Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • House committee continues federal privacy legislation discussions

    Privacy, Cyber Risk & Data Security

    On April 27, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Addressing America’s Data Privacy Shortfalls: How a National Standard Fills Gaps to Protect Americans’ Personal Information” to continue discussions on the need for comprehensive federal privacy legislation. Subcommittee Chair Gus Bilirakis (R-FL) delivered opening remarks, commenting that the Committee has examined in depth how a federal privacy law is needed to protect Americans and balance the needs of business, government and civil society, what happens when malicious actors exploit access to data, where the FTC’s jurisdictional lines and authority lay and how that interplays with a comprehensive federal privacy law, and the role of data brokers and the lack of protections given to consumers to manage their data.

    During the hearing, subcommittee members commented that one of the big debates about the American Data Privacy and Protection Act (ADPPA) as it came out of committee last year was the degree to which it should preempt state laws. There was push back on the bill from former Speaker Nancy Pelosi who was against the proposed preemption measures, as well as from the California attorney general and the California Privacy Protection Agency who expressed similar concerns and asked Congress to “allow states to provide additional protections in response to changing technology and data privacy protection practices.” The ADPPA was advanced through the committee last July by a vote of 53-2 (covered by InfoBytes here) and was sent to the House floor during the last Congressional session but never came up for a full chamber vote. The bill has not been reintroduced yet.

    Subcommittee members said that while drafting a comprehensive national data privacy law is a priority, there are a lot of concerns over preemption of state laws. Certain Republican members also commented that it is very important for Congress to create a single national standard before the FTC proposes data privacy rules from its commercial surveillance rulemaking efforts. As previously covered by InfoBytes, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the same committee in April, during which time they said they are currently reviewing comments on the proposed rulemaking but support federal privacy legislation.

    While the ADPPA has not yet been reintroduced, House Financial Services Committee Chairman Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165) earlier this year, which would, among other things, modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape and ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time.

    Privacy, Cyber Risk & Data Security Federal Issues Federal Legislation House Energy and Commerce Committee State Issues California Consumer Protection FTC

  • House subcommittee holds hearing on stablecoin regulation

    Federal Issues

    The House Financial Services Subcommittee on Digital Assets, Financial Technology and Inclusion recently held a hearing to examine stablecoins’ role in the payment system and to discuss proposed legislation for creating a federal framework for issuing stablecoins. A subcommittee memorandum identified different types of stablecoins (the most popular being pegged to the U.S. dollar to diminish volatility) and presented an overview of the market, which currently consists of more than 200 different types of stablecoins, collectively worth more than $132 billion. The subcommittee referred to a 2021 report issued by the President’s Working Group on Financial Markets, along with the FDIC and OCC (covered by InfoBytes here), in which it was recommended that Congress pass legislation requiring stablecoins to be issued only by insured depository institutions to ensure that payment stablecoins are subject to a federal prudential regulatory framework. The subcommittee discussed draft legislation that would define a payment stablecoin issuer and establish a regulatory framework for payment stablecoin issuers, including enforcement requirements and interoperability standards. 

    Subcommittee Chairman, French Hill (R-AR), delivered opening remarks, in which he commented that the proposed legislation would require stablecoin issuers to comply with redemption requirements, monthly attestation and disclosures, and risk management standards. Recognizing the significant amount of work yet to be done in this space, Hill said he believes that “innovation is fostered through choice and competition,” and that “one way to do that is through multiple pathways to become a stablecoin issuer, though with appropriate protections [to] prevent regulatory arbitrage and a race to the bottom.” He cited reports that digital asset developers are leaving the U.S. for countries that currently provide a more established regulatory framework for digital assets, and warned that this will stymie innovation, jobs, and consumer/investor protection. He also criticized ”the ongoing turf war between the SEC and CFTC” with respect to digital assets, and warned that “[w]hen you have two agencies contradicting each other in court about whether one of the most utilized stablecoins in the market is a security or a commodity, what you end up with is uncertainty.”

    Witness NYDFS Superintendent Adrienne A. Harris discussed the framework that is currently in place in New York and highlighted requirements for payment stablecoin issuers operating in the state. In a prepared statement, Harris said many domestic and foreign regulators call the Department’s regulatory and supervisory oversight of virtual currency the “gold standard,” in which virtual currency entities are “subject to custody and capital requirements designed to industry-specific risks necessary for sound, prudential regulation.” Harris explained that NYDFS established “additional regulations, guidance, and company-specific supervisory agreements to tailor [its] oversight” over financial products, including stablecoins, and said the Department is the first agency to provide regulatory clarity for these types of products. She highlighted guidance released last June, which established criteria for regulated entities seeking to issue USD-backed stablecoins in the state (covered by InfoBytes here), and encouraged a collaborative framework that mirrors the regulatory system for more traditional financial institutions and takes advantage of the comparative strengths offered by federal and state regulators. Federal regulators will be able to comprehensively address “macroprudential considerations” and implement foundational consumer and market protections, while states can “leverage their more immediate understanding of consumer needs” and more quickly modernize regulations in response to industry developments and innovation, Harris said.

