The deadline for complying with certain provisions of the Standards for Safeguarding Customer Information (Safeguards Rule) has been extended to June 9, 2023. As we previously posted, on January 10, the Federal Trade Commission’s (FTC) final rule amending the Safeguards Rule under the Gramm-Leach-Bliley Act became effective. The Safeguards Rule requires nonbanking financial institutions
Privacy + Cyber
CFPB Seeks Further Input on Shifting P2P Fraud Liability to Banks
In an October 27 letter, the American Bankers Association (ABA) expressed concern regarding a proposal currently being considered by the Consumer Financial Protection Bureau (CFPB) that would shift liability from consumers to banks for scams involving peer-to-peer (P2P) payments. This would include requiring banks to reimburse consumers for P2P payments made but later identified…
CFPB Director Chopra Announces Move Toward Open Banking Rule
At the Money 20/20 fintech conference, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced his intent to move forward with the CFPB’s rulemaking under Section 1033 of the Consumer Financial Protection Act as part of the financial services industry’s movement toward “open banking,” a concept that involves the use of APIs that provide direct…
Washington Court Finds Illinois’ BIPA Does Not Apply Outside the State
On October 17, a U.S. District Court for the Western District of Washington issued an order and judgment, ending two related putative class actions alleging tech companies violated Illinois’ Biometric Information Privacy Act (BIPA) by using datasets containing geometric scans of their faces without their permission. The court granted summary judgment in favor of…
FSOC Cryptocurrency Report Recommends Increased Federal and State Oversight
On October 3, the Financial Stability Oversight Council (FSOC) released its “Report on Digital Asset Financial Stability Risks and Regulation” (Report), concluding, among other things, that unregulated cryptocurrencies could pose a risk to the stability of the U.S. financial system. FSOC further recommended legislation empowering financial regulators to more vigorously oversee the industry…
White Houses Proposes Bill of Rights for Artificial Intelligence
On October 4, the White House Office of Science and Technology Policy released a set of five principles, known as the Blueprint for an AI Bill of Rights, designed to protect the rights of Americans in the age of artificial intelligence (AI). Developed over the course of a year, the principles are intended to help…
Banking Groups Refute Senator Warren’s Report on P2P Fraud
Banking groups are taking issue with a report by Senator Elizabeth Warren (D-MA) regarding the prevalence of fraud on Zelle, the popular peer-to-peer (P2P) payment service. In an October 3 joint statement, the Consumer Bankers Association, American Bankers Association, Bank Policy Institute, and The Clearing House expressed their collective disagreement with the report’s conclusions…
Piecing It All Together: OFAC Combines Seven Years of Regulations, Amendments, and Interpretations All in One
Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands…
OCC Closely Watches as Banks and Fintech Partner
On September 6, Acting Comptroller of the Currency Michael Hsu warned that fintech and big techs partnerships and their forays into payment and lending could lead to increased risk for the banking industry. “My sense is that we are still in the early stages of a significant shift in how banking services are going to…
CCPA/CPRA Will Apply to Employee AND B2B Data — Five Steps to Prepare for the January 1, 2023 Effective Date
Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.
History of the Exemptions. Under the current exemptions, covered…