On February 27, California Attorney General Kamala Harris issued a guide to assist small businesses in defending against the threat of cybercrime. The guide, which was developed with the California Chamber of Commerce and Lookout, a mobile security company, stresses that small businesses should assume that they are a target for cybercrime and act accordingly. In addition to providing actionable steps to prevent cyber-attacks, the guide encourages every small business to develop a “game plan” for responding to the inevitability of an actual incident: “Experience has shown that many organizations wait until they have actually suffered a serious data breach before attempting to come up with a process for dealing with such a situation – which amounts, effectively, to building an airplane in the air.”
On March 3, South Dakota enacted HB 1131, which amends state banking laws to make clear that banks can offer revolving lines of credit not tied to the issuance of a credit card.
On February 27, the Nationwide Mortgage Licensing System & Registry (NMLS) announced that Robert S. Niemi, Deputy Superintendent for Consumer Finance at the Ohio Division of Financial Institutions, will serve as NMLS Ombudsman. The NMLS states that the Ombudsman “provide[s] the non-depository financial services industries, and other interested parties, with a neutral venue to discuss issues or concerns regarding NMLS and state licensing” with the objective of fostering “constructive dialogue between NMLS industry users and participating state regulators.”
On February 25, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) published the results of its survey of prepaid cards. The OCBAR examined 16 different purchasing and use-related fees for 11 randomly-selected prepaid cards, using the fee schedule from each card’s website, which the OCABR stated “were not always easy to find and were quite confusing at times.” The survey identified as the most common fees charged by the prepaid cards surveyed as (i) monthly fees, (ii) ATM withdrawal fees, and (iii) balance inquiry fees, which were each charged by nine of the 11 cards surveyed. The OCABR researchers claim to have discovered “additional types of fees associated with the products”, including fees associated with alternative card payment plans. The OCABR believes such alternative options make it more difficult for consumers to anticipate the cost of having and using a prepaid card.
On February 20, the CSBS announced the formation of an Emerging Payments Task Force to study changes in payment systems—including virtual currencies and other innovations—to determine the potential impact on consumer protection, state law, and banks and nonbank entities chartered or licensed by the states. The Task Force is comprised of nine state regulators, including New York State Department of Financial Services Superintendent Lawsky who has recently indicated New York will seek to become the first state to directly address virtual currency through new regulations. The Task Force will be chaired by David Cotney, Commissioner of the Massachusetts Division of Banks, who testified on these issues on behalf of the CSBS last fall before the Senate Banking Committee. The CSBS stated that the Task Force will “take a comprehensive approach to studying the changing payment systems” by engaging with a broad range of federal, state, and industry stakeholders to understand how new entrants and technologies affect the stability of payment systems and the broader financial marketplace and “to develop ideas for connecting the emerging payments landscape to the financial regulatory fabric.”
On February 12, New York State Department of Financial Services (DFS) Superintendent Benjamin Lawsky released excerpts of remarks he delivered to the New York Bankers Association, which focused on the “troubling trend” of “the rapid and dramatic growth of so-called ‘non-bank mortgage servicers.’” Mr. Lawsky explained that because banks are being given “less credit” for mortgage servicing rights (MSRs) with respect to capital, they are offloading MSRs to non-bank mortgage servicers rather than building up additional capital. Further, he expressed concern that non-bank mortgage services are often more lightly regulated, and indicated that regulators need to intervene on the front end of MSR transactions to prevent undue harm to homeowners before it occurs. Mr. Lawsky indicated that the DFS will have more to say on the topic in the coming weeks and months.
On February 11, at an event on the future of virtual currency, New York DFS Superintendent Benjamin M. Lawsky reiterated his intention to move forward with a virtual currency rulemaking this year as the DFS is “increasingly coming to the conclusion that simply applying our existing money transmission regulations to virtual currency firms is not sufficient.” Mr. Lawsky’s remarks follow a recent two-day DFS hearing regarding the potential state regulation of virtual currency. According to his most recent remarks, the proposal may include a specifically tailored BitLicense that adapts existing money transmission rules to virtual currency. In addition, the proposed rules may, among other things, include “a strong set of specially tailored, model consumer disclosure rules” that could address, for example, the irreversible nature of most transactions, the need to keep private keys private, and potential volatility. The DFS proposal may also seek to address capital, collateral, net worth, and investment requirements. Mr. Lawsky explained that the DFS would like more input about whether it should require licensed firms to only use public ledgers and whether to ban or restrict the use of tumblers by licensed firms.
On January 30, Nevada’s Clark County District Court ordered the State AG to pay attorneys’ fees in connection with a mortgage servicing vendor’s attempts to obtain discovery in the state’s case alleging the company facilitated fraudulent residential foreclosures, including through so-called “robosigning” tactics. Nevada v. Lender Processing Svcs., Inc., No. A-11-653289-B, (Nev. Dist. Ct. Jan. 30, 2014). The company asserted that the AG abused the discovery process by repeatedly failing to produce materials sufficient to support its claims under the Nevada Deceptive Trade Practices Act. The court rejected the AG’s defense, among others, that the alleged discovery deficiencies simply reflect disagreements between the parties over the evidence necessary to support a claim under state law. Although not a direct issue in this case, the company’s brief repeatedly calls out the AG’s use of outside counsel and notes a challenge to the AG’s use of an outside firm on a contingency fee basis, which is pending before the state supreme court.
