Alston & Bird Consumer Finance Blog


New York Proposes Student Loan Servicing Rules

A&B ABstract

Amid growing concerns over the federal government’s “hands off” approach to regulating the student loan business, New York Governor Andrew Cuomo released 3 NYCRR 409, a proposed regulation aimed at providing significant consumer protections for New York student loan borrowers, to the public for comment. The deadline for comment on the regulation is September 29.

Proposal of Part 409

Governor Andrew M. Cuomo released for public comment a new regulation (“Part 409”) aimed at providing significant consumer protections for New York student loan borrowers. The proposed rules, promulgated pursuant to Section 718 of the New York Banking Law (effective October 9, 2019), are of little surprise, given that Governor Cuomo and the Superintendent of the New York Department of Financial Services (“NYDFS”), Linda Lacewell, have been quite outspoken about their increasing concerns about the state of the student loan market in New York.

Activities within the Scope of Part 409

To further the NYDFS’ mission, Part 409 provides that, except as otherwise provided in New York laws and regulations, “every person engaged in the business of servicing student loans owed must be licensed by the [NYDFS] as a student loan servicer.”

For purposes of Part 409, “student loan servicer” means “a person engaged in the business of servicing student loans owed by one or more borrowers.” Further, Part 409 defines the term “student loan” as “any loan to a borrower to finance postsecondary education or expenses related to postsecondary education.”

An entity is deemed to be “servicing” if it is:

  • receiving any payment from a borrower pursuant to the terms of any student loan;
  • applying any payment to the borrower’s account pursuant to the terms of a student loan or the contract governing the servicing of any such loan;
  • during a period where a borrower is not required to make a payment on a student loan, maintaining account records for the student loan and communicating with the borrower regarding the student loan on behalf of the owner of the student loan promissory note; or
  • in conjunction with the activities described [above] (a) providing any notification of amounts owed on a student loan by or on account of any borrower; (b) performing other administrative services with respect to a borrower’s student loan; or (c) interacting with a borrower with respect to or regarding any attempt to avoid default on the borrower’s student loan and facilitating the [receipt or application of payments].

Notably, “servicing” excludes “collecting, or attempting to collect, on a defaulted student loan for which no payment has been received for 270 days or more.”

Other Requirements and Restrictions

Part 409 requires entities that “service” New York student loans to:

  • Provide clear and complete information concerning fees, payments due, and terms and conditions of loans;
  • Apply payments in borrowers’ best interest, rather than in ways that maximize servicer fees;
  • Inform borrowers of income-based repayment and loan forgiveness options;
  • Maintain and provide to consumers a detailed history of their account;
  • When a borrower’s loan is transferred to a new servicer, ensure that all necessary servicing information is transferred with the loan so the borrower’s repayment is not disrupted;
  • Provide accurate information to credit reporting agencies;
  • Provide timely and substantive responses to consumer complaints; and
  • Refrain from defrauding or misleading borrowers, engaging in any unfair, deceptive, abusive or predatory act or practice, or misapplying borrowers’ payments.

What’s Next?

Part 409 is open for comment until September 29, 2019. Given the messaging from Governor Cuomo and the NYDFS surrounding the regulation of the New York student loan market and the fact that the NYDFS made its New York Student Loan Servicer license application available to entities engaging in “student loan servicing” through the Nationwide Multistate Licensing System & Registry on August 1, 2019, this may only be New York’s first step into regulating student loan servicers.

UPDATE: As a complement to its regulatory efforts, the DFS is also increasing its staffing on student loan servicing issues.  Since our initial post, Superintendent Lacewell has announced: the appointment of Mr. Winston Berkman-Breen as the DFS’s first-ever Student Advocate and Director of Consumer Advocacy; and (2) the formation of the Student Debt Advisory Board. Both appointments, part of the DFS “Step Up for Students” initiative, highlight that safeguarding student loan borrowers is a priority for both Governor Cuomo and Superintendent Lacewell.

New York DFS Launches Research and Innovation Division

A&B Abstract:

In an effort to position itself as the “Regulator of the Future,” the New York State Department of Financial Services (“NYDFS”) recently launched the Research and Innovation Division, which will be responsible for ensuring that the NYDFS keeps pace with the rapid changes in all sectors of the financial services industry.

Earlier this year, the NYDFS announced the creation of two other divisions, Consumer Protection & Financial Enforcement Division and the Cybersecurity Division of the NYDFS.  We addressed those developments in a previous post.

Creation of the Division

On July 23, 2019, Linda A. Lacewell, the Superintendent of the New York State Department of Financial Services (“NYDFS”), announced the establishment of a new Research and Innovation Division  (“Division”). Superintendent Lacewell remarked; “The financial services regulatory landscape needs to evolve and adapt as innovation in banking, insurance and regulatory technology continues to grow. This new division … position[s] the DFS as the regulator of the future, allowing the [NYDFS] to better protect consumers, develop best practices, and analyze market data to strengthen New York’s standing as the center of financial innovation.”

