Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On December 16, the Consumer Financial Protection Bureau (CFPB) issued a series of orders to five companies offering “buy now, pay later” (BNPL) credit. The CFPB is concerned about accumulating debt, regulatory arbitrage, and data harvesting in a consumer credit market already quickly changing with technology. For more information, click here.
  • On December 16, the Federal Reserve Board and the Federal Deposit Insurance Corporation announced the 2022 updated asset-size thresholds used to define “small bank” and “intermediate small bank” under their Community Reinvestment Act regulations. For more information, click here.
  • On December 16, the National Credit Union Administration — the federal regulator that oversees credit unions — announced that credit unions may partner with third-party digital asset service providers to give members access to cryptocurrencies and other digital assets. Under the new guidance, credit unions could partner with a third party to allow members “to buy, sell, and hold various uninsured digital assets with the third-party provider outside of the [federally insured credit union].” For more information, click here.
  • On December 16, U.S. Reps. Virginia Foxx and Julia Letlow, who are both members of the Committee on Education and Labor, requested an examination of the U.S. Department of Education’s decision to terminate its federal student loan contracts with private collection agencies. For more information, click here.
  • On December 13, the CFPB issued a Compliance Aid for Electronic Fund Transfers. It includes a series of responses to frequently asked questions. For more information, click here.
  • On December 8, U.S. Sen. Ron Wyden asked the CFPB to prevent credit agencies from selling Americans’ private, personal data unrelated to their credit or finances via data brokers. For more information, click here.

State Activities:

  • On December 15, the New York Department of Financial Services released a notice of proposed rulemaking (NPRM) for third-party debt collectors and debt buyers. Public comments are now available and are due by Feb. 13. The proposed amendment includes requiring validation information either in the initial communication or within five days after the initial communication with a consumer, as well as caps on call attempts and conversations, and guidelines for communicating with consumers via text, email, and social media. For more information, click here.
  • On December 8, the Washington State Attorney General pre-filed a bill, which would make anyone earning up to 300% of the federal poverty level fully exempt from any out-of-pocket medical bills and makes discounts available for those up to 400% of the federal poverty level. Currently, for a one-person household, the federal poverty level is $12,880. For a four-person household, the limit is $26,500. For more information, click here.

Privacy and Cybersecurity Activities:

  • On December 16, the Federal Trade Commission (FTC) released an advance notice of proposed rulemaking aimed at combatting government and business impersonation fraud, which has grown worse during the pandemic. Scammers impersonate the government or businesses, which has resulted in $2 billion in losses between October 2020 and September 2021. Since the pandemic began, COVID-specific spam reports have included 12,491 complaints of government impersonation and 8,794 complaints of business impersonation. For more information, click here.
  • A recent report from the European Commission’s Joint Research Council (JRC) warns against the psychological toll of remote-working job surveillance on employees. The author, Kirstie Bell, states that monitoring technologies, such as email monitoring, biometrics, and webcam recording, prompt “a very strong sense of privacy invasiveness” amongst workers, which can undermine trust. To read the full report, click here.
  • On December 16, the White House released a statement urging businesses to take steps against malicious cyber activity, especially as the holidays approach. As individuals continue to work remotely due to the pandemic, the White House recommended several steps that businesses can take, including updating patching, using multi-factor authentication, training employees to raise awareness of common cyber-attacks, and backing up data. For the full press release, click here.
  • On December 14, the U.S. Equal Employment Opportunity Commission (EEOC) updated its COVID-19 technical assistance to clarify the circumstances in which COVID-19 may be considered a disability under the Americans with Disabilities Act (ADA) and the Rehabilitation Act. The updates also provide examples illustrating how an individual diagnosed with COVID-19 or post-COVID could be considered to have a disability. For example, an employer “risks violating the ADA if it relies on myths, fears, or stereotypes about a condition and prevents an employee’s return to work once the employee is no longer infectious.” To view the technical assistance, click here.