New proposed legislation in California, backed by state Attorney General (“AG”) Xavier Becerra, would amend the new California Consumer Privacy Act (“CCPA”) to make it easier for private plaintiffs and public officials to sue for violations while further increasing regulatory uncertainty and compliance costs for businesses. Specifically, SB 561 would expand the CCPA’s private right of action, remove the Act’s public enforcement “cure” provision, and eliminate the ability of affected companies to seek compliance guidance from the AG.

The CCPA is a sweeping new privacy law which goes into effect in January 2020. It gives California residents substantial control over personal data held by certain California businesses, requiring disclosure of what personal information the business collects, how that information is used or sold, and allowing consumers to control or delete that information upon request. It currently allows private plaintiffs to seek statutory damages of up to $750 per violation for certain violations, and it allows the AG to seek civil penalties of up to $2,500 for most violations, and up to $7,500 for violations found to be intentional.

SB 561 would make three key changes to the Act:

  • Expanding the private right of action—As written, the Act appears to provide a private right of action only when a consumer’s personal information was subject to an avoidable data breach. However, some speculated that allegedly ambiguous language in the statute could support a private right of action for any violation. SB 561 would resolve this ambiguity by expressly providing a broad private right of action to any consumer “whose rights under this title are violated.”
  • Removal of the public enforcement cure period—Currently, the Act provides that the AG may only bring an action after a business fails to cure an alleged violation within thirty days after being notified of alleged noncompliance. SB 561 removes this notification requirement, allowing the AG to bring enforcement actions immediately.
  • Elimination of AG compliance opinions—As of now, the Act provides a mechanism to seek a legal opinion from the Attorney General about compliance with the Act. SB 561 does away with this right, and instead provides that the AG may publish materials giving businesses and others general guidance on how to comply with the Act.

In announcing his support of SB 561, Attorney General Becerra said that the amendments are needed to eliminate the requirement that his office provide compliance advice to businesses “at taxpayers’ expense,” and to nullify a “free pass” for businesses to cure violations before enforcement could occur. This statement suggests that the AG is likely to be active in enforcing the CCPA once it goes into effect next year.

Businesses should continue to monitor legislative activity and rulemaking concerning the CCPA, as further amendments and the final implementing regulations are likely forthcoming soon. Given the approaching effective date and the possibility that it will not be extended by further amendments or the implementing regulations, there may not be a great deal of time in which to comply with revised requirements.

On March 20, 2019, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar, “The California Consumer Privacy Act: What Comes Next?” The webinar registration form is available here.

A bill introduced last week in the California State Assembly could change the consumer lending landscape in California considerably. The bill, AB 539, would change several aspects of the California Financing Law (CFL), including setting new interest rate caps, imposing new rules governing loan duration, and prohibiting prepayment penalties. Additionally, AB 539 would change the CFL to make clear that a loan’s rate cannot be used as the sole factor in determining whether a loan is unconscionable. According to the bill’s authors, these changes are necessary because of the “looming threat of a potential ballot initiative,” and due to the uncertainty caused by the California Supreme Court’s recent De La Torre decision which opened the door for borrowers to claim that high-rate consumer loans are unconscionable.

AB 539 would make these changes to the CFL:

  • At present, the CFL does not set a maximum interest rate on loans of $2,500 or more. AB 539 would cap the interest rate at 36% plus the federal funds rate (2.4% as of today) on loans of $2,500 or more but less than $10,000.
  • The CFL provides certain factors to determine whether a loan is of a “bona fide principal amount” or if there has been some artifice to evade regulation under the CFL. AB 539 would apply these factors to loans of $2,500 or more but less than $10,000.
  • At present, the CFL prohibits loans of at least $3,000 but less than $5,000 from having a term greater than 60 months and 15 days. AB 539 would increase this upper limit from $5,000 to $10,000.
  • At least for loans in excess of $2,500 up to $10,000, AB 539 would prohibit CFL licensees from issuing a loan with a term of less than 12 months.
  • AB 539 would add a section to the CFL providing that no licensee may impose a prepayment penalty for any loan not secured by real property.

