InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Pelosi cites preemption concerns in federal privacy bill
On September 1, Speaker of the House Nancy Pelosi (D-CA) released a statement commending the House Energy and Commerce Committee’s work on advancing the American Data Privacy and Protection Act (ADPPA) to the House floor (covered by InfoBytes here). However, Pelosi also recognized preemption concerns raised by the California governor, the California Privacy Protection Agency, and other top state leaders. “With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights,” Pelosi said. “California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians—and states must be allowed to address rapid changes in technology.” Praising measures in the ADPPA that would give consumers the right, for the first time, to seek damages in court for violations of their privacy rights, Pelosi said the House “will continue to work with Chairman Pallone to address California’s concerns.” As previously covered by InfoBytes, the ADPPA also received criticism from several state attorneys general who argued, among other things, that “Congress should adopt a federal baseline, and continue to allow states to make decisions about additional protections for consumers residing in their jurisdictions,” instead of preempting areas of state privacy regulation.
House Oversight seeks info from digital asset exchanges, financial regulators
On August 30, the Subcommittee on Economic and Consumer Policy of the House Committee on Oversight and Reform announced that Representative Raja Krishnamoorthi (D-IL), Chair of the Subcommittee, sent letters to the U.S. Treasury Department, SEC, CFTC, and FTC, in addition to five digital asset exchanges, requesting information on how they are combating cryptocurrency-related fraud and scams. According to his letters, Chairman Krishnamoorthi is “concerned about the growth of fraud and consumer abuse linked to cryptocurrencies.” He further added that “[t]he lack of a central authority to flag suspicious transactions in many situations, the irreversibility of transactions, and the limited understanding many consumers and investors have of the underlying technology make cryptocurrency a preferred transaction method for scammers.” In the letters to the federal agencies, he stated that “the federal government has been slow to curb cryptocurrency scams and fraud,” and that “[e]xisting federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” In one of the letters to the digital asset exchanges, Krishnamoorthi noted that “cryptocurrency exchanges must themselves act to protect consumers conducting transactions through their platforms.” The letters requested that all recipients provide information to the subcommittee outling “steps they are taking to combat cryptocurrency-related fraud and scams and additional actions that are needed to protect Americans” in order to “help Congress understand what they are doing to protect consumers and inform legislative solutions to bring stability to the digital asset industry.”
House Republican concerned about Treasury sanctions on virtual currency mixer
On August 23, Representative Tom Emmer (R-MN) sent a letter to Treasury Secretary Janet Yellen raising privacy and due process concerns related to recent “first-of-their-kind” sanctions issued against a virtual currency mixer accused of allegedly laundering more than $7 billion in virtual currency, including more than $455 million stolen by a Democratic People’s Republic of Korea state-sponsored hacking group that is separately subject to U.S. sanctions (covered by InfoBytes here). The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) said the sanctions resulted from the company “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” (Covered by InfoBytes here.)
Emmer stressed, however, that adding the company to OFAC’s Specially Designated Nationals and Blocked Persons (SDN) List seemed to diverge from previous OFAC precedent since several of the company’s designated “smart contract addresses” do not appear to be a person, entity, or property, but rather are distributed technological tools that are not controlled by any entity or natural person. “OFAC has a long, commendable history of utilizing financial sanctions to enhance the national security of the United States,” the letter said. “Nonetheless, the sanctioning of neutral, open-source, decentralized technology presents a series of new questions, which impact not only our national security but the right to privacy of every American citizen.” Emmer referenced May 2019 guidance issued by FinCEN (covered by InfoBytes here), which he said drew “a distinction between ‘providers of anonymizing services’ (including ‘mixers’)” which are subject to Bank Secrecy Act obligations and “‘anonymizing software providers’” which are not. Emmer recognized that OFAC is not bound by FinCEN regulations, but said it is his understanding that the sanctioned company is “simply the anonymizing software deployed on the blockchain.”
Emmer requested clarification from Treasury on several questions, including the factors OFAC considers when designating technology to the SDN List and how OFAC plans to “uphold the appeals process for the sanctioned addresses that have no ability to appeal the sanction to OFAC” because they “are smart contracts with no agency, corporate or personal, and as such cannot speak for themselves or those whose funds they hold.”
