Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On December 11, Federal Reserve Board Vice Chair for Supervision Randal K. Quarles spoke at the Harvard Law School and Wharton School conference on bank supervision. Quarles discussed establishing new regulatory frameworks in the wake of the global financial crisis caused by the COVID-19 pandemic. He stated that, “The essential elements of that framework — which now includes dynamic and risk-sensitive capital requirements and rules-based, quantitative liquidity standards — all reflect extensive and significant consultations with the public and careful analysis of the impact that these rules will have on individual banks and the U.S. banking system. Our benchmark for capital adequacy is now based on standardized measures of risk and leverage across all banks. This is supplemented by an annual stress test with extensive transparency and disclosure around the process and results that provides additional, consistent risk sensitivity.” For more information, click here.
- On December 10, U.S. Department of Treasury Secretary Steven Mnuchin spoke before the Congressional Oversight Commission about the implementation of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), including the National Security Loan Program. The CARES Act provides funding for up to $17 billion in business loans critical to maintaining national security related to losses incurred by the coronavirus. To date, Treasury has approved 11 loans totaling nearly $736 million. For more information, click here.
- On December 9, Senators Elizabeth Warren, Dick Durbin, and Sheldon Whitehouse introduced the Consumer Bankruptcy Reform Act of 2020. This bill would change the current bankruptcy code by eliminating the code section that exempts student loan debt from discharge. If enacted, student loan debt would be treated like any other forms of consumer debt, which means that student loan debt could be discharged without an adversary proceeding and without having to prove an undue hardship. For more information, click here.
- On December 8, the Consumer Financial Protection Bureau released a video providing guidance to consumers with mortgages placed in forbearance under the CARES Act. The video includes a discussion of repayment options. For more information, click here.
- On December 10, the Massachusetts Supreme Judicial Court (SJC) upheld emergency orders issued by Governor Baker in response to the COVID-19 pandemic, rejecting statutory and constitutional challenges raised by a coalition of business and religious institutions. To reach this conclusion, the SJC read the Civil Defense Act and the Public Health Act broadly as addressing emergencies of all types — including a pandemic. For more information, click here.
- On December 10, New York Governor Andrew Cuomo announced the launch of the New York Forward Small Business Lease Assistance Partnership (LAP) — a public-private partnership between Empire State Development, nonprofit Start Small Think Big, and the New York Bar Association — designed to help avoid business evictions by providing small businesses and their landlords with informational resources and pro bono assistance to facilitate mutually-beneficial lease workout agreements. The program will be available to all New York state commercial tenants and small business landlords, who are encouraged to review and complete the LAP intake form. For more information, click here.
- On December 9, Virginia Governor Ralph Northam announced that the $100 million Rebuild VA economic recovery fund awarded grants to 2,500 Virginia businesses and nonprofits whose normal operations were disrupted by COVID-19. According to the press release, all available funding for the program administered by the Department of Small Business and Supplier Diversity (SBSD) has been fully committed. More than 45% of the funding was awarded to 997 small businesses and nonprofits located in low-income and economically disadvantaged communities, with approximately $50 million awarded to women, minority, and veteran-owned businesses. For more information, click here.
- On December 9, Nevada’s Financial Institution Divisions, the state regulatory body that oversees activities and certification of payday and other high-interest lenders, approved draft regulations for a statewide database for payday loans. For more information, click here.
- On December 7, the Iowa Finance Authority’s Emergency Solutions Grant Program went live to provide CARES Act funds to low-income Iowans facing eviction. Financial assistance is paid directly to landlords and service providers. For more information, click here.
Privacy and Cybersecurity Activities:
- On December 11, the Federal Trade Commission (FTC) shared tips with businesses to assist them against ransomware attacks. According to the FTC, “Attackers are exploiting the pandemic, [and] [t]aking advantage of people’s fears about the coronavirus[.]” For example, attackers use email spoofing techniques that appear to come from colleagues, like a manager or CEO, but instead contain malicious code. Experts state that businesses can reduce the risk of becoming the next victim by:
- Keeping networks patched and making sure all software is up to date;
- Backing up systems regularly and keeping those backups separate from the network;
- Practicing good cyber hygiene, such as by identifying which devices are connected to which network or by implementing endpoint security and email authentication;
- Preparing for a potential incident, such as testing systems in advance; and
- Training employees to recognize phishing attacks and other forms of social engineering.
To read more, click here. To learn how a business’ staff can reduce its cyber risks, check out Troutman Pepper’s article by clicking here.
- On December 11, the World Health Organization (WHO) declared that the world is “facing a rapid amplification and circulation of accurate but also false information” related to COVID-19. WHO calls on individuals to practice not only hand and cough hygiene, but also information hygiene. The rise of misinformation “demands the support, development, and application of efficient solutions that equip individuals and their communities with the knowledge and tools to promote accurate health information (upstream) and mitigate the harm that misinformation and disinformation causes (downstream).” WHO calls on the global community, among other things, to:
- “Support a whole-of-society approach and engage with communities in the production, verification, and dissemination of information that leads to healthy behaviors during epidemics and pandemics;
- Commit to finding solutions and tools, consistent with the freedom of expression, to manage the [misinformation] embedding the use of digital technologies and data science; and
- Strive to make science more accessible, transparent, and understandable, maintain trusted sources of information and promote evidence-informed policies thereby fostering people’s trust in them.”
To read the full announcement, click here.
- On December 10, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposed changes would include:
- “strengthening individuals’ rights to access their own health information, including electronic information;
- improving information sharing for care coordination and case management for individuals;
- facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises;
- enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the  COVID-19 public health emergencies; and
- reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.”
To read the full announcement, click here.
- On December 8, The New York Times reported that government officials are concerned over the Trump administration and U.S. Centers for Disease Control and Prevention’s (CDC) request for states to collect the personal information of COVID-19 vaccine recipients, “including names, birth dates, ethnicities and addresses[.]” Some states, including Minnesota, said they “will not be reporting name, ZIP code, race, ethnicity or address” to the federal government for fear that it may dissuade individuals from participating in the vaccination programs. It is unclear how many states have agreed to share the personal information requested. To read the full report, click here. To review the CDC’s agreement regarding the sharing of personal information, click here.
- On December 8, the FTC shared consumers tips on avoiding COVID-19 vaccine-related scams. The FTC reminds consumers that:
- distribution plans are still being worked out;
- the timeline for vaccine distribution is still unclear, and individuals need to be wary of those claiming to have vaccine doses for sale; and
- state agencies, not individuals, will be primarily responsible for implementing vaccine distribution plans.
Check out this helpful infographic by clicking here. To read the full announcement, click here.
- On December 7, the U.S. National Security Agency (NSA) warned that Russian groups are targeting a remote work platform’s vulnerability that businesses may depend on during the COVID-19 pandemic. The company offering the platform, Vmware, Inc., released a security bulletin describing ways businesses can mitigate the flaw while also urging users and administrators to update the products at risk, including Vmware Workspace One Access and Access Connector. To read the NSA’s warning, click here. To learn how business leaders can reduce their organizations’ cyber risks, check out Troutman Pepper’s blog by clicking here.