InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Indiana enacts HB 1284 regarding change in terms for deposit accounts
On March 12, the Governor of Indiana signed HB 1284 which codified a new chapter regarding a contract for a deposit account between a depository institution and a consumer may be changed occasionally, subject to the terms of the deposit account agreement. The bill will provide that after continued use of the deposit account by the consumer after a modification to the agreement has been disclosed through written notice by the depository institution, then it will be considered clear or “prima facie” evidence that the consumer will accept the new terms. The depository institution must provide written notice of the changes at least 30 days before the effective date of any change to the deposit account agreement. The bill will go into effect on July 1.
Utah amends credit report disclosures to protect consumers
On March 13, the Governor of Utah signed into law HB 99, a bill that amended certain provisions related to consumer credit protections. Specifically, the bill made an addition to the Credit Services Organizations Act at Utah Code 13-21-7.5, adding a disclosure requirement when a credit services organization provides a credit report to a consumer. The disclosure must identify the consumer reporting agency that provided the information, the credit score model used to calculate the score, and the minimum and maximum possible scores under the model. This bill will go into effect May 1.
Wyoming SF 96 amends regulations for banks offering custodial or fiduciary services for digital assets
On March 15, the Governor of Wyoming signed SF 96 (the “Act”), which amended regulations for banks offering custodial or fiduciary services for digital assets, made conforming adjustments, and set an effective date. The Act clarified the commissioner’s ability to petition for discharge of receivership duties at the commencement of a bankruptcy proceeding. With respect to digital asset custodial services, the Act included two new provisions which detailed how (i) a bank will be permitted to offer custody services for stablecoin reserves as long as these services align with the guidelines of the Act and adhere to the commissioner's rules and regulations; and (ii) a supervised trust company chartered within Wyoming will be authorized to offer custodial services for digital assets, provided that it would meet the requirements of the Act and follow the commissioner's rules and regulations. The Act will go into effect on July 1.
Washington State enshrines new act on uniform special deposits
On March 13, the Governor of Washington State signed into law SB 5801, enshrining a new chapter titled the Uniform Special Deposits Act. The law will apply to special deposits under account agreements that intend to establish a special deposit. In Section 5, a “special deposit” is characterized as a bank deposit for the benefit of two or more beneficiaries, denominated in a currency for the purposes stated in the account agreement, and “subject to a contingency.” The law further described the process for determining a permissible purpose, payment to a beneficiary by a bank, and the duties and liability of the bank, among others. It also described that, unless provided for in the account agreement, special deposits will terminate five years after the date it was first funded. The Uniform Special Deposits Act will go into effect July 1.
New Hampshire enshrines a new consumer privacy law
On March 6, the Governor of New Hampshire, Chris Sununu, signed into law a sweeping consumer privacy bill. Under the act, consumers will have the right to confirm if a controller (an individual who controls personal data) is processing their personal data, a right to access that data, as well as correct inaccuracies, obtain a copy, delete, and opt-out of the processing of the data for targeted advertising purposes. The act also imposed limits on collectors, including that a controller shall (i) limit the collection of data to only what is adequate, relevant, and reasonably necessary for the intended purpose; (ii) establish and maintain administrative security practices to protect the confidentiality of consumer personal data; (iii) not process sensitive data without obtaining the consumer’s consent or, if the data concerns a known child, process the data in accordance with COPPA; (iv) provide an easy means for consumers to revoke consent; and (v) not process personal data for targeted advertising purposes without consumer consent. The bill further outlined a processor’s responsibilities and required controllers to conduct a data protection assessment for each action that may present a risk of harm to a consumer. The act will go into effect on January 1, 2025.
New York Attorney General sues over 25 lenders for predatory lending operation
On March 5, New York Attorney General Letitia James released a verified petition against 27 lenders accusing them of a “large-scale, predatory lending” operation in which they allegedly misrepresented themselves in order to issue small businesses short-term loans at “sky-high interest rates” in violation of New York Executive Law §63(12). According to the petition, the 27 lenders (Respondents) have issued “illegal, usurious” and fraudulent loans in the form of Merchant Cash Advances (MCAs), which imposed triple-digit interest rates as high as 820 percent. The NYAG noted such rates are beyond both the maximum civil usury interest rate (16 percent) and the maximum criminal usury interest rate (25 percent). The petition also alleged the Respondents misrepresented their transactions in court, making the court an “unwitting part of their illegal scheme.”
The petition asked the court to permanently enjoin Respondents from committing any further fraudulent or illegal practices, cease all MCA collection payments, and void and rescind all MCAs. The NYAG also will seek and order that the Respondents disgorge all profits and award civil penalties of $5,000 for each fraudulent MCA transaction and $2,000 in costs from each Respondent.
