Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Connecticut Attorney General reports on Connecticut Data Privacy Act

    State Issues

    On February 1, Connecticut’s Attorney General (AG) released a report on the Connecticut Data Privacy Act (CTDPA) including information on the law and how the state enforces it. Enacted in May 2022, the CTDPA is a comprehensive consumer data privacy law which took effect on July 1, 2023. The CTDPA gives consumers in Connecticut a set of rights regarding their personal information and privacy standards for businesses handling such data. Connecticut residents can: (i) see what data companies have on them; (ii) ask for corrections on inaccurate information; (iii) request the deletion of their data; and (iv) choose not to have their personal information used for selling products, targeted advertisements, or profiling. The report noted that within the first six months the CTDPA has been in effect, the AG issued dozens of violations towards a number of information requests. It added that companies generally responded positively to the notices and updated quickly their privacy policies and consumer rights mechanisms. According to the report, while some companies initially went below the CTDPA threshold, they made changes to meet it later while a few went beyond identified areas in the notices by strengthening their disclosures. 

    The report also mentioned that beginning on January 1, 2025, businesses are required to acknowledge universal opt-out signals, reflecting consumers’ choice to opt out of targeted advertising and the sale of personal data. This mandatory provision was emphasized during Connecticut's legislative process to alleviate the consumer burden, and it has been enacted into law. Finally, the report discusses possible expansions and clarifications to the CTDPA for the legislature to consider.  

    State Issues Connecticut State Attorney General Privacy, Cyber Risk & Data Security

  • California Attorney General investigates streaming services for CCPA violations

    Privacy, Cyber Risk & Data Security

    On January 26, California State Attorney General Rob Bonta announced an investigative initiative by issuing letters to businesses operating streaming apps and devices, accusing them of non-compliance with the California Consumer Privacy Act (CCPA). The focus of the investigation is the evaluation of streaming services’ adherence to the CCPA's opt-out requirements, in particular those businesses that sell or share consumer personal information. The investigation targets businesses failing to provide a direct mechanism for consumers wishing to prevent the sale of their data.

    AG Bonta urged consumers to know about and exercise their rights under the CCPA, emphasizing the right to instruct businesses not to sell their personal information. The CCPA grants California consumers enhanced rights regarding the collection, sharing, and disclosure of their personal information by businesses, and compliance responsibilities include responding to consumer requests and providing necessary notices about privacy practices. AG Bonta noted that the right to opt-out under the CCPA mandates that businesses selling or sharing personal data for targeted advertising must facilitate an easy and minimal-step process for consumers to exercise their right. For example, users should be able to easily navigate their streaming service’s mobile application settings to enable the “Do Not Sell My Personal Information” option. The expectation is that this choice remains effective across various devices if users are logged into their accounts when electing to opt-out. Finally, Bonta added that consumers should be given easy access to a streaming service’s privacy policy outlining their CCPA rights. 

    Privacy, Cyber Risk & Data Security State Issues State Attorney General CCPA California Compliance Opt-Out Consumer Protection

  • Texas resolves securities fraud case with decentralized finance lending platform

    State Issues

    Recently, a decentralized finance crypto lending platform and its owners (respondents) entered into a settlement agreement with a Texas regulatory agency, resolving an emergency cease-and-desist action brought in June 2023. The Texas State Securities Board alleged that respondents committed securities fraud in connection with the offers and sales of investments, falsely denied the platform’s impending bankruptcy, and “secretly” transferred customer funds to a crypto exchange, as well as offered unregistered securities. Under the terms of the settlement, respondents have agreed to, among other things, (i) inform clients of its plan for asset return within seven days of the settlement and provide a seven-day window for clients to withdraw assets through the app; (ii) continue to provide customer support to prior customers; (iii) pay an administrative fine; and (iv) cease-and-desist from selling unregistered securities in the state without admitting or denying the allegations. Texas also agreed to dismiss its emergency cease-and-desist order as part of the settlement.  

