Alston & Bird Consumer Finance Blog

State Law

Update on New Maryland Law Clarifying Exemptions for Certain Mortgage Trusts

By ,

What Happened?

As we previously advised you, in 2024, the Maryland Appellate Court in Estate of H. Gregory Brown v. Carrie M. Ward, et al., No. 1009, (App. Ct. Sept. Term 2023), ruled that a statutory trust that held a defaulted home equity line of credit (a “HELOC”) must be licensed as both an installment lender and a mortgage lender under Maryland law prior to proceeding to foreclosure on the HELOC.  The relevant parties did not appeal the decision.  Following this ruling, on January 10, 2025, the Maryland Office of Financial Regulation (the “OFR”) issued formal guidance on licensing requirements for mortgage trusts and a notice of emergency regulations to conform to the Brown decision. The guidance mandated that absent an exemption, all assignees of Maryland residential mortgage loans, including trusts, must be licensed as Maryland Installment Lenders or Maryland Mortgage Lenders.  While the formal guidance and emergency regulations took effect upon promulgation by the OFR on January 10, 2025, the OFR suspended enforcement of the emergency regulations until April 10, 2025 — later extended to July 6, 2025.

Why Does it Matter?

On April 22, 2025, Maryland Governor Wes Moore signed into law the Maryland Secondary Market Stability Act of 2025 (emergency measures HB 1516 and its companion SB 1026) with an immediate effective date. The legislation expressly excludes passive trusts from Maryland’s mortgage licensing requirements and defines a “passive trust” as a trust that: (1) acquires or is assigned mortgage loans in whole or in part; (2) does not make mortgage loans; (3) is not a mortgage broker or a mortgage servicer; and (4) is not engaged in the servicing of mortgage loans, which does not include the act of transmitting or directing payments received by a mortgage servicer.

On May 29, 2025, in response to the enactment of the Maryland Secondary Market Stability Act of 2025, OFR rescinded its prior guidance issued on January 10, 2025, and all related advisories (issued on January 31, 2025, and February 18, 2025) and enforcement deadlines concerning licensing requirements for trusts holding mortgage loans. The OFR also formally withdrew the previous emergency and proposed regulations relating to the licensing of mortgage trusts.

The OFR also clarified that commercial lenders making loans exclusively for business purposes under Maryland’s installment loan statutes, as defined by Md. Code Ann., Fin. Inst. § 11-301, are not subject to OFR’s licensing requirements under mortgage lending and installment licensing provisions.

What to Do Now

Please be advised that the Maryland Secondary Market Stability Act of 2025 and the OFR’s rescission of its prior guidance and previous emergency and proposed regulations applies only to residential mortgage loans, and does not address other loan categories such as consumer loans not secured by real estate.  

Secondary market purchasers of loans that do not use passive trusts to acquire or take assignment of residential mortgage loans in Maryland must become licensed as Maryland mortgage lenders by July 6, 2025. However, there can be no assurance that other states will not pass laws or issue regulations, or courts of law will require licensing, even retrospectively, which may adversely affect the Mortgage Loans.

Governor Moore Signs Legislation Exempting “Passive Trusts” from Licensure in Maryland

By

What Happened?

In a highly anticipated and welcome development, on April 22, 2025, Maryland Governor Wes Moore signed into law the Maryland Secondary Market Stability Act of 2025 (emergency measures HB 1516 and its companion SB 1026) with an immediate effective date.  The legislation is significant as it has the effect of modifying the formal guidance issued on January 10, 2025 by the Maryland Office of Financial Regulation (OFR) requiring assignees of residential mortgage loans, including passive trusts that acquire or take assignment of residential mortgage loans in Maryland, to become licensed in Maryland by April 10, 2025—later extended to July 6, 2025.  The OFR’s January licensing mandate, which derived from the OFR’s interpretation of a Maryland Appellate Court decision in Estate of Brown v. Ward, 251 Md. App. 385 (2024), would have created a logistical nightmare for, among others, passive trusts holding Maryland loans in residential mortgage-backed securitizations. By custom, passive trusts holding residential mortgage loans do not obtain licenses, and no state legislature has required such licensure for trusts holding these loans. The OFR’s January 10 formal guidance contravenes the plain language of the licensing requirements of the Maryland Mortgage Lender Law and the Maryland Installment Loan Law that do not apply to assignees.

Why Does it Matter?

The legislation addresses the OFR’s overreach by expressly excluding “passive trusts” from Maryland’s mortgage licensing requirements. The legislation defines a “passive trust” as a

trust that

(1) ACQUIRES OR IS ASSIGNED MORTGAGE LOANS IN WHOLE OR IN PART;

(2) DOES NOT MAKE MORTGAGE LOANS;

(3) IS NOT A MORTGAGE BROKER OR A MORTGAGE SERVICER; AND

(4) IS NOT ENGAGED IN THE SERVICING OF MORTGAGE LOANS, WHICH DOES NOT INCLUDE THE ACT OF TRANSMITTING OR DIRECTING PAYMENTS RECEIVED BY A MORTGAGE SERVICER.

The legislation defines “trust” as “any trust established under the laws of the State or any other state.”  Hence, the “passive trust” must be an actual trust and not a non-trust corporate entity.

The legislation also includes a “Maryland Licensing Workshop” that is comprised of members of consumer groups, the banking and non-bank mortgage industry, and others appointed by the Governor to study Maryland’s licensing statutes and make recommendations regarding, among other things, whether expansion of the existing licensing requirements to persons not currently licensed is warranted. The legislation requires the working group to report its findings to the Governor by December 31, 2025.

What Do I Need to Do?

