In a significant development, the Consumer Financial Protection Bureau (CFPB or Bureau) has finally reached a settlement with Townstone Financial, Inc. (Townstone) in the first redlining case brought against a nonbank mortgage lender and broker. This settlement follows the Seventh Circuit Court of Appeals’ pivotal decision in favor of the CFPB that expanded the Equal Credit Opportunity Act (ECOA) to include protections for prospective applicants who may be discouraged from applying for credit. The settlement marks a resolution of protracted litigation that began in 2020 when the CFPB sued Townstone by accusing the company of redlining practices.

On October 31, the U.S. Court of Appeals for the Fifth Circuit Court of Appeals granted the appellants’ motion to expedite the appeal in Texas Bankers Association v. Consumer Financial Protection Bureau (CFPB). The suit brought by several trade associations challenges the CFPB’s Final Rule under § 1071 of the Dodd-Frank Act, the “Small Business Lending Data Collection Rule” (Final Rule). The court scheduled oral argument for February 3, 2025. However, in that same order, the court denied appellants’ motion for a temporary stay of the Final Rule’s compliance dates, stating that the motion for a stay pending appeal “remained pending.” This means that the compliance dates set forth in the CFPB’s Interim Final Rule remain for now, with the earliest date for the largest lenders being July 18, 2025.

On October 29, New Jersey Attorney General Matthew Platkin and the state’s Division on Civil Rights (DCR) released a report detailing the findings of a multi-year investigation into Republic First Bank (Republic) and its alleged mortgage redlining practices. According to the report, the investigation revealed that Republic engaged in a pattern or practice of redlining against Black, Hispanic, and Asian communities in New Jersey, in violation of the New Jersey Law Against Discrimination.

On October 16, the New York State Department of Financial Services (NY DFS) issued an industry letter to entities regulated by NY DFS (covered entities) providing guidance addressing the cybersecurity risks associated with the use of artificial intelligence (AI). The guidance purportedly aims to assist covered entities in understanding and assessing cybersecurity risks associated with threats arising from the use of AI by cybercriminals and the controls that may be used to mitigate those risks. The NY DFS emphasizes that this new guidance does not impose any new requirements on covered entities, but rather it provides an outline for meeting existing compliance obligations under the NY DFS Cybersecurity Regulation, 23 NYCRR Part 500, in light of the advancements in AI technology.

Earlier this week, we discussed the Federal Trade Commission’s (FTC) final amendments to the Negative Option Rule, now retitled the Rule Concerning Recurring Subscriptions and Other Negative Option Programs. These amendments, which are set to take effect 180 days after publication in the Federal Register, are purportedly aimed at stopping deceptive and unfair practices in negative option marketing. However, the rule has now drawn a legal challenge.

On October 11, the Office of Administrative Law (OAL) approved the California Department of Financial Protection and Innovation’s (DFPI) proposed regulations on direct-to-consumer (i.e., non-employer offered) earned wage access (EWA) products. This approval marks the culmination of a lengthy regulatory process that began in March 2023 and involved multiple rounds of modifications and public comments. The regulations also impose requirements on debt settlement companies and education financing providers. It will become effective on February 15, 2025.

Yesterday, the Consumer Financial Protection Bureau (CFPB or Bureau) issued its final rule on personal financial data rights, purportedly aimed at enhancing consumer control over their financial data and promoting competition in the financial services industry. According to the Bureau’s press release, “[t]he rule requires financial institutions, credit card issuers, and other financial providers to unlock an individual’s personal financial data and transfer it to another provider at the consumer’s request for free… help[ing] lower prices on loans and improve customer service across payments, credit, and banking markets.” Later that same day, a complaint was filed challenging the Bureau’s authority.

Yesterday, we discussed the constitutional legal challenge against New York City’s recently amended debt collection rules, which were scheduled to go into effect on December 1, 2024. These rules would stringently regulate various debt collection activities by debt collectors operating in the city. Today, the New York City Department of Consumer and Worker Protection (DCWP) announced a delay in the enforcement of these new rules until April 1, 2025.

New York City’s recently amended debt collection rules — scheduled to go into effect on December 1, 2024 and which would stringently regulate various debt collection activities by debt collectors operating in the city — have drawn a constitutional legal challenge. Whether this challenge will affect the effective date is yet to be seen. The plaintiffs seek declaratory and injunctive relief to prevent the enforcement of the rules amending Title 6 of the Rules of the City of New York, which they argue are unconstitutional and preempted by federal and state law.