From the March issue: Despite the regulatory sigh of relief provided last year by the rollback of the 2010 Dodd-Frank Act, stricter state regulations have auto lenders holding their breath.
On the heels of a February 2018 call by Mick Mulvaney, former acting director of the Consumer Financial Protection Bureau, to let states more often take the lead on upholding consumer protection laws, attorneys general have stepped up enforcement activity, with California, Massachusetts, and New York leading the pack.
As state regulators get the sense that the bureau is more creditor-friendly or less interested in financial oversight, attorneys general have sprung into action. “Effectively, we’ve seen the states become more aggressive, wanting to introduce more consumer protections as a result of their perception that the CFPB has stepped back as a federal watchdog,” Portfolio Financial Servicing Co.’s President John Enyart told Auto Finance News.
CALIFORNIA OVERSEES DATA SECURITY
California’s passage of the Consumer Privacy Act of 2018 is a concern for lenders. “When you look at the act, it’s going to have huge implications on those engaged in auto finance,” said John Redding, a partner at Buckley Sandler LLP.
The law gives consumers authority over how institutions use their personal information. Combined with document-retention requirements and other federal and state mandates, the Consumer Privacy Act will require lenders to take a close look at what data they collect and store, as well as how long they retain it. “There are all sorts of issues that are certainly going to have an impact as we get ready for that law to become effective,” Redding said.
The act, which was signed into law in June 2018 and goes into effect in January 2020, provides the state’s attorney general authority to fine financial institutions that violate the new regulation. Lenders have to determine how the level of control a consumer can exercise under California’s new act conflicts with existing regulations. For instance,
financiers have to keep in mind the Equal Credit Opportunity Act, which has a 25-month document-retention requirement, Redding said.
“Lenders have to understand their obligations to retain documents as a financial institution, but then also [California’s] privacy obligations,” he said. “Then you have to thread that needle to make sure you are complying with both. It’s not an easy problem to solve.”
Large-scale data breaches — like those that affected Equifax, Wells Fargo & Co., and Marriott — have sparked national interest in financial institution data security. Additionally, the Golden State has historically been a bellwether when it comes to federal legislation, and increased interest in data security laws is expected considering California’s influence over Capitol Hill, Redding said. “I hear some talk in Washington, D.C., of looking to California to see whether [data security] should be considered on a federal basis,” he said.
Anderson Brothers Bank has its eye on California — despite the fact that the regional bank does no business in the state. “If the state attorney general in California will look into and pass a regulation, other attorneys general tend to look at it also,” said Micky Watts, senior vice president of indirect lending at the Mullins, S.C.-based bank. “You can’t ignore what’s going on in California. It’s just as likely to be an issue for you.”