Alston & Bird Consumer Finance Blog

#New York

Large AI Model Developers in Focus for New York

What Happened?

On June 12, 2025, the New York State legislature passed the Responsible AI Safety and Education (RAISE) Act, which awaits Governor Kathy Hochul’s signature or veto.  The RAISE Act addresses developers of “frontier” AI models—those large AI models that cost over $100 million or use massive compute—and it aims to reduce the risks of “critical harm,” or the death or serious injury to 100 or more people, or causing $1 billion or more in damages.  The law applies only to large-scale frontier AI models, and it excludes smaller AI models and start up initiatives.

Why is it Important?

If the RAISE Act is signed by the Governor, it would mean that:

  • Developers of fronter AI models must create robust safety and security plans before making those models available in New York; publish redacted versions of those plans; retain unredacted copies; and permit annual external reviews and audits.
  • Any “safety incident”—from model failure to unauthorized access—must be reported to New York’s Attorney General and the New York Division of Homeland Security within 72 hours.
  • The New York AG can penalize violations: up to $10 million for a first offense and $30 million for repeat infractions.
  • Employees and contractors are protected when reporting serious safety concerns.

What to do Now?

Pursuant to the New York Senate rules, the RAISE Act must be delivered to the Governor by July 27, 2025; once delivered, Governor Hochul will have 30 days to sign or veto the bill.  If it is signed, it will take effect 90 days later.

If it is enacted, in-scope AI firms and developers will need to ensure appropriate internal protocols, engage with third-party auditors, and maintain incident reporting and whistleblower channels.

New York State Proposes Consumer Protection Reforms through FAIR Business Practices Act

What Happened?

On March 13, New York state legislators introduced new legislation called the Fostering Affordability and Integrity Through Reasonable (FAIR) Business Practices Act.  The bill, supported by New York Attorney General Letitia James, aims to strengthen New York’s existing consumer protection law and would expand the law’s scope from only covering “deceptive” acts or practices to also include “unfair” and “abusive” practices.  It would apply in the consumer, as well as the small business context.

Why Is It Important?

The FAIR Act comes at a time when consumer protection at the federal level has stalled, particularly with respect to the activities of the Consumer Financial Protection Bureau (CFPB).   State attorneys general have promised to step in to address any resulting gaps in consumer protection.

The FAIR Act defines unfair and abusive acts and practices expansively, to reach conduct that could be considered unfair or abusive, but arguably not deceptive.  Additionally, it provides for enhanced civil penalties for unfair, deceptive, or abusive practices against “vulnerable persons,” including those under 18 or over 65, active duty servicemembers and veterans, physically or mentally impaired persons, and individuals with limited English proficiency.  The legislation provides for civil penalties of: (a)$5,000 per violation; or (b) for knowing or willful violations, the greater of $15,000 or three times the amount of restitution for each violation.

What To Do Now?

Businesses operating in New York can prepare for potential changes by reviewing current practices to identify those that might be considered unfair or abusive under the broader scope of the FAIR Act.  Additionally, they can:

  • Monitor the progress of this legislation and be prepared to adjust business practices accordingly, especially as state-level enforcement of consumer protection laws is likely to increase in response to reduced federal action​​​​​​​​​​​​​​​; and
  • Pay particular attention to practices that might affect “vulnerable persons” as defined in the legislation, as these could result in enhanced civil penalties.

New York Passes New Removal Procedures for Officers, Directors, Trustees, and Partners of Any Entity Regulated by Department of Financial Services

What Happened?

On December 21, 2024, New York Governor Kathy Hochul, signed into law, S7532, which repealed the existing section of the Banking Law addressing the removal of officers, directors, and trustees of banking organizations, bank holding companies and foreign banks (“covered individuals”), and enacted a new section providing a clearer process for removing such individuals and expanding the scope of the removal authority to apply to all entities regulated by the New York Department of Financial Services (“the Department”).

Repealed Section:

The former provisions regarding the removal of covered individuals were limited to banking organizations, bank holding companies, and foreign banks.

The Superintendent of the Department (“the Superintendent”) was authorized to bring an action to the Banking Board (“the Board”) to remove an officer, director, or trustee whenever it found that such individual:

  • violated any law or regulation of the Superintendent of financial services, or
  • “continued unauthorized or unsafe practices . . . after having been ordered or warned to discontinue such practices.”

Note that the Banking Board has not existed since the Department of Financial Services was created in 2011.

The Board would then serve notice of the action to the covered individual to appear before the Board to show why they should not be removed from office. A copy of this notice would be sent to each director or trustee of the banking organization and to each person in charge of and each officer of a branch of a foreign banking corporation.

If after a three-fifths vote by the Board members the Board found that the individual committed such violations, an order would be issued to remove the individual from office.

The removal became effective upon service of the order. The order and findings were not made public, and were only disclosed to the removed individual and the directors or trustees of the banking organization involved. Any such removed individual that participated in the management of such banking organization without permission from the Superintendent would be guilty of a misdemeanor.

Newly Enacted Section:

The new provision expands the removal authority of the Superintendent to apply to all entities regulated by the Department (“covered entities”), including: banks, trust companies, limited purpose trust companies, private banks, savings banks, safe deposit companies, savings and loan associations, credit unions, investment companies, bank holding companies, foreign banking corporations, licensed lenders, licensed cashers of checks, budget planners, mortgage bankers, mortgage loan servicers, mortgage brokers, licensed transmitters of money, and student loan servicers.

The Superintendent is authorized to bring an action to remove such individuals whenever it finds reason to believe that they:

  • caused, facilitated, permitted, or participated in any violation by a covered entity of a law or regulation, order issued by the Superintendent or any written agreement between such covered entity or covered individual and the Superintendent;
  • engaged or participated in any unsafe or unsound practice in connection with any covered entity; or
  • engaged or participated in any willful material act or omitted to take any material act that directly contributed to the failure of a covered entity.

The notice and hearing provisions were changed to allow the Superintendent to serve a statement of charges against the covered individual and a notice of an opportunity to appear before the Superintendent to show cause why they should not be removed from office. A copy of such notice must now be sent to the affected covered entity, instead of the directors or trustees of the covered entity and persons in charge of foreign bank branches.

Additionally, the threshold for removal was changed. Instead of being removed by a three-fifths vote of a board that no longer exists, the covered individual may be removed if, after notice and hearing: (1) the Superintendent finds that the covered individual has engaged in the unlawful conduct, or (2) if the individual waives a hearing or fails to appear in person or by authorized representative.

The order of removal is effective upon service to the individual. The order must also be served to any affected covered entity along with the statement of charges. The order remains in effect until amended, replaced, or rescinded by the Superintendent or a court of competent jurisdiction. Such removed individual is prohibited from participating in the “conduct of the affairs” of any covered entity unless they receive written permission from the Superintendent. If the individual violates such prohibition, they are guilty of a misdemeanor.

Furthermore, the Superintendent is now authorized to suspend the covered individual from office for a period of 180 days pending the determination of the charges if the Superintendent has reason to believe that:

  • a covered entity has suffered or will probably suffer financial loss that impacts its ability to operate in a safe and sound manner;
  • the interests of the depositors at a covered entity have been or could be prejudiced; or
  • the covered individual demonstrates willful disregard for the safety and soundness of a covered entity.

The suspension may be extended for additional periods of 180 days if the hearing is not completed within the previous period due to the request of the covered individual.

Why Does it Matter?

Prior to the update, the Superintendent only had the power to remove individual officers, directors, or trustees from office in various bank organizations. The new law expands this removal power to all entities regulated by the Department.

The amended statute creates an additional penalty for individuals who caused, facilitated, permitted, or participated in the violation of the Banking Law in their positions of power of a regulated entity. Such individuals may be removed from their positions and prohibited from participating in the management of any regulated entity, until they receive written permission from the Superintendent. If they violate the prohibition, they are guilty of a misdemeanor, which can be punished by imprisonment for up to 364 days or by a fine set by the Superintendent.

What Do I Need To Do?

Entities regulated by the Department that are now covered under this section should be aware that violations of law by a licensee may also lead to the removal of certain high-level individuals within the organization. If removed, such individuals would also be prohibited from managing any regulated entity until the Superintendent provides written permission to do so. Affected entities and individuals should take care to ensure compliance with the law to avoid these new penalties.

Fannie Mae Issues Guidance in Response to New York Foreclosure Abuse Prevention Act

What Happened?

On March 13, 2024, Fannie Mae issued Servicing Guide Announcement (SVC-2024-02) (the “Announcement”), which announced, among other things, updates to Fannie Mae’s Loan Modification Agreement (Form 3179), with additional instructions in response to the New York Foreclosure Abuse Prevention Act (“FAPA”). Specifically, for all Loan Modification Agreements (Form 3179) sent to a borrower for signature on or after July 1, 2024, servicers are required to amend the modification agreement to insert the following as new paragraphs 5(e) and (f) for a mortgage loan secured by a property in New York:

(e) Borrower promises to pay the debt evidenced by the Note and Security Instrument.  Further, Borrower acknowledges and agrees that any election by Lender to accelerate the debt evidenced by the Note and Security Instrument and the requirement by Lender of immediate payment in full thereunder is revoked upon the first payment made under the Agreement; and, the Note and Security Instrument, as amended by the Agreement, are returned to installment status and the obligations under the Note and Security Instrument remain fully effective as if no acceleration had occurred.

