Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Department of Commerce announces new actions related to Executive Order on AI

    Federal Issues

    On April 29, the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce released several announcements regarding the progress on President Biden's Executive Order on AI (covered by InfoBytes here). NIST released four draft publications aimed at enhancing AI systems' safety, security, and trustworthiness.

    The four draft publications include: (i) NIST AI 600-1 that offers a Generative AI Profile to help organizations identify and manage risks associated with generative AI; (ii) NIST SP 800-218A to expand on the Secure Software Development Framework (SSDF) and address concerns about malicious training data affecting AI systems, as well as provide potential risks and strategies for handling training data, including recommendations for analyzing data for signs of poisoning, bias, homogeneity, and tampering; (iii) NIST AI 100-4 that proposes technical methods to improve the transparency of AI-created or “synthetic” content; and (iv) NIST AI 100-5 which will outline a plan to encourage the global development of AI-related technical standards and seek feedback on areas for AI standardization, including methods for tracking the origin of digital content and shared practices for AI system testing and evaluation. Additionally, NIST is launching challenges to create methods for distinguishing between human and AI-generated content. Public comments on these initial drafts will be due by June 2.

    Federal Issues Privacy, Cyber Risk & Data Security NIST Artificial Intelligence Biden Executive Order

  • CFPB Director speaks on new and proposed rules for data brokers

    Agency Rule-Making & Guidance

    On April 2, the Director of the CFPB, Rohit Chopra, delivered a speech at the White House Office of Science and Technology Policy highlighting President Biden’s recent Executive Order (EO) to Protect Americans’ Sensitive Personal Data and how the CFPB will plan to develop rules to regulate “data brokers” under FCRA. As previously covered by InfoBytes, the EO ordered several agencies, including the CFPB, to better protect Americans’ data. Chopra highlighted how the EO not only covered data breaches but also regulated “data brokers” that ingest and sell data. According to the EO, “Commercial data brokers… can sell [data] to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.”

    Consistent with the EO, the CFPB will plan to propose rules this year that will regulate “data brokers,” as per its authority under FCRA. Specifically, the proposed rules would include data brokers within the definition of “consumer reporting agency”; further, a company’s sale of consumer payment or income data would be considered a “consumer report” subject to requirements, like accuracy, customer disputes, and other provisions prohibiting misuse of the data.

    Agency Rule-Making & Guidance Federal Issues CFPB Privacy, Cyber Risk & Data Security Executive Order Data Brokers

  • White House orders DOJ and CFPB to better protect citizens’ sensitive personal data

    Privacy, Cyber Risk & Data Security

    On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”

    A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.

    Privacy, Cyber Risk & Data Security Federal Issues Department of Justice CFPB Executive Order Department of Homeland Security White House Big Data China Russia Iran North Korea Cuba Venezuela

  • White House provides three-month update on its AI executive order

    Federal Issues

    On January 29, President Biden released a statement detailing how federal agencies have fared in complying with Executive Order 14110 regarding artificial intelligence (AI) development and safety. As previously covered by InfoBytes, President Biden’s Executive Order from October 30, 2023, outlined how the federal government can promote AI safely and in a secure way to protect U.S. citizens’ rights.

    The statement notes that federal agencies have (i) used the Defense Production Act to have AI developers report vital information to the Department of Commerce; (ii) proposed a draft rule for U.S. cloud companies to provide computing power for foreign AI training, and (iii) completed risk assessments for “vital” aspects of society. The statement further outlines how the NSF (iv) managed a pilot program to ensure that AI resources are equitably accessible to the research and education communities; (v) began the EducateAI initiative to create AI educational opportunities in K-12 through undergraduate institutions; (vi) promoted the funding of a new Regional Innovation Engines to assist in creating breakthrough clinical therapies; (vii) the OPM launched the Tech Talent Task Force to accelerate hiring data scientists in the government, and (viii) the DHHS established an AI Task Force to provide “regulatory clarity” in health care. Lastly, the statement provides additional information on various agency activities that have been completed in response to the Executive Order. More on this can be found at

    Federal Issues Biden White House Artificial Intelligence Executive Order

  • President Biden vetoes bill on CFPB small business data rule

    Federal Issues

    On December 19, President Biden vetoed bill S. J. Res. 32 that would have repealed the CFPB’s small business data collection rule known as “Small Business Lending Under the Equal Credit Opportunity Act (Regulation B).” As previously covered by InfoBytes, the small business data collection rule, under Section 1071 of the Dodd-Frank Act, requires small business owners to provide demographic data (i.e., race, gender, ethnicity, etc.), as well as geographic information, lending decisions, and credit pricing to lenders. According to President Biden’s statement accompanying the veto, the CFPB’s final rule brings “transparency to small business lending” and repealing this rule would “hinder” the government’s ability to conduct oversight of predatory lenders. The bill is now to be returned to the Senate to be voted on again and can only become law if two-thirds of members support the bill. Separately, in October, a U.S. District Court in Texas imposed an injunction on the CFPB’s small business data rule (covered by InfoBytes here).

    Federal Issues Executive Order CFPB Section 1071 U.S. Senate White House

  • CFPB’s Language Access Plan breakdown for consumers with limited English proficiency

    Federal Issues

    On November 15, the CFPB issued a report, titled “The CFPB Language Access Plan for consumers with limited English proficiency,” on expanding consumer needs in the financial marketplace for individuals with limited English proficiency. The CFPB released this report consistent with the mandates under E.O. 13166 to “educate and empower all consumers, provide information and assistance to traditionally underserved consumer and communities, enforce fair lending laws, and promote an equitable workforce for all consumers.”

    The CFPB cites that 22 percent of the U.S. population over the age of five speak a language other than English at home. The CFPB commits itself to ensuring that tools, programs, and services are available to those who need language assistance by (i) understanding the needs of the population; (ii) conducting outreach and engagement; (iii) providing products and services in eight different languages other than English; and (iv) promoting fair and equitable access to the financial marketplace.

    The CFPB’s report also lists several public enforcement actions involving communicating with consumer with limited English proficiency. The report mainly outlines how well the agency does in addressing the diverse language needs of the U.S. population, including translated disclosures, websites, and outreach and engagement sessions.

    Federal Issues Agency Rule-Making & Guidance CFPB Consumer Protection Executive Order

  • President Biden issues Executive Order targeting AI safety

    Federal Issues

    On October 30, President Biden issued an Executive Order (EO) outlining how the federal government can promote artifical intelligence (AI) safety and security to protect US citizens’ rights by: (i) directing AI developers to share critical information and test results with the U.S. government; (ii) developing standards for safe and secure AI systems; (iii) protecting citizens from AI-enabled fraud; (iv) establishing a cybersecurity program; and (v) creating a National Security Memorandum developed by the National Security Council to address AI security.

    President Biden also called on Congress to act by passing “bipartisan data privacy legislation” that (i) prioritizes federal support for privacy preservation; (ii) strengthens privacy technologies; (iii) evaluates agencies’ information collection processes for AI risks; and (iv) develops guidelines for federal agencies to evaluate privacy-preserving techniques. The EO additionally encourages agencies to use existing authorities to protect consumers and promote equity. As previously covered by InfoBytes, the FCC recently proposed to use AI to block unwanted robocalls and texts). The order further outlines how the U.S. can continue acting as a leader in AI innovation by catalyzing AI research, promoting a fair and competitive AI ecosystem, and expanding the highly skilled workforce by streamlining visa review.

    Federal Issues Privacy, Cyber Risk & Data Security White House Artificial Intelligence Biden Executive Order Consumer Protection

  • California governor signs executive order on GenAI

    State Issues

    On September 6, California Governor Gavin Newsom signed an Executive Order (E.O.) instructing state agencies to evaluate how generative artificial intelligence (GenAI) may impact the State and its residents. Specifically, the E.O. requires certain state agencies to provide a report to the Governor which will examine “the most significant, potentially beneficial uses” of GenAI tools by the state. The report must also discuss “the potential risks to individuals, communities, and government and state government workers” from GenAI tools. Certain California agencies, including the Department of Technology, must perform a “risk analysis of potential threats to and vulnerabilities of California’s critical energy infrastructure by the use of GenAI.” The E.O. also requires that the State issue “general guidelines for public sector procurement, uses, and required training for use of GenAI,” and consider pilots of GenAI projects to be tested in “sandboxes.” Lastly, the E.O. directs the State to pursue a formal partnership with certain California higher education institutions to study the impacts of GenAI and support its safe growth.

    State Issues California Executive Order Artificial Intelligence Supervision Governors

  • Biden E.O. labels China as a country of concern; Treasury issues ANPR

    Federal Issues

    On August 9, the White House announced that President Biden signed an Executive Order on Addressing United States Investments In Certain National Security Technologies and Products In Countries of Concern (E.O.). The President explained his view that some countries create national security risks by using particular technologies to advance their “military and defense industrial sectors” rather than civilian and commercial sectors. Biden stated that although open global capital flows substantially benefit the U.S., the E.O. stated that certain investments may “accelerate and increase the success of the development of sensitive technologies and products in countries that develop them to counter United States and allied capabilities.” The E.O. directs the Secretary of the Treasury to issue regulations that (i) prohibit U.S. persons from participating in specific transactions associated with particular technologies and products that present a significant and urgent risk to national security; and (ii) mandate U.S. persons to notify the Treasury about different transactions related to specific technologies and products that may contribute to the national security threat. The annex to the E.O. identifies China, including Hong Kong and Macau, as the sole nation warranting concern. The E.O. also requires the Secretary to communicate with Congress and the public regarding the E.O., consult with other agency leaders, assess whether to amend the regulations within one year, and provide reports to the President and Congress.

    The Treasury simultaneously issued an Advance Notice of Proposed Rulemaking, requesting public comment on the implementation of the E.O., along with proposed definitions of key terms, before the program goes into effect. Written comments may be submitted within 45 days here.

    Federal Issues Department of Treasury Biden Of Interest to Non-US Persons China Hong Kong Artificial Intelligence Executive Order

  • OFAC adds regulations on Chinese military companies and WMDs

    Financial Crimes

    On February 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it is adding regulations to implement a November 2020 Executive Order (E.O.), which is related to securities investments that finance Communist Chinese military companies, as amended by a June 2021 E.O. related to the Chinese military-industrial complex and Chinese surveillance technology. As previously covered by InfoBytes, President Biden issued E.O. 14032, “Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies.” The E.O. took additional steps pursuant to the national emergency declared pursuant to E.O. 13959 (covered by Infobytes here), including the threat posed by the military-industrial complex of the People’s Republic of China (PRC) and “its involvement in military, intelligence, and security research and development programs, and weapons and related equipment production under the PRC’s Military-Civil Fusion strategy.” According to OFAC, with respect to the recent regulations, the agency “intends to supplement these regulations with a more comprehensive set of regulations, which may include additional interpretive guidance and definitions, general licenses, and other regulatory provisions.” The regulations took effect February 16.

    Additionally, OFAC announced that it is publishing an amendment to the Weapons of Mass Destruction Proliferators Sanctions Regulations “to revise an existing general license authorizing the provision of certain legal services and add a general license authorizing payments for legal services from funds originating outside the United States.” (Covered by InfoBytes here.) The amendment also took effect February 16. 

    Financial Crimes OFAC Of Interest to Non-US Persons China Executive Order Biden OFAC Sanctions


Upcoming Events