InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
PA Department of Banking & Securities Releases Consumer Pamphlet on Credit Reporting
On March 7, the Pennsylvania Department of Banking and Securities announced it has published a new brochure to help consumers better understand what information should be included in their credit report and what steps to take if there is an issue.
Payroll Card Regulations in New York Are Struck Down
In a Decision released on February 16, the New York Industrial Board of Appeals struck down the portions of a New York Department of Labor regulation (12 NYCRR 192), set to go into effect on March 7, that would have restricted a New York employers’ ability to pay its employees via payroll debit card. Specifically, the board ruled that the Department had exceeded its authority under New York labor law and encroached upon the jurisdiction of banking regulators when imposing fee limits and other restrictions on the cards.
The new rule – which was adopted by the Department of Labor in September 2016, and codified at section 192 of the New York Labor Law – set forth numerous regulations clarifying and/or specifying the acceptable methods by which employers in New York State may pay wages to certain employees. Among other things, the regulation required that an employer provide written notice to the employee and obtain written consent from the employee at least seven business days prior to taking action to issue the payment of wages by payroll debit card. The new rule would also have prohibited many fees, including charges for monthly maintenance, account inactivity and overdrafts, and for checking a card’s balance and contacting customer service.
At issue before the Industrial Board of Appeals was a petition submitted by a single payroll debit card vendor challenging the Department of Labor’s authority to regulate payroll debit cards. Ultimately, the Board agreed with the vendor, finding that the Department sought to improperly regulate banking services provided by financial institutions – an area subject to the exclusive jurisdiction of the New York Department of Financial Services. In reaching this holding, the Board noted that that the Department of Financial Services already regulates and has issued guidance concerning the fees that financial institutions may charge for banking services, including those related to checking accounts and licensed check cashers. The Board also noted that, should the Department of Labor wish to challenge the Decision, it may bring an Article 78 proceeding in New York Supreme Court, or, alternatively, it may choose to revise the Prepaid Card-related provisions identified in the Decision.
NY AG Schneiderman Releases List of “Top Ten” Frauds for 2016
On March 6, 2017, New York Attorney General Eric T. Schneiderman released the state’s 2016 top ten list of consumer fraud complaints. For the past 11 years, Internet-related complaints concerning service providers, data privacy and security, and consumer fraud topped the list, closely followed by complaints about automobile sales, service, financing, and repairs. Credit complaints about debt collection, billing, debt settlement, payday loads, credit repair and reporting agencies, and identity theft were sixth. Complaints related to mortgages were ninth. Not on the top ten list but highlighted by the Attorney General’s office were complaints involving scam student debt relief companies as well as two common schemes known as the IRS scam and the Grandparent scam. Also provided were tips consumers should use to protect themselves and their families.
28 State AGs File Amicus Brief with Supreme Court in Debt Collection Case
On February 24, the New Mexico Attorney General, along with 27 other states and the District of Columbia, announced that his office had joined in an amicus brief filed with the Supreme Court supporting the plaintiff in Henson v. Santander. As previously covered in Infobytes, the defendant argued below—and the Fourth Circuit agreed—that the FDCPA did not apply to a consumer finance company that purchased and then sought to collect a debt in default on its own behalf because it was not a debt collector as defined in the statute. In their amicus brief, the attorneys general oppose the Fourth Circuit holding and argue that any “company that regularly attempts to collect defaulted debt that it has purchased is a ‘debt collector’ as the FDCPA defines [the] term,” and therefore, the obligations and restrictions of the FDCPA should apply. The Supreme Court set oral arguments for April 18 of this year.
Colorado Issues Advisory on Entities Required to File UCCC Sales Finance Notifications
On December 28 of last year, the Colorado Attorney General’s Office, through the Administrator of the Uniform Consumer Credit Code (UCCC), issued an advisory for entities filing sales finance notifications. The advisory strongly recommends that purchasers and assignees of consumer credit transactions subject to the UCCC develop and implement a due diligence process to confirm that the retail credit sellers originating those contracts have filed the proper notice under UCCC Section 5-6-203(4). As explained in the advisory, if notice is not properly filed, consumers “may not have an obligation to pay the finance charge due on those consumer credit transactions.” The list of retail credit sellers who currently file notifications with the department can be accessed here.
NYDFS Landmark Cybersecurity Rule Set to Take Effect on March 1
On February 16, New York Governor Andrew Cuomo announced that with the New York Department of Financial Services’ (NYDFS) publication of a Final Regulation, New York’s “First-in-the-Nation Cybersecurity Regulation” is set to take effect on March 1. As discussed previously in InfoBytes, the regulation—which requires banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain a cybersecurity program designed to protect consumers’ private data—imposes broad and, in some cases proscriptive, data security and cybersecurity requirements on Covered Entities that venture into new territory for both state and federal financial regulators. Indeed, as described by Governor Cuomo, the regulation reflects New York’s efforts to “lead[] the nation” through “decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises.”
