Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 1, the SBA announced implementation of additional policies aimed at expanding small business’ access to capital by modernizing SBA’s signature 7(a) and 504 Loan Programs. The new simplified guidelines for lenders include updated origination policies and procedures, lender participation requirements, and 7(a) loan servicing and liquidation requirements. SBA has also clarified affiliation standards to effectively communicate who qualifies for SBA loans, will use technology updates to bring eligibility determinations in-house, and will also use advanced data analytics and third-party data checks for fraud review on all loan programs before approval.
The following three SBA SOPs took effect on August 1, bringing many of the new policies into practice:
- SOP 50 10 7: Lender and Development Company Loan Programs: Contains SBA’s policies and procedures governing the 7(a) and 504 loan programs.
- SOP 50 56: Lender participation requirements: Contains the criteria for becoming an SBA Lender.
- SOP 50 57: 7(a) Loan Servicing and Liquidation: Contains the policies and procedures for 7(a) loan servicing and liquidation.
Finally, the SBA will begin accepting the Universal Purchase Package, a new feature that is expected to streamline the process for lenders to request SBA honor its loan guaranty. SBA will also introduce new features in E-TRAN, SBA’s online platform used by lenders to upload loan applications.
On July 27, the Biden administration released a fact sheet detailing new actions to develop the Blueprint for a Renters Bill of Rights, which was rolled out early this year (covered by InfoBytes here). The three new actions aim to support renters by (i) “ensuring all renters have an opportunity to address incorrect tenant screening reports”; (ii) “providing new funding to support tenant organizing efforts”; and (iii) “ensuring that renters are given fair notice in advance of eviction.” Additionally, the CFPB, USDA, FHFA, and HUD concurrently released statements aimed at landlords, reminding them of “best practices” and their obligation to inform tenants of their rights.
FHFA published Director Sandra L. Thompson’s statement on “best practices” for the delivery of adverse action notices to renters by GSE-backed multifamily housing borrowers. Referencing research showing that tenant screening reports often contain imprecise or inaccurate information, Director Thompson “strongly encouraged” borrowers who deny a rental application to provide written adverse action notices to the applicants and a copy of any consumer screening report that was relied upon. FHFA’s guidance is based on the FCRA’s requirement that landlords and property managers inform rental applicants of negative information from a consumer screening report that resulted in their rental application being rejected or another unfavorable outcome.
The CFPB posted a blog entry that emphasized landlords’ obligation under the FCRA adverse action notice requirement, which mandates that landlords who take any action against a current or prospective tenant based on a consumer report notify the tenant of the decision and how they can contact the company that created the report. The Bureau advised that renters have the right to review their rental background check report and to dispute information they believe to be inaccurate and encouraged tenants to obtain a free copy of the report from the company that compiled it and dispute any errors (covered by InfoBytes here).
In conjunction with the White House press release, HUD announced it is taking multiple actions to improve rental screening transparency and support renters. It is sending reminders to public housing agencies and property owners about their obligation to inform rejected applicants about reasons for their denial, which provides renters with the opportunity to correct any errors. Additionally, HUD is providing $10 million for tenant education and outreach in Section 8 program properties to assist tenants with “capacity building efforts” for engagement with property management. Furthermore, HUD will issue a proposed rule requiring a 30-day written notification for evictions due to nonpayment of rent in certain subsidized housing.
Also mentioned was the recent White House announcement of actions it is taking to combat “unfair and hidden fees” concerning rental housing (covered by InfoBytes here).
