InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Banking Trade Associations Urge Senate Leaders to Pass Regulatory Relief Legislation for Community Institutions
On September 8, four trade associations representing 14,000 financial institutions – the American Bankers Association, the Credit Union National Association, the Independent Community Bankers of America, and the National Association of Federal Credit Unions – submitted a letter to Senate Banking Committee Chairman Richard Shelby and Ranking Member Sherrod Brown urging them to enact bipartisan legislation that would provide “regulatory relief to community financial institutions.” The letter describes the measures that community banks have been forced to make to address the “growing volume and complexity of regulations,” including cutting back on their loan officers ranks in favor of additional compliance staff and adjusting or eliminating financial products and services offered to consumers. The letter urges the Senate to pass the Financial Regulatory Improvement Act of 2015, S. 1484, which was approved by the Senate Banking Committee in May. This legislation, the letter claims, will “addresses statutory and regulatory obstacles that thwart the ability of community banks and credit unions to fully serve the diverse financial services needs of consumers.”
U.S. Senators Introduce Automobile-Focused Cybersecurity Legislation
On July 21, Senators Blumenthal (D-CT) and Markey (D-MA) introduced legislation, the Security and Privacy in Your Car Act (“SPY Car" Act), that would protect drivers’ privacy while allowing them to remain connected to the growing technological advances in the automobile industry. In addition to directing the National Highway Traffic Safety Administration (NHTSA) and the FTC to develop federal cybersecurity and privacy standards that would secure motor vehicles manufactured for sale in the United States and protect drivers, the SPY Car Act seeks to establish a rating system, or “cyber dashboard,” that “informs consumers about how well the vehicle protects drivers’ security and privacy” beyond the minimum standards potentially set by the NHTSA and the FTC. The requirements that motor vehicles: (i) be equipped with reasonable measures to protect against hacking attacks; (ii) maintain the ability to reasonably secure data collected within electronic systems; and (iii) be equipped with capabilities to immediately detect, report, and stop attempts to intercept driving data or control the vehicle, are among the cybersecurity standards outlined in the SPY Car Act. In regards to privacy standards, the legislation proposes the following: (i) transparency, such that owners or lessees are explicitly aware of the collection, transmission, retention, and use of driving data; (ii) consumer choice, allowing owners or lessees to opt out of data collection and retention without losing access to other features, such as key navigation; and (iii) marketing prohibition, which would ban companies from using personal driving information for advertising purposes without obtaining the affirmative express consent of the owner or lessee. The introduction of the SPY Car Act follows Senator Markey’s 2015 Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk report, which showed gaps in the auto industry’s ability to prevent hackers from accessing internet-connected features in vehicles.
CFPB Director Set to Testify at Senate Banking Hearing on July 15
On July 15, CFPB Director Richard Cordray will deliver testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs focusing on “The Consumer Financial Protection Bureau’s Semi-Annual Report to Congress.” The hearing is scheduled to begin at 10 a.m.
U.S. Senators Introduce Legislation Seeking to Increase SEC Penalty Amounts
On July 9, U.S. Senators Jack Reed (D-RI) and Chuck Grassley (R-IA) introduced Senate bill 1730, the Stronger Enforcement of Civil Penalties Act of 2015 (SECPA), aimed at increasing the SEC’s ability to combat securities’ laws violations to better protect investors and bolster oversight and accountability. Specifically, the SECPA “increase[es] the statutory limits on civil monetary penalties, directly linking the size of these penalties to the scope of harm and associated investor losses, and substantially raising the financial stakes for repeat securities law violators.” In addition, the legislation calls for expanded penalty authority for violations of previously imposed injunctions or bars, and would categorize individual injunction violations as separate charges.
DOJ Deputy Assistant AG Delivers Testimony at Senate Subcommittee Hearing Regarding Cyber Crime
On July 8, the DOJ’s Deputy Assistant AG, David Bitkower, delivered his testimony before the Senate Judiciary Subcommittee on Crime and Terrorism’s hearing entitled, “Cyber Crime: Modernizing Our Legal Framework for the Information Age.” Bitkower’s testimony focused on two of President Obama’s earlier 2015 legislative proposals regarding the security of online privacy for American citizens and businesses. The first proposal, with an emphasis on the “insider threat,” seeks to amend a provision of the Computer Fraud and Abuse Act (CFAA) – the primary statute the DOJ uses to charge computer crime cases – to ensure that corrupt employees using their authority to access sensitive data for personal gain are not immune from federal punishment. Bitkower noted that recent judicial decisions have impeded the government’s ability to prosecute cases where “serious violations and invasions of privacy” were prevalent. The second legislative proposal would enhance the DOJ’s ability to combat botnets, the networks of computers that are infected with malware and used by criminals to steal personal information, evade detection, and hold computers and computer systems for ransom. The proposed legislation would broaden the categories of crimes committed with botnets that can be enjoined by courts, which, under the current law, are mostly limited financial crimes.
