At the Money 20/20 fintech conference, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced his intent to move forward with the CFPB’s rulemaking under Section 1033 of the Consumer Financial Protection Act as part of the financial services industry’s movement toward “open banking,” a concept that involves the use of APIs that provide direct

On October 17, a U.S. District Court for the Western District of Washington issued an order and judgment, ending two related putative class actions alleging tech companies violated Illinois’ Biometric Information Privacy Act (BIPA) by using datasets containing geometric scans of their faces without their permission. The court granted summary judgment in favor of

On October 3, the Financial Stability Oversight Council (FSOC) released its “Report on Digital Asset Financial Stability Risks and Regulation” (Report), concluding, among other things, that unregulated cryptocurrencies could pose a risk to the stability of the U.S. financial system. FSOC further recommended legislation empowering financial regulators to more vigorously oversee the industry

Banking groups are taking issue with a report by Senator Elizabeth Warren (D-MA) regarding the prevalence of fraud on Zelle, the popular peer-to-peer (P2P) payment service. In an October 3 joint statement, the Consumer Bankers Association, American Bankers Association, Bank Policy Institute, and The Clearing House expressed their collective disagreement with the report’s conclusions

Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands

Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.

History of the Exemptions. Under the current exemptions, covered

On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,

On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs;