#California

California Quickly Enacts New Mortgage Servicing Standards That Can Affect Foreclosures

July 7, 2025 By Stephen Ornstein, CJ Blaney

What Happened?

On June 30, 2025, California Governor Gavin Newsom signed into law, with an immediate effective date, California Assembly Bill 130, a significant housing bill that, notably renders certain mortgage servicer conduct an unlawful practice in connection with subordinate lien mortgage loans, including, among others, not providing the borrower with any communication regarding the loan secured by the mortgage for at least 3 years and threatening to conduct a nonjudicial foreclosure after providing a form to the borrower indicating that the debt had been written off or discharged.

The legislation appears to be geared toward combatting “zombie mortgages” which are second mortgage debt that homeowners may have believed was discharged or satisfied long ago, only to have it unexpectedly reappear with demands for payment and potential threats of foreclosure years later. These dormant loans are often sold to debt buyers for a small fraction of their value. Borrowers may have received no notices or statements for years, leading them to believe the second mortgage had been forgiven, discharged in bankruptcy, or modified along with their first mortgage.

Why Does It Matter?

Notably, the legislation forbids mortgage servicers from engaging in the following “unlawful practices” while the servicing subordinate lien mortgages:

Not providing written communication to the borrower for at least three years
Failing to provide a transfer of loan servicing notice as required by the Real Estate Settlement Procedures Act (RESPA) or investor/grantor requirements
Failing to provide a transfer of loan ownership notice as required by the Truth-in-Lending Act (TILA) or investor/grantor requirements
Conducting or threatening to conduct a foreclosure sale after providing a form indicating the debt had been written off or discharged
Conducting or threatening to conduct a foreclosure after the statute of limitations expired
Failing to provide a periodic statement as required by TILA or investor/grantor requirements

Failure to comply with these law’s prohibitions could impede or prevent foreclosure of the second lien and expose servicers to liability. For example, borrowers contending that the mortgage servicer engaged in an unlawful practice may seek to enjoin the foreclosure sale until a court renders a final determination of the servicer’s compliance with the new law. Under the new law, it is affirmative defense in a judicial foreclosure proceeding if the court finds the mortgage servicer engaged in any of the unlawful practices enumerated above. Court may also provide equitable remedies that they deem appropriate, depending on the extent and severity of the mortgage servicer’s violations. However, any failure to comply with the provisions of this section does not affect the validity of a trustee’s sale or a sale in favor of a bona fide purchaser.

What Should I Do?

Servicers of subordinate lien mortgage loans in California must ensure that they are fully compliant with federal and California law applicable to the servicing of loans, such as providing borrowers timely notices required by RESPA and TILA, especially with older vintage subordinate lien loans that have been delinquent or sporadically performing. Subordinate lien debt buyers must also ensure that their servicers comply with these laws before foreclosing on these debts. Additionally, servicers should review their foreclosure procedures to ensure they do not run afoul of California’s new standards.

California Attorney General Targets Location Data in New Investigative Sweep

March 13, 2025 By David Keating, Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months.

The Notices of Violation issued by the Attorney General’s office will give rise to meaningful risks for many of the receiving businesses. We anticipate the Attorney General’s team will focus on granular technical details of data collection via mobile apps including through the third-party SDKs[1] that are ubiquitous across digital mobile products. How these and other digital analytics tools collect and transfer data, including precise location data, is often not well understood even by the internal digital marketing, data analytics, and product development teams that deploy and use the tools. This blind spot has created a zone of risk for many businesses that would not consider themselves a part of the “location data industry” referenced in the Attorney General’s announcement.

The interactions with the Attorney General’s office in these investigations and in enforcement proceedings can also change focus when the Attorney General’s staff suspects compliance gaps in other sensitive areas, such as use of mobile apps by children or in connection with healthcare or other sensitive activities. Careful and detailed internal legal/technical data flow analyses are therefore critical to quickly identifying the full scope of potential risk and framing the strategy for engaging with the Attorney General. For those businesses that have not received notices, this is another opportunity to close the gap between digital advertising, data analytics, and mobile app development and these emerging and increasingly clear legal privacy standards relating to precise location data and use of third-party SDKs in mobile apps.

Alston & Bird’s Privacy, Cyber & Data Strategy Team has extensive experience advising and defending clients who receive inquiries and violation notices from California’s privacy regulators. We will continue to monitor developments in privacy regulatory enforcement in California and other states.

[1] “SDK” refers to a software development kit. These tools, many of which are free, are commonly used by mobile app teams to shorten app development timelines and quickly add features and functions to mobile apps.

_______________________________

Originally published March 12, 2025 on Alston & Bird’s Privacy, Cyber & Data Strategy Blog.

A Friendly Reminder of the Importance of Robust Consumer Complaint Handling Processes

March 4, 2024 By Nanci Weissgold, Anoush Garakani

What Happened?

On February 27, 2024, the California Department of Financial Protection and Innovation (the Department) entered into a public consent order with a company that provides consumer financial services to California residents. The consent order alleges that between January 2020 and September 2022, the Department received complaints from consumers raising concerns about their accounts and customer service interactions with the company, which the Department forwarded to the company for investigation and response. The Department also investigated the company’s handling of those consumer complaints.

