To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities:
On January 6, the Federal Reserve Board announced that Michael S. Barr will step down from his position as Federal Reserve Board vice chair for supervision, effective February 28, or upon the confirmation of his successor. Barr, who has served in this role since July 19, 2022, will continue to serve as a member of the Federal Reserve Board of Governors. The board will not undertake any major rulemakings until a new vice chair for supervision is confirmed. For more information, click here.
On January 6, the Health and Human Services Department published a proposed rule in the Federal Register aimed at enhancing the HIPAA Security Rule to address the increasing cyberattacks on health care systems, which affected more than 167 million individuals in 2023 alone. The proposed rule mandates comprehensive safeguards, including the elimination of the “addressable” category for HIPAA Security Rule implementation specifications, enhanced risk analysis with annual updates, incident response plans to restore systems within 72 hours, mandatory multifactor authentication, encryption of ePHI, biannual vulnerability scans, and annual compliance audits. Public comments on the proposed rule will be accepted until March 7. For more information, click here.
On January 2, the Consumer Financial Protection Bureau (CFPB) published a blog highlighting the issue of debt collection practices in the workplace. The post emphasizes the stress and potential employment risks posed by aggressive debt collection tactics, including workplace contacts. The blog calls for the repeal of a provision in the Fair Debt Collection Practices Act that allows debt collectors to contact third parties for location information, including places of employment. The CFPB advises consumers on steps to protect themselves from such practices and encourages the submission of complaints if they experience improper debt collection at work. For more information, click here.
On December 27, the U.S. Department of the Treasury and the Internal Revenue Service (IRS) released final regulations that significantly impact the reporting requirements for brokers involved in digital asset transactions. The regulations clarify that the definition of a broker under § 6045(c)(1)(D) of the Internal Revenue Code includes any person who regularly provides services effectuating transfers of digital assets on behalf of another person. This broad definition ensures that various decentralized finance (DeFi) participants, including those providing front-end services, are covered under the reporting requirements. On the same day, a complaint was filed by the Blockchain Association, Texas Blockchain Council, and DeFi Education Fund against the IRS challenging the new regulations for allegedly violating the Administrative Procedure Act. The plaintiffs also raise constitutional issues, arguing that the final regulations violate the Fourth Amendment by invading the privacy rights of transaction participants and amount to an unconstitutional search. Additionally, the regulations are claimed to be unconstitutionally vague under the Fifth Amendment, as they do not provide clear notice to regulated parties. For more information, click here.
On January 3, the Federal Trade Commission (FTC) announced that accessiBe Inc. and accessiBe Ltd. (collectively, accessiBe) agreed to pay $1 million to settle allegations of deceptive advertising practices in violation of the FTC Act. Specifically, the FTC’s complaintalleged that accessiBe misrepresented the artificial intelligence (AI) capabilities of its website accessibility tool, accessWidget, to make websites compliant with the Web Content Accessibility Guidelines. The FTC further alleged that accessiBe paid for reviews on third-party websites that were formatted to appear as the opinions of impartial authors and publications and failed to disclose material connections to such online reviewers. For more information, click here.
State Activities:
On January 2, Massachusetts Governor Healey signed An Act Relative to the Regulation of Money Transmission by the Division of Banks (H4840), which enhances consumer protections for Massachusetts residents using payment apps. This legislation mandates that these apps obtain licenses and comply with Division of Banks (DOB) regulations. According to the press release announcing the enactment, the bill modernizes existing laws to reflect the current marketplace, establishing a single statutory framework for the licensing, examination, and regulation of all money transmitters in Massachusetts. For more information, click here.
On December 27, the FTC and Maryland attorney general charged Lindsay Automotive Group with systematically overcharging car-buying consumers for years, resulting in millions of dollars in fees and unwanted add-on products. The complaint alleges that Lindsay advertised prices it refused to honor and falsely claimed consumers needed to obtain financing through Lindsay. The charges extend to three Lindsay dealerships, their management company, and key executives. For more information, click here.
On December 21, New York Governor Kathy Hochul signed S5703B/A1035B into law, which bans the use of social media platforms for debt collection purposes. This law amends the General Business Law to prohibit debt collectors from using public or semi-public internet services to communicate with consumers about unpaid debts. It defines social media platforms as services where users can create profiles, connect with others, and share content visible to others, excluding platforms that solely offer email or direct messaging. For more information, click here.