Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On October 29, the Consumer Financial Protection Bureau (CFPB) announced the following leadership changes: Lorelei Salas will join as the assistant director for the Office of Supervision Policy, and Eric Halperin has joined as the assistant director for the Office of Enforcement. For more information, click here.
  • On October 29, the Federal Trade Commission (FTC) issued a new enforcement policy statement, warning companies against deploying illegal dark patterns that trick or trap consumers into subscription services. The agency ramped up its enforcement in response to a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel. For more information, click here.
  • On October 29, the CFPB released several guidance documents to assist industry with providing the validation information to prepare for the Debt Collection Rule’s upcoming effective date. First, the CFPB released a “complete and accurate” Spanish translation of the model validation notice. Second, the CFPB added a new section to the Debt Collection Rule’s frequently asked questions (FAQs), addressing frequent questions on, among other things, use of the model validation notice and the validation information special rule for certain residential mortgage debts. Third, the CFPB released a new guidance document titled, “Debt Collection Rule: Disclosing the Model Validation Notice Itemization Table,” which reviews certain required validation information, includes examples, and illustrates how a debt collector could comply with the requirement to disclose that information. For more information, click here.
  • On October 27, the FTC announced a newly updated rule that strengthens the data security safeguards that financial institutions must implement to protect their customers’ financial information. In recent years, widespread data breaches and cyberattacks have resulted in significant harms to consumers, including monetary loss, identity theft, and other forms of financial distress. For more information, click here.
  • On October 27, Bills introduced in the House of Representatives and the Senate by Representative Mike Levin and Senator Maggie Hassan respectively seek to amend the Servicemembers Civil Relief Act, which protects members of the armed forces and other branches of the government from certain financial situations, including judgments, garnishments, and other adverse collection-related actions. For more information, click here.
  • On October 26, President Joe Biden renewed Acting Chairwoman Jessica Rosenworcel’s term at the Federal Communications Commission (FCC) and nominated former FCC Adviser Gigi Sohn. For more information, click here.
  • On October 25, U.S. Representative Tom Emmer introduced a bill that creates a whistleblower program at the CFPB. For more information, click here.
  • On October 21, the Office of the Comptroller of the Currency issued Bulletin 2021-49, announcing the revision of the Payment Systems booklet of the Comptroller’s Handbook. For more information, click here.

State Activities:

  • On December 31, licensing renewals are due in most states. State regulators are encouraging businesses to renew online now to avoid processing delays, especially as new states join the Nationwide Multistate Licensing System. For more information, click here.
  • On October 20, the New York Department of Financial Services published a notice in the New York State Register, announcing that it issued a proposed regulation to implement S 5470-B, which requires disclosures for commercial financing transactions of $2.5 million or less under a commercial financing agreement. The notice allows for public comment for 60 days. The bill becomes effective on January 1, 2022, but compliance with the rule will not be mandated until six months after final publication. For more information, click here.
  • As of November 1, the Connecticut Department of Banking will require that certain licensees and registrants “file the surety bonds required by the Commissioner electronically on the system” for any application submitted that requires a bond. Further, “[e]xisting licensees and registrants shall transition to the electronic bond format no later than March 1, 2022.” For more information, click here.
  • On October 29, New York Attorney General Letitia Jams announced “agreement with Ticket Fulfillment Services, L.P. (TFS) and five ticket resale websites for failing to provide legally-mandated refunds to more than 11,000 affected consumers who purchased tickets — through one of TFS’s affiliate marketers — to events that were cancelled in the wake of the coronavirus disease (COVID-19) pandemic.” According to the press release, New York law requires companies that facilitate ticket resales to guarantee refunds for cancelled events. Collectively, the companies allegedly withheld $4.4 million in refunds that were required to be returned to consumers. For more information, click here.

Privacy and Cybersecurity Activities:

  • On October 29, the FTC issued a new enforcement policy statement, warning companies against deploying illegal dark patterns that trick or trap consumers into subscriptions services, especially as many consumers continue to transact with businesses from home due to the COVID-19 pandemic. For example, the FTC has sued companies that “hid important payment information, or even the fact that consumers would be charged at all, behind hyperlinks, hovers-overs or in inconspicuous places.” The FTC reminds businesses to:
    • Disclose clearly and conspicuously all material terms of the product or service;
    • Obtain the consumer’s express informed consent before charging them for a product or service; and
    • Provide easy and simple cancellation to the consumer.

To read the full warning, click here.

  • On October 28, California Attorney General Rob Bonta provided consumers and businesses with tips on how to defend against cybersecurity threats. With the increase of remote work and high-profile cyberattacks during the COVID-19 pandemic, California Attorney General Rob Bonta offers “steps you can take to protect yourself and your data.” California Attorney General Rob Bonta reminded consumers that they can protect themselves and those around them by (1) enabling multifactor authentication; (2) using strong passwords and password managers; (3) performing regular software updates on all devices; (4) installing antivirus software; and (5) limiting the use of public networks. The California attorney general reminded businesses that they too can defend against cybersecurity threats. For instance, businesses can:
    • Train employees in data security principles;
    • Protect information, computers, and networks from cyberattacks;
    • Provide firewall security for your internet connection;
    • Secure your Wi-Fi networks;
    • Limit employee access to data and information; and
    • Change passwords and authentication regularly.

