On August 11, the CFPB published a circular confirming that covered persons and service providers under the Consumer Financial Protection Act (CFPA) may violate the CFPA’s prohibition against unfair acts or practices when they fail to adequately safeguard consumer information. However, the lack of clear substantive standards creates uncertainty as to what the CFPB would deem to be adequate data security practices.… Continue Reading
CFPB publishes report on impact of medical debt reporting changes
The CFPB recently published a report analyzing how certain actions announced earlier this year by the three largest national consumer reporting agencies—Equifax, Experian, and TransUnion—will affect people who have allegedly unpaid medical debt on their credit reports The new report is the CFPB’s third report issued this year on medical debt.… Continue Reading
Oregon finalizes student loan servicer regulations with July 1 effective date
On June 27, the Oregon Department of Consumer and Business Services’ (“Department”) Division of Financial Regulation (“Division”) finalized new regulations implementing Senate Bill 485, which requires companies to obtain a license from the Division in order to service student loans in Oregon, unless an exemption applies. The new regulations also establish related servicer requirements and prohibited acts, the supervisory authority of the Director of the Department (“Director”), and the obligations of a student loan ombudsman appointed or designated by the Department pursuant to Senate Bill 485. … Continue Reading
Louisiana enacts new requirements for student loans
On June 18, 2022, Louisiana’s Governor signed into law two new bills that impose new requirements for student loans. Both bills are effective on August 1, 2022.
HB 610. HB 610 creates the following new duties for student loan servicers:
- Response to Inquiries/Complaints. A student loan servicer must acknowledge receipt of a written inquiry or complaint from a student loan borrower or the authorized representative of a student loan borrower within 10 days after receiving the inquiry or complaint.
GAO report recommends DHS and Treasury assess federal response to cyber attacks
In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury’s (Treasury) Federal Insurance Office (FIO) to jointly assess whether the risk to critical infrastructure and potential financial exposures from catastrophic cyber incidents warrant a federal insurance response, and to inform Congress of the results of their assessment. … Continue Reading
California lawmakers urge FDIC to rein in bank partnerships
Four Democratic members of the California state legislature recently sent a letter to the Federal Deposit Insurance Corporation (FDIC) urging the agency to take action against FDIC-supervised banks that partner with non-bank lenders to originate high-cost installment loans.
Two of the letter’s authors, California Senator Monique Limon and Assemblymember Tim Grayson, were also sponsors of Assembly Bill 539, passed in 2019, which caps the annual interest rate at 36% plus the federal funds rate for consumer loans of at least $2,500 but less than $10,000 made by lenders licensed under the California Financing Law. … Continue Reading
Unpacking the FTC’s Recent Blog Post Regarding Breach Notification
The Federal Trade Commission (FTC) recently issued a blog post stating that a failure to disclose a data breach may be a violation of Section 5 of the FTC Act. The May 20 blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures, explained that in some instances, the FTC Act may create a de facto breach disclosure requirement because the failure to disclose will increase the likelihood that affected parties will suffer harm. … Continue Reading
Financial institutions face increasingly stringent federal breach reporting requirements
The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting regulatory patchwork of varying disclosure and timing obligations. … Continue Reading
CFPB Deputy Director Martinez invites discussion of payday payment plans and credit reporting of medical debts
CFPB Deputy Director Zixta Martinez recently provided the opening remarks at the CFPB’s Academic Research Council meeting. In her remarks, Martinez emphasized the CFPB’s role as a data-driven agency and welcomed further discussion of state payday extended payment plans and of the inclusion of medical debt in credit reports—two topics that have garnered renewed public interest due to the COVID-19 pandemic.… Continue Reading