NY LLC TRANSPARENCY ACT TAKES EFFECT IN 2026
Starting January 1, 2026, the New York LLC Transparency Act (NY LLCTA) will require most LLCs formed in or registered to do business in New York to disclose detailed beneficial ownership information (BOI) annually to the New York Department of State. The law is modeled after the federal Corporate Transparency Act but establishes its own state-specific definitions and exemptions. LLCs must report information such as owners’ names, addresses, birthdates, and identification numbers, with exemptions still requiring an attestation filing. Noncompliance can result in steep penalties, including fines up to $500 per day, suspension of business authority in New York, or dissolution. Businesses with LLC structures should begin preparing now by identifying beneficial owners, gathering required information, and planning for ongoing reporting obligations.
CA FINALIZES CPPA RULES: AUDITS, RISK ASSESSMENTS & ADMT
California approved new CPPA regulations expanding requirements for cybersecurity audits, privacy risk assessments, and automated decision-making technology (ADMT). Rules take effect Jan 1, 2026, with key deadlines through 2030.
-
Cybersecurity audits (for “significant risk” processing): due Apr 1, 2028 (>$100M revenue), Apr 1, 2029 ($50M–$100M), Apr 1, 2030 (<$50M).
-
Risk assessments (selling/sharing PI, sensitive PI, ADMT use, inferring traits, training ADMT): initial submission to CPPA by Apr 1, 2028.
-
ADMT notices: by Jan 1, 2027, inform consumers of purpose, opt-out, access rights, and how decisions are made (and if they opt out).
Action: Identify in-scope data uses and owners now; align audit cadence, assessment workflows, and ADMT notices to hit the 2027–2030 dates.
CA LANDMARK AI SAFETY BILL ADVANCED
California lawmakers have passed SB 53, the Transparency in Frontier Artificial Intelligence Act, sending it to Governor Newsom for approval. The bill would create the most comprehensive state-level AI safety framework in the U.S., requiring large AI developers to publish safety frameworks, disclose catastrophic risk testing, and report incidents such as misuse or loss of control. Enforcement authority would rest with the Attorney General and Office of Emergency Services, with penalties up to $10 million. If signed, the law would take effect in 2026, with the first reporting obligations due in 2027. For financial services, the move signals that state regulators are prepared to directly govern AI use—potentially shaping how digital collections, credit risk modeling, and consumer engagement tools are regulated going forward.
HOUSE HEARING SPOTLIGHTS AI IN FINANCIAL SERVICES
The House Subcommittee on Digital Assets, Financial Technology, and AI held a hearing on AI’s role in financial services. Lawmakers explored its applications in lending, fraud detection, and compliance, as well as legislative proposals to encourage innovation while managing risk. The discussion emphasized maintaining U.S. leadership in financial AI and developing frameworks that allow growth without sacrificing oversight. Firms integrating AI into credit or servicing processes should track these debates closely.
DELAWARE UPDATES ENTITY LAWS: IMPACT ON LICENSING AND FILINGS
Effective August 1, 2025, Delaware has enacted broad amendments to its corporation, LLC, partnership, and franchise tax statutes. Key changes include new requirements for registered agents (virtual-only agents are no longer permitted), updated rules for correcting or nullifying filings, and stricter obligations to file overdue reports and taxes before reinstatement. Franchise tax reports must now disclose business activity and location, and refund rights are narrowed. For financial services companies, these changes matter because regulators often verify formation state good standing as part of licensing. Staying current with Delaware’s evolving requirements will help prevent delays in applications, renewals, or corporate maintenance.
OHIO BILL WOULD REQUIRE LICENSING FOR DEBT SERVICES PROVIDERS
TOhio Senate Bill 256 would prohibit offering or providing debt resolution services without a state license. Licenses would be valid for two years, non-transferable, and could be denied for incomplete filings, late submissions, or fraud-related offenses by key officers. The measure also sets limits on when fees can be charged, requires written agreements with clear disclosures, and mandates annual reports to the Superintendent of Financial Institutions. Exemptions include banks, attorneys, creditors, nonprofits, and government officers. If enacted, this bill would create a new licensing obligation for most commercial debt service providers operating in Ohio.
