Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Treasury discusses development of digital assets, says CBDC may take years

    Agency Rule-Making & Guidance

    On September 23, the U.S. Treasury Department’s Under Secretary for Domestic Finance Nellie Liang discussed ways in which digital assets could alter the future of money and payments in the U.S. Speaking at the Brookings Institution, Liang highlighted recommendations presented in an agency report released earlier in September as part of President Biden’s Executive Order on Ensuring Responsible Development in Digital Assets (covered by InfoBytes here). The report, Crypto-assets: Implications for Consumers, Investors, and Businesses, outlined several significant areas of concern, including “frequent instances of operational failures, market manipulation, frauds, thefts, and scams.” The report advised federal agencies, including the CFPB, SEC, CFTC, and DOJ, to (i) continue to aggressively pursue enforcement actions focused on the crypto-asset sector; (ii) clarify existing authorities to ensure they are appropriately applied to crypto-assets; (iii) coordinate efforts to increase compliance; and (iv) take collaborative measures to improve the quality of information about crypto-assets for consumers, investors, and businesses.

    Liang also commented on the potential benefits of adopting a U.S. central bank digital currency (CBDC), “such as preserving the uniformity of the currency, or providing a base for further innovation,” but warned that further research and development on the technology needed to support such a currency may take years. “There are many important design choices that would require additional consideration,” Liang said, stating, for example, “a retail CBDC would be broadly available to the public, while a wholesale CBDC would be limited to banks and other financial institutions.” Liang said Treasury plans to lead an inter-agency working group to advance further work on a possible CBDC and “consider the implications of CBDC in areas such as financial inclusion, national security and privacy.”

    Liang also discussed other recommendations made in the report related to the possible establishment of a federal regulatory framework for nonbank providers of payment services. “A federal framework could provide a common floor for minimum financial resource requirements and other standards that may exist at the state level,” Liang pointed out. “It also would complement existing federal [anti-money laundering/combating the financing of terrorism] obligations and consumer protection requirements that apply to nonbank payment providers,” and “could work in conjunction with a U.S. CBDC or with instant payment systems.” She also commented on Treasury’s work to develop a faster, cheaper cross-border international payment system and noted the agency will consider potential risks, such as privacy and human rights considerations.

    Agency Rule-Making & Guidance Federal Issues Digital Assets Department of Treasury CBDC Cryptocurrency Fintech

    Share page with AddThis
  • CFPB seeks better refi, loss-mitigation options

    Federal Issues

    On September 22, the CFPB issued a request for information (RFI) regarding ways to improve mortgage refinances for homeowners and how to support automatic short-term and long-term loss mitigation assistance for homeowners who experience financial disruptions. According to the Bureau, refinancing volume has decreased almost 70 percent from last year as interest rates have risen. Additionally, periods of economic turmoil, such as the Covid-19 pandemic, can pose significant challenges for mortgage borrowers, the Bureau noted. Throughout the pandemic, 8.2 million borrowers entered a forbearance program, and as of July 2022, 93 percent have exited. Of those who have exited forbearance, five percent are delinquent or in active foreclosure. The Bureau is interested in the features of pandemic-related forbearance programs that should be made more generally available to borrowers. Specifically, the RFI requests information regarding, among other things: (i) targeted and streamlined refinance programs; (ii) innovative refinancing products; and (iii) automatic forbearance and long-term loss mitigation assistance. Comments are due 60 days after publication in the Federal Register.

    Federal Issues Agency Rule-Making & Guidance CFPB Consumer Finance Mortgages Refinance Forbearance Federal Register

    Share page with AddThis
  • Treasury seeks info on illicit finance, national security risks of digital assets

    Agency Rule-Making & Guidance

    On September 19, the U.S. Treasury Department issued a request for comment (RFC) seeking feedback on illicit finance and national security risks posed by digital assets. The RFC, issued pursuant to Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here), requests public input on illicit finance risks, anti-money laundering and combating the financing of terrorism (AML/CFT) regulation and supervision, global implementation of AML/CFT standards, private sector engagement, and central bank digital currencies. The RFC also seeks feedback on actions the U.S. government and Treasury should take to mitigate these risks, in addition to whether public-private collaboration may improve efforts to address risks. Comments on the RFC are due November 3.

