Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Biden administration, HUD tackle rental-housing fees

    Federal Issues

    On July 19, the White House released a Fact Sheet announcing that the Biden-Harris administration is cracking down on junk fees in rental housing to lower costs for renters. The administration explained how rental housing fees can be burdensome for renters, with application fees often exceeding the actual cost of background checks, accumulating to hundreds of dollars as prospective renters apply for multiple units. Additionally, mandatory fees, such as convenience fees for online rent payment, mail sorting, trash collection, and obscure charges like "January fees," further strain renters' finances and hinder comparison shopping, as the true cost of renting may be higher than expected or affordable, the announcement states. The Fact Sheet outlines the president’s steps for taking action: (i) major rental housing platforms will disclose total upfront costs in addition to the advertised rent; (ii) legislative efforts to regulate rental housing fees and safeguard consumer interests are underway in several states; and (iii) HUD presented new research outlining a blueprint for a nationwide initiative to tackle rental housing fees. HUD’s new research presents an extensive review of rental fees, emphasizing strategies adopted by state, local, and private sectors to promote transparency and equity in the rental market. These strategies encompass measures like capping or abolishing rental application fees, enabling renters to submit their own screening reports, utilizing a single application fee for multiple applications, and ensuring clear disclosure of total move-in and monthly rent costs. HUD's research serves as a guide for local authorities and landlords alike to enhance conditions for renters.

    Federal Issues Biden HUD Junk Fees Affordable Housing Consumer Finance

  • Biden administration releases roadmap for National Cybersecurity Strategy

    Privacy, Cyber Risk & Data Security

    On July 13, the Biden administration published the National Cybersecurity Strategy Implementation Plan (NCSIP), outlining a roadmap for carrying out the administration’s National Cybersecurity Strategy. The strategy was released earlier this year to introduce several key pillars for countering threats to the digital ecosystem and improving the nation’s digital security (covered by InfoBytes here). Designed to build and enhance collaboration, the NCSIP identifies 65 federal initiatives assigned to various agencies with timelines for completion. According to the announcement, 18 agencies are spearheading initiatives in this “whole-of-government” plan, which also factors in “continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments.”

    Pillars include measures to:

    • Defend critical infrastructure (the Cybersecurity and Infrastructure Security Agency will implement measures to update the National Cyber Incident Response Plan to, among other things, provide clear guidance to external partners on the roles and capabilities of federal agencies in incident response and recovery);
    • Disrupt and dismantle threat actors (including focusing on virtual asset providers that enable the laundering of ransomware proceeds);
    • Shape market forces and drive security and resilience;
    • Invest in a resilient future (the National Institute of Standards and Technology will convene an interagency working group to coordinate major issues in international cybersecurity standardization); and
    • Forge international partnerships to facilitate coordination with partner nations. The administration expects to update the plan annually.

    Privacy, Cyber Risk & Data Security Federal Issues Fintech Biden Of Interest to Non-US Persons

  • European Commission approves transatlantic data-transfer framework

    Privacy, Cyber Risk & Data Security

    On July 10, the European Commission adopted an adequacy decision as part of the EU-U.S. Data Privacy Framework, concluding that the U.S. “ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to U.S. companies under the new framework.” In the announcement, European Commission President Ursula von der Leyen stated that the “new EU-US Data Privacy Framework will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic.” She explained that with the new adequacy decision, personal data can now be transferred securely from the EU to U.S. companies participating in the framework without having to implement additional data protection safeguards. The framework will be administered by the Department of Commerce. Compliance by U.S. companies with their obligations under the framework will be enforced by the FTC.

    As previously covered by InfoBytes, Presidents von der Leyen and Biden announced in March 2022 that they had reached an agreement in principle on a new transatlantic data flows framework to foster cross-border transfers of personal data from the EU to the U.S. Under the framework, the U.S. agreed to implement reforms and safeguards to “strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities.” The announcement followed negotiations that began after the Court of Justice of the EU issued an opinion in the Schrems II case in July 2020, holding that the EU-U.S. Privacy Shield did not satisfy EU legal requirements.

