InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Texas has new licensing requirements for digital-asset platforms
In June, the Texas governor signed HB 1666 (the “Act”) to add practice restrictions to digital asset service providers, defined as electronic platforms that facilitate the trading of digital assets on behalf of a digital asset customer and maintain custody of the customer’s digital assets. The Act applies to a digital asset service provider conducting business in Texas that holds a money transmission license and either services more than 500 digital asset customer in the state or has at least $10 million in customer funds. Digital asset service providers are required to comply with certain provisions in order to obtain and maintain a money transmission license including provisions relating to the commingling of funds, customer access to funds, accounting requirements, annual reporting requirements. The Texas Department of Banking has the authority to suspend and revoke a license if these requirements are not met and may impose a penalty for violations of the Act. The commissioner also has examination authority and may promulgate rules to administer and enforce the Act’s provisions. The Act is effective September 1. Certain financial institutions and entities not required to hold a money transmission license are exempt.
Louisiana amends virtual currency licensing
On June 13, the Louisiana governor signed SB 185 (the “Act”), which amends provisions relating to the regulation and licensure of virtual currency businesses and is effective immediately. The Act adds and amends several definitions, including “acting in concert,” “affiliate,” “blockchain,” “mining,” “non-fungible token,” “responsible individual,” “unsafe or unsound act or practice” “virtual currency business activity,” and “virtual currency network.” With respect to licensure, the Act now requires applicants to provide a copy of their business plan, detailing, among other things, the anticipated volume of virtual currency business activities in the state, the expected number of virtual currency locations (including kiosks) in the state, and information on surety bonds and tangible net worth. Applicants must also provide audited financial statements and certificates of coverage for each liability, casualty, business interruption, and cybersecurity insurance policies (applicable policies for affiliates, agents, and control persons are required as well) with respect to an applicant’s virtual currency business activities. The Act also adds numerous licensing conditions and includes new requirements relating to background checks/criminal records/character fitness and fees and costs. Applicants will now be required to provide their financial services-related regulatory history, including information concerning money transmission, securities, banking, insurance, and mortgage-related industries. The Act extended the time that the state’s office of financial institutions has after the completion of an application to notify an applicant of its decision from 30 days to 60 days. If the office denies a license application, an advanced change of control notice, or an advanced change of responsible individual notice, an applicant has 30 days to appeal. Information on submitting annual licensing renewal applications, as well as guidance on providing appropriate disclosures is also included.
Furthermore, the Act outlines provisions to protect residents’ assets, including prohibitions on selling, transferring, and assigning virtual currency and commingling assets belonging to a resident with assets belonging to a licensee. Also stipulated within the Act are authorities granted to the commission relating to examinations, investigations, and enforcement activity, as well as the authority to coordinate and share information and conduct joint examinations with other state regulators of virtual currency business activities.
Unregistered crypto platform to pay $1.8 million to New York
On June 15, the New York attorney general announced a settlement with a Hong Kong-based cryptocurrency platform to resolve allegations that the company failed to register as a securities and commodities broker-dealer and falsely represented itself as a crypto exchange. The respondent’s platform enables investors to buy and sell cryptocurrency. An investigator was able to create an account on the platform using a New York-based IP address to buy and sell tokens even though the respondent was not registered with the state. (Under New York law, securities and commodities brokers are required to be registered.) The respondent is ordered to refund more than one million dollars to investors and pay more than $600,000 to the state. According to the settlement, investors will receive their refunds in the form of cryptocurrency within 90 days. Additionally, the respondent must cease operating in the U.S., and implement geoblocking to prevent New York IP addresses from accessing its platform. The platform is also banned from offering, selling, or purchasing securities and commodities in New York, and must send weekly emails to its investors in New York, advising them to withdraw their funds from their accounts, or their funds will be transferred to the AG’s office. “Unregistered crypto platforms pose a risk to investors, consumers, and the broader economy,” the AG said, further warning of the serious consequences to other crypto platforms that do not follow New York law. This settlement follows other crypto-related legislation and suits from the New York AG (covered by InfoBytes here).
