By: Michael Flynn and Melissa Richards
Introduction
California has enacted a new California Consumer Protection Law (CCFPL), California Financial Code Section 90001 et seq. The CCFPL will convert the Department of Business Oversight (DBO) into a new Department of Financial Protection and Innovation (DFPI). AB 1864 was sent to the California Governor on September 4, 2020 for signature, and he is expected to sign within thirty (30) days.
In its new form, the DFPI will continue to supervise financial institutions previously overseen by the DBO. However, the coverage of the expanded scope of prohibited acts which the CCFPL empowers the DFPI to regulate and enforce is more limited. National and state chartered depository institutions, bank holding companies and trust companies, as well as most entities and persons currently licensed by the DBO and other California licensing agencies including real estate brokers and insurers, are not subject to these new prohibitions and powers in the CCFPL. The DFPI will continue to have the scope of regulatory authority over such institutions and persons that the DBO currently has, but that authority is not expanded by the CCFPL.
Instead, the CCFPL focuses on entities and persons that to date have not been formally licensed and supervised in California. These include certain FinTech companies and other presently non-licensed entities and persons, offering consumer financial services and products to a California resident. Such entities and persons will be subject to regulatory supervision and enforcement in regard to unlawful, unfair, deceptive, or abusive acts or practices (UDAAP), and can face significant penalties and injunctive relief for violations. The DFPI would have the power to issue subpoenas, conduct investigations, and bring administrative and civil proceedings against such entities.
The Commissioner of the DBO/DFPI has publicly stated that strong regulatory oversight of such FinTechs and other previously unlicensed entitles is essential for consumer protection and competitive fairness in consumer financial services markets. It is expected that the DFPI will aggressively regulate in regard to these companies.
The DFPI is also charged with establishing a Financial Technology Office whose purpose will be to promote further innovation and consumer access within the financial technology services sector.
Here are details on the CCFPL:
Who is a “Covered Person” and “Service Provider”
If no exemption applies, a “covered person” or a “service provider” is prohibited from a number of acts under the CCFPL. A “covered person” is defined as:
“Covered person” means, to the extent not preempted by federal law, any of the following:
(1) Any person that engages in offering or providing a consumer financial product or service to a resident of this state.
(2) Any affiliate of a person described in this subdivision if the affiliate acts as a service provider to the person.
(3) Any service provider to the extent that the person engages in the offering or provision of its own consumer financial product or service.
A “Service Provider” is defined as:
(1) “Service provider” means any person that provides a material service to a covered person in connection with the offering or provision by that covered person of a consumer financial product or service, including a person that either:
(A) Participates in designing, operating, or maintaining the consumer financial product or service.
(B) Processes transactions relating to the consumer financial product or service, other than unknowingly or incidentally transmitting or processing financial data in a manner that the data is undifferentiated from other types of data of the same form as the person transmits or processes.
(2) The term “service provider” does not include a person solely by virtue of that person offering or providing to a covered person either:
(A) A support service of a type provided to businesses generally or a similar ministerial service.
(B) Time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media.
Exemptions
The following types of institutions and persons are exempt from the CCFPL:
- Any bank, bank holding company, trust company, savings and loan association, savings and loan holding company, credit union, or an organization subject to oversight of the Farm Credit Administration, when acting under the authority of a license, certificate, or charter under federal law, or the laws of California or another state;
- Existing DBO licensees other than payday lenders and student loan servicers, which include:
- Any person licensed as an escrow agent under Division 6 (commencing with Section 17000) of the Financial Code.
- Any person licensed as a finance lender, broker, program administrator, or mortgage loan originator under Division 9 (commencing with Section 22000) of the Financial Code.
- Any person licensed as a broker-dealer or investment adviser under Division 1 (commencing with Section 25000) of Title 4 the Corporations Code.
- Any person licensed as a residential mortgage lender, a mortgage servicer, or a mortgage loan originator under Division 20 (commencing with Section 50000) of the Financial Code.
- Any person licensed as a check seller, bill payer, or prorater under Division 3 (commencing with Section 12000) of the Financial Code.
- Any person licensed as a capital access company under Division 3 (commencing with Section 28000) of Title 4 of the Corporations Code.
- Any person doing business under a license, charter, or certificate issued under the Financial Institution Law.
- Licensees and their employees of any California state agency other than the DFPI where the licensee or employee is acting under the authority of the other state agency’s license.
Prohibited Acts
Among other things, the CCFPL prohibits:
- Any unlawful, unfair, deceptive, or abusive act or practice with respect to consumer financial products or services.
- Offering or providing to a consumer any financial product or service not in conformity with any consumer financial law or otherwise committing any act or omission in violation of a consumer financial law.
- Any person who knowingly or recklessly provides substantial assistance to a covered person or service provider in violation of subdivision (a) or any rule or order issued thereunder, the provider of that substantial assistance shall be deemed to be in violation of that section. This restriction does not apply if the person is only providing or selling time or space to a covered person or service provider placing an advertisement.
DFPI’s Enforcement Authority
The DFPI will have investigatory powers, including the authority to issue subpoenas seeking documents and written answers.
Through administrative or civil proceedings, it may also seek injunctive relief for violations, as well as damages, monetary penalties, restitution, disgorgement, rescission of contracts, and refunds of money and return of real property.
Penalty amounts imposed may be up to:
- The greater of $5,000 per day a violation continues, or $2,500 for each individual violation;
- For any reckless violation, the greater of $25,000 per day a violation continues, or $10,000 for each individual violation;
- For any intentional violation, the lesser of 1 percent of the person’s total assets, $1,000,000 per day a violation continues, or $25,000 for each individual violation
“Financial Product or Service” Defined
If the entity is not exempted from coverage of the CCFPA, the types of financial products and services covered are very broad.