    Federal Issues Digital Assets Stablecoins Payments State Issues House Financial Services Committee State Regulators NYDFS Federal Legislation Fintech

  • House subcommittee discusses CFPB reform proposals

    Federal Issues

    On March 9, the House Financial Services Committee’s Subcommittee on Financial Institutions and Monetary Policy held a hearing to discuss proposals that would alter the structure and authority of the CFPB. The subcommittee heard from several witnesses, including the CEO of the American Financial Services Association (AFSA), the Bureau’s former deputy director, and the Minnesota attorney general.

    During the hearing, members discussed legislation that would reform the Bureau, including: (i) the Consumer Financial Protection Commission Act, which would make the Bureau an independent commission; (ii) the Transparency in CFPB Cost-Benefit Analysis Act, which would require the Bureau to include a statement justifying any proposed rulemaking (including “why the private market, State, local, or tribal authorities cannot adequately address the problem”), as well as provide qualitative and quantitative cost assessments and data or studies used in preparing a proposal; (iii) the CFPB-IG Reform Act, which would create a separate inspector general for the Bureau; and (iv) the Taking Account of Bureaucrats’ Spending (TABS) Act, which would make the Bureau an independent agency from the Federal Reserve System called the “Consumer Financial Empowerment Agency” that would be funded through congressional appropriations rather than the Fed.

    In his prepared testimony, the AFSA CEO alleged several examples of regulatory overreach taken by the Bureau, including: (i) imposing limits on arbitration, despite the Bureau’s own finding that arbitration benefits consumers; (ii) releasing guidance, instead of legislative rulemaking, which creates ambiguity for companies and consumers; (iii) using “regulation by enforcement” to change TILA and creating an ability to repay standard that does not exist in any consumer financial law or regulation; (iv) issuing press releases that serve as regulations and provide recommendations inconsistent with the plain language of laws such as the SCRA; and (v) creating potential harm to servicemembers through misinterpretations of the Military Lending Act. He further explained that a press release issued by the Bureau last year on junk fees (covered by InfoBytes here) “goes beyond its authority” and creates confusion for both depository institutions and finance companies who are unsure what the rules are. He emphasized that “the best way to protect consumer is to protect access to credit,” and the best method for achieving this “is to have clearly defined terms and conditions that both industry and the regulatory community can understand and follow.”

    The former CFPB deputy director also asserted in his prepared testimony that the agency is prone to exceeding statutory limits or requirements. He commented that “[w]hile one or two of these actions could perhaps be dismissed as over-exuberance, the frequency with which these issues arise suggests that the agency lacks adequate internal or external controls to ensure it operates within the law,” and that in “the absence of these controls . . . [it] compels the conclusion that the CFPB is ripe for reform.” He also maintained that having the Bureau go through the annual appropriations process would help the agency “focus its priorities” and “improve its effectiveness and efficiency.” He further noted that expanding the Bureau’s UDAAP authority to cover conduct it observes in the marketplace (such as applying UDAAP credit discrimination laws to any decision making by a financial institution) is “a decision fundamentally for Congress.”

    The Minnesota attorney general, however, highlighted joint enforcement actions taken with the Bureau in his prepared testimony, stating that by serving “as a critical enforcement partner,” the agency is operating as Congress intended when it created the Bureau in response to the 2008 financial crisis. “The CFPB’s destruction would topple the whole system like dominos,” he stressed, adding that the funding arguments fall short as several federal agencies are not funded by Congress.

    Senators Sherrod Brown (D-OH), Chair of the Senate Banking Committee, and Representative Maxine Waters (D-CA), Ranking Member of the House Financial Services Committee, issued a statement strongly disagreeing with the introduced legislation. “We will continue to work with our colleagues to stop any anti-consumer bill and protect the CFPB so that consumers can continue to have an agency solely dedicated to protecting their hard-earned money,” the lawmakers said.

    Federal Issues House Financial Services Committee CFPB State Issues Enforcement Federal Legislation Consumer Finance Funding Structure Constitution State Attorney General

  • House committees move forward on data privacy

    Privacy, Cyber Risk & Data Security

    On March 1, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” to continue discussions on the need for comprehensive federal privacy legislation. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, commenting that discussions during the hearing will build upon the bipartisan American Data Privacy and Protection Act (ADPPA), which advanced through the committee last July by a vote of 53-2. As previously covered by InfoBytes, the ADPPA (see H.R. 8152) was sent to the House floor during the last Congressional session, but never came up for a full chamber vote. The bill has not been reintroduced yet.