Dem chairs request info on agency data use
On August 16, Chairman of the Committee on the Judiciary Jerrold Nadler (D-NY) and Chairman of the Committee on Homeland Security Bennie Thompson (D-MS) sent a letter to multiple government agency leaders, requesting information on their purchases and use of personal data from data brokers. According to the chairmen, “[c]ompanies participating in the data market acquire user information for package and sale through social media, mobile applications, web hosts, and other sources,” and such products “can include precise details on individuals’ location history, internet activity, and utilities information, to name a few.” The letter further noted that, “improper government acquisition of this data can thwart statutory and constitutional protections designed to protect Americans’ due process rights.” The letter also pointed out that the agencies receiving the letter “have contracts with numerous data brokers, who provide detailed information on millions of Americans.” The chairmen requested a briefing from the agencies, in addition to documents and communications related to contracts the government has had with data brokers, legal analyses on the use of personal data, and parameters and limitations set on the use of the data by the end of August.
Republicans allege CFPB “collusion” with states
On July 28, House Financial Services Committee Ranking Member Patrick McHenry (R-NC) and two other Republican members sent a letter to CFPB Director Rohit Chopra, expressing their concerns that the Bureau has been “colluding” with states to “intimidate companies by conspiring with state agencies to pursue duplicative enforcement actions” in the financial services industry. The letter recognizes that state AGs “may enforce the CFPA in cases where the CFPB has not,” but argues that “the statute does not allow for a state attorney general to become a party to an existing CFPB enforcement action.” As previously covered by InfoBytes, the Bureau issued an interpretive rule in May addressing states’ authority to bring enforcement actions for violations of federal consumer financial protection laws, including the CFPA. The representatives argue that although the CFPB has a duty to enforce the CFPA and protect consumers from predatory and discriminatory practices, the Bureau’s interpretive rule is “akin to deputizing state attorneys general to enforce the CFPA on behalf of the CFPB – something Congress did not authorize.” The letter concludes with a request for documents and information from the Bureau by August 12, including (i) the legal authority that allows the CFPB to “recruit state attorneys general to join existing CFPB actions"; (ii) any “safeguards” the CFPB has in place to avoid “redundant and duplicative state actions”; and (iii) “all documents and communications between offices of state attorneys general and the CFPB since October 12, 2021” and “all information regarding complaints filed in a judicial court received by the CFPB pursuant to 12 USC § 5552.”
House committee advances comprehensive consumer privacy bill
On July 20, the U.S. House Committee on Energy and Commerce voted 53-2 to send H.R. 8152, the American Data Privacy and Protection Act, to the House floor. As previously covered by a Buckley Special Alert, a draft of the bill was released in June, which would, among other things, require companies to collect the least amount of data possible to provide services, implement special protections for minors, and allocate enforcement responsibilities to the FTC. The bill has been revised from its initial draft to allow consumers to bring lawsuits after notifying certain state and federal regulators beginning two years after the law takes effect, which is different from the four-year wait period proposed in the draft. Additionally, the current patchwork of five state privacy laws would be preempted, although under the revised bill California's new privacy agency would be allowed to enforce the federal law. The revised bill also includes a provision that narrows the scope of algorithmic impact assessments required of large data holders to focus on algorithms that pose a “consequential risk of harm.” Additionally, the revised bill includes a more expansive definition of “sensitive data” to include browsing history, race, ethnicity, religion and union membership. It also sets a tiered system of responsibility depending on the size of companies for data related to people under 17.
House passes bill to expand AML regulation
On July 20, the U.S. House passed H.R. 7900 with a 329-101 vote. Section 5401 of the bill, if passed, would amend the Bank Secrecy Act to require that professional service providers who “serve as key gatekeepers to the U.S. financial system adopt anti-money laundering procedures that can help detect and prevent the laundering of corrupt and other criminal funds into the United States.” Section 5401 calls for the imposition of anti-money laundering requirements on any person, excluding any governmental entity, employee, or agent, who engages in any activity which the Secretary determines by regulation to be the provision, with or without compensation, of (i) corporate or other legal entity arrangement, association, or formation services; (ii) trust services; or (iii) third party payment services, among other things. The strategy is intended to combat money laundering through shell companies by imposing anti-money laundering requirements on persons who act as gatekeepers for legal entities to enter the United States.