California’s unconscionability doctrine is incorporated into the CFL. Although it was once widely thought that loans with no interest rate cap under the CFL could not be unconscionable, in De La Torre the California Supreme Court held that consumers could use California’s Unfair Competition Law to claim that high-rate loans were unconscionable and therefore violated the CFL. AB 539 expressly provides that a CFL-regulated loan cannot be found unconscionable based on the interest rate alone. In our view, this provision is theoretically unnecessary. In De La Torre, the California Supreme Court held that courts must consider all the circumstances of the loan before declaring that a loan’s rate is unconscionable. Specifically, courts must consider “the bargaining process and prevailing market conditions,” which is “highly dependent on context” and “flexible” according to the Court. In other words, courts properly following De La Torre could not solely consider a loan’s rate to determine unconscionability in any event. That said, the bill would be helpful in that it would foreclose unconscionability arguments based on the rate alone.

The Pennsylvania Department of Banking and Securities (“DoBS”) just released Guidance declaring that virtual currency, “including Bitcoin,” is not considered “money” under the Pennsylvania Money Transmission Business Licensing Law, otherwise known as the Money Transmitter Act (“MTA”).  Therefore, according to the Guidance, the operator of the typical virtual currency exchange platform, kiosk, ATM or vending machine does not represent a money transmitter subject to Pennsylvania licensure.

This Guidance is important because it has implications beyond merely the burdens imposed by Pennsylvania law for obtaining a money transmitter license.  As we previously have blogged (here, here and here), it is a federal crime under 18 U.S.C § 1960 to operate as an unlicensed money transmitter business, which is defined in part as a business “operated without an appropriate money transmitting license in a State where such operation is punishable as a misdemeanor or a felony under State law, whether or not the defendant knew that the operation was required to be licensed or that the operation was so punishable.”  Thus, a state law violation can become a federal violation.  Further, the Financial Crimes Enforcement Network (“FinCEN”) has issued Guidance declaring that administrators or exchangers of digital currency – including popular crypto currencies such as Bitcoin – represent money transmitting businesses which must register with FinCEN under 31 U.S.C. § 5330 as money services businesses (“MSBs”), which in turn are governed by the Bank Secrecy Act (“BSA”) and related reporting and anti-money laundering compliance obligations.  Moreover, a failure to register with FinCEN as a MSB when required also represents a separate violation of Section 1960.  Drawing on the FinCEN guidance, federal courts have upheld the convictions of individuals who ran virtual currency exchanges and consequently were convicted of violating Section 1960 for operating unlicensed or unregistered money transmitter businesses.

The Pennsylvania Guidance

The Guidance is short and direct.  Its application is also potentially very broad.  After concluding that virtual currency does not constitute “money” under Pennsylvania state law, the Guidance then in part explains why many virtual currency exchangers are not subject to licensure in Pennsylvania as money transmitters:

Several of the entities requesting guidance on the applicability of the MTA are web-based virtual currency exchange platforms (“Platforms”).  Typically, these Platforms facilitate the purchase or sale of virtual currencies in exchange for fiat currency or other virtual currencies, and many Platforms permit buyers and sellers of virtual currencies to make offers to buy and/or sell virtual currencies from other users.  These Platforms never directly handle fiat currency; any fiat currency paid by or to a user is maintained in a bank account in the Platform’s name at a depository institution.

Under the MTA, these Platforms are not money transmitters.  The Platforms, while never directly handling fiat currency, transact virtual currency settlements for the users and facilitate the change in ownership of virtual currencies for the users.  There is no transferring money from a user to another user or 3rd party, and the Platform is not engaged in the business of providing payment services or money transfer services.

The Guidance then provides a similar analysis regarding virtual currency kiosks, ATMs and vending machines, focusing again on the concept of whether the business “touches” fiat currency.

