InfoBytes

Section Content

Filter

Tags

Operator

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

April 15, 2022

Virginia enacts additional consumer data protections

On April 11, the Virginia governor signed legislation enacting additional amendments to the Virginia Consumer Data Protection Act (VCDPA). Both bills take effect July 1.

HB 714 (identical bill SB 534) expands the definition of a nonprofit organization to include political and certain tax-exempt 501(c)(4) organizations, thus exempting them from the VCDPA’s provisions. The bill also abolishes the Consumer Privacy Fund and provides that all civil penalties, expenses, and attorney fees collected from enforcement of the VCDPA shall be deposited into the Regulatory, Consumer Advocacy, Litigation, and Enforcement Revolving Trust Fund. Under Section 59.1-584, the attorney general has exclusive authority to enforce the law and seek penalties of no more than $7,500 per violation should a controller or processor of consumer personal data continue to violate the VCDPA following a 30-day cure period, or breach an express written statement provided to the attorney general that the alleged violations have been cured.

HB 381 amends VCDPA provisions related to consumers’ data deletion requests. Specifically, the amendment provides that a controller that has obtained a consumer’s personal data from a third party “shall be deemed in compliance with a consumer’s request to delete such data . . . by either (i) retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer’s personal data remains deleted from the business’s records and not using such retained data for any other purpose . . . or (ii) opting the consumer out of the processing of such personal data for any purpose except for those exempted pursuant” to the VCDPA.

As previously covered by InfoBytes, the VCDPA was enacted last year to establish a framework for controlling and processing consumers’ personal data in the Commonwealth. The VCDPA, which explicitly prohibits a private right of action, allows consumers to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.”

Privacy/Cyber Risk & Data Security State Issues State Legislation Virginia Consumer Protection Act Virginia Consumer Protection VCDPA
March 10, 2022

Virginia passes additional VCDPA amendments

On March 7, the Virginia House and Senate passed HB 714, which amends Sections 59.1-575 and 59.1-584 and repeals Section 59.1-585 of the Virginia Consumer Data Protection Act (VCDPA). Specifically, the amendments expand the definition of a nonprofit organization to include political and certain tax-exempt 501(c)(4) organizations, thus exempting them from the VCDPA’s provisions. The bill also abolishes the Consumer Privacy Fund and provides that all civil penalties, expenses, and attorney fees collected from enforcement of the VCDPA shall be deposited into the Regulatory, Consumer Advocacy, Litigation, and Enforcement Revolving Trust Fund. Under Section 59.1-584, the attorney general has exclusive authority to enforce the law and seek penalties of no more than $7,500 per violation should a controller or processor of consumer personal data continue to violate the VCDPA following a 30-day cure period, or breach an express written statement provided to the attorney general that the alleged violations have been cured.

As previously covered by InfoBytes, the VCDPA was enacted last year to establish a framework for controlling and processing consumers’ personal data in the Commonwealth. The VCDPA, which explicitly prohibits a private right of action, allows consumers to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.” The bill now heads to the governor, and if enacted, will take effect January 1, 2023.

Privacy/Cyber Risk & Data Security State Issues State Legislation Consumer Protection Virginia VCDPA
March 3, 2022

Virginia passes amendments on CDPA for data deletion

On February 25, the Virginia House and Senate passed HB 381, which amends Section 59.1-577 of the Virginia Consumer Data Protection Act (VCDPA) related to consumers’ data deletion requests. Specifically, the amendment provides that a controller that has obtained a consumer’s personal data from a third party “shall be deemed in compliance with a consumer’s request to delete such data . . . by either (i) retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer’s personal data remains deleted from the business’s records and not using such retained data for any other purpose . . . or (ii) opting the consumer out of the processing of such personal data for any purpose except for those exempted pursuant” to the VCDPA. As previously covered by InfoBytes, the VCDPA was enacted last year to establish a framework for controlling and processing consumers’ personal data in the Commonwealth. The VCDPA, which explicitly prohibits a private right of action, allows consumers to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.” The bill now heads to the governor.

