Like most industries today, Consumer Finance Services businesses continue to be significantly impacted by COVID-19. To help you keep abreast of relevant activities, below find a breakdown of some of the biggest legislative and regulatory events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On May 26, the Consumer Financial Protection Bureau (CFPB) confirmed that federal anti-discrimination law requires companies to explain to applicants the specific reasons for denying a credit application or taking other adverse actions, even if the creditor relies on credit models using complex algorithms. The CFPB published a Consumer Financial Protection Circular to remind the public, including those responsible for enforcing federal consumer financial protection law, of creditors’ adverse action notice requirements under the Equal Credit Opportunity Act. For more information, click here.

  • On May 26, the CFPB issued a letter to the six largest credit card lenders, asking why they choose not to include the amount their customers pay each month when furnishing information to the credit reporting agencies, saying that the practice has the potential to suppress consumers’ credit scores and prevent consumers from receiving the best possible terms when applying for credit. For more information, click here.

  • On May 26, the CFPB issued a blog post regarding credit reporting disputes and requirements that furnishers must satisfy when handling a dispute. For more information, click here.

  • On May 24, the CFPB announced that it will open the Office of Competition and Innovation as part of a new approach to help spur innovation in financial services by promoting competition and identifying stumbling blocks for new market entrants. The office will replace the Office of Innovation, which focused on an application-based process to confer special regulatory treatment on individual companies. The new office will support the CFPB’s broader initiative to analyze obstacles to open markets, better understand how big players squeeze out smaller players, host incubation events, and, in general, make it easier for people to switch financial providers. For more information, click here.

State Activities:

  • On May 26, California Attorney General Rob Bonta issued a press release, emphasizing health apps’ obligations under California law to protect and secure reproductive health information. According to the press release, the “Confidentiality of Medical Information Act (CMIA) applies to mobile apps that are designed to store medical information, including some fertility trackers, and establishes privacy protections that go beyond federal law.” Attorney General Bonta urged health apps to adopt robust security and privacy measures to protect reproductive health information. For more information, click here.

  • On May 23, California’s Department of Financial Protection and Innovation (DFPI) sent an email notifying license applicants and prospective license applicants that the issuance of licenses under the Debt Collection Licensing Act is unavoidably delayed at this time. The original deadline for applicants was December 31, 2021; however in mid-December, that deadline was extended to March 15. The DFPI previously stated that persons who file an application by March 15 would be deemed temporarily in compliance with California’s licensing requirement, pending the approval of the license application. For more information, click here.

  • On May 22, Minnesota Governor Tim Walz signed SF 2922 into law. SF 2922 contains a work-from-home provision, allowing collection agency staff to continue working remotely. The work-from-home provision will take effect on June 1. For more information, click here.

  • On May 20, the California DFPI announced that it had filed a Notice of Proposed Rulemaking with the Office of Administrative Law, inviting public comments on the proposed rulemaking. The proposed regulations seeks to implement, interpret, clarify, and make specific certain sections of the California Consumer Financial Protection Law that impose requirements on covered companies to respond to consumer complaints and report information about those complaints and responses to the DFPI. For more information, click here.

Privacy and Cybersecurity Activities:

  • On May 27, the California Privacy Protection Agency (CPPA) published the first set of draft regulations for the California Privacy Rights Act (CPRA). These draft regulations cover many topics, including the handling of data subject requests, consent requirements, data processing agreements, etc. Over the course of the next few months, these draft regulations will be subject to public comment and review. Further edits are expected, as are additional CPRA regulations, addressing items omitted from these initial regulations (e.g., the technical specifications for opt-out preference signals). For more information, click here.

  • On May 25, the California Senate passed SB 1172, which if signed into law would amend the way that the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to education test proctoring services. Specifically, SB 1172 would require that businesses “providing proctoring services collect, use, retain, and disclose only the personal information strictly necessary” to provide their services. Education proctoring businesses that violate this requirement may be subject to a new private right of action under which consumers may recover all of the following: “(1) liquidated damages of one thousand dollars ($1,000) per consumer per incident or actual damages, whichever is greater, (2) injunctive or declaratory relief, [and] (3) reasonable attorney fees and costs, including expert witness fees.” SB 1172 will now head to the California State Assembly for further consideration. For more information, click here.