On January 28, Missouri Attorney General Chris Koster announced a settlement with the owners of a vehicle extended-service-contract seller alleged to have marketed limited-time extend warranty programs for vehicles. The AG alleged that the company attempted to sell vehicle breakdown coverage with a generalized and often misleading description of the coverage, and that many customers later discovered their contracts were actually provided by a third party and did not contain the coverage promised. The AG stated that consumers who asked for refunds faced numerous objections and delays. The settlement requires the owners to pay $60,000 to resolve claims of deception, unfair practices, and unlawful insurance practices, and also permanently prohibits them from selling “additive contracts” in Missouri. The AG stated that the settlement “highlights [his office’s] efforts to clean up the auto service contract industry in Missouri and protect consumers from future deceptive sales practices.”
Last month, New Jersey Governor Chris Christie signed SB 854, which will regulate, among other things, motor vehicle service contracts and motor vehicle ancillary protection products. For example, the new law (i) requires service contract providers or sellers to provide to the purchaser receipts or other written evidence of a contract, and copies of such contracts “within a reasonable period of time following the date of purchase”; (ii) specifies the form and contents of service contracts, including “plain language” requirements and certain disclosures; and (iii) grants purchasers the right to return a contract and obtain a full refund of the contract’s purchase price. In addition, providers must meet certain financial security requirements. A violation of the new provisions constitutes an unlawful practice under to the state’s consumer fraud act, which provides for fines of up to $10,000 for the first offense and up to $20,000 for any subsequent offense. The bill exempts, among other things, warranties and mechanical breakdown insurance policies offered by licensed insurers. The bill takes effect on 180 days following enactment, i.e. July 16, 2014.
On January 24, the California Attorney General (AG) sued a health care company over its alleged failure to timely submit notice of a 2011 data breach. According to the complaint, the company learned of the breach at the end of September 2011, completed a preliminary investigation in December 2011, and subsequently continued the investigation through mid-February 2012. The company allegedly did not begin mailing notice letters to affected individuals until mid-March. The complaint alleges the company failed to provide such notice in the most expedient time possible, which the AG alleges could have commenced in December 2011. The complaint also includes allegations regarding the actual breach at issue. The AG is seeking statutory penalties of $2500 per violation. Among other things, the suit demonstrates the AG’s inclination to take privacy and data security actions beyond the California Online Privacy Protection Act.
This week, New York State Department of Financial Services (NY DFS) Superintendent Benjamin Lawsky presided over a two-day hearing regarding emerging virtual currencies and the appropriate role of regulation. The hearing was the next step in an inquiry announced last August, and was held as the NY DFS considers developing a state license specific to virtual currency that would subject operators to state oversight. The panels featured the views of private investors, virtual currency firms, regulatory experts, and law enforcement officials. From our view inside the room, the most prominent, theme to emerge is that regulators will need to strike a balance between protecting the public interest—both from a consumer protection standpoint and with regard to the potential for criminal activity—while allowing emerging virtual currency technologies to develop, evolve, and thrive. Read more…
On January 24, the Washington State Department of Financial Institutions issued a clarification regarding an aspect of its mortgage originator rules and guidance. The Department previously advised that managers, including branch managers, must license individually as mortgage loan originators if they (i) take residential mortgage loan applications, negotiate the terms or conditions of residential mortgage loans, or hold themselves out as being able to conduct these activities; (ii) supervise loan processors or underwriting employees; or (iii) supervise licensed mortgage loan originators. The Department now states that (i) any manager or any person who takes a residential mortgage loan application in Washington, negotiates the terms or conditions of a residential mortgage loan on Washington property, or holds themselves out as being able to conduct those activities, must have a Washington MLO license, and that Washington licensed MLOs must work from a licensed location; (ii) any manager who directly supervises loan processor or underwriting employees must hold an MLO license, which can be from any state, and Washington licensed MLOs must work from a licensed location; and (iii) any manager who directly supervises Washington licensed MLOs must themselves hold a Washington MLO license and must work from a licensed location. For items (ii) and (iii) the Department states that it is looking for licensure of the day to day operational supervisors. Supervisory plans must be written and maintained as part of business books and records, and must include consideration of the location of the supervisor and employees supervised, the number of employees supervised, and the volume of work performed by the supervised employees.
On January 24, New York Attorney General (AG) Eric Schneiderman announced the resolution of a lawsuit filed in August 2013 against Native American tribe-affiliated payday lending firms and their owners for allegedly violating the state’s usury and licensed lender laws in connection with their issuing of personal loans over the Internet. The AG claims that the companies charged New York consumers annual interest rates on payday loans far in excess of the 16% rate cap set by state law. According to the announcement, the defendants agreed to modify the terms of all outstanding loans made to New York borrowers and to not collect interest on outstanding loans. The defendants also must provide refunds to borrowers who have paid back more than the principal of their loan plus the state-capped interest rate of 16%, and pay $1.5 million in penalties. The companies also must become licensed in New York before offering new loans in the state.
On January 22, New York Governor Andrew Cuomo launched a new Student Protection Unit within the New York Department of Financial Services dedicated to investigating potential consumer protection violations in the student loan industry. Its first public investigation is focused on companies the unit believes are charging “high, improper fees without adequate notice for enrolling students in debt relief programs that are available for free through the federal government.” The Student Protection Unit issued subpoenas to 13 debt relief companies seeking advertising materials, contracts, consumer disclosures, and fee schedules among other materials.