Dear Mary,

I work in the IT department of a mid-sized company that recently detected a security incident. Everyone is freaking out – minus me. My manager asked our IT team to investigate the incident. But the incident is already contained, and business is back to normal. Why do we need to investigate further? Like seriously, why? And if we do need to investigate further, should I be doing this? I’ve been in IT for a while, and I have never been in this situation before.

– Forensic Forgoer in Florida

On May 30, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a request for information (Request) regarding alleged “junk fees” in closing costs charged by mortgage lenders and related settlement service providers. The Bureau is accepting public comments until August 2, 2024.

On May 29, the Department of Veterans Affairs (VA) announced a targeted foreclosure moratorium on VA-guaranteed loans intended to allow servicers sufficient time to implement the Veterans Affairs Servicing Purchase (VASP) program. Servicers may begin implementing the VASP program beginning May 31, 2024, and the VA expects servicers will fully implement the program no later than October 1, 2024.

We are pleased to introduce ‘Dear Mary,’ a new advice column from Troutman Pepper’s Incidents + Investigations team. This column will answer questions about anything and everything cyber-related — data breaches, forensic investigations, responding to regulators, and much more. ‘Dear Mary’ goes beyond the articles, podcasts, webinars, and other content we produce, as we are responding directly to your questions with concise, practical answers. ‘Dear Mary’ can be found here on the firm website, and direct links can be found on our Privacy + Cyber related blogs and newsletters.

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Troutman Pepper Partner Lori Sommerfield to discuss the new guidance issued by the Department of Housing and Urban Development (HUD) on targeted advertising for housing and housing-related ads. The conversation delves into the implications of the guidance, which was motivated by HUD’s original charge of discrimination against Facebook in 2019 and President Biden’s 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of AI. They explore how the guidance shifts the focus from disparate treatment to disparate impact, and the challenges advertisers and advertising platforms may face in complying with the new guidelines. The episode concludes with a discussion on the potential for regulatory overreach and the possibility of litigation.

According to a recent report by WebRecon, court filings under the Fair Debt Collection Practices Act (FDCPA) and Fair Credit Reporting Act (FCRA) and complaints filed with the Consumer Financial Protection Bureau (CFPB) were all up for the month of April. Only court filings under the Telephone Consumer Protection Act (TCPA) were slightly down. Still, year-to-date everything is up by double digits compared to 2023.

Yesterday, the lawsuit challenging the Consumer Financial Protection Bureau’s (CFPB or Bureau) credit card late fee rule (Final Rule) was ordered to be transferred from the U.S. District Court for the Northern District of Texas to the District Court for the District of Columbia (D.D.C.) for the second time in as many months. The court’s decision was largely based on the same analysis as the first transfer order.

On May 23, the U.S. Supreme Court issued its decision in Coinbase, Inc. v. Suski et al., unanimously affirming the Ninth Circuit’s decision holding that when parties have agreed to two contracts — one sending arbitrability disputes to arbitration, and the other sending arbitrability disputes to the courts — a court must decide which contract governs. The decision teaches a cautionary lesson that parties with multiple contracts between them must keep issues of arbitrability consistent between the contracts.