Recently, the Conference of State Bank Supervisors (CSBS) published its 2015 Annual Report to provide an overview of its activities and initiatives in 2015. The report highlights that, throughout 2015, state regulators (i) increased coordination and collaboration between state regulators and other stakeholders, including federal regulators and Congress; (ii) developed research and analytical tools, such as risk profiling tools to assist with the examination selection process, as well as tools to address emerging non-depository regulatory issues; (iii) developed “right-sized” policy solutions for an ever-changing financial services industry, acknowledging that “community banks play a vital and necessary role in [the] diverse financial services ecosystem”; and (iv) provided education and training for examiners and supervisors, noting that “more than 1,000 examiners from 43 agencies representing 41 states had been certified through the CSBS Certification Program.” Importantly, the report notes that cybersecurity remains a “major issue facing the financial services industry.” In an effort to encourage executive leadership and raise awareness, CSBS launched the Executive Leadership of Cybersecurity (ELOC) initiative, which emphasizes that cybersecurity is “more than a ‘back office’ issue, but an executive issue that requires CEO and Board level attention.”
The Conference of State Bank Supervisors (CSBS) and the Multi-State Mortgage Committee (MMC) issued a report to state regulators regarding its 2015 review of the supervisory structure around examination and risk assessment of non-bank mortgage loan servicers. Notable servicing examination findings outlined in the report include: (i) violations and deficiencies related to loan transfer activity, noting that a “significant portion of servicing examination findings are tied to the mortgage servicing requirements implemented into the [RESPA] and [TILA] in January of 2014”; (ii) ineffective oversight of sub-servicer activity and insufficient third party vendor management; and (iii) ineffective examination management procedures on the part of mortgage servicers, leading to delayed examination processes, as well as impeded regulatory oversight. The report further outlines origination examination findings, emphasizing RESPA violations related to Mortgage Servicing Agreements (MSAs) which typically include payments for promotional advertising services performed on behalf of the mortgage company. Read more…
Nebraska AG Peterson and Department of Banking Announce Settlement with Loan Companies for Alleged Deceptive Practices
Recently, Nebraska AG Doug Peterson, in conjunction with the Director of the Department of Banking and Finance, Mark Quandahl, announced a settlement with four loan companies and their owners for alleged violations of three state laws, the Consumer Protection Act (CPA), the Uniform Deceptive Trade Practices (UDTPA), and the Nebraska Installment Loan Act (NILA). According to AG Peterson, three of the companies “managed and facilitated almost every aspect” of the fourth company’s business. The complaint alleged that the fourth company acted as an unlicensed lender to originate usury-based internet loans to Nebraska consumers by way of electronic transfer. In violation of the CPA and the UDTPA, AG Peterson alleged that the fourth company’s loan agreements deceptively stated that it was a “tribal entity subject to the exclusive jurisdiction of Cheyenne River Sioux Tribe, Cheyenne River Indian Reservation” when it was not; rather, according to the complaint, it is a limited liability company whose profits were distributed directly its owner. Pursuant to the Department of Banking and Finance’s authority to enforce the NILA, Director Quandahl alleged that the defendants “charged loan origination fees in excess of the state’s maximum origination fee permitted for installment loan licensees and non-licensed lenders.” Under the terms of the settlement, the companies and their owners will pay $150,000 to the state and establish a restitution fund of $950,000 to repay, pro rata, excess interest and fees paid by Nebraska consumers. In addition, more than $557,000 in loans taken out by Nebraska consumers and held by one of the four companies will be forgiven, and credit reporting agencies will be notified to remove the history of the loans. The companies and their owners are prohibited from originating loans in Nebraska until they comply with state law.
On April 26, Georgia Governor Nathan Deal signed into law HB 811, an Act to amend Title 7 of the Official Code of Georgia Annotated, which includes banking and finance provisions. Notably, the Act authorizes the Georgia Department of Banking and Finance to enact rules and regulations to apply to persons engaged in money transmission or the sale of payment instruments involving virtual currency, as it finds necessary to, among other things, ensure the continued solvency, safety, soundness, and prudent conduct of persons engaged in those businesses, protect customers, encourage high standards of honesty, transparency, fair business practices and public responsibility, and provide customers with timely and understandable information about virtual currency products and services. The Act is effective July 1, 2016.
On May 4, New York AG Schneiderman announced that, from January 1, 2016 through May 2, 2016, his office received 459 data breach notices – more than a 40% increase compared to the 327 notices received during the same time last year. Due to the increased volume of data breach notices and in an effort to provide greater efficiency in the reporting process, AG Schneiderman announced an electronic breach reporting form. The new form allows companies to submit data breach notices via web submission: “[c]ompanies may now notify the Attorney General’s Office of a data breach via a web submission form in order to expedite and streamline the process. Previously, and consistent with most other state attorneys general offices, companies were required to mail, fax, or email a separate data breach form.” AG Schneiderman’s office expects to receive “well over” 1,000 data breach notices in 2016.