Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On March 2, New York Governor Kathy Hochul announced actions to strengthen New York Department of Financial Services (NYDFS) enforcement of sanctions against Russia, including the expedited procurement of additional blockchain analytics technology to bolster the ability to detect exposure among NYDFS-licensed virtual currency businesses to Russian individuals, banks, and other entities that the Biden administration has sanctioned, which is intended to strengthen the ability to enforce anti-money laundering and Bank Secrecy Act laws. For more information, click here.
  • On March 1, the Consumer Financial Protection Bureau (CFPB) released a report about the nature of the medical billing system in the U.S. The report concludes that the U.S. health care system is supported by a billing, payments, collections, and credit reporting infrastructure where mistakes are common, and where patients often have difficulty getting these errors corrected or resolved. For more information, click here.
  • On March 1, the Federal Reserve Board invited public comment on a supplement to its May 2021 proposal intended to ensure that Federal Reserve Banks use a transparent and consistent set of factors when reviewing requests to access Federal Reserve accounts and payment services. For more information, click here.
  • On February 28, the CFPB issued a compliance bulletin regarding inadvertent repossessions of automobiles, reminding the industry of guidance previously issued by the CFPB in several editions of Supervisory Highlights and a 2020 consent order. For more information, click here.
  • On February 28, U.S. Representative Steve Cohen introduced the Keeping Evictions Off Credit Reports Act in the House of Representatives, which would prohibit evictions that were related to the COVID-19 pandemic from appearing on those individuals’ credit reports. For more information, click here.
  • On February 25, the NYDFS issued guidance to all individuals and entities subject to its regulation due to the rapidly evolving situation in Ukraine, following the Russian invasion and the imposition of sanctions, in particular businesses engaged in virtual currency activity. For more information, click here.

State Activities:

  • On March 4, New York Attorney General Letitia James launched a rulemaking process to “look into whether major corporations are using the pandemic and inflation as an excuse to unfairly raise the price of basic goods.” Attorney General James stated, “Throughout the pandemic, hardworking New Yorkers have been struggling to make ends meet, but big corporations have been celebrating record breaking profits. It doesn’t add up. My office is prepared to use every tool in our toolbox to crack down on price gouging and pandemic profiteering.” According to the press release announcing the rule launch, this is the “first-ever price gouging rulemaking process by the Office of the Attorney General.” For more information, click here.
  • On March 2, California Attorney General Rob Bonta announced “a nationwide investigation into TikTok, Inc. for promoting its social media platform to children and young adults while its use is associated with physical and mental health harms to youth.” Attorney General Bonta stated, “Our children are growing up in the age of social media — and many feel like they need to measure up to the filtered versions of reality that they see on their screens … We know this takes a devastating toll on children’s mental health and well-being. But we don’t know what social media companies knew about these harms and when.” According to the press release, the investigation will focus “on the techniques utilized by TikTok to boost young user engagement, including strategies or efforts to increase the duration of time spent on the platform and frequency of engagement with the platform.” For more information, click here.

Privacy and Cybersecurity Activities:

  • On March 3, the final version of the Utah Consumer Privacy Act (UCPA) was sent to Utah’s governor for final signature. The UCPA passed both chambers of Utah’s legislature with bipartisan support, and, if signed, would make Utah the fourth state in the country to adopt a comprehensive state privacy law. The final version of the UCPA would go into effect December 31, 2023 , and its substantive requirements closely mirror those found in the Virginia Consumer Data Protection Act (VCDPA). The UCPA does not include a private right of action, and businesses are provided a 30-day right to cure with regards to actions brought by the attorney general. For more information, click here.
  • On March 2, Florida’s House of Representatives passed HB-9, a comprehensive privacy bill, with strong bipartisan support. This legislation is now being considered by the Florida Senate, which must act quickly, as the 2022 legislative session in Florida ends on March 11. Notably this law would create a private right of action, under which consumers could seek $100-$700 per incident. There is still significant uncertainty regarding the future of this legislation, as the Senate has been considering a separate privacy bill that is materially different from HB-9. For more information, click here.
  • On March 1, the U.S. Senate unanimously approved the Strengthening American Cybersecurity Act of 2022. Notably this legislation would require critical infrastructure entities (e.g., energy, communications, transportation systems, etc.) to report certain cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. Furthermore, under this legislation, cyber incidents that involve ransomware payments would need to be reported within 24 hours. The legislation is now with the House of Representatives, where it is expected to be taken into consideration shortly. For more information, click here.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ethan G. Ostroff Ethan G. Ostroff

Ethan specializes in the defense of consumer actions, including class and mass actions, general business litigation, as well as regulatory compliance.

Photo of Chris Willis Chris Willis

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending…

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending them in individual and class action lawsuits brought by consumers and enforcement actions brought by government agencies.

Chris also leverages insights from his litigation and enforcement experience to help clients design new products and processes, including machine learning marketing, fraud prevention and underwriting models, product structure, advertising, online application flows, underwriting, and collection and loss mitigation strategies.

Chris brings a highly practical focus to his legal advice, informed by balancing a deep understanding of the business of consumer finance and the practical priorities of federal and state regulatory agencies.

Chris speaks frequently at conferences across the country on consumer financial services law and has been featured in numerous articles in publications such as the Wall Street Journal, the New York Times, the Washington PostAmerican BankerNational Law JournalBNA Bloomberg, and Bank Safety and Soundness Advisor.

Photo of Robyn Lin Robyn Lin

Robyn is a privacy and data security attorney who focuses on helping clients understand and maintain data compliance.

Photo of Graham Dean Graham Dean

Graham is an associate in the firm’s Cybersecurity, Information Governance, and Privacy Practice. In this role, Graham assists clients across various industries with issues related to data privacy. He has experience handling matters relating to the CCPA, CPRA, FCRA, CDPA, CPA, PIPA, LGPD…

Graham is an associate in the firm’s Cybersecurity, Information Governance, and Privacy Practice. In this role, Graham assists clients across various industries with issues related to data privacy. He has experience handling matters relating to the CCPA, CPRA, FCRA, CDPA, CPA, PIPA, LGPD, and a plethora of other privacy and banking secrecy laws in the Americas.

Photo of Elizabeth Briones Elizabeth Briones

Elizabeth Briones is an associate in the firm’s Consumer Financial Services practice with a focus on complex litigation, professional liability, and product liability. 

Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron understands technology and specializes in responding to data integrity events (breach response) and advising companies on maximizing data use through multiple regulatory environments.

Photo of Jed Komisin Jed Komisin

John E. “Jed” Komisin defends clients engaged in civil litigation. He has significant courtroom experience and works with his clients to find comprehensive solutions to their legal issues.

Photo of Edgar Vargas Edgar Vargas

Edgar Vargas is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.

Photo of Alan D. Wingfield Alan D. Wingfield

Alan Wingfield is a partner in the firm’s Consumer Financial Services practice, with a focus on Financial Services Litigation and consumer law compliance counseling. Alan has represented businesses in many venues nationally in class action and individual consumer litigation. Alan’s practice includes compliance…

Alan Wingfield is a partner in the firm’s Consumer Financial Services practice, with a focus on Financial Services Litigation and consumer law compliance counseling. Alan has represented businesses in many venues nationally in class action and individual consumer litigation. Alan’s practice includes compliance counseling to help businesses with the myriad federal and state consumer protection laws and laws regulating financial services companies.