NAAG Urging Congress to Refrain From Passing Federal Data Breach Legislation Preempting State Authority
On July 7, as Congress considers proposed legislation on data breach notification and security, the National Association of Attorneys General (NAAG) sent a letter to leaders of both houses of Congress urging them to refrain from passing federal data breach and identity theft laws that would preempt states’ authority to enforce their own legislation, or pass legislation that exceeds federal standards. The 47 state attorneys general argued that “preempting state law would make consumers less protected than they are right now” because (i) states are closer to people affected consumers and can better respond to their concerns; (ii) states are “better equipped to quickly adjust to the challenges presented by a data-driven economy”; (iii) although helpful for a national data breach, a single federal agency would be unable to “respond effectively” to the large number of smaller data breaches that “have a large impact in a particular state or region”; and (iv) “with the increasing speed rate of technological developments,” states need the ability to surpass minimal and continually obsolete federal requirements. Accordingly, the state attorneys general asserted it was “crucial” that they “maintain their enforcement authority under their states’ laws, and that any legislation be tailored to ensure complementary enforcement authority.”
FTC Provides Annual Financial Acts Enforcement Report to CFPB and Federal Reserve
On June 9, the FTC announced that it has provided to the CFPB its 2014 Annual Financial Acts Enforcement Report. The report highlights the FTC’s enforcement, research, rulemaking, and policy development activities with respect to the Truth in Lending Act (Regulation Z), the Consumer Leasing Act (Regulation M), and the Electronic Fund Transfer Act (Regulation E). Areas detailed within the report include enforcement actions related to non-mortgage credit, including auto finance and payday lending, mortgage loan advertising, and forensic audit scams; and consumer and business outreach related to truth in lending requirements. The report, submitted on May 29, will be used to prepare the CFPB’s Annual Report to Congress. The FTC also submitted a copy of the report to the Federal Reserve Board.
U.S. Senate Confirms Lynch As Next Attorney General
On April 23, the U.S. Senate confirmed Loretta Lynch to be the next U.S. Attorney General with a 56-43 majority vote, succeeding current Attorney General Eric Holder. With the confirmation, Lynch, who currently serves as the U.S. Attorney for the Eastern District of New York, becomes the first African-American woman to lead the DOJ.
DOJ Announces Indictment of U.S. Senator Menendez and Friend Salomon Melgen for Conspiracy, Bribery, and Honest Services Fraud
On April 1, the DOJ indicted Senator Robert Menendez and Florida ophthalmologist Salomon Melgen for an alleged bribery scheme in which Menendez accepted financial gifts from Melgen in exchange for using his position of power to assist Melgen in furthering financial and personal interests. According to the DOJ, from January 2006 and January 2013, Menendez accepted gifts including a vacation on the coast of the Dominican Republic, hundreds of thousands of dollars to his 2012 Senate campaign, and numerous trips on Melgen’s private jet. In return for these gifts, which were never reported on the appropriate financial disclosure forms, Menendez (i) pressured executive agencies regarding a dispute between Melgen and the Dominican Republic government concerning a contract relating to the “exclusive screening of containers coming through the Dominican ports;” (ii) advocated on Melgen’s behalf in regards to a Medicare billing dispute; and (iii) actively supported the visa applications of persons related to or in a relationship with Melgen.
Industry Trade Groups Urge Congress to Pass Legislation to Protect Consumers from Data Breaches
On February 12, seven industry trade associations co-authored a letter to Congress regarding anticipated data breach legislation. The letter urges Congress to protect its constituents from the impact of identity theft and financial fraud resulting from data breaches by (i) considering a national data security and breach standard; (ii) recognizing the existing fraud protection standards (e.g., HIPAA and GLBA) and having them serve as a model for sectors where there are none; and (iii) encouraging shared responsibility between entities, including costs. The letter is the latest effort among the industry to lobby Congress in passing legislation to combat increasing data breaches and fraud.