To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Federal Activities:

  • On June 2, President Biden announced his intent to extend the tenures of two Republicans serving on the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission: Mark Toshiro Uyeda and Summer Mersinger, respectively. For more information, click here.
  • On June 2, Chairman of the House Financial Services Committee Patrick McHenry and Chairman of the House Committee on Agriculture Glenn Thompson released a discussion draft of legislation intended to provide a comprehensive regulatory framework for the digital asset market. Notably, the bill excludes from the Securities Act of 1933’s disclosure requirement blockchain protocols that certify to the SEC that they become “decentralized networks.” The bill defines a “decentralized network,” in relevant part, as a protocol that “no person, acting on the person’s own, had the unilateral authority, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, to control or materially alter the functionality or operation of the blockchain network… .” Section 204 of the bill carves out a process by which the SEC may rebut a protocol’s assertion that it is sufficiently decentralized and not subject to the act’s reporting requirements. For more information, click here.
  • On June 2, digital asset trade associations Blockchain Association and DeFi Education Fund filed a joint amicus brief in support of Coin Center’s lawsuit regarding the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanction of open-source software Tornado Cash. In the brief, the trade associations argued that OFAC’s sanction of Tornado Cash “reflects a basic misunderstanding” and “[l]ike any tool — indeed, like the internet itself — software like Tornado Cash can be misued for illicit purposes.” For more information, click here.
  • On June 1, the Federal Reserve (Fed) and the California Department of Financial Protection and Innovation (DFPI) entered against Silvergate Bank (Silvergate) a consent order requiring, among other things, Silvergate to seek the Fed’s and DFPI’s approval before “engag[in] in any expansionary activities, new lines of business, or establish[ing], any new branches or other offices… .” For more information, click here.
  • On June 1, six federal regulatory agencies, including the Consumer Financial Protection Bureau (CFPB), requested public comment on a proposed rule designed to ensure the credibility and integrity of models used in real estate valuations. In particular, the proposed rule would implement quality control standards for automated valuation models (AVMs) used by mortgage originators and secondary market issuers in valuing real estate collateral securing mortgage loans. For more information, click here.
  • On June 1, the CFPB published an issue spotlight on digital payment apps heavily used by consumers and businesses. The analysis finds that funds stored on these apps may not be safe in the event of financial distress, since the funds may not be held in accounts with federal deposit insurance coverage. The CFPB also issued a consumer advisory for customers holding funds in these apps and how they can make sure their funds remain safe. For more information, click here.
  • On May 31, the Department of Housing and Urban Development (HUD) published FHA INFO 23-44, which announced the posting of the Draft Mortgagee Letter (draft ML), Payment Supplement Partial Claim. Through the proposed policy provided in this draft ML, the Federal Housing Administration (FHA) proposes to create a new loss mitigation option to assist struggling borrowers that are delinquent on their mortgage payments. This option is targeted to assist borrowers in default, who are unable to obtain a significant payment reduction through other loss mitigation options. For more information, click here.
  • On May 31, the European Banking Authority (EBA) launched a public consultation on amendments to its guidelines on money laundering and terrorist financing (ML/TF) risk factors. The proposed changes extend the scope of these guidelines to crypto-asset service providers (CASPs). The consultation runs until August 31. For more information, click here.
  • On May 31, the Justice Department announced that ESSA Bank & Trust has agreed to pay more than $3 million to resolve allegations that it engaged in a pattern or practice of lending discrimination by redlining majority-Black and Hispanic neighborhoods in and around Philadelphia. For more information, click here.
  • On May 30, the Commodity Futures Trading Commission Division of Clearing and Risk (DCR) issued a staff advisory on the risks associated with the expansion of Derivatives Clearing Organization (DCO) clearing of digital assets. In the past several years, DCR has observed an increased interest by DCOs and DCO applicants in expanding the types of products cleared, as well as business lines, clearing models, and services DCOs offer, including those related to digital assets. For more information, click here.
  • On May 25, U.S. Representative Alex X. Mooney (R-WV) introduced H.R. 3712 titled the Digital Dollar Pilot Prevention Act to prohibit the Fed from establishing, approving, or otherwise carrying out any proof-of-concept programs intended to test the practicability of issuing a central bank digital currency (CBDC). For more information, click here.
  • On May 25, the World Economic Forum released a white paper titled, “Pathways to Crypto-Asset Regulation: A Global Approach,” which examines the needs for a global approach to regulate digital assets, and analyzes the challenges of a global approach. For more information, click here.
  • On May 25, the Office of the Comptroller of the Currency (OCC) announced revisions to its policies and procedures manual on bank enforcement actions to reflect its consideration of actions against banks that exhibit or fail to correct persistent weaknesses. For more information, click here.
  • On May 24, the CFPB issued a blog post discussing mortgage rates paid by consumers varying across lenders. For more information, click here.
  • On May 23, the Acting Comptroller of the Currency Michael J. Hsu discussed the OCC’s commitment to a fair and inclusive financial system in remarks at the Bank On National Conference. For more information, click here.
  • On May 23, Pometheum Ember Capital LLC announced it has received a first-of-its-kind approval from the Financial Industry Regulatory Authority (FINRA) to operate as a special purpose broker-dealer (SPBD) for digital asset securities. This approval permits Prometheum Capital to custody digital asset securities on behalf of retail and institutional clients. For more information, click here.
  • On May 22, HUD released Mortgage Letter (ML) 2023-11 to update previously issued guidance on loss mitigation options for non-borrowers, who acquire a title through an exempted transfer. For more information, click here.
  • On May 20, the Federal Trade Commission filed an amicus brief in a case on appeal before the U.S. Court of Appeals for the Ninth Circuit, arguing that the Children’s Online Privacy Protection Act does not preempt state laws that are consistent with the federal statute’s treatment of regulated activities. For more information, click here.

