Last Week, This Morning

June 30, 2025

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1 comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

CFPB Issues Policy Statement on Criminally Liable Regulatory Offenses

On June 27, pursuant to President Trump's executive order - Fighting Overcriminalization in Federal Regulations - the Consumer Financial Protection Bureau issued a policy statement to describe its plan to address criminally liable regulatory offenses. The executive order defines a "criminal regulatory offense" as a "Federal regulation that is enforceable by a criminal penalty." The policy statement notes that the CFPB has issued regulations implementing certain federal consumer financial laws that are enforceable by a criminal penalty. For example, the Truth in Lending Act provides "whoever willfully and knowingly gives false or inaccurate information or fails to provide information which he is required to disclose under the [TILA] or any regulation issued thereunder ... shall be fined not more than $5,000 or imprisoned not more than one year, or both." The CFPB may, in the course of an enforcement investigation, refer alleged violations of these criminal regulatory offenses to the Department of Justice. The policy statement sets forth several factors that the CFPB will consider when exercising its discretion in making referrals of criminal regulatory offenses. Among other steps the CFPB intends to take to address criminal regulatory offenses, the CFPB will provide within the next year a report to the Director of the Office of Management and Budget containing: (1) a list of all criminal regulatory offenses enforceable by the CFPB and the DOJ; and (2) for each criminal regulatory offense, the range of potential criminal penalties for a violation and the applicable mens rea standard for the criminal regulatory offense. The CFPB will periodically update this report.

Amicus Brief(ly): It has been exceedingly rare to see criminal referrals based on routine law violations where it was not clear that the principals in a business intended to operate outside the law, but it has happened. The government needs clear evidence of that intent to even consider bringing criminal charges. The far more likely scenario is a financial penalty for violations and, for more serious allegations, a temporary or permanent prohibition against conducting business in the way that gave rise to the government action. This CFPB guidance gives the Bureau some homework to do in the coming year to assist it in deciding whether and under what circumstances to refer matters to the DOJ for criminal enforcement. We do not anticipate much action in the near term as a result of this guidance, but it is there for the curious.
Louisiana Limits Electronic Vehicle Tracking for Abuse Victims

Louisiana Governor Jeff Landry recently signed House Bill 74, which requires vehicle manufacturers to suspend remote access technology on a vehicle upon request by an abuse survivor. The new law requires the manufacturer to act within two business days of receiving a request from a survivor. The survivor must have an ownership interest in the vehicle or a judgment that provides the survivor with exclusive use. The survivor must also provide a copy of a protective order or other official document showing evidence of various kinds of abuse, including domestic abuse or stalking. A manufacturer must provide an online means for a survivor to submit the request. The manufacturer cannot require the survivor to pay a fee and cannot contact the abuser in connection with the request. Manufacturers violating the requirement are subject to a fine of up to $1 million. The law does not define the term "manufacturer" or address issues that may arise when other parties, such as creditors or lessors, have rights in the vehicle at the time the request is submitted.

In addition, the new law amends Louisiana's existing electronic tracking law. Under the current law, it is a crime to use a tracking device to determine the location or movement of another person without that person's consent. However, there is an exception for vehicle tracking if the owner of the vehicle provides consent. H.B. 74 removes the owner-consent exception when the person being tracked has a protective order or temporary restraining order.

The law takes effect on August 1, 2025.

Amicus Brief(ly): This important Louisiana law, effective in a month, passed both houses of the Louisiana legislature unanimously and will provide critical protection for victims of domestic abuse at a time when they are likely to need it most. Manufacturers that offer and install the remote access technology will have to bear the compliance burden, which requires not only a reaction time of two business days but also the facilitation of a secure means of submitting a request to disable the technology. The law does not address how vehicle finance creditors and lessors that also have an interest in the vehicle will be impacted. Depending on the frequency of use and the relative success of this initiative in Louisiana, the state may offer guidance to creditors and lessors, and other states may adopt similar laws.

Minnesota Overhauls Rate Limits for Mortgage Lending and Modifies Mortgage Disclosures

During its first special session in 2025, Minnesota enacted House Bill 4 that makes some dramatic changes to the state's mortgage lending laws and will become effective for mortgage loans closed on or after August 1, 2025.