The DoBS’s conclusion was not necessarily compelled as a matter of logic.  The MTA prohibits any person from “engag[ing] in the business of transmitting money by means of a transmittal instrument for a fee or other consideration with or on behalf of an individual without first having obtained a license from the department.”  The DoBS focused entirely on the definition of “money.”  Arguably, it could have chosen to focus instead on the defined term “transmittal instrument,” which the MTA more broadly defines as “any check, draft, money order, personal money order, debit card, stored value card, electronic transfer or other method for the payment of money or transmittal of credit[.]”  Other States may take a similar approach and focus on a single statutory term with a traditional definition, such as “money,” rather than choosing to focus on broader and more opaque verbiage in their respective statutes that is susceptible to more modern applications.

A Regulatory Patchwork Quilt

The DoBS Guidance is relatively clear, although the devil often lurks in the details.  In contrast, the approach of the various States regarding whether virtual currency exchangers represent “money transmitters” subject to state licensure frequently represents a confusing and fractured regulatory landscape, sometimes made more difficult by vague and old statutes, and/or lack of administrative guidance. We note here just a few examples of the potential conflicting approaches.  Our point here is not to resolve nuances, but rather to emphasize the current state of complexity:

  • New Hampshire: The selling, issuing, or transmitting of “convertible virtual currency,” even if the state considers it a “payment instrument” or “stored value,” is exempt from money transmitter regulations.  The New Hampshire Banking Department issued a statement saying it would no longer regulate businesses solely engaged in virtual currency transactions.  However, the statement also declared that “those who transmit money in fiat and cryptocurrency are still required to be licensed.”
  • Texas: The Texas Department of Banking issued in January 2019 a revised Supervisory Memorandum, which in part states as follows.  Ultimately, in Texas, “it depends.”

Because factors distinguishing the various centralized virtual currencies are usually complicated and nuanced, to make money transmission licensing determinations the Department must individually analyze centralized virtual currency schemes.  Accordingly, this memorandum does not offer generalized guidance on the treatment of centralized virtual currencies by the Money Services Act’s money transmission provisions.  On the other hand, money transmission licensing determinations regarding transactions with cryptocurrency turn on the single question of whether cryptocurrencies should be considered “money or monetary value” under the Money Services Act.

            . . . .

Because cryptocurrency is not money under the Money Services Act, receiving it in exchange for a promise to make it available at a later time or different location is not money transmission.  Consequently, absent the involvement of sovereign currency in a transaction, no money transmission can occur.  However, when a cryptocurrency transaction does include sovereign currency, it may be money transmission depending on how the sovereign currency is handled.  A licensing analysis will be based on the handling of the sovereign currency.

  • Washington: Under Washington State law, “[m]oney transmission” is specifically defined to mean “receiving money or its equivalent value (equivalent value includes virtual currency) to transmit, deliver, or instruct to be delivered to another location[.]”  The Washington Department of Financial Institutions has posted its guidance on virtual currency regulation, which states that the transmission of virtual currencies could make a company subject to Washington’s money transmission regulations, regardless of whether the company deals in fiat currency.

(This blog post was also published in Ballard Spahr’s Money Laundering Watch, a blog focused on covering the latest trends and developments in enforcement, compliance, and policy involving money laundering, fraud, and other criminal activity.  Click here to subscribe to Money Laundering Watch.)

On December 28, 2018, New York Governor Cuomo signed into law amendments to the state’s General Business Law (GBL) that address the collection of family member debts.  The amendments made by Senate Bill 3491A become effective March 29, 2019.

While the legislative history indicates that the amendments are intended to address the collection of a deceased family member’s debts, they are drafted more broadly to prohibit “principal creditors and debt collection agencies” from: (a) making any representation that a person is required to pay the debt of a family member in a way that contravenes the FDCPA; and (b) making any misrepresentation about the family member’s obligation to pay such debts.