CFPB testifies on commitment to servicemembers
On July 13, the CFPB testified before Subcommittee on National Security of the House Committee on Oversight and Reform regarding the Bureau’s efforts with respect to servicemembers. The testimony began by noting that the Bureau “is committed to our mission . . . to educate and empower servicemembers, monitor their complaints, and coordinate efforts across the government to protect servicemembers and their families in the financial marketplace.” The Bureau pointed out that it has received more than 4.2 million consumer complaints since June 30, including more than 286,000 complaints from servicemembers, veterans, and military family members. The testimony highlighted efforts by the Bureau to protect military members, such as: (i) issuing a consent order against a Nevada-based consumer lender for allegedly violating the Military Lending Act (MLA), the Electronic Fund Transfer Act (EFTA), and the CFPA when making installment loans (covered by InfoBytes here); (ii) filing a complaint in the U.S. District Court for the Northern District of California against a California-based online lender for allegedly made making more than 4,000 single-payment or installment loans to over 1,200 covered borrowers in violation of the MLA (covered by InfoBytes here); and (iii) filing a complaint against a Texas-based pawn lender and its wholly owned subsidiary for allegedly violating the MLA by charging active-duty servicemembers and their dependents more than the allowable 36 percent annual percentage rate on pawn loans (covered by InfoBytes here). The testimony, among other things, also discussed the Bureau’s collaborations with other agencies such as the FTC and the VA to protect servicemembers from scams and fraud.
House passes America COMPETES Act
On February 4, the U.S. House passed, by a vote of 222-210, the “America Creating Opportunities for Manufacturing Pre-Eminence in Technology and Economic Strength (COMPETES) Act” H.R. 4521, which aims to strengthen the competitiveness of the U.S. economy and U.S. businesses, and counters anti-competitive actions taken by the People’s Republic of China. The COMPETES Act includes provisions affecting financial services, such as:
- U.S. Policy on World Bank Group and Asian Development Bank Loans to China. This provision would, among other things, direct Treasury to vote against any loans to China from the World Bank or Asian Development Bank under certain circumstances, and allow borrowing countries to seek restructuring of China loans in official multilateral debt relief forums.
- Prohibitions or Conditions on Certain Transmittal of Funds. This provision would streamline the process by which special measures may be introduced and modernizes the authorities granted to the FinCEN by permitting the agency to pursue bad actors.
- Study on Chinese Support for Afghan Illicit Finance. This provision would direct Treasury’s Office of Terrorism and Financial Intelligence to brief Congress on the identification and analysis of Chinese economic, commercial, and financial connections to Afghanistan, to include illicit financial networks involved in narcotics trafficking, illicit financial transactions, official corruption, natural resources exploitation, and terrorist networks.
- Support for Debt Relief for Developing Countries. This provision would direct the Treasury secretary and U.S. representatives at the International Monetary Fund and the World Bank to engage with international financial institutions, official creditors, and relevant commercial creditor groups to advocate for the effective implementation of the G-20’s Common Framework.
Dems urge FTC to enforce children and teen privacy compliance
On October 8, Senator Ed Markey (D-MA) and Representatives Kathy Castor (D-FL) and Lori Trahan (D-MA) sent a letter to FTC Chair Lina Khan urging the Commission to ensure that technology companies comply with their own policies regarding the protection of children’s and teen’s privacy. Among other things, the three Democratic lawmakers advocate that Khan “use [her] authority under Section 5 of the FTC Act to ensure that technology companies comply with these commitments to users and hold them accountable if they fail to do so." Under Section 5 , companies are prohibited from engaging in unfair or deceptive acts or practices in or affecting interstate commerce. The lawmakers assert that the FTC has a statutory obligation to ensure that technology platforms fulfill their public statements and policies regarding children’s and teen’s privacy. The letter emphasizes that the need to protect children and teens from online privacy threats is very urgent, stating that “[s]ince 2015, American children have spent almost five hours each day watching their screens, and children’s and teens’ daily screen time has increased by 50 percent or more during the coronavirus pandemic.”