Like most industries today, Consumer Financial Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Sanders and Pepper Hamilton have developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19 driven events to impact the Consumer Financial Services industry this past week including:

Federal Activities

State Activities

Other Activities

Privacy and Cybersecurity Activities

Federal Activities:

– President Trump signs into law the Families First Corona Virus Response Act (HR 6201). Per the congressional summary, this bill “responds to the coronavirus outbreak by providing paid sick leave and free coronavirus testing, expanding food assistance and unemployment benefits, and requiring employers to provide additional protections for health care workers.” While the bill does not specifically target consumer finance services businesses, it demonstrates a willingness in Washington to take sweeping steps to respond to COVID-19. For an in-depth analysis, click here.

– On March 19, 2020, Senate Republicans introduced the Coronavirus Aid, Relief, & Economic Security (CARES) Act (HR 748). This follow up to the Families First Corona Virus Response Act similarly focuses on assisting the economy on the whole by providing broad economic relief to both citizens and businesses alike. As of Sunday night, the Act was at a standstill due to some procedural setbacks resulting from last minute disagreements between Senate Republicans and Democrats. It’s unclear how the Act will proceed from here.

-Chairwoman of the House Financial Services Committee, Congresswoman Maxine Waters, released plans last week for a “comprehensive fiscal stimulus” in response to COVID-19. Unlike the recently enacted Families First Corona Virus Response Act, this proposal directly addresses the consumer finance services industry. The plans released by Chairwoman Waters include:

  • Suspending all negative consumer credit reporting during the pandemic;
  • Prohibiting debt collection, repossession, and garnishment of wages during the pandemic;
  • Banning all evictions, foreclosures, and repossessions—including manufactured homes, RVs, and cars—nationwide; and
  • Requiring forbearance for mortgages on rental properties.

These prohibitions would remain in place for 120 days following the end of the pandemic. Troutman Sanders will monitor this proposal as it works its way through Congress.

-Senator Sherrod Brown of Ohio sent letters to the federal financial regulators to place on hold all rulemakings not related to COVID-19. He also directed a similar request to the U.S. Department of Housing and Urban Development. For an in-depth analysis, click here.

Responses from Creditors Rights Organizations:

-The National Creditors Bar Association (NCBA) sent a letter to the White House on March 19, 2020, indicating that the proposals from Congresswoman Waters and Senator Brown would disrupt the credit ecosystem, the practice of law, and cause harm to consumers, lenders, and medical providers that rely on attorneys practicing creditors rights law.

-The Receivables Management Association International (RMAI) recommended tailoring hardship programs to address COVID-19 issues. These policy recommendations include temporarily suspending collection activities when a consumer indicates he or she is experiencing financial or medical hardship (including oral requests), ceasing collection activity when a consumer has no assets and his or her only source of income is an exempt source, and placing collection holds with respect to the consumer, not on an individual account by account basis.

-The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance which identified “critical infrastructure sectors.” Various states, including but not limited to California, Connecticut, Louisiana, and Ohio (see below), have already relied upon this guidance to help determine who is exempt from its recent stay-at-home order and other states could follow suit.

-Federal financial regulators and other entities have issued initial guidance to regulated consumer financial service providers. That guidance includes:

For more in-depth analysis on some of the above guidance, click here.

State Activities:

-Governors in multiple states have issued orders limiting the movement of people and the operations of certain businesses. The most recent include:

California – Governor issues statewide order to stay at home.

Connecticut – Governor orders closure of “nonessential’ businesses through April 22, 2020.

Delaware – Governor orders closure of “nonessential” businesses through May 15, 2020.

Pennsylvania – Governor orders closure of all businesses that are not life sustaining.

Nevada – Governor orders closure of all “nonessential” businesses.

New York – Governor signs the ‘New York State on PAUSE’ Executive Order, which requires non-essential businesses to close in-office personnel functions.

New Jersey – Governor issues statewide order to stay at home and closure of all non-essential retail businesses.

Illinois – Governor issues order to stay at home and for non-essential businesses and operations to cease.

Louisiana – Governor issues stay at home order.

Maryland – Governor amends executive order to reduce size of permitted gathering and require the closure certain businesses.

Ohio – Director of Health issues stay at home order.

Massachusetts – Governor orders non-essential businesses to cease in-person operations.

Consumer financial services businesses should look closely at these orders to ensure their operations remain compliant.

While some jurisdictions have relaxed prohibitions on individual collectors working from home without registering their residential address as a branch location, most states require encryption of any access to secure systems and confidential data, prohibit any indication that business is being conducted at the residential location, and reserve the right to rescind or alter the guidelines regarding working remotely at any time. The Nationwide Multistate Licensing System is maintaining an up-to-date list of guidance from State regulators concerning COVID-19. Consumer financial services businesses should actively monitor the list to identify guidance relevant to their operations.

-Some state governments have either enacted or are considering enacting various moratorium on foreclosure and eviction related activities. They include:

District of Columbia – Mayor signs COVID-19 Response Emergency Amendment Act of 2020

Massachusetts – The state legislature is currently considering House Docket No. 4935.

New Hampshire – Governor issues Emergency Order #4.

New Jersey – Governor issues Executive Order No. 106 under the authorization of the recently passed Assembly Bill 3859.

Kansas – Governor issues Executive Order No. 20-06.

Virginia – HB 340 is currently on the Governor’s desk for signature.

Other Activities:

– Consumer Data Industry Association (“CDIA”) has launched a COVID-19 Resources page, which includes an announcement to furnishers of credit data that guidance exists for reporting consumer credit accounts impacted by “natural or declared disasters, or for other reasons” and a fact sheet “on the systems in place to minimize or eliminate the negative credit impact of extreme events like a natural disaster or pandemic.” Furnishers of credit should review the resources page and the relevant communications to determine any impacts on their current reporting procedures.

-Consumer financial services businesses should be aware of the triggering of force majeure clauses in their contractual agreements, the potential for an increase in negligence claims, and labor & employment issues as they navigate complying with state and federal orders regarding COVID-19.

Privacy and Cybersecurity Activities:

Cybersecurity Tips to Prevent Your Business from Becoming COVID-19’s Virtual Victim: While protecting the health of employees and clients should be every organization’s top priority, businesses would be naïve to ignore the cyber risks presented by the COVID-19 outbreak, which has forced a majority of businesses to shift to remote work. Hackers, looking to capitalize on fragmented operations and inherent employee vulnerabilities that exist even in the absence of crisis and panic, are leveraging COVID-19 to carry out their attacks. For cybersecurity tips to help avoid your business from becoming COVID-19’s virtual victim, click here.

COVID-19 Warrants Modified Cybersecurity for Work-at-Home: Many privacy and data protection statutes require businesses to implement “reasonable security procedures” to protect personal information. “Reasonable security procedures” is undefined as what is “reasonable” depends on the size of each business and the nature of the data it collects. As a result, many organizations rely on guidelines and frameworks when making decisions (e.g., NIST Cybersecurity Framework, Top 20 CIS Controls, etc.). However, as COVID-19 continues to spread and businesses worldwide are forced to shift abruptly to a work-at-home workforce, the question arises as to whether the standard for “reasonable security” changes. Despite the fact that many organizations likely did not prepare for global pandemic, the regulatory and agency guidance issued thus far seem to lead us to the same conclusion: COVID-19 warrants a shift in cybersecurity practices. For an in-depth analysis and security safeguards to consider when shifting to a remote workforce, click here.

Notice to Employers: Remember Privacy Basics When Addressing COVID-19: As COVID-19 continues to spread, businesses are pushed to make swift decisions that impact not only business operations, but also the privacy and security of employees’ personal information. In times like these, the Fair Information Practice Principles (FIPPs) should be every organization’s guiding light. The FIPPs are principles that address the privacy of individuals’ personal information and provide the foundation for many U.S. state and federal privacy laws (e.g., CCPA and HIPAA) and international privacy laws (e.g., GDPR). When decisions have to be made under pressure, businesses would be wise to refer back to the FIPPs as a sounding board prior to taking action. For an in-depth analysis of a few core privacy principles that should be at the forefront of every organization’s mind as they tackle the operational effects of COVID-19, click here.

-European Union Regulators are taking steps to clarify data privacy protections requirements during the COVID-19 pandemic. For an in-depth analysis, click here.

Visit our Pepper Hamilton / Troutman Sanders COVID-19 Resource Center for additional resources and news affecting your company.