    The DOJ released a statement welcoming the European Commission’s adoption of the adequacy decision and expressing its eagerness to collaborate with the Commission, along with representatives from European data protection authorities, to ensure the ongoing implementation of data privacy safeguards.

    Privacy, Cyber Risk & Data Security Federal Issues Of Interest to Non-US Persons EU Consumer Protection Biden EU-US Data Privacy Framework Department of Commerce FTC

  • Supreme Court blocks student debt relief program


    On June 30, the U.S. Supreme Court issued a 6-3 decision in Biden v. Nebraska, striking down the Department of Education’s (DOE) student loan debt relief program (announced in August and covered by InfoBytes here) that would have provided between $10,000 and $20,000 in debt cancellation to certain qualifying federal student loan borrowers making under $125,000 a year.

    The Biden administration appealed an injunction entered by the U.S. Court of Appeals for the Eighth Circuit that temporarily prohibited the Secretary of Education from discharging any federal loans under the agency’s program. (Covered by InfoBytes here.) Arguing that the universal injunction was overbroad, the administration contended that the six states lack standing because the debt relief plan “does not require respondents to do anything, forbid them from doing anything, or harm them in any other way.” Moreover, the secretary was acting within the bounds of the Higher Education Relief Opportunities for Students Act of 2003 (HEROES Act) when he put together the debt relief plan, the administration claimed.

    In considering whether the secretary has authority under the HEROES Act “to depart from the existing provisions of the Education Act and establish a student loan forgiveness program that will cancel about $430 billion in debt principal and affect nearly all borrowers,” the Court majority (opinion delivered by Chief Justice Roberts, in which Justices Thomas, Alito, Gorsuch, Kavanaugh, and Barrett joined) held that at least one state, Missouri, had Article III standing to challenge the program because it would cost the Missouri Higher Education Loan Authority (MOHELA), a nonprofit government corporation created by the state to participate in the student loan market, roughly $44 million a year in fees. “The harm to MOHELA in the performance of its public function is necessarily a direct injury to Missouri itself,” the Court wrote.

    The Court also ruled in favor of the respondents on the merits, noting that the text of the HEROES Act does not authorize the secretary’s loan forgiveness plan. While the statute allows the Secretary to “waive or modify” existing statutory or regulatory provisions applicable to student financial assistance programs under the Education Act in connection with a war or other military operation or national emergency, it does not permit the Secretary to rewrite that statute, the Court explained, adding that the “modifications” challenged in this case create a “novel and fundamentally different loan forgiveness program.” As such, the Court concluded that “the HEROES Act provides no authorization for the [s]ecretary’s plan when examined using the ordinary tools of statutory interpretation—let alone ‘clear congressional authorization’ for such a program.”

    In dissent, three of the justices argued that the majority’s overreach applies to standing as well as to the merits. The states have no personal stake in the loan forgiveness program, the justices argued, calling them “classic ideological plaintiffs.” While the HEROES Act bounds the secretary’s authority, “within that bounded area, Congress gave discretion to the [s]ecretary” by providing that he “could ‘waive or modify any statutory or regulatory provision’ applying to federal student-loan programs, including provisions relating to loan repayment and forgiveness. And in so doing, he could replace the old provisions with new ‘terms and conditions,”’ the justices wrote, adding that the secretary could provide whatever relief needed that he deemed most appropriate.

    The Court also handed down a decision in Department of Education v. Brown, ruling that the Court lacks jurisdiction to address the merits of the case as the respondents lacked Article III standing because they failed to establish that any injury they may have suffered from not having their loans forgiven is fairly traceable to the program. Respondents in this case are individuals whose loans are ineligible for debt forgiveness under the plan. The respondents challenged whether the student debt relief program violated the Administrative Procedure Act’s notice-and-comment rulemaking procedures as they were not given the opportunity to provide feedback. (Covered by InfoBytes here.)