Wyoming amends its open banking provisions
On March 8, the Wyoming governor signed HB 145 (the “Act”) related to open banking, making two changes. First, the amendment updated the definition of a “customer” as a natural person or an agent, trustee, or representative acting on behalf of a natural person. Second, and for banks already participating in open banking, the Act limited the release of consumer data to third-party financial service providers to data that is only necessary for the consumer to receive the third-party product or service. The Act will go into effect on July 1.
CPPA releases latest draft of automated decision-making technology regulation
The California Privacy Protection Agency (CPPA) released an updated draft of its proposed enforcement regulations for automated decisionmaking technology in connection with its March 8 board meeting. The draft regulations included new definitions, including “automated decisionmaking technology” which means “any technology that processes personal information and uses computation to execute a decision, replace human decisionmaking, or substantially facilitate human decisionmaking,” which expands its scope from its previous September update (covered by InfoBytes here).
Among other things, the draft regulations would require businesses that use automated decisionmaking technology to provide consumers with a “Pre-use Notice” to inform consumers on (i) the business’s use of the technology; (ii) their right to opt-out of the business’s use of the automated decisionmaking technology and how they can submit such a request (unless exempt); (iii) a description of their right to access information; and (iv) a description of how the automated decisionmaking technology works, including its intended content and recommendations and how the business plans to use the output. The draft regulations detailed further requirements for the opt-out process.
The draft regulations also included a new article, entitled “risk assessments,” which provided requirements as to when a business must conduct certain assessments and requirements that process personal information to train automated decisionmaking technology or artificial intelligence. Under the proposed regulations, every business which processes consumers’ personal information may present significant risk to consumers’ privacy and must conduct a risk assessment before initiating that processing. If a business previously conducted a risk assessment for a processing activity in compliance with the article and submitted an abridged risk assessment to the CPPA, and there were no changes, the business is not required to submit an updated risk assessment. The business must, however, submit a certification of compliance to the CPPA.
The CPPA has not yet started the formal rulemaking process for these regulations and the drafts are provided to facilitate board discussion and public participation, and are subject to change.
New York State bill requires disclosure of beneficial owners of limited liability companies
On March 1, a newly enacted bill from New York State, S8059, (the “Act”) was signed by the governor and amended New York State law governing limited liability companies by mandating New York LLCs to file beneficial ownership information with the New York Department of State. The Act set a deadline for new LLCs to file the required ownership information within 30 days of their establishment; for existing LLCs, the bill required them to comply with the new requirements by January 1, 2026. The Act demanded that exempt companies, defined as LLCs or foreign LLCs not otherwise defined as a reporting company that met a condition for exemption in 31 U.S.C. §5336(a)(11)(B), electronically declared their statuses and the basis for their exemptions shortly after formation. It further imposed an annual requirement on all limited liability companies to update or confirm their ownership or exempt status. Additionally, access to the beneficial ownership reports was restricted to law enforcement under certain conditions. The Act enforced compliance with the requirements by imposing up to $500 daily fines for late submissions, the possibility of companies being marked as delinquent, and the threat of dissolution for persistent non-compliance.
California Attorney General warns small banks and credit unions on fees
On February 22, California State Attorney General, Rob Bonta, issued a letter to small banks and credit unions cautioning that overdraft and returned deposited item fees may infringe upon California’s Unfair Competition Law (UCL) and the CFPA. The letter, directed at institutions in California with assets under $10 billion, highlighted concerns that such fees disproportionately burden low-income and minority consumers. Bonta emphasized that these fees often catch consumers off guard, leading to significant financial strain, and urged the financial institutions in California to comply with state and federal laws by eliminating such practices.
The letter underscores how overdraft and returned deposited item fees can harm consumers, and potentially constitute unfair acts against them. Bonta also pointed out how overdraft fees cannot be reasonably anticipated due to the complexities of transaction processing, making it challenging for consumers to make informed financial decisions. Furthermore, the letter warned that imposition of returned deposited item fees, which are charges by financial institutions when a consumer deposits a check that bounces (due to an issue with the check originator such as insufficient funds or a stop payment order), is likely an unfair business practice in violation of the UCL and CFPA because consumers are usually unable to reasonably avoid the fee.
This action by the California Attorney General is notable for its focus on smaller financial institutions that were expressly excluded from the CFPB’s proposed rule last month on overdraft fees (previously covered by InfoBytes here); however, the action is broadly consistent with the CFPB’s guidance on returned deposited item fees (also covered by InfoBytes here).