State Law

Governor Moore Signs Legislation Exempting “Passive Trusts” from Licensure in Maryland

April 23, 2025 By Stephen Ornstein

What Happened?

In a highly anticipated and welcome development, on April 22, 2025, Maryland Governor Wes Moore signed into law the Maryland Secondary Market Stability Act of 2025 (emergency measures HB 1516 and its companion SB 1026) with an immediate effective date. The legislation is significant as it has the effect of modifying the formal guidance issued on January 10, 2025 by the Maryland Office of Financial Regulation (OFR) requiring assignees of residential mortgage loans, including passive trusts that acquire or take assignment of residential mortgage loans in Maryland, to become licensed in Maryland by April 10, 2025—later extended to July 6, 2025. The OFR’s January licensing mandate, which derived from the OFR’s interpretation of a Maryland Appellate Court decision in Estate of Brown v. Ward, 251 Md. App. 385 (2024), would have created a logistical nightmare for, among others, passive trusts holding Maryland loans in residential mortgage-backed securitizations. By custom, passive trusts holding residential mortgage loans do not obtain licenses, and no state legislature has required such licensure for trusts holding these loans. The OFR’s January 10 formal guidance contravenes the plain language of the licensing requirements of the Maryland Mortgage Lender Law and the Maryland Installment Loan Law that do not apply to assignees.

Why Does it Matter?

The legislation addresses the OFR’s overreach by expressly excluding “passive trusts” from Maryland’s mortgage licensing requirements. The legislation defines a “passive trust” as a

trust that

1) ACQUIRES OR IS ASSIGNED MORTGAGE LOANS IN WHOLE OR IN PART;

(2) DOES NOT MAKE MORTGAGE LOANS;

(3) IS NOT A MORTGAGE BROKER OR A MORTGAGE SERVICER; AND

(4) IS NOT ENGAGED IN THE SERVICING OF MORTGAGE LOANS, WHICH DOES NOT INCLUDE THE ACT OF TRANSMITTING OR DIRECTING PAYMENTS RECEIVED BY A MORTGAGE SERVICER.

The legislation defines “trust” as “any trust established under the laws of the State or any other state.” Hence, the “passive trust” must be an actual trust and not a non-trust corporate entity.

The legislation also includes a “Maryland Licensing Workshop” that is comprised of members of consumer groups, the banking and non-bank mortgage industry, and others appointed by the Governor to study Maryland’s licensing statutes and make recommendations regarding, among other things, whether expansion of the existing licensing requirements to persons not currently licensed is warranted. The legislation requires the working group to report its findings to the Governor by December 31, 2025.

What Do I Need to Do?

While the legislation spares passive trusts, including trusts in existing residential mortgage-backed securitizations, from having to become licensed in Maryland, secondary market purchasers of loans that do not utilize passive trusts to acquire or take assignment of residential mortgage loans in Maryland must become licensed as Maryland Mortgage Lenders by July 6, 2025.

Consumer Finance State Roundup

April 9, 2025 By CJ Blaney, Morey Barnes Yost

The latest edition of the Consumer Finance State Roundup highlights recently enacted measures of potential interest from three states:

Arkansas:

House Bill 1184, which we expect to take effect on or about August 8, amends the Fair Mortgage Lending Act, Ark. Code Ann. §§ 23-39-501 et seq., to address the use of mortgage trigger leads. Specifically, the measure amends Section 23-39-513 of the Arkansas Code to impose obligations on a loan officer using a mortgage trigger lead in any capacity (such as clearly and conspicuously stating in initial solicitations that the solicitation uses information purchased from a consumer reporting agency without the lender or broker’s knowledge or permission).

Idaho:

Effective July 1, House Bill 149 adds Section 26-31-221A to the Idaho Code, addressing consumer private in mortgage applications. Specifically, the measure imposes obligations on an individual soliciting a consumer for a residential mortgage loan where a mortgage trigger lead is used in any capacity, to include (among other provisions): (a) clearly and conspicuously stating in initial solicitations that the solicitation uses information purchased from a consumer reporting agency without the lender or broker’s knowledge or permission; and (b) avoiding knowing or negligent use of information from a mortgage trigger lead where the consumer opted out of prescreened offers or placed his or her phone number on a federal or state “do-not-call” list.