Privacy/Cyber Risk & Data Security State Issues State Legislation Consumer Protection Virginia VCDPA
December 3, 2021

Virginia Consumer Data Protection Act Work Group issues final report

Recently, the Virginia Consumer Data Protection Act Work Group (Work Group) released its final report addressing several privacy topics related to enforcement, definitions and rulemaking authority, and consumer rights and education. The Virginia Consumer Data Protection Act (VCDPA), enacted in March and covered by InfoBytes here, created the Work Group to study findings, best practices, and recommendations before the VCDPA’s January 1, 2023 effective date. The report summarizes information that arose during six Work Group meetings held this year, including the following:
- Establishing an education initiative led by leadership outside of the Office of Attorney General (OAG) to help small to medium-sized businesses comply with the VCDPA.
- Allowing the OAG to pursue actual damages, should they exist, based on consumer harm.
- Employing an “ability to cure” option for violations where a potential cure is possible.
- Authorizing consumers to assert, and requiring companies to honor, a global opt-out setting as a single-step for consumers to opt-out of data collection.
- Sunsetting the “right to cure” provision following the first few years after the VCDPA’s enactment to prevent companies from exploiting the provision.
- Amending “‘the right to delete’ provision to be a ‘right to opt out of sale’ in order to promote compliance and restrict further dissemination of consumer personal data.”
- Studying specific data privacy protections for children.
- Encouraging the development of third-party software and browser extensions to enable users to universally opt out of data collection instead of opting out on each website.
- Recruiting nonprofit consumer and privacy organizations to address concerns related to the VCDPA’s definitions of “sale,” “personal data,” and “publicly available information,” and whether general demographic data used when promoting diversity and outreach to underserved populations should be included in the definition of “sensitive personal information.”
- Creating an education website containing information about consumers’ rights under the VCDPA. Additionally, the website could provide guidance for smaller businesses seeking to comply with the VCDPA, including sample data protection forms.
- Directing an agency to promulgate regulations because the VCDPA does not currently grant the OAG such authority.
The Work Group’s recommendations will be presented during the upcoming legislative session.

Privacy/Cyber Risk & Data Security State Issues Virginia State Legislation VCDPA
March 4, 2021

Virginia enacts comprehensive consumer data privacy framework

On March 2, the Virginia governor enacted the Consumer Data Protection Act (VCDPA), which establishes a framework for controlling and processing consumers’ personal data in the Commonwealth. Virginia is now the second state in the nation to enact a comprehensive consumer privacy law. In 2018, California became the first state to put in place significant consumer data privacy measures (covered by a Buckley Special Alert). As previously covered by InfoBytes, under the VCDPA, consumers will be able to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.” The VCDPA also outlines controller responsibilities, including a requirement that, among other things, controllers must enter into data processing agreements with data processors that outline instructions for processing personal data and require the deletion or return of personal data once a service is concluded. While the VCDPA explicitly prohibits a private right of action, it does grant the state attorney general excusive authority to enforce the law and seek penalties of no more than $7,500 per violation. Additionally, upon discovering a potential violation of the VCDPA, the attorney general must give the data controller written notice and allow the data controller 30 days to cure the alleged violation before the attorney general can file suit. The VCDPA takes effect January 1, 2023.

State Issues State Legislation Privacy/Cyber Risk & Data Security Consumer Data Protection Act Virginia VCDPA
February 5, 2021

Virginia legislature advances privacy bill

Recently, the Virginia Senate and House advanced identical bills (see SB 1392 and HB 2307), which would establish a framework for controlling and processing consumers’ personal data in the Commonwealth. Highlights of the bill include:
- Applicability. The bill will apply to “persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.” Notably, financial institutions, data governed by federal regulations, nonprofit organizations, and certain protected health information are exempt from coverage.
- Consumers’ rights. Under the bill, consumers will be able to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.”
- Controllers’ responsibilities. Data controllers under the bill will be responsible for (i) limiting the collection of data to what is required and reasonably necessary for a specified purpose; (ii) not processing data for reasons incompatible with the specified purpose; (iii) securing personal data from unauthorized access; (iv) not processing data in violation of state or federal anti-discrimination laws; (v) obtaining consumer consent in order to process sensitive data; (vi) ensuring contracts and agreements do not waive or limit consumers’ data rights; and (vii) providing clear and meaningful privacy notices.
- Data processing agreements/data protection assessments. The bill requires controllers to enter into data processing agreements with data processors that outline instructions for processing personal data and require the deletion or return of personal data once a service is concluded. Controllers must also conduct data protection assessments for all processing activities that involve targeted advertising, the sale of personal data, certain profiling activities, sensitive data, and any processing activities that present a heightened risk of harm to consumers.
- Private right of action and state attorney general enforcement. The bill explicitly prohibits a private right of action. Instead, it grants the state attorney general excusive authority to enforce the law and seek penalties of no more than $7,500 per violation. The attorney general may also recover reasonable expenses, including attorney fees, for any initiated action.
- Right to cure. Upon discovering a potential violation of the bill, the attorney general must give the data controller written notice. The data controller then has 30 days to cure the alleged violation before the attorney general can file suit.
The two bills next move to a reconciliation process, and if passed and signed into law, the bill will take effect January 1, 2023.