Colorado amends GAP requirements
The Colorado governor recently signed HB 23-1181 (the “Act”) to codify and amend rules relating to guaranteed asset protection (GAP) agreements (designed to relieve “all or part of a consumer’s liability for the deficiency balance remaining, after the payment of all insurance proceeds,” upon the total loss of a consumer’s motor vehicle that served as collateral for a loan). In addition to adding new definitions and outlining exemptions, the Act also, among other things, (i) establishes conditions, notices, and provisions that must be included in order to offer, sell, provide or administer a GAP agreement in connection with a consumer finance agreement; (ii) establishes that the maximum fee that may be charged for a GAP agreement must not exceed four percent of the amount financed in the consumer credit transaction or $600, whichever amount is greater; (iii) provides that a creditor may contract for, charge, and receive only one GAP fee as part of an agreement regardless of the number of co-borrowers, co-signers, or guarantors; (iv) lays out the process for calculating a deficiency balance and how much a consumer is owed in the event of a total loss; (v) establishes requirements in the event a GAP agreement is cancelled; (vi) details when a consumer must submit a GAP agreement claim after a total loss; and (vii) prohibits the sale of a GAP agreement in specific circumstances.
The Act is effective January 1, 2024, and applies to GAP agreements entered into on or after this date.
Colorado bill amends student loan provisions and UCCC licensing renewal deadlines
On June 5, the Colorado governor signed SB 23-248 (the “Act”), which addresses consumer protection in certain credit transactions. Among other things, the bill amends, repeals, and adds sections around lender nomenclature in the Colorado Student Loan Equity Act. The Act defines the terms “private education creditor” and “creditor” as (i) “any person engaged in the business of making or extending private education credit obligation”; (ii) “a holder of a private education credit obligation”; or (iii) “a seller, lessor, lender, or person that makes or arranges a private education credit obligation and to whom the private education credit obligation is initially payable or the assignee of a creditor’s right to payment.” Several exemptions are outlined. The Act also establishes the term “refinanced” to mean when “an existing private education credit obligation is satisfied and replaced by a new private education credit obligation undertaken by the same consumer.” In subsequent sections, words like “lender” and “loan,” amongst other things, are replaced with the newly defined terms. The Act also amends certain provisions relating to Uniform Consumer Credit Code (UCCC) licensing renewal and fee due dates. Specifically, all supervised lender licensees must file for renewal and pay the appropriate renewal fees by July 1 annually, where previously the renewal due date was January 1 each year.
The Act takes effect the day after the expiration of the 90-day period following adjournment of the general assembly.
Texas enacts digital services bill to protect minors
On June 13, the Texas governor signed HB 18 to enact the Securing Children Online through Parental Empowerment (SCOPE) Act. The Act will require digital service providers to register a person’s age and, if the user is determined to be a minor (younger than 18 years of age), the provider is required to: (i) limit the collection of personal identifying information (PII) to what is reasonably necessary to provide the service; (ii) limit use of PII to the purpose for which it was collected; (iii) prevent the user from engaging in financial transactions through the digital service; (iv) prevent the user’s PII from being shared, disclosed, or sold; (v) not use the digital service to collect precise geolocation data on the user; or (vi) not use the digital service for targeted advertising. Digital service providers are also required to create tools for parents to control their minor children’s accounts and privacy settings and should reasonably attempt to limit advertising and algorithms that direct minors to harmful content.
SCOPE applies only to those who provide a digital service that enables minor users to socially interact with other users on the digital service and create, post, or share content. SCOPE outlines numerous exemptions, including exemptions for financial institutions, certain covered entities governed by the Health Insurance Portability and Accountability Act, certain persons subject to the Family Educational Rights and Privacy Act, and certain affiliates or subsidiaries of an internet service provider.