The Department found that the company’s complaint handling was deficient in that “occasional mistakes” that occurred in the Company’s responsiveness to consumer complaints were substantial enough to have violated the California Consumer Financial Protection Law (CCFPL). The Department alleged that as between the company and the consumer, the company was in the better position to accurately evaluate the available information in most cases and to respond to consumers’ complaints in a timely manner and while the number of mistakes during the Department’s investigation period was relatively small in comparison to the overall number of consumer complaints received, the Department concluded that the mistakes were important to the affected consumers.

To resolve these allegations, the company agreed to (1) desist and refrain from violating the CCFPL through its complaint handling processes, (2) pay a penalty of $ 2.5 million, (3) enhance existing customer service procedures or processes, (4) establish, implement, enhance, and maintain testing policies, procedures, and standards reasonably designed to, at a minimum, ensure compliance with the law, and (5) report to the Department annually for two years on these standards. These standards require the company to:

Ensure customer service support 24 hours a day, seven days a week;
Ensure sufficient customer service support staffing;
Ensure sufficient customer service support training; and
Investigate and implement policies and procedures to maintain the accurate, prompt and proper handling of consumer complaints.

Why is it Important?

The CCFPL was enacted in September 2020 and grants the Department expanded authority over persons engaged in offering or providing a consumer financial product or service in California and their affiliated service providers. Notably, under the CCFPL, it is unlawful for a “covered person” or “service provider,” to do any of the following:

Engage, have engaged, or propose to engage in any unlawful, unfair, deceptive, or abusive act or practice (UDAAP) with respect to consumer financial products or services.
Offer or provide to a consumer any financial product or service not in conformity with any consumer financial law or otherwise commit any act or omission in violation of a consumer financial law.
Fail or refuse, as required by a consumer financial law or any rule or order issued by the Department thereunder, to do any of the following:
- Permit the Department access to or copying of records.
- Establish or maintain records.
- Make reports or provide information to the Department.

The CCFPL defines a “covered person” to mean, to the extent not preempted by federal law, any of the following:

Any person that engages in offering or providing a consumer financial product or service to a resident of California.
Any affiliate of a person described above if the affiliate acts as a service provider to the person.
Any service provider to the extent that the person engages in the offering or provision of its own consumer financial product or service.

A “servicer provider” includes any person that provides a material service to a covered person in connection with the offering or provision by that covered person of a consumer financial product or service, including a person that either:

Participates in designing, operating, or maintaining the consumer financial product or service.
Processes transactions relating to the consumer financial product or service, other than unknowingly or incidentally transmitting or processing financial data in a manner that the data is undifferentiated from other types of data of the same form as the person transmits or processes.

The term “service provider” does not include a person solely by virtue of that person offering or providing to a covered person either a support service of a type provided to businesses generally or a similar ministerial service, or time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media.

Notwithstanding the broad definition of “covered person,” the CCFPL contains numerous exemptions, including for banks; licensed escrow agents; licensees under the California Financing Law; licensed broker-dealers or investment advisers; licensees under the Residential Mortgage Lending Act; licensed check sellers, bill payers, or proraters; and licensed money transmitters, among others.

The Department is authorized to impose civil money penalties for any violation of the CCFPL, rule or final order, or condition imposed in writing by the Department in an amount not to exceed the greater of $5,000 for each day during which a violation or failure to pay continues, or $2,500 for each act or omission. Reckless violations are subject to increased penalties not to exceed the greater of $25,000 for each day during which the violation continues, or $10,000 for each act or omission. For knowing violations, the Department is authorized to assess penalties not to exceed the lesser of one percent of the person’s total assets, $1 million for each day during which the violation continues, or $25,000 for each act or omission.

What Do You Need to Do?

It is always important to take consumer complaints seriously and to respond timely and accurately. Now is the time to review your company’s complaint management procedures to make sure they are robust. It is always important to mine your consumer complaints so that you can learn from them and correct errors timely to ensure mistakes don’t recur, and the Department’s latest settlement is a reminder that companies subject to the CCFPL also have a legal obligation to do so.

CFPB Issues Preemption Determination that State Commercial Financing Disclosure Laws Are Not Preempted By TILA

May 5, 2023 By Aldys London, Aileen Ng

A&B Abstract:

The Consumer Financial Protection Bureau (CFPB) recently announced that it issued a final preemption determination concluding that certain state disclosure laws applicable to commercial financing transactions in California, New York, Utah, and Virginia are not preempted by the federal Truth in Lending Act (TILA). As covered in a previous post, we note that the California, Utah, and Virginia laws have already gone into effect, and New York’s is set to become effective on August 1, 2023.

State Commercial Lending Laws

After examining the state disclosure laws in California, New York, Utah, and Virginia, the CFPB recently affirmed that there is no conflict with TILA because the state laws extend disclosure protections to businesses seeking commercial financing, which are beyond the scope of TILA’s statutory consumer credit protections. Specifically, the CFPB determined that TILA only preempts state laws under conflict preemption, which the CFPB interprets to mean that TILA preempts state laws only if they are “inconsistent” with TILA.