State Issues State Legislation Privacy/Cyber Risk & Data Security Virginia Consumer Data Protection Act VCDPA

1071
23 NYCRR 600
23 NYCRR Part 102
23 NYCRR Part 200
23 NYCRR Part 500
AARMR
Aaron Mahler
ABA
Ability To Repay
ABS
Abusive
ACA International
Acceleration
Accounting
ACFIN
ACH
Add-On Products
Adjudication
Adjustable Rate Mortgage
Administrative Procedure Act
Administrative Procedures Act
Adverse Action
Advertisement
Advisers Act
Advisory Board
Advisory Committee
Advisory Council
Advisory Opinion
AECA
Affiliated Business Relationship
Affinity Products
Affirmative Defense
Affordable Housing
Afghanistan
Africa
Agency Rule-Making & Guidance
Agent
Agreement
Agribusiness
AI
Alabama
Alaska
Algorithms
ALJ
Alternative Data
AMA
Amanda Raines Lawrence
American Data Privacy and Protection Act
American Depositary Receipts
American Depository Receipts
American Rescue Plan Act of 2021
Americans with Disabilities Act
Amicus Brief
Ancillary Products
Andorra
Andrew Grant
Andrew Louis
Andrew Schilling
ANPR
Anti-Corruption
Anti-Money Laundering
Anti-Money Laundering Act of 2020
Anti-Retaliation
Antiquities
Antiterrorism Act
Antitrust
APEC CBPR
APHIS
Appeals
Appellate
Appraisal
Appraisal Management Companies
APR
APY
Aquisition
Arbitration
Argentina
Arizona
Arkansas
ARRC
Article 291A
Artificial Intelligence
Assessments
Asset Management
Asset-Based Lending
Assignee Liability
ATM
Attorney Fees
Attorney-Client Privilege
Audit
Auto Finance
Auto Insurance
Auto Leases
Auto Lending
Auto-Renewal
Autodialer
Automated Telephone Dialing
Autopay
AVMs
BAFT
Balkans
Ballot Initiative
Bank Charter
Bank Compliance
Bank Consultants
Bank for International Settlements
Bank Holding Companies
Bank Holding Company Act
Bank Lending
Bank Merger Act
Bank Mergers
Bank Partnership
Bank Privilege
Bank Regulatory
Bank Resolution
Bank Secrecy Act
Bank Supervision
Banking
Bankruptcy
Bankruptcy Code
Banks
Basel
Basel Committee
BCBS
Belarus
Ben Olson
Beneficial Ownership
Biden
Big Data
Biggert-Waters Act
Biometric Data
BIPA
Bitcoin
Blockchain
BNPL
Board of Governors
Bona Fide Error
Bond
Borrower Defense
Bosnia
Braskem SA
Brazil
Breach of Contract
Bribery
Broker
Broker-Dealer
Brokered Deposits
Budget
Bulgaria
Burma
Burundi
Business Continuity
Business Email Compromise
Business Opportunity Rule
Buy Now Pay Later
CA UCL
CAATSA
California
California Consumer Financial Protection Law
California Financing Law
California Money Transmission Act
California Securities Law
Call Report
CalOPPA
Cambodia
CAN-SPAM Act
Canada
Cannabis Banking
Capital
Capital Planning
Capital Requirements
CARD Act
CARES Act
CARU
Cash Assistance Programs
Cash Checking
Cash-Out Refinance
CBDC
CBLR
CCAR
CCFPL
CCPA
CCPA/EU
CCRA
CDBO
CDC
CDD Rule
CDFI
Cease and Desist
CECL
Census Bureau
Central African Republic
Central Bank Digital Currency
CFDL
CFIUS
CFP Act
CFPA
CFPB
CFPB Act
CFPB NLRB
CFPB Succession
CFTC
Chamber of Commerce
Champerty
Chargeback
Check Cashing
China
Chris Witeck
CID
CIDs
CIPA
CISA
Cities & Counties
Civil Fraud Actions
Civil Money Penalties
Civil Procedure
CLA
Class Action
Class Certification
Clawback
Clickwrap Agreement
Climate-Related Financial Risks
Closed-End Credit
Cloud Computing
Cloud Technology
CMBS
Collateral Estoppel
College Scorecard
Colorado
Colorado Privacy Act
Combating the Financing of Terrorism