    President Biden expressed his disappointment following the rulings, but announced new actions are forthcoming to provide debt relief to student borrowers. (See DOE fact sheet here.) The first is a rulemaking initiative “aimed at opening an alternative path to debt relief for as many working and middle-class borrowers as possible, using the Secretary’s authority under the Higher Education Act.” The administration also announced an income-driven repayment plan—the Saving on a Valuable Education (SAVE) plan—which will, among other things, cut borrowers’ monthly payments in half (from 10 to 5 percent of discretionary income) and forgive loan balances after 10 years of payments rather than 20 years for borrowers with original loan balances of $12,000 or less.

    Courts Federal Issues State Issues U.S. Supreme Court Biden Consumer Finance Student Lending Debt Relief Department of Education HEROES Act Administrative Procedure Act Appellate Eighth Circuit

  • Biden announces FTC nominees

    Federal Issues

    On July 3, President Biden announced his intention to nominate Andrew N. Ferguson and Melissa Holyoak to serve as Republican members of the FTC. Ferguson currently serves as the solicitor general of the Commonwealth of Virginia where he oversees appellate litigation of the state and its agencies. Prior to his time as solicitor general, Ferguson served as chief counsel to U.S. Senate Republican Leader Mitch McConnell, chief counsel for nominations and constitution to then-Judiciary Committee Chairman Lindsey Graham (R-SC), and senior special counsel to then-Judiciary Committee Chairman Chuck Grassley (R-IA). Ferguson also has extensive antitrust experience, including in litigation before the FTC and DOJ.

    Holyoak is currently the solicitor general with the Utah Attorney General’s Office where she oversees areas including civil appeals, criminal appeals, constitutional defense, and the antitrust and data privacy divisions. She is an experienced litigator, where much of her 20 years of practice has focused on consumer protection, Biden said. Before joining the Utah Attorney General’s Office, Holyoak was president and general counsel of the Hamilton Lincoln Law Institute, a Washington, D.C.-based public interest firm that represents consumers challenging unfair class actions and regulatory overreach.

    Following the announcement, FTC Chair Lina M. Khan issued a statement congratulating the nominees. The two seats have been vacant since former Commissioner Christine Wilson announced her resignation earlier in the year (covered by InfoBytes here).

    Federal Issues Biden FTC

  • Biden administration launches NIST working group on AI

    Federal Issues

    On June 22, the Biden administration announced that the National Institute of Standards and Technology (NIST) launched a new public working group on generative AI. The Public Working Group on Generative AI will reportedly help NIST develop guidance surrounding the special risks posed by AI in order to help organizations and support initiatives to address the opportunities and challenges associated with generative AI’s creation of code, text, images, videos, and music. “The public working group will draw upon volunteers, with technical experts from the private and public sectors, and will focus on risks related to this class of AI, which is driving fast-paced changes in technologies and marketplace offerings” NIST stated. NIST also outlined the immediate, midterm, and long-term goals for the group. Initially, the working group will research how the NIST AI Risk Management Framework can be used to support AI technology development. The working group’s midterm goal will be to support NIST in testing, evaluation and measurement related to generative AI. In the long term, the group will explore the application of generative AI to address challenges in health, environment, and climate change. NIST encourages those interested in joining the working group to submit a form no later than July 9.

    Federal Issues Biden Artificial Intelligence NIST Risk Management

  • CFPB looking at privacy implications of worker surveillance

    Agency Rule-Making & Guidance

    On June 20, the CFPB released a statement announcing it will be “embarking on an inquiry into the data broker industry and issues raised by new technological developments.” The Bureau requested information in March about entities that purchase information from data brokers, the negative impacts of data broker practices, and the issues consumers face when they wish to see or correct their personal information. (Covered by InfoBytes here.) The findings from this inquiry will help the Bureau understand how employees’ personal information can find its way into the data broker market.

