Regulatory and Enforcement

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations.  The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.

The Amendments contain three significant changes relating to ransomware.  First, the Amendment specifically adds “the deployment of ransomware

On August 11, the CFPB published a circular confirming that covered persons and service providers under the Consumer Financial Protection Act (CFPA) may violate the CFPA’s prohibition against unfair acts or practices when they fail to adequately safeguard consumer information. However, the lack of clear substantive standards creates uncertainty as to what the CFPB would

The CFPB announced that it has entered into a consent order with Hello Digit, LLC (“Digit”) to settle the CFPB’s claims that Digit engaged in deceptive acts and practices in connection with an automated savings tool it offered to consumers.  The settlement requires Digit to pay a $2.7 million civil money penalty and at least

The CFPB has issued an interpretive rule that addresses when digital marketing providers are “service providers” subject to the Consumer Financial Protection Act, including the CFPA’s prohibition on unfair, deceptive, or abusive acts or practices. 

The CFPB describes digital marketing providers as businesses that use data obtained from an array of sources to offer targeted

The FTC’s proposal would impose a number of new substantive and disclosure requirements on motor vehicle dealers in connection with the car buying or leasing process.  The topics we cover include: the FTC’s statutory authority for the proposal and the proposal’s coverage (including buy-here-pay-here dealers); the specific new requirements the proposal would impose; how the

The FHFA announced that Fannie Mae and Freddie Mac will require mortgage servicers to maintain certain fair lending data elements, including the borrower’s age, race, ethnicity, gender, and preferred language. The fair lending data must be stored in a searchable format, and must transfer with servicing throughout the loan term.

On the topic, Freddie Mac

The CFPB recently published a report analyzing how certain actions announced earlier this year by the three largest national consumer reporting agencies—Equifax, Experian, and TransUnion—will affect people who have allegedly unpaid medical debt on their credit reports  The new report is the CFPB’s third report issued this year on medical debt.

As previously reported

Eight national trade groups have filed a petition with the CFPB that urges the Bureau to engage in rulemaking to define larger participants in the market for data aggregation services.  The trade groups are the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Counsel, Independent Community Bankers of America, National Association

In Director Chopra’s recent interviews with several news reporting organizations, a persistent theme was the CFPB’s concerns about the entry of big tech companies into financial services, particularly in connection with payments and the companies’ ability to collect and monetize data about consumers.  Those concerns are the focus of a new CFPB report issued last