Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On November 10, the Consumer Financial Protection Bureau (CFPB) joined other government agencies to announced a return to enforcement of critical protections for families and homeowners. For more information, click here.

  • On November 10, the CFPB and other government agencies issued a joint statement to communicate the agencies’ supervisory and enforcement approach to mortgage servicers. The guidance officially ends the adjustments put into place in April 2020. For more information, click here.

  • On November 10, U.S. Senator Brian Schatz and other senators wrote to CFPB Director Rohit Chopra, urging him to reform the credit reporting industry. The letter identified several recommendations the senators would like to see the CFPB enact to address their concerns. For more information, click here.

  • On November 8, the U.S. Department of Education terminated its contracts with private debt collection agencies. For more information, click here.

State Activities:

  • On November 10, New York Governor Kathy Hochul signed the Consumer Credit Fairness Act (SB 153) into law. While this section went into effect immediately, the new statute of limitation provisions will go into effect 150 days after the bill was signed into law, and the remaining provisions will go into effect 180 days after the bill was signed into law. Among other provisions, SB 153 will (1) lower the statute of limitations on consumer credit transactions to three years (from six), (2) preclude the statute of limitations from being revived through the making of a payment, and (3) require that specific information (such as the name of the original creditor, itemization of debt, and the last four account numbers) be included in any complaint. For more information, click here.

  • On November 8, New York Governor Kathy Hochul issued a press release after signing legislation addressing robocalls. Legislation S.6267a/A.268a requires telecommunications companies to block robocalls from certain numbers. Legislation S.4281a/A.585a requires voice services providers to implement STIR/SHAKEN call authentication framework to validate call numbers. Governor Hochul said, “This legislation will enable telecom companies to prevent these calls from coming in in the first place, as well as empower our state government to ensure that voice service providers are validating who is making these calls so enforcement action can be taken against bad actors.” For more information, click here.

  • On November 8, California Attorney General Rob Bonta “joined a multistate coalition in support of the U.S. Department of Housing and Urban Development’s (HUD) effort to protect HUD-assisted tenants from eviction and urged HUD to take further action to ensure emergency rent relief reaches its intended recipients.” HUD issued an interim final rule, requiring HUD-assisted landlords to provide a 30-day notice to renters about the availability of emergency rent relief funds. However, according to the Attorney General Bonta’s press release, “the coalition argues that HUD must take further action to ensure that HUD-assisted tenants do not end up homeless as a result of financial hardships stemming from the COVID-19 pandemic.” For more information, click here.

Privacy and Cybersecurity Activities:

  • On November 15, President Biden signed the Infrastructure Investment and Jobs Act. This $1.2 trillion dollar bill passed both chambers with bipartisan support and includes $1 billion in cybersecurity funding for state and local governments. This funding will be distributed over the course of the next four years starting in 2022. About 80% of these funds will go to local governments, which have been increasingly targeted by cyberattacks during the pandemic. The infrastructure bill also includes $100 million for a “Cyber Response and Recovery Fund,” which the secretary of homeland security can use to support “federal and nonfederal entities” impacted by a cyberattack. The full version of the Infrastructure and Jobs Act is available here.

  • During the pandemic, Washington, DC’s government entered into a contract with a data broker to obtain location data for COVID-19 research purposes. On November 10, a report by the Electronic Frontier Foundation (EFF) made headlines, revealing the broad nature and scope of the data shared under this contract. Through public records requests, the EFF found that device identifiers, timestamps, and GPS data for hundreds of thousands of devices were collected between April and September of last year. This data was uploaded to a data repository shared by numerous D.C. government organizations, some of which were not engaged in COVID-19-related research. The D.C. government ultimately concluded there was no use for this data; however, according to the report, it has not yet been deleted. While there is no evidence that this data was misused, this report illustrates the potential risks associated with broad data collection and sharing. A copy of the EFF’s report is available here.