Combating Weapons of Mass Destruction Proliferation Financing
Comment Letter
Commercial Finance
Commercial Lending
Commercial Mortgage Backed Securities
Commodity Exchange Act
Communications Decency Act
Community Banks
Compensation
Competition
Compliance
Compliance Aids
Comptroller's Handbook
Comptroller's Licensing Manual
Computer Fraud and Abuse Act
Confessions of Judgement
Conforming Loan
Congo
Congress
Congressional Inquiry
Congressional Oversight
Congressional Review Act
Connecticut
Consent
Consent Order
Consolidated Appropriations Act
Constitution
Construction
Consumer Complaints
Consumer Credit
Consumer Credit Fairness Act
Consumer Credit Outcomes
Consumer Data
Consumer Data Protection Act
Consumer Education
Consumer Finance
Consumer Leasing Act
Consumer Lending
Consumer Lending | Consumer Finance
Consumer Protection
Consumer Protection Act
Consumer Redress
Consumer Reporting
Consumer Reporting Agency
Consumer Review Fairness Act
Consumers Legal Remedies Act
Contempt
Contracts
Cookies
COPPA
Cordray
Corporate Compliance Program
Corporate Enforcement Policy
Corporate Governance
Corporate Transparency Act
Correspondent Banking
Correspondent Lenders
Corruption
Costa Rica
Courts
Covered Savings Association
Covid-19
Covid-19 Consumer Protection Act
CPA
CPI
CPPA
CPRA
CRA
CRE Lending
Credit Application
Credit Builder Loans
Credit Bureau
Credit Card Laundering
Credit Cards
Credit Furnishing
Credit Monitoring
Credit Practices Rule
Credit Rating Agencies
Credit Ratings
Credit Repair
Credit Repair Organizations Act
Credit Report
Credit Reporting Agency
Credit Risk
Credit Risk Retention Regulation
Credit Scores
Credit Sellers
Credit Services Business
Credit Union
Criminal Enforcement
Critical Infrastructure
CROA
Cross Border Activities
Crowdfunding
Crypto Mixer
Cryptocurrency
CSBS
Cuba
CUNA
CUSO
Customer Due Diligence
Customer Identification Program
CVC
CVF
Cyber Insurance
Cyber Risk & Data Security
Cyber Threat Intelligence Integration Center
D.C. Circuit
DACA
Damages
Dark Patterns
Dark Pools
Data
Data Aggregator
Data Analytics
Data Breach
Data Brokers
Data Collection / Aggregation
Data Point Reports
Data Protection
Data Scraping
DBO
DC Circuit
De Novo Bank
De-Risking
Debit Cards
Debt Buyer
Debt Buying
Debt Cancellation
Debt Collection
Debt Collection Licensing Act
Debt Management
Debt Relief
Debt Settlement
Debt Verification
Decentralized Finance
Deceptive
Default
Deferred Deposit Lenders
Deferred Deposits
Deferred Interest
Deficiency Claim
Delaware
Denmark
Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Energy
Department of Health and Human Services
Department of Homeland Security
Department of Justice
Department of Labor
Department of State
Department of Treasury
Department of Veterans Affairs
Deposit Advance
Deposit Insurance
Deposit Products
Depository Institution
Deposits
Derivatives
DFPI
DHHS
DIDMCA
DIFC
Digital Assets
Digital Collateral
Digital Commerce
Digital Currency
Digital Identity
Digital Insights and Trends
Digital Platform
Digital Wallets
Digitalization
Directors & Officers
Disaster Relief
Discharge
Disclosures
Discount Points
Discount Window
Discovery
Discrimination
Disgorgement
Disparate Impact
Dispute Resolution
Distributed Ledger
District of Columbia
Diversity
Diversity and Inclusion Subcommittee
