On May 9, Indiana enacted HB 1081, which makes numerous changes to the state’s consumer lending, licensing, and banking laws. Among those changes, the bill increases the threshold loan amounts under various definitions in the Uniform Consumer Credit Code, including “consumer credit sale,” “consumer loan,” and “consumer related loan.” With regard to mortgage originator licensing, the bill (i) revises the surety bond requirements for creditors and entities exempt from licensing that employ a licensed mortgage loan originator, (ii) prohibits an unlicensed individual or an unlicensed organization to act as a closing agent in a first lien mortgage transaction, and (iii) empowers the Department of Financial Institutions (DFI) to investigate any licensee or person that the DFI suspects is operating without a license or in violation of the First Lien Mortgage Lending Act. The bill provides additional guidelines for filing an article of dissolution of a bank, trust company, or a building and loan association. It also makes changes to the certain powers of banks and trust companies. In addition, the bill make numerous amendments related to debt management companies, lead generators, and other consumer financial service providers, and revises requirements for money transmitter licensing by, for example, authorizing the DFI to designate the NMLS for licensing purposes.

On May 14, the Ohio Supreme Court held in response to two certified questions from a federal district court that the Ohio Consumer Sales Practices Act (CSPA) generally does not apply to mortgage servicers and servicing. Anderson v. Barclay’s Capital Real Estate, Inc., No. 2013-Ohio-1933, 2013 WL 2097556 (Ohio May 14, 2013). Specifically, the court held that residential mortgage servicing is not a “consumer transaction” subject to the CSPA. The court reasoned that mortgage servicing is a contractual agreement between the mortgage servicer and the financial institution that owns both the note and mortgage, and is carried out in the absence of a contract between the borrower and the servicer. Therefore the transaction does not meet an essential element of the statutory definition because it is not a sale, lease, assignment, award by chance, or other transfer of a service to a consumer. The court also held that a residential mortgage servicer is not a “supplier” subject to the CSPA. The statute defines “supplier” to include a seller, lessor, assignor, franchisor, or other person engaged in the business of effecting or soliciting consumer transactions, whether or not the person deals directly with the consumer. Because mortgage servicers are not part of the residential mortgage transaction and do not seek to enter into consumer transactions with borrowers, they are not “suppliers” under the law.

Recently, Kansas enacted SB 129, which repealed a provision in the mortgage interest rate law that set a floating cap on the interest rate charged for first real estate mortgage loans and contracts for deeds. The repeal also renders irrelevant another recent change to the same provisions. Specifically, on April 4, the state enacted a bill that increased the maximum annual interest rate for certain mortgages from 1.5 percentage points to no more than 3.5 percentage points above a Freddie Mac floating rate. While that change was pending approval by the governor, the legislature passed the repeal, as explained in the legislature’s conference report. With the elimination of the specified interest rate cap, parties now are subject to provisions in current law, which provide the rate cannot exceed 15% per year.

On May 9, the Superior Court of California dismissed California Attorney General Kamala Harris’ first suit against a company for allegedly failing to comply with the state’s Online Privacy Protection Act. California v. Delta Air Lines Inc., No. 12-526741, Order (Cal. Sup. Ct. May 9, 2013). The state alleged that since at least 2010, Delta Airlines operated a mobile application that allows customers to, for example, check-in online for an airplane flight, view reservations for air travel, or rebook cancelled or missed flights. The AG claimed that the Delta application collects substantial personally identifiable information without providing a privacy policy. The suit sought an injunction and penalties of up to $2,500 for each violation. Reportedly, the court determined that the suit was preempted by the federal Airline Deregulation Act, which prohibits states from regulating certain airline functions, including, according to Delta and the court, the mobile application at issue in this case. The suit against Delta was filed after the AG sent letters to Delta and numerous other mobile application developers and providers advising those entities of their alleged noncompliance with state privacy law, and forms part of a broader enforcement effort by the AG with regard to online and mobile privacy.

On May 2, Maryland enacted SB 199, which authorizes a mortgagor to refinance the full balance of a loan secured by a first mortgage or deed of trust without the permission of the holder of a junior lien if (i) the principal amount secured by the junior lien does not exceed $150,000, and (ii) the principal amount secured by the refinance mortgage does not exceed the unpaid outstanding principal balance of the first mortgage or deed of trust plus closing costs up to $5,000. In short, under these conditions, the bill grants, on recordation, the same lien priority to the refinance mortgage as the replaced first mortgage or deed of trust. Under current law, when a first mortgage is refinanced, the holder of an existing junior mortgage is asked to agree to subordinate so that the first loan holder preserves priority, and the second lienholder can block the homeowner’s ability to refinance the first mortgage. Even where the junior mortgage holder agrees, the process can take can take more than a month and may require the borrower to pay subordination and rate-lock fees. The bill takes effect on October 1, 2013 and applies to refinance transactions after that date.

On May 7, Indiana enacted SB 279 to (i) eliminate a provision in current law that binds certain omitted parties (i.e., parties who have an interest in the property subject to a mortgage foreclosure action, but are not named in the foreclosure action) by the court’s judgment in a foreclosure action as if they had been parties to the foreclosure action, and (ii) limit the post-sale redemption rights of certain omitted parties. The changes become effective July 1, 2013.

On May 1, the Connecticut Attorney General, George Jepsen, and the Maryland Attorney General and NAAG President, Douglas Gansler, sent a letter to representatives of a “daily deals” website that recently disclosed a data security incident, seeking additional information about the event. The company publicly reported the incident and stated that no financial information was obtained by the hackers. Nevertheless, the AGs presented numerous information requests, including requests for (i) a detailed timeline of the incident, (ii) the number of individuals affected in each state, (iii) the categories and types of compromised information, (iv) a description of how the company determined that no financial information was compromised, and (v) information about how the company stores, connects, protects, and monitors the various customer data in its possession.  Although those experiencing a security breach are often required under state laws to provide this type of information to a state AG, the public release of an AG information request and the joint issuance of a request by multiple state AGs has been less common.

On May 6, New York Attorney General Eric Schneiderman announced his intent to sue two of the five mortgage servicers that entered the National Mortgage Settlement with 49 state attorneys general, the U.S. Department of Justice, and certain federal agencies, alleging numerous violations of the servicing standards established by that agreement. Based on complaints received from borrowers, Mr. Schneiderman alleged that the two companies violated agreed-to loan modification timeline requirements established in the National Mortgage Settlement, including failure to provide acknowledgment of receipt of documentation from a borrower, failure to notify the borrower of missing documentation, and failure to provide a decision on the modification request within 30 days of receiving a complete application. Procedurally, under the National Mortgage Settlement, an individual party such as the New York Attorney General must provide notice of intent to bring an enforcement action for noncompliance to the Monitoring Committee, which has 21 days to determine whether to pursue action on behalf of all the parties to the National Mortgage Settlement. At the conclusion of the 21-day waiting period, if the Monitoring Committee decides not to move forward, the New York Attorney General, and other individual attorneys general, may separately pursue the action.

On May 2, the CSBS released its 2012 annual report, which aggregates and reviews the organization’s activities in the prior year, identifies future goals for the organization, and outlines specific priorities for 2013. The paper also incorporates more focused reports on past and future activities by various CSBS divisions and boards, including a report from the Policy and Supervision Division that reviews bank supervision, consumer protection and non-bank supervision, and legislative and regulatory policy, including the CSBS positions on community bank regulatory relief and federal proposed capital rules.

On April 30, North Dakota enacted HB 1136, which compels the Secretary of State to provide an electronic means for filing any record required to be filed under the state Uniform Commercial Code. The bill also, among other things, directs the Secretary to establish an electronic system and requires electronic filing to obtain or amend certain liens, including repairman’s liens and other non-mortgage liens. The changes become effective August 1, 2015. If the Secretary makes a report to the legislative management and to the information technology committee certifying that the electronic filing system is ready for implementation, these changes will become effective ninety days following the completion of the certificate requirement.

