Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On October 29, the Consumer Financial Protection Bureau (CFPB) announced the following leadership changes: Lorelei Salas will join as the assistant director for the Office of Supervision Policy, and Eric Halperin has joined as the assistant director for the Office of Enforcement. For more information, click here.
  • On October 29, the Federal Trade Commission (FTC) issued a new enforcement policy statement, warning companies against deploying illegal dark patterns that trick or trap consumers into subscription services. The agency ramped up its enforcement in response to a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel. For more information, click here.
  • On October 29, the CFPB released several guidance documents to assist industry with providing the validation information to prepare for the Debt Collection Rule’s upcoming effective date. First, the CFPB released a “complete and accurate” Spanish translation of the model validation notice. Second, the CFPB added a new section to the Debt Collection Rule’s frequently asked questions (FAQs), addressing frequent questions on, among other things, use of the model validation notice and the validation information special rule for certain residential mortgage debts. Third, the CFPB released a new guidance document titled, “Debt Collection Rule: Disclosing the Model Validation Notice Itemization Table,” which reviews certain required validation information, includes examples, and illustrates how a debt collector could comply with the requirement to disclose that information. For more information, click here.
  • On October 27, the FTC announced a newly updated rule that strengthens the data security safeguards that financial institutions must implement to protect their customers’ financial information. In recent years, widespread data breaches and cyberattacks have resulted in significant harms to consumers, including monetary loss, identity theft, and other forms of financial distress. For more information, click here.
  • On October 27, Bills introduced in the House of Representatives and the Senate by Representative Mike Levin and Senator Maggie Hassan respectively seek to amend the Servicemembers Civil Relief Act, which protects members of the armed forces and other branches of the government from certain financial situations, including judgments, garnishments, and other adverse collection-related actions. For more information, click here.
  • On October 26, President Joe Biden renewed Acting Chairwoman Jessica Rosenworcel’s term at the Federal Communications Commission (FCC) and nominated former FCC Adviser Gigi Sohn. For more information, click here.
  • On October 25, U.S. Representative Tom Emmer introduced a bill that creates a whistleblower program at the CFPB. For more information, click here.
  • On October 21, the Office of the Comptroller of the Currency issued Bulletin 2021-49, announcing the revision of the Payment Systems booklet of the Comptroller’s Handbook. For more information, click here.

State Activities:

  • On December 31, licensing renewals are due in most states. State regulators are encouraging businesses to renew online now to avoid processing delays, especially as new states join the Nationwide Multistate Licensing System. For more information, click here.
  • On October 20, the New York Department of Financial Services published a notice in the New York State Register, announcing that it issued a proposed regulation to implement S 5470-B, which requires disclosures for commercial financing transactions of $2.5 million or less under a commercial financing agreement. The notice allows for public comment for 60 days. The bill becomes effective on January 1, 2022, but compliance with the rule will not be mandated until six months after final publication. For more information, click here.
  • As of November 1, the Connecticut Department of Banking will require that certain licensees and registrants “file the surety bonds required by the Commissioner electronically on the system” for any application submitted that requires a bond. Further, “[e]xisting licensees and registrants shall transition to the electronic bond format no later than March 1, 2022.” For more information, click here.
  • On October 29, New York Attorney General Letitia Jams announced “agreement with Ticket Fulfillment Services, L.P. (TFS) and five ticket resale websites for failing to provide legally-mandated refunds to more than 11,000 affected consumers who purchased tickets — through one of TFS’s affiliate marketers — to events that were cancelled in the wake of the coronavirus disease (COVID-19) pandemic.” According to the press release, New York law requires companies that facilitate ticket resales to guarantee refunds for cancelled events. Collectively, the companies allegedly withheld $4.4 million in refunds that were required to be returned to consumers. For more information, click here.

Privacy and Cybersecurity Activities:

  • On October 29, the FTC issued a new enforcement policy statement, warning companies against deploying illegal dark patterns that trick or trap consumers into subscriptions services, especially as many consumers continue to transact with businesses from home due to the COVID-19 pandemic. For example, the FTC has sued companies that “hid important payment information, or even the fact that consumers would be charged at all, behind hyperlinks, hovers-overs or in inconspicuous places.” The FTC reminds businesses to:
    • Disclose clearly and conspicuously all material terms of the product or service;
    • Obtain the consumer’s express informed consent before charging them for a product or service; and
    • Provide easy and simple cancellation to the consumer.

To read the full warning, click here.

  • On October 28, California Attorney General Rob Bonta provided consumers and businesses with tips on how to defend against cybersecurity threats. With the increase of remote work and high-profile cyberattacks during the COVID-19 pandemic, California Attorney General Rob Bonta offers “steps you can take to protect yourself and your data.” California Attorney General Rob Bonta reminded consumers that they can protect themselves and those around them by (1) enabling multifactor authentication; (2) using strong passwords and password managers; (3) performing regular software updates on all devices; (4) installing antivirus software; and (5) limiting the use of public networks. The California attorney general reminded businesses that they too can defend against cybersecurity threats. For instance, businesses can:
    • Train employees in data security principles;
    • Protect information, computers, and networks from cyberattacks;
    • Provide firewall security for your internet connection;
    • Secure your Wi-Fi networks;
    • Limit employee access to data and information; and
    • Change passwords and authentication regularly.

To read the full warning, click here.

  • On October 28, the PCI Security Standards Council (PCI SSC or Council) hosted its annual Global Payment Security Forum. The Council acknowledged the importance of the pandemic’s impacts on the payments ecosystem by including COVID-19-related challenges as one of this year’s main discussion topics. In a post-forum press release, the PCI SSC provided helpful resources to some of their COVID-19-related resources to show its continued “commitment to listening to industry and stakeholder feedback[.]” For instance, the Council highlighted its guidelines for remote work and performing remote assessments. To read the full press release, click here.