Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CPPA releases latest draft of automated decision-making technology regulation

    State Issues

    The California Privacy Protection Agency (CPPA) released an updated draft of its proposed enforcement regulations for automated decisionmaking technology in connection with its March 8 board meeting. The draft regulations included new definitions, including “automated decisionmaking technology” which means “any technology that processes personal information and uses computation to execute a decision, replace human decisionmaking, or substantially facilitate human decisionmaking,” which expands its scope from its previous September update (covered by InfoBytes here).

    Among other things, the draft regulations would require businesses that use automated decisionmaking technology to provide consumers with a “Pre-use Notice” to inform consumers on (i) the business’s use of the technology; (ii) their right to opt-out of the business’s use of the automated decisionmaking technology and how they can submit such a request (unless exempt); (iii) a description of their right to access information; and (iv) a description of how the automated decisionmaking technology works, including its intended content and recommendations and how the business plans to use the output. The draft regulations detailed further requirements for the opt-out process.

    The draft regulations also included a new article, entitled “risk assessments,” which provided requirements as to when a business must conduct certain assessments and requirements that process personal information to train automated decisionmaking technology or artificial intelligence. Under the proposed regulations, every business which processes consumers’ personal information may present significant risk to consumers’ privacy and must conduct a risk assessment before initiating that processing. If a business previously conducted a risk assessment for a processing activity in compliance with the article and submitted an abridged risk assessment to the CPPA, and there were no changes, the business is not required to submit an updated risk assessment. The business must, however, submit a certification of compliance to the CPPA.

    The CPPA has not yet started the formal rulemaking process for these regulations and the drafts are provided to facilitate board discussion and public participation, and are subject to change. 

    State Issues Privacy Agency Rule-Making & Guidance California CPPA Artificial Intelligence

  • District Court sides with bank in class-action suit against foreign currency swap overcharges

    Courts

    On March 5, the U.S. District Court for the Eastern District of Virginia dismissed a purported class action complaint in which plaintiffs alleged the defendant banks used “fictional” foreign exchange rates that deviated from those incorporated into plaintiffs’ agreements with the defendants. Specifically, the plaintiffs asserted that defendants charged the plaintiffs “fictional” rates imposed by credit card companies, and in so doing, breached their relevant contracts with the plaintiffs and violated several state consumer protection laws.

    In dismissing the complaint, the court concluded that although the plaintiffs had standing to sue, their breach of contract claim failed as a matter of law because the complaint failed to identify any specific promises regarding exchange rates in the relevant contracts, and a singular reference to credit card companies’ rules did not incorporate such rules into the relevant contracts. The court further rejected the plaintiffs’ argument that an agency relationship existed between the credit card companies and defendants, reasoning that the plaintiffs failed to plausibly demonstrate defendants had any ability to control the rates. 

    The court similarly dismissed all the plaintiffs’ consumer protection law claims, concluding that the relevant laws did not permit for a breach of contract to serve as the basis for an unfair or deceptive trade practice.

    Courts Virginia Standing Consumer Protection Data Breach

  • CFPB releases consumer advisory for student borrowers notifying them of April deadline to cancel

    Federal Issues

    On March 11, the CFPB published a consumer advisory notifying student loan borrowers that they may have an opportunity to cancel or receive credits toward the cancellation of their student loans but some borrowers will need to consolidate their loans by April 30 in order to obtain the benefit. The Department of Education has implemented a “one-time adjustment” to help borrowers receive credit toward federal student loan cancellation. This adjustment is designed to enable the counting of more payments, including all payments made on federally managed loans since July 1, 1994, as well as certain periods of deferment, economic hardship, and forbearance. Generally, federal student loans are eligible for Income Driven Repayment (IDR) plans, which offer loan cancellation after 10, 20, or 25 years of qualifying payments, or after 10 years for those pursuing Public Service Loan Forgiveness (PSLF), provided other eligibility criteria are met. The Bureau also noted that consolidation is free, warning against scammers who would charge for that service.

     

    Federal Issues CFPB Consumer Finance Student Lending Department of Education Income-Driven Repayment

  • Alabama judge finds the Corporate Transparency Act unconstitutional, DOJ quickly appeals

    Courts

    On March 1, the federal district court in the Northern District of Alabama entered a final declaratory judgment concluding that the Corporate Transparency Act (CTA) is unconstitutional. The plaintiffs, including a non-profit small business association consisting of more than 60,000 small business members as well as an individual small business owner, sued the Treasury Department, Secretary Janet Yellen, and FinCEN Acting Director Himamauli Das in their official capacities, alleging that the CTA’s mandatory disclosure requirements violate the First, Fourth, Fifth, Ninth, and Tenth Amendments and exceed Congress’s authority under Article I of the Constitution.