To read the full warning, click here.

  • On October 28, the PCI Security Standards Council (PCI SSC or Council) hosted its annual Global Payment Security Forum. The Council acknowledged the importance of the pandemic’s impacts on the payments ecosystem by including COVID-19-related challenges as one of this year’s main discussion topics. In a post-forum press release, the PCI SSC provided helpful resources to some of their COVID-19-related resources to show its continued “commitment to listening to industry and stakeholder feedback[.]” For instance, the Council highlighted its guidelines for remote work and performing remote assessments. To read the full press release, click here.

Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On September 29, the Consumer Financial Protection Bureau (CFPB) released its fifth biennial report to Congress on the consumer credit card market, finding that the market’s growth over the last few years reversed course in 2020. In reviewing the market for potential consumer harm, the report presents the latest research on consumer card use, cost, and availability. From a 2019 peak of $926 billion, credit card debt fell to $811 billion by the second quarter of 2020 — the largest six-month decline on record — before reaching $825 billion by the end of the year. For more information, click here.
  • On September 28, Federal Trade Commission (FTC) Chair Lina M. Khan announced that she has appointed Holly Vedova as director of the FTC’s Bureau of Competition and Samuel A.A. Levine as director of the Bureau of Consumer Protection. Ms. Vedova and Mr. Levine have served as acting directors of these two bureaus since June of this year. For more information, click here.
  • On September 22, the Internal Revenue Service announced that it awarded new contracts to three private sector collection agencies to collect overdue tax debts. Beginning September 23, taxpayers with unpaid tax bills may be contacted by one of the following three agencies: CBE Group, Inc., Coast Professional, Inc., and ConServe. For more information, click here.

State Activities:

  • Two bills — S.B. 531 and A.B. 424 — recently passed in California have been enrolled and presented to the governor for his signature. Among other provisions, S.B. 531 would prohibit debt collectors (with limited exceptions) from making a written statement attempting to collect delinquent consumer debt unless they have access to a contract, or other evidence, demonstrating the debt. A.B. 424 would, among other provisions, place new documentation requirements on any collection activity concerning student loans for private lenders. For more information, click here and here.
  • On September 30, North Carolina Attorney General Josh Stein issued a press release, commending Duke Energy for extending its utility disconnections moratorium. Duke Energy announced it is voluntarily extending its moratorium on utility disconnections through March 2022 for customers who qualify for energy assistance funding programs. Attorney General Stein stated, “We are not out of this pandemic yet, and people still need access to water, power, and gas in their homes to stay healthy and prevent the spread of COVID-19.” For more information, click here.
  • On September 29, Massachusetts’ top appellate court released an order directing state trial judges who conduct virtual bench trials in criminal cases to “explain to the defendant the procedure to be followed during the trial, including how to communicate with counsel, and the arrangements made for witness testimony and the public’s access to the proceedings.” It also informs trial judges that they “shall obtain a defendant’s assent to a virtual bench trial on the record[,]” else it appears the trial would be held in person despite COVID-19 risks. For those interested in reading the complete order, click here.
  • On September 29, the New York Department of Financial Services issued a proposed regulation to implement a new bill, which requires consumer-like disclosures for “commercial financing” transactions of $2.5 million or less. It would become effective on January 1, 2022. Comments on the proposal will be due no later than 60 days after the date it is published in the State Register. For more information, click here.
  • On September 25, Michigan Attorney General Dana Nessel issued a press release regarding the September 26 implementation of the Financial Exploitation Prevention Act. Per the press release, the statute “enacts new requirements on financial institutions to ensure they have training and procedures [in place] to better recognize the signs of financial exploitation and take action to protect those who are unable to protect themselves from abuse, neglect, or exploitation because of a mental or physical impairment or because of advanced age.” The act “also allows financial institutions to freeze customer transactions or assets under certain circumstances; provides immunity from criminal, civil, or administrative liability to financial institutions for actions taken in good faith under the Act; and provides for the powers and duties of certain governmental officers and entities to enforce the Act.” For more information, click here.
  • On September 23, the Division of Banks of the Massachusetts Office of Consumer Affairs and Business Regulation issued a supervisory alert to warn financial institutions of the potential legal and regulatory risks related to the disclosure of nonsufficient funds fees. For more information, click here.

Privacy and Cybersecurity Activities:

  • On September 30, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance and a reminder to the public — specifically to employers — that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule “does not apply to employers or employment records.” HHS reminds the public that HIPAA’s Privacy Rule “only applies to HIPAA covered entities (health plans, health care clearinghouses, and health care providers that conduct standard electronic transactions.), and, in some cases, to their business associates.” For those interested in reading HHS’ full statement, click here. For those interested in learning more about the privacy implications of vaccination requirements in the workplace, check out Troutman Pepper’s Law360 article by clicking here.
  • On September 27, the FTC released guidance to individuals who believe they may have paid a scammer, likely due to the continued economic effects caused by the COVID-19 pandemic. While the FTC’s guidance focuses on individuals who paid someone, it is likely they also shared their personal information. The FTC recognizes that “[s]cammers can be very convincing[.]” However, what should individuals do after they have been scammed? The FTC informs the public that they should immediately contact their bank, gift card provider, or credit card company used to send money. Those who wired money to the scammer should contact the wire transfer company right away. To read the FTC’s complete guidance, click here.