Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you stay abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On October 30, the Federal Reserve Board adjusted the terms of the Main Street Lending Program to direct support to smaller businesses that employ millions of workers and face continued revenue shortfalls due to the pandemic. In particular, the minimum loan size for three Main Street facilities available to for-profit and nonprofit borrowers was reduced from $250,000 to $100,000, and the fees were adjusted to encourage the provision of these smaller loans. For more information, click here.
  • On October 30, the Federal Reserve Board and Department of the Treasury issued new frequently asked questions, clarifying that Paycheck Protection Program loans of up to $2 million may be excluded for purposes of determining the maximum loan size under the Main Street Lending Program, if certain requirements are met. For more information, click here.
  • On October 23, lawmakers in the House of Representatives introduced a bill to exclude Paycheck Protection Program (PPP) loans from regulators’ calculations of the asset size of smaller banks. The legislation would benefit banks and credit unions with assets under $15 billion. It requires federal regulators to exclude PPP loans from asset-size calculations for the purpose of determining capital ratios, deposit insurance premiums, and other asset thresholds at those financial institutions. PPP loans, which are administered by the Small Business Administration, would not be excluded from assets on the institutions’ quarterly call reports. For more information, click here.

State Activities:

  • On October 30, Virginia Governor Ralph Northam signed House Bill 568, which automatically exempts emergency relief payments, as defined in the bill, from the creditor process, including garnishments and liens. The bill further requires a financial institution receiving these payments to exempt them from the creditor process under certain circumstances. The new law provides that, if a financial institution does not set aside these payments as exempt, the accountholder receiving the payments must claim the exemption. For more information, click here.
  • On October 28, the Louisiana Public Service Commission, in response to a state of emergency from Tropical Storm/Hurricane Zeta, restricted telephonic solicitations into the state through November 24. For more information, click here.
  • On October 25, the administrator of Colorado’s Uniform Consumer Credit Code issued an order extending the requirements of sections (4) and (5) of SB-211 and restricting the use of extraordinary collection activities to collect debt or satisfy judgments in Colorado until February 1, 2021. For more information, click here.

Privacy and Cybersecurity Activities:

  • On October 30, the Federal Trade Commission (FTC) shared tips to consumers who may have fallen victim to identity theft. Due to COVID-19, consumers are at an increased risk of identity theft since they spend more time online for work and school. The FTC advised victims to visit gov to submit a report and acquire a personal recovery plan immediately. For those unsure whether they have been victimized, the FTC suggested that consumers obtain a free credit report at To read the FTC’s post, click here.
  • On October 29, the United Nation’s special rapporteur on the right to privacy, Joseph Cannataci, delivered his annual report on privacy implications in the fight against COVID-19. In the report, Cannataci stated the widespread use of contact tracing technology is a disturbing trend when used disproportionately. “[C]ontact tracing can be classified as a necessary measure to contain a pandemic, [but] I urgently remind States that any responses to the coronavirus must be proportionate, necessary and non-discriminatory,” Cannataci said. Cannataci reminded governments that there is plenty of guidance to “facilitate the lawful, necessary and proportionate use of health and other data to fight the spread of the virus.” To read more about Cannataci’s annual report, click here. For more information about existing privacy guidelines for COVID-19-related apps, read our primer on Law360.
  • On October 29, the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC) released an interim rule extending the compliance dates for information blocking and health information technology certifications under the 21st Century Cures Act. ONC stated that it “is not removing the requirements advancing patient access to their health information, [rather] providing additional time to allow everyone in the health care ecosystem to focus on COVID-19 response.” The upcoming compliance date is set for April 5, 2021, and the announcement extends and identifies new future applicability dates beyond April 2021. To read the full statement, click here.
  • On October 27, the New York State Department of Financial Services (DFS), along with the New York Department of Health (DOH), announced New York’s Health Care Administrative Simplification Workgroup members. The group is tasked to “study and evaluate methods to reduce health care administrative costs and complexities through standardization, simplification, and technology.” The group will analyze several topics, including access to electronic medical records during the COVID-19 pandemic. To read the full announcement, click here.
  • On October 26, the National Security Agency/Central Security Service (NSA/CSS) reminded individuals to recognize the changes in how we interact with technology and the internet of things (IoT). Especially as workers continue to work from home, many workers spend increasingly more time with technology. To protect personal information, the NSA/CSS reminded the public to:
    • Make sure all security features are updated and current for internet-connected devices;
    • Read information sharing and end-user license agreements for every product purchased; and
    • Make it a goal to be proactive and vigilant to protect valuable data.To read the full announcement, click here.