On March 12, the Legislative Assembly of North Dakota approved legislation H.B. 1346 amending the North Dakota Retail Installment Sales Act to grant enforcement authority to a state attorney or to the North Dakota Attorney General. Under the new law, the Attorney General has all powers provided under the Act, in addition to powers provided under the state’s Unlawful Sales or Advertising Practices law. The law as amended will be effective August 1, 2015.
On March 25, the Conference of State Bank Supervisors (“CSBS”) and the American Association of Residential Mortgage Regulators (“AARMR”) issued a proposal seeking public comment on its Proposed Regulatory Prudential Standards for Non-bank Mortgage Servicers. According to the CSBS, the proposal is in response to an increasing number of non-bank servicers that continue to acquire mortgage servicing rights, and subsequently, require enhanced state regulation to (i) provide better safeguards for borrowers, investors, and other stakeholders, (ii) increase regulatory oversight and market discipline over non-bank mortgage servicers, and (iii) enhance transparency, accountability, risk management and corporate governance standards. Comments on the proposal must be received by June 25, 2015.
On March 12, the New York DFS issued a consent order against a Germany-based global bank for alleged Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance violations that occurred between 2002 and 2008. According to the DFS’s press release, certain bank employees were selected “to manually process Iranian transactions — specifically, to strip from SWIFT payment messages any identifying information that could trigger OFAC-related controls and possibly lead to delay or outright rejection of the transaction in the United States.” The DFS also alleges that the bank’s New York branch failed to implement proper BSA/AML compliance thresholds, allowing certain alerts regarding suspicious transactions to be excluded. Under the terms of the consent order, the bank must pay a $1.45 billion penalty, to be distributed as follows: $610 million to the DFS; $300 million to the U.S. Attorney’s Office for the Southern District of New York; $200 million to the Federal Reserve; $172 million to the Manhattan District Attorney’s Office; and $172 million to the U.S. DOJ. Additionally, the order requires that the bank “terminate individual employees who engaged in misconduct, and install an independent monitor for Banking Law violations in connection with transactions on behalf of Iran, Sudan, and a Japanese corporation that engaged in accounting fraud.”
On March 9, New York AG Eric Schneiderman announced a settlement agreement with three national credit reporting agencies. Schneiderman noted that inaccuracies in credit reports, such as the collection of debts not owed, misrepresentations of medical debt, identity theft or fraud, and identity mistakes on behalf of the agencies, continue to negatively affect consumers, most notably preventing minority and low-income individuals from gaining access to jobs and housing. The agencies fully cooperated with the NY AG’s office to find solutions to the credit report issues and, per the terms of the agreement, will (i) hire specially trained employees to review consumer documentation concerning identity theft or fraud and mixed files; (ii) review all disputes and supporting documentation submitted via the automated dispute resolution system; (iii) put into effect a 180-day waiting period before reporting any medical debts; (iv) increase the visibility of consumers’ right to access one free annual credit report via annualcreditreport.com; and (v) develop a National Credit Reporting Working Group to put in place a set of best practices and policies that will strengthen furnisher monitoring and data reporting. The full version of the settlement agreement provides additional requirements that the agencies must observe to increase fairness and effectiveness within credit reporting system.
On March 5, Missouri AG Chris Koster announced an agreement to cease operations with eight unlicensed online payday loan businesses, provide $270,000 in restitution, and forgive all loan balances for Missouri consumers. According to Koster, an individual ran the numerous payday loan businesses from a Native American reservation in South Dakota and sold short-term loans to Missouri consumers, taking advantage of Missouri residents “through outrageous fees and unlawful garnishments.” The judgment obtained “permanently prohibits” the individual and his businesses from “making or collecting on any loans in Missouri, and it cancels existing loan balances for his Missouri customers.” Additionally, the judgment requires that the individual running the businesses inform all credit reporting agencies to remove the information they received on the customers who were negatively affected by the short-term loan sales.
On March 4, the Pennsylvania Department of Banking and Securities (DOBS) entered into a consent order with four payday loan companies for allegedly violating three Pennsylvania state laws: the Consumer Discount Company Act (CDCA), the Loan Interest Protection Law, and the Money Transmitter Act. From 2007 through January 2015, the companies allegedly acted together to sell short-term loans. According to the DOBS, the interest rate on some of the loans sold exceeded the statutory limit. The consent order also states that the company (i) was not licensed under the CDCA at the time of the marketing or selling of the loans; and (ii) did not have a money transmitter license. Immediately upon issuance of the order, the companies agreed to “cease and desist from engaging in the consumer discount business,” and within ninety days of the issue date of the order, the companies must remit to Pennsylvania consumers the balance of open and active accounts.
