Last Week, This Morning

April 8, 2024

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an “Amicus Brief(ly)¹” comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters – CARLAW®, HouseLaw®, InstallmentLaw™, PrivacyLaw®, and BizFinLaw™ – provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

The governors of Arizona and West Virginia recently signed legislation addressing disclosure requirements when consumers enter rent-to-own transactions electronically or when a third-party merchant initially offers the property for sale.

Arizona Senate Bill 1271 requires lessors to disclose certain information to consumers when rental-purchase property is offered online or remotely through electronic commerce. Specifically, instead of displaying an in-store rent-to-own price tag, lessors will be permitted to electronically disclose the cash price, the periodic payment amount, the total number and amount of rental payments to acquire ownership, and the rental cost in connection with online and remote transactions. This information must be disclosed clearly and conspicuously, using visible, readable, and understandable numerals, before providing the consumer with the rental-purchase agreement. SB 1271 will be effective 91 days after the end of the legislative session.

West Virginia Senate Bill 430 provides that a lessor may give certain required disclosures electronically when goods are displayed or offered online or sold remotely. Specifically, lessors must disclose the retail value, the rent-to-own charge, the rental period, the number of periodic payments for ownership, the amount of each periodic payment, the total of all payments, and whether the goods are new or used. The information must be disclosed clearly and conspicuously and in an easily understood manner. SB 430 is effective immediately.

Amicus brief(ly): These state laws catch Arizona and West Virginia up to where other states are with respect to giving rent-to-own consumers information to make informed transaction decisions, but specifically in the online environment. States have increasingly enforced RTO hang tag rules (for example, consider the Pennsylvania attorney general action from about 18 months ago, its second at the time and one that came after 175 Assurances of Voluntary Compliance with other providers designed to ensure that they understood and would comply with Pennsylvania’s hang tag rules) to make sure vulnerable consumers have specific information in a conspicuous format for RTO transactions. Disclosures related to cost will always be critically important in a consumer finance transaction. These Arizona and West Virginia laws reflect a state law trend we expect to continue in the context of RTO transactions.

Kansas Governor Laura Kelly recently signed House Bill 2247, modifying the Kansas Mortgage Business Act and the state’s Uniform Consumer Credit Code. The extensive changes include increasing the dollar thresholds for coverage under the UCCC to match the federal Truth-in-Lending non-mortgage, non-student loan thresholds – more than a 100% increase in the dollar threshold of $25,000 - dramatically expanding the number of consumer finance transactions that will be subject to the UCCC after the effective date. The new law also includes mandatory disclosures for credit card surcharges, modifications to consumer loan finance charges and repayment terms, record requirements, new and revised definitions for "earnings" and "days" among other terms, requiring an extended payment plan option for payday loan borrowers, standardizing certain threshold amounts consistent with federal law, changes to origination fees for non-real estate transactions, licensing clarification for supervised loans, notification filing exemptions for supervised loan licensees, transferring mortgage provisions from the UCCC to the KMBA, and clarifying licensing exemptions. The changes will largely become effective on January 1, 2025. The changes standardizing the UCCC threshold amounts consistent with federal law will become effective on July 1, 2024.

Amicus brief(ly): Kansas did a lot with this 75-page bill. Any consumer financial services providers doing business in Kansas will have to spend some time with the new law. It is not uncommon for creditors with a business model that provides non-mortgage credit in amounts that vary widely but can exceed Kansas’s current $25,000 (amount financed) threshold to simply comply with the UCCC for all similar transactions. That approach cuts down on system complexity, cuts down the number of credit agreements to keep up, and provides consumers with higher-dollar obligations with some benefits that the law does not give them outright. But those creditors will want to understand the full scope of their obligations and potential liabilities in the changed landscape in Kansas.

Three trade groups - the American Fintech Council, the American Financial Services Association, and the National Association of Industrial Bankers – filed a lawsuit against the Colorado attorney general and the administrator of the Colorado Uniform Consumer Credit Code, alleging that the Depository Institutions Deregulation and Monetary Control Act of 1980 opt-out bill Colorado enacted last year is invalid.

On June 5, 2023, Colorado became the second state (Puerto Rico opted out, too, but it is not a state) to opt out of Section 521 of DIDMCA. Congress passed DIDMCA back in 1980 to, among other things, allow state-chartered banks to lend nationwide at rates up to the higher of their home state's interest-rate cap or a federal interest-rate cap. By opting out, a state could impose its own interest-rate cap, although it could only impose such a cap on loans "made in" the opting-out state. Iowa was the only state to opt out shortly after the enactment of DIDMCA, but the relatively recent growth of bank partnership lending has led some states to examine ways they can more closely regulate the terms of those loans, and one way to do that is by opting out of DIDMCA Section 521.

The plaintiffs in this recent challenge first allege that Colorado's DIDMCA opt-out violates the Supremacy Clause of the U.S. Constitution and is, therefore, invalid. The plaintiffs reason that, under the Supremacy Clause, any state laws that "interfere with, or are contrary to the laws of Congress, made in pursuance of the constitution" have no force or effect. As the plaintiffs explain, Section 525 of DIDMCA only authorizes a state to opt out of the Act's preemption provision with respect to loans made in such state. However, Colorado's opt-out applies to all consumer credit transactions in the state, which is broader than the "loans made in" standard permitted under DIDMCA. The plaintiffs note that the "loans made in" standard under DIDMCA focuses on the core functions surrounding the extension of credit, including approval and disbursal of the loan. Thus, because Colorado's DIDMCA opt-out allegedly exceeds the scope permitted under DIDMCA, the plaintiffs argue that Colorado's opt-out violates the Supremacy Clause.

Next, the plaintiffs argue that the opt-out violates the Dormant Commerce Clause because the broader interpretation of where a loan is made subjects out-of-state banks to inconsistent obligations across states and thus impedes the flow of commerce.

The plaintiffs also point out the negative effects of Colorado's DIDMCA opt-out. They note that the opt-out will reduce Colorado consumers' access to responsible and useful consumer credit products. In addition, because national banks are not affected by the opt-out and can continue to offer products with APRs exceeding the Colorado UCCC's 21% rate cap, state-charted banks will not be able to compete with national banks effectively. The plaintiffs also argue that the opt-out will require ongoing compliance costs and increase the risk of lawsuits and enforcement actions.

The plaintiffs seek a declaration that the Colorado opt-out violates the Supremacy Clause and the Dormant Commerce Clause. It further asks the court to enjoin the defendants from taking any action to enforce the Colorado UCCC with respect to loans that, under federal law, are not made in Colorado.

The Colorado law is scheduled to take effect on July 1, 2024.

Amicus brief(ly): Despite recent state trends attempting to limit interest rates (through, for example, all-in interest rates (APRs) capped at 36% for almost all credit products), it was a surprise when Colorado opted out of Section 521 of DIDMCA last year. This case will be fascinating to watch, with the outcome either shutting down the idea that states can still opt out of Section 521 or allowing states a new (refreshed?) means of more closely controlling the terms of consumer credit transactions. We’ll continue to report on this case as it develops.

The California legislature is considering Senate Bill 1286, a bill that would expand the scope of the state's debt collection law to cover small business debts. The existing law, the Rosenthal Fair Debt Collection Practices Act, covers only collection of consumer debts. Unlike the federal Fair Debt Collection Practices Act and many state debt collection laws, the RFDCPA applies to a person collecting its own debts in its own name as well as to a person collecting debts on behalf of another or a person collecting its own debts under a different name. As a result, this legislation would impact providers of small business financing that service and collect their own transactions.

SB 1286 defines the term "small business" to mean an independently owned and operated business not dominant in its field of operation with its principal office in California, its officers domiciled in California, 100 or fewer employees (including affiliates' employees), and average annual gross receipts of $15 million or less over the past three years. The bill defines the term "small business credit transaction" to mean a transaction where a small business or a small business owner obtains money, property, or services on credit primarily for purposes related to the business's activities. Additionally, it defines the terms "small business credit" and "small business debt" to mean money, property, or their equivalent due or owing or allegedly due or owing from a natural person due to a small business credit transaction. This definition is broad enough to encompass amounts due under a sales-based financing transaction as well as a traditional loan.

The RFDCPA is a thorough state debt collection law that includes provisions closely resembling provisions of the federal FDCPA, and, for many “debt collectors” (as defined in the statute), it requires compliance with the federal FDCPA, almost in its entirety, as a matter of state law. A violation of the RFDCPA is subject to the same remedies as a violation of the 2001 version of the FDCPA, including a lawsuit by the debtor. Like the FDCPA, the RFDCPA provides a defense for a debt collector that can show that a violation was the result of a bona fide error and occurred despite procedures designed to prevent such an error. If SB 1286 becomes law, it will take effect on January 1, 2025.