The GBL defines a “principal creditor” as “any person, firm, corporation or organization to whom a consumer claim is owed, due or asserted to be due or owed, or any assignee for value of said person, firm, corporation or organization.”  The amendments define a “debt collection agency” as “a person, firm or corporation engaged in business, the principal purpose of which is to regularly collect or attempt to collect debts: (A) owed or due or asserted to be owed or due to another; or (B) obtained by, or assigned to, such person, firm or corporation, that are in default when obtained or acquired by such person, firm or corporation.” 

In 2011, the FTC issued its final Statement of Policy Regarding Communications in Connection With the Collection of Decedents’ Debts to provide guidance on how it would enforce the FDCPA and Section 5 of the FTC Act in connection with the collection of debts of deceased debtors.  The policy statement provides that the FTC will not initiate an enforcement action under the FDCPA against a debt collector who (1) communicates for the purpose of collecting a decedent’s debts with a person who has authority to pay such debts from the assets of the decedent’s estate even if that person does not fall within the FDCPA’s definition of “consumer,” or (2) includes in location communications a statement that it is seeking to identify a person with authority to pay the decedent’s “outstanding bills” from the decedent’s estate.  It also contains a caution that, depending on the circumstances, contacting survivors about a debt too soon after the debtor’s death may violate the FDCPA prohibition against contacting consumers at an “unusual time” or at a time “inconvenient to the consumer.”



The California Department of Business Oversight (DBO) has issued an invitation for comments from stakeholders in developing regulations to implement SB 1235, the bill signed into law on September 30, 2018 that requires consumer-like disclosures to be made for certain commercial financing products, including small business loans and merchant cash advances.  Companies providing such financing are not required to comply with the new disclosure requirements until the DBO’s final regulations become effective.

The DBO’s invitation provides an important opportunity for providers of commercial financing products to engage with and educate the DBO as it develops proposed regulations.  Comments must be submitted by January 22, 2019.

In the invitation, the DBO lists the following 14 specific potential topics for rulemaking:

  • Definitions (The DBO’s questions include whether the definitions can be read to cover transactions, individuals, or entities not intended to be regulated by the disclosure requirements or result in ambiguity regarding whether a transaction, individual, or entity is subject to the disclosure requirements.)
  • Commercial financing requiring estimated term disclosures (The DBO asks what commercial financing transactions may require an estimated term disclosure and why and suggests that stakeholders provide sample contracts that may require such a disclosure.)
  • Disclosure of method, frequency, and amount of payments for commercial financing with flexible or contingent repayment obligations (The DBO suggests that stakeholders provide examples of these types of financing and asks how providers should make the disclosures required for such contracts.)
  • Annualized rate disclosure (The DBO notes different methods that might be used for the annualized rate disclosure and asks about the benefits and drawbacks of each disclosure and ways to reduce potential confusion to financing applicants caused by the disclosure.)
  • Types of commercial financing (The DBO asks for examples of transactions other than fixed-rate, fixed-payment financing that are subject to SB 1235 (noting such examples may include merchant cash advances and recourse and non-recourse factoring), anticipated compliance obstacles in such transactions, and how the DBO can address such obstacles.)
  • Types of financing requiring estimated annualized rates (The DBO asks for the types of commercial financing that will require estimated annualized rates and why.)
  • Fees and charges included in an annualized rate calculation (The DBO asks what fees and charges should be included in the calculation.)
  • Calculating estimated terms and estimated annualized rates (The DBO asks how estimated terms and rates should be calculated for the transactions subject to SB 1235, such as transactions with payments set as a percentage of a business’s gross receipts.)
  • Reliance upon internal underwriting criteria to calculate estimated terms and estimated annualized rates (The DBO asks if the calculation methodology it establishes should require a provider to rely upon the internal assumptions or calculations it used to underwrite the transaction.)
  • Explanatory and qualifying language in connection with estimated terms and estimated annualized rates (The DBO asks what explanatory and qualifying language providers should include when disclosing such estimates.)
  • Disclosures for factoring and asset-based lending transactions with master financing agreements (The DBO asks what rules it should establish to clarify when disclosures based on estimates are permitted and to govern what examples, such as financing amount, a provider may use in disclosures.)
  • Tolerances (The DBO asks what accuracy requirements and tolerances it should establish and why.)
  • Disclosure formatting (The DBO asks what information should be highlighted or prioritized and about the placement and font to be used.)
  • Prepayment policies (The DBO asks what prepayment policies and charges are common for transactions subject to SB 1235 and how such policies and charges are currently characterized to customers.)