ATLAS BY CORNERSTONE: A MODERN LICENSING MANAGEMENT TOOL
Meet Atlas, the new Cornerstone client portal, an innovative, secure, and streamlined platform that redefines how licenses and bonds are managed. More than just a new name, Atlas delivers a smarter, more intuitive experience that keeps you in control of deadlines, documents, and decisions.
WHY ATLAS?
WHY ATLAS?- One Secure Hub. Consolidate all licenses, filings, & documents with Atlas Vault
- Real-Time Transparency. Always know the status of your filings
- Deadline Confidence. Built-in due date tracking so you never miss a renewal
- Seamless Collaboration. Digital checklists and in-task conversations keep communication clear
- Interactive Insights. Use Atlas Map to view state-by-state coverage and uncover growth opportunities
- Expert Support. The same trusted Cornerstone team backing every filing, renewal, and license.
With Atlas, you gain clarity and confidence while we carry the weight of regulatory complexity, so you can stay focused on growth.
Cornerstone clients get unlimited access to Atlas at no extra cost—just log in as usual for the new experience. If you don’t have a login, contact your Licensing Specialist.
Not a client? Connect with us to see how Atlas can simplify your licensing journey.
STATE ACTION ON UNLICENSED COLLECTION OPERATIONS
The Connecticut Department of Banking recently issued a Consent Order against Woodfield Receivable Management Corp. for acting as a consumer collection agency without the required state license. Even though Woodfield had applied for a license earlier in the year, the company purchased and serviced accounts before approval, leaving it exposed to significant penalties. The case highlights how even well-intentioned actions, like taking over accounts from an affiliate, can trigger violations if licensing isn’t secured first. Woodfield ultimately cooperated, paid a civil penalty, and had to cease activity until properly licensed.
Financial services businesses must have all licenses in place before acquiring accounts or servicing consumers, as regulators are prepared to impose costly sanctions for premature operations.
OREGON TRIO OF CONSUMER PROTECTION BILLS PASSED
Oregon enacted three new consumer-focused laws effective in 2026. These include banning medical debt from credit reports, requiring upfront disclosure of online transaction fees, and mandating clearer disclosures in auto loans (including translation into the state’s top six languages). The measures reinforce state-level momentum around fair lending, transparency, and consumer protection. Businesses serving Oregon residents should prepare to adjust processes, systems, and disclosures ahead of the effective date.
BLOG: MOVING BEYOND SPONSOR BANK DEPENDENCY
For fintechs, sponsor bank partnerships are a great launchpad—but over time, they create cost, dependency, and regulatory risks that can limit growth. Transitioning to direct state licensing with Money Transmitter Licenses (MTLs) gives companies more control, resilience, and long-term enterprise value.
READ NOW
ILLINOIS LICENSING REQUIREMENTS FOR MORTGAGES AND DIGITAL ASSETS
Illinois has proposed rules that classify shared appreciation mortgages (home equity sharing agreements) as mortgage loans, requiring licensing for origination, brokering, servicing, or purchasing these products. Separately, the state enacted the Digital Assets and Consumer Protection Act, creating a licensing and supervisory framework for exchanges, custodians, and other digital asset businesses. These moves reinforce a trend: states are extending licensing rules into both traditional and emerging financial products, signaling that firms should expect stricter oversight and potential new obligations when expanding into Illinois and beyond.
CORNERSTONE CAN HELP: REGISTERED AGENTS
Cornerstone offers comprehensive solutions for all your compliance needs, including registered agent services. A registered agent, also known as a statutory agent, plays a crucial role by receiving legal documents and official correspondence on behalf of a business entity. This service is required for corporations, LLCs and partnerships, and serves as an important point of contact for legal correspondence, including lawsuits, subpoenas, and tax notices.
Connect with us today to learn how Cornerstone can unburden you from this requirement and save you money in the process.
COURTS SCRUTINIZE EWA AND HOME EQUITY PRODUCTS UNDER TRADITIONAL LENDING LAWS
Recent court rulings in Massachusetts and Maryland suggest that innovative fintech offerings like home equity investment agreements and earned wage access (EWA) products may still be judged under conventional lending statutes. In Massachusetts, a judge allowed claims to proceed that home equity agreements could be treated as loans. In Maryland, a federal court held that EWA fees and tips could be considered finance charges under TILA. These rulings highlight the risk that products designed outside of existing categories may nonetheless trigger traditional licensing and lending compliance requirements.