While the Act explicitly prohibits its use as a basis for a private right of action, it does grant the state attorney general exclusive authority to enforce the law (a violation of the Act is considered a deceptive act or practice). The Act takes effect September 1, 2024.
Republicans seek to overturn CFPB small-biz lending rule; Georgia AG says rule is unnecessary and burdensome
Recently, several House Republicans introduced a joint resolution of disapproval (H.J. Res. 66) under the Congressional Review Act to overturn the CFPB’s small business lending rule. As previously covered by InfoBytes, last month the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act. Effective August 29, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses (defined as an entity with gross revenue under $5 million in its last fiscal year). Both traditional banks and credit unions, as well as non-banks, will be required to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
Also opposing the final rule, Georgia Attorney General Christopher M. Carr sent a letter to CFPB Director Chopra requesting that the final rule be rescinded. Carr argued that the final rule places an unnecessary and expensive burden on financial institutions, and that “[w]ith the current uneasiness in the market and a plethora of other challenges facing community banks, now is not the time to require them to gather more information that has absolutely nothing to do with the process of evaluating which applicants are the strongest and most deserving of capital.” Carr further contended that if lending discrimination is a “rampant problem,” the Bureau should use channels already in place to address this issue. Pointing out that states already have their own consumer protection and anti-discrimination statutes in place, Carr argued that the final rule imposes redundant compliance requirements on financial institutions, particularly community banks. Carr asked the Bureau to “allow states to continue to address lending issues as they occur, rather than saddling small businesses with burdensome regulations.”
Additionally, in April, a group of plaintiffs, including a Texas banking association, filed a lawsuit against the Bureau seeking to invalidate the final rule. (Covered by InfoBytes here.) Plaintiffs argued that the final rule will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses.
District Court says MLA’s statute of limitations begins upon discovery of facts
The U.S. District Court for the Eastern District of Virginia recently granted an installment lender’s motion to dismiss, ruling that most of the class members’ claims are time-barred by the Military Lending Act’s (MLA) two-year statute of limitations. Plaintiffs are active duty servicemembers who entered into installment loans with the defendant. Claiming four violations of the MLA, plaintiffs alleged the defendant (i) extended loans with interest rates exceeding the MLA’s 36 percent interest rate cap; (ii) extended loans that involved roll overs of prior loans; (iii) required plaintiffs to agree to repayment by allotment (with a backup preauthorized electronic fund transfer) as a condition to receiving a loan; and (iv) required plaintiffs to provide a security interest in their bank accounts as a condition for receiving a loan. Plaintiff sought to certify a class covering the five years preceding the date the complaint was filed. Defendant moved to dismiss, arguing that plaintiffs have only been harmed by technical violations of the MLA and did not suffer a concrete injury. Plaintiffs countered that the defendant’s MLA violations caused them to sustain injuries from making payments, including interest payments, “on loans that were ‘void from [their] inception’ [] due to their unlawful refinancing, allotment, and security interest requirements.”
The court reviewed a significant issue raised by the parties’ differing interpretations of the MLA’s statute of limitations and its applicability to plaintiffs’ loans. Specifically, the parties disagreed as to whether “discovery by the plaintiff of the violation,” which triggers the two-year limitations period, requires that a plaintiff only discover the facts constituting the basis for the violation, as argued by the defendant, or instead requires that a plaintiff also know that the MLA was violated, as the plaintiffs argued. While acknowledging that the text in question is inconclusive, the court stated that since the MLA “does not require ‘discovery’ of both the ‘violation’ and ‘liability’ but only the ‘violation that is the basis for such liability,’ the text appears to support the interpretation that only discovery of the violative conduct is required, and
not discovery of the actionability of that conduct.” The court also reviewed other federal statutory discovery rules where other courts “have consistently found that ‘discovery’ requires that a plaintiff have knowledge only of the facts constituting the violation and not the legal implications of those facts.” Relying on this, as well as other court interpretations, the court determined that “the two-year limitations period is triggered when a plaintiff discovers the facts
constituting the basis for the MLA violation and not when the plaintiff recognizes that these facts
support a legal claim.” Thus, the court found that most of the loans underlying the claims are time-barred.
