On October 15, the New York Attorney General’s office announced a settlement with a large financial institution in connection with a 2012 data breach. Of the $850,000 settlement agreement, New York State will receive over $114,000. The terms of the settlement require that the bank reform its former security practices, which caused over one million customer files to be compromised. Specifically, in 2012, the bank lost over one million unencrypted files that contained personal information for over 200,000 customers nationwide. Going forward, the bank must (i) notify state residents of security breaches in a timely manner; and (ii) maintain security policies that will protect personal information.
On October 14, Superintendent Lawsky delivered remarks on virtual currency and Bitcoin regulation in New York City. Specifically, Lawsky addressed the comments received in connection with the DFS’s July 17 proposal to establish a licensing regime for virtual currency businesses. Lawsky clarified the following five areas of concern: (i) who will be required to obtain a BitLicense; (ii) which type of license, money transmitter and/or virtual currency, a business will be required to obtain, confirming that, if both are required, the application process will be streamlined; (iii) the requirements that banks providing virtual currency services will need to comply with; (iv) the regulation of mining when a miner engages in virtual currency services; and (v) the “compliance costs of regulation on new or fledging virtual currency enterprises.” Noting that the DFS hopes that companies will work with the DFS as opposed to “run[ning] from regulation,” Lawsky emphasized the significance of appropriate regulation as it pertains to safeguarding customers’ money at financial companies.
On September 26, Virginia Attorney General Mark Herring issued a letter declaring that the Virginia State Board of Elections is not legally precluded from directing general registrars to accept voter registration applications with electronic signatures. “It is my opinion that, although no law requires the acceptance of mailed voter registration applications with electronic signatures, the State Board of Elections is not precluded from directing that general registrars accept such applications, and the State Board, in its discretion, may do so[.]” The letter also stated that the Board of Elections also has authority to establish standards to ensure the security of voter information and to verify the authenticity and validity of the electronic signatures. The letter validates the Board of Election’s decision to accept electronic signatures during the 2013 gubernatorial election.
On September 16, the Oregon Department of Consumer and Business Services Division of Finance and Corporate Securities adopted a rule amending several sections of the Oregon Administrative Rules related to the licensing of mortgage loan originators. The amendment makes minor changes to sections related to (i) definitions; (ii) the license application process; (iii) criminal records check requirements; (iv) significant event and financial reporting requirements; (v) bonding calculations; and (vi) retention of advertising samples. In addition, the rulemaking added a new section that designates the filing of a report containing false or incorrect information as a practice subject to denial, suspension, or revocation of licensure. The amendment also clarifies the manner in which deposits into or withdrawals from a trust account of borrower funds must be documented. Finally, the amendment adjusts the amount of pre-licensing and continuing education required to obtain and maintain licensure. The amendments become effective on January 1, 2015.
On September 16, the NYDFS announced that they have issued subpoenas to nine “hard money” lenders, groups that originate short-term, high interest loans secured by a borrower’s home or other real estate, as part of a probe into whether such lenders are intentionally structuring loans with the expectation of foreclosing on the property. NYDFS noted that “[w]hile many hard money lenders may be engaged in legitimate financial activities, certain unscrupulous companies appear to be taking advantage of borrowers in tough financial straits by making loans that are designed to fail.” The NYDFS’s investigation is focused on whether the nine lenders are intentionally structuring hard money loans with onerous terms, such as high interest rates, numerous upfront fees, and enormous balloon payments, so that borrowers are driven into to default.
On September 10, the Missouri General Assembly voted to override Governor Jay Nixon’s veto of SB 866, which defines traditional installment loans as “fixed rate, fully amortized, closed-end extensions of direct consumer loans” and preempts certain local government actions that would affect lenders who only make such installment loans and who operate under a consumer installment loan license or a consumer credit loan license. The preemption provisions do not apply to ordinances in a home rule city with more than four hundred thousand residents and located in more than one county, i.e., Kansas City, or to a charter provision or valid ordinance as of August 28, 2014, that expressly applies to traditional installment loan lenders.
(Chase Plaza Condominium Association, Inv. V. JP Morgan Chase Bank, No 13-CV-623 & 13-CV-674, decided August 28, 2014). In a case of first impression, the District of Columbia Court of Appeals held that a condominium association’s foreclosure of a lien for unpaid assessments extinguished the first mortgage on the unit. The District of Columbia’s condominium “super-priority lien” law (created in 1991) grants super-priority to condominium association liens for up to six months of unpaid assessments. The super-priority lien law does not specify what happens when the condominium association forecloses and the proceeds of the sale are insufficient to pay the first deed of trust. The Court of Appeals looked to general foreclosure law for guidance, finding that foreclosure of a lien with superior priority extinguishes liens with lower priority. Here, the $280,000 purchase money first mortgage was made in 2005, the owner’s assessments became delinquent in 2008, the association foreclosed its $9415 assessment lien in 2010, and the bidder at the foreclosure sale paid $10,000 for the property. The mortgagee sued to have the foreclosure set aside. The Court reasoned that the drafters of the super-priority lien law “understood that foreclosure of a super-priority lien could extinguish a first mortgage … but expected that mortgage lenders would take the necessary steps to prevent that result, either by requiring payment of assessments into an escrow account or by paying assessments themselves to prevent foreclosure,” and rejected the lender’s argument that permitting foreclosure of condominium assessment liens to extinguish first mortgages would be unreasonable as a matter of policy.
