InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC’s SAB 121 should be subject to congressional review, says GAO
On October 31, the GAO opined that the SEC’s Staff Accounting Bulletin 121 (SAB 121) is a rule, and thus the SEC was required to submit it for congressional review. SAB 121 describes how SEC staff would expect entities to account for and disclose their custodial obligations for engaging in crypto-asset services, noting that crypto companies may have to present such obligations as a liability on their balance sheets. The GAO found that SAB 121 provides interpretive guidance, but the SEC failed to submit a report as required under the Congressional Review Act (CRA) before a rule can take effect.
The GAO’s opinion notes that the SEC maintains a different position than the GAO on the nature of SAB 121, arguing that SAB 121 is not a rule (and thus subject to CRA review), but instead is “guidance” indicating “how the Office of the Chief Accountant and the Division of Corporation Finance would recommend that the agency act,” and is not an agency statement from the full Commission. However, the GAO’s found that “[SAB 121] is a statement made by the SEC,” and that “a statement issued by a subset of the agency may still constitute an agency statement for CRA purposes.”
UK Government to regulate cryptoassets more strictly under a new regulatory regime
On October 30, the HM Treasury of the UK Government released a report titled “Future Financial Services Regulatory Regime for Cryptoassets,” confirming its plans to regulate digital assets more strictly. The regulatory framework includes descriptions of requirements for the admission of digital assets to a trading venue, including disclosure documents. To make cryptocurrencies subject to the FCA’s rule-making powers, the HM Treasury expanded the definition of “specified instruments” to include digital currencies, but not its definition of “financial instrument.”
The UK Government created the report based on stakeholder feedback on an extensive survey on cryptoassets. The report summarizes responses to 51 survey questions and provides explanations regarding the UK government’s intentions to proceed with the framework. The report outlines how the UK can attract more crypto businesses while also protecting consumer interests. Topics include, among other things, (i) confirmation that the proposed regime does not intend to capture activities relating to cryptoassets which are specified investments that are already regulated; (ii) information regarding the future FCA authorization process for cryptoasset activities; (iii) the UK government’s support for the use of publicly available information to compile appropriate disclosure and admission documents; and (iv) acknowledgment of the potential need for a staggered implementation for cross-venue data sharing obligations. The report recognizes the rapidly evolving nature of the crypto sector and emphasizes that “the government continues to consider that developing a fully bespoke regime outside of the FSMA framework would risk creating an un-level playing field between cryptoasset firms and the traditional financial sector.”
Any legislative changes in response to this report on how the UK Government regulates cryptoassets will occur in 2024, “subject to Parliamentary time.”
FTC approves amendment to Safeguards Rule requiring nonbanks to report data breaches
On October 27, the FTC approved an amendment to the Safeguards Rule to require nonbanks to report data breaches. Under the amended rule, financial institutions, including mortgage brokers, motor vehicle dealers, and payday lenders, will be required to notify the FTC of data breaches as soon as possible, and no later than 30 days after the discovery of incident involving at least 500 consumers. Notice of an incident is required if unencrypted consumer information was acquired without their authorization, as the FTC noted that encrypted consumer information is unlikely to cause consumer harm. The FTC will provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. Additionally, the amended rule will require nonbanks to “to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.” As previously covered by InfoBytes, the FTC recently extended compliance on some Safeguards provisions finalized in October 2021 (covered by InfoBytes here), to June of this year.
The commission voted 3-0 to publish the amendment, which will become effective 180 days after its publication in the Federal Register.
Ohio AG files FDCPA suit against debt collectors
On October 31, Ohio State AG Dave Yost filed a complaint against debt collectors for violations of the FDCPA and Ohio Consumer Sales Practices Act. The complaint alleged that the defendants frequently changed the names they used to engage in collection activities and purposefully used names to sound like law firms to mislead consumers. The AG’s complaint also included allegations that the debt collectors failed to honor written requests to verify debts, threatened legal action, engaged in harassing or abusive behavior, and made false, misleading, and deceptive representations.
Judge dismisses FDCPA suit for communication with CRAs
On October 26, a U.S. District Court for the Eastern District of New York granted a motion to dismiss an FDCPA suit holding that there is nothing in the FDCPA that prohibits debt collectors from reporting information about a debt to a credit reporting agency. The plaintiff filed a complaint in January 2023 alleging that the defendant violated the FDCPA by communicating with the plaintiff after the plaintiff requested that the debt collector stop all communications. The plaintiff further alleged that the defendant violated the FDCPA by reporting this debt to the major credit reporting agencies, which subsequently led to the plaintiff being denied credit. While the judge ruled that the plaintiff had standing to sue because of the denial of credit, the judge also ruled that the statute “expressly permits communications with ‘a consumer reporting agency if otherwise permitted by law,’” and that the plaintiff did not allege that negligence was the proximate cause of damages.