Division Responsibilities

Superintendent Lacewell established the Division so that New York “remains the jurisdiction of choice for innovators.” The Division is tasked with supporting internal transformation and market innovation. Importantly, the Division will be responsible for:

  • Licensing and supervising virtual currencies;
  • Assessing new efforts to use technology to address financial exclusion;
  • Identifying and protecting consumer data rights; and
  • Encouraging innovations in the financial services marketplace to preserve New York’s competitiveness as a financial innovation hub.

Division Leadership

Along with the creation of the Division, Superintendent Lacewell announced several leadership appointments within the Division. Matthew Homer will lead the Division as Executive Deputy Superintendent. Prior to this appointment, Mr. Homer was the Head of Policy and Research at Quovo, a New York fintech company providing open banking functionality for the financial services ecosystem, leading up to the company’s acquisition by fintech company Plaid, where he has worked since. Matthew Siegel and Olivia Bumgardner will be Deputy Superintendents of the Division. Mr. Siegel most recently served as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Ms. Bumgardner is currently Director of Research for the NYDFS.  She has served as an economist responsible for the analysis of the NYDFS’ most complicated financial transactions and a leader of the NYDFS’s key initiatives relative to virtual currency, cybersecurity and financial inclusion. Andrew Lucas will serve as Counsel to the division. Previously, Mr. Lucas served as the Director of the NYDFS’s Department of Financial Innovation.


The creation of the Division marks a substantial change in the NYDFS’s relationship with rapidly evolving financial services technology companies. We believe that this will impact such companies that do business in New York, particularly those seeking BitLicenses with the NYDFS. We are actively monitoring the development of the Division, and are hopeful that this results in more favorable treatment of fintech companies by the NYDFS.

NYDFS Proposes Overhaul to Mortgage Loan Servicer Business Conduct Rules

The New York Department of Financial Services has proposed significant changes to the mortgage servicer business conduct rules found in Part 419 of the Superintendent’s Regulations.  The proposed changes represent the first major changes to Part 419 since its adoption nearly 10 years ago.  Some of the significant proposed changes to Part 419 include:

  • Adding new provisions governing affiliated business arrangements, which would include a requirement that such relationships be negotiated at market rate, restrictions on certain kick-backs and a requirement to provide borrowers with a written disclosure of the relationship;
  • Restricting a servicer from charging a property valuation fee to a borrower more than once in a 12-month period;
  • Broadening a servicer’s duty of fair dealing to include ability to repay requirements for loan modifications and that a servicer consider foreclosure alternatives;
  • Broadening the protections available to delinquent borrowers and borrowers seeking loss mitigation assistance to more closely align with the CFPB’s Mortgage Servicing Rules, including a requirement that acknowledgment notices be delivered more quickly than under the current rules and providing borrowers with additional time to accept or reject a loss mitigation offer; and
  • Detailed third party vendor management requirements, which would require a servicer to maintain policies and procedures overseeing third party providers generally and more specific requirements for overseeing counsel and trustees of foreclosure proceedings.

Our June 20 client advisory provides greater detail on the proposed changes to Part 419.  In the meantime, we note that the deadline for comment on the proposal is June 29, 2019.  Mortgage servicers should take this opportunity to review the proposed changes to Part 419 against their current operations to determine the impact these rules would have if adopted in their current form.

New York DFS Unveils Two New Divisions Focused on Consumer Protection, Financial Enforcement and Cybersecurity

New York State’s Department of Financial Services (DFS) recently unveiled two new divisions with broad enforcement authority focused on consumer protection, financial enforcement, and cybersecurity.  Financial service providers should take note as New York and other states continue to shore up their enforcement capabilities.

Consumer Protection & Financial Enforcement

DFS’ highly touted Consumer Protection and Financial Enforcement (“CPFE”) division was launched on April 29, 2019.  The CPFE’s debut marks the latest DFS action to solidify the Department’s position as “a leader in financial services regulation.”

Heralded by acting Superintendent Linda Lacewell as a “powerhouse”, the CPFE is tasked with broad responsibility, specifically: (1) protecting and educating consumers; (2) combating consumer fraud; (3) ensuring that DFS-regulated entities serve the public in compliance with state and federal law; (4) developing investigative leads and intelligence in the banking, insurance, and financial services arenas, with a particular focus on cybersecurity events; and (5) developing and directing supervisory, regulatory and enforcement policy regarding financial crimes.

