Oregon Legislative and Regulatory Update

Oregon Legislative and Regulatory Update

The Oregon legislature recently amended the statutes related to foreclosure practices of residential trust deeds, to the provision that identifies certain public records as being exempt from disclosure, to the enforcement requirements for breaches of security involving personal information, and mortgage loan originator licensing.  The Department of Commerce and Business Services, Division of Finance and Corporate Securities (the “Department”) has recently issued regulations regarding mortgage loan originator licensing and recordkeeping. The recordkeeping regulations are effective December 14, 2015; the remaining bills and regulation discussed in this memorandum are effective January 1, 2016.




Current law requires that a beneficiary that intends to foreclose a residential trust deed must first request a resolution conference with the grantor before the beneficiary or the trustee files a notice of default (nonjudicial foreclosure by advertisement and sale) or before the beneficiary brings suit (judicial foreclosure).


In addition to existing exemptions, the Department of Veterans’ Affairs, in its capacity as a beneficiary of loans made under Oregon law, is now exempt from the above requirement.




The Act adds an additional category of exempt documents to the existing list of public records that are exempt from disclosure.  The new category is:


Personally identifiable information and contact information of veterans (as defined in Oregon law) and of persons serving on active duty or as reserve members with the Armed Forces of the United States, National Guard or other reserve component that was obtained by the Department of Veterans’ Affairs in the course of performing its duties and functions, including but not limited to, names, residential and employment addresses, dates of birth, driver license numbers, telephone numbers, electronic mail addresses, Social Security numbers, marital status, dependents, the character of discharge from military service, military rating or rank, that the person is a veteran or has provided military service, information relating to an application for or receipt of federal or state benefits, information relating to the basis for receipt or denial of federal or state benefits and information relating to a home loan or grant application, including but not limited to, financial information provided in connection with the application.




Clerical changes have been made to the statute to further clarify the intent that the defined elements of “personal information” are related to “consumer” information, not business or commercial information.


“Personal information” is defined to mean a consumer’s first name or first initial and last name in combination with any one or more of other specified data elements, if encryption, redaction or other methods have not rendered the data elements unusable or if the data elements are encrypted and the encryption key has been acquired.  This bill adds new specified data elements, as follows:

(1)     Data from automatic measurements of a consumer’s physical characteristics, such as an image of a fingerprint, retina or iris, that are used to authenticate the consumer’s identity in the course of a financial transaction or other transaction;

(2)     A consumer’s health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier that a health insurer uses to identify the consumer; or

(3)     Any information about a consumer’s medical history or mental or physical condition or about a health care professional’s medical diagnosis or treatment of the consumer.


The requirement to give notice of a breach of security is now extended to a person or entity (private or public) that licenses personal information that the person uses in the course of the person’s business vocation, occupation or volunteer activities.


The amendment further clarifies that a notice of breach of security must be given to the consumer whose personal information has been breached.  Additionally, the notice of breach of security must now be provided to the Oregon Attorney General, either in writing or electronically, if the number of consumers whose personal information has been breached exceeds 250.


If a breach of security affects more than 1,000 consumers, the notice of the breach must now also include any police report number assigned.


Violation of this statute is now deemed to be an unlawful practice under the Oregon law of unlawful business, trade practices (ORS 646.607).




The current law requires licensing for an individual to engage in the business as a mortgage loan originator in Oregon.  The law includes categories of individuals to whom the licensing requirement does not apply, which have been amended, as follows:

(1)       Additional clarification related to the exemption for an attorney licensed or otherwise authorized to practice law in Oregon [previously the exemption applied when the attorney negotiated the terms of a residential mortgage loan as an ancillary matter in the representation of a client; the amendment clarifies that the exemption applies when the negotiation is in the “representation of a client”; the exemption applies only when the attorney does not receive compensation from a mortgage banker, broker, loan originator, lender, or an agent of any of them; the amendment clarifies when an attorney will be deemed to have received compensation]; and;

(2)       Expanded the exemption for an individual who, as a seller during any 12-month period, offers or negotiates terms for not more than 3 residential mortgage loans secured by property the individual owns, but not as the individual’s residence; the exemption now includes a limited liability company of which the individual is a member and includes the parameters of the expanded exemption.


Under the current law, an individual who claims an exemption from the licensing may not hold more than eight residential mortgage loans.  The amendment clarifies the determination of how this requirement is satisfied.  The amendment further requires that an individual claiming this exemption make disclosure to the Director of the Department of Consumer and Business Services, including disclosure of the loans held by all limited liability companies of which the individual is a member.




An individual who, as a seller during any 12-moth period, offers or negotiates terms for not more than 3 residential mortgage loans that are secured by a dwelling unit that the individual owns and which did not serve as the individual’s residence, is exempt from the requirement to obtain a mortgage loan originator license.


This rule clarifies that the new exemption (under the recently enacted Senate Bill 879 above) also applies when the dwelling unit is owned by a limited liability company of which the individual is a member and which did not serve as the individual’s residence.  To qualify for the new exemption:

·                    Membership in the limited liability company must consist only of the individual or of the individual and his/her spouse, children, siblings, parents, grandparents, grandchildren or other relatives who are related to the individual by law, marriage or adoption;

·                    The individual or the limited liability company does not advertise, or otherwise suggest by statements or conduct, that the limited liability company engages in the business of making residential mortgage loans;

·                    Neither the individual, nor the limited liability company, can hold more than eight residential mortgage loans at any time;

·                    Disclosure is made to the Director of the Department of all members of the limited liability company, all interests the members hold in other exempt limited liability companies, and all the properties owned by the limited liability company securing mortgages made by the limited liability company or by its members; and

·                    The limited liability company certifies that all of the members meet the requirements under the law.


The limited liability company must request the exemption on a form provided by the Director of the Department, who will approve, deny or condition an exemption within 30 days of receipt of the form and information.  If the Director does not act within 30 days, the limited liability company may rely on the exemption.




The Department amended the administrative rule related to recordkeeping, specifically to update the recordkeeping requirement to accommodate the changes to federally-mandated disclosures under the Truth-in-Lending and RESPA Integrated Disclosure Rule.


The rule is amended to include the following:  “A copy of the completed, translated (when applicable) Loan Estimate and Closing Disclosure provided to the borrower and maintained in the borrower file will comply with the requirement in Oregon law to provide a good faith estimate and Truth in Lending Disclosure.”