Last Week, This Morning

January 21, 2025

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

Mortgage Company Settles HUD's Allegations that It Charged Unlawful Convenience Fees to Borrowers Using Certain Payment Methods

On January 13, the U.S. Department of Housing and Urban Development announced a settlement with a mortgage company to resolve allegations that the company unlawfully charged "convenience" fees to borrowers when they made mortgage payments over the phone through a representative, by telephone through an interactive voice response telephone system, or online, if they were not enrolled in the company's paperless statement program. HUD alleged that the charging of these fees violates Federal Housing Administration requirements because accepting and processing mortgage payments is considered part of a mortgagee's ordinary servicing activities for which it is already paid. HUD also alleged that charging such fees is prohibited absent explicit HUD approval, which the mortgage company allegedly never sought or obtained.

The settlement provides approximately $3,465,000 in restitution to approximately 51,500 borrowers for transactions between May 2021 and February 2023. In addition, the mortgage company will make an administrative payment of $245,000 to HUD.

Amicus brief(ly): Convenience fees were in the news the past couple of years for different reasons (e.g., the Fair Debt Collection Practices Act rule that says that for a debt collector to be able to charge a fee, the fee has to be expressly authorized by law or by the credit agreement, assuming that state law does not prohibit the fee). Here, HUD is saying that the cost of processing any payment is already baked into the servicing fees that HUD pays FHA-approved servicers, so those servicers should not have charged customers those payment convenience fees. In addition, the HUD servicing rules require servicers to ask for HUD's approval before imposing fees not already authorized in its servicing guidelines, which HUD alleges did not happen in this case. HUD evidently has identified other servicers that have been charging consumers payment convenience fees, so this may not be the last we hear on this topic.
Maryland Office of Financial Regulation Issues Guidance and Emergency Regulations Concerning Licensing of Mortgage Trusts and Assignees of Mortgage Loans

On January 10, the Maryland Office of Financial Regulation released guidance to clarify the licensing requirements for assignees of mortgage loans and for mortgage trusts, in light of the Appellate Court of Maryland's April 2024 decision in Estate of Brown v. Ward, 261 Md. App. 385 (April 19, 2024).

Specifically, the guidance states that "[u]nless expressly exempted from licensing requirements, persons that acquire or obtain assignments of any mortgage loans, including but not limited to open-end [governed by the Credit Grantor Revolving Credit Provisions] or closed-end [governed by the Credit Grantor Closed-End Credit Provisions] mortgage loans, are subject to licensing requirements under: Financial Institutions Article, Title 11, Subtitle 3 (Installment Loan Licensing); and Financial Institutions Article, Title 11, Subtitle 5 (Maryland Mortgage Lender Law) when the loan is secured by residential property." The guidance notes that "an entity licensed under the Maryland Mortgage Lender Law and engaging solely in a mortgage lending business need not obtain an Installment Loan license."

The guidance goes on to state that mortgage trusts, including passive trusts, must comply with the licensing requirements as clarified by emergency regulations promulgated by the OFR, which took effect on January 10, 2025. However, the OFR is delaying enforcement activities against persons subject to these new emergency regulations through April 10, 2025.

The emergency regulations:

  • provide for the licensing of mortgage trusts;
  • define "passive trusts" to include mortgage trusts that acquire, but do not originate, broker, or service, mortgage loans, and allow a passive trust to designate the trustee, or a principal officer of the trustee if the trustee is not a natural person, as the passive trust's qualifying individual;
  • provide that a passive trust can satisfy the statutory net worth requirement by providing evidence of assets, such as securitized mortgage pools, that will be held within 90 days of licensure. This provision is intended to establish a practical means of compliance for mortgage trusts structured to hold mortgage assets; and
  • establish clear procedures for passive trusts to satisfy licensing obligations under the Mortgage Lender Law and related provisions.

The emergency regulations will expire on June 16, 2025, and the OFR has submitted the same provisions in the emergency regulations as proposed, permanent regulations. The proposed regulations have also been published.

Amicus brief(ly): Note the Maryland regulator's wording in the guidance that makes its position clear on trusts - unless an entity is expressly exempt, that entity must have a mortgage lending license to hold mortgage loans. The guidance may be taking aim at the common construct of a Delaware statutory trust that hires a national bank to serve as trustee of the trust. In that model, on the theory that the trust is exempt from licensing based on the national bank's federal preemption powers, many passive trusts avoid otherwise applicable licensing. The guidance from Maryland does not address those specific facts, but there is no "express" exemption from the Maryland licensing requirements for non-bank trusts whose trustees are national banks. The OFR gives a few months' grace for license applications by currently unlicensed trusts, but affected companies should act soon because the licensing process can be cumbersome.

New Jersey AG and Division of Civil Rights Issue Guidance on Algorithmic Discrimination

The Office of the New Jersey Attorney General and the New Jersey Division of Civil Rights jointly issued guidance to clarify how the New Jersey Law Against Discrimination applies to algorithmic discrimination resulting from the use of automated decision-making tools.

The guidance states that "the LAD applies to algorithmic discrimination in the same way it has applied to other discriminatory conduct. ... [I]n New Jersey the LAD prohibits algorithmic discrimination in employment, housing, places of accommodation, credit, and contracting on the basis of ... [certain protected characteristics]. A covered entity - that is, an entity subject to the LAD's requirements - that engages in algorithmic discrimination may be held liable for violating the LAD, even if the covered entity uses a tool it did not develop." The guidance provides an overview of automated decision-making tools, explores the risks of disparate treatment discrimination, disparate impact discrimination, or the failure to provide or account for reasonable accommodations posed by the use of automated decision-making tools, and outlines the LAD's protections against algorithmic discrimination.

In addition to issuing the guidance, the DCR announced the creation of the Civil Rights Innovation Lab, which, according to the agencies' news release, will "identify and develop technology to enhance DCR's enforcement, outreach, and public education work, and will develop protocols to facilitate the responsible deployment of this technology."

In January 2024, the agencies released guidance that clarifies how the AG's office and the DCR apply the LAD to discrimination in home appraisals.

Amicus brief(ly): New Jersey's guidance warning against the possibility of algorithmic discrimination through the use of AI is consistent with the Consumer Financial Protection Bureau's appraisal rule issued in June 2024 and its 2023 guidance on adverse action notices that follow credit denials resulting from the use of AI technology. The New Jersey guidance is broad and, in addition to appraisal technology and credit, addresses employment decisions and other areas where companies are deploying AI. The guidance clarifies that its anti-discrimination laws on the books already prohibit the kinds of disparate treatment and disparate impact on protected consumers that the guidance describes. Regulators at the moment are urging caution and care (testing, monitoring, etc.) when using AI to replace existing systems and human intervention, which a good compliance management system for a creditor or servicer would also require.

CFPB Issues Proposed Rule Prohibiting Certain Contractual Provisions in Contracts for Consumer Financial Products and Services

On January 13, the Consumer Financial Protection Bureau proposed a rule that would prohibit certain contractual provisions in contracts for consumer financial products or services. The CFPB issued the proposed rule in response to its consumer protection concerns arising from the use of so-called contracts of adhesion by providers of consumer financial products and services.

The proposed rule would prohibit "covered persons" under the Consumer Financial Protection Act from including in their contracts: (1) provisions purporting to waive substantive consumer legal rights and protections, or their remedies, granted by state or federal law; (2) provisions giving companies the power to unilaterally amend material terms of a contract at any time; and (3) provisions that restrain a consumer's right to exercise free speech, including a consumer's right to share negative reviews about a company's products or services or to freely express political or religious views. The proposed rule would not affect a company's ability to close an account that is being used to commit fraud or other illegal activity.

The proposed rule would also codify certain prohibited credit practices under the Federal Trade Commission's Credit Practices Rule so that those prohibited practices apply to covered persons subject to the CFPA. The FTC's Credit Practices Rule applies only to creditors within the FTC's jurisdiction and prohibits them from using certain remedial provisions in consumer credit contracts, including confessions of judgment, waivers of exemption, wage assignments, and security interests in household goods.

The CFPB states that one of the reasons for issuing the proposed rule is to grant state attorneys general authority to enforce the existing Credit Practices Rule and the additional prohibitions against national banks.

Comments on the proposed rule are due by April 1, 2025.

Amicus brief(ly): We look forward to reading the comments the CFPB receives on this proposed rule - there will be plenty. Leaning really hard into its unfair and deceptive acts and practices rulemaking authority and potentially forgetting (or ignoring) that the express reason federal and state laws require creditors to provide certain disclosures - and in some cases entire agreements - before consummation is so that consumers can shop around for better credit offers, the CFPB has proposed a rule to re-codify the FTC's Credit Practices Rule as a CFPB rule that will also, if enacted as proposed, give states enforcement authority under the federal rule. There is a lot going on in the proposed rule that would upend some current practices that are as beneficial to consumers as they are to creditors. This one has a ways to go if it is to become a final rule, but it has the potential to be impactful, disruptive, and expensive for creditors.

FTC Settles First Action Related to Connected Vehicle Data

On January 16, in its first action related to connected vehicle data, the Federal Trade Commission entered into a proposed consent order with General Motors LLC, General Motors Holdings LLC, and OnStar LLC to resolve allegations that the companies collected and shared consumers' precise location data and driver behavior data with consumer reporting agencies for insurance purposes without the consumers' informed consent, in violation of the FTC Act.

Specifically, the respondents allegedly told consumers that the location and driver behavior data they collected would be used for the consumers' own assessment of their driving habits. Instead, according to the complaint, the respondents sold the driver data - such as every instance of hard braking, late night driving, and speeding - to consumer reporting agencies, which in turn used the data to compile credit reports on consumers that were used by insurance companies to make insurance decisions and set rates. The complaint also alleged that the respondents used confusing and misleading tactics when enrolling GM car purchasers in its OnStar connected car service and did not clearly disclose to consumers the types of information it collected through OnStar.

Among other requirements, the proposed consent order:

  • prohibits the respondents from misrepresenting information about how they collect, use, and share consumers' location and driver behavior data;
  • bans the respondents from disclosing consumers' location and driver behavior data to consumer reporting agencies for five years;
  • requires the respondents to obtain express, affirmative consent from consumers prior to collecting vehicle data, with some exceptions;
  • requires the respondents to allow consumers to request a copy of their location and driver behavior data and request its deletion; and
  • requires the respondents to allow consumers to disable and/or opt-out of the collection of their location and driver behavior data, with some exceptions.
Amicus brief(ly): Closer regulation of data use remains a top priority for the federal regulators, as evidenced by this first consent order with a vehicle manufacturer over the use of consumer driving data. The action follows last year's statement from the FTC that "firms do not have the free license to monetize people's information beyond purposes needed to provide their requested product or service, and firms shouldn't let business model incentives outweigh the need for meaningful privacy safeguards." Disclosure and consent are recurring themes in the material that has come out from regulators about data use, including this proposed consent order. Giving meaningful, accurate disclosures about data use and obtaining consumer consent to use data are consistent with best practices in financial services.

1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.