On August 11, the CFPB published a circular confirming that covered persons and service providers under the Consumer Financial Protection Act (CFPA) may violate the CFPA’s prohibition against unfair acts or practices when they fail to adequately safeguard consumer information. However, the lack of clear substantive standards creates uncertainty as to what the CFPB would

The CFPB recently published a report analyzing how certain actions announced earlier this year by the three largest national consumer reporting agencies—Equifax, Experian, and TransUnion—will affect people who have allegedly unpaid medical debt on their credit reports  The new report is the CFPB’s third report issued this year on medical debt.

As previously reported

On June 27, the Oregon Department of Consumer and Business Services’ (“Department”) Division of Financial Regulation (“Division”) finalized new regulations implementing Senate Bill 485, which requires companies to obtain a license from the Division in order to service student loans in Oregon, unless an exemption applies.  The new regulations also establish related servicer requirements

In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury’s (Treasury) Federal Insurance Office (FIO) to jointly assess whether the risk to critical infrastructure and potential financial exposures from catastrophic cyber incidents warrant

Four Democratic members of the California state legislature recently sent a letter to the Federal Deposit Insurance Corporation (FDIC) urging the agency to take action against FDIC-supervised banks that partner with non-bank lenders to originate high-cost installment loans.

Two of the letter’s authors, California Senator Monique Limon and Assemblymember Tim Grayson, were also sponsors of

Breaking in

The Federal Trade Commission (FTC) recently issued a blog post stating that a failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  The May 20 blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures, explained that in some instances, the FTC Act

The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector.  As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting

CFPB Deputy Director Zixta Martinez recently provided the opening remarks at the CFPB’s Academic Research Council meeting.  In her remarks, Martinez emphasized the CFPB’s role as a data-driven agency and welcomed further discussion of state payday extended payment plans and of the inclusion of medical debt in credit reports—two topics that have garnered renewed public