Do Not Call Registry
Dodd-Frank
DOJ
DOL Fiduciary Rule
Douglas Gansler
Downpayment Assistance
DPA
Drug Enforcement Administration
Drug Enforcement Administration
DSIB
Due Process
Durbin Amendment
E-Discovery
E-SIGN Act
E-Signature
Earned Wage Access
ECIP
ECOA
eCommerce
Economic Aid Act
Ecuador
Ed Tech
EDGAR
EEOC
EFTA
EFTA. New York
EGRPRA
EGRRCPA
EIDL
Eighth Circuit
Elder Financial Exploitation
Electronic Check
Electronic Filing
Electronic Fund Transfer
Electronic Mortgages
Electronic Payments
Electronic Records
Electronic Signatures
Electronic Transfers
Eleventh Circuit
Elizabeth McGinn
Elizabeth Warren
Eminent Domain
Employer-Driven Debt Products
En Banc
Endorsements
Enforcement
English v. Trump
Escrow
ESG
ESIGN
Eskom
Ethiopia
EU
EU-US Data Privacy Framework
EU-US Privacy Shield
European Data Protection Board
European Union
Evictions
examin
Examination
Exchange-Traded Funds
Executive Compensation
Executive Order
Export Controls
FACTA
FAFT
Fair Access to Credit Act
Fair Credit Billing Act
Fair Credit Reporting Act
Fair Housing
Fair Housing Act
Fair Labor Standards Act
Fair Lending
Fair Servicing
False Claims Act / FIRREA
Fannie Mae
FAQs
Farm Credit Administration
FASB
FATF
Faxes
FBAR
FBI
FCA
FCC
FCPA
FCPA Enforcement Action
FCPA Pilot Program
FCRA
FDA
FDCPA
FDI Act
FDIA
FDIC
FDiTech
Federal Advisory Committee Act
Federal Arbitration Act
Federal Communications Act
Federal Deposit Insurance Act
Federal Home Loan Banks
Federal Insurance Office
Federal Issues
Federal Legislation
Federal Register
Federal Reserve
Federal Reserve Act
Federal Reserve Bank of Boston
Federal Reserve Bank of New York
Federal Reserve Banks
Federal Reserve System
FedNow
Fedral Issues
Fees
FEMA
FFIEC
FHA
FHFA
FHLB
FICO
Fiduciary Duty
Fiduciary Rule
FIFA
Fifth Circuit
Finance
Finance Charge
Financial Advisers
Financial CHOICE Act
Financial Conduct Authority
Financial Crimes
Financial Inclusion
Financial Institutions
Financial Literacy
Financial Services
Financial Services Authority
Financial Stability
Financial Stability Board
Financial Technology
FinCEN
Finder's Fee
FINRA
Fintech
Fintech Charter
FIRREA
First Amendment
First Circuit
Flexibility Act
Flood Disaster Protection Act
Flood Insurance
Florida
FOIA
FOMC
For-Profit College
Forbearance
Force-placed Insurance
Foreclosure
Foreign Banks
Foreign Exchange Trading
Foreign Sovereign Immunities Act
Foreign Terrorist Organization
Forfeiture Order
Fourth Amendment
Fourth Circuit
France
Fraud
FRB
Freddie Mac
Fredrick Levin
FSA
FSB
FSOC
FTC
FTC Act
FTCA
Fund Transfers
Funding Structure
FVRA
G-7
G-Fees
G20
G7
GAAP
Gambling
GAO
GAP Fees
GAP Waivers
Garnishment
GDPR
Georgia
Germany
GFE
Gift Cards
Ginnie Mae
GLBA
Governance
Governors
Gramm-Leach-Bliley
GSE
GSE Patch
GSEs
GSIBs
GTO
Guam
Guaranteed Asset Protection
Guaranty Agency
Guatemala
Guinea
Haiti
Hamas
HAMP
HAMP / HARP
Hawaii
Hazard Insurance
HDMA
Health Breach Notification Rule
Health Care
Hearing
HECM
Hedge Fund
HELOC
Hemp Businesses
HERA
HEROES Act
Herzegovina
High Frequency Trading
Higher Education Act
HIPAA
Hizballah
HMDA
HOA
HOEPA
HOLA
Holder Rule
Holding Foreign Companies Accountable Act
Home Affordable Refinance Program
Home Equity Loans
Home Inspection
Home Owners' Loan Act
Honduras
Hong Kong
House Appropriations Committee
House Committee on Education