2nd Circuit: Court upholds dismissal of whistleblower suit alleging Iran sanctions violations
On October 27, the U.S. Court of Appeals for the Second Circuit denied a petition for a panel rehearing en banc in a False Claims Act (FCA) suit that was dismissed in 2020. The whistleblower suit, filed in 2019, alleged violations of the U.S.’s sanctions on Iran by exchanging foreign currency for U.S. dollars on behalf of Iranian and related terrorist entities. In July 2020, the whistleblower suit was dismissed after the court agreed with U.S. Attorney for the Southern District of New York’s motion to dismiss because the compliant was “legally deficient as it is premised on an incorrect legal theory of liability that is inconsistent with both the FCA and the law regarding civil forfeiture.” The plaintiff appealed to the 2nd Circuit arguing that the district court needed to hold a hearing; however, the 2nd Circuit found the suit had been properly dismissed and that the judge considered extensive briefing before making the determination of the dismissal.
Credit reporting agency, collector granted MTD in FCRA and FDCPA case
On October 26, the U.S. District Court for the District of New Jersey dismissed without prejudice a FCRA and FDCPA lawsuit filed against a law firm and credit reporting agency. The plaintiff alleged that the defendants published inaccurate and incomplete information regarding a trade line for debt allegedly owed to a healthcare facility. The plaintiff claimed that the credit reporting agency refused to validate the debt. The judge held that the FDCPA did not apply to the credit reporting agency because it was not a debt collector, and that plaintiff did not provide any facts that the tradeline was inaccurate. The judge also found that plaintiff failed to state a claim under the FDCPA against the law firm because “merely furnish[ing] a trade line to a credit reporting agency does not violate any provision of the FDCPA.” The plaintiff is allowed to move for leave to file an amended complaint within thirty (30) days if a stronger factual basis for the claims is provided.
Fed’s Vice Chair remarks on payments innovation, CBDCs, and financial inclusion
On October 27, Fed Vice Chair for Supervision, Michael Barr, delivered a speech at the Economics of Payments XII Conference discussing the Fed’s place in the payments system and highlighting its role as a bank supervisor and operator of key payment infrastructure. Emphasizing the Fed’s introduction of its FedNow instant payment service (covered by InfoBytes here), which was designed to enable secure instant payments in response to the increasing demand for secure and convenient payment options, Barr encouraged banks to build upon the new payment infrastructure. He also noted that ongoing experimentation with new payment technologies, such as stablecoins, creates a need for regulation, particularly where an asset is “pegged to government-issued currencies.”
Regarding central bank digital currencies (CBDCs), the Fed is engaged in research and in discussions with various stakeholders; however, it has not decided on whether to issue a CBDC. The Vice Chair stressed that any move in this direction would require “clear support” from the Executive Branch and authorization from Congress.
Barr emphasized the Fed’s commitment to working with the international community to improve cross-border payment systems as well as the need for research into both traditional and emerging payment methods, noting that innovation should “promote broad access and financial inclusion.” Finally, the remarks touched on the Fed’s proposed revisions to the interchange fee cap for debit card issuers, with a call for public input on the matter (covered by InfoBytes here).
FHA announces update and consolidation of the HECM program
On October 31, the Federal Housing Administration (FHA) announced, after a multi-year effort, the inclusion of policies for its Home Equity Conversion Mortgage (HECM) program in the Single-Family Housing Policy Handbook 4000.1. The FHA indicated this is the first time that all HECM program requirements will be available in a single place. According to the FHA, consolidating these programs eliminates more than one hundred individual policy documents and assist with strengthening the understanding and implementation of the HECM by lenders. New sections include Section II.B covering FHA policy for the origination through post-closing and endorsement of HECMs; and Section III.B, covering FHA policy for the servicing of HECMs and loss mitigation options to assist HECM borrowers who are behind on their HECM obligations. Assistant Secretary for Housing and Federal Housing Commissioner Julia Gordon stated that the “completion of the HECM sections of our Single Family Handbook reinforces FHA’s commitment to the HECM program and is part of a larger effort to retool the program for long-term success.” The FHA also updated model documents, frequently asked questions, and training and expects the online version to be available soon.
President Biden issues Executive Order targeting AI safety
On October 30, President Biden issued an Executive Order (EO) outlining how the federal government can promote artifical intelligence (AI) safety and security to protect US citizens’ rights by: (i) directing AI developers to share critical information and test results with the U.S. government; (ii) developing standards for safe and secure AI systems; (iii) protecting citizens from AI-enabled fraud; (iv) establishing a cybersecurity program; and (v) creating a National Security Memorandum developed by the National Security Council to address AI security.
President Biden also called on Congress to act by passing “bipartisan data privacy legislation” that (i) prioritizes federal support for privacy preservation; (ii) strengthens privacy technologies; (iii) evaluates agencies’ information collection processes for AI risks; and (iv) develops guidelines for federal agencies to evaluate privacy-preserving techniques. The EO additionally encourages agencies to use existing authorities to protect consumers and promote equity. As previously covered by InfoBytes, the FCC recently proposed to use AI to block unwanted robocalls and texts). The order further outlines how the U.S. can continue acting as a leader in AI innovation by catalyzing AI research, promoting a fair and competitive AI ecosystem, and expanding the highly skilled workforce by streamlining visa review.