On July 19, the White House released a Fact Sheet announcing that the Biden-Harris administration is cracking down on junk fees in rental housing to lower costs for renters. The administration explained how rental housing fees can be burdensome for renters, with application fees often exceeding the actual cost of background checks, accumulating to hundreds of dollars as prospective renters apply for multiple units. Additionally, mandatory fees, such as convenience fees for online rent payment, mail sorting, trash collection, and obscure charges like "January fees," further strain renters' finances and hinder comparison shopping, as the true cost of renting may be higher than expected or affordable, the announcement states. The Fact Sheet outlines the president’s steps for taking action: (i) major rental housing platforms will disclose total upfront costs in addition to the advertised rent; (ii) legislative efforts to regulate rental housing fees and safeguard consumer interests are underway in several states; and (iii) HUD presented new research outlining a blueprint for a nationwide initiative to tackle rental housing fees. HUD’s new research presents an extensive review of rental fees, emphasizing strategies adopted by state, local, and private sectors to promote transparency and equity in the rental market. These strategies encompass measures like capping or abolishing rental application fees, enabling renters to submit their own screening reports, utilizing a single application fee for multiple applications, and ensuring clear disclosure of total move-in and monthly rent costs. HUD's research serves as a guide for local authorities and landlords alike to enhance conditions for renters.
On July 13, the Biden administration published the National Cybersecurity Strategy Implementation Plan (NCSIP), outlining a roadmap for carrying out the administration’s National Cybersecurity Strategy. The strategy was released earlier this year to introduce several key pillars for countering threats to the digital ecosystem and improving the nation’s digital security (covered by InfoBytes here). Designed to build and enhance collaboration, the NCSIP identifies 65 federal initiatives assigned to various agencies with timelines for completion. According to the announcement, 18 agencies are spearheading initiatives in this “whole-of-government” plan, which also factors in “continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments.”
Pillars include measures to:
- Defend critical infrastructure (the Cybersecurity and Infrastructure Security Agency will implement measures to update the National Cyber Incident Response Plan to, among other things, provide clear guidance to external partners on the roles and capabilities of federal agencies in incident response and recovery);
- Disrupt and dismantle threat actors (including focusing on virtual asset providers that enable the laundering of ransomware proceeds);
- Shape market forces and drive security and resilience;
- Invest in a resilient future (the National Institute of Standards and Technology will convene an interagency working group to coordinate major issues in international cybersecurity standardization); and
- Forge international partnerships to facilitate coordination with partner nations. The administration expects to update the plan annually.
On July 10, the European Commission adopted an adequacy decision as part of the EU-U.S. Data Privacy Framework, concluding that the U.S. “ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to U.S. companies under the new framework.” In the announcement, European Commission President Ursula von der Leyen stated that the “new EU-US Data Privacy Framework will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic.” She explained that with the new adequacy decision, personal data can now be transferred securely from the EU to U.S. companies participating in the framework without having to implement additional data protection safeguards. The framework will be administered by the Department of Commerce. Compliance by U.S. companies with their obligations under the framework will be enforced by the FTC.
As previously covered by InfoBytes, Presidents von der Leyen and Biden announced in March 2022 that they had reached an agreement in principle on a new transatlantic data flows framework to foster cross-border transfers of personal data from the EU to the U.S. Under the framework, the U.S. agreed to implement reforms and safeguards to “strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities.” The announcement followed negotiations that began after the Court of Justice of the EU issued an opinion in the Schrems II case in July 2020, holding that the EU-U.S. Privacy Shield did not satisfy EU legal requirements.
The DOJ released a statement welcoming the European Commission’s adoption of the adequacy decision and expressing its eagerness to collaborate with the Commission, along with representatives from European data protection authorities, to ensure the ongoing implementation of data privacy safeguards.
On June 30, the U.S. Supreme Court issued a 6-3 decision in Biden v. Nebraska, striking down the Department of Education’s (DOE) student loan debt relief program (announced in August and covered by InfoBytes here) that would have provided between $10,000 and $20,000 in debt cancellation to certain qualifying federal student loan borrowers making under $125,000 a year.
The Biden administration appealed an injunction entered by the U.S. Court of Appeals for the Eighth Circuit that temporarily prohibited the Secretary of Education from discharging any federal loans under the agency’s program. (Covered by InfoBytes here.) Arguing that the universal injunction was overbroad, the administration contended that the six states lack standing because the debt relief plan “does not require respondents to do anything, forbid them from doing anything, or harm them in any other way.” Moreover, the secretary was acting within the bounds of the Higher Education Relief Opportunities for Students Act of 2003 (HEROES Act) when he put together the debt relief plan, the administration claimed.
In considering whether the secretary has authority under the HEROES Act “to depart from the existing provisions of the Education Act and establish a student loan forgiveness program that will cancel about $430 billion in debt principal and affect nearly all borrowers,” the Court majority (opinion delivered by Chief Justice Roberts, in which Justices Thomas, Alito, Gorsuch, Kavanaugh, and Barrett joined) held that at least one state, Missouri, had Article III standing to challenge the program because it would cost the Missouri Higher Education Loan Authority (MOHELA), a nonprofit government corporation created by the state to participate in the student loan market, roughly $44 million a year in fees. “The harm to MOHELA in the performance of its public function is necessarily a direct injury to Missouri itself,” the Court wrote.
The Court also ruled in favor of the respondents on the merits, noting that the text of the HEROES Act does not authorize the secretary’s loan forgiveness plan. While the statute allows the Secretary to “waive or modify” existing statutory or regulatory provisions applicable to student financial assistance programs under the Education Act in connection with a war or other military operation or national emergency, it does not permit the Secretary to rewrite that statute, the Court explained, adding that the “modifications” challenged in this case create a “novel and fundamentally different loan forgiveness program.” As such, the Court concluded that “the HEROES Act provides no authorization for the [s]ecretary’s plan when examined using the ordinary tools of statutory interpretation—let alone ‘clear congressional authorization’ for such a program.”
In dissent, three of the justices argued that the majority’s overreach applies to standing as well as to the merits. The states have no personal stake in the loan forgiveness program, the justices argued, calling them “classic ideological plaintiffs.” While the HEROES Act bounds the secretary’s authority, “within that bounded area, Congress gave discretion to the [s]ecretary” by providing that he “could ‘waive or modify any statutory or regulatory provision’ applying to federal student-loan programs, including provisions relating to loan repayment and forgiveness. And in so doing, he could replace the old provisions with new ‘terms and conditions,”’ the justices wrote, adding that the secretary could provide whatever relief needed that he deemed most appropriate.
The Court also handed down a decision in Department of Education v. Brown, ruling that the Court lacks jurisdiction to address the merits of the case as the respondents lacked Article III standing because they failed to establish that any injury they may have suffered from not having their loans forgiven is fairly traceable to the program. Respondents in this case are individuals whose loans are ineligible for debt forgiveness under the plan. The respondents challenged whether the student debt relief program violated the Administrative Procedure Act’s notice-and-comment rulemaking procedures as they were not given the opportunity to provide feedback. (Covered by InfoBytes here.)
President Biden expressed his disappointment following the rulings, but announced new actions are forthcoming to provide debt relief to student borrowers. (See DOE fact sheet here.) The first is a rulemaking initiative “aimed at opening an alternative path to debt relief for as many working and middle-class borrowers as possible, using the Secretary’s authority under the Higher Education Act.” The administration also announced an income-driven repayment plan—the Saving on a Valuable Education (SAVE) plan—which will, among other things, cut borrowers’ monthly payments in half (from 10 to 5 percent of discretionary income) and forgive loan balances after 10 years of payments rather than 20 years for borrowers with original loan balances of $12,000 or less.
On July 3, President Biden announced his intention to nominate Andrew N. Ferguson and Melissa Holyoak to serve as Republican members of the FTC. Ferguson currently serves as the solicitor general of the Commonwealth of Virginia where he oversees appellate litigation of the state and its agencies. Prior to his time as solicitor general, Ferguson served as chief counsel to U.S. Senate Republican Leader Mitch McConnell, chief counsel for nominations and constitution to then-Judiciary Committee Chairman Lindsey Graham (R-SC), and senior special counsel to then-Judiciary Committee Chairman Chuck Grassley (R-IA). Ferguson also has extensive antitrust experience, including in litigation before the FTC and DOJ.
Holyoak is currently the solicitor general with the Utah Attorney General’s Office where she oversees areas including civil appeals, criminal appeals, constitutional defense, and the antitrust and data privacy divisions. She is an experienced litigator, where much of her 20 years of practice has focused on consumer protection, Biden said. Before joining the Utah Attorney General’s Office, Holyoak was president and general counsel of the Hamilton Lincoln Law Institute, a Washington, D.C.-based public interest firm that represents consumers challenging unfair class actions and regulatory overreach.
Following the announcement, FTC Chair Lina M. Khan issued a statement congratulating the nominees. The two seats have been vacant since former Commissioner Christine Wilson announced her resignation earlier in the year (covered by InfoBytes here).
On June 22, the Biden administration announced that the National Institute of Standards and Technology (NIST) launched a new public working group on generative AI. The Public Working Group on Generative AI will reportedly help NIST develop guidance surrounding the special risks posed by AI in order to help organizations and support initiatives to address the opportunities and challenges associated with generative AI’s creation of code, text, images, videos, and music. “The public working group will draw upon volunteers, with technical experts from the private and public sectors, and will focus on risks related to this class of AI, which is driving fast-paced changes in technologies and marketplace offerings” NIST stated. NIST also outlined the immediate, midterm, and long-term goals for the group. Initially, the working group will research how the NIST AI Risk Management Framework can be used to support AI technology development. The working group’s midterm goal will be to support NIST in testing, evaluation and measurement related to generative AI. In the long term, the group will explore the application of generative AI to address challenges in health, environment, and climate change. NIST encourages those interested in joining the working group to submit a form no later than July 9.
On June 20, the CFPB released a statement announcing it will be “embarking on an inquiry into the data broker industry and issues raised by new technological developments.” The Bureau requested information in March about entities that purchase information from data brokers, the negative impacts of data broker practices, and the issues consumers face when they wish to see or correct their personal information. (Covered by InfoBytes here.) The findings from this inquiry will help the Bureau understand how employees’ personal information can find its way into the data broker market.
With similar intentions, the White House Office of Science and Technology Policy (OSTP) released a request for information (RFI) to learn more about the automated tools employers use to monitor, screen, surveil, and manage their employees. The OSTP blog post cited to an increase in the use of technologies that handle employees’ sensitive information and data. The OSTP also highlighted the Biden administration’s Blueprint for an AI Bill of Rights (covered by InfoBytes here), which underscored the importance of building in protections when developing new technologies and understanding associated risks. Responses to the RFI will be used to “inform new policy responses, share relevant research, data, and findings with the public, and amplify best practices among employers, worker organizations, technology vendors, developers, and others in civil society,” the OSTP said.
The CFPB’s response to the RFI described the agency’s concerns regarding risks to employees’ privacy, noting that it has long received complaints from the public about the lack of transparency and inaccuracies in the employment screening industry. Specifically mentioned are FCRA protections for consumers and guidelines around the sale of personal data. The Bureau also commented that employees may not be at liberty to determine how their information is used, or sold, and have no opportunity for recourse when inaccurately reported information affects their earnings, access to credit, ability to rent a home or buy a car, and more.
On June 8, President Biden presented an agreement in principle to allow for the free flow of data between the U.S. and the UK. Announced as part of the administration’s “Atlantic Declaration for a Twenty-First Century U.S.-UK Economic Partnership,” the “data bridge” would facilitate data flows between the two countries while ensuring strong, effective privacy protections. “The trusted and secure flow of data across our borders is foundational to efforts to further innovation,” the White House said in the announcement. “We are working to finalize our respective assessments swiftly to implement this framework.” A joint statement issued by the UK Secretary of State for Science, Innovation, and Technology, the Rt. Hon. Chloe Smith MP, and U.S. Secretary of Commerce Gina M. Raimondo reiterated the two countries’ commitment to establishing “a data bridge that would restore a robust and reliable mechanism for UK-US data flows.” The data bridge would also help facilitate data transfers to U.S. organizations that rely on other data transfer mechanisms under UK law, the joint statement said.
Meanwhile, the U.S. and the EU are working to finalize the EU-US Data Privacy Framework (covered by InfoBytes here)—a replacement for the EU-U.S. Privacy Shield, which was annulled by the Court of Justice of the EU in 2020 after the court determined that data transferred under the EU-U.S. Privacy Shield would not be subject to the same level of protections prescribed by the EU’s General Data Protection Regulation.