House Energy and Commerce Committee
House Financial Services Committee
House Judiciary Committee
House Oversight Committee
House Small Business Committee
House Subcommittee on Consumer Protection and Commerce
Housing Finance Reform
HPML
HQLA
HUD
Hunstein
IBOR
ICBA
ICE
Idaho
Identity Theft
IIF
ILC
Illicit Finance
Illinois
Illinois Banking Act
Illinois Savings Bank Act
ILSA
IMF
Incentive Compensation
Income Share Agreements
Income-Driven Repayment
Indemnification
Indemnity Claims
India
Indiana
Indictment
Indonesia
Information Commissioner's Office
Information Furnisher
Initial Coin Offerings
Injunction
Innovation
Installment Loans
Institution-Affiliated Party
Insurance
Insurance Licensing
Interchange Fees
Interest
Interest Rate
International
Internet
Internet Commerce
Internet Lending
Internet of Things
Investigations
Investment
Investment Adviser
Investment Advisers Act
Investment Company Act
IOSCO
Iowa
Iran
Iraq
Ireland
IRRRL
IRS
ISIS
Israel
IT
ITAR
Jeffrey Hydrick
Jeffrey Naimon
John Doe v CFPB
John Kromer
John Redding
Jon Langlois
Junk Fees
Jurisdiction
Kansas
Kentucky
Kickback
Know Before You Owe
Kokesh
Korea
Kuwait
KYC
Landlords
Language Access
Latvia
LCR
Lead Aggregation
Lead Generation
Least Sophisticated Consumer
Lebanon
Lender Certification
Lender Placed Insurance
Lending
LFI
Liberia
LIBOR
Libya
Licensing
Lien Stripping
Limited English Proficiency
Liquidity
Liquidity Standards
LISCC
Listing Agreement
Litigation
Litigation Funding
Liu v. SEC
Living Wills
LO Comp Rule
Loan Broker
Loan Modification
Loan Origination
Loans
Loss Mitigation
Louisiana
LTV Ratio
Luxembourg
Machine Learning
Macroprudential
Madden
Main Street Lending Program
Maine
Malaysia
Mali
Malware
Manley Williams
Manufactured Housing
MAP Rule
Marketing
Marketing Services Agreements
Marketplace Lending
Markups
MARS Rule
Martin Act
Maryland
Massachusetts
Maxine Waters
MBS
MDI
MDL
Mediation
Medical Data
Medical Debt
Medical Marijuana
Merchant Cash Advance
Merchant Services
Merger
Mexico
MHA
Michigan
Military Allotment System
Military Lending
Military Lending Act
Ministry of Justice
Minnesota
Minority Depository Institution
Miscellany
Mississippi
Missouri
MLA
MLETR
MLO
MMLF
Mobile Banking
Mobile Commerce
Mobile Payment Systems
Mobile Payments
Mobile Top-Ups
Model Valuation
Moldova
Monetary Policy
Money Laundering
Money Service / Money Transmitters
Money Service Business
Monitoring
Montana
Moorari Shah
Mortgage Advertising
Mortgage Broker
Mortgage Fraud
Mortgage Insurance
Mortgage Insurance Premiums
Mortgage Lenders
Mortgage Licensing
Mortgage Modification
Mortgage Origination
Mortgage Relief
Mortgage Servicing
Mortgage-Backed Securities
Mortgagee Letters
Mortgages
Mortgages Servicing
MOUs
Multi-Factor Authentication
Multi-State Mortgage Committee
Multifamily
Mutual Fund
N.D. Cal.
NACHA
NAFCU
NASAA
Nasdaq
National Association of Attorneys General
National Bank
National Bank Act
National Fair Housing Alliance
National Flood Insurance Act
National Flood Insurance Program
National Mortgage Servicing Settlement
National Mortgage Settlement
NCLC
NCRC
NCUA
Nebraska
Negative Option
Negligence
Net Interest Margin
Net Neutrality
Net Worth Sweep
Nevada
New Hampshire
New Jersey
New Mexico
New York
New York CRA
NFT
NGFS
Nicaragua
Nigeria
Ninth Circuit
NIST
NMLS
No Action Letter
No Surprises Act
