Financial Services Law

NY Regulator Cracks Down on Payday Lenders’ Use of Debit Networks

New York’s Department of Financial Services (DFS) is expanding its efforts to combat illegal payday lending to New York consumers by taking a series of steps to prevent payday lenders from collecting payments through the MasterCard and Visa networks.

As regulatory pressure mounts to prevent online payday lenders’ abuse of the Automated Clearing House (ACH) network, some lenders have turned to debit card transactions, the DFS said, as “an end run around … to illegally deduct funds from New Yorkers’ bank accounts.”

MasterCard and Visa agreed to investigate and take “appropriate action” when provided with evidence by the DFS that online payday lenders are using debit card transactions to collect illegal payday loans from New York residents. Appropriate action may include requiring the payday lender’s acquiring financial institution to cease dealings with that lender. The networks will also notify banks about potentially illegal transactions by sending alerts to all the acquiring financial institutions in their debit networks about illegal payday lending and applicable New York law.

“Whenever online payday lenders try new schemes to flout our laws and exploit New York customers, we will take strong action to head them off at the pass,” DFS Superintendent Benjamin Lawsky said about the deal with MasterCard and Visa.

In addition, the DFS also sent cease and desist letters to 20 companies it says are “illegally promoting, making, or collecting on payday loans to New York consumers.” As part of its investigation, the DFS concluded that 12 of these payday lenders are using the new debit card tactic to collect payments on their loans.

Why it matters: New York’s DFS has been aggressive in its efforts to crack down on payday lenders. Last summer, the regulator sent 35 cease and desist letters to various lenders demanding a halt to their allegedly illegal payday loans to New York borrowers; DFS concurrently asked banks to limit the lenders’ access to the payment system. However, as payday lending options have decreased, consumers in need of access to short-term, small-dollar loans are turning to intentional overdrafts. Some banks are seeing a rise in overdraft fees as consumers are willing to pay the fee, often less than the interest on a payday loan, for access to cash.

back to top

CFPB Proposes New Plan for Privacy Notices

Financial institutions may soon have a cheaper way to notify consumers about their privacy policies.

Under a new proposal issued by the Consumer Financial Protection Bureau (CFPB), financial institutions could avoid the requirement to mail an annual privacy notice to customers by instead referring them to an online notice, which is posted “in a clear and conspicuous manner” on the bank’s website.

“Consumers need clear information about how their personal information is being used by financial institutions,” CFPB Director Richard Cordray said in a statement. “This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”

The Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions provide customers with details about how their nonpublic personal customer information is collected, used, and disclosed as well as whether customers can limit disclosures to third parties. Currently, the rule requires that an annual notice be provided via mail.

But, in what the CFPB said was an attempt to improve privacy notices and save financial institutions money, the agency would offer an alternative. In order to qualify for the incentive, certain requirements must be met.

Institutions would still need to provide a brief disclosure in another customer communication (such as a billing statement) that the institution’s policy is available online and in paper by request at a toll-free number. The policy itself must be posted “in a clear and conspicuous manner” on the bank’s website.

Most significantly, financial institutions would need to track the model privacy policy developed by regulators as provided in Regulation P and agree not to share a customer’s nonpublic personal information with nonaffiliated third parties in a manner that triggers GLBA opt-out rights. The notice – which cannot have changed since the last time it was provided to customers – must also not include an opt-out pursuant to the Fair Credit Reporting Act (FCRA) or serve as the institution’s only notice to satisfy FCRA requirements.

While touting the benefits to consumers of constant access to privacy policies and the ability to comparison shop among institutions with regard to privacy issues, the CFPB estimated that the switch could save banks up to $17 million each year by avoiding annual mailings.

The proposal is currently open for public comment.

To read the proposal, click here.

Why it matters: The CFPB’s proposal would apply to both banks and nonbanks within the agency’s jurisdiction under the GLBA. Those institutions willing to meet the CFPB’s requirements could save themselves a significant amount of money and hassle by avoiding the annual privacy policy mailing requirement. Stay tuned for any additional regulatory input for banks outside the CFPB’s jurisdiction.

back to top

SEC Alerts Investors: Of Bitcoin Risks

For the second time in less than one year, the Securities and Exchange Commission (SEC) has issued an alert to investors about the risks of investing in Bitcoin and other virtual currency-related opportunities.

“A new product, technology, or innovation – such as Bitcoin – has the potential to give rise to both frauds and high-risk investment opportunities,” the SEC wrote. “Potential investors can be easily enticed with the promise of high returns in a new investment space and also may be less skeptical when assessing something novel, new and cutting-edge.”

This Investor Alert follows an earlier SEC warning about the risks of Bitcoin in the context of Ponzi scams and a recent FINRA release cautioning investors about the risks.

The latest Alert reviews the risks that may be associated with Bitcoin investment opportunities and potential warning signs of investment fraud.

Another concern is the vulnerability of Bitcoin users, those who made money from the rapid increase in the price of Bitcoin. The SEC noted that “many early adopters of Bitcoin may have experienced an unexpected increase in wealth, making them attractive targets for fraudsters as well as promoters of high-risk investment opportunities.” It pointed out that “scam artists may take advantage of Bitcoin users’ vested interest in the success of Bitcoin to lure these users into Bitcoin-related investment schemes,” some of which may be legitimate but high-risk. It cautioned that fraudsters and promoters alike might solicit users “through forums and online sites frequented by members of the Bitcoin community.”

