February 17, 2026
Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.
New York Assembly Bill 10133-A (the "True Lender Bill") was recently introduced to the State Assembly and would establish requirements for certain "personal loans" involving "lenders," while simultaneously exempting certain "short-term loans." The True Lender Bill would deem non-depository, unlicensed parties as "lenders" if they:
Even if such a party acts as an agent or service provider for a third party exempt from the True Lender Bill (such as a bank or credit union), it would still be considered a "lender" if:
Personal loans involving such "lenders" made to persons who are residents of, or who are physically present in, New York would be subject to the state's civil and criminal usury limits. In addition to banks and certain New York licensed lenders, the True Lender Bill would also exempt parties making loans under certain federal lending programs, nonprofits engaged in certain federal or state low-income housing programs, and parties extending money on a nonrecourse basis in exchange for contingent rights to legal awards, judgments, and settlements.
The True Lender Bill would establish a limited exclusion for "short-term loans," defined as an unsecured closed-end personal loan of $3,000 or less with a scheduled repayment term of 3 to 12 months that is repayable in equal installments that will amortize the balance borrowed over the loan term. Short-term loans would be permitted to have interest up to 25% per annum, calculated inclusive of interest and virtually all fees. Limited administrative charges and late fees would be permitted but would be tiered based on dollar amount, and late fees would be subject to a lifetime cap. Among other things, prepayment penalties, increased default interest rates, default charges other than late fees, acceleration of the full balance, and fees for forbearance, payment deferrals, or extensions would be prohibited. The True Lender Bill would require lenders making short-term loans to offer them only after reasonable, risk-based underwriting.
|
On February 9, the New Jersey Office of the Attorney General and Division of Consumer Affairs announced that they recently obtained a final judgment in their action against a used car dealership for engaging in conduct that violated the New Jersey Consumer Fraud Act, New Jersey's motor vehicle advertising regulations, and a 2018 consent order.
The 2018 consent order resolved allegations that the dealership failed to provide clear disclosures regarding "gray market" vehicles (vehicles imported without authorization and that may not meet U.S. safety or emissions standards), improperly advertised its vehicles, failed to provide or properly disclose warranty information, and conducted a deceptive promotional program promising consumers a TV set with the purchase of a car that was not delivered as promised. Since then, the DCA received additional consumer complaints about the dealership's practices, initiated another investigation, and filed a complaint in the Superior Court of New Jersey. The state contended that the dealership continued to commit similar deceptive sales and advertising practices despite the consent order's requirements. The complaint alleged that the dealership violated the CFA, the advertising regulations, and the 2018 consent order by:
Partial summary judgment was granted to the state in April 2025, and the remaining count was voluntarily dismissed. In January 2026, the court granted the state's request for final judgment and entry of injunctive and monetary relief. The court found that the dealership's volume of violations over a 2-month period (511 violations in all), particularly after the entry of a prior consent order, reflected a "pattern of non-compliance" and a "lack of good faith and observance of fair dealing" that supported the enhanced civil penalty of $793,500. The court also awarded attorneys' fees and costs in the amount of $49,276.
|
In December 2023, the Consumer Financial Protection Bureau and the Department of Justice filed a complaint in the U.S. District Court for the Southern District of Texas against a private land developer and its affiliates. The complaint alleged that the developer, among other things, unlawfully discriminated against applicants on the basis of their race or national origin in violation of the Fair Housing Act and unlawfully discriminated against applicants on the basis of their race or national origin in violation of the Equal Credit Opportunity Act and its implementing Regulation B. Specifically, the CFPB and the DOJ alleged that the developer misled borrowers about infrastructure on the lots it sold, targeted Hispanic consumers with "predatory loans" at rates approximately eight points higher than the average fixed loan, engaged in an above-average rate of foreclosures against borrowers, and only provided transaction documents in English, despite advertising and marketing to Hispanic consumers in Spanish.
The developer expressly denied all allegations, but, to resolve the matter, on February 10, the developer agreed to a $68 million settlement and several remedial measures. The settlement also resolves a similar March 2024 lawsuit brought by the Texas Office of the Attorney General against the developer.
In a sign of the shifting priorities under the Trump administration, many of the claims brought by the Biden-era administration were not addressed in the current settlement agreement. Rather, the DOJ focused on the developer's "support of illegal immigration" through the alleged practice of providing mortgages to Hispanic consumers without requesting any documentation or determining their ability to repay the loan. In the DOJ's press release announcing the settlement, Harmeet K. Dhillon, assistant attorney general in the DOJ's Civil Rights Division, said that "[t]his DOJ will go after all lenders, financiers, and land developers who participate in schemes which ultimately encourage illegal immigration."
Approximately one-third of the settlement, $20 million, will go to building, funding, and equipping law enforcement facilities and personnel to patrol the developer's subdivisions due to the allegations of increased crime there. None of the $68 million will be set aside for borrower restitution. However, as part of the settlement, the developer agreed to participate in a default avoidance program, albeit one with a high barrier of entry that effectively prevents the most at-risk borrowers from participating. Borrowers must have made 12 consecutive, full, on-time mortgage payments within the last five years, must have paid at least $10,000 for improvements to the property in the past 18 months, and must have installed utility taps to physically connect their property to water, sewer, or gas mains.
|
On February 6, the New York Department of Financial Services issued industry guidance to regulated entities outlining the steps they should take to mitigate risks relating to vishing, the fraudulent practice of making phone calls or leaving voice messages purporting to be from a reputable source in order to induce individuals to reveal personal information.
The DFS stated that it is aware of recent vishing attempts at regulated entities where hackers are posing as IT help desk staff in calls to employees, sometimes using spoofed caller IDs, and directing employees to use a malicious link that takes them to fake organization- or vendor-branded websites. The employees who follow these directions unknowingly provide their login credentials and multi-factor authentication codes to the hackers. The DFS is advising entities to review their cybersecurity programs to confirm compliance with its cybersecurity regulation (23 NYCRR Part 500) and take the following steps:
|