On October 13, California Governor Gavin Newsom (D) signed Assembly Bill 39 (Digital Financial Assets Law). This new law broadly empowers the California Department of Financial Protection and Innovation (DFPI) to govern “digital financial asset business activity” and prohibits entities from engaging in such activity with California residents without obtaining a license from the DFPI, among other criteria.
On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York businesses and consumers from cyber threats.” According to the NY DFS, key changes in the regulations include: enhanced governance requirements; additional controls to prevent unauthorized access to information systems and mitigate the spread of an attack; requirements for more regular risk assessments, as well as a more robust incident response plans; updated notification requirements; and updated direction for companies to invest in at least annual training and cybersecurity awareness programs that are relevant to their business model. The newly amended compliance requirements will take effect in phases.
As discussed here, on August 1, the two major national credit union trade associations — the National Association of Federal Credit Unions (NAFCU) and the Credit Union National Association (CUNA) — announced plans to merge and create a new organization called America’s Credit Unions. Today, CUNA announced that the organizations’ members voted overwhelmingly (94% of CUNA members and 86% of NAFCU members) in favor of the merger. America’s Credit Unions will be legally formed on January 1, 2024.
On October 24, the Biden-Harris administration announced amendments to the regulations implementing title IV of the Higher Education Act of 1965 (HEA). According to the fact sheet, the amendments are intended to allow the Department of Education (ED) to better protect students from the negative effects of sudden college closures, restrict colleges from withholding course credits paid for with federal money from students’ transcripts, require colleges to clearly communicate how much financial aid students will receive, and provide a more streamlined process for states to approve postsecondary opportunities for students without a high school diploma or its equivalent. The amended regulations will take effect on July 1, 2024.
On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.
On October 27, the Federal Trade Commission (FTC) announced a final rule amending the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act. The Safeguards Rule requires nonbanking financial institutions to develop, implement, and maintain a comprehensive information security program to keep their customers’ information safe. The amendment will require financial institutions to notify the FTC no later than 30 days after discovery of a security breach involving the information of 500 or more consumers. The amendment will go into effect 180 days after publication of the final rule in the Federal Register.
To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week:
The Securities and Exchange Commission’s Division of Examinations has outlined its 2024 Examination Priorities, with a significant focus on cryptocurrency, emerging technology, and Anti-Money Laundering (AML) laws. This has important implications for financial services. Our Regulatory Oversight blog has the details; key highlights are below.
In a major victory for small business lenders, yesterday the U.S. District Court for the Southern District of Texas granted motions filed by three groups of trade association intervenors to extend the court’s existing injunction against the Consumer Financial Protection Bureau’s (CFPB or Bureau) enforcement of its final rule under § 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Final Rule) to cover all small business lenders nationwide. A discussion of the preliminary injunction issued by that Texas federal court on July 31 can be found here. The injunction in Texas Bankers Association v. CFPB will dissolve if the U.S. Supreme Court reverses the Fifth Circuit in Community Financial Services Association v CFPB (CFSA case), which found the CFPB’s funding structure unconstitutional.
On October 24, the Federal Trade Commission (FTC) and the Wisconsin Department of Justice announced a settlement with Wisconsin auto dealer group Rhinelander Auto Center, Inc. (Rhinelander), its current and former owners, and general manager. The lawsuit was brought under the FTC Act, the Equal Credit Opportunity Act (ECOA), the Wisconsin Deceptive Trade Practices Act, and the Wisconsin Consumer Act.