In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury’s (Treasury) Federal Insurance Office (FIO) to jointly assess whether the risk to critical infrastructure and potential financial exposures from catastrophic cyber incidents warrant

Four Democratic members of the California state legislature recently sent a letter to the Federal Deposit Insurance Corporation (FDIC) urging the agency to take action against FDIC-supervised banks that partner with non-bank lenders to originate high-cost installment loans.

Two of the letter’s authors, California Senator Monique Limon and Assemblymember Tim Grayson, were also sponsors of

Breaking in

The Federal Trade Commission (FTC) recently issued a blog post stating that a failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  The May 20 blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures, explained that in some instances, the FTC Act

The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector.  As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting

CFPB Deputy Director Zixta Martinez recently provided the opening remarks at the CFPB’s Academic Research Council meeting.  In her remarks, Martinez emphasized the CFPB’s role as a data-driven agency and welcomed further discussion of state payday extended payment plans and of the inclusion of medical debt in credit reports—two topics that have garnered renewed public