“Financial product or service” means:
(1) Extending credit and servicing extensions of credit, including acquiring, purchasing, selling, brokering extensions of credit, other than solely extending commercial credit to a person who originates consumer credit transactions.
(2) Extending or brokering leases of personal or real property that are the functional equivalent of purchase finance arrangements, if all of the following:
(A) The lease is on a non-operating basis.
(B) The initial term of the lease is at least 90 days.
(C) In the case of a lease involving real property, at the inception of the initial lease, the transaction is intended to result in ownership of the leased property to be transferred to the lessee, subject to standards prescribed by the department.
(3) Providing real estate settlement services.
(4) Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer.
(5) Selling, providing, or issuing stored value or payment instruments, except that, in the case of a sale of, or transaction to reload, stored value, only if the seller exercises substantial control over the terms or conditions of the stored value provided to the consumer where, for purposes of this paragraph, both:
(A) A seller shall not be found to exercise substantial control over the terms or conditions of the stored value if the seller is not a party to the contract with the consumer for the stored value product, and another person is principally responsible for establishing the terms or conditions of the stored value.
(B) Advertising the nonfinancial goods or services of the seller on the stored value card or device is not in itself an exercise of substantial control over the terms or conditions.
(6) Providing check cashing, check collection, or check guaranty services.
(7) Providing payments or other financial data processing products or services to a consumer by any technological means, including processing or storing financial or banking data for any payment instrument, or through any payment system or networks used for processing payment data, including payments made through an online banking system or mobile telecommunications network, except that a person shall not be deemed to be a covered person with respect to financial data processing solely because the person either:
(A) Is a merchant, retailer, or seller of any nonfinancial good or service who engages in financial data processing by transmitting or storing payment data about a consumer exclusively for purpose of initiating payment instructions by the consumer to pay that person for the purchase of, or to complete a commercial transaction for, the nonfinancial good or service sold directly by that person to the consumer.
(B) Provides access to a host server to a person for purposes of enabling that person to establish and maintain a website.
(8) Providing financial advisory services other than services relating to securities provided by a person regulated by the Securities Exchange Commission or a person regulated by a state securities commission, but only to the extent that such person acts in a regulated capacity, to consumers on individual financial matters or relating to proprietary financial products or services (other than by publishing any bona fide newspaper, news magazine, or business or financial publication of general and regular circulation, including publishing market data, news, or data analytics or investment information or recommendations that are not tailored to the individual needs of a particular consumer) including both of the following:
(A) Providing credit counseling to any consumer.
(B) Providing services to assist a consumer with debt management or debt settlement, modifying the terms of any extension of credit, or avoiding foreclosure.
(9) Collecting, analyzing, maintaining, or providing consumer report information or other account information, including information relating to the credit history of consumers, used or expected to be used in connection with any decision regarding the offering or provision of a consumer financial product or service, except to the extent that:
(A) A person does any of the following:
(i) Collects, analyzes, or maintains information that relates solely to the transactions between a consumer and that person.
(ii) Provides information to an affiliate of the person, as described in subdivision (a).
(iii) Provides information that is used or expected to be used solely in any decision regarding the offering or provision of a product or service that is not a consumer financial product or service.
(B) The information described in clause (i) of subparagraph (A) is not used by the person or affiliate in connection with any decision regarding the offering or provision of a consumer financial product or service to the consumer, other than credit described in subparagraph (A) of paragraph (1) of subdivision (e) of Section 90006.
(10) Collecting debt related to any consumer financial product or service.
(11) Directly or indirectly brokering the offer or sale of a franchise in this state on behalf of another.
(12) Offering another financial product or service as may be defined by the department, by regulation, for purposes of this division, if the department finds that the financial product or service is either:
(A) Entered into or conducted as a subterfuge or with a purpose to evade any consumer financial law.
(B) Permissible for a bank or for a financial holding company to offer or to provide under any provision of law or regulation applicable to a bank or a financial holding company, and has, or likely will have, a material impact on consumers, excluding, however, solely from the department’s authority to define additional financial products and services under this subparagraph and not the exercise of any other authority it may have, the following activities provided to a covered person:
(i) Providing information products or services to a covered person for identity authentication.
(ii) Providing information products or services for fraud or identify theft detection, prevention, or investigation.
(iii) Providing document retrieval or delivery services.
(iv) Providing public records information retrieval.
(v) Providing information products or services for anti-money laundering activities.
(13) The term “financial product or service” does not include either of the following:
(A) Insurance, as defined in Section 22 of the Insurance Code, regulated by the Department of Insurance.
(B) The provision, by a person, of electronic data transmission, routing, intermediate or transient storage, or connections to a telecommunications system or network, not including a person that provides those electronic conduit services if, when providing those services, the person does any of the following:
(i) Selects or modifies the content of the electronic data.
(ii) Transmits, routes, stores, or provides connections for electronic data, including financial data, in a manner that the financial data is differentiated from other types of data of the same form that the person transmits, routes, or stores, or with respect to which, provides connections.
(iii) Is a payee, payor, correspondent, or similar party to a payment transaction with a consumer.
Buchalter’s Financial Services Regulatory Group provides banks, credit unions, and non-bank financial institutions with with expertise in the full range of financial institution regulatory requirements at the Federal and state level. Our knowledge includes FinTech-financial services regulatory issues, and compliance and risk management needs.