(f) Borrower further agrees to execute or cause to be executed by counsel, if applicable, a stipulation (to be filed with the court in the foreclosure action), that the Lender’s election to accelerate the debt evidenced by the Note and Security Instrument and requirement of immediate payment in full thereunder is revoked upon the first payment made under the Agreement and the debt evidenced by the Note and Security Instrument is deaccelerated at that time pursuant to New York General Obligations Law § 17-105, or other applicable law.

Fannie Mae encourages servicers to implement these changes immediately but requires that servicers do so for all modification agreements sent to the borrower for signature on and after July 1, 2024. Freddie Mac does not yet appear to have issued similar guidance.

Why Is It Important?

As we previously discussed in a prior blog post, FAPA reversed judicial precedent that permitted a lender, after default, to unilaterally undo the acceleration of a mortgage and stop the running of the statute of limitations in a foreclosure action through voluntary dismissal, discontinuance of foreclosure actions, or de-acceleration letters. For more than a year following FAPA’s enactment, the mortgage industry has grappled with how to address certain of the risks created by FAPA, including whether certain language could be adopted and incorporated into servicers’ loss mitigation documents to mitigate FAPA risk.

Fannie Mae’s Announcement is significant because it represents the first piece of guidance from a federal agency or government-sponsored enterprise (i.e., Fannie Mae or Freddie Mac) that provides some clarity as to what language may be appropriate to mitigate certain of the risks engendered by the New York FAPA.

What Do I Need to Do?

Servicers of Fannie Mae-backed mortgage loans (secured by property in New York) should evaluate their loss mitigation processes and make appropriate updates to ensure compliance with the Announcement.  Servicers should also continue to monitor for additional guidance or caselaw as this issue remains in flux.

New York DFS to Impose Climate Change Safety and Soundness Expectations on Mortgage Lenders, Servicers, and other Regulated Organizations

What Happened?

On December 21, 2023, the New York Department of Financial Services (“NYDFS”) published an 18-page guidance document (the “Guidance”) on managing material, financial and operational risks due to climate change. The NYDFS issued the Guidance after considering feedback it received on proposed guidance it issued in December 2022 on the same topic. The Guidance applies to New York State regulated mortgage lenders and servicers, as well as New York State regulated banking organizations, licensed branches and agencies of foreign banking organizations (collectively, “Regulated Organizations”).

Why Is It Important?

The NYDFS has set forth its expectations, replete with examples, for Regulated Organizations to strategically manage climate change-related financial and operational risks and identify necessary actions proportionate to their size, business activities and risk profile.  Such expectations include:

  • Corporate Governance: An organization’s board of directors should establish a risk management framework, including its overall business strategy and risk appetite, which include climate related financial and operational risks, and holding management accountable for implementation. Such framework should be integrated within an organization’s three lines of defense – quality assurance, quality control and internal audit. Recognizing that low and moderate income (“LMI”) communities may be adversely impacted from climate change, the NYDFS expects an organization’s board of directors to direct management to “minimize and affirmatively mitigate disproportionate impacts” which could violate fair lending and other consumer finance laws. On that note, the NYDFS reminds organizations to consider opportunities to mitigate financial risk through financing or investment opportunities which enhance climate resiliency and are eligible for credit under the New York Community Reinvestment Act.
  • Internal Control and Risk Management: Regulated Organizations should also consider and incorporate climate related financial risks when identifying and mitigating all types of risks, including credit, liability, market, legal/compliance risk, and operational and strategic risk. The NYDFS defines financial risks from climate change to include physical risks from more intense weather events as well as transition risks, resulting from “economic and behavior changes driven by policy and regulation, new technology, consumer and investor preferences and changing liability risks.” The NYDFS recognizes that insurance is an important mitigant to climate change risk but cautions that the availability of such insurance in the future is not guaranteed.
  • Data Aggregation and Reporting: Regulated Organizations should establish systems to aggregate data and internally report its efforts to monitor climate related financial risk to facilitate board and senior management decision making. Such organizations also should consider developing and implementing climate scenario analyses.

What Do You Need to Do?

The NYDFS stresses that organizations should not let “uncertainty and data gaps justify inaction.” Although the NYDFS has not issued a timeline for implementation of the Guidance or begun incorporating such expectations into examinations (which will be coordinated with the prudential regulators to align with joint supervisory processes), now is the time to begin integrating climate-related financial and operational risks into your company’s organizational structure, business strategies and risk management operations.  This will help you prepare for when your organization is required to respond to the request for information which the NYDFS anticipates sending out later this year.  It is anticipated that the NYDFS will ask for information on the steps your organization has taken or will take within a specified period to manage financial and operational climate-related risks, including government structure, business strategy, risk management, operational resiliency measures, and metrics to measure risks.