    A subcommittee memo highlighted that absent a comprehensive federal standard, “there are insufficient limits to what types of data companies may collect, process, and transfer.” The subcommittee flagged the data broker industry as an example of where there are limited restrictions or oversight to prevent the creation of consumer profiles that link sensitive data to individuals. Other areas of importance noted by the subcommittee relate to data security protections, data minimization requirements, digital advertising, and privacy enhancing technologies. The subcommittee heard from witnesses who agreed that a comprehensive privacy framework would benefit consumers.

    One of the witnesses commented in prepared remarks that preemption is key, calling the current patchwork of state laws confusing and costly to businesses and consumers. “Consumers need a strong and consistent law to protect them across jurisdictions and market sectors, and to clarify what privacy rights they should expect and demand as they navigate the marketplace,” the witness said. The witness also stated that the FTC is currently relying on outdated law, noting that while Section 5 of the FTC Act is frequently used, “virtually all of the FTC’s privacy and data security cases are settlements. That means that many of the legal theories advanced, as well as the remedies obtained, have never been tested in court.”

    In advance of the hearing, the California governor, the California attorney general, and the California Privacy Protection Agency sent a joint letter opposing preemption language contained in H.R. 8152. “[B]y prohibiting states from adopting, maintaining, enforcing, or continuing in effect any law covered by the legislation, [the ADPPA] would eliminate existing protections for residents in California and sister states,” the letter warned. The letter asked Congress “to set the floor and not the ceiling in any federal privacy law” and “allow states to provide additional protections in response to changing technology and data privacy protection practices.”

    Separately, at the end of February, Chairman of the House Financial Services Committee, Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165). The bill moved out of committee by a 26-21 vote, and now goes to the full House for consideration. Among other things, the bill would modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape. The bill would also ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time. Additional provisions are intended to protect against the misuse or overuse of consumers’ personal data and impose disclosure requirements relating to data collection methods, how data is used and who it is shared with, data retention policies, and informed choice. The bill is designed to provide consistency across the country to reduce compliance burdens, McHenry said.

    Privacy, Cyber Risk & Data Security Federal Issues Federal Legislation House Energy and Commerce Committee House Financial Services Committee Gramm-Leach-Bliley State Issues CPPA Consumer Protection

  • Bipartisan Senate legislation would offer stronger ISA protections

    Federal Issues

    On January 31, Senators Mark Warner (D-VA), Todd Young (R-IN), Marco Rubio (R-FL), and Chris Coons (D-DE) reintroduced legislation to strengthen protections for students who enter into income share agreements (ISAs). The senators explained that ISAs are an innovative way for students to finance postsecondary education and serve as an alternative to high-interest student loans. Under an ISA, students agree to pay a percentage of their income over an agreed upon time period in exchange for tuition payments from nongovernmental sources. When the time period ends, students stop payments regardless of whether they have paid back the full amount.

    The ISA Student Protection Act of 2023 would, among other things, (i) prevent ISA providers from requiring payments higher than 20 percent of a student’s income; (ii) exempt students from making payments towards their ISA should their income fall below an affordability threshold; (iii) establish a maximum number of payments and limit payment obligations to the end of a fixed window; (iv) set a minimum number of voluntary payment relief pauses; (v) require ISA providers to give detailed payment disclosures to students who may be considering entering into an ISA (including how payments under an ISA compare to payments under a comparable loan); (vi) provide strong bankruptcy protections for students who enter into an ISA “by omitting the higher ‘undue hardship’ standard for discharge required under private loans”; (vii) prevent funders from accelerating defaulted ISAs; (viii) ensure that ISA obligations end in the event of death or total and permanent disability; (ix) ensure that ISAs fall under federal consumer protection laws, including the FCRA, FDCPA, MLA, SCRA, and ECOA; (x) grant regulatory authority over ISAs to the CFPB; and (xi) clarify how ISA contributions should be treated for tax purposes for both funders and recipients.

    Federal Issues Federal Legislation Student Lending Consumer Finance Income Share Agreements U.S. Senate

  • VA to update appraisal requirements and guidance for guaranteed housing loans

    Federal Issues

    On December 27, President Biden signed H.R. 7735, the Improving Access to the VA Home Loan Benefit Act of 2022, which requires the Department of Veterans Affairs to update its regulations, requirements, and guidance related to appraisals for housing loans guaranteed by the agency. The regulations and requirements must specify when an appraisal is required, how an appraisal is to be conducted, and who is eligible to conduct an appraisal for such loans. The Act also requires the VA to submit recommendations to Congress no later than 90 days after the date of enactment for improving appraisal delivery times for VA loans. The agency must consider these recommendations when it prescribes its updated regulations and requirements. Additionally, the VA must provide guidance for desktop appraisals, taking into account situations where a desktop appraisal could provide cost savings for borrowers whereas “a traditional appraisal requirement could cause time delays and jeopardize the completion of a transaction.”