This afternoon, Pew Charitable Trusts will host an event in Washington, D.C. focusing on Ohio’s Fairness in Lending Act.  Enacted in July 2018, the Act places new limitations on payday loans including an interest rate cap, a limit on the total cost of a loan, and other structural restrictions.  The Act is viewed as a significant victory for consumer advocates with the potential to be followed through legislation in other states or through ballot initiatives.  (Last week, Colorado voters passed a ballot initiative that places a 36 percent APR cap on payday loans.)

At the event, Ohio legislators from both sides of the aisle, business leaders, advocates, and researchers will discuss the Act.  According to Pew’s description of the event, the topics will include a discussion of strategies “to advance meaningful reform in other states with payday loans.”



It has been reported that, without announcement or warning, the regulations applicable to third-party debt collectors in Massachusetts may have changed.  While the state’s Division of Banks (DOB) and the state’s Attorney General (AG) have traditionally regulated, respectively, third-party debt collectors and first-party creditors, the AG is reported to have changed its website recently to include third-party debt collectors as entities that it regulates.

Such a change could have significant implications because the AG’s rules differ from the DOB’s rules.  For example, the verification requirements under the AG’s rules contain more procedures than the DOB’s rules.  We expect industry trade groups to seek clarification from the DOB and AG.





On September 28, 2018, the Maryland Commissioner of Financial Regulation issued a notice advising companies servicing student loans of Maryland borrowers to provide their contact information to the state’s new Student Loan Ombudsman by November 15, 2015.

Maryland’s “Financial Consumer Protection Act of 2018” went into effect on October 1, 2015. The Act imposes a number of new regulations, and also creates the post of Student Loan Ombudsman. Under the Act, all loan servicers engaged in servicing student loans made to Maryland residents must provide the Ombudsman with the name, phone number and e-mail address of the individual designated to represent the servicer in communications with the Ombudsman. The deadline to comply with this requirement is November 15, 2018.

The Ombudsman is charged with receiving and working to resolve complaints submitted by student borrowers. The Ombudsman will also analyze and compile data related to such complaints, and the analysis of that data will be disclosed to the public along with the names of student loan servicers engaging in any abusive, unfair, deceptive or fraudulent practices.

In addition to its responsibilities related to student borrower complaints, the Ombudsman will also engage in educational efforts with both students and the state legislature. With respect to students, the Ombudsman will help student loan borrowers to understand their rights and responsibilities under the terms of their student loans. The Ombudsman is also directed to establish a student loan borrower education course by October 1, 2019.

The Ombudsman will also provide annual reports to the governor and Maryland General Assembly, along with making recommendations for statutory and regulatory procedures to resolve student loan borrower issues. These recommendations are to include an assessment of whether Maryland should require licensing or registration of student loan servicers.

On September 19, 2018, California enacted AB-3212.  The Bill amends the California Military and Veterans Code to expand the protections offered to qualifying servicemembers under state law and to impose new criminal penalties for certain violations of its provisions.  Some of the key changes, which go into effect January 1, 2019, are as follows:

Expanded Protections

  • Extends most protections to 120 days after military service ends (prior provision extended protections for 60 days after the end of military service).
  • Expands the 6% interest rate cap to include student loans, with the 6% rate to remain in effect for one year after the period of military service ends.
  • Extends the ability to defer payments on certain obligations to include student loans.
  • Clarifies that interest in excess of 6 percent per year that would otherwise be incurred but for the interest rate cap is “forgiven” and periodic payments “shall be reduced by the amount of interest forgiven”.
  • Extends the right to terminate leases after entry into military service to include vehicle leases.
  • Clarifies that penalties may not be imposed on the nonpayment of principal or interest during the period in which payments are deferred on an obligation pursuant to a court order.

