Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Department of Energy discontinues crypto mining survey following a settlement agreement

    Fintech

    On March 1, a cryptocurrency company (plaintiff) and the U.S. Department of Energy submitted a settlement agreement to the U.S. District Court for the Western District of Texas to discontinue an emergency crypto mining survey once approved by the Office of Management and Budget.

    According to the settlement agreement, the Department of Energy initiated an emergency three-year collection of a Cryptocurrency Mining Facilities Survey in January, which the plaintiff claimed did not comply with various statutory and regulatory requirements for the emergency collection of information. Following the court’s approval of the plaintiff’s temporary restraining order, which protected plaintiffs from completing the survey issued by the Department of Energy and protected any information they may have already submitted, the Department of Energy discontinued its emergency collection, and said it will proceed through notice-and-comment procedures for approval of any collection of information covering such data. As a result of the discontinuation of the emergency collection request, no entity or person is required to respond to the survey.

    As part of the settlement agreement, the Department of Energy will destroy any information it had already received from survey responses. In addition to a $2,199.45 payment for the plaintiffs’ litigation expenses, the Department of Energy also agreed to publish a new Federal Register notice of a proposed collection of information and withdraw its original notice. 

    Fintech Department of Energy Cryptocurrency Digital Assets Settlement Courts Bitcoin

  • New York State bill requires disclosure of beneficial owners of limited liability companies

    State Issues

    On March 1, a newly enacted bill from New York State, S8059, (the “Act”) was signed by the governor and amended New York State law governing limited liability companies by mandating New York LLCs to file beneficial ownership information with the New York Department of State. The Act set a deadline for new LLCs to file the required ownership information within 30 days of their establishment; for existing LLCs, the bill required them to comply with the new requirements by January 1, 2026. The Act demanded that exempt companies, defined as LLCs or foreign LLCs not otherwise defined as a reporting company that met a condition for exemption in 31 U.S.C. §5336(a)(11)(B), electronically declared their statuses and the basis for their exemptions shortly after formation. It further imposed an annual requirement on all limited liability companies to update or confirm their ownership or exempt status. Additionally, access to the beneficial ownership reports was restricted to law enforcement under certain conditions. The Act enforced compliance with the requirements by imposing up to $500 daily fines for late submissions, the possibility of companies being marked as delinquent, and the threat of dissolution for persistent non-compliance.

    State Issues New York State Legislation Beneficial Ownership

  • 7th Circuit says plaintiffs should have produced evidence to prove concrete injury

    Courts

    On February 29, the U.S. Court of Appeals for the Seventh Circuit decided that while an interruption of self-employment can cause a concrete loss for a plaintiff to sue, that loss must be established by evidence at summary judgment. The loss in question involved a consumer debt in arrears sold by a bank to a debt collection agency. Two individual plaintiffs owing the underlying debt sued the debt collection agency under 15 U.S.C. §1692e of the FDCPA when the debt collection agency attempted to collect on the debt owed without relaying that the bank had not verified the balance of the debt. The judge opined that rather than claiming they had incurred any concrete loss (e.g., a loss of income, payment of funds, etc.), plaintiffs instead filed an affidavit to state that the debt had “interrupted my self-employment” because they were focused on thinking about the debt and spent time working through records to confirm the debt owed. The judge agreed with the plaintiffs’ claim that debt collection efforts can very well cause a delay in receiving self-employment income, which is a “form of loss”; however, the judge also held that plaintiffs must show evidence of injury at the summary judgment stage, as this is the “put up or shut up” stage in litigation. Ultimately, the plaintiffs failed to show any evidence that debt collection efforts caused them concrete harm, other than interrupting a productive day of work. 

    Courts Appellate Debt Collection FDCPA

  • Ginnie Mae now requires issuers to disclose cybersecurity incidents within 48 hours

    Agency Rule-Making & Guidance

    On March 4, the President of Ginnie Mae released All Participants Memorandum (APM) 24-02, which set forth a new requirement applicable to all issuers, including issuers that subservice loans for others. The memo mandated that all approved issuers must notify Ginnie Mae of any significant cybersecurity incident within 48 hours of detection. Ginnie Mae defined a “Cyber Incident” as “an event that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constituted a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies and has the potential to directly or indirectly impact the Issuer’s ability to meet its obligations under the terms of the Guaranty Agreement.” If a Cyber Incident has occurred, issuers must it report to Ginnie Mae via a specified email address and must include (i) the date and time of the incident, (ii) a summary of the incident, and (iii) points of contact responsible for coordinating any follow-up questions regarding the incident. These requirements are also now reflected in Chapter 03, Part 18 of the Mortgage-Backed Securities Guide, 5500.3, REV-1.

    Agency Rule-Making & Guidance Ginnie Mae Mortgage-Backed Securities Cyber Risk & Data Security Disclosures

  • CFPB lowers most credit card late fees to $8, amending Regulation Z

    Federal Issues

    On March 5, the CFPB announced a final rule that will amend TILA Regulation Z and lower the typical credit card late fees from $30 to $8. According to the final rule, the CFPB determined that the Regulation Z §1026.52(b) $30 discretionary safe harbor for fees (for card issuers that together with their affiliates have at least one million open credit card accounts, i.e., “larger card issuers”) is too high, and therefore “are not consistent with TILA’s statutory requirement that such fees be reasonable [for a] violation.”

    For larger card issuers, the final rule will repeal the current safe harbor threshold amount and adopt a late fee safe harbor dollar amount of $8. It also will eliminate late fees for a higher safe harbor dollar amount for repeat violations that occur during the same billing cycle or in one of the next six billing cycles. Larger card issuers will still be able to charge fees above the safe harbor threshold for late fees if they can prove the higher fee is necessary to cover their actual collection costs.

    With respect to late fees imposed by larger card issuers, the provision on annual adjustments for the safe harbor dollar amounts (to reflect changes in the consumer price index) will not apply to the $8 safe harbor amount for those late fees. For card issuers that together with their affiliates have fewer than one million open credit card accounts for the entire preceding calendar year (“smaller card issuers”), the safe harbors revised pursuant to the annual adjustments will continue to apply to the late fees imposed by them. The final rule also amended comments and sample forms in Appendix G to revise current examples of late fee amounts to be consistent with the $8 safe harbor amount. Card issuers that meet or exceed the one million open credit card account thresholds, transforming them into larger card issuers, will have 60 days to comply with the requirements of the rule.

    Regarding annual adjustments for safe harbor threshold amounts, the rule will adjust safe harbor threshold amounts in §§1026.52(b)(1)(ii)(A) and (B) to $32, and $43 for repeat violations that will occur during the same billing cycle or in one of the next six billing cycles. These two revised threshold amounts will apply to penalty fees other than late fees for all card issuers, as well as late fees imposed by smaller card issuers. The CFPB’s final rule will go into effect 60 days after publication in the Federal Register.

    The final rule was highlighted in the White House’s Fact Sheet entitled, “President Biden Announces New Actions to Lower Costs for Americans by Fighting Corporate Rip-Offs,” which announced a new “Strike Force on Unfair and Illegal Pricing” co-chaired by the DOJ and the FTC to strengthen interagency efforts to combat high prices through anti-competitive, unfair, deceptive, or fraudulent business practices.

    Federal Issues Agency Rule-Making & Guidance CFPB TILA Regulation Z

  • SBA unveils enhanced Lender Match tool to connect small businesses with lenders

    Federal Issues

    On March 4, the SBA announced the launch of an online tool for small businesses to connect to capital through the SBA’s network of nearly 1,000 approved banks and private lenders. This Lender Match tool was designed to provide users with a more effective and user-friendly interface, including a mobile-friendly interface that allows small business entrepreneurs and enterprises seeking to grow businesses to more easily identify and compare potential lenders. The tool also included fraud-screening measures to ensure a smoother process for both parties. Small businesses that are unable to find a match through the tool will be directed to the SBA’s local advisors for additional support in becoming “capital-ready.” The SBA hopes to facilitate more connections for entrepreneurs looking for various financing options through the enhanced Lender Match platform including microloans and growth capital with competitive terms.