While the legislation spares passive trusts, including trusts in existing residential mortgage-backed securitizations, from having to become licensed in Maryland, secondary market purchasers of loans that do not utilize passive trusts to acquire or take assignment of residential mortgage loans in Maryland must become licensed as Maryland Mortgage Lenders by July 6, 2025.

Consumer Finance State Roundup

By ,

The latest edition of the Consumer Finance State Roundup highlights recently enacted measures of potential interest from three states:

Arkansas:

  • House Bill 1184, which we expect to take effect on or about August 8, amends the Fair Mortgage Lending Act, Ark. Code Ann. §§ 23-39-501 et seq., to address the use of mortgage trigger leads. Specifically, the measure amends Section 23-39-513 of the Arkansas Code to impose obligations on a loan officer using a mortgage trigger lead in any capacity (such as clearly and conspicuously stating in initial solicitations that the solicitation uses information purchased from a consumer reporting agency without the lender or broker’s knowledge or permission).

Idaho:

  • Effective July 1, House Bill 149 adds Section 26-31-221A to the Idaho Code, addressing consumer private in mortgage applications.  Specifically, the measure imposes obligations on an individual soliciting a consumer for a residential mortgage loan where a mortgage trigger lead is used in any capacity, to include (among other provisions): (a) clearly and conspicuously stating in initial solicitations that the solicitation uses information purchased from a consumer reporting agency without the lender or broker’s knowledge or permission; and (b) avoiding knowing or negligent use of information from a mortgage trigger lead where the consumer opted out of prescreened offers or placed his or her phone number on a federal or state “do-not-call” list.

Nebraska:

  • Effective March 12, Legislative Bill 251 amends surety bond provisions under the Residential Mortgage Licensing Act (“Act”). As amended, Section 45-724 of the Act requires a mortgage banker licensee to include its mortgage servicing portfolio (and not only its origination volume) in the calculation of its required surety bond.
  • Legislative Bill 21, which we expect to take effect on or about August 31, adopts the Uniform Unlawful Restriction in Land Records Act (“Act”). The Act will permit real property owners to unilaterally remove from any document related to the owner’s property “unlawful restrictions” (those that “purport[] to interfere with or restrict the transfer, use, or occupancy of real property”), and will prescribe the process by which an owner may amend a document to remove such restrictions.

New York State Proposes Consumer Protection Reforms through FAIR Business Practices Act

By

What Happened?

On March 13, New York state legislators introduced new legislation called the Fostering Affordability and Integrity Through Reasonable (FAIR) Business Practices Act.  The bill, supported by New York Attorney General Letitia James, aims to strengthen New York’s existing consumer protection law and would expand the law’s scope from only covering “deceptive” acts or practices to also include “unfair” and “abusive” practices.  It would apply in the consumer, as well as the small business context.

Why Is It Important?

The FAIR Act comes at a time when consumer protection at the federal level has stalled, particularly with respect to the activities of the Consumer Financial Protection Bureau (CFPB).   State attorneys general have promised to step in to address any resulting gaps in consumer protection.

The FAIR Act defines unfair and abusive acts and practices expansively, to reach conduct that could be considered unfair or abusive, but arguably not deceptive.  Additionally, it provides for enhanced civil penalties for unfair, deceptive, or abusive practices against “vulnerable persons,” including those under 18 or over 65, active duty servicemembers and veterans, physically or mentally impaired persons, and individuals with limited English proficiency.  The legislation provides for civil penalties of: (a)$5,000 per violation; or (b) for knowing or willful violations, the greater of $15,000 or three times the amount of restitution for each violation.

What To Do Now?

Businesses operating in New York can prepare for potential changes by reviewing current practices to identify those that might be considered unfair or abusive under the broader scope of the FAIR Act.  Additionally, they can:

  • Monitor the progress of this legislation and be prepared to adjust business practices accordingly, especially as state-level enforcement of consumer protection laws is likely to increase in response to reduced federal action​​​​​​​​​​​​​​​; and
  • Pay particular attention to practices that might affect “vulnerable persons” as defined in the legislation, as these could result in enhanced civil penalties.

California Attorney General Targets Location Data in New Investigative Sweep

By ,

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months.

The Notices of Violation issued by the Attorney General’s office will give rise to meaningful risks for many of the receiving businesses. We anticipate the Attorney General’s team will focus on granular technical details of data collection via mobile apps including through the third-party SDKs[1] that are ubiquitous across digital mobile products. How these and other digital analytics tools collect and transfer data, including precise location data, is often not well understood even by the internal digital marketing, data analytics, and product development teams that deploy and use the tools. This blind spot has created a zone of risk for many businesses that would not consider themselves a part of the “location data industry” referenced in the Attorney General’s announcement.

The interactions with the Attorney General’s office in these investigations and in enforcement proceedings can also change focus when the Attorney General’s staff suspects compliance gaps in other sensitive areas, such as use of mobile apps by children or in connection with healthcare or other sensitive activities. Careful and detailed internal legal/technical data flow analyses are therefore critical to quickly identifying the full scope of potential risk and framing the strategy for engaging with the Attorney General. For those businesses that have not received notices, this is another opportunity to close the gap between digital advertising, data analytics, and mobile app development and these emerging and increasingly clear legal privacy standards relating to precise location data and use of third-party SDKs in mobile apps.

Alston & Bird’s Privacy, Cyber & Data Strategy Team has extensive experience advising and defending clients who receive inquiries and violation notices from California’s privacy regulators.  We will continue to monitor developments in privacy regulatory enforcement in California and other states.

[1] “SDK” refers to a software development kit. These tools, many of which are free, are commonly used by mobile app teams to shorten app development timelines and quickly add features and functions to mobile apps.

_______________________________
Originally published March 12, 2025 on Alston & Bird’s Privacy, Cyber & Data Strategy Blog.