Investors should be aware of red flags signaling investment fraud – such as unlicensed sellers and unsolicited offers. The SEC also warns that using Bitcoin could limit the user’s chance of recovery if fraud or theft should occur because the party involved is unregulated or operating unlawfully. Law enforcement in particular may face challenges when investigating the illicit use of virtual currency, including the difficulty in tracing the flow of money, the international scope of transactions, the lack of a central authority overseeing Bitcoin and the difficulty in seizing assets.

The agency provided a list of unique risks posed by Bitcoin investments, including the lack of federal deposit or securities-related insurance, the historical volatility of prices, the threat that federal, state or foreign governments may restrict or prohibit the use of virtual currencies, technology-related security concerns and the lack of a proven track record of credibility and trust.

“Innovations and new technologies are often used by fraudsters to perpetuate fraudulent investment schemes,” the SEC concluded. “Bitcoin does not have an established track record of credibility and trust.”

To read the SEC’s Investor Alert, click here.

Why it matters: The SEC’s second Bitcoin Investor Alert is thoughtful and well-presented. While it singles out Bitcoin among an ever-growing class of virtual currencies, the SEC is not solely focused on it. As virtual currencies continue to experience problems with their banking relationships, it would have been useful for the SEC to note that the issues raised in the Alert are no different from those raised by a variety of types of financial instruments and that they are all vulnerable to abuse by fraudsters and promoters. Other agencies are also looking at Bitcoin. The Federal Election Commission approved Bitcoin for political contributions, albeit capped at $100. The Federal Reserve discussed the potential disruptive impact of crypto and other virtual currencies at its most recent Open Market Committee meeting, and the Conference of State Bank Supervisors convened the first in an expected series of hearings on how to regulate them.

back to top

Creaking Open the Doors for Marijuana Businesses May Be Big Risk

Banks struggling with the question of whether – and how – to work with marijuana-related businesses can look to Colorado and Washington for ideas, but will do so at their own risk if the ongoing dialogue between FinCEN and the Co-Chairs of the United States Senate Caucus on International Narcotics Control is any indication of the national climate on banking marijuana-related businesses.

Both states legalized the sale, use, and possession of recreational marijuana last year. This month, Colorado became the first state to pass a bill establishing a financial system for marijuana-related businesses.

The Marijuana Financial Services Cooperatives Act “sets up a new type of financial structure to the gap we’re seeing between banking and the marijuana industry,” Rep. Jonathan Singer, who sponsored the legislation, told the Hartford Courant. Specifically, the law would establish “cannabis credit co-ops” akin to credit unions without deposit insurance.

The law requires co-op incorporators to provide written evidence of approval by the Federal Reserve system and would subject the co-ops to exams by the state’s Division of Financial Services every six months. A total of 10 licensed co-ops are allowed.

Although Governor John Hickenlooper is expected to sign the bill, federal support in this area is lacking.

The Financial Crimes Enforcement Network (FinCEN) released guidance earlier this year on how banks can work with marijuana-related businesses. In response to that release, United States Senators Dianne Feinstein and Charles Grassley, Co-Chairs of the Senate Caucus on International Narcotics Control, asked FinCEN to explain how its guidance does not actually assist businesses that are attempting to inject the proceeds of criminal activity into the nation’s financial system, and openly challenged FinCEN to respond to the question of whether or not its guidance actually may expose financial institutions to civil or criminal liability.

While Colorado has been taking the legislative route to tackle the issue of financial services for marijuana-related businesses, a bank in Washington has publicly stated that it intends to work with some companies.

In an interview with SNL Financial, Spokane, Washington-based Numerica Credit Union’s executive vice president and general counsel Lynn Ciani said the institution will only work with local producers or processors and not retail stores. Numerica’s announcement yielded 100 inquiries, she said, although only two were deemed appropriate to actually receive information about opening an account.

The FinCEN guidance was the “precipitating event” triggering serious consideration of the issue, Ciani told SNL, and the institution began discussions with various regulators, none of which expressed concerns “as long as it was well thought-out and we mitigated our risk.”

New processes and policies were required to mitigate the risk, Ciani said, and Numerica determined that it would be too risky to accept deposits from licensed retailers, sticking with the safer alternatives of producers and processors.

To set up an account, a business must submit an application requesting information, followed by an underwriting process and review by the state board governing marijuana licenses. A Numerica committee governing I-502 accounts (the voter referendum legalizing marijuana) will then issue a final approval or denial for an account.

Ciani’s response to the FinCEN guidance drives to the heart of the concerns of Senators Grassley and Feinstein. In addition, the national regulator that governs credit unions (the NCUA) has yet to substantively weigh in on this complicated web of what kind of support, if any, financial institutions can supply for marijuana-related businesses. “We’ve taken a lot of actions to mitigate our risk,” Ciani added. “And what risk is left over, we believe is outweighed by the risk to our communities, so we’re willing to take that mitigated risk.”

To read the Marijuana Financial Services Cooperatives Act, click here.

Why it matters: The intersection of financial institutions under federal regulation and states with legal marijuana-related businesses poses real challenges. Until federal law provides additional clarity for financial institutions that wish to bank marijuana-related businesses, financial institutions dipping their toe into this unclear area of law do so at their own risk.

back to top



pursuant to New York DR 2-101(f)

© 2023 Manatt, Phelps & Phillips, LLP.

All rights reserved