On September 2, the NY AG sued a regional bank claiming the bank engaged in unlawful discriminatory practices by intentionally avoiding offering mortgage loan products to predominately African-American neighborhoods in Buffalo. People of the State of New York v. Evans Bancorp, Inc. et al., No. 14-cv-00726 (W.D.N.Y. Sept. 2, 2014). In the complaint, the NY AG asserts that by creating a map of its lending area in Buffalo that included most of the city and its surroundings, but excluded certain African-American neighborhoods on the city’s east side, the bank engaged in redlining in violation of the Fair Housing Act, New York state human rights law, and city code. The suit also alleges that the bank did not market its loan products to minority customers and located bank branches and ATMs outside of minority neighborhoods. The NY AG further claims that the bank’s rates of lending and receiving applications from African-American borrowers allegedly lags behind comparable banks and that these purported discriminatory effects are due to the bank’s alleged redlining practices. The NY AG seeks injunctive relief, damages, civil penalties, punitive damages, fees and costs. In its release announcing the lawsuit, the NY AG stated that the suit is part of ongoing investigations by the AG into potential mortgage redlining across the state.
On August 26, Illinois amended its Code of Civil Procedure by adding Section 15-1603.5 to address situations where a foreclosure sale occurred, but a junior lienholder was not named in the foreclosure complaint. Specifically, the law permits a holder of a certificate of sale who discovers an omitted subordinate interest to file a strict foreclosure complaint naming the person who has the omitted subordinate interest as the defendant. Unless the defendant objects, the court must enter a judgment extinguishing the omitted subordinate interest. If the defendant objects, the court must hold a hearing and order either (i) that the defendant has not agreed to pay the redemption amount, in which case the court must enter judgment; or (ii) that the defendant has agreed to pay the redemption amount. The law also sets forth the items that must and must not be included in the redemption amount, and provides that the defendant has 30 days after the entry of the order to pay the redemption amount. Although the person who has an omitted subordinate interest does not have a right to file a strict foreclosure action, the person does maintain the right to claim surplus proceeds from the foreclosure sale.
On August 20, the District of Columbia Department of Insurance, Securities and Banking (DISB) announced that, as of September 3, 2014, it will begin using the NMLS to manage money transmitter, check casher, money lender, retail seller, sales finance company and non-bank ATM licenses and registrations. Beginning on that date, new applicants for such licenses and registrations must apply via the NMLS. Entities currently holding such licenses and registrations must create a complete record in NMLS and submit it to DISB for approval by December 31, 2014.
On August 12, Delaware Governor Jack A. Markell signed the Digital Access and Digital Accounts Act, the first law in the nation to comprehensively govern access to a person’s digital assets, including social media and email accounts, after the person dies or becomes incapacitated. Under the new law, a Delaware resident’s digital assets will become part of his or her estate after death, and these assets will be accessible to heirs to the same extent as the deceased person’s physical, tangible assets. Digital assets are defined broadly to include data, texts, email, audio, video, images, sounds, social media and social networking content, health care and insurance records, computer codes and programs, software and software licenses, and databases, along with usernames and passwords. The law expressly does not apply to digital accounts of an employer regularly used by an employee in the usual course of business. The law requires any company that controls a person’s digital assets to give the legal fiduciary for the deceased’s estate the usernames, passwords, and any other information needed to gain access to the digital assets upon a valid written request. Any contrary provisions in service agreements or privacy policies that limit a fiduciary’s access to digital accounts are void, although the account owner can specify that the account should remain private after death. The law also grants the company controlling the digit assets immunity for complying with valid requests for account access. The new law takes effect January 1, 2015.
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
On August 18, the New York DFS announced an agreement with a bank consulting firm to resolve allegations related to certain services it performed for a bank charged last year with sanctions violations. The consulting firm allegedly altered an historical transaction review (HTR) report submitted to regulators regarding wire transfers that the bank completed on behalf of sanctioned countries and entities. At the bank’s request, the firm allegedly removed from the original HTR report key information and warning language concerning the bank’s transactions. Specifically, the DFS alleges that the firm: (i) removed the English translation of the bank’s wire stripping instructions; (ii) removed a regulatory term to describe the wire-stripping instructions and a discussion of the activities; and (iii) deleted “several forensic questions” that the firm identified as necessary for consideration in connection with the HTR report. The agreement prohibits the firm from doing business with any DFS-regulated institution for two years and requires the firm to: (i) pay a $25 million penalty; and (ii) implement certain reforms to address the conflicts of interest within the consulting industry. Those reforms are based on a similar agreement obtained by the DFS last year from another consulting firm.
This week, the New York DFS announced the extension of the comment period on its proposal to create a regulatory licensing framework for virtual currency companies, including a so-called BitLicense. Given the “significant amount of public interest in and commentary on” the proposal, the DFS doubled the length of the comment period from 45 to 90 days. Comments are now due by October 21, 2014. Further information about the proposal and related issues is available here.
Last month, the Massachusetts Division of Banks (DOB) issued an advisory opinion addressing whether an oral request by a debtor for certain records to validate a debt (pursuant to 209 CMR 18.18(3)) triggers a debt collector’s obligation to provide such documents within five business days. The DOB advised that a debt collector’s receipt of an oral request for such records from a consumer (or a consumer’s attorney) is sufficient to trigger the debt collector’s obligation and may serve to commence the five business day period in which the required response must be returned to the consumer.