    Federal Issues Federal Legislation Appraisal Department of Veterans Affairs Biden

  • Biden authorizes borrowers to separate joint consolidation loans

    Federal Issues

    On October 11, President Biden signed S. 1098, which amends the Higher Education Act of 1965 to authorize borrowers to separate joint consolidation loans. According to the bill, borrowers are permitted to split up federally guaranteed student loans held by private lenders into two new federal direct loans. The bill is effective immediately.

    Federal Issues Federal Legislation Student Lending Biden Consumer Finance

  • Pelosi cites preemption concerns in federal privacy bill

    Federal Issues

    On September 1, Speaker of the House Nancy Pelosi (D-CA) released a statement commending the House Energy and Commerce Committee’s work on advancing the American Data Privacy and Protection Act (ADPPA) to the House floor (covered by InfoBytes here). However, Pelosi also recognized preemption concerns raised by the California governor, the California Privacy Protection Agency, and other top state leaders. “With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights,” Pelosi said. “California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians—and states must be allowed to address rapid changes in technology.” Praising measures in the ADPPA that would give consumers the right, for the first time, to seek damages in court for violations of their privacy rights, Pelosi said the House “will continue to work with Chairman Pallone to address California’s concerns.” As previously covered by InfoBytes, the ADPPA also received criticism from several state attorneys general who argued, among other things, that “Congress should adopt a federal baseline, and continue to allow states to make decisions about additional protections for consumers residing in their jurisdictions,” instead of preempting areas of state privacy regulation.

    Federal Issues Privacy, Cyber Risk & Data Security Federal Legislation U.S. House American Data Privacy and Protection Act State Issues California Consumer Protection

  • California Privacy Protection Agency opposes federal privacy bill

    Privacy, Cyber Risk & Data Security

    On August 15, the California Privacy Protection Agency (CPPA) sent a letter to House Speaker Nancy Pelosi (D-CA) and House Minority Leader Kevin McCarthy (R-CA) opposing H.R.8152, the American Data Privacy and Protection Act (ADPPA). The CPPA expressed concerns that the proposed legislation “could nearly eliminate” the agency’s ability to fulfill its responsibility to protect Californians’ privacy rights and claimed that the bill’s provisions are “substantively weaker” than the California Privacy Rights Act. “ADPPA represents a false choice, that the strong rights of Californians and others must be taken away to provide privacy rights federally,” the CPPA stressed in its letter. “Americans deserve, and the Agency could support, a framework that offers both: a floor of federal protections that preserves the ability of the states to continue to improve protections in response to future threats to consumer privacy.”

    Last month the U.S. House Committee on Energy and Commerce voted 53-2 to send the ADPPA to the House floor with amendments that would enable the California agency to enforce the federal law (covered by InfoBytes here). However, the CPPA noted that “the language in the bill still raises significant uncertainties for the Agency were it to seek to enforce the federal measure.” Additionally, the bill, which has been revised from its initial draft (covered by a Buckley Special Alert), would preempt the current patchwork of five state privacy laws—which “would be an anomaly,” the CPPA said, given that current federal privacy laws such as the Health Information Portability and Accountability Act, the Gramm Leach Bliley Act, and the FCRA all contain language allowing states to adopt stronger protections. Pointing out that the bill’s “preemption language is especially concerning given the rate at which technology continues to advance and evolve,” the CPPA stressed the importance of states being able to build on their existing laws and allowing voters to seek out additional protections.

    Privacy, Cyber Risk & Data Security State Issues Federal Issues Federal Legislation Consumer Protection CPPA California American Data Privacy and Protection Act

  • Biden signs bills providing 10-year SOL on PPP and EIDL fraud

    Federal Issues

    On August 5, President Biden signed the Paycheck Protection Program and Bank Fraud Enforcement Harmonization Act (see H.R. 7352) and the COVID-19 Economic Injury Disaster Loan Fraud Statute of Limitations Act (see H.R. 7334). H.R. 7352 provides a 10-year statute of limitations for fraud by borrowers under the SBA’s Paycheck Protection Program, while H.R. 7334 establishes a 10-year statute of limitations for fraud by borrowers under the SBA’s Covid-19 Economic Injury Disaster Loan programs.

    Federal Issues Federal Legislation SBA CARES Act Covid-19 Small Business Lending Biden

Pages