June 10, 2024
Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an “Amicus Brief(ly)1” comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters – CARLAW®, HouseLaw®, InstallmentLaw™, PrivacyLaw®, and BizFinLaw™ – provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.
On June 3, the Consumer Financial Protection Bureau finalized a rule that requires certain covered nonbank entities that offer or provide consumer financial products or services to register final, public orders, including consent and stipulated orders, issued against them by government agencies or courts. Certain entities, such as insured depository institutions, insured credit unions, motor vehicle dealers, federally recognized Indian tribes, and natural persons, are excluded from the final rule. The final rule will require certain covered nonbank entities to identify an executive responsible for the entity’s efforts to comply with the order in the registry and submit an annual written statement that includes information: (1) describing the steps the executive has taken to review or oversee the nonbank entity’s activities subject to the order during the preceding calendar year, and (2) attesting whether, to the executive’s knowledge, during the preceding calendar year, the entity identified any violations or noncompliance with the obligations imposed by the order in the registry. Covered nonbank entities that are subject to an order published on the Nationwide Multistate Licensing System and Registry’s Consumer Access website (except for orders issued or obtained at least in part by the CFPB) may elect to comply with a one-time registration option in lieu of complying with the final rule’s notification and written statement requirements with respect to that order.
The final rule is effective on September 16, 2024. It provides covered nonbank entities with certain timeframes to comply with the requirements, including submission of their registrations. Registration will begin for covered nonbank entities as early as October 16, 2024.
|
On June 4, the Consumer Financial Protection Bureau issued Consumer Financial Protection Circular 2024-03 responding to this question: Can persons that include unlawful or unenforceable terms and conditions in contracts for consumer financial products and services violate the prohibition on deceptive acts or practices in the Consumer Financial Protection Act? The CFPB answered the question in the affirmative, noting numerous instances under federal, state, and/or case law where contractual terms, including waiver provisions, are unlawful or unenforceable. The CFPB stated that “the inclusion of unlawful or unenforceable terms and conditions in consumer contracts is likely to mislead a reasonable consumer into believing that the terms are lawful and/or enforceable, when in fact they are not. … In particular, consumers are unlikely to be aware of the existence of laws that render the terms or conditions at issue unlawful or unenforceable, so in the event of a dispute, they are likely to conclude they lawfully agreed to waive their legal rights or protections after reviewing the contract on their own or when covered persons point out the existence of these contractual terms and conditions.” The circular went on to note that disclaimers stating “subject to applicable law” or “except where unenforceable” and disclaimers issued after the fact “are unlikely to cure the provision’s misleading or material nature.”
The press release announcing the circular referred to the inclusion of unlawful or unenforceable contractual terms and conditions as a “fine print tactic” and “intimidation” and stated that “[c]ompanies may be liable even if the unenforceable terms are borrowed from form templates or widely available contracts.”
|
On June 5, the Consumer Financial Protection Bureau finalized a rule that establishes the process for recognizing industry standard-setting bodies that may issue standards that companies can use to help them comply with the soon-to-be-final Personal Financial Data Rights rule, issued by the CFPB in October 2023.
The proposed Personal Financial Data Rights rule would require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts; establish obligations for third parties accessing consumers’ data, including important privacy protections for that data; provide basic standards for data access; and promote fair, open, and inclusive industry standards. The CFPB proposed that standards adopted by CFPB-recognized standard setters might be used to facilitate implementation of a final Personal Financial Data Rights rule.
The CFPB’s final rule identifies the attributes that a standard-setting body must demonstrate in order to be recognized by the CFPB and includes procedures for standard setters to apply for recognition by the CFPB. The final rule also includes a mechanism for the CFPB to revoke the recognition of standard setters and a maximum recognition duration of five years, after which recognized standard setters will have to apply for re-recognition. The final rule is effective 30 days after it is published in the Federal Register.
|
Effective June 3, the New Jersey Motor Vehicle Commission amended its rules pertaining to licensed motor vehicle dealers to implement recent statutory amendments. Among other changes, the new rules:
|
Connecticut recently enacted Senate Bill 123, which, among other things, requires a “claimant” to stop all collection activities that concern a debt identified by the debtor as a coerced debt until the claimant has completed a specified review. The new law defines “coerced debt” as “any [unsecured credit card] debt incurred in the name of a debtor who is a victim of domestic violence, as defined, …, when such debt was incurred in response to any duress, intimidation, threat of force, force or undue influence used to specifically coerce the debtor into incurring such debt.” A claimant is an entity, including a collection agency, that has, or purports to have, a claim against a debtor arising from an allegedly coerced debt.
A debtor must provide the claimant with certain information and documentation, certified by the debtor, showing that the debt was coerced. If a debtor notifies a claimant orally that a debt being collected is a coerced debt and requests that the claimant waive the debt, the claimant must, within 10 days of receiving the oral notice, send written notice to the debtor stating that the request must be in writing and in accordance with the information and documentation requirements.
Within 10 days of receipt of the information and documentation provided by the debtor, the claimant must: (1) suspend collection efforts for a period of 60 days or until it completes its investigation, whichever is longer; and (2) conduct a good faith review to determine whether the debt is a coerced debt. The claimant may not commence a legal action to collect the debt while completing the good faith review, and, if an action is then pending, the claimant must not proceed on the action while completing the review. If the claimant determines after its review that the debt is a coerced debt, it must permanently cease collection activities with respect to the debt and notify any credit rating agency to delete any negative information concerning the debt. If the claimant determines after its review that the debt is not a coerced debt, it may recommence collection activities.
The new law is effective on January 1, 2025.
|