InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Arizona Enacts Laws Providing for Legal Recognition of Certain Electronic Signatures and Other Records
Last month, Arizona Governor Doug Ducey signed into law two pieces of legislation (S.B. 1084 and S.B. 1078), which formally grant legal recognition of electronic records and signatures under state law. Specifically, the new laws—each of which were passed unanimously by both houses of the Arizona legislature—formally acknowledge the legality of certain electronic records and signatures for the purpose of “satisfy[ing] any law that requires a record to be in writing or to be retained or both.” S.B. 1084 further details the requirements that must be satisfied when creating, sending, and accepting electronic signatures or records in order to qualify for legal recognition under the new law. As previously reported in InfoBytes, Arizona also recently enacted H.B. 2417, which recognized blockchain signatures and smart contracts under state law.
Nationwide Mortgage Licensing System Unveils New Money Services Businesses Call Report
On April 1, the Nationwide Mortgage Licensing System (NMLS) Money Services Businesses (MSB) unveiled “the first comprehensive report to consolidate state MSB reporting requirements and provide a database of nationwide MSB transaction activity.” It also allows licensees to report directly in NMLS for all states on a quarterly and annual basis. The release of the MSB Call Report culminates “a multi-year effort by state regulators to develop a tool to standardize and streamline routine reporting requirements for state-licensed Money Services Businesses”—including money transmitters, check cashers, and prepaid card issuers. The MSB Call Report contains three sections: (i) “company financial information”; (ii) “information about the licensee’s company and state level transactional activity”; (iii) “company permissible investments information”; (iv) “and transaction destination country information.” According to the MSB Call Report webpage, 18 state agencies will adopt the MSB Call Report for Q1 2017 reporting.
NMLS is the system of record for non-depository, financial services licensing or registration in participating state, territory and local agencies. Although NMLS does not grant or deny license authority, it does—in participating jurisdictions—serve as the official system for companies and individuals seeking to apply for, amend, renew and surrender licenses. NMLS is also the sole system of licensure for mortgage companies and the system of record for the registration of depositories, subsidiaries of depositories, and Mortgage Loan Originators (MLOs) under the CFPB’s Regulation G (S.A.F.E. Mortgage Licensing Act—Federal Registration of Residential Mortgage Loan Originators).
Additional information and a list of the state agencies that have adopted the report as of March 2017 can be accessed through the NMLS Resource Center.
California Department of Business Reaches $1.4 Million Settlement with Michigan-Based Mortgage Lender and Servicer
On April 10, the California Department of Business Oversight (DBO) announced a settlement with a California-licensed mortgage lender and servicer—whose principal place of business is based in Michigan—resolving allegations that the company violated California’s statutory restriction on per diem interest. California law prohibits lenders from “charging interest on mortgage loans prior to the business day that immediately precedes the day the loan proceeds are disbursed.” Pursuant to the consent order, the allegations against the company arose from two regulatory examinations conducted by DBO in 2011 and 2013, whereby the company—in order to avoid an enforcement action—agreed to cooperate fully with DBO’s request for audits, to refund per diem overcharges, and to consent to the issuance of the final order to pay refunds, penalties, and discontinue further violations. The terms of the consent order include $293,127 in refunds previously provided to approximately 3,400 borrowers for loans funded between August 2011 and May 2015, as well as future restitution to additional borrowers identified in required self audits of loans made between from June 2015 through February 2018. The order further requires the company to pay an additional $1.1 million in penalties for identified overcharges, as well as $125 for each additional violation discovered in the self audits.
New Mexico Enacts New Laws Affecting Payday Lenders, Check Cashing Service Providers, and the Enforcement of Service Contracts / Warranties
On April 6, New Mexico enacted H.B. 347, a bill amending the New Mexico Small Loan Act of 1955 (NMSLA) and Bank Installment Loan Act of 1959 (NMILA) to effectively eliminate “payday loans” in the state by requiring that loans of $5,000 or less be made pursuant to the NMSLA or NMILA. Specifically, the new law caps the annual percentage rate of such loans at 175% and requires lenders operating in New Mexico to provide loan terms of at least 120 days, and a minimum repayment schedule of four installments of substantially equal amounts. The new law also limits the fees and charges a lender may assess in connection with loans made under the NMSLA or NMILA as well as the number of times a lender may present a check or other debit for payment. Furthermore, lenders are prohibited from extending loans under the NMSLA or NMILA if the consumer has not repaid any loans previously obtained under these acts, and all lenders must report the terms of these loans to consumer reporting agencies. Notably, these new requirements do not apply to federally insured depository institutions. Moreover, H.B. 347—which takes effect on January 1, 2018—will be enforced exclusively by the state. Counties, municipalities, and other political subdivisions of the state are preempted from any regulation of terms and conditions regarding these loans whether by ordinance, resolution, or otherwise. A violation of either the NMSLA or the NMILA will constitute an unfair or deceptive trade practice under New Mexico’s Unfair Practices Act.
