
S8340 further notes that, at present, the state’s banking law does not provide a regulatory environment to oversee the operations of on-line lenders. The bill currently sits with the Senate’s Banks Committee.
Oklahoma law allows lenders to charge convenience fees for electronic payments
On April 25, the Oklahoma governor signed into law an act that allows lenders to charge borrowers convenience fees for making payments via debit card, electronic funds transfer, electronic checks or other electronic means. SB 1151 provides that the nonrefundable fees shall not exceed the lesser of (i) the actual third party costs incurred by the lender for accepting and processing electronic payments; and (ii) four percent of the electronic payment transaction. Lenders must notify borrowers of the amount of the fee prior to completing a transaction and provide an opportunity to cancel the transaction without a fee. The law takes effect November 1.
Arizona prohibits gift card fees and certain expiration dates
On April 17, the Arizona governor signed SB 1264, which prohibits the issuance or sale of gift cards in Arizona that are subject to fees or certain expiration dates. Arizona previously allowed gift cards to be subject to an expiration date, a fee, or both as long as the relevant information was clearly and conspicuously disclosed to the consumer before the purchase was made. SB 1264 prohibits gift cards from begin subject to a fee and prohibits the underlying money on a gift card from being subject to an expiration date. The law allows an expiration date with respect to the card, code, or device associated with a gift card, only if the gift card contains a clear and conspicuous disclosure that the underlying monies associated with the card do not expire and the consumer may obtain a replacement. The prohibition on gift card fees and expiration dates does not apply to (i) gift cards that are sold below face value or donated to nonprofit or charitable organizations; (ii) gift cards distributed pursuant to an awards, loyalty, or promotion program when the consumer has given no money or other property in exchange for the card; and (iii) cards for prepaid telecommunications services, electronic funds transfer cards, bank-issued debit or general purpose reloadable prepaid cards not marketed or labeled as gift cards or gift certificates. The law becomes effective 91 days after the end of the legislative session.
Wisconsin repeals mortgage escrow interest requirement
On April 17, the Wisconsin governor signed AB 822, which eliminates the requirement that financial institutions pay interest on certain residential mortgage loan escrow accounts. Previously, Wisconsin required institutions to pay interest on escrow accounts at a rate of no less than 5.25 percent if the loan was originated between February 1984 and December 1993, or at a variable rate if the loan was originated on or after January 1, 1994. Effective April 17, financial institutions are not required to pay interest on escrow accounts for residential mortgage loans originated on or after the effective date.
States pass legislation updating security freeze laws
On April 12, the Kansas governor signed HB 2580, which amends existing law to prohibit consumer reporting agencies (CRAs) from charging a fee to a consumer for placing, temporarily lifting, or removing a security freeze on his or her credit report. Moreover, it prevents CRAs from charging fees for replacing a previously requested personal identification number. The law is effective July 1.
Additionally, on April 10, the Iowa governor signed SF 2177, which updates the state’s security freeze law to prohibit CRAs from charging a fee to a consumer for placing, temporarily lifting, removing, or reinstating a security freeze on his or her credit report. Additionally, among other things, the law (i) expands the methods a consumer may use to submit a request for a security freeze; (ii) reduces the number of days CRAs must commence a security freeze after receiving a request from five to three business days; (iii) requires CRAs to send written confirmation within three business days to a consumer after placing a security freeze; and (iv) states that if a consumer requests a security freeze from a CRA that “compiles and maintains files on a nationwide basis,” the CRA must attempt to identify other CRAs that also maintain nationwide files so that the consumer may request additional security freezes. The amendments generally take effect July 1, with the exception of certain provisions that take effect January 1, 2019.
Visit here for additional InfoBytes coverage on states that have recently enacted similar prohibitions.
Arizona governor amends data breach law, updates security freeze legislation
On April 11, the Arizona governor signed HB 2154 to amend the state’s existing data breach notification law. The amendments require entities conducting business in the state that maintain, own, or licenses unencrypted and unredacted computerized data to conduct a reasonable investigation of possible breaches of personal information. Owners or licensees of personal information must then notify affected individuals within 45 days, pending the needs of law enforcement. Key amendment highlights are as follows:
- makes revisions to definitions, which include (i) expanding “personal information” to include a combination of a user’s name, password/security question, and answer that grants access to an online account; (ii) defining the term “redact”; and (iii) clarifying that a “specified data element” now includes an individual’s unique “private key” used when authenticating or signing an electronic record;
- adds a requirement that for breaches impacting more than 1,000 individuals, the Attorney General and the three largest consumer reporting agencies must be notified in writing;
- amends a provision concerning “substitute notice,” which removes requirements that a notification must to be sent to affected individuals via email as well as notifying major statewide media. The amendments now stipulate that an entity is required to notify the Attorney General’s office in writing to demonstrate the reasons for substitute notice in addition to posting a notice on the entity’s website for at least 45 days; and
- clarifies a section that states entities are no longer required to notify affected individuals if an independent third-party forensic auditor or law enforcement agency “determines after a reasonable investigation that a security system breach has not resulted in or is not reasonably likely to result in substantial economic loss to affected individuals.”
Separately, on April 3, the governor signed SB 1163, which amends existing law to prohibit credit reporting agencies from charging a fee to a consumer for the placement, removal, or temporary lifting of a security freeze. Moreover, it prevents credit reporting agencies from charging fees for replacing a lost personal identification number or password.
Both bills are scheduled to take effect 91 days after the end of the legislative session.