First, the legislation modifies the maximum permissible rates on certain subordinate lien mortgage loans. Prior to this legislation, Section 334, subdivision 2, of the Minnesota Statutes provided an exemption from the state's usury rate limit for all contracts of $100,000 or more. The legislation removes "conventional loans" from this exemption. A "conventional loan" is generally a loan equal to or less than the conforming loan limits set by the Federal Housing Finance Agency. See Minn. Stat. § 47.20, subd. 2. As of 2025, the baseline one-unit limit is $806,500.

The above change should only affect subordinate lien loans and not first mortgage loans. Minnesota previously overrode Section 501(a) federal preemption and adopted a modified state version of Section 501(a). See Minn. Stat. §§ 47.203 and 47.204. First mortgage loans, therefore, are not made under the rate authority granted by Section 47.20. Similarly, the change should not affect banks or their operating subsidiaries, as these types of lenders may rely on a different lending statute, Section 47.59, for interest rate authority. The net result of the above change is essentially that non-bank lenders making subordinate lien mortgage loans of $100,000 or more will now be subject to the interest limits calculated under Section 47.20.

Second, the legislation modifies the way interest rate limits are calculated under Section 47.20. Previously, the maximum rate under Section 47.20 was based on a monthly index determined 60 days prior to closing plus 4%. The legislation modifies Section 47.20 to provide that the maximum rate for a conventional loan will now be the Average Prime Offer Rate applicable to a comparable transaction as of the date the mortgage loan's discounted interest is set plus 4%. See Minn. Stat. § 47.20, subd. 4a. While the statute references an APOR published by the Consumer Financial Protection Bureau, the rate is actually calculated by the Federal Financial Institutions Examination Council on a weekly basis. The net result of this change in the rate calculation method is that the maximum rate for a particular loan will not be set on a monthly basis. Rather, the rate limit will need to be calculated on a weekly basis, and that rate will apply to a particular mortgage loan based on the date the interest rate for that mortgage is set.

Third, for loans made under Section 47.20, the legislation amends the section's 2% single service charge limit to exempt from this limit loans that meet the Federal Qualified Mortgage standards under the Code of Federal Regulations, title 12, section 1026.43(e)(3).

Finally, the legislation amends a provision in Section 47.20 requiring certain default disclosures in all conventional loans. Specifically, the legislation now requires that default provisions in conventional mortgage loans provide for notice of default by first-class mail or, if agreed to by the borrower, by email. See Minn. Stat. § 47.20, subd. 8. Previously, notice by certified mail was required. This change appears to be intended to conform the requirements to the recently revised approach taken by the Fannie Mae/Freddie Mac Minnesota Uniform Instrument. Of note in this regard, this part of the legislation is made retroactive in part, providing that compliance with this change is optional with respect to conventional mortgage loan documents dated between August 1, 2024, and July 31, 2024.

Amicus Brief(ly): August 1 is right around the corner, which is a quick turn for the programming changes this new law will require for Minnesota lenders relying on Minnesota law for interest rate authority on their junior-lien loans. The update to the default notification requirements is welcome, though, because it removes the certified mail requirement and allows servicers to send default notices by email when the borrower agrees to receive required notices by email.

Connecticut Requires Creditor and Insurer Flood Insurance Disclosure

Connecticut Governor Ned Lamont recently signed Senate Bill 9, which requires a creditor to notify a mortgage loan applicant in writing, no later than 10 days prior to loan closing, that: (1) standard homeowners insurance policies do not cover flood damage and related losses; (2) flood damage to property may occur regardless of whether the real property is located in a designated flood zone; and (3) the applicant may wish to consult a licensed insurance producer or surplus lines broker concerning the availability and benefits of obtaining flood insurance.

The legislation also provides that each insurer that delivers, issues for delivery, or renews a homeowners or renters insurance policy for a residential dwelling must provide to the insured a notice prescribed or approved by the Insurance Commissioner explaining that: (1) such policy does not provide coverage for loss caused by flood; and (2) that insurance is available under separate flood policies, including information regarding flood insurance eligibility and access.

The new provisions are effective on July 1, 2026.

Amicus Brief(ly): Mortgage lenders operating in Connecticut will have a whole year to prepare a fairly simple flood insurance disclosure for applicants and borrowers to advise them of the risk of flood damage and the limitations of standard homeowners insurance policies in that regard. Connecticut endured an enormous rainstorm (over 12" of rain) and severe flooding almost a year ago. That event may have had something to do with this legislation. Fortunately, the disclosure requirement is straightforward and not much different from the flood disclosures other states require.