However, for loans that fell within the applicable limitations period, the court granted defendant’s motion to dismiss for failure to state a claim, concluding, among other things, that a creditor is not prohibited from taking a security interest in a plaintiff’s bank account by way of a preauthorized electronic fund transfer provided the military annual percentage rate does not exceed the allowable 36 percent (a claim, the court noted, plaintiffs dismissed and did not otherwise address). Moreover, the court determined that plaintiffs failed to allege that the defendant was a “creditor” under the narrower definition used by the MLA in its refinancing and roll-over prohibition or that the defendant’s “characterization of the convenience of repayment by allotment amounted to a misrepresentation or concealment of facts giving rise to plaintiffs’ MLA claim.”
DFPI highlights CCFPL enforcement actions
On June 8, the Department of Financial Protection and Innovation (DFPI) released its second annual report covering California Consumer Financial Protection Law (CCFPL) actions two years after the statute took effect. DFPI reported growth across rulemaking, enforcement, supervision, complaint handling, stakeholder outreach, and consumer education. It also developed several new department functions to support historically underserved communities.
According to the report, DFPI’s increased visibility in the consumer protection space has generated more consumer complaints, resulting in more enforcement actions. Compared to 2021, there was a 514 percent increase in CCFPL-related complaints (approximately 454 complaints), and an 85 percent increase in CCFPL-related investigations (approximately 196 investigations). Top complaint categories included debt collection and crypto assets, with student loan servicers and credit reporting closely following at third and fourth. To address these issues, DFPI opened 110 crypto-related investigations and launched a consumer alerts page on its website featuring 67 public actions and 65 consumer alerts.
Other key takeaways from the report include that DFPI (i) ordered more than $250,000 in penalties; (ii) ordered over $300,000 in restitution to consumers; (iii) brought its first two civil actions using CCFPL authority; (iv) had 105,000 people attend its outreach and education events; (v) published a notice of proposed rulemaking requiring providers of certain financial services and products to register with the DFPI; and (vi) chaptered two pieces of legislation adding to the laws that DFPI may enforce under the CCFPL.
New Jersey says realty company misled consumers about homeowner program
On June 6, the New Jersey attorney general and the New Jersey Division of Consumer Affairs filed an action against a realty company and its principals (collectively, “defendants”) for allegedly violating the state’s Consumer Fraud Act by making deceptive misrepresentations about its “Homeowner Benefit Program” (HBP). Concurrently, the New Jersey Real Estate Commission in the Department of Banking and Insurance filed an order to show cause alleging similar misconduct and taking action against the real estate licenses belonging to the company and certain related individuals.
According to the complaint, the defendants’ HBP was marketed to consumers as a low-risk opportunity to obtain quick, upfront cash between $300 and $5000 in exchange for giving defendants the right to act as their real estate agents if they sold their homes in the future. The HBP was not marketed as a loan and consumers were told they were not obligated to repay the defendants or to ever sell their home in the future. However, the press release alleged that the HBP functions as a high-interest mortgage loan giving the defendants the right to list the property for 40 years, and that the loan survives the homeowner’s death and levies a high early termination fee against the homeowners. The complaint further charged the defendants with failing to disclose the true nature of the HBP and failing to present the terms upfront. Moreover, in order to sell the HBP, the defendants allegedly placed unsolicited telephone calls to consumers despite not being licensed as a telemarketer in New Jersey. The complaint seeks an order requiring defendants to discharge all liens against homeowners, pay restitution and disgorgement, and pay civil penalties and attorneys’ fees and costs.
The order to show cause alleges violations of the state’s Real Estate License Act and requires defendants to show why their real estate licenses should not be suspended or revoked, as well as why fines or other sanctions, such as restitution, should not be imposed. Defendants have agreed to cease any attempt to engage New Jersey consumers in an HBP agreement pending resolution of the order to show cause.