    “Without appropriate controls and enforcement of existing laws, digital assets can pose a significant risk to national security by facilitating illicit finance, such as money laundering, cybercrime and terrorist actions,” U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. “As we work to implement the Illicit Finance Action Plan, hold bad actors accountable and identify potential gaps in existing enforcement, we look forward to receiving the public’s input on this urgent work.”

    The RFC follows the September 16 release of Treasury’s Action Plan to Address Illicit Financing Risks of Digital Assets (covered by InfoBytes here).

    Agency Rule-Making & Guidance Financial Crimes Federal Issues Digital Assets Department of Treasury Anti-Money Laundering Combating the Financing of Terrorism CBDC Risk Management Fintech

    Share page with AddThis
  • New NYDFS proposal to implement Commercial Finance Disclosure Law

    State Issues

    On September 14, NYDFS published a notice of proposed rulemaking under New York’s Commercial Financing Disclosure Law (CFDL) related to disclosure requirements for certain providers of commercial financing transactions in the state. As previously covered by InfoBytes, the CFDL was enacted at the end of December 2020, and amended in February to expand coverage and delay the effective date. (See S5470-B, as amended by S898.) Under the CFDL, providers of commercial financing, which include persons and entities who solicit and present specific offers of commercial financing on behalf of a third party, are required to give consumer-style loan disclosures to potential recipients when a specific offering of finance is extended for certain commercial transactions of $2.5 million or less. Last December, NYDFS announced that providers’ compliance obligations under the CFDL will not take effect until the necessary implementing regulations are issued and effective (covered by InfoBytes here).

    The newest proposed regulations (see Assessment of Public Comments for the Revised Proposed New Part 600 to 23 NYCRR) introduce several revisions and clarifications following the consideration of comments received on proposed regulations published last October (covered by InfoBytes here). Updates include:

    • A new section stating that a “transaction is subject to the CFDL if one of the parties is principally directed or managed from New York, or the provider negotiated the commercial financing from a location in New York.”
    • A new section requiring notice be sent to a recipient if a change is made to the servicing of a commercial financing agreement.
    • An revised definition of “recipient” to now “include entities subject to common control if all such recipients receive the single offer of commercial financing simultaneously.”
    • Clarifying language stating that the “requirements pertaining to the statement of a rate of finance charge or a financing amount, as that term appears in Section 810 of the CFDL, shall be in effect only upon the quotation of a specific commercial financing offer.”
    • Provisions allowing providers to perform calculations based upon either a 30-day month/360-day year or a 365-day year, with the acknowledgment that different methods of computation may lead to slightly different results.
    • An amendment stating that “a ‘provider is not required to provide the disclosures required by the CFDL when the finance charge of an existing financing is effectively increased due to the incurrence, by the recipient, of avoidable fees and charges.’”
    • An acknowledgement of comments asking that 23 NYCRR Part 600 be identical to California’s disclosure requirements (covered by InfoBytes here) “or as consistent as possible.” In response, NYDFS said that while it generally agrees, and has consulted with the California Department of Financial Protection and Innovation (DFPI), the regulations cannot be identical because the CFDL differs from the California Consumer Financial Protection Law and the Department cannot anticipate any future revisions DFPI may make to its proposed regulations.

    Comments on the proposed regulations are due October 31.

    State Issues Agency Rule-Making & Guidance Bank Regulatory State Regulators NYDFS Commercial Finance Disclosures New York CFDL California DFPI

    Share page with AddThis
  • SEC proposes new rules for clearing agencies


    On September 14, the SEC announced a proposed rule regarding risk management practices for central counterparties in the U.S. Treasury Department market. Among other things, the proposed rule would update the membership standards required of covered clearing agencies for the Treasury market with respect to a member’s clearance and settlement of specified secondary market transactions. Specifically, the proposal would require that clearing agencies in the U.S. Treasury market adopt policies and procedures designed to require their members to submit for clearing certain specified secondary market transactions, which would include: “all repurchase and reverse repurchase agreements collateralized by U.S. Treasury securities entered into by a member of the clearing agency; all purchase and sale transactions entered into by a member of the clearing agency that is an interdealer broker; and all purchase and sale transactions entered into between a clearing agency member and either a registered broker-dealer, a government securities broker, a government securities dealer, a hedge fund, or a particular type of leveraged account.” According to a statement by SEC Chair Gary Gensler, the proposed rule would “reduce risk across a vital part of our capital markets in both normal and stress times.” The SEC also released a Fact Sheet providing more information on the proposal. Comments are due 60 days after publication in the Federal Register.

