Like most industries today, Consumer Finance Services businesses continue to be significantly impacted by COVID-19. To help you keep abreast of relevant activities, below find a breakdown of some of the biggest legislative and regulatory events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On June 30, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective for Spring 2022, which includes a discussion of risks and suggestions for banks to consider on distributed ledger technologies and digital assets. For more information, click here.

  • On June 27, the Federal Reserve Board announced the final timeline and implementation details to adopt the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service. The Federal Reserve Board extended the implementation timeframe from a target date of November 2023 to March 10, 2025. For more information, click here.

  • On June 29, the Consumer Financial Protection Bureau (CFPB) issued an advisory opinion, affirming that federal law often prohibits debt collectors from charging “convenience fees” for some payments when consumers want to pay in a particular way, such as online or by phone. For more information, click here.

  • On June 28, the CFPB issued an interpretive rule to state agencies, informing them that the Fair Credit Reporting Act does not preempt states from enacting their own credit reporting laws. For more information, click here.

  • On June 28, the U.S. Chamber of Commerce issued a letter, highlighting what it describes as unlawful regulatory overreach by the CFPB and specifically new CFPB Director Rohit Chopra. For more information, click here.

  • The CFPB Office of Servicemember Affairs released its annual report, detailing over 17,000 complaints filed by servicemembers, veterans, and their families in 2021. The largest number of complaints concerned incorrect information on credit reports; closely related to the first complaint was the credit reporting agencies’ failure to respond swiftly and thoroughly to these complaints. For more information, click here.

State Activities:

  • On June 30, New York Attorney General Letitia James secured $400,000 from a grocery store chain for exposing the personal information of more than three million consumers nationwide, including more than 830,000 New Yorkers. According to the press release, the grocery store chain “kept consumers’ personal information in misconfigured cloud storage containers that were open, making it easy for hackers or others to potentially access the information. The compromised data included usernames and passwords for [the grocery store’s customers’] accounts, as well as customers’ names, email addresses, mailing addresses, and additional data derived from drivers’ license numbers.” Following the action, the grocery store chain upgraded its data security practices. For more information, click here.

  • The Northern District of Illinois recently granted a defendant banks’ motions to dismiss in an alleged wire fraud case, holding that the Illinois Uniform Commercial Code (UCC) preempted the plaintiff’s common law claims, the consumer fraud claims failed to meet R. 9(b)’s heightened pleading standard, and claims under the Electronic Funds Transfer Act failed to state a claim. The holding demonstrates that because UCC Article 4A governs wire transfers, plaintiffs asserting wire fraud claims are generally limited to relief afforded under UCC Article 4A; claims under common law, consumer fraud statutes, and the EFTA generally cannot be used to impose liability on a bank for its role in a wire transfer transaction. For more information, click here.

  • On June 29, California Attorney General Rob Bonta issued an alert to Californians whose person information was disclosed in connection with the state’s Firearms Dashboard Portal. The “incident exposed the personal information of individuals who were granted or denied a concealed and carry weapons (CCW) permit between 2011-2021,” according to the alert. “This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” said Attorney General Rob Bonta. “I immediately launched an investigation into how this occurred at the California Department of Justice and will take strong corrective measures where necessary.” For more information, click here.

  • During June, Hawaii enacted SB 2695 to create a blockchain and cryptocurrency task force, which is tasked with submitting a report of its findings and recommendations to the legislature. For more information, click here.

  • In June, Missouri’s money laundering law was amended to include cryptocurrency, thus making money laundering a criminal offense if a person engages in specified financial transactions that involve cryptocurrency. For more information, click here.

  • The governor of Iowa signed HF 2443 in June, which amends Iowa’s Uniform Electronic Transactions Act to delete references to distributed ledger technology and to add a new section, addressing the legal effect of distributed ledger technology and smart contracts. For more information, click here.

Privacy and Cybersecurity Activities:

  • On June 29, the Department of Health and Human Services (HSS) issued guidance to protect patient privacy in the wake of the Supreme Court’s decision in Roe. In general, the guidance does two things: (1) addresses how federal and regulations protect individuals’ private medical information (known as protected health information or PHI) relating to abortion and other sexual and reproductive health care — making it clear that providers are not required to disclose private medical information to third parties; and (2) addresses the extent to which private medical information is protected on personal cell phones and tablets, providing tips for protecting individuals’ privacy when using period trackers and other health information apps. To read the full guidance, click here.

  • On July 1, California’s act on confidentiality of medical information took effect, amending the Confidentiality of Medical Information Act and the Insurance Information and Privacy Protection Act regarding the confidentiality of medical information. Specifically, the bill requires a health care service plan or health insurer to accommodate requests for confidential communication of medical information regardless of whether there is a situation involving sensitive services or a situation in which disclosure would endanger the individual. To read the bill, click here.