Also on April 6, Governor Susana Martinez signed into law S.B. 220, a bill that amends the Service Contract Regulation Act by adding and amending definitions; providing for surety through insurance policies; and providing specific information to be included into contracts and warranties. Specifically, the amendments—which are scheduled to take effect on June 16—allow providers to obtain a reimbursement insurance policy in lieu of maintaining a deposit with the Superintendent of Insurance.
That same day, Governor Martinez also enacted H.B. 276, a bill that increased from $500 to $2,500 the revenue threshold within a 30-day period that triggers New Mexico’s Uniform Money Services Act licensing requirement for check cashing businesses. H.B. 276 is scheduled to take effect July 1.
New Mexico Enacts Data Breach Notification Act
On April 6, New Mexico Governor Susana Martinez signed into law the Data Breach Notification Act (H.B. 15), making New Mexico the 48th state to pass a data breach notification law. Under the new law—which is scheduled to take effect on June 16—companies are now required to notify any New Mexico residents (and in certain circumstances consumer reporting agencies and the state’s attorney general) following the discovery of a “security breach” involving that resident’s “personal identifying information.” The Act—which unanimously cleared both New Mexico’s House and Senate—also establishes standards for the secure storage and disposal of data containing personal identifying information and provides for civil penalties for violations.
According to the Act, “personal identifying information” consists of an individual’s first name or first initial and last name in combination with any one or more of the following data elements: (i) Social Security number; (ii) driver's license number or government issued identification number; (iii) account number, credit card, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; or (iv) biometric data. As with many other states’ breach notice laws, the term “security breach” is defined as “the unauthorized acquisition of unencrypted computerized data, or of encrypted computerized data and the confidential process or key used to decrypt the encrypted computerized data, that compromises the security, confidentiality or integrity of personal identifying information maintained by a person.” However, notice to affected residents is not required if the entity “determines that the security breach does not give rise to a significant risk of identity theft or fraud.” The Act also sets out the required contents of, and methods for providing, notification—which generally must be made no later than 45 days after the breach was discovered—including substitute methods if certain criteria are met. Certain entities, including those subject to GLBA or HIPAA, are exempt from the requirements of the Act.
Notably, the Act does not provide its citizens with a private right of action, but rather charges the state’s attorney general with enforcing the Act through legal actions on behalf of affected individuals. The Act provides for the issuance of injunctive relief and/or damages for actual losses including consequential financial losses. For knowing or reckless violations of the Act, a Court also may impose civil penalties of $25,000, or in the case of a failure to notify, a penalty of $10 per instance up to a maximum penalty of $150,000.
State AGs, Industry Groups Submit Comments Addressing CFPB’s Proposed Delay of Prepaid Accounts Rule
As previously covered in InfoBytes, the Bureau released its final rule (the “Prepaid Accounts Rule”) on prepaid financial products in October of last year in order to provide consumers with additional federal protections under the Electronic Fund Transfer Act and also to offer consumers standard, easy-to-understand information about prepaid accounts. Recently, however, the CFPB announced its intention to delay the effective date of its Prepaid Accounts Rule by six months. If approved, the proposed extension would push back the current October 1, 2017, effective date to April 1, 2018. According to the proposed rule and request for public comment published by the Bureau in the March 15 Federal Register, the extension comes in response to comments received from “some industry participants” who “believe they will have difficulty complying with certain provisions.” The CFPB has taken the position that extending the deadline for compliance “would, among other things, help industry participants address certain packaging-related logistical issues for prepaid accounts that are sold at retail locations.” Comments on the proposal were due April 5.
State AG’s Letter. On April 5, attorneys general from 17 states and the District of Columbia submitted a letter to congressional leaders presenting various arguments against pending House and Senate resolutions (S.J. Res. 19, H.J. Res. 62, and H.J. Res. 73) providing for congressional disapproval and effectively nullifying the CFPB’s Prepaid Accounts Rule. The state attorneys general—including AGs for the District of Columbia, California, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Minnesota, Mississippi, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, and Washington, along with the Executive Director of the Hawaii Office of Consumer Protection—argued, among other things, that consumer protections provided by the Rule are important because, among other things, “consumers frequently report concerns about hidden and abusive fees as well as fraudulent transactions that unfairly deplete the funds loaded onto prepaid cards.” The AGs’ letter notes further that prepaid cards are often used by “vulnerable consumers” who have limited or no access to a traditional bank account. Notably, although they characterize these congressional resolutions as a “misplaced effort,” the state AGs acknowledge that the Congressional Review Act “gives Congress, with the President’s signature, a window to veto a rule from going into effect.”