Written Response Required

  • Requires a person receiving a request for relief from a servicemember to respond within 30 days acknowledging the request, setting forth any reasons the person believes the request is incomplete or the servicemember is not entitled to the relief requested, specifying the specific information or materials that are missing from the request, and providing contact information the servicemember can use to contact the person regarding the request. If after receiving a request from the servicemember, the recipient does not respond within 30 days, the recipient waives any objection to the request and the servicemember is automatically entitled to the relief sought.

Prohibitions on Sales, Foreclosures, and Seizures of Property

  • Extends the bar on sale, foreclosure, or seizure of property for non-payment to the period of military service plus one year (prior provision was for the period of nine months after the end of military service).
  • Extends the bar on enforcing storage liens during the period of military service and for 120 days thereafter (prior provision was until three months after the end of military service).
  • Requires a sworn statement of compliance by any person who files or completes a notice, application or certification of lien sale or certificate of repossession.

Protections Related to Court Proceedings

  • Extends the ability of courts to stay proceedings involving servicemembers as a plaintiff or defendant to 120 days after the end of the military service (prior provision was until 60 days after the end of military service).
  • Permits a service member who is granted an initial stay to apply for an additional stay by showing there is a “continuing military effect” on the servicemember’s ability to appear. If the court refuses to grant an additional stay, the court shall appoint counsel to represent the servicemember in the proceeding.
  • Requires courts to stay for a minimum period of 90 days any proceedings in which (a) there may be a defense to the action that cannot be presented without the presence of the servicemember defendant; or (b) counsel cannot after due diligence contact the servicemember defendant to determine if a meritorious defense exists.
  • Limits the ability of a court-appointed attorney to waive defenses that a servicemember may have or to otherwise bind the servicemember whenever the attorney cannot locate the servicemember through a new statutory provision.

Credit Reporting

  • Prohibits a creditor or consumer reporting agency from making an annotation in the servicemember’s record that the person is on active duty status. A violation of this provision is a misdemeanor, punishable by imprisonment of not more than one year or a fine not to exceed one thousand dollars, or both.

Debt Collections

  • Prevents a debt collector from falsely claiming to be a member of the military in attempting to collect any obligation. A violation of this new provision is a misdemeanor, punishable by imprisonment of not more than one year or a fine not to exceed one thousand dollars, or both.
  • Expressly prohibits a debt collector from contacting the servicemember’s military unit or chain of command in connection with the collection of any obligation unless the debt collector obtains written consent from the servicemember after the obligation becomes due and payable. A violation of this new provision is a misdemeanor, punishable by imprisonment of not more than one year or a fine not to exceed one thousand dollars, or both.

Scope of Coverage

These provisions in the California Military and Veterans Code apply broadly to members of the Armed Forces (Army, Navy, Air Force, Marine Corps, and Coast Guard) who are on active duty as well as any member of the state militia (defined as the National Guard, State Military Reserve and the Naval Militia) who are on full-time active state service or full-time active federal service.  Creditors are advised to consult with counsel to determine whether these new provisions will apply to specific servicemember borrowers who have contacts with California.

Governor Brown yesterday signed into law SB 1235, a bill requiring consumer-like disclosures to be made on certain commercial finance products, including small business loans and merchant cash advances, among other things.  Contrary to reports in certain press outlets, the law will not take effect by a date certain.  Rather, the California Department of Business Oversight (“DBO”) is now required to adopt regulations addressing details such as calculation methods and the time, manner, and format of the new disclosures.  The DBO also may specify the date by which finance companies are required to comply.

We understand that the DBO is unlikely to act until the new Commissioner takes office, so compliance with the new law probably will not be required until well into 2019, if not 2020.  That said, it will be critical for the industry to engage with the DBO regarding the forthcoming regulations and when compliance with them will be required.