Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On February 10, the Federal Reserve Board released the hypothetical scenarios for its annual bank stress tests, which help ensure that large banks can lend to households and businesses even in a severe recession. This year, 34 large banks will be tested against a severe global recession with heightened stress in commercial real estate and corporate debt markets. For more information, click here.
  • In January 2022, the Consumer Final Protection Bureau (CFPB) Office of Minority and Women Inclusion issued a report on diversity and inclusion within the financial service industry. For more information, click here.
  • On February 7, the acting chair of the Federal Deposit Insurance Corporation (FDIC) issued a statement that signaled an increased focus on crypto currencies. In the statement, Acting Chief Gruenberg stated: “The rapid introduction of a variety of crypto-asset or digital asset products into the financial system could pose significant safety and soundness and financial system risks. It is imperative that the federal banking agencies carefully consider the risks posed by these products and determine the extent to which banking organizations can safely engage in crypto-asset-related activities. To the extent such activities can be conducted in a safe and sound manner, the agencies will need to provide robust guidance to the banking industry on the management of prudential and consumer protection risks raised by crypto-asset activities.” For more information, click here.
  • On February 7, the Federal Reserve Bank of New York indicated in a blog post that “stablecoins are unlikely to be the future of payments.” This is despite the market capitalization of such coins rising from “$5.7 billion on December 1, 2019, to $155.6 billion on January 21, 2022.” The blog post instead posits that “[t]okenized deposits may not be the only option that improves upon existing stablecoin offerings” and are “a fruitful avenue to pursue.” For more information, click here.
  • On February 9, the chairman of the Commodity Futures Trading Commission issued prepared remarks to the Senate Agriculture Committee, stating that the commission has the authority to enforce digital asset spot markets, and “it is important that we find ways to sensibly bring this emerging market within the regulatory fold.” For more information, click here.
  • On February 3, FDIC former Chairman Jelena McWilliams made closing remarks regarding her tenure, including on the government’s treatment of stablecoins. In the remarks, she stated that bank-issued stablecoins “could provide for faster, cheaper, and more efficient way to move money from place to place.” She further stated that “my personal view is that generally bank-issued stablecoins closely resemble digital representations of deposits.” For more information, click here.
  • On February 4, the U.S. Department of the Treasury published a study on the facilitation of money laundering and the financing of terrorism through the trade in works of high-value art, which found that “the use of non-fungible tokens (NFTs), may present new risks, depending on the structure and market incentives.” To address the identified risks for NFTs, the study recommends considering several nonregulatory and regulatory options, including using Financial Crimes Enforcement Network recordkeeping authorities to support information collection and enhanced due diligence. For more information, click here.
  • On February 9, the Office of the Comptroller of the Currency (OCC) issued a statement on the Northern District of California’s ruling on its “valid when made” rule. The Northern District of California “affirmed the validity of the OCC’s rule, which provides that when a national bank or state or federal savings association sells, assigns, or otherwise transfers a loan, the interest permissible before the transfer continues to be permissible after the transfer.” Additionally, the OCC stated it “is committed to strong supervision that expands financial inclusion and ensures banks are not used as a vehicle for ‘rent-a-charter’ arrangements.” For more information, click here.

State Activities:

  • On February 10, California Attorney General Rob Bonta sent a letter to the Center for Covid Control (CCC) in response to complaints that the CCC, among other issues, collected protected health information for services never provided. Attorney General Bonta stated, “My office is responsible for keeping individuals safe from false or misleading business practices, and we are committed to doing just that.” An accompanying press release stated that the “Attorney General is charged with enforcing the state’s consumer protection laws, including the Unfair Competition Law, Business & Professions Code section 17200 (UCL), and the False Advertising Law, Business & Professions Code section 17500 (FAL). The UCL prohibits, among other things, any unlawful, unfair, or fraudulent business act or practice. The FAL prohibits false or misleading advertising.” For more information, click here.
  • On February 9, Texas Attorney General Ken Paxon issued civil investigative demands to GoFundMe, Inc. regarding potential violations of the Texas Deceptive Trade Practices Act. According to the press release, the “crowd-funding platform’s integrity has come into question after it removed a multimillion-dollar fundraising campaign for the Canadian truckers ‘Freedom Convoy’ which is protesting vaccine mandates.” Attorney General Paxton stated, “I am acting to protect Texas consumers so that they know where their hard-earned money is going, rather than allowing GoFundMe to divert money to another cause without the consent of Texas citizens.” For more information, click here.
  • On February 7, New York Attorney General Letitia James announced reimbursements for consumers charged for COVID-19 vaccine administrative fees. “Make no mistake: COVID vaccines are free to all who seek them,” said Attorney General James. “New Yorkers should not be charged fees to receive the vaccines. If they are, my office will work to ensure they are reimbursed for the charges.” According to the press release, charging for vaccine administration is a deceptive act and practice that violates Executive Law Section 63(12) and General Business Law Section 349. For more information, click here.

Privacy and Cybersecurity Activities:

  • On February 10, California Attorney General Rob Bonta sent a letter to the CCC, requesting it provide information “substantiating representations and claims CCC has made to potential California customers about its COVID-19 testing services.” The letter is part of an investigation into complaints that customers did not receive test results within the advertised time frames, if at all, as well as customer concerns on the collection of protected health information for services that were never provided. To read the press release, click here.
  • Senators Tammy Baldwin (D-WI) and Bill Cassidy (R-LA.) introduced the Health Data Use and Privacy Commission Act, which aims at starting the process of modernizing health data use and privacy policies. The commission would be tasked with providing numerous recommendations to Congress, including updates to health information privacy laws, potential threats posed to individual health privacy and legitimate business and policy interests, and the effectiveness of existing statute, regulations, and private sector self-regulatory efforts. To read the full press release, click here.
  • The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint cybersecurity advisory, outlining the growing international threat posed by ransomware. This report outlines trends seen in the U.S., Australia, and U.K., including that cybercriminals are increasingly gaining access to networks via phishing, stolen credentials, or exploiting software vulnerabilities. CISA Director Jen Easterly warns that every government, business, and person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim. For the full report, click here.
  • The Federal Trade Commission (FTC) warned that romance scams hit a record high, with $547 million reported lost in 2021 alone. Romance scams involve a scammer building a fake online persona that seem just real enough to be true, and the supposed suitor will ask for money from the unwitting consumer. Romance scammers also may lure consumers into phony cryptocurrency investment schemes. To read the alert, click here. The FTC also published five myths about online romance, which can help identify potential scams. To read this alert, click here.
  • Two companion bills were introduced to each chamber of the Iowa Legislature, which would create a comprehensive privacy scheme in the state. House Study Bill 674 and Senate File 2208 include data subject rights and an optout for data sales along with definitions and provisions on biometric data, targeted advertising, and deidentified data. House Study Bill 674 can be found here and Senate File 2208 can be found here.
  • State Reps. Collin Walke (D-OK) and Josh West (R-OK) re-introduced House Bill 2969, the Oklahoma Computer Data Privacy Act. The bill had previously passed the Oklahoma House last year before stalling in the Senate. This bill would create new obligations for business, such as implementing and maintaining reasonable security procedures and practices and having a privacy policy. The bill also would introduce data subject rights, such as the right to access, deletion, opt out, and rectification. To read the bill, click here.
  • Twenty-seven members of the Wisconsin State Assembly introduced Assembly Bill 957, an act relating to consumer data protection. The bill includes a 30-day cure period, exclusive attorney general enforcement, and no private right of action. To read the bill, click here.