Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On November 23, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency issued a statement summarizing their interagency “policy sprints” focused on crypto assets and providing a roadmap of future work related to crypto assets. It summarizes the agencies’ plan to provide clarity on whether certain crypto-related activities conducted by banking organizations are legally permissible. For more information, click here.
  • On November 16, the Consumer Financial Protection Bureau (CFPB) issued a request for information to seek input on rules implementing the Home Mortgage Disclosure Act. The CFPB plans to review recent changes to the rule and evaluate their effectiveness. For more information, click here.

State Activities:

  • On November 24, the New York State Department of Financial Services issued a proposed regulation that seeks to protect consumers who are provided misinformation about whether health care providers are part of their insurance network. The proposed regulation intends to ensure that consumers who believe that a provider is in their network based on incorrect information provided by their insurer will pay no more than their in-network cost sharing for services from that provider. For more information, click here.
  • On November 19, attorneys general from all 50 states and the District of Columbia sent a letter to the Federal Communications Commission, supporting efforts to strengthen the process by which official and legitimate phone numbers are handed out, in an effort to keep those numbers out of the hands of illegitimate companies that use the numbers to make illegal robocalls. For more information, click here.
  • On November 15, California’s Department of Financial Protection and Innovation announced a second round of modifications, which affect the definitions of “branch office” and “debt collector.” The definition of “branch office” now specifies that the term only applies if, in addition to debt collection activity, the location is held out to the public as a business location or money is received there. The definition of “debt collector” has been updated to match the same definition found in Section 100002 of the Financial Code. Comments to the new modifications are due by December 2. For more information, click here.

Privacy and Cybersecurity Activities:

  • On November 22, the Federal Bureau of Investigation and the Cybersecurity Infrastructure Security Agency issued a “cybersecurity reminder for public and private sector organizations to remain vigilant and take appropriate precautions to reduce their risk to ransomware and other cyberattacks leading up to and during the holiday season.” These risks may be exacerbated, as many businesses have continued to allow employees to work remotely this year due to the COVID-19 pandemic. This release states that ransomware attacks frequently occur during holidays and weekends. Their recommendations include the following:

    • Implement multifactor authentication for remote access and administrative accounts;

    • Mandate strong passwords and ensure they are not reused across multiple accounts;

    • Remind employees not to click on suspicious links and conduct exercises to raise awareness; and

    • Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident.

The release also encourages organizations to visit for more resources on ransomware prevention.