    Securities Agency Rule-Making & Guidance SEC Department of Treasury Federal Register Risk Management

    Share page with AddThis
  • FTC proposes rulemaking to combat impersonation fraud

    Agency Rule-Making & Guidance

    On September 15, the FTC issued a notice of proposed rulemaking (NPRM) to prohibit the impersonation of government, businesses, or their officials. According to the FTC, reported losses due to impersonation fraud spiked at the beginning the Covid-19 pandemic, and more than 2.5 million scams were reported nationwide from the beginning of 2017 through the middle of 2022, with consumers reporting losses of more than $2 billion. These impersonation scams include persons posing as government officials or employees, or persons claiming that they represent well-known businesses or charities who may use “misleading domain names and URLs and ‘spoofed’ contact information’” to create the illusion of legitimacy. The FTC added that scammers are looking for information that can be used to commit identity theft or seek monetary payment, and often request that funds be paid through wire transfer, gift cards, or cryptocurrency.

    The NPRM follows an advanced notice of proposed rulemaking issued last December (covered by InfoBytes here), for which the FTC received more than 160 comments from members of the public, as well as a coalition of 49 state attorneys general and many companies and industry organizations. According to the FTC, the NPRM would codify the principle that impersonation scams violate the FTC Act, allowing the Commission to seek civil penalties and recover money from those who violate the rule. Among other things, the NPRM would ban scammers from (i) using government identifiers when communicating with consumers via mail or online; (ii) spoofing government and business email and web addresses “or using lookalike email addresses or websites that rely on misspellings of a company’s name”; or (iii) falsely implying an affiliation with a government or a business by using commonly known terms. The FTC noted that the NPRM would also apply to persons who provide the “means or instrumentalities” for scammers, such as suppliers who manufacture the fake government credentials used by scammers. Additionally, non-profit organizations would be included in the definition of a business under the NPRM, so that the FTC can take action against scammers impersonating charities. Comments on the NPRM are due 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues FTC Consumer Protection Fraud Privacy, Cyber Risk & Data Security

    Share page with AddThis
  • CFPB studying BNPL growth

    Federal Issues

    On September 15, the CFPB announced plans to consider issuing interpretive guidance or regulations to ensure that buy now, pay later (BNPL) lenders follow many of the same consumer protection measures that exist for credit cards. “We will be working to ensure that borrowers have similar protections, regardless of whether they use a credit card or a Buy Now, Pay Later loan,” CFPB Director Rohit Chopra said in the announcement. The Bureau described BNPL products as a form of interest-free credit that “serves as a close substitute for credit cards” and allows consumers to split a retail transaction into smaller, interest-free installments that are repaid over time. 

    Recognizing that BNPL products are a rapidly growing alternative form of credit for online retail purchases, the Bureau published a report providing key insights into the industry. According to the report, the number of BNPL loans originated from 2019 to 2021 in the US grew 970 percent, from 16.8 million to 180 million. The total dollar volume of these loans grew by 1,092 percent in that period, from $2 billion in 2019 to $24.2 billion in 2021, the report said, noting that 73 percent of applicants were approved for credit in 2021, up from 69 percent in 2020. Additionally, the report found that 89 percent of consumers using BNPL loans linked their accounts to their debit cards, and that late fee policies vary by issuer.

    The Bureau raised several concerns with BNPL products in the report, including (i) inconsistent standardized cost-of-credit disclosures, minimal dispute resolution rights, a forced opt-in to autopay, and occurrences where consumers are assessed multiple late fees on the same missed payment; (ii) risks related to data harvesting and monetization, as many BNPL lenders shift business models toward proprietary app usage, allowing lenders “to build a valuable digital profile of each user’s shopping preferences and behavior”; and (iii) concerns over consumers taking out several loans during a short period of time at multiple lenders. According to the Bureau, because most BNPL lenders currently do not furnish data to the major credit reporting companies, many lenders are unaware of a consumer’s current liabilities when deciding whether to originate new loans.