    State Issues Texas Enforcement Cryptocurrency Lending

  • Colorado Attorney General fines debt collector $500,000 for collecting on illegal loans

    State Issues

    On January 16, the Colorado State Attorney General (AG) reached a settlement agreement with a third-party debt collection company that is ordered to pay $500,000 to the State. The company previously contracted to collect debt from consumers on behalf of unlicensed lending entities associated with Native American tribes, or Tribal Lending Entities (TLEs). According to the settlement agreement, none of the TLEs were licensed Colorado lenders and all of their loan agreements with consumers contained finance charge terms that exceeded the Uniform Consumer Credit Code’s 12 percent finance charge cap on unlicensed lenders—with most having interest rates that exceeded 500 percent APR and some up to 900 percent APR. The AG alleged that, between 2017 and 2022, the company violated the Colorado Fair Debt Collection Practices Act by using “unfair or unconscionable means” to collect on defaulted TLE-issued loans by representing to consumers that the entire loan balance was owed to the TLEs, that the company was legally authorized to collect the payments, and that consumers were legally obligated to pay the full amount. The company denies that its conduct violated any state law and otherwise denies all allegations of wrongdoing. Along with the penalty, the company will be barred from collecting on any debt where the loan’s APR exceeded the 12 percent cap and will provide the State with a list of affected consumers within 30 days. 

    State Issues Colorado State Attorney General Enforcement Consumer Finance

  • Illinois proposes rule to evaluate mortgage community reinvestment

    State Issues

    Recently, the Illinois Department of Financial and Professional Regulation issued a proposed rule pursuant to the Illinois Community Reinvestment Act (ILCRA). The ILCRA is modeled off the Community Reinvestment Act but expands its scope of covered financial institutions to include credit unions and licensed entities. The proposed rule will help the Department administer and enforce the ILCRA in an equitable manner. The rule establishes a framework and criteria by which the Department will evaluate a covered mortgage licensee’s record of helping to meet the mortgage credit needs of Illinois, including low- and moderate-income neighborhoods and individuals, through different tests and performance standards depending on the number of loans made by a covered mortgage licensee. Tests and considerations for evaluating licensees’ record include a lending test, service test, performance record, data collection and reporting, and content and recordkeeping of information received from the public.

    To mitigate the impact on small businesses, a licensee that has made less than 200 home mortgage loans in Illinois in the last calendar year will not be subject to the service test. Furthermore, licensees that made less than 100 home mortgage loans in Illinois in the previous calendar year will have less frequent examinations than those with more than 100. Based on the licensee’s performance under the lending and service tests, the proposed rule specifies that a licensee’s rating of “outstanding”; “satisfactory”; “needs to improve”; or “substantial noncompliance” will affect how frequent they are evaluated. Compliance with the proposed rule is required six months from its effective date, and comments are due by February 26. 

    State Issues Illinois Agency Rule-Making & Guidance Mortgage Origination CRA Consumer Finance

  • Student loan servicer fined $1.8 million by Massachusetts Attorney General

    State Issues

    On January 11, the Massachusetts Attorney General (AG) announced a $1.8 million settlement with a student loan servicer, to resolve allegations that the company did not properly communicate Income-Driven Repayment (IDR) plan renewals to borrowers. According to the settlement, IDR plans are a “helpful tool for managing unaffordable federal student loan debt and avoiding the consequences of default… [and respondent] is required to follow specific procedures intended to ensure that borrowers are able to successfully navigate the enrollment and annual recertification processes required for IDR.” The AG alleged that the respondent violated state law by sending written notices that did not meet regulatory requirements and failed to send required notices.

    Under the terms of the settlement, respondent will (i) pay $1.8 million; (ii) include certain disclosures in renewal notice correspondence to borrowers; (iii) comply with requirements for FFELP loans owned by the DOE and enrolled in certain repayment plans; (iv) clearly disclosure to certain borrowers that failure to timely provide certain information about income or family size will result in increased monthly payments; and (v) retain copies of each written communication that it sends to borrowers regarding their IDR plans. The student loan servicer enters into this agreement for settlement purposes only (without admission).

    State Issues Massachusetts Student Loan Servicer Settlement Student Loans State Attorney General Income-Driven Repayment Lending Enforcement

  • NYDFS offers guidance to insurers on AI models

    State Issues

    On January 17, NYDFS issued a guidance letter on artificial intelligence (AI) intended to help licensed insurers understand NYDFS’s expectations for combating discrimination and bias when using AI in connection with underwriting. The guidance is aimed at all insurers authorized to write insurance in New York State and is intended to help insurers develop AI systems, data information systems, and predictive models while “mitigat[ing] potential harm to consumers.”