Nebraska:

Effective March 12, Legislative Bill 251 amends surety bond provisions under the Residential Mortgage Licensing Act (“Act”). As amended, Section 45-724 of the Act requires a mortgage banker licensee to include its mortgage servicing portfolio (and not only its origination volume) in the calculation of its required surety bond.

Legislative Bill 21, which we expect to take effect on or about August 31, adopts the Uniform Unlawful Restriction in Land Records Act (“Act”). The Act will permit real property owners to unilaterally remove from any document related to the owner’s property “unlawful restrictions” (those that “purport[] to interfere with or restrict the transfer, use, or occupancy of real property”), and will prescribe the process by which an owner may amend a document to remove such restrictions.

New York State Proposes Consumer Protection Reforms through FAIR Business Practices Act

March 21, 2025 By Dorothy Giobbe

What Happened?

On March 13, New York state legislators introduced new legislation called the Fostering Affordability and Integrity Through Reasonable (FAIR) Business Practices Act. The bill, supported by New York Attorney General Letitia James, aims to strengthen New York’s existing consumer protection law and would expand the law’s scope from only covering “deceptive” acts or practices to also include “unfair” and “abusive” practices. It would apply in the consumer, as well as the small business context.

Why Is It Important?

The FAIR Act comes at a time when consumer protection at the federal level has stalled, particularly with respect to the activities of the Consumer Financial Protection Bureau (CFPB). State attorneys general have promised to step in to address any resulting gaps in consumer protection.

The FAIR Act defines unfair and abusive acts and practices expansively, to reach conduct that could be considered unfair or abusive, but arguably not deceptive. Additionally, it provides for enhanced civil penalties for unfair, deceptive, or abusive practices against “vulnerable persons,” including those under 18 or over 65, active duty servicemembers and veterans, physically or mentally impaired persons, and individuals with limited English proficiency. The legislation provides for civil penalties of: (a)$5,000 per violation; or (b) for knowing or willful violations, the greater of $15,000 or three times the amount of restitution for each violation.

What To Do Now?

Businesses operating in New York can prepare for potential changes by reviewing current practices to identify those that might be considered unfair or abusive under the broader scope of the FAIR Act. Additionally, they can:

Monitor the progress of this legislation and be prepared to adjust business practices accordingly, especially as state-level enforcement of consumer protection laws is likely to increase in response to reduced federal action; and
Pay particular attention to practices that might affect “vulnerable persons” as defined in the legislation, as these could result in enhanced civil penalties.

California Attorney General Targets Location Data in New Investigative Sweep

March 13, 2025 By David Keating, Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months.

The Notices of Violation issued by the Attorney General’s office will give rise to meaningful risks for many of the receiving businesses. We anticipate the Attorney General’s team will focus on granular technical details of data collection via mobile apps including through the third-party SDKs[1] that are ubiquitous across digital mobile products. How these and other digital analytics tools collect and transfer data, including precise location data, is often not well understood even by the internal digital marketing, data analytics, and product development teams that deploy and use the tools. This blind spot has created a zone of risk for many businesses that would not consider themselves a part of the “location data industry” referenced in the Attorney General’s announcement.

The interactions with the Attorney General’s office in these investigations and in enforcement proceedings can also change focus when the Attorney General’s staff suspects compliance gaps in other sensitive areas, such as use of mobile apps by children or in connection with healthcare or other sensitive activities. Careful and detailed internal legal/technical data flow analyses are therefore critical to quickly identifying the full scope of potential risk and framing the strategy for engaging with the Attorney General. For those businesses that have not received notices, this is another opportunity to close the gap between digital advertising, data analytics, and mobile app development and these emerging and increasingly clear legal privacy standards relating to precise location data and use of third-party SDKs in mobile apps.

Alston & Bird’s Privacy, Cyber & Data Strategy Team has extensive experience advising and defending clients who receive inquiries and violation notices from California’s privacy regulators. We will continue to monitor developments in privacy regulatory enforcement in California and other states.

[1] “SDK” refers to a software development kit. These tools, many of which are free, are commonly used by mobile app teams to shorten app development timelines and quickly add features and functions to mobile apps.