    The Bureau noted in its announcement that while BNPL lenders are currently subject to some federal and state oversight, compliance and licensing requirements vary. In addition to exploring potential new regulatory guidance, the Bureau said it plans to identify surveillance practices that BNPL lenders should seek to avoid, and it will continue to address the development of appropriate and accurate credit reporting practices for the industry. Chopra further announced that the Bureau is inviting BNPL lenders to self-identify if they wish to be examined for any potentially problematic business practices. The Bureau is also reviewing its authorities to conduct examinations on a compulsory basis and will work with state regulators that license nonbank finance companies on examinations of BNPL firms.

    Federal Issues Agency Rule-Making & Guidance CFPB Buy Now Pay Later Privacy, Cyber Risk & Data Security Consumer Protection Consumer Finance Disclosures Fraud

    Share page with AddThis
  • Republicans take issue with CFPB agenda

    Federal Issues

    On September 12, several Republican senators sent a letter to CFPB Director Rohit Chopra expressing concerns that the Bureau is again pursuing “a radical and highly-politicized agenda unbounded by statutory limits.” In particular, the letter took issue with recent Bureau reports on the use of overdraft fees (covered by InfoBytes here and here), calling the agency’s actions a “relentless smear campaign” against banks. “Charging fees that customers chose to pay should not be disturbing or illegal, and yet, the CFPB appears to have developed a particular disdain for banks charging their customers for services, pejoratively calling overdraft protection ‘junk fees,’” the letter stated. Additionally, the letter claimed that the Bureau is changing its rules in order to publish previously confidential information about financial institutions to make it easier to threaten them with reputational harm (covered by InfoBytes here), without affording the financial institution the similar ability to, for example, disclose the existence of a CFPB examination. Among other things, the new procedural rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process that will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. According to the senators, the rule requires nonbanks to keep confidential information relating to a decision issued by the Bureau, including facts that could question the decision or raise procedural concerns. “The one-sided nature of the CFPB’s rule change gives the agency the ability to publicly tarnish an institution’s name without affording the firm the power to defend itself,” the letter said. The letter also decries a recent change to the agency’s rules of adjudication to make it more difficult for companies to defend themselves against novel enforcement theories by bypassing an administrative law judge and permitting the director to rule directly on the validity of the legal basis for the enforcement action.

    Federal Issues U.S. Senate Agency Rule-Making & Guidance CFPB Supervision Nonbank Nonbank Supervision Overdraft Fees Consumer Finance Examination Fintech

    Share page with AddThis
  • CISA issues RFI on new cyber incident reporting requirements

    Privacy, Cyber Risk & Data Security

    On September 9, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) from critical infrastructure owners and operators on how to develop new data breach reporting regulations related to ransomware and other malicious attacks. The RFI will inform CISA’s promulgation of proposed regulations as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Specifically, the agency is requesting feedback on definitions and terminology for the proposed rules, the form and content of reports, incident reporting requirements, enforcement procedures, and information protection policies. Once the final regulation is published, CISA will use information obtained from cyber-incident reports submitted by covered entities to “deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends and understand how malicious cyber actors are perpetrating their attacks, and quickly share that information with network defenders to warn other potential victims,” the RFI explained. CISA will also host a series of public listening sessions across the country to receive additional input as it develops the proposed regulations. Comments on the RFI are due November 14.

    Privacy, Cyber Risk & Data Security Agency Rule-Making & Guidance CISA Ransomware

    Share page with AddThis
  • Agencies push to implement Basel III

    On September 9, the FDIC, OCC, and Federal Reserve Board reaffirmed their commitment to implementing enhanced regulatory capital requirements that align with Basel III standards issued by the Basel Committee on Banking Supervision in 2017. The agencies announced they are currently developing—and will issue “as soon as possible”—a joint proposed rule on new capital standards for large banking organizations. The agencies noted that community banks are subject to different capital requirements and will not be affected by the proposal.

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance FDIC OCC Federal Reserve Basel

    Share page with AddThis