    The guidance letter states that while the use of AI can potentially result in more accurate underwriting and pricing of insurance, AI technology can also “reinforce and exacerbate” systemic biases and inequality. As part of the letter’s fairness principles, NYDFS states that an insurer should not use underwriting or pricing technologies “unless the insurer can establish that the data source or model… is not biased in any way” with respect to any class protected pursuant to New York insurance law. Further, insurers are expected to demonstrate that technology-driven underwriting and pricing decisions are supported by generally accepted actuarial standards of practice and based on actual or reasonably anticipated experience. It was last noted that these rules build on New York Governor Hochul’s statewide policies governing AI.

    State Issues NYDFS Artificial Intelligence GAAP Racial Bias Discrimination Insurance Underwriting

  • New York State floats BNPL legislation in FY 2025 budget

    State Issues

    On January 14, New York proposed its FY 2025 budget: Transportation, Economic Development and Environmental Conservation Article VII Bill, which includes an article, cited as the “Buy Now Pay Later Act” (the “Act”). The Act includes new licensing provisions, requiring buy now pay later (BNPL) financing providers (referred to as “lenders” within the Act) to pay a fee and file a written application to receive a license in order to provide BNPL loans. BNPL lenders would also be required to submit an affidavit of financial solvency, disclose their license on their website, app, or other consumer interface, and list the license in the terms and conditions of any BNPL loan offered and entered by the licensee. Licensees would also be subject to supervisory investigations. The Act would further require BNPL lenders to (i) maintain policies for ensuring the accuracy of data that may be reported to credit agencies; (ii) disclose certain loan terms; (iii) engage in limited ability-to-repay analyses; (iv) refrain from charging unfair, abusive, or excessive fees; and (v) abide by certain restrictions and disclosure requirements relating to the use of consumer data, among other things.

    State Issues BNPL New York Consumer Finance Licensing

  • NYDFS orders digital currency trading company to pay $8 million

    State Issues

    On January 12, NYDFS announced that it had entered into a consent order with a digital currency trading company after an investigation that found the company responsible for compliance failures that violated NYDFS’s virtual currency and cybersecurity regulations, leaving the company vulnerable to illicit activity and cybersecurity threats.  

    NYDFS found that the company failed to meet its compliance obligations due to (i) deficiencies in the company’s AML program; (ii) failure to file compliant suspicious activity reports; (iii) failure to conduct required OFAC screening; and (iv) failure to maintain an adequate cybersecurity program. In connection with the settlement, the company will surrender its BitLicense, the license required to be held by any company conducting virtual currency business in New York state and pay an $8 million penalty. 

    State Issues NYDFS Digital Currency Cyber Risk & Data Security Bank Secrecy Act Anti-Money Laundering Cryptocurrency OFAC Enforcement

  • DFPI fines online platform for omitting convenience fee disclosures

    State Issues

    On January 9, DFPI issued a consent order against an online platform (respondent) that enables merchants to provide installment contracts to customers. The consent order resolved alleged violations of the California Consumer Financial Protection Law (CCFPL) arising from the convenience fees assessed by a third-party service provider when consumers opt to pay their installments online or by phone. According to the consent order, since 2021 respondent guaranteed that consumers entering into contracts on its platform had a fee-free payment method. However, for a time respondent failed to disclose potential optional convenience fees in the initial contract. Although the third-party servicer disclosed the convenience fees to consumers, DFPI took issue with the respondent’s failure to disclose these fees before transferring consumers to the third-party servicer to enter into the contracts. In other words, consumers only became aware of both the existence and amounts of these fees after entering into contractual obligations. DFPI accused respondent of deceiving consumers by failing to disclose this information first.

    Under the terms of the consent order, respondent must pay a $50,000 penalty and must disclose information about the potential convenience fees that may be assessed by a servicer.

    State Issues California DFPI CCFPL Enforcement Disclosures Third-Party Consumer Finance

Pages

Upcoming Events