286.9-140 Database of outstanding deferred deposit transactions -- Submitting and accessing data. (1) The commissioner shall, on or before July 1, 2010, implement a common database with real-time access through an Internet connection for deferred deposit service business licensees as provided in this subtitle unless implementing the database by that date would be financially impracticable for the commissioner to design and operate a database or because a contract with a qualified third-party provider has not been entered into. The database shall be accessible to the department and the deferred deposit service business licensee to verify whether any deferred deposit transactions are outstanding for a particular person. A deferred deposit service business licensee shall accurately and promptly submit such data before entering into each deferred deposit transaction in such format as the commissioner may require by rule or order, including the customer's name, Social Security number or employment authorization alien number, address, driver's license number, amount of the transaction, date of transaction, date that the completed transaction is closed, and any additional information required by the commissioner. The commissioner may adopt rules to administer and enforce the provisions of this subtitle and to assure that the database is used by deferred deposit service business licensees in accordance with this subtitle. (2) The commissioner shall impose a fee of one dollar ($1) per transaction for data required to be submitted by a deferred deposit service business licensee, which fee may be charged to the customer. (3) The commissioner may operate the database described in subsection (1) of this section or may select and contract with a third-party provider to operate the database. If the commissioner contracts with a third-party provider for the operation of the database, all of the following apply: (a) The commissioner shall ensure that the third-party provider selected as the database provider operates the database pursuant to the provisions of this subtitle; (b) The commissioner shall consider cost of service and ability to meet all the requirements of this subtitle in selecting a third-party provider as the database provider; (c) In selecting a third-party provider to act as the database provider, the commissioner shall give strong consideration to the third-party provider's ability to prevent fraud, abuse, and other unlawful activities associated with deferred presentment service transactions and provide additional tools for the administration and enforcement of this subtitle; (d) The third-party provider shall use the data collected under this subtitle only as prescribed in this subtitle and the contract with the department and for no other purpose; (e) If the third-party provider violates this subtitle, the commissioner may terminate the contract and the third-party provider may be barred from becoming a party to any other state contracts; (f) A person injured by the third-party provider's violation of this subtitle may maintain a civil cause of action against the third-party provider and may recover actual damages plus reasonable attorney's fees and court costs; and (g) The commissioner may require that the third-party provider collect the fee assessed in subsection (2) of this section from the licensee. The third-party provider shall remit the fee collected from the licensee to the commissioner no later than the first day of each month. The third-party provider shall deposit any fee collected in a separate escrow account in a federally insured financial institution and shall hold the fee deposited in trust for the Commonwealth of Kentucky. (4) The database described in subsection (1) of this section shall allow a deferred deposit service business licensee accessing the database to do all of the following: (a) Verify whether a customer has any open deferred deposit transactions with any deferred deposit business service licensee that have not been closed; (b) Provide information necessary to ensure deferred deposit service business licensee compliance with any requirements imposed by the United States Treasury Office of Foreign Assets Control and United States Treasury Office of Financial Crimes Enforcement Network; and (c) Track and monitor the number of customers who notify a deferred deposit service business licensee of violations of this subtitle, the number of times a deferred deposit service business licensee agreed that a violation occurred, the number of times that a deferred deposit service business licensee did not agree that a violation occurred, the amount of restitution paid, and any other information the commissioner requires by rule or order. (5) While operating the database, the database provider shall do all of the following: (a) Establish and maintain a process for responding to transaction verification requests due to technical difficulties occurring with the database that prevent the licensee from accessing the database through the Internet; (b) Comply with any applicable federal and state provisions to prevent identity theft; (c) Provide accurate and secure receipt, transmission, and storage of customer data; and (d) Meet the requirements of this subtitle. (6) When the database provider receives notification that a deferred deposit service transaction has been closed, the database provider shall designate the transaction as closed in the database immediately, but in no event after 11:59 p.m. on the day the commissioner or database provider receives notification. (7) The database provider shall automatically designate a deferred deposit service transaction as closed in the database five (5) days after the transaction maturity date unless a deferred deposit service business licensee reports to the database provider before that time that the transaction remains open because of the customer's failure to make payment; that the transaction is open because the customer's payment instrument or an electronic redeposit is in the process of clearing the banking (8) system; or that the transaction remains open because the customer's payment instrument is being returned to the deferred deposit service business licensee for insufficient funds, a closed account, or a stop payment order; or because of any other factors determined by the commissioner. If a deferred deposit service business licensee reports the status of a transaction as open in a timely manner, the transaction remains an open transaction until it is closed and the database provider is notified that the transaction is closed. If a deferred deposit service business licensee