Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Sanders and Pepper Hamilton have developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge. Please join Troutman Sanders for a complimentary webinar regarding the California Consumer Privacy Act and regulatory litigation updates on Thursday, May 7, 2020 from 1:00 – 2:00 p.m. ET. To sign up, click here.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19 driven events at the Federal and State levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • Senators Sherrod Brown (D-Ohio) and Elizabeth Warren (D-Mass.) last week released a proposal for new consumer protection measures that they claim are critical to helping Americans weather the COVID-19 pandemic. Noting that the stimulus payments provided by the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) may not be enough to cover basic expenses for even a month, these senators are now calling for “the next coronavirus aid package” to include broad restrictions on debt collection and even debt forgiveness. Such relief is critical, the senators say, so that consumers can aid the economic recovery by spending on goods and services, rather than debt service. For information in the proposal, click here.
  • The Consumer Financial Protection Bureau (“CFPB”) updated its guide, originally published in early April of 2020, that aims to assist consumers with common questions about the Economic Impact Payments under the CARES Act. For more information, click here.
  • The Federal Housing Finance Agency (“FHFA”) announced limits on servicer obligations to advance scheduled monthly principal and interest payments for single-family mortgage loans backed by Fannie Mae and Freddie Mac (the “Enterprises”). Once a servicer has advanced four months of missed payments on a loan, it will have no further obligation to advance scheduled payments. FHFA also is instructing the Enterprises to maintain loans in COVID-19 payment forbearance plans in Mortgage–Backed Security pools for at least the duration of the forbearance plan. For more information, click here.
  • The CFPB issued an interpretive rule intended to “make it easier for consumers with urgent financial needs to obtain access to mortgage credit more quickly in the middle of the COVID-19 pandemic.” The rule clarifies how the right of consumers to waive certain protections provided in the TILA-RESPA Integrated Disclosure rule and Regulation Z may be handled during the ongoing crisis. For more information, click here.
  • The CFPB issued a guide outlining practices in order to provide mortgage servicers clarity, facilitate compliance, and prevent harm to consumers during the transfer of residential mortgages. For more information, click here.
  • COVID-19 has forced us to ask novel questions generally and look for stay-at-home order workarounds. Compliance with the Fair Credit Reporting Act (FCRA) is no different. One of the many questions that has arisen relates to the reinvestigation of disputed court records. How can this be done with limited access to court records? What should be done to permit reporting of these records once access restrictions are lifted? For more answers to these questions, click here.
  • The CFPB wrote a letter to the Federal Communications Commission advising that automated phone calls from financial institutions to their customers could assist consumers as they continue to experience the economic impact of the COVID-19 pandemic. For more information, click here.

State Activities:

  • On April 20, the Indiana Supreme Court issued a published order protecting COVID-19 stimulus checks from court orders by placing a hold on, attaching, or garnishing funds attributable to a stimulus payment. For more information, click here.
  • Earlier this month, 21 state Attorneys General (“AGs”) and the AGs for Washington, D.C. and Puerto Rico sent a letter to the CFPB urging the CFPB to withdraw its non-binding guidance issued on April 1, 2020 with respect to the CARES Act. The signatory AGs include some from the most populous states and some of the states hardest hit by the pandemic, including California, Illinois, Michigan, New Jersey, New York and Washington. California is part of that coalition and shared a statement here. Unhappy with the response they received from the CFPB on April 21, 2020, the AGs have now gone directly to the three major national consumer reporting agencies with a strong message that the AGs “are committed to protecting consumers in our states and will continue to enforce all federal and state requirements during this crisis.” For more information, click here.
  • The Supreme Court of Appeals of West Virginia issued another amended emergency order extending court deadlines. The Court’s new order delays all court deadlines for matters scheduled to occur during the emergency period from March 23, 2020 to May 15, 2020 until May 18, 2020. Emergency proceedings, however, can take place via video conference or telephone if the constitutional rights of the parties are not affected. Additionally, the order continues generally all other court hearing dates scheduled to occur between March 23, 2020 and May 15, 2020, to be rescheduled at the discretion of the presiding officer at a subsequent date. For more information, click here.
  • The Illinois Supreme Court issued an order stating that if a bank is freezing $4,000 or less in a personal account, the bank is now instructed, under the new order, to release the funds back to the debtor. If there’s more than $4,000 frozen in the account, the $4,000 must be returned. For more information, click here.
  • Maryland Governor Larry Hogan issued an executive order that protects CARES Act Recovery Rebates from garnishment. For more information, click here.
  • Iowa Governor Kim Reynolds issued an order extending the State of Public Health Disaster Emergency in response to the ongoing state of the COVID-19 pandemic. Included in Reynolds’ proclamation is a moratorium on garnishments. For more information, click here.
  • California Governor Gavin Newsom signed an executive order protecting the stimulus money individuals are receiving under the CARES Act from certain debt collection activities. For more information, click here.
  • Minnesota Governor Tim Walz signed Executive order 20-20 directing Minnesotans to Stay Home, establishing what businesses were considered part of the Critical Sector and determining what businesses were exempt from the stay-at-home order. The Governor’s order did not exempt debt collection and workers supporting debt collection from the stay at home requirement which meant the employees of debt collectors were prohibited from working at the location of the debt collection agency. For more information, click here.
  • Illinois Governor J.B. Pritzker declared the entire state a disaster area. This order further required all individuals living in the state to stay at home and suspended a number of post judgment collection actions, including: service of garnishment summonses; wage deduction summonses; citations to discover assets on consumer debtors or consumer garnishees, and the continuance or curtailment of non-essential court matters, including supplemental proceedings. For more information, click here.
  • The Attorney General of Rhode Island, Peter F. Neronha, issued general guidance to financial institutions, creditors and debt collectors in regard to payments exempt from seizure. The purpose of the guidance is to make clear that in addition to other funds protected from seizure under Rhode Island law, stimulus payments to Rhode Island residents by the Federal government pursuant to the CARES Act should be similarly protected. For more information, click here.
  • Following the District of Columbia City Council’s passage of the COVID-19 Response Supplemental Emergency Act, D.C. Attorney General Karl Racine issued guidance on the debt collection provision of the act, which restricts communications with consumers.
  • Idaho Governor Brad Little replaced the expiring statewide stay at home order with the “Stay Healthy Order,” which details reopening of the state. For more information, click here.
  • Kansas Governor Laura Kelly announced that she will lift the statewide stay at home order and will allow Kansas communities to begin reopening. For more information, click here.
  • Nevada Governor Steve Sisolak issued a new directive to modify and extend the state’s stay at home order to May 15, 2020. For more information, click here.
  • Ohio Governor Mike DeWine extended the state’s stay at home order through May 29, 2020. For more information, click here.
  • The status of the Louisiana Public Service Commission’s (“Commission”) potential enforcement of the available emergency measures pursuant to the Do Not Call General Order (Docket No. R_29617, decided Oct. 11, 2006) (“DNC Order”) remains unclear. While these emergency measures have generally been imposed during prior emergencies, they presently remain unimplemented because the Commission has not received a directive from the Governor’s Office of Homeland Security and Emergency Preparedness (“GOHSEP”). The DNC Order restrictions triggering the outright moratorium on all telephonic solicitation – including the foregoing exceptions – will not become effective until the Commission has a “mandatory EOC presence” based on a reporting directive from GOHSEP – as of May 4, 2020, the Commission has “No Mandatory EOC Presence”.

Privacy and Cybersecurity Activities:

  • On April 27, 2020, the Office of Civil Rights (OCR) within the Department of Health and Human Services shared the recording of its webinar regarding updates on the Health Insurance Portability and Accountability Act (“HIPAA”) and COVID-19. Some things discussed related to:
    • permissible disclosures under the HIPAA Privacy Rule;
    • enforcement discretion and guidance for telehealth remote communications;
    • guidance for disclosures to first responders and public health authorities;
    • enforcement discretion for business associates to use and disclose personal health information for public health and health oversight activities; and
    • enforcement discretion for community-based testing sites.
  • On April 29, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) updated its analysis report to include new considerations regarding security configurations for Microsoft Office 365 – a cloud-based collaboration solution. CISA warns that the effects of COVID-19 may lead to hasty deployment, resulting in “oversights in security configurations and undermine a sound [Office 365] security strategy.” To learn more about the steps CISA recommends, click here.
  • On April 30, 2020, chairman of the Senate Committee on Commerce, Science, and Transportation, Senator Roger Wicker, R-Miss., introduced the “COVID-19 Consumer Data Protection Act.” The act is aimed at regulating companies interested in developing contact-tracing apps. For organizations interested in learning more about current guidelines, read our recently published article on Law360, by clicking here.
  • On April 30, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) issued a statement involving the “use of cloud computing services and security risk management principles in the financial services sector.” The full report can be read here.

On May 01, 2020, CISA launched a new telework product line focused on providing cybersecurity guidance to organizations looking to adopt or expand telework policies during COVID-19. The resource offers valuable information such as it relates to video conferencing tips, cybersecurity recommendations for critical infrastructure using video conferencing, and telework best practices. More information can be found here.