Non-Depository Institution
Nonbank
Nonbank Lending
Nonbank Supervision
Noncompete
Nondepository
Nonprofit
North Carolina
North Dakota
North Korea
Norway
Notary
Notice
NPA
NPR
NSF Fees
NYDFS
Obama
OCC
OCC EGRPRA
Of Interest to Non-US Persons
OFAC
OFAC Designations
OFAC Sanctions
Office of Science and Technology
OFR
Ohio
OIG
OIRA
Oklahoma
OMB
Ombudsman
Online Banking
Online Contract
Online Lending
Online Marketplace
Open Banking
Open-End Credit
Operation Choke Point
Operational Resilience
Operational Risk
Opt-In
Opt-Out
Orderly Liquidation Authority
Oregon
OREO
OSHA
OTS
Overdraft
Overdrafts
PA Department of Banking and Securities
PACE
PACE Programs
Pakistan
Paraguay
Patriot Act
Payday Lending
Payday Rule
Payment Processors
Payment Systems
Payments
PCAOB
Peer-to-Peer
Penalty Offense Authority
Pennsylvania
Pension Advance
Pension Benefits
Petrobras
Petroleos de Venezuela
Phantom Debt
PHH v. CFPB
Pilot Program
PLUS Loans
PPP
PPPLF
Predatory Lending
Preemption
Preliminary Injunction
Prepaid Accounts
Prepaid Cards
Prepaid Rule
Prepayment
Prescreened Offers
President-Elect
Privacy
Privacy Act
Privacy Notices
Privacy of Consumer Financial Information Rule
Privacy Rule
Privacy, Cyber Risk & Data Security
Privacy/Cyber Risk & Data Security
Private Right of Action
Pro Bono
Project Catalyst
Property Tax
Prudential Regulators
PSLF
PTFA
Public Banking
Public Health Service Act
Public Records
Puerto Rico
Punitive Damages
Qualified Mortgage
Qualified Residential Mortgage
Qualified Written Request
Qui Tam Action
QWR
Racial Bias
Racketeering
Ransomware
Rate Lock
Ray Baum's Act
Real Estate
Real Estate Appraisal
Recordkeeping
Redemption
Redlining
Referrals
Refinance
Registration
Regtech
Regulation
Regulation A
Regulation B
Regulation C
Regulation CC
Regulation D
Regulation DD
Regulation E
Regulation F
Regulation H
Regulation II
Regulation J
Regulation M
Regulation N
Regulation O
Regulation P
Regulation V
Regulation W
Regulation X
Regulation XX
Regulation Y
Regulation YY
Regulation Z
Regulator Enforcement
Regulatory Sandbox
Rejected Transactions
Relator
Remittance
Remittance Rule
Remittance Transfer Rule
Remote Work
Rent-a-Bank
Rent-to-Own
Rental Assistance
REO
Repeat Offender
Repossession
Repurchase
Rescission
Research
RESPA
Responsible Banking
Responsible Business Conduct
Restitution
Retail Banking
Reverse Mortgages
Reverse Redlining
Rewards Programs
RFI
Rhode Island
RICO
Riegle-Neal Act
Ripeness
Risk Governance
Risk Management
RMBS
Robo-Advisor Service
Robo-signing
Robocalls
Robotext
ROE
Romania
Rooker-Feldman
ROSCA
Rosenthal Fair Debt Collection Practices Act
RTC
Rulemaking Agenda
Rural Communities
Rural Housing Service
Russia
S. 2155
SAFE Act
Safe Harbor
Safeguard Rule
Safeguards Rule
Sales Incentive Compensation
Sales-Based Financing
Sanctions
SAP
Sarbanes-Oxley
SARs
Sasha Leonhardt
Saudi Arabia
SAVE Plan
SBA
SBREFA
SCRA
SDN List
SDNY
Seasoned QM
SEC
Second Circuit
Section 1033
Section 1071
Section 19
Section 8
Securities
Securities Act
Securities Exchange Act
Securities Exchange Commission
Securitization
Securitization Safe Harbor Rule
Security Freeze
Seila Law
Selling Guide
Semiannual Risk Report
Senate Banking Committee
Senate Finance Committee
Senate Judiciary Subcommittee
Seniors
Separation of Powers
Service Contracts
Service Fees
Servicemembers