American Bankers Association (ABA) Letter. In another comment letter, submitted on April 3, the ABA commended the CFPB for “proposing to extend the deadline” because, among other things, “some industry participants, especially those offering prepaid cards in retail stores, may have difficulty complying with certain provisions.” The ABA also noted that the extension of time presents an opportunity for the Bureau to “consider making adjustments as appropriate to ensure unnecessary disruption to consumers’ access to, and use of, prepaid accounts.” As explained in the letter, the ABA’s primary concern about the Prepaid Accounts Rule “remains the inconsistency and lack of clarity of the regulation’s distinction between checking accounts and prepaid accounts.” To this end, the ABA recommends that the Bureau use the extra time to “remove inconsistencies in the Rule and clarify the distinction between a prepaid account and a checking account to ensure that banks do not inadvertently violate the regulation and risk significant potential liability and supervisory actions.” The ABA’s letter also calls for “similar changes” to the “definition of ‘payroll account’” in order to further distinguish product types.
Independent Community Bankers of America (ICBA) Letter. Also on April 3, the ICBA also submitted a short comment letter stating, among other things, that it “fully supports extending the effective date” as the additional time will “ensure that systems and technology changes could be made to facilitate compliance.”
Virtual Currency Added to Utah’s Unclaimed Property Act
In March, Utah passed SB 175 amending its Unclaimed Property Act. Among the changes incorporated through the new law was the expansion of the law’s coverage to include “virtual currency”—a term the law defines as “a digital representation of value used as a medium of exchange, unit of account, or store of value, which does not have legal tender status recognized by the United States.” Notably, this definition explicitly excludes “(i) the software or protocols governing the transfer of the digital representation of value; (ii) game-related digital content; (iii) a loyalty card; (iv) membership rewards” and “(v) a gift card.” Virtual currency subject to Utah law must be turned over to the state’s treasury after it has been “presumed abandoned” for a prescribed period of time. The law contains a detailed test for when property has been presumed abandoned, when the clock starts ticking, and under what circumstances that clock may be paused and/or reset. In a March 15 press release, Utah Treasurer David Damschen, “applauded the final passage of SB 175,” but also explained that “there are certain changes in the law related to properties held by the banking and insurance industries that we may still have to make,” including, for example “certain prepaid debit card account balances.”
North Carolina AG Announces Settlement with Student Loan Debt Relief Company
On March 27, the North Carolina Department of Justice announced it had settled a lawsuit against a student loan debt relief company for allegedly charging upfront fees while failing to perform promised debt relief services. NC Attorney General Josh Stein stated that the terms of the consent order will provide restitution of more than $375,000 to 377 affected borrowers and will further prohibit the company from engaging in similar conduct in the future. The consent order is not presently available to the public.
New York AG Announces Settlements with Three Mobile Health Application Developers over Misleading Marketing Practices and Privacy Policies
On March 23, the New York Attorney General’s (NYAG) office announced settlements with U.S.-, Austria-, and Israel-based mobile application (app) developers who allegedly participated in misleading marketing practices and the mismanagement of consumer information—both of which are violations of New York Executive, Education, and General Business Laws. Two of the three developers claimed their health-related apps accurately measured heart rates, and a third allegedly claimed its app would measure a fetal heartbeat. However, all three failed to test the apps for accuracy, conduct comparisons to other approved products, or obtain approval by the U.S. Food and Drug Administration. The developers have agreed to provide additional testing information, will correct misleading advertisements, obtain affirmative consent from consumers for developers’ privacy policies, and will pay $30,000 in combined penalties to the NYAG’s office. Furthermore, all three developers have also made changes to their privacy policies and disclose the collecting and sharing of information that “may be personally identifying” including “users’ GPS location, unique device identifier, and ‘deidentified’ data that third parties may be able to use to reidentify specific users.”
Supreme Court Remands Texas Credit Card Surcharge Case
On April 3, the U.S. Supreme Court granted certiorari in a case challenging a Texas law that bars retailers from imposing credit card surcharges, and remanded the case to the Fifth Circuit in light of its ruling last week in Expressions Hair Design, that a similar statute in New York regulated merchants’ First Amendment rights. In Rowell, a landscaping business, a computer networking company, a self-storage facility, and an event design and production company sought to challenge a Texas law allowing merchants to charge different prices to customers who pay with cash and customers who pay with a credit card, but barring merchants from describing the price difference as a surcharge for credit cards, leaving them to describe it instead as a discount for using cash. The Fifth Circuit held that the Texas law did not violate the retailers’ free speech rights, aligning it with the Second Circuit in its September 2015 ruling in the Expressions Hair Design litigation against New York State.
As previously reported on InfoBytes, the Supreme Court last week in the Expressions case unanimously rejected the Second Circuit’s conclusion that the New York credit card law regulates conduct alone, rather than speech. As explained in the Supreme Court’s opinion, the law at issue “is not like a typical price regulation,” which regulates a seller’s conduct by dictating how much to charge for an item. Rather, the Court explained, the law regulates “how sellers may communicate their prices.” (emphasis added). The Supreme Court, however, did not address the question of whether the law unconstitutionally restricts speech.