Moreover, as detailed in a follow-up InfoBytes Special Alert, NYDFS issued a updated proposed regulation on December 28 in response to over 150 comments and testimony presented at a hearing before New York State lawmakers. Though the updated proposed regulation did not differ drastically from the original, the revised proposed regulation provided for somewhat greater flexibility in how covered entities could go about implementing the requirements. Among other things, the December 28 revisions provided for: (i) longer timeframes for compliance with its requirements; (ii) more flexibility for compliance with certain requirements and acknowledgement that some requirements may not be applicable to all financial institutions; and (iii) clarifications to certain key definitions.
The newly released Final Regulation retains the revisions incorporated in the December 28 revision, but also contains the following notable revisions:
- Record retention requirements for audit trail materials relating to Cybersecurity Events were reduced from five years to three years.
- Clarification that Covered Entities’ policies and procedures for reporting by Third Party Service Providers of Cybersecurity Events only apply to the Covered Entity’s Nonpublic Information.
- The limited exemption for small businesses to certain requirements of the rule has been narrowed by including a Covered Entity’s New York affiliates when calculating its number of employees and annual revenue.
- Further clarification on the exemptions for companies regulated under New York’s Insurance Law.
With the expiration of the 30-day comment period and the publication of the Final Rule, New York’s Cybersecurity regulation is officially cleared to become effective upon publication in the New York State Register on March 1.
InfoBytes will continue to monitor the rollout of this pioneering regulation as it progresses.
California Department of Business Reaches $225 Million Settlement with Servicing Company
On February 17, the California Department of Business Oversight (DBO) announced a settlement with a national mortgage servicer, resolving allegations that the company committed numerous violations of state and federal laws and regulations. The allegations arose from examinations of the company’s servicing practices by a third-party auditor. The examinations were conducted pursuant to a January 23, 2015 consent order entered into by the DBO and the company, and covered the period of January 1, 2012 through June 30, 2015. The 2017 consent order requires the company to pay $20 million in borrower restitution, mandates that the company provide borrowers with $198 million of debt forgiveness through loan modifications over three years, and imposes $5 million in penalties, attorney’s fees, and costs. However, the terms of the order also restore the company’s ability to service new California mortgages.
Georgia Attorney General Orders Payday Lenders to Pay $40 Million in Civil Monetary Penalty and Restitution to Consumers
On February 8, the Office of the Georgia Attorney General announced that it had entered into a settlement agreement with two payday lenders over claims that the companies violated the state’s Payday Lending Act, which prohibits unlicensed loans of $3,000 or less. While the interest rate for loans made under the Payday Lending Act is capped at 10 percent, the unlicensed lenders in this case allegedly issued over 18,000 loans with interest rates ranging from 140 percent to 340 percent and collected over $32 million in associated interest and fees since 2010. According to the terms of the settlement, the companies are required to (i) pay $23.5 million in consumer restitution; (ii) cease all collections and forgive all outstanding loans; (iii) pay a $1 million civil penalty to the state; and (iv) pay $500,000 as reimbursement for the state’s attorneys’ fees and costs.
New York Attorney General Announces Settlements Over Data Collection Practices
On February 9, the New York Attorney General’s (NYAG’s) office announced two settlements with mobile app developers who allegedly omitted information about their data collection practices in their privacy policies. While the investigation revealed that neither developer misused their customers’ personal information or improperly disclosed such information to third parties, the NYAG’s office determined that both companies failed to properly disclose the fact that they had collected the information as required by law. Both companies have agreed to add privacy policies to their apps.
State Financial Regulators Release BSA/AML Compliance Tool
On February 1, the Conference of State Bank Supervisors (CSBS) announced the release of its BSA/AML Self-Assessment Tool—a new, voluntary tool to help banks and non-depository financial institutions better manage Bank Secrecy Act/Anti-Money Laundering (BSA/AML) risk. Building upon CSBS’s efforts to help banks understand their risk exposure to third-parties, the self-assessment tool—developed jointly by the CSBS and state regulators—aims to help institutions better identify, monitor, and communicate BSA/AML risk, thereby reducing some of the burden and uncertainty surrounding compliance and facilitating more transparency within the financial sector. The self-assessment tool is available for use by any institution and may be accessed here. A narrated tutorial is also available here. Last year, CSBS released a white paper that outlines state supervision of money services businesses.