On April 30, the U.S. District Court for the Central District of California held that Section 1747.08 of the Song-Beverly Credit Card Act, which prohibits retailers from requiring personal information as a condition to completing credit card transactions, does not apply to online purchase transactions in which the merchandise is shipped or delivered to the customer. Ambers v. Buy.com, No. 13-196, slip op. (C.D. Cal. Apr. 30, 2013). The ruling extends a recent holding by the California Supreme Court in Apple Inc. v. Sup. Ct. Los Angeles, which held that the Song-Beverly provisions do not apply when the item purchased is downloaded via the Internet. In this case, the customer claimed on behalf of a putative class whose claims could total $500 million that Apple created a standard that applies the Song-Beverly protections whenever the retailer has “some mechanism” to verify the customer’s identity. The plaintiff argued that the retailer’s request as part of the purchase transaction for a phone number in addition to the shipping address violated the statutory privacy protection. The court reasoned that as explained in Apple, the state legislature intended to allow retailers to verify that a person making a card purchase is authorized to do so, and stated that the shipping address alone would not work as an anti-fraud mechanism because a person who buys merchandise online may direct shipments to addresses not related to the credit card billing address. As such, the court held that Song-Beverly privacy protection does not apply to online purchases where the merchandise is being shipped or delivered, and granted the retailer’s motion to dismiss.

On April 26, Indiana enacted SB 238, which increases the maximum credit service charge for a consumer credit sale other than one involving a revolving charge account and the maximum finance charge for a supervised loan. Effective July 1, 2013, the bill increases the applicable amounts financed, which are subject to the graduated service charge or loan finance charge percentage, and increases the service charge or loan finance charge percentage that applies if the graduated percentages do not apply. For consumer loans other than supervised loans, the bill increases the permitted loan finance charge from 21% to 25%, provides that the lender may contract for and receive a loan origination fee of not more than 2% of the loan amount (or line of credit, for a revolving loan) in the case of a loan secured by an interest in land, or $50 in the case of a loan not secured by an interest in land. For supervised loans, the bill provides that the lender may contract for and receive a loan origination fee of not more than $50. For both supervised loans and consumer loans other than supervised loans, (i) the permitted minimum loan finance charge may be imposed only if the lender does not assess a loan origination fee, and (ii) in the case of a loan not secured by an interest in land, if a lender retains any part of a loan origination fee charged on a loan that is paid in full by a new loan from the same lender, certain other restrictions apply.

On April 25, New York Governor Andrew Cuomo announced that the New York Department of Financial Services (DFS) sent a letter to several consumer credit bureaus, demanding that the firms (i) ensure that credit scores are not lowered for consumers adversely impacted by Hurricane Sandy, (ii) reset any scores that have been lowered, (iii) work with banks and other lenders to red flag any negative information relating to storm-impacted consumers, and (iv) meet with the DFS to permanently change procedures to prevent credit scores from going down for consumers impacted by a disaster. The letter asserts such actions are required because financial challenges created by the storm could negatively impact individual credit scores for reasons that are unrelated to their creditworthiness. The state’s press release provides a phone number for consumers to call if they believe that their credit has been “unfairly impacted” by the storm.

On April 19, the CFPB issued a final preemption determination regarding whether the Electronic Fund Transfer Act (EFTA) and Regulation E preempt certain unclaimed gift card laws in Maine and Tennessee. The EFTA, as implemented by Regulation E, generally prohibits any person from issuing a gift certificate, store gift card, or general-use prepaid card with an expiration date, though under certain conditions, the card may have an expiration date so long as it is at least five years after the date of issuance (or five years after the date that funds were last loaded). The CFPB determined that the Maine law does not interfere with a consumer’s ability to use a gift cards at point-of-sale for at least as long as guaranteed by the EFTA and Regulation E because it requires the issuer to honor the gift card on presentation indefinitely even if the unused value has been transferred to the state. For Tennessee, the CFPB reached the opposite conclusion because the Tennessee provision permits issuers to decline to honor gift cards as soon as two years after issuance. According to the CFPB, the Tennessee law is inconsistent with federal law because, in effect, the provision allows funds to expire sooner than is permitted under EFTA and Regulation E.