Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FCC suspects robocaller of illegal call traffic

    Federal Issues

    On May 20, the FCC released a notification of suspected illegal traffic against a voice service provider (VSP) for allegedly originating illegal robocall traffic. According to the FCC, it appeared that the VSP claimed to offer financial services by delivering prerecorded messages related to debt consolidation loans, and it claimed to be from one of three financial institutions, two of which contained names that were confusing to unrelated financial institutions. The two unrelated financial institutions posted warnings on their websites notifying consumers of the misuse of their names to make “spam” type calls. The FCC reviewed 13 traceback calls from the approximately 78 million calls the company solicited between November 2023 and February 2024. Upon review, the FCC claimed that the VSP was the originating provider of these calls, and that the VSP did not contest the calls.

    The FCC alleged the call traffic was illegal since the prerecorded messages contained advertisements without any consents of the called party, nor was there any emergency purpose for the calls. The FCC noted three potential consequences that may arise, including blocking of upstream, downstream, and intermediate providers. Additionally, the FCC noted that in the event all deficiencies are not cured, the VSP may face removal from the Robocall Mitigation Database (RMD). Notably, intermediate and other VSPs are only permitted to accept traffic from a domestic VSP if that provider was listed in the RMD.

    In a public notice, the FCC notified all U.S.-based VSPs of unlawful robocalls related to debt consolidation loans originating the from the VSP in the above notification. 

    Federal Issues FCC Robocalls Third-Party Service Providers

  • Maine amends its telephone solicitor violations to include the reassigned numbers database

    State Issues

    On March 25, the Governor of Maine approved a new bill, HP 1433, that would require telephone solicitors to leverage the reassigned numbers database. As previously covered by InfoBytes, the FCC created the reassigned numbers database in 2018 to reduce the number of calls inadvertently made to reassigned numbers. This new law would ban telephone providers from calling an individual in combination with the previously codified violations regarding the national or state do-not-call registries. The new law stated that a telephone solicitor would not violate the new law if the solicitor could demonstrate that he used the reassigned numbers database to verify that a person’s telephone number has not been reassigned before calling it. This bill will go into effect on July 16.

    State Issues Maine TCPA FCC State Legislation

  • CFPB, federal and state agencies to enhance tech capabilities

    Federal Issues

    On March 26, the CFPB announced as a part of a coordinated statement with other federal and state agencies, the intent to enhance its technological capabilities. As part of this initiative, the CFPB will be hiring more technologists to help enforce laws and find remedies for consumers, workers, small businesses, etc. These technologists will join interdisciplinary teams within the CFPB to monitor and address potential violations of consumer rights within the evolving tech landscape, particularly considering the growing attention to generative artificial intelligence (AI). The CFPB's technologists will be tasked with identifying new technological developments, recognizing potential risks, enforcing laws, and developing effective remedies. CFPB Director Rohit Chopra emphasized the essential role of technology in the Bureau’s efforts to regulate data misuse, AI issues, and big tech involvement in financial services. Chopra and Chief Technologist Erie Meyer remarked that the CFPB has integrated technologists into its core functions, with these experts now actively involved in supervisory examinations, enforcement actions, and other regulatory proceedings. They also note that the CFPB has researched how emerging technologies, such as generative AI and near-field communication, are used in consumer finance. To foster a competitive and “law-abiding” marketplace, Chopra and Meyer also note that the CFPB will continue to issue policy guidance to assist firms with understanding legal obligations. 

    Federal Issues CFPB FCC FTC Fintech Consumer Protection

  • FCC partners with two U.K. regulators in combating privacy issues and protecting consumer data

    Privacy, Cyber Risk & Data Security

    Recently, the FCC announced (here and here) that it has partnered with two U.K. communications regulatory agencies to address issues regarding privacy and data protection in telecommunications. The FCC announced two separate statements because the two U.K. regulators perform different duties: the first announcement is with the U.K. Information Commissioner’s Office (ICO), which regulates data protection and information rights; the second is with the U.K.’s Office of Communications (OFCOM) which regulates telecommunications. Both announcements highlighted a strengthening of resources and networks to protect consumers on an international scale, given the large amounts of data shared via international telecom carriers.

    The FCC’s announcement with ICO explained that the partnership would be focused on combatting robocall and robotext efforts, as well as finding means to better protect consumer privacy and data concerns. In the FCC’s announcement with the OFCOM, the U.S. regulator announced a new collaboration to combat illegal robocalls and robotexts given the two countries’ shared interest in investigating networking abuses. The FCC elaborated on its desire to bolster requirements for gateway providers: this is the “on-ramp” for international internet traffic into U.S. networks. 

    Privacy, Cyber Risk & Data Security FCC UK Of Interest to Non-US Persons Privacy Data Protection

  • FCC’s Rosenworcel relaunches Consumer Advisory Committee; focuses on AI consumer issues

    Privacy, Cyber Risk & Data Security

    On February 20, the Chairwoman of the FCC, Jessica Rosenworcel, announced that the FCC will relaunch the Consumer Advisory Committee (CAC). The CAC will focus on how emerging artificial intelligence (AI) technologies implicate consumers’ privacies and protections, such as how the FCC can better protect consumers against “unwanted and illegal” calls, among other things. The CAC is a committee with 28 members comprising companies, non-profit entities, trade organizations, and individuals; a full list of members is found here. The first meeting is on April 4, at 10:30 a.m., Eastern Time, and will be open to the public via a live broadcast.

    Privacy, Cyber Risk & Data Security FCC Advisory Committee Artificial Intelligence Privacy

  • FCC adopts rule on robocalls and robotexts, includes NPR on TCPA applicability

    Agency Rule-Making & Guidance

    On February 15, the FCC adopted a rule to protect consumers from robocalls and robotexts. According to the rule, robocallers and robotexters must honor do-not-call and consent revocation requests within 10 business days from receipt. In addition, the rule will allow consumers to revoke consent under the TCPA through any unreasonable means and will clarify that the TCPA would not be violated when a one-time text message is sent confirming a consumer’s request that no further text messages be sent if the confirmation text only confirms the opt-out request and does not include marketing information.

    The new rule clarified that revocation of consent can be made via automated methods such as interactive voice responses, key press activation on robocalls, responding with “stop” or similar messages to text messages, or using designated website or phone numbers provided by the caller all will constitute reasonable means to revoke consent. If a called party uses any of these designated methods to revoke consent, it will be considered definitively revoked, and future robocalls and robotexts from that caller must cease. The caller cannot claim that the use of such a mechanism by the called party is unreasonable. Any revocation request made through these specified means will be considered “absolute proof” of the called party's reasonable intent to revoke consent. Furthermore, when a consumer uses a method other than those discussed in the rule to revoke consent, “doing so creates a rebuttable presumption that the consumer has revoked consent when the called party satisfies their obligation to produce evidence that such a request has been made, absent evidence to the contrary.”

    The Commission also included a notice of proposed rulemaking, seeking comment on “whether the TCPA applies to robocalls and robotexts from wireless providers to their own subscribers and whether consumers should have the ability to revoke consent and stop such communications.” The rule will go into effect 30 days after publication in the Federal Register, except for certain amendments that will not be effective until six months following OMB review. 

    Agency Rule-Making & Guidance Federal Issues NPR TCPA FCC Robocalls Opt-Out Consumer Protection

  • FCC ruling determines AI calls are subject to TCPA regulations

    Federal Issues

    On February 8, the FCC announced the unanimous adoption of a declaratory ruling that recognizes calls made with AI-generated voices are “artificial” under the Telephone Consumer Protection Act (TCPA). The declaratory ruling notes that the TCPA prohibits initiating “any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party” unless certain exceptions apply. The TCPA also prohibited “any non-emergency call made using an automatic telephone dialing system or an artificial or prerecorded voice to certain specified categories of telephone numbers including emergency lines and wireless numbers.”

    The ruling, effective immediately, deemed voice cloning and similar AI technologies to be artificial voice messages under the TCPA, subject to its regulations. Therefore, prior express consent from the called party is required before making such calls. Additionally, callers using AI technology must provide identification and disclosure information and offer opt-out methods for telemarketing calls.

    This ruling provided State Attorneys General nationwide with additional resources to pursue perpetrators responsible for these robocalls. This action followed the Commission’s November proposed inquiry for how AI could impact unwanted robocalls and texts (announcement covered by InfoBytes here).

    Federal Issues Agency Rule-Making & Guidance Artificial Intelligence FCC TCPA Consumer Protection

  • FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General

    Agency Rule-Making & Guidance

    On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”

    This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.

    Agency Rule-Making & Guidance FCC TCPA Artificial Intelligence Robocalls State Attorney General

  • 26 State Attorneys General opine on FCC’s Notice of Inquiry regarding AI telemarketing

    Federal Issues

    On January 17, the State Attorneys General from 26 states submitted reply comments to the FCC’s Notice of Inquiry (the Notice) on how artificial intelligence (AI) technologies are impacting consumers. The information gleaned in response to the Notice is intended to help the FCC better protect consumers from AI-generated telemarketing in violation of the TCPA. The State AGs urged that any AI-generated voice should be considered an “artificial voice” under the TCPA to avoid “opening the door to potential, future rulemaking proceedings” that allow telemarketing agencies to use AI-assisted technologies in outbound calls without the prior written consent of a consumer. 

    Federal Issues State Attorney General FCC Artificial Intelligence Telemarketing TCPA

  • FCC adopts updated data breach notification rules

    Agency Rule-Making & Guidance

    On December 21, 2023, the FCC announced it adopted an updated data breach notifications rule. The rule was formerly designed to protect consumers against pretexting, “a practice in which a scammer pretends to be a particular customer or other authorized person to obtain access to that customer’s call detail or other private communications records.” As previously covered by InfoBytes, the FCC promulgated its notice of proposed rulemaking in January 2023. The rule has been updated to expand the data breach notification requirements to, among other things: (i) cover different categories of personally identifiable information that carriers hold; (ii) expand the definition of “breach” to cover unintended disclosures of consumer information, except in situations where such information is obtained in good faith by an employee or representative of a carrier or telecommunications relay service (“TRS”) provider, and where there’s no improper use or further disclosure of that information; (iii) require TRS providers and carriers to notify the FCC, FBI, and U.S. Secret Service as soon as practicable and no later than seven business days after the reasonable determination of a breach; (iv) no longer require TRS providers and carriers to notify consumers of a data breach if they reasonably determine no harm to consumers is reasonably likely; and (v) no longer require carriers to follow a mandatory waiting period to notify consumers of a breach. FCC Chairwoman Jessica Rosenworcel said in her statement that the update to the data breach policy is the first in 16 years and that under the Communications Act, “carriers have a duty to protect the privacy and security of consumer data.” The rule was adopted on December 13, 2023. 

    Agency Rule-Making & Guidance FCC Data Data Breach


Upcoming Events