On November 7, the Consumer Financial Protection Bureau (CFPB) issued a proposed rule with request for public comment to amend existing regulations defining “larger participants” the CFPB supervises by adding a new section to define larger participants that offer digital wallets, payment applications, and similar services.

Last week, a district court in Nevada held that an undated, model form debt validation notice does not violate the Fair Debt Collection Practices Act (FDCPA). In Bergida v. PlusFour, Inc., the defendant sent a debt validation letter to the plaintiff that followed the model form provided by the Consumer Financial Protection Bureau (CFPB). The letter was not dated. The plaintiff claimed the letter violated FDCPA §§ 1692d, e, f, and g because she could not determine what date was “today” and “now,” which allegedly misled her about the status of the debt, confused her, made the letter seem illegitimate and suspicious, and caused her to spend time and money trying to figure out whether the debt was valid. When considering the defendant’s motion to dismiss, the court applied the least sophisticated debtor standard and found that the plaintiff failed to state a claim.

Earlier this year, a district court for the Middle District of Florida upheld a jury award of $225,000 in punitive damages in a debt collection case finding the defendant’s conduct “reprehensible” based on the physical harm caused to the plaintiff, the defendant’s indifference or reckless disregard of the harm it caused to the plaintiff, the plaintiff’s financial vulnerability, and the defendant’s repeated actions.

On October 13, California Governor Gavin Newsom (D) signed Assembly Bill 39 (Digital Financial Assets Law). This new law broadly empowers the California Department of Financial Protection and Innovation (DFPI) to govern “digital financial asset business activity” and prohibits entities from engaging in such activity with California residents without obtaining a license from the DFPI, among other criteria.

On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York businesses and consumers from cyber threats.” According to the NY DFS, key changes in the regulations include: enhanced governance requirements;  additional controls to prevent unauthorized access to information systems and mitigate the spread of an attack; requirements for more regular risk assessments, as well as a more robust incident response plans; updated notification requirements; and updated direction for companies to invest in at least annual training and cybersecurity awareness programs that are relevant to their business model. The newly amended compliance requirements will take effect in phases. 

As discussed here, on August 1, the two major national credit union trade associations — the National Association of Federal Credit Unions (NAFCU) and the Credit Union National Association (CUNA) — announced plans to merge and create a new organization called America’s Credit Unions. Today, CUNA announced that the organizations’ members voted overwhelmingly (94% of CUNA members and 86% of NAFCU members) in favor of the merger. America’s Credit Unions will be legally formed on January 1, 2024.

On October 24, the Biden-Harris administration announced amendments to the regulations implementing title IV of the Higher Education Act of 1965 (HEA). According to the fact sheet, the amendments are intended to allow the Department of Education (ED) to better protect students from the negative effects of sudden college closures, restrict colleges from withholding course credits paid for with federal money from students’ transcripts, require colleges to clearly communicate how much financial aid students will receive, and provide a more streamlined process for states to approve postsecondary opportunities for students without a high school diploma or its equivalent. The amended regulations will take effect on July 1, 2024.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.