_______________________________

Originally published March 12, 2025 on Alston & Bird’s Privacy, Cyber & Data Strategy Blog.

Consumer Finance State Roundup

March 6, 2025 By CJ Blaney, Aldys London, Morey Barnes Yost

The latest edition of the Consumer Finance State Roundup highlights recently enacted measures of potential interest from two states:

California:

Effective January 1, California Assembly Bill 3108 addresses mortgage fraud. Previously, California law defined “mortgage fraud” to include, in connection with a mortgage loan transaction, filing with the county recorder any document that the person knows to contain a deliberate misstatement, misrepresentation, or omission, and with the intent to defraud.

Taking this a step further, the measure prohibits the filing of any document with the recorder of any county that a person knows to contain a material misstatement, misrepresentation, or omission. Further, the measure expressly provides that a mortgage broker or person who originates a loan commits mortgage fraud if, with the intent to defraud, the person takes specified actions relating to instructing or deliberately causing a borrower to sign documents reflecting certain loan terms with knowledge that the borrower intends to use the loan proceeds for other uses. For prosecution purposes, the alleged fraud value must be $950 or more (the threshold for grand theft).

A mortgage lender could unintentionally find itself guilty of mortgage fraud if it simply allows a borrower to use a business purpose loan for consumer purposes or makes a bridge loan that it knows will not be used for a dwelling. California’s Penal Code § 532f(b) makes it mortgage fraud for a mortgage broker or lender to allow mortgage-related documents to be formed and filed when the broker or lender has reason to know that the borrower intends on using the loan for purposes other than for what the loan is intended.

Although intent to defraud is an element to this crime, that element can only be determined through rigorous and time-consuming investigation. If a borrower, for example, uses a business loan for consumer purposes or does not apply the funds from a bridge loan towards a dwelling, the lender will be subject to additional scrutiny unless it can prove that all efforts were made to understand the borrower’s plans for the funds.

The measure also prohibits a person who originates a covered loan from avoiding, or attempting to avoid, the application of the law regulating the provision of covered loans by committing mortgage fraud. A “covered loan” means a consumer loan in which the original principal balance of the loan does not exceed the most current Fannie Mae conforming loan limit for a single-family first mortgage loan.

The measure also amends Section 4973 of the Financial Code, which imposes certain requirements ad restrictions (e.g., the inclusion of a prepayment fee or penalty after the first 36 months) in connection with covered loans and amends Section 532f of the Penal Code (as discussed above) in connection with the prohibition on committing mortgage fraud.

New York:

Effective June 11, Assembly Bill 424 amends Section 35 of the Banking Law, which relates to an information pamphlet that residential mortgage lenders must provide to applicants. In place of making a physical pamphlet available to lenders, the amended section requires the Department of Financial Services to notify mortgage bankers of the posting a digital version of the pamphlet on the Department’s website (and when it makes any changes thereto). The measure also amends the pamphlet contents to reflect that a lender may provide an applicant with a good faith estimate (instead of a loan estimate), depending on the type of loan for which the applicant is applying.
Effective May 15, Assembly Bill 2056 amends Section 283 of the Real Property Law, which limits the amount of flood insurance that a mortgagee may require a mortgagor to maintain. Under current law, that section provides that the maximum amount of coverage a mortgagee may require is the mortgage’s outstanding principal amount as of January 1 of the year the policy will be in effect. As amended, that section makes the maximum permitted amount of coverage the lesser of the outstanding principal amount or the residential property’s replacement. Additionally, AB2056 slightly alters the printed notice about flood insurance that a mortgagee must deliver to mortgagors, removing language referring to the fact that required coverage would only protect the interest of the lender or creditor in the property.
Effective March 21, New York Senate Bill 804 amends data breach notification requirements. Section 899-aa of the General Business Law requires a person or business to notify New York residents whose data is part of a breach, as well as to provide notice to certain governmental entities (including the Department of Financial Services). As amended, that section will require notification to the Department of Financial Services (in the form mandated by N.Y. Comp. Code R. & Regs. tit. 23, § 500.17) only by “covered entities.” A “covered entity” is any person who requires any type of authorization to operate under the Banking Law, Insurance Law, or Financial Services Law, and thus includes a mortgage banker or mortgage servicer.