NEW GUARDRAILS ON MORTGAGE LEADS
President Trump has signed the Homebuyers Privacy Protection Act, prohibiting credit bureaus from selling mortgage trigger leads without consumer opt-in. For lenders, brokers, and servicers, this means significant changes in how credit report data can be shared and how leads are generated. While framed as a privacy law, the shift could also have downstream licensing implications as lead generation and data-sharing models evolve under tighter guardrails. Mortgage businesses should review vendor contracts, intake workflows, and licensing coverage ahead of implementation.
BLOG: NAVIGATING LICENSING FOR NON-TRADITIONAL MORTGAGE PRODUCTS
Shared equity agreements, reverse mortgages, rent-to-own models, and novel securitizations are testing the boundaries of existing state licensing frameworks. With states taking divergent approaches—some requiring full mortgage licenses, others leaving gaps—lenders and fintechs face real legal and operational risks when innovating in this space.
READ NOW
MICHIGAN PROPOSES TO MODIFY LICENSING FOR COLLECTION AGENCIES
Michigan House Bill 4887 proposes changes to the state’s collection agency licensing framework. The bill would allow the Department of Insurance and Financial Services (or an appointed board) to relicense or reregister a debt collector who fails to renew on time, creating a formal path for reinstatement. It also removes the licensing exemption for non-owner managers of collection agencies, meaning these individuals would now be subject to licensure requirements. If passed by two-thirds of both chambers, the bill would take effect immediately; otherwise, it would become effective 90 days after adjournment.
FCC RESETS TEXT CONSENT STANDARD
The FCC has rolled back its 2023 revision to text message consent rules, reinstating the previous, stricter definition of “prior express written consent.” This change is immediate, following a federal court decision, and businesses must align with the older compliance framework without delay. The biggest impact is that companies that retooled their SMS outreach processes in 2023 may now be out of step with the law unless they revert to the prior consent standard. Financial services businesses that engage in text-based outreach should review disclosures, opt-in language, and record-keeping practices immediately to ensure they meet the reinstated requirements.
VIRTUAL SUGGESTION BOX
We’ve continued to hear great feedback from you, our clients, on how our newsletter provides value for your organization. To ensure we continue to research and provide the best data, we have created a virtual “suggestion box” for your ideas. Whatever topic you’d like to learn about, large and small, we will go research with our team and knowledgeable folks from our industry.
NY DO NOT DISTURB REGISTRY ACT INTRODUCED
New York lawmakers have proposed the Do Not Disturb Registry Act (AB 9029), which would create a statewide registry for residents to opt out of unsolicited marketing communications, including calls, texts, emails, mail, and faxes. Covered businesses would be prohibited from contacting anyone listed on the registry for more than 31 days. The Department of State would manage the registry, investigate violations, and impose civil penalties of up to $1,500 per infraction. This bill would operate alongside the state’s existing Do Not Call registry and would take effect one year after enactment.
MASSACHUSETTS TARGETS “JUNK FEES”
Massachusetts’ Attorney General announced consumer protection rules aimed at eliminating “junk fees” across industries. Businesses must disclose all fees upfront, make subscription cancellations easy, and avoid unnecessary charges. The rules apply not only to local businesses but also to out-of-state companies serving Massachusetts consumers. For financial services providers, this means reexamining account fees, subscription-based products, and loan servicing charges to ensure transparency and avoid enforcement risk.
STATE PRIVACY ENFORCEMENT INTENSIFIES
California, Colorado, and Connecticut announced a joint enforcement sweep to check compliance with the Global Privacy Control (GPC), a browser-based opt-out tool for data sales and sharing. Regulators emphasized that businesses must honor GPC signals as a matter of law. For financial services providers handling consumer data, this highlights increasing scrutiny on privacy practices across multiple states. Companies should ensure that their websites, applications, and vendors are honoring opt-out signals consistently.
BEYOND THE NEWSLETTER
Head to LinkedIn and give us a follow to tap into a stream of real-time updates, legislative changes, and great content tailored for ARM and Fintech professionals. Engage with thought leaders and peers in our community to enhance your expertise.
