To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On July 21, the U.S. Department of the Treasury’s Office of Foreign Asset Control announced that it issued a “finding of violation” to a bank for its failure to freeze the assets of two clients blacklisted under the Weapons of Mass Destruction Proliferations Sanctions Regulations, which resulted in the unlawful processing of 34 post-designation payments. For more information, click here.
- On July 20, U.S. Senator Bob Menendez (D-NJ), a senior member of the Senate Banking Committee, alongside Sens. Jack Reed (D-RI), Elizabeth Warren (D-MA), Sherrod Brown (D-OH), Catherine Cortez Masto (D-NV), and Raphael Warnock (D-GA) urged the Consumer Financial Protection Bureau (CFPB) to do more to protect consumers and hold banks accountable for fraud conducted using bank-owned instant digital payment networks. The senators called on the CFPB to update and clarify its rules and guidance for peer-to-peer payments for fraudulently induced transactions. For more information, click here.
- On July 20, the House Commerce Committee advanced privacy legislation that seeks to set a national standard for how companies use and disclose consumer data. For more information, click here.
- On July 19, the Federal Housing Finance Agency (FHFA) announced the establishment of the Office of Financial Technology to serve as a source of information, FHFA support in addressing emerging risks, and an avenue to advance FHFA priorities for the adoption and deployment of financial technology (fintech). At the same time, the FHFA issued a request for information, requesting information about the use of fintech in the housing finance market. For more information, click here.
- On July 15, the U.S. Office of Government Ethics issued a legal advisory to provide guidance on the public financial disclosure reporting requirements applicable to non-fungible tokens (NFTs) that represent collectible virtual items (collectible NFTs) and fractionalized non-fungible tokens (F-NFTs). The public financial disclosure filers must disclose ownership of collectible NFTs and F-NFTs when holding those assets for investment or production of income that are worth more than $1,000 at the end of the reporting period, or if they produce over $200 in income in the reporting period. Public financial disclosure filers also must disclose purchases, sales, and exchanges of collectible NFTs and F-NFTs that qualify as securities. For more information, click here.
- On July 14, the U.S. House of Representatives approved the Establishing New Authorities for Business Laundering and Enabling Risks to Security (ENABLERS) Act, with bipartisan support, as part of the National Defense Authorization Act (NDAA) for 2023. One of the bill’s authors, Representative Tom Malinowski (D-NJ), called it “the most significant updating of US anti-money laundering legislation since the PATRIOT Act.” For more information, click here.
- On July 20, New York Attorney General Letitia James and the Federal Trade Commission (FTC) announced the recovery of $34.2 million for 46,000 servicemembers, allegedly deceived by a national jewelry retailer. According to the press release, the retailer used “deceptive marketing tactics to lure active-duty servicemembers to their financing program, falsely claiming that investing in this program would improve servicemembers’ credit scores. Instead, servicemembers were tricked into obtaining high-interest loans on overpriced, poor-quality jewelry that saddled them with thousands of dollars of debt and worsened their credit.” For more information, click here.
- On July 19, California’s attorney general led a coalition of 10 attorneys general in issuing a comment letter to Congress, urging it to respect the role of states in enforcing and providing for strong consumer privacy laws. In the letter, the attorneys general call on Congress to create a floor of consumer privacy laws, which do not preempt the states’ ability to create legislation to address changing technology and data protection practices. “As our marketplaces continue to change, states must maintain the ability to respond when needed,” said Attorney General Bonta. “Our states have demonstrated that we are up to the task when it comes to privacy protection, and we welcome federal action that will help us continue this work.” For more information, click here.
- On July 15, the California Department of Financial Protection and Innovation (DFPI) issued an invitation for comments on proposed additions to regulations, implementing the Debt Collection Licensing Act (DCLA). According to the invitation, the new provisions pertain “to the scope, annual report, and document retention requirements of the DCLA.” Concerning the potential scope of these regulations, the proposed additions: (1) define “original creditors” and propose to generally exclude them from licensure unless certain benchmarks apply; and (2) exclude from licensure “person[s] solely servicing debts not in default on behalf of an original creditor[.]” For more information, click here.
Privacy and Cybersecurity Activities:
- On July 21, the U.S. Senate Committee on Commerce, Science, and Transportation scheduled a July 27 markup of two children’s privacy bills — the Children and Teens’ Online Privacy Protection Act and the Kids Online Safety Act. The Children and Teens’ Online Privacy Protection Act seeks to limit practices on children’s data collection and use, while the Kids Online Safety Act focuses on prohibiting algorithms and targeted advertising to children ages 16 and under. To view the announcement, click here.
- On July 20, the House Commerce Committee advanced privacy legislation that seeks to set a national standard for how companies use and disclose consumer data. For more information, click here.
- On July 19, the Federal Communications Commission Chairwoman Jessica Rosenworcel issued a letter to the country’s top 15 mobile providers, inquiring about their data retention policies and privacy notices. The letter also questioned the providers’ processes for sharing geolocation data with law enforcement and other third parties’ data sharing agreements. To view the letters, click here.
- On July 19, the House Committee on Energy and Commerce released an amendment as a substitute of the draft American Data Privacy and Protection Act. The amendment makes several notable changes, including changing the private right of action’s effective date from four years to two years post-adoption, providing the California Privacy Protection Agency with enforcement power, and adding technical changes to the definitions for “covered entity” and “service provider.” To view the amendments, click here.