In California, New York, and Utah, state laws require lenders to issue disclosures in certain commercial financing transactions, the purpose of which is generally defined to mean primarily for other than personal, family, or household purposes. This is in contrast to TILA’s application to consumer credit, which is extended primarily for personal, family, or household purposes. In December 2022, the CFPB made a preliminary determination that New York’s commercial financing disclosure law was not preempted by TILA because the state law regulates commercial financial transactions rather than consumer-purpose transactions.

In Virginia, disclosures are required in connection with “sales-based financing,” which is defined generally as a transaction in which the financing is repaid by the recipient based on a percentage of sales or revenue. “Recipient” means a person whose principal place of business is in Virginia and that applies for sales-based financing and is made a specific offer of sales-based financing by a sales-based financing provider. Based on these definitions, it appears that the Virginia law would not apply to a consumer credit transaction. However, the CFPB generally noted that, to the extent state law could apply to a consumer credit transaction, there would still be no inconsistency with TILA.

Accordingly, the CFPB found that the four states’ commercial financing disclosure laws are not inconsistent with and, therefore, not preempted by the federal TILA.

Takeaway

As states continue to propose and enact similar laws requiring disclosures in commercial financing transactions, an argument that federal law preempts such state laws is unlikely to succeed. Thus, companies should monitor ongoing state regulatory trends in commercial financing transactions to ensure compliance with the consumer-style disclosure requirements that may apply.

California DFPI Digital Asset Lending Regulatory Year in Review

February 22, 2023 By Josh Dhyani, Aldys London

A&B ABstract:

In December of 2022 California released an interagency progress report (“Report”) analyzing the current regulatory status of Web3, Crypto Assets, and Blockchain. The report was prepared pursuant to Executive Order N-9-22 (the “Order”) issued by California Governor Gavin Newsome on May 4, 2022, which declared California’s intent to regulate blockchain, including crypto assets and related financial technologies, and directed California state agencies, including the Governor’s Office of Business and Economic Development (“GO-Biz”), the Government Operations Agency, the Business, Consumer Service and Housing Agency, and the Department of Financial Protection and Innovation (“DFPI”) to collect feedback from various stakeholders to understand the risks and explore opportunities for the state. The Order, among other directives, advises these California agencies, led by DFPI, in consultation with GO-Biz, to create a regulatory framework for crypto assets in coordination with federal and state authorities, with the goals of ensuring equity, regulatory clarity, consumer protection, innovation, and job growth. Although these new technologies present some novel questions, for entities engaging in lending backed by digital assets, the DFPI has made clear that the California Financing Law and similar regulatory burdens apply.

Current Registration Requirements

The Report follows earlier requests for public comment, including from the DFPI, which published a request for public comment (the “Request”) stating an intent to develop a comprehensive state regulatory framework for the offering of digital asset related financial products and services in California. Within the previous request for comment, the DFPI states that it possesses the authority to develop comprehensive regulations under the California Consumer Financial Protection Law (CCFPL), which authorizes the DFPI to “prescribe rules regarding registration requirements applicable to a covered person engaged in the business of offering or providing a consumer financial product or service.” Accordingly, the DFPI has put forth that it currently has the authority to require licensing and regulation of crypto asset-related financial products. In the Order issued by Governor Newsom “crypto assets” is defined as “a digital asset, which may be a medium of exchange, for which generation or ownership records are supported through a blockchain technology.” Given this backdrop, we can expect the DFPI to issue regulations without further legislative input.

Public Feedback

Responses to the request for comment and other opportunities to provide public input resulted in several key suggestions for regulation, including the following:

Provide regulatory clarity—including by basing regulations on specific types of activities, products, and services (rather than specific entities).
Harmonize with federal guidelines—including by modeling key terms and requirements on those used by federal regulators.
Avoid over-regulation—including by minimizing compliance costs.

CCFPL Regulation and Supervision

The Report states that DFPI has issued licenses to 10 crypto asset related companies that engage in lending activities under California financial licensing laws. Some make consumer loans that are secured by crypto assets, while others make commercial loans to crypto asset-related companies. In addition to licensing and other compliance activity, the Report further notes that enforcement actions were also underway. The highlighted enforcement actions within the report related to companies allegedly operating crypto deposit accounts that qualified as unregistered securities as well as investment schemes. The Report did not highlight any enforcement actions related to loans secured by crypto assets or other licensing violations.

However, on November 18, 2022 and November 22, 2022, the DFPI suspended California Financing Law licenses for two entities in connection with their crypto asset platforms. In both instances, the entities paused activity on their platforms. The investigation of one entity remains ongoing while the other entered into an agreement to pause collection of repayments and interest on loans belonging to California residents while its CFL License is suspended or as further agreed to between the DFPI and the entity.

Takeaway

While many aspects of Web3, Crypto Assets, and Blockchain regulation remain unclear, it is clear that those engaging in lending activities collateralized or otherwise related to such assets are regulated under the CCFPL and other California law, and must abide by the same strictures as any other lender.