Servicer
Servicing
Servicing Guide
Servicing Transfers
Sessions
Settlement
Seventh Circuit
SFO
Shareholders
Shell Companies
Short Sale
Shutdown Relief
SIFA
SIFIs
SIGTARP
Singapore
Single-Director Structure
Sixth Circuit
SLHC
Small Business
Small Business Financing
Small Business Lending
Small Business Regulatory Enforcement Fairness Act
Small Dollar Lending
Small Entity Compliance Guide
Social Media
SOFR
Somalia
Song-Beverly Credit Card Act
Sons and Daughters
Soundboard
South Africa
South Carolina
South Dakota
South Korea
Sovereign Immunity
SOX
SPAC
SPCP
Special Alerts
Spokeo
Spoofing
Sports Betting
SRR
Stablecoins
Standard Setting
Standing
State Attorney General
State Issues
State Legislation
State Regulation
State Regulators
Statute of Limitations
Steering
STIR/SHAKEN
Stress Test
Structured Settlement
Student Lending
Student Loan Servicer
Student Loan Servicing Act
Student Loans
Subject Matter Jurisdiction
Subprime
Subscriptions
Sudan
Supervision
Supply Chain
Supreme Court
Surcharge
Surveillance
Swap Margin Rule
Swaps
Swiss-U.S. Privacy Shield
Switzerland
Symposium
Synthetic Identity Fraud
Syria
Systemic Risk
TAILOR Act
TARP
Taskforce
TCPA
Technology
Techsprint
Telehealth
Telemarketing
Telemarketing and Consumer Fraud and Abuse Prevention Act
Telemarketing Sales Rule
Temporary Waiver
Tenant Rights
Tennessee
Tenth Circuit
Terms of Use
Terrorist Financing
Terrorist Financing Targeting Center
Testimony
Texas
Text Messages
Third Circuit
Third-Party
Third-Party Risk Management
Third-Party Service Providers
TILA
Time-Barred Debt
TISA
Title Insurance
Title Loans
Tokens
Tort Claims
TRACED Act
Transactions
Transnet
Travel Act
Tribal Immunity
Tribal Lending
TRID
TRO
Troubled Debt Restructuring
True Lender
Trump
Trust Fund
Truth in Caller ID Act
Truth in Savings Act
TSR
Turkey
Ty Yankov
U.K.
U.N.
U.S. Court of Federal Claims
U.S. House
U.S. Postal Inspection Service
U.S. Senate
U.S. Solicitor General
U.S. Supreme Court
U.S. Trade Representative
UAE
UCCC
UDAAP
UDAA{
UDAP
UETA
Uganda
UK
UK Bribery Act
UK FCA
UK FSA
UK OFT
UK PRA
UK Prevention of Corruption Act
UK Regulatory Reform
UK Serious Fraud Office
Ukraine
Ukraine Invasion
Unbanked
UNCITRAL
Unclaimed Property
Underserved
Underwriting
Unfair
Uniform Money Services Act
Uniform Mortgage-Backed Security
United Arab Emirates
Unsecured Loans
Unsophisticated Debtor
URLA
USDA
USERRA
UST
Usury
Utah
Valerie Hletko
Valid When Made
Validation Notice
VCDPA
Vehicle Title
Vendor
Vendor Management
Vendors
Venezuela
Venture Capital
Vermont
Veto
Vicarious Liability
Video Games
Vietnam
Virginia
Virginia Consumer Protection Act
Virtual Currency
Vision 2020
VoIP
Volcker Rule
Walter Zalenski
Warren Traiger
Washington
West Virginia
Whistleblower
White Collar
White House
Wholesale Lending
Wire Act
Wire Fraud
Wire Tapping
Wire Transfers
Wiretap Act
Wisconsin
Work-Product Privilege
Writ of Certiorari
Writ of Mandamus
WSLA
Wyoming
Yemen
Yield Spread Premium
Zimbabwe

Filter

Virginia enacts additional consumer data protections

Virginia passes additional VCDPA amendments

Virginia passes amendments on CDPA for data deletion

Virginia Consumer Data Protection Act Work Group issues final report

Virginia enacts comprehensive consumer data privacy framework

Virginia legislature advances privacy bill

Upcoming Events