CA Financial Services Related Bills

contract-iconVirtual Currency Act

AB 1326 (Dababneh) as amended 7.6.15

Adds Financial Code 26000 licensing for virtual currency

Creates requirements for persons engaged in any virtual currency business to either obtain a license or qualify for an exemption from licensure to operate in California. Under AB 1326 “‘virtual currency business’ means maintaining full custody or control of virtual currency in this state on behalf of others.”

Virtual currency businesses would be required to pay a $5000 application fee, complete the application form, maintain a trust account/bond to benefit consumers, provide a specified receipt to consumers, submit to examinations. Violations are subject to civil penalties.

Additionally, a virtual currency business in good standing may be eligible to convert their virtual currency business license to a money transmission license under the Money Transmission Act provided meeting certain criteria, which includes “conducting [a] virtual currency business with less than $1,000,000 in outstanding obligations and whose business model, as determined by the commissioner, represents low or no risk to consumers to register with a $500 license fee and, if approved, receive a provisional license to conduct virtual currency business.”

The bill also provides for a provisional license for virtual currency businesses “with less than one million dollars ($1,000,000) in outstanding obligations and whose business model, as determined by the commissioner, represents low or no risk to consumers may register with a five-hundred-dollar ($500) license fee with the commissioner”  They must register with FinCEN as a money services business, if applicable.

Finder’s Fee for Pilot Program for Increased Access to Responsible Small Dollar Loans

SB 235 (Block)

Would increase compensation to finders (entities that bring borrowers and licensed lenders together) from $45/40 to “no more than $70” per loan

The bill would also “require a licensee to provide the commissioner with prescribed information relating to each finder, including, but not limited to, the finder’s delinquency rate and default rate, and would authorize the commissioner to take prescribed action against a finder that is found to be in violation, including, but not limited to, disqualifying the finder from providing services under the pilot program.”

Creates Bank on California under DBO 

AB 1292 (Dababneh)

Various changes to Data Breach Notification Laws

SB 570; AB 83; AB 259; AB 964


MTA Cleanup

contract-iconCalifornia’s Money Transmission Act (Cal Fin Code Section 2000 et seq.) underwent another facelift this year.  AB 2209‘s changes were signed by Governor Brown last month, and will go into effect January 1, 2015.

Some key changes & clarifications:

1.  A Big One: Exemption for an “Agent of Payee”

“Section 2010 (l) A transaction in which the recipient of the money or other monetary value is an agent of the payee pursuant to a preexisting written contract and delivery of the money or other monetary value to the agent satisfies the payor’s obligation to the payee.”

2.  Reports required if money transmission was made by mobile device or other electronic application

Licensees must also report whether money transmission activity was made via mobile or other electronic application in addition to other reporting requirements, such as transaction volume, etc.

3.  Changes to various disclosure, notice and receipt requirements for transactions made via the web or on mobile devices.



New Developments for Song-Beverly

data-breach1A couple notable developments on California’s Song-Beverly Credit Card Act, which limits retailers from collecting certain types of personal information from its customers.

California’s SB 383 (Jackson) passed the Senate earlier this year, which addresses the Apple v. Superior Court decision.  This bill would extend Song-Beverly protections to online retailers and prohibit them from collecting certain types of personal information when consumers purchase “electronically downloadable content” unless for fraud detection and prevention purposes.  A pretty narrow bill, to address a pretty narrow ruling.

Consumers can’t be required to provide their email addresses, unless for an “incidental but related purpose,” when shopping at a brick and mortar store any longer, a result of Capp v. Nordstrom.

Why might might consumers be spooked about giving out their email addresses or zip codes at the point of sale?  If you haven’t read this article in Forbes, it explains why very simply.

Not Song-Beverly related, but more in following up on data breaches and their aftermath as some consumers try to figure out how to dig out from identity theft or try to keep their financial lives from being wrecked.  Brian Krebs has confirmed that credit monitoring services are not helpful in his recent post, “Are Credit Monitoring Services Worth It.”


10 (Mostly) Interesting Links on Data Breaches

data-breach1Data breaches are on the minds of a lot of people today, beyond the usual group of privacy and security professionals, privacy advocates, and lawmakers as a result of the Target breach.

I’ve compiled a list of 10 interesting links on data breaches (including some regarding their intersection with payments and privacy:

1.  Over 660 million breaches–The Target breach is certainly substantial, but certainly not a new occurrence.  To date, according to Privacy Rights Clearinghouse’s tally which they began in 2005, 662,081,528 records have been breached.

2.  EMV (Chip and PIN) Cards Touted as the Solution–More influentials and groups are taking on the position that EMV or chip and PIN cards, are the solution to prevent hackers and cybercriminals to get access to personal data–Target’s CEO and the National Retail Federation are beating this drum lately.

3.  But Really, EMV Cards Are Not A Swift Solution–Certainly, faster adoption of chip and PIN, or EMV cards, will likely lower fraud, and will place the US among Canada, Europe and just about everywhere else in the plastic card carrying world.  And, issuers have been sending out credit cards with chip and PINs (I have a couple) to US cardholders.  But, the technology remains pretty useless until merchants have the proper readers and software to accept the cards.  It likely won’t be a few years until chip and PIN take over, as payment networks, Mastercard, Visa and American Express have given their merchants until 2015 to obtain hardware and software to accept EMV cards…

4.  Encryption–Heartland Payment Systems took a beating in 2008 after their 2008  breach, with one of their big clients, TJX Companies losing an estimated $171 million in that breach.  But, Heartland was able to turn it around and is now touting end-to-end encryption.

5.   There Is No Federal Data Breach Notification Law–The public knows about data breaches as a result of 46 state and the D.C.’s data breach Laws.  Otherwise, we likely would have no idea how many records with personal information have been breached or may have fallen into the wrong hands.

6.  California Is The First State To Pass A Data Breach Notification Law.  This happened back in 2002.

7.  California Adds Onto Its Data Breach LawSB 46 expanded California’s data breach law to require notification when passwords and usernames are included.

8.  What Is The Customer’s Liability?–If an individual finds there has been fraud, it will  depend on how a transaction was made.  Bottom line, using a credit card is best at the checkout or online.  ( is mentioned!)

9.  The Payments Landscape Will Forever Be Changed, Or Not–Such large data breaches do bring about larger discussions on whether or not significant changes will be made.  A few experts give their 2 cents.

10.  What To Do If Your Info Was HackedGood tips on what to do if you get a notice your information may have been hacked, from Privacy Rights Clearinghouse.