    Corporations, LLCs, or other similar entities that are either “(i) created by the filing of a document with a secretary of state… or (ii) formed under the law of a foreign country and registered to do business in the United States” are required to provide certain beneficial ownership information, as well as disclose any related changes to FinCEN under the CTA, excluding exempt entities. The CTA was passed in 2021 as part of the National Defense Authorization Act and required most entities incorporated under state law to disclose beneficial ownership information to FinCEN to prevent financial crimes often committed through shell corporations. In September 2022, FinCEN issued a final rule implementing the CTA, which went into effect on January 1 of this year, and required currently existing entities and five million new entities formed each year from 2025 to 2034 to disclose the identity and information of any “beneficial owner” to FinCEN (see Orrick Insight here).

    According to the court, the CTA exceeds the Constitution’s limits on Congress’s power and does not have a strong enough connection to any of Congress’s listed powers to be considered a necessary or appropriate way to reach Congress’s policy objectives. The court rejected the government’s claims that the CTA is covered by various constitutional provisions, including the Commerce Clause, Taxing Clause, Necessary and Proper Clause, and Congress’s powers related to foreign affairs and national security.

    The judgment permanently enjoined the Department of the Treasury and FinCEN from enforcing the CTA against the plaintiffs and as a result they are not required to report beneficial ownership information to FinCEN at this time. The order does not ban enforcement of the CTA and its beneficial ownership disclosure requirements to FinCEN generally.

    On March 11, the U.S. Department of Justice filed a notice of appeal to the U.S. Court of Appeals for the Eleventh Circuit after U.S. District Judge Liles C. Burke’s March 1 ruling.

    Courts Alabama Corporate Transparency Act Constitution Congress FinCEN Department of Treasury

  • State Supreme Court vacates and remands TILA dispute

    Courts

    Recently, the Maine Supreme Judicial Court vacated a judgment in favor of a bank and remanded the decision to re-examine the nature of a loan and consider all relevant evidence to determine if the loan was for commercial purposes. The plaintiffs defaulted on a loan from the defendant, a bank, by securing the loan with a hunting cabin they owned, and a lease for the land on which they had built the cabin. The defendant successfully sued for recovery of the cabin. On appeal, the plaintiffs argued the bank failed to make the requisite disclosures under TILA and thus it was in error to decide in favor of the bank. The bank conceded that it did not make the required disclosures but countered that the credit transaction was not subject to TILA because the loan was for commercial purposes, and if the loan was secured by real property, it was not expected to be used as the principal dwelling of the consumer(s).

    First, the court found that it was an error not to consider extrinsic evidence when determining the purpose of the loan because the Official Staff Interpretations of Regulation Z outline factors to be considered in such a determination, which should be given great deference. Moreover, it found that most federal courts applied a holistic approach in determining the purpose of the loan. Because the Business and Consumer Docket court in Maine did not consider any extrinsic evidence, it decided to remand. Second, the court held that the TILA exemption for “credit transactions, other than those in which a security interest is or will be acquired in real property, or in personal property used or expected to be used as the principal dwelling of the consumer . . . in which the total amount financed exceeds $50,000” was inapplicable. Although the loan was for $378,698, the loan was secured by a leasehold. According to the court, the leasehold was an interest in real property, and the language in the exemption referencing “principal dwelling” only modified “personal property” and not “real property.”

     

    Courts TILA Maine Consumer Finance Real Estate Lending

  • Business groups sue the CFPB over credit card late fee rule

    Courts

    On March 7, several business groups (plaintiffs) sued the CFPB rule in the U.S. District Court for the Northern District of Texas over its announced credit card late fee rule. As previously covered by InfoBytes, the Bureau’s new final rule limited most credit card late fees to $8, among other actions, and was met immediately with criticism from banks and legislators.

    The plaintiffs’ complaint claimed the CFPB completed the rule hastily to implement a pledge made by President Biden around his State of the Union Address to reduce credit card late fees by 75 percent. The complaint further asserted the CFPB skipped necessary steps, made economic miscalculations, and otherwise breached the Administrative Procedure Act. As alleged, the Bureau likely understated “the volatility of card issuers’ cost-to-fee ratios pertaining to late fees” and improperly relied on data which does not allow for the recovery of a “reasonable and proportional” penalty fee. On the Bureau’s use of the Y-14M data, the complaint alleged the new rule ignored peer-reviewed studies and instead opted to base the rule on an internal study using confidential data that was not available for examination during the period allocated for public comment. The plaintiffs argued the final rule would incur “substantial compliance costs” by amending printed disclosures, using the cost-analysis provisions, and notifying consumers of changes in interest rates to recoup costs, among other problems. The complaint also cited TILA’s effective-date provisions and the Bureau’s embattled funding structure to support the argument that the final rule would cause irreparable harm.

    Courts Federal Issues CFPB Litigation Credit Cards Agency Rule-Making & Guidance Fees Consumer Finance Consumer Protection

  • GAO report calls for FDIC, Fed to fix bank supervision issues

    On March 6, the U.S. Government Accountability Office (GAO) released a report to congressional requesters, including Senator Sherrod Brown (D-OH), Chairman of the U.S. Senate’s Committee on Banking, Housing, and Urban Affairs, regarding the Fed and FDIC’s communication of supervisory concerns related to the 2023 banking issues and the agencies’ procedures for escalating concerns. The report found that while both regulators generally met their requirements for communicating concerns, the Fed’s escalation procedures lacked clarity and specificity, which could have contributed to delayed enforcement last year.

    The GAO recommended that the Fed revise its escalation procedures to be more precise and include measurable criteria. The Fed agreed with the recommendation and acknowledged that clearer examination procedures could help in addressing supervisory concerns more promptly. For the FDIC, the GAO recognized that the FDIC already updated its escalation procedures in August 2023 and will intend to implement further revisions to respond promptly. The GAO report also suggested that Congress amend the FDI Act to incorporate noncapital triggers related to unsafe banking practices before they affect capital.

    Bank Regulatory Federal Issues FDIC Federal Reserve Bank Supervision GAO Congress

  • FHFA eliminates household income restriction on PTFCs

    Agency Rule-Making & Guidance

    On March 12, the FHFA published a final rule in the Federal Register titled “Exception to Restrictions on Private Transfer Fee Covenants (PFTCs) for Loans Meeting Certain Duty to Serve Shared Equity Loan Program Requirements,” which established an additional exception to the FHFA’s regulation proscribing Fannie Mae, Freddie Mac, and FHLBanks from “purchasing, investing in, [and] accepting as collateral” mortgages encumbered by certain types of PTFCs, or related securities, subject to certain exceptions. This new exception will allow the banking entities to engage in transactions if the loans met the equity loan program requirements for the resale restriction programs “without regard to any household income limit.” The final rule will go into effect on May 13.

    Agency Rule-Making & Guidance FHFA Freddie Mac Fannie Mae

  • VA proposes rule changes to VA-Guaranteed, IRRRLoans

    Agency Rule-Making & Guidance

    On March 7, the VA published a supplemental notice of proposed rulemaking in the Federal Register titled “Loan Guaranty: Revisions to VA-Guaranteed or Insured Interest Rate Reduction Refinancing Loans” which sought comment on whether the “date of loan issuance” should be defined as date of the note (as originally suggested) or as the date “the first payment is due.” The notice explained the VA did not receive any comments on this aspect of the proposed rule and enumerated several concerns with the initial proposed definition. The comment period for this proposed rule will close on May 6.

    Agency Rule-Making & Guidance Federal Issues Department of Veterans Affairs Loans

  • Fed issues final rule for FMUs to update risk management requirements, noting cyber and climate risks

    Agency Rule-Making & Guidance

    On March 8, the Federal Reserve Board announced a final rule that will update risk management requirements for financial market utilities (FMUs) supervised by the Fed. FMUs provide the financial infrastructure to clear and settle payments and transactions. The rule will go into effect 30 days after publication in the Federal Register, and FMUs are expected to comply with certain updates by 90 days and all updates by 180 days after publication. The Fed reported the final rule is “substantially similar” to the proposed rule and provided additional details to the exiting requirements for the following: (i) review and testing; (ii) incident management; (iii) business continuity management; and (iv) third-party risk management.

    Agency Rule-Making & Guidance Federal Issues Federal Reserve Cyber Risk & Data Security Risk Management

Pages

Upcoming Events