Amicus brief(ly): California was the first state to regulate business finance transactions more closely than is typical of the states. Its commercial finance disclosure law from 2018 was the first of several laws requiring cost disclosures and limiting terms of commercial finance transactions that had previously been unregulated. And while the Consumer Financial Protection Bureau and, to a lesser degree, the U.S. Congress have threatened to expand the scope of the federal FDCPA to cover commercial debt collection, California has actually taken that first legislative step with this bill. If California gets this done, we anticipate that the other states that have adopted commercial financing legislation will follow suit and add collection restrictions to their regulatory regimes. And we expect the states to be more effective at this than the federal government has been. Specifically, the industry would immediately challenge any attempt by the CFPB to expand the scope of its Regulation F to include commercial debt collection because the statute explicitly limits the scope of the FDCPA to consumer debt collection. And we have seen how effective Congress has been of late in getting bills passed. We’ll keep an eye on the states for now.

On April 4, the Consumer Financial Protection Bureau released a report – “Banking in Video Games and Virtual Worlds” – that examines the use of virtual currencies in video games and virtual worlds. According to the report, “gaming assets” are stored on users’ accounts and used as a medium of exchange. The report defines “gaming assets” as including “in-game currencies and virtual items, such as skins or cosmetic items. For crypto-based virtual worlds, this includes crypto-assets. These assets can be bought, sold, or traded through gaming marketplaces.”

Specifically, the report examines: “[t]he evolution of the gaming industry and the revenue shift from one-time purchases of games to smaller payments made during game play; [t]he systems that enable fiat currency to flow into and out of games and virtual worlds and make it possible to assign and extract considerable value from gaming assets both inside and outside of the game; [h]ow video games and virtual worlds act as electronic platforms that enable players to store and transfer valuable assets; [and] [r]ecent activity by companies to leverage gaming assets and their value by providing services that increasingly resemble traditional financial products, like loans and proprietary payment systems.” The report concludes that gaming assets can have immense value and that gaming companies have begun incorporating financial products and services into the gaming marketplace, such as payment processing, money transmission, and loans. The report also finds that there have been increased reports of users losing access to gaming assets as a result of hacking attempts, account theft, scams, and unauthorized transactions; yet, according to the CFPB, gaming companies provide little support to users who are the victims of such fraud. Finally, the CFPB expresses concern about gaming companies’ collection of large amounts of personal data about users, including financial data, purchasing history, behavioral data, location data, and biometric data, which may pose privacy risks to consumers.

Amicus brief(ly): Gamers will not be surprised to hear that there are valuable virtual assets locked up in video games, but others might be. The introduction of payment systems and even credit into that environment can be both a blessing and a curse – a blessing to gamers who understand the value of those in-game assets, allowing them to capitalize on their success in gaming. But it can be a curse too because gamers may be inclined to spend more actual currency in games to reach greater heights and then be tempted to make decisions about how to use and leverage their in-game wealth that can have real-world financial consequences they might not fully understand. And then, of course, there is the concern the CFPB raises about gamers losing access to their assets through theft and fraud. Finally, game providers that may have been lax in their information privacy and data security standards ought to heed the CFPB’s expressed concern about those issues, especially in an environment that appeals to young people. Those issues are not new or novel, and they warrant serious attention from any provider that hopes to survive long-term in the online world.

On April 4, the Federal Housing Administration extended the temporary partial waiver of the face-to-face interview requirement for mortgagees under 24 CFR § 203.604. The FHA initially published a partial waiver of the requirements in Section 203.604 on March 13, 2020, and subsequently extended the partial waiver through May 31, 2024. The partial waiver allows servicers to use alternative methods for conducting meetings with borrowers in default, provided that the mortgagee complies with certain requirements. According to the FHA, the extension of the partial waiver is being issued because HUD is in the process of considering public comment on a proposed rule, published on July 31, 2023, that would amend the current requirements of Section 203.604. The waiver states that “HUD understands that mortgagees would need to invest significant effort in staffing, contracting, and updating internal processes and borrower communications to resume the contact requirements found in the current § 203.604. HUD does not believe it is in the best interest of its Single Family Mortgage program to require mortgagees to make the described efforts for the interim period while HUD is determining how it intends to finalize the rulemaking.”

The partial waiver will now remain in effect until January 1, 2025, unless a final rule amending the provisions of Section 203.604 becomes effective.

Amicus brief(ly): The news this morning included a report that mortgage foreclosure rates are increasing in a number of states, making this extension of the partial waiver critical while HUD attempts to finalize its proposed rule. We remain in a post-pandemic high-interest-rate environment while consumer debt levels are increasing. Loss mitigation is important not just for government-backed consumer mortgages, but for any mortgage loan as a means of ensuring that the borrower and her servicer or lender can communicate about the possibility of saving the loan from an expensive default. The flexibility to have virtual loss mitigation meetings is important in light of the uptick in foreclosures. We expect the FHA to make the alternative meeting formats a permanent feature of loss mitigation in the final rule, allowing servicers and consumers to take advantage of the technology tools to which we have become accustomed through the pandemic.

---

¹ For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.