    Federal Issues SBA Consumer Finance Small Business

  • OCC releases February CRA evaluations for 31 banks, one “Needs to Improve”

    On March 1, the OCC released its Community Reinvestment Act (CRA) performance evaluations for last February. The OCC evaluated 31 national banks and federal savings associations under four ratings: Outstanding, Satisfactory, Needs to Improve, and Substantial Noncompliance. Of the 31 evaluations reported by the OCC, only one entity holds the lowest rating, a small bank in Indiana, which was rated “Needs to Improve.” Most entities were rated “Satisfactory,” and six entities were rated “Outstanding.” In an OCC FAQ regarding the implementation of the CRA, the OCC detailed how it evaluates and rates financial institutions by reviewing both the institution itself (such as its capacity, constraints, business strategies, competitors, and peers) and the community the institution it serves (such as its demographics, economic data, lending, investment, and service opportunities). 

    Bank Regulatory Supervision CRA OCC FAQs

  • NIST releases cybersecurity framework 2.0 with tailored guidance

    Privacy, Cyber Risk & Data Security

    On February 26, the National Institute of Standards and Technology (NIST) finalized its Cybersecurity Framework (CSF), a document on guidance for reducing cybersecurity risk. After releasing the draft proposal last August for Cybersecurity Framework Version 2.0 which was updated to help organizations understand and reduce cybersecurity risks (covered by InfoBytes here), and considering public comments, NIST “expanded the CSF’s core guidance and developed related resources to provide different audiences with tailored pathways into the CSF and make the framework easier to put into action.” 

    According to NIST’s press release, the revised framework acknowledges that organizations will approach the CSF with different requirements and levels of proficiency in cybersecurity tool implementation. Novice users would benefit from the experiences of others and choose relevant implementation examples and quick-start guides tailored for specific user categories, including small businesses, enterprise risk managers, and organizations focused on securing supply chains. “NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users… and feedback from the community will be crucial.”

    Privacy, Cyber Risk & Data Security Federal Issues NIST Risk Management

  • FCC partners with two U.K. regulators in combating privacy issues and protecting consumer data

    Privacy, Cyber Risk & Data Security

    Recently, the FCC announced (here and here) that it has partnered with two U.K. communications regulatory agencies to address issues regarding privacy and data protection in telecommunications. The FCC announced two separate statements because the two U.K. regulators perform different duties: the first announcement is with the U.K. Information Commissioner’s Office (ICO), which regulates data protection and information rights; the second is with the U.K.’s Office of Communications (OFCOM) which regulates telecommunications. Both announcements highlighted a strengthening of resources and networks to protect consumers on an international scale, given the large amounts of data shared via international telecom carriers.

    The FCC’s announcement with ICO explained that the partnership would be focused on combatting robocall and robotext efforts, as well as finding means to better protect consumer privacy and data concerns. In the FCC’s announcement with the OFCOM, the U.S. regulator announced a new collaboration to combat illegal robocalls and robotexts given the two countries’ shared interest in investigating networking abuses. The FCC elaborated on its desire to bolster requirements for gateway providers: this is the “on-ramp” for international internet traffic into U.S. networks. 

    Privacy, Cyber Risk & Data Security FCC UK Of Interest to Non-US Persons Privacy Data Protection

  • FHLBanks’ net income skyrockets in 2023 due to high volume of advances

    Federal Issues

    Recently, the FHFA released its annual combined operating highlights for 2023 which were prepared from the unaudited financial statements of the Federal Home Loan Bank system (FHLBank). Administered by the FHFA, the FHLBank system was created to provide lending institutions with liquidity. In 2023, FHLBanks' annual net income grew from $3.16 billion to $6.69 billion—a 111 percent increase—while advances increased from $13.2 billion to $48.5 billion, representing a 266 percent increase. This change in pace was due in part to the stresses placed on banking and financial markets in March 2023. The operating highlights follow FHFA’s comprehensive report on the FHLBank system published in late 2023, previously covered by InfoBytes here. More information on the FHFA’s operating statements can be found in its 8-K filing with the SEC.

    Federal Issues FHA FHLB

Pages

Upcoming Events