Like most industries today, Consumer Finance Services businesses continue to be significantly impacted by COVID-19. To help you keep abreast of relevant activities, below find a breakdown of some of the biggest legislative and regulatory events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On May 6, the Federal Trade Commission joined the Consumer Financial Protection Bureau (CFPB) in filing an amicus brief with the U.S. Court of Appeals for the Second Circuit. The brief asks the court to overturn a lower court decision, which held that a consumer reporting agency was not liable for failing to investigate a wrongfully reported debt because the inaccuracy was “legal” and not “factual.” For more information, click here.
- On May 5, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of Currency issued a proposal to strengthen and modernize regulations, implementing the Community Reinvestment Act (CRA) to better achieve the purposes of the law. Enacted 45 years ago, CRA encourages banks to help meet the credit needs of their local communities. For more information, click here.
- On May 3, the CFPB issued an advisory after student loan borrowers submitted complaints regarding companies that promised them student loan forgiveness or loan forbearance in exchange for fees amounting to hundreds or thousands of dollars. Borrowers believed they spoke to their servicers or companies authorized by the Department of Education because they often knew private information, such as the borrower’s loan balance or recent consolidation activity. For more information, click here.
- On May 2, the CFPB released its Supervisory Highlights report on legal violations identified during the CFPB’s supervisory examinations in the second half of 2021. The report details key findings across consumer financial products and services. For more information, click here.
- On April 28, the Joint Chiefs of Global Tax Enforcement (J5) announced the release of an intelligence bulletin, warning banks, law enforcement personnel, and private citizens of some of the dangers when dealing with non-fungible tokens (NFTs). The document, called the “J5 NFT Marketplace Red Flag Indicators,” is the first of its kind from the J5. It lists items that should draw concern when one is dealing with NFTs or planning to purchase one. The document is not meant to be an all-inclusive list of risks associated with NFTs, but rather a list of best practices from the five countries in the J5 from their dealings with NFTs in various investigations. For more information, click here.
- On May 6, Georgia Attorney General Chris Carr joined a coalition of 20 attorneys general in opposing the Disinformation Governance Board in a letter sent to Department of Homeland Security Secretary Alejandro Mayorkas. According to a press release, the “attorneys general argue that this government watchdog agency would abridge a citizen’s right to express their opinions and disagree with the government, furthering self-censorship rather than protecting freedom of speech,” and the “board’s creation is also an example of federal overreach.” For more information, click here.
- On May 4, New York Attorney General Letitia James led a multistate coalition of eight attorneys general, calling on President Joe Biden to fully cancel federal student debt owed by every federal student loan borrower in the country. “While I commend President Biden for giving serious consideration to forgiving $10,000 per borrower, we must take bolder, more decisive action to end this crisis and provide Americans with the tools they need to thrive,” said Attorney General James. “Student debt keeps millions of struggling borrowers from reaching financial stability and leads to a cycle of financial burdens that follow them throughout their lives.” According to the corresponding press release, student borrowers currently owe more than $1.7 trillion to the federal government. For more information, click here.
- On May 4, Virginia Attorney General Jason Miyares announced that approximately $3.5 million has been secured from Intuit, Inc. (Intuit), the owner of TurboTax, for deceiving Virginia consumers into paying for tax services advertised as “free.” In addition to suspending a “free, free, free” ad campaign, Intuit will pay a total of $141 million in restitution as a result of a multistate agreement. “TurboTax took advantage of and deceived Virginians. I’m proud of the role my office played to secure substantial relief for the Virginia consumers that TurboTax misled,” said Attorney General Miyares. For more information, click here.
- On May 4, California Governor Gavin Newsom signed an executive order, under California’s 2020 Consumer Financial Protection law, that begins the process of creating a regulatory approach to spur responsible innovation, while protecting California consumers; assess how to deploy blockchain technology for state and public institutions; and build research and workforce development pathways. For more information, click here.
- On May 4, New York Governor Kathy Hochul signed bill S.5924-C/A.6938-B that prohibits colleges from withholding a student’s transcript because of unpaid debts or charging individuals who owe debts a higher fee to obtain their transcript. For more information, click here.
Privacy and Cybersecurity Activities:
- On May 3, Vice reported that the Center for Disease Control (CDC) tracked millions of Americans to see if they followed COVID-19 lockdown orders. Specifically, the CDC harvested location data to track patterns of people visiting K-12 schools and to track the effectiveness of policy in the Navajo Nation. Vice reports that “although the CDC used COVID-19 as a reason to buy access to the data more quickly, it intended to use it for more general CDC purposes.” Vice obtained the documents through a Freedom of Information Act (FOIA) request. To read more, click here.
- On May 5, the National Institute for Standards and Technology (NIST) released an update to its Cybersecurity Guidelines for Supply Chain Risk Management. The update provides guidance on identifying, assessing, and responding to cybersecurity risks throughout the supply chain at all levels of an organization. Aimed at acquirers and end users of products, software, and services, the guidance intends to help organizations “build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks.” To read the updated guidance, click here.