Pub. 13 2018-2019 Issue 4

WWW.NEBANKERS.ORG 20 Just Stating the Facts – State Law Shifts and the Impact on the Financial Community Sarah Sauceda, Associate General Counsel, Compliance Alliance F EDERAL LAW VERSUS STATE LAW – A PUSH AND PULL OF THE ages. The two can work side by side with no problems most days. However, when there is a conflict federal law does end up winning out. Though, the fact that federal law is the ultimate victor in instances of conflict does not take away from the fact that state-specific law and trends have the very real potential to impact: (1) the federal, regulatory tide and (2) other states’ laws. So, it behooves a banker to pay attention to state law shifts even when the state shifting is not the great state in which you reside. Two major Acts have recently passed their respective state legislatures that will be discussed in this article: the Maryland Financial Consumer Protection Act of 2018 (MFCPA) and the California Consumer Privacy Act of 2018 (CCPA). The MFCPA deals, in part, with enhanced protections and regulatory bite in regards to “unfair, abusive or deceptive trade practices,” whereas the CCPA deals with enhanced protections and rights in respect to consumer privacy. The MFCPA, amended in October of this year, adds the term “abusive” to the already existing law against unfair and deceptive trade practices. It also includes violations of service member-related federal statutes like the Service members Civil Relief Act and the Military Lending Act as “per se” violations of UDAAP, while also upping the penalties for first-time and repeat offenders. Another noteworthy part of theMFCPA is that it gives state regulators the ability to impose heftier fines for violations. What does thismean for other states?Maryland is pretty split down the middle of the political spectrum. So, it could be said to be a good litmus test for states that are not all red (generally, in favor of less regulations in the financial institution context) nor riding the blue wave (generally, in favor of more regulations). And what about federal regulators? Of course, we can only speculate – but the more we see states imposing these expan- sions of UDAAP and state regulatory power, the more plausible it would be for federal regulators to tighten the reigns despite the current administration’s stance on deregulation of the fi- nancial industry. And the burning question – what does this mean for Texas banks? At the moment, there is not much talk of expanding either state regulatory power nor definitions within the current state equivalent of UDAAP. This is not to say that the Texas legislature will not consider either of these issues during its upcoming session. The other piece of state legislation we are keeping a close eye on is the CCPA. This Act is said by many to be a direct result of recent, public controversies involving the unintended disclo- sure of consumers’ private, personal information like that of the recent Facebook breach. As mentioned above, the CCPA is a fairly expansive piece of California state law that grants more extensive privacy to rights than that of current federal law. In summary and among other rights, it provides the consumer the right: to know what information the business had actually col- lected and how it is being used; opt out of allowing businesses to sell personal information to third parties; and have a business delete personal information (subject to exceptions). To start, the definition of “personal information” is very, very broad under the CCPA. The term “personal information” is defined under the state statute as: “information that identi- fies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a par- ticular consumer or household.” The GLBA, on the other hand,