State Activities:

  • On May 27, Texas Governor Greg Abbott signed SB 768, amending the state’s data breach notification statutes. Under the amended law, a security breach must be disclosed to the attorney general “as soon as practicable and not later than the 30th day after the date on which the person determines that the breach occurred.” This amendment reduces the amount of time for disclosure down from 60 days. The act also requires that the notice be submitted via an electronic form. For more information, click here.
  • On May 25, while delivering testimony before the New York State Assembly, Superintendent of the New York State Department of Financial Services (NYDFS) Adrienne Harris asserted that the NYDFS’ BitLicense regime has “cement[ed] the [NYDFS] as the leading global prudential regulator for virtual currency business activity.” For more information, click here.
  • On May 25, New York Attorney General Letitia James recovered $300,000 from an online sporting goods retailer following the company’s failure to adequately safeguard consumers’ personal data. The company’s inadequate security measures left it vulnerable to a cybersecurity attack in 2021 that affected consumers private information, including credit card information and email addresses. The company agreed to pay $300,000 in penalties and further agreed to strengthen its cybersecurity policy to better protect consumers’ private information. For more information, click here.
  • On May 24, Minnesota Governor Tim Walz signed AF 2744, a bill that amends several of the state’s statutes concerning financial institutions. Among other things, the bill revises the definition of “annual percentage rate” as it pertains to small consumer loans to “include[] all interest, finance charges, and fees,” and requires that the annual percentage rate “be determined in accordance with either the actuarial method or United States Rule method.” With respect to a consumer short-term loan, the bill provides that a short-term loan lender may charge an annual percentage rate of up to 50% but prohibits any other charges or payments in connection with a consumer short-term loan. Loans that exceed 36% annual percentage rate must also comply with certain other provisions. For more information, click here.
  • On May 24, Florida Governor Ron DeSantis signed HB 1185, which, among other things, permits mortgage loan originators to work from remote locations if certain conditions are met. Some of the conditions set forth in the act are: (a) the licensee has written policies and procedures for the supervision of loan originators working from remote locations; (b) access to company platforms and customer information complies with the licensee’s comprehensive written information security plan; (c) an in-person interaction with a customer does not occur at the originator’s residence unless such residence is a licensed location; (d) physical records are not kept at a remote location; (e) customer interactions and conversations about consumers comply with applicable state and federal information security requirements; (f) the originator must use a virtual private network or system that ensures secure connectivity when access the company’s secure systems or documents from a remote location; (g) the licensee ensures all appropriate security updates are installed and maintained; (h) the licensee is able to remotely lock/erase company-related contents of any device; and (i) the registry’s record designates the originator’s principal place of business as the originator’s registered location. For more information, click here.
  • On May 23, New York Attorney General Letitia James recovered $550,000 from a medical management company for failing to properly shield New Yorkers’ personal information, including health records. The company’s networks were left susceptible to a cyberattack when the company failed to timely update its software, affecting more than 1.2 million individuals across the nation. The security failures violated state law and the federal Health Insurance Portability and Accountability Act (HIPAA). The company has agreed to pay $550,000 in penalties, strengthen its security measures with regard to safeguarding data, and offer consumers free credit monitoring services. For more information, click here.
  • Recently, the New York branch of the U.S. Central Bank published the Phase II report of Project Cedar, an ongoing pilot with the goal of improving cross-border payments using distributed ledger technology. According to a press release, among other things, the report discusses findings related to interlinking simulated central bank currency ledgers; “atomic settlement” where “transactions were only settled if all legs in the cross-currency payment chains were executed successfully”; and “near real-time settlement” where a “simulated payment scenario achieved end-to-end settlement in under 30 seconds on average. For more information, click here.