On April 13, the Georgia Department of Banking and Finance (Department) entered into a Consent Order (Order) with a Pennsylvania-based mortgage lender and its owners for failing to file a timely application with the state regulator. Specifically, the Order was entered into with the lender to resolve a Notice of Intent to Revoke and proposed Orders to Cease and Desist for allegedly, among other things, allowing the acquisition of 10 percent or more of the ownership of a Georgia licensed entity without first filing an application with the Department, conducting business with an unlicensed person who is not exempt from licensing, employing a felon, and making false statements or misrepresenting material facts in mortgage loan documents. Under terms of the Order: (i) the lender must surrender its mortgage license and pay a $5,000 fine; (ii) one of its owners must surrender his MLO license, must pay two fines of $1,000 each to both the Department and the State Regulatory Registry, and is prohibited from being employed by a licensed Georgia mortgage broker or lender for five years; and (iii) another owner must contribute $1,000 to the State Regulatory Registry and is prohibited for five years from acquiring more than 10% voting shares of a Georgia licensed company. The Order also prohibits both aforementioned owners from: (i) applying for mortgage loan originator, mortgage broker, or mortgage lender licenses; (ii) serving as a director, officer or any other equivalent role for a Georgia licensee; and (iii) acting as a branch manager for a Georgia branch of a Georgia licensed mortgage broker or lender.
GA Department of Banking and Finance Orders Florida Mortgage Lender to Shut Down for Unlicensed Lending Activities
On April 8, the Georgia Department of Banking and Finance issued an Order to Cease and Desist (Order) to a Florida-based mortgage lender. The lender allegedly engaged in residential mortgage origination, brokering, and/or lending activities without having a valid license or the appropriate exemption from the state’s licensing requirements in violation the Georgia Residential Mortgage Act. The Order is final 30 days from the issuance date, but the Department can rescind the Order if, within that 30 day period, the company provides adequate documentation showing that it is either properly licensed or qualifies for exemption.
On April 8, the Arkansas General Assembly approved H.B.1668, which amends its collection agencies law to allow unlicensed collection agencies operating within the state to pay a $10,000 civil penalty to be considered retroactively licensed by its State Board of Collection Agencies. The legislation defines “retroactively licensed” as the date in which the collection agency first became subject to licensure. The legislation removes the criminal penalty for operating without a license but preserves the board’s right to impose a minimum fine of $50 up to a maximum of $500 for each day a collection agency participates in collection activities without a license. The opportunity to opt for retroactive licensure will take effect 90 days after the state legislature has adjourned.
On April 9, the NYDFS released a report finding potential cyber security vulnerabilities with banks’ third-party vendors, based on a survey of 40 banking organizations regarding the cyber security standards in place for their vendors. Notable findings from the report include (i) nearly one in three banks surveyed currently do not require third-party vendors to notify them in the event of an information security breach or other cyber security breach; (ii) less than half of the banks conduct any on-site security assessments of their third-party vendors; (iii) about one in five of the banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements; (iv) only one-third of the banks require information security requirements to be extended to subcontractors of the third-party vendors; and (v) nearly half of the banks do not require a warranty of the integrity of the third-party vendor’s data or products. According to the press release, NYDFS plans to strengthen cyber security standards for banks’ third-party vendors through regulations, including addressing the representations and warranties banks receive about cyber security protections in place.
On April 7, the California Department of Business Oversight announced a new initiative to prevent unlicensed payday lenders from advertising on major Internet search engines, including Microsoft, Google, and Yahoo. In the announcement, DBO Commissioner Jan Lynn Owen labeled unlicensed online payday lenders as “one of the most significant consumer protection threats” to California consumers and stated that curbing advertising of unlicensed lenders is vital to protect vulnerable borrowers from paying unlawful fees. Under the initiative, once the DBO issues a final cease and desist order against an unlicensed online lender, the DBO will notify Internet companies which will in turn block the lenders’ ads.
On March 31, the office of Massachusetts AG Maura Healey launched a new webpage designed to help eligible homeowners clear property titles in order to refinance or sell their properties. The webpage follows a $2.7 million settlement with four national banks that allegedly foreclosed on Massachusetts property without having the legal authority to do so. Because the alleged unlawful foreclosures affected thousands of Massachusetts titles, the new webpage is intended to “[enable] consumers to file online complaints and have their title issues reviewed by the banks in a single process.”
On March 27, Utah Governor Gary Herbert signed S.B. 24, which modifies provisions related to persons and entities subject to the jurisdiction of Utah’s Department of Financial Institutions (DFI), amends the state’s Mortgage Lending and Servicing Act, and enacts the Money Transmitter Act. The Money Transmitter Act establishes new licensing requirements and grants rulemaking authority to the DFI to (i) prohibit practices that are misleading, unfair, or abusive, (ii) promote full disclosure of the terms and conditions of agreements between a customer and a money transmitter, and (iii) assure uniform application of applicable state or federal laws and regulations.
On March 25, the Conference of State Bank Supervisors (“CSBS”) and the American Association of Residential Mortgage Regulators (“AARMR”) issued a proposal seeking public comment on its Proposed Regulatory Prudential Standards for Non-bank Mortgage Servicers. According to the CSBS, the proposal is in response to an increasing number of non-bank servicers that continue to acquire mortgage servicing rights, and subsequently, require enhanced state regulation to (i) provide better safeguards for borrowers, investors, and other stakeholders, (ii) increase regulatory oversight and market discipline over non-bank mortgage servicers, and (iii) enhance transparency, accountability, risk management and corporate governance standards. Comments on the proposal must be received by June 25, 2015.
On March 12, the Legislative Assembly of North Dakota approved legislation H.B. 1346 amending the North Dakota Retail Installment Sales Act to grant enforcement authority to a state attorney or to the North Dakota Attorney General. Under the new law, the Attorney General has all powers provided under the Act, in addition to powers provided under the state’s Unlawful Sales or Advertising Practices law. The law as amended will be effective August 1, 2015.
On March 12, the New York DFS issued a consent order against a Germany-based global bank for alleged Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance violations that occurred between 2002 and 2008. According to the DFS’s press release, certain bank employees were selected “to manually process Iranian transactions — specifically, to strip from SWIFT payment messages any identifying information that could trigger OFAC-related controls and possibly lead to delay or outright rejection of the transaction in the United States.” The DFS also alleges that the bank’s New York branch failed to implement proper BSA/AML compliance thresholds, allowing certain alerts regarding suspicious transactions to be excluded. Under the terms of the consent order, the bank must pay a $1.45 billion penalty, to be distributed as follows: $610 million to the DFS; $300 million to the U.S. Attorney’s Office for the Southern District of New York; $200 million to the Federal Reserve; $172 million to the Manhattan District Attorney’s Office; and $172 million to the U.S. DOJ. Additionally, the order requires that the bank “terminate individual employees who engaged in misconduct, and install an independent monitor for Banking Law violations in connection with transactions on behalf of Iran, Sudan, and a Japanese corporation that engaged in accounting fraud.”
On March 9, New York AG Eric Schneiderman announced a settlement agreement with three national credit reporting agencies. Schneiderman noted that inaccuracies in credit reports, such as the collection of debts not owed, misrepresentations of medical debt, identity theft or fraud, and identity mistakes on behalf of the agencies, continue to negatively affect consumers, most notably preventing minority and low-income individuals from gaining access to jobs and housing. The agencies fully cooperated with the NY AG’s office to find solutions to the credit report issues and, per the terms of the agreement, will (i) hire specially trained employees to review consumer documentation concerning identity theft or fraud and mixed files; (ii) review all disputes and supporting documentation submitted via the automated dispute resolution system; (iii) put into effect a 180-day waiting period before reporting any medical debts; (iv) increase the visibility of consumers’ right to access one free annual credit report via annualcreditreport.com; and (v) develop a National Credit Reporting Working Group to put in place a set of best practices and policies that will strengthen furnisher monitoring and data reporting. The full version of the settlement agreement provides additional requirements that the agencies must observe to increase fairness and effectiveness within credit reporting system.
On March 5, Missouri AG Chris Koster announced an agreement to cease operations with eight unlicensed online payday loan businesses, provide $270,000 in restitution, and forgive all loan balances for Missouri consumers. According to Koster, an individual ran the numerous payday loan businesses from a Native American reservation in South Dakota and sold short-term loans to Missouri consumers, taking advantage of Missouri residents “through outrageous fees and unlawful garnishments.” The judgment obtained “permanently prohibits” the individual and his businesses from “making or collecting on any loans in Missouri, and it cancels existing loan balances for his Missouri customers.” Additionally, the judgment requires that the individual running the businesses inform all credit reporting agencies to remove the information they received on the customers who were negatively affected by the short-term loan sales.
On March 4, the Pennsylvania Department of Banking and Securities (DOBS) entered into a consent order with four payday loan companies for allegedly violating three Pennsylvania state laws: the Consumer Discount Company Act (CDCA), the Loan Interest Protection Law, and the Money Transmitter Act. From 2007 through January 2015, the companies allegedly acted together to sell short-term loans. According to the DOBS, the interest rate on some of the loans sold exceeded the statutory limit. The consent order also states that the company (i) was not licensed under the CDCA at the time of the marketing or selling of the loans; and (ii) did not have a money transmitter license. Immediately upon issuance of the order, the companies agreed to “cease and desist from engaging in the consumer discount business,” and within ninety days of the issue date of the order, the companies must remit to Pennsylvania consumers the balance of open and active accounts.
On March 2, the Wyoming legislature passed S.F. 35 and S.F. 36, which amend the state’s Consumer Protection Act to enhance privacy protections for sensitive personal information. With limited exception for entities covered by the Health Insurance Portability and Accountability Act, S.B. 35 subjects individuals and commercial entities to additional data breach notification requirements, including providing Wyoming residents with information such as (i) the type of information subject to the breach, (ii) a general description of the breach incident, (iii) the approximate date of the breach, (iv) the steps taken by the individual or entity to prevent further breaches, (v) advice on how to review accounts and monitor credit reports, and (vi) whether notification was delayed by a law enforcement investigation. S.B. 36 expands the categories of personal identifying information that trigger protections under the Consumer Protection Act. Assuming signature by Governor Mead, the laws will take effect July 1, 2015.
On February 27, California Assembly Member Matt Dababneh introduced AB 1326, which would provide guidelines for individuals or businesses who conduct business using virtual currency. The legislation would prohibit a person from engaging in any virtual currency business activity unless licensed by the Commissioner of Business Oversight or unless otherwise exempt. The application process would require applicants to provide detailed information and pay a $5,000 application fee to the Commissioner of Business Oversight. Licensees would be subject to capital requirements, with a certain amount of capital held in high-quality, investment-grade investments, and would be required to maintain consumer protections.