stops providing deferred deposit service transactions, the database provider shall designate all open transactions with that licensee as closed in the database sixty (60) days after the date the deferred deposit service business licensee stops offering deferred deposit service transactions, unless the deferred deposit service business licensee reports to the database provider before the expiration of the sixty (60) day period which of its transactions remain open and the specific reason each transaction remains open. The deferred deposit service business licensee shall also provide to the commissioner a reasonably acceptable plan that outlines how the deferred deposit service business licensee will continue to update the database after it stops offering deferred presentment service transactions. The commissioner shall promptly approve or disapprove the plan and immediately notify the deferred deposit service business licensee of the commissioner's decision. If the plan is disapproved, the deferred deposit service business licensee may submit a new plan or may submit a modified plan for the deferred deposit service business licensee to follow. If at any time the commissioner reasonably determines that a deferred deposit service business licensee that has stopped offering deferred deposit service transactions is not updating the database in accordance with its approved plan, the commissioner shall immediately close or instruct the database provider to immediately close all remaining open transactions of that deferred deposit service business licensee. (9) The response to an inquiry to the database provider by a deferred deposit service business licensee shall state only that a person is eligible or ineligible for a new deferred deposit service transaction and describe the reason for that determination. Only the person seeking the transaction may make a direct inquiry to the database provider to request a more detailed explanation of a particular transaction that was the basis for the ineligibility determination. Any information regarding any person's transaction history is confidential; is not subject to public inspection; is not a public record subject to the disclosure requirements of the Kentucky Open Records Act, KRS 61.870 to 61.884; is not subject to discovery, subpoena, or other compulsory process, except in an administrative or legal action arising under this subtitle; and shall not be disclosed to any person other than the commissioner. (10) The commissioner may access the database provided under subsection (1) of this section only for purposes of an investigation of, examination of, or enforcement action concerning an individual database provider, licensee, customer, or other person. (11) The commissioner shall investigate violations of and enforce this subtitle. The commissioner shall not delegate his or her responsibilities under this subsection to any third-party provider. (12) (a) The commissioner shall make a determination that the database is fully operational and shall send written notification to each licensee subject to the provisions of this subtitle: 1. That the database has been implemented; and 2. Of the exact date that the database shall be considered operational for the data entry requirement established in paragraph (b) of this subsection. (b) A deferred deposit service business licensee shall promptly and accurately enter into the database all transactions undertaken by the licensee upon receipt of the written notification established in paragraph (a) of this subsection. (13) The commissioner may, by rule or order, do all of the following: (a) Require that data be retained in the database only as required to ensure deferred deposit service business licensee compliance with this subtitle; (b) Require that customer transaction data in the database are archived within three hundred sixty-five (365) days after the customer transaction is closed unless needed for a pending enforcement or legal action; (c) Require that any identifying customer information is deleted from the database when data are archived; and (d) Require that data in the database concerning a customer transaction are deleted from the database three (3) years after the customer transaction is closed or, if any administrative, legal, or law enforcement action is pending, three (3) years after the administrative, legal, or law enforcement action is completed, whichever is later. (14) The commissioner may maintain access to data archived under subsection (13) of this section for examination, investigation, or legislative or policy review. (15) A deferred deposit service business licensee may rely on the information contained in the database as accurate and is not subject to any administrative penalty or civil liability as a result of relying on inaccurate information contained in the database, provided the deferred deposit licensee accurately and promptly submits such data as required before entering into a deferred deposit transaction with a customer. (16) The commissioner may use the database to administer and enforce this subtitle. (17) The commissioner may require a database provider to file a report by March 1 of each year containing the following information: (a) The total number and dollar amount of deferred deposit transactions entered into in the calendar year ending December 31 of the previous year; (b) The total number and dollar amount of deferred deposit transactions outstanding as of December 31 of the previous year; (c) The total dollar amount of fees collected for deferred deposit transactions as of December 31 of the previous year; (d) The minimum, maximum, and average dollar amount of deferred deposit transactions entered into, the total dollar amount of the net charge-offs and write-offs, and the net recoveries of licensees as of December 31 of the previous year; (e) The average deferred deposit transaction amount, the average number of transactions, and the average aggregate deferred deposit transaction amount entered into per customer as of December 31 of the previous year; (f) The average number of days a customer was engaged in a deferred deposit transactions for the previous year; and (g) An estimate of the average total fees paid per customer for deferred deposit transactions for the previous year. (18) Enforcement of this section shall be effective ninety (90) days after the database implementation date established by the commissioner as set forth in subsection (12) of this section. Effective: July 15, 2010 History: Amended 2010 Ky. Acts ch. 24, sec. 819, effective July 15, 2010. -- Created 2009 Ky. Acts ch. 98, sec. 8, effective June 25, 2009.