On March 2, the Wyoming legislature passed S.F. 35 and S.F. 36, which amend the state’s Consumer Protection Act to enhance privacy protections for sensitive personal information. With limited exception for entities covered by the Health Insurance Portability and Accountability Act, S.B. 35 subjects individuals and commercial entities to additional data breach notification requirements, including providing Wyoming residents with information such as (i) the type of information subject to the breach, (ii) a general description of the breach incident, (iii) the approximate date of the breach, (iv) the steps taken by the individual or entity to prevent further breaches, (v) advice on how to review accounts and monitor credit reports, and (vi) whether notification was delayed by a law enforcement investigation. S.B. 36 expands the categories of personal identifying information that trigger protections under the Consumer Protection Act. Assuming signature by Governor Mead, the laws will take effect July 1, 2015.
On February 27, California Assembly Member Matt Dababneh introduced AB 1326, which would provide guidelines for individuals or businesses who conduct business using virtual currency. The legislation would prohibit a person from engaging in any virtual currency business activity unless licensed by the Commissioner of Business Oversight or unless otherwise exempt. The application process would require applicants to provide detailed information and pay a $5,000 application fee to the Commissioner of Business Oversight. Licensees would be subject to capital requirements, with a certain amount of capital held in high-quality, investment-grade investments, and would be required to maintain consumer protections.
On February 25, New York DFS Superintendent Benjamin Lawsky delivered remarks at Columbia Law School focusing on how state bank regulators can better supervise financial institutions in a post-financial crisis era. In his remarks, Lawsky stated that “real deterrence” to future misconduct “means a focus not just on corporate accountability, but on individual accountability” at the senior executive level. Lawsky also highlighted measures that DFS is considering to prevent money laundering including conducting random audits of regulated firms’ “transaction monitoring and filtering systems” and making senior executives attest to the adequacy of the systems. Lastly, Lawsky outlined several cybersecurity initiatives and considerations that would require third-party vendors to have cybersecurity protections and regulations in place that would mandate the use of “multi-factor authentication” systems for DFS regulated firms.
On February 26, New York AG Eric Schneiderman announced that he intends to propose state legislation to reward and protect employees who report information about misconduct in the banking, insurance, and financial services industries. The “Financial Frauds Whistleblower Act” would allow for compensation to individuals who voluntarily report fraud, and whose information results in more than $1 million in penalties or settlement. In addition, the legislation would prohibit retaliation from the employer and guarantee the confidentiality of the whistleblower’s information.
On February 17, Governor Steve Bullock of Montana signed S.B. 98 into law, which amends the Montana Mortgage Act to clarify licensing requirements. Among other things, the revised Montana Mortgage Act (i) modifies education and experience requirements; (ii) revises the responsibilities of designated managers; (iii) allows reports and notices to be filed and delivered through the NMLS; and (iv) amends the licensing requirements for loan processors and loan underwriters.
On February 8, New York DFS Superintendent Benjamin Lawsky announced that the DFS would begin (i) regularly examining insurance companies’ cyber security preparedness; (ii) enhancing regulations that will require insurance providers to meet higher standards of cyber security; and (iii) examining “stronger measures related to the representations and warranties insurance companies receive from third-party vendors.” Lawsky expects the targeted exams to begin in the “coming weeks and months.” The announcement was accompanied by the release of the state agency’s report on cybersecurity in the insurance industry.
On February 11, the Pennsylvania AG announced a settlement with a national payday lender that will pay $8 million in restitution to consumers who were allegedly provided illegal payday loans. According to the state AG, the lender misled consumers by charging a “monthly participation fee” on a loan product, when it was actually interest added on to consumers’ account balances. The state AG charged that the practices violated Pennsylvania’s Consumer Protection Law. In addition to providing restitution, the lender agreed to (i) forgive $12 million of unpaid principal balances; (ii) pay $1.75 million in total costs to the state AG’s office and the Department of Banking and Securities; (iii) pay $250,000 to a third-party administrator to distribute the restitution to eligible consumers.
On February 4, NY DFS Superintendent Benjamin Lawsky sent a letter to the CFPB urging the agency to adopt strong national rules for the payday loan industry. In his letter, Lawksy highlighted four steps the agency should consider in its drafting of rules including (i) making clear that state laws with stronger anti-payday-lending rules still apply to lenders; (ii) banning payday lenders from using “remotely created checks;” (iii) restricting the sharing of consumers’ personal information by payday lenders, lead generators and other third parties; and (iv) creating a rigorous “ability-to-repay” standard for payday loans.