In June 2022, Colorado enacted HB22-1410, a law governing remote work for licensed lenders. Specifically, the law amends the Uniform Consumer Credit Code by permitting employees of a supervised lender to work remotely. A “remote location” is defined in the law as “a private residence of an employee of a licensee or another location selected by the employee and approved by the licensee.”

In August 2022, Colorado Attorney General (AG) Phil Weiser’s office published new guidance related to HB22-1410, reiterating licensee compliance requirements mandated for their employees to work remotely:

  • Licensees must ensure no in-person customer interactions are conducted at the remote location, and the remote location is not designated as a business location to consumers.
  • Licensees must maintain appropriate safeguards for licensee and consumer data, information, and records, including the use of secure virtual private networks (VPNs) and not maintaining any consumer information and records at the remote location.
  • Licensees must employ and record appropriate risk-based monitoring and oversight processes of the work performed, including having access to consumer and licensee information and records for regulatory oversight and examination.
  • Licensees must train employees to work in environments conducive to ensuring privacy and to keep all conversations about and with consumers confidential “as if conducted from a commercial location.”

Entities not covered by HB22-1410, including collection agencies, debt management providers, and student loan servicers, are still regulated by the March 2020 guidance issued by AG Weiser’s office. This will remain in effect until the last day of the legislative session on May 10, 2023. However, AG Weiser’s office acknowledged that due to the COVID-19 outbreak, individuals may be required to work from home even though their homes are not licensed as branches. Therefore, AG Weiser’s office does not intend to take an action for such activities, as long as the following requirements are met:

  • All Colorado activity is conducted from the home location of an individual working on behalf of an entity that is licensed, registered, or files notification with the office and not conducted in person with members of the public at the home.
  • Licensees must ensure sufficient safeguards are in place to protect consumer information and data security.
  • Licensees must exercise reasonable supervision of the licensable activity performed at the home office.
  • Individuals working from home must not advertise, receive official mail, or store any books and records at their remote locations.
  • Individuals are working from remote locations due to a reason connected to the COVID-19 outbreak and have informed the regulated entity in writing.
  • Individuals cease conducting the activity from their home locations as soon as reasonably possible, consistent with recommendations from the CDC, CDPHE, and applicable state health departments.

Our Take

The new guidance allows more flexibility for employees of entities regulated by the Consumer Credit Unit. These entities must ensure that requirements are met by both licensees and by employees to stave off any scrutiny and/or subsequent consequences. For example, the guidance emphasizes that “[r]egulated entities are advised to establish policies and procedures, including for security of confidential information, document destruction and retention, and regulatory compliance for employees working remotely.” Companies should develop and implement these compliance requirements to avoid potential exposure down the road.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael Yaghi Michael Yaghi

Michael is a partner in the firm’s State Attorneys General and Regulatory Investigations, Strategy + Enforcement (RISE) Practice Groups, nationwide teams that advise clients on consumer protection enforcement matters and other regulatory issues. Based in the firm’s Orange County office, Michael represents high-profile…

Michael is a partner in the firm’s State Attorneys General and Regulatory Investigations, Strategy + Enforcement (RISE) Practice Groups, nationwide teams that advise clients on consumer protection enforcement matters and other regulatory issues. Based in the firm’s Orange County office, Michael represents high-profile clients in regulatory enforcement investigations involving all facets of their business, including but not limited to, advertising and sales practices, monthly membership programs, auto renewal programs, telemarketing and telephone solicitations, door-to-door sales practices, and endorsements. Having begun his career as a commercial litigator, he also supports clients throughout litigation, should an investigation move in that direction.

Photo of Namrata Kang Namrata Kang

Namrata (Nam) is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, based in the Washington, D.C. office. She routinely advises clients on a wide variety of state and federal regulatory matters, with a particular emphasis on state consumer…

Namrata (Nam) is an associate in the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, based in the Washington, D.C. office. She routinely advises clients on a wide variety of state and federal regulatory matters, with a particular emphasis on state consumer protection laws relating to consumer financial services and marketing and advertising. Nam’s experience transcends multiple industries, including financial services, telecommunications, media, and sports betting.