Follow Cornerstone on LinkedIn and transform the way you stay informed in our ever-evolving industry.
GEOGRAPHIC TARGETING ORDER REISSUED FOR SOUTHWEST BORDER
FinCEN has reissued a Geographic Targeting Order (GTO) requiring certain money services businesses (MSBs) in specific counties and ZIP codes along the southwest border to file Currency Transaction Reports (CTRs) for cash transactions between $1,000 and $10,000. The order, effective September 10, 2025 through March 6, 2026, is aimed at combating cartel activity, money laundering, and other illicit finance tied to drug trafficking organizations. To ease compliance, new MSBs covered by the order have a 30-day transition period, and all reporting businesses will have 30 days (instead of the usual 15) to file CTRs.
BLOG: LICENSING NON-PERFORMING MORTGAGE LOANS
When a mortgage loan slips into delinquency, the licensing obligations can change—often requiring collection or even debt-buyer licenses on top of servicing authority, with some states and cities layering in their own rules. The article explores where teams and vendors often trip up, how to build “license gating” into systems, and why missing these requirements can jeopardize enforcement rights.
COMPREHENSIVE CRYPTO MARKET BILL
The Senate Banking Committee circulated a draft bill to establish a full regulatory structure for U.S. crypto trading. Key provisions include bankruptcy treatment of digital assets, legal protections for developers, and federal support for tokenization in financial markets. The bill also directs the SEC and CFTC to study tokenization of securities and real-world assets, signaling growing alignment between financial regulation and digital asset innovation. If advanced, this legislation would shape how financial services businesses approach custody, consumer protection, and risk planning around digital assets.
DOJ REQUESTS INPUT ON STATE LAWS IMPACTING INTERSTATE COMMERCE
The Department of Justice has opened an inquiry into state laws that may impose unnecessary costs or burdens on interstate commerce. The review seeks to identify laws that conflict with federal authority or create fragmented requirements across state lines. This effort could impact financial services businesses operating nationally, where differing state licensing or consumer protection rules often create operational complexity.
SEC SHIFTS FOCUS TO DIGITAL ASSETS IN 2025 AGENDA
The SEC’s latest agenda places crypto at the forefront, a shift from prior cycles that centered on private fund advisers and disclosure rules. The new priorities reflect a policy direction focused on establishing clear, durable guidelines for digital asset markets. For financial services businesses, this signals that digital asset regulation is no longer peripheral but central to the SEC’s agenda. Expect continued rulemaking activity that could reshape compliance and licensing obligations for firms exploring blockchain-based services.
CFPB PROPOSES LOWER SUPERVISORY BURDENS FOR CONSUMER REPORTING AGENCIES
The CFPB has issued two proposed rules that could significantly scale back its supervisory reach over consumer reporting agencies (CRAs) and certain nonbanks. First, the Bureau proposes raising the threshold for what qualifies as a “larger participant” in the consumer reporting market—from $7 million to $41 million in annual receipts—aligning with the Small Business Administration’s small business size standard. This change would leave only six CRAs under CFPB’s direct supervision, easing compliance burdens for smaller firms. Second, the Bureau seeks to formally define “risk to consumers” under its supervisory authority, limiting oversight to conduct with a high likelihood of significant harm directly tied to financial products or services. If finalized, these rules would reduce regulatory exposure for most CRAs and create greater predictability for nonbanks regarding when CFPB oversight might apply.
CALIFORNIA LAW ON HAZARD INSURANCE PROCEEDS
California passed AB 493, requiring lenders to pay interest (minimum 2% annually) on funds received for taxes, assessments, and hazard insurance proceeds. The law applies to mortgage transactions beginning January 1, 2026, with additional provisions specific to Los Angeles and Ventura counties. This change introduces new servicing obligations for institutions handling escrow or insurance-related accounts. Financial services businesses operating in California must prepare operational updates to ensure compliance with the statute’s requirements.
This information is not intended to be, nor is it, legal advice. It is intended for information purposes only. We make no warranty, express or implied, as to the accuracy or reliability of this information. We are not attorneys. You must retain your own attorney to receive legal advice. While Cornerstone strives to provide the most current and accurate state licensing information, the responsibility for any decision related to state licensing or agency compliance is solely yours.