The Department created its new mega group by merging its enforcement operation with the division which conducts DFS’ civil and criminal investigations (formerly known as the Financial Frauds and Consumer Protection or “FFCP”).  The CPFE’s creation follows DFS’ pronouncement last year that it was prepared to step in to “fill voids” in areas where consumer and market protections are rolled back on the federal level.  The announcement also follows the news that the Consumer Finance Protection Bureau (“CFPB”) will adjust its focus from enforcement to “preventing harm”.  The Bureau’s shift in approach was announced by Kathleen L. Kraninger during her first policy address as the CFPB’s new Director on April 17, 2019.  Director Kraninger expressed the “hope that our emphasis on prevention will mean that we need our enforcement tool less often.”

The CPFE division will be headed by Katherine A. Lemire, who is expected to draw upon her decade of prosecutorial experience at the federal (Assistant United States Attorney in the Southern District of New York) and state (Assistant District Attorney in the New York County District Attorney’s Office) levels.  During her time in the Manhattan U.S. Attorney’s office, Ms. Lemire’s work included the prosecution of disgraced political donor Norman Hsu – sentenced to over 24 years in prison – and the corruption conviction of City Council Member Miguel Martinez.  Referred to by the NY Daily News as a “legal Howitzer,” Ms. Lemire also served as special counsel to then-NYPD Commissioner Raymond Kelly.

Upon entering the private sector, Ms. Lemire founded an international compliance and investigative services firm.  As part of a 2017 roundtable discussion on “How to Conduct Internal Investigations Efficiently and Effectively,” the new CPFE head shared the following insights on effectively working with government investigators to “narrow the scope” of subpoena requests in order to minimize client costs and business disruption:

Remember that prosecutors are people too … they can be reasonable. If confronted with a very broad subpoena seeking, for example, a large swath of documents over the course of years, it may make sense to call the prosecutor and find out whether you may narrow the scope of responsive documents. Often, prosecutors will provide specifics regarding the target of the investigation, and work with you to produce documents in a time-efficient manner. Prosecutors typically have investigative priorities, and if you can provide a proposed schedule for document/materials production, they will often work with you so that they can get what they need the most in a rapid fashion. Relatedly, you may be able to spare yourself producing materials that are not within the actual scope of materials needed. While they are the “expert” in the investigation, you are the “expert” in your business — prosecutors may be asking for materials they do not actually need, and with some education from you, you may be able to narrow the scope of the investigation.

The unveiling of its new “mini CFPB” marks yet another recent DFS milestone, highlights of which include over three billion dollars in fines imposed as a result of investigations into foreign exchange trade rigging, and the issuance of “whistleblower” guidance to all DFS-regulated entities.  The whistleblower guidance is especially significant in light of the Department’s position that “a robust whistleblowing program is an essential element of a comprehensive compliance program for regulated financial service companies”.  And, while not intended to provide a “one size fits all” model, the guidance sets forth ten “important principles and practices” of an “effective whistleblowing program”:

  • Whistleblower reporting channels are independent, well-publicized, easy to access, and consistent;
  • Strong protections to guard whistleblower anonymity;
  • Procedures to identify and manage potential conflicts of interest;
  • Adequate staff training on how to receive and act upon whistleblower complaints, as well as manage investigations, referrals and escalations;
  • Procedures to investigate allegations of wrongdoing;
  • Procedures to ensure valid complaints are followed-up appropriately;
  • Protections against whistleblower retaliation;
  • Confidential process;
  • Appropriate internal and external oversight of the whistleblowing function; and
  • Culture of top-down support for the whistleblowing function.


On May 22, 2019 the Department launched a new Cybersecurity division, advertised as the “first of its kind at a banking or insurance regulator” which will focus on “protecting consumers and industries from cyber threats.”  The emergence of DFS’ new Cybersecurity division follows the Department’s signature enactment, its 2018 cybersecurity law (23 NYCRR 500) upon which the FTC has “primarily based” its latest proposed information security program requirements.  The new division’s emergence “builds upon DFS’ nation-leading efforts to protect consumers and financial markers from cyberattacks” and also follows the March 1, 2019 deadline by which all DFS-regulated institutions were required to submit comprehensive risk-based cybersecurity programs for protecting consumer’s private data.

Justin Herring will head the new Cybersecurity division, joining DFS from the New Jersey U.S. Attorney’s Office where he served as Chief of the Cyber Crimes Unit and also worked as a member of the U.S. Attorney’s Economic Crimes Unit.  The DFS signaled its intention to continue its efforts to combat cybercrime by “hiring additional experts as necessary,” in addition to utilizing and developing its personnel’s existing subject-matter expertise.

According to the DFS’ announcement, the role of the new Cybersecurity division will be to “enforce the Department’s cybersecurity regulations, advise on cybersecurity examinations, issue guidance on DFS’ cybersecurity regulations, and conduct cyber-related investigations in coordination with the Consumer Protection and Enforcement Division.”