Texas Prohibits Collection of Certain Consumer Debt Resulting From Identity Theft

On June 20, Texas Governor Greg Abbott signed House Bill 4238, which prohibits the collection of certain consumer debt that is the result of identity theft. Specifically, the new law provides that a creditor or debt collector that receives from a consumer a court order declaring the consumer a victim of identity theft may not attempt to collect a consumer debt that is the result of the identity theft described in the court order. A creditor or debt collector that receives such notice: (1) must, not later than the seventh business day after receiving the notice, stop efforts to collect the disputed debt from the victim of identity theft; (2) must send to each person who has previously received a report relating to that debt from the creditor or debt collector notice that the debt is disputed and not collectible from the victim of identity theft; (3) may not sell or transfer the debt, except to collect the debt from the alleged perpetrator of identity theft or from a responsible person other than the victim of identity theft; and (4) may, if the disputed debt is secured by tangible personal property, enforce the security interest but may not collect or seek to collect any deficiency from the victim of identity theft.

The law permits the creditor or debt collector to bring an action to collect the disputed consumer debt from the alleged perpetrator of identity theft. The law does not apply to consumer debt that is a home loan or to the collection of a judgment already obtained.

The law is effective on September 1, 2025.

Amicus Brief(ly): New York and California have long had identity theft statutes on the books that prohibit collection of a debt under circumstances similar to those described in this new Texas law. The key component in Texas is the court order, though. New York and California do not require the claim of identity theft to have been adjudicated to keep creditors and debt collectors from attempting to collect the debt from the person claiming identity theft - they just require that the person have filed a police report. Providers should keep in mind the Fair Credit Reporting Act's Red Flags Rule, as adopted by the various federal regulators, and other state laws requiring identity theft identification, mitigation, and prevention requirements that offer consumers some protections when their identity has been stolen and debts have been incurred in their names.
Texas Authorizes Convenience Fees for Processing of Electronic Payments Under Vehicle Retail Installment Contract

On June 20, Texas Governor Greg Abbott signed House Bill 4134, which provides that a holder of a motor vehicle retail installment contract or the holder's agent may collect a fee for processing a retail buyer's electronic payment under the contract only if:

  • the fee is reasonably related to the expense incurred by the holder or holder's agent in processing the electronic payment;
  • the fee does not exceed the lesser of $10 or five percent of the amount of the payment; and
  • the holder or holder's agent: (1) allows the buyer to make a payment by a method other than an electronic payment that does not incur a fee; (2) does not establish electronic payment as the expected form of payment; and (3) informs the buyer of the following before the buyer agrees to make an electronic payment: (a) the amount of the fee to be charged; (b) that the buyer may make a payment by an alternative method that does not incur a fee, including by check, cash, or money order; and (c) that the holder or holder's agent may not establish electronic payment as the expected form of payment.

The law is effective on September 1, 2025.

Amicus Brief(ly): Payment convenience fees are a hot topic of late. Since the Carrington Mortgage case in the Fourth Circuit in 2022 held (correctly) that the Fair Debt Collection Practices Act prohibits a debt collector from imposing a fee on a consumer unless the fee is expressly permitted by agreement or by law, that provision of the FDCPA has been in focus. It came up in the Maryland case because Maryland's broad debt collection statute adopts the provision of the FDCPA into state law and requires "debt collectors" as defined in Maryland's statute to comply with it. The debt collection provisions of Texas' Finance Code include functionally the same fee limitation and apply it broadly to "debt collectors" as defined in Texas law. This new law provides clear authority for motor vehicle retail installment sale contract holders (and their servicing and collection agents) to impose what appears to be a reasonable payment convenience fee on consumers under certain circumstances. The general Texas rule that mirrors the FDCPA still applies to creditors, servicers, and debt collectors collecting Texas debts. With this update, the large Texas vehicle finance market has clear guidelines about how to go about offering the optional electronic payment service and collecting a fee for it. Creditors offering other credit products must still comply with the Finance Code's collection rule and should consider adhering to the guidelines of this bill in imposing payment convenience fees on consumers in other contexts (i.e., make sure the credit agreement provides for the fee if state law is permissive about fees, but the payment convenience fee is not specifically authorized in the credit statute).

1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.