    With similar intentions, the White House Office of Science and Technology Policy (OSTP) released a request for information (RFI) to learn more about the automated tools employers use to monitor, screen, surveil, and manage their employees. The OSTP blog post cited to an increase in the use of technologies that handle employees’ sensitive information and data. The OSTP also highlighted the Biden administration’s Blueprint for an AI Bill of Rights (covered by InfoBytes here), which underscored the importance of building in protections when developing new technologies and understanding associated risks. Responses to the RFI will be used to “inform new policy responses, share relevant research, data, and findings with the public, and amplify best practices among employers, worker organizations, technology vendors, developers, and others in civil society,” the OSTP said.

    The CFPB’s response to the RFI described the agency’s concerns regarding risks to employees’ privacy, noting that it has long received complaints from the public about the lack of transparency and inaccuracies in the employment screening industry. Specifically mentioned are FCRA protections for consumers and guidelines around the sale of personal data. The Bureau also commented that employees may not be at liberty to determine how their information is used, or sold, and have no opportunity for recourse when inaccurately reported information affects their earnings, access to credit, ability to rent a home or buy a car, and more.

    Agency Rule-Making & Guidance Federal Issues Privacy, Cyber Risk & Data Security CFPB Consumer Finance Consumer Protection Privacy Data Brokers Biden FCRA

  • U.S., UK enter agreement in principle on data flow

    Privacy, Cyber Risk & Data Security

    On June 8, President Biden presented an agreement in principle to allow for the free flow of data between the U.S. and the UK. Announced as part of the administration’s “Atlantic Declaration for a Twenty-First Century U.S.-UK Economic Partnership,” the “data bridge” would facilitate data flows between the two countries while ensuring strong, effective privacy protections. “​​The trusted and secure flow of data across our borders is foundational to efforts to further innovation,” the White House said in the announcement. “We are working to finalize our respective assessments swiftly to implement this framework.” A joint statement issued by the UK Secretary of State for Science, Innovation, and Technology, the Rt. Hon. Chloe Smith MP, and U.S. Secretary of Commerce Gina M. Raimondo reiterated the two countries’ commitment to establishing “a data bridge that would restore a robust and reliable mechanism for UK-US data flows.” The data bridge would also help facilitate data transfers to U.S. organizations that rely on other data transfer mechanisms under UK law, the joint statement said.

    Meanwhile, the U.S. and the EU are working to finalize the EU-US Data Privacy Framework (covered by InfoBytes here)—a replacement for the EU-U.S. Privacy Shield, which was annulled by the Court of Justice of the EU in 2020 after the court determined that data transferred under the EU-U.S. Privacy Shield would not be subject to the same level of protections prescribed by the EU’s General Data Protection Regulation.

    Privacy, Cyber Risk & Data Security Of Interest to Non-US Persons EU UK Biden GDPR EU-US Data Privacy Framework

  • OFAC announces new Sudan E.O., issues and amends several sanctions general licenses and FAQs

    Financial Crimes

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several sanctions-related actions, including President Biden’s new Executive Order (E.O.) Imposing Sanctions on Certain Persons Destabilizing Sudan and Undermining the Goal of a Democratic Transition. The E.O. expands the scope of a 2006 Executive Order following the determination that recent events in Sudan “constitute[] an unusual and extraordinary threat to the national security and foreign policy of the United States.” The E.O. outlines specific prohibitions and provides that all property and interests in property that are in the U.S. or that later come in the U.S., or that are in the possession or control of any of the identified U.S. persons must be blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in. Concurrently, OFAC issued a new FAQ clarifying which sanctions authorities are applicable to Sudan and the Sudanese government.

    OFAC also issued Venezuela-related General License (GL) 42, which authorizes certain transactions related to the negotiation of settlement agreements with the IV Venezuelan National Assembly and certain other entities. The authorized transactions must relate to debt owed by the Venezuelan government, Petróleos de Venezuela, S.A., or any entity owned, directly or indirectