Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On May 3, the Consumer Financial Protection Bureau’s (CFPB) interim final rule goes into effect. The rule requires debt collectors seeking to evict tenants for nonpayment of rent to provide written notice to tenants of their rights under the Centers for Disease Control and Prevention (CDC) order. Any comments on the rule must be submitted by May 7. For more information, click here.
  • On April 28, the CFPB issued a bulletin analyzing complaints submitted by consumers in counties nationwide. In 2019 and 2020, the CFPB received more complaints on a per-capita basis from consumers living in predominantly minority counties than from consumers in predominantly white, non-Hispanic counties. Consumers in counties with the highest percentage of minority population submitted complaints at over four times the rate compared to counties with the lowest percentage of minority population. For more information, click here.
  • On April 28, the Federal Reserve issued a Federal Open Market Committee statement that includes a discussion of employment, inflation, and economic activity during the COVID-19 pandemic. The statement asserts that “[o]verall financial conditions remain accommodative, in part reflecting policy measures to support the economy and the flow of credit to U.S. households and businesses.” For more information, click here.
  • On April 27, the CFPB delayed the mandatory compliance date of the General Qualified Mortgage (QM) final rule from July 1, 2021 to October 1, 2022. The CFPB hold the position that delaying the final rule’s compliance date would give lenders more time to use the government-sponsored enterprise patch, which provides QM status to loans eligible for sale to Fannie Mae or Freddie Mac. For more information, click here.
  • On April 22, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency invited comment on a proposed rule that updates and codifies existing guidance on income tax allocation agreements involving depository institutions and their affiliates. For more information, click here.

State Activities:

  • On April 30, California Attorney General Rob Bonta issued a consumer alert “warning Californians about sham health insurance plans offered by some healthcare sharing ministries.” Attorney General Bonta stated, “Before signing up for one of these plans, please do your research and consider applying instead for affordable, reliable coverage through Covered California.” For more information, click here.
  • On April 30, Alaska Governor Mike Dunleavy signed an executive proclamation ending Alaska’s COVID-19 disaster declaration, following the signing of HB 76, legislation that ensures the continuation of COVID-19 federal relief to impacted Alaskans and liability protections for Alaska businesses. The governor’s actions follow Alaska’s DHSS commissioner recommendation that the public health emergency disaster declaration is no longer necessary in Alaska. For more information, click here.
  • On April 28, North Carolina Governor Roy Cooper signed Executive Order 209, which will take effect April 30. The order increases mass gathering capacity limits for indoor events from 50 to 100 and from 100 to 200 for outdoor events. Occupancy limits currently in place will remain the same, and masks will no longer be required outdoors but still must be worn indoors. For more information, click here.
  • On April 28, the Colorado Attorney General Phil Weiser announced that Colorado will process 2021 collection agency renewals via its new online portal. For more information, click here.
  • On April 26, Virginia Attorney General Mark Herring released an official opinion concluding that Virginia colleges and universities “may condition in-person attendance on receipt of an approved COVID-19 vaccine during this time of pandemic.” The opinion states, however, “it remains up to the individual institutions to determine whether requiring students to obtain the COVID-19 vaccination has a real or substantial relation to protecting public health and safety on their campus.” For more information, click here.
  • On April 26, New Jersey Governor Phil Murphy announced easing restrictions for a variety of activities and higher outdoor capacity limits, effective May 10. The changes include higher outdoor gathering limits (raised from 200 persons to 500 persons), higher large venue outdoor capacities (50% capacity for venues with 1,000 fixed seats or more), as well as guidance for upcoming graduations and proms. For more information, click here.
  • On April 23, the Nevada Assembly Committee on Commerce and Labor conducted a hearing on an amended version of S.B. 248, a bill revising provisions for collecting medical debt. Among other provisions, the bill would require collection agencies to notify consumers before undertaking any activity to collect a medical debt and limits the means by which agencies can collect medical debt. For more information, click here.
  • On April 13, the Rhode Island Division of Banking announced that it will start using the state examination system to conduct supervisory activities, such as examinations and commencement of administrative actions, share consumer complaints, and other supervisory activities with licensees. For more information, click here.

Privacy and Cybersecurity Activities:

  • On April 29, the Federal Trade Commission (FTC) directed another 30 marketers from making “unsubstantiated claims that their products and therapies can prevent or treat COVID-19.” Marketers received letters if they claimed their products prevented or treated COVID-19, such as those relating to products involving “exercise therapy, iodine, and infrared saunas[.]” The FTC also provides tips to consumers for spotting unsupported treatment claims. The FTC says:
    • When there’s a medical breakthrough to treat, prevent, or cure a disease, you’re not going to hear about it for the first time through an ad or sales pitch;
    • Always talk with your doctor before trying any product claiming to treat, prevent, or cure COVID-19;
    • Visit the CDC’s website for additional information at gov.

To read more about the FTC’s action, click here.

  • On April 28, the FTC reminded business leaders that they shouldn’t underestimate their role in data security oversight. There’s no such thing as “business as usual” during a global pandemic, the FTC said. The COVID-19 pandemic has forced up to “33% of the U.S. workforce” to work remotely. Security incidents can lead to “significant costs to consumers, data breaches, network intrusions, and looming cyber threats can open up a firm to substantial financial costs, reputation hits, and legal liability.” The FTC offers leaders several tips, which are discussed in more detail here; they are:
    • Make data security a priority;
    • Understand the cybersecurity risks and challenges your company faces;
    • Don’t confuse legal compliance with security;
    • It’s more than just preventing an incident; it includes a robust incident response plan; and
    • Leaders should learn from mistakes when experiencing a data breach.

Troutman Pepper also discusses five ways business leaders could reduce their organizations’ cyber risks — click here to read. Business staff also has a role, click here to learn more.

  • On April 28, the Cybersecurity & Infrastructure Security Agency (CISA) released its second graphic novel to combat disinformation on National Superhero Day. The COVID-19-related misinformation circulated throughout the nation has “undermine[d] public confidence and sow[ed] confusion.” The graphic novel aims to help the “American people understand the risks from MDM [mis-,dis-, and malinformation] and how citizens can play a role in reducing the impact of MDM on their organizations and communities.” To read CISA’s announcement, click here. For those interested in reading the graphic novel, click here.
  • On April 26, the EEOC announced the 2019 and 2020 EEO-1 Component 1 Data Collection opening. The EEOC delayed its May 8, 2020 deadline due to the COVID-19 pandemic. For those unfamiliar with the EEO-1 Component 1, the report is “a mandatory annual data collection that requires all private-sector employers with 100 or more employees, and federal contractors with 50 or more employees meeting certain criteria, to submit demographic workforce data, including data by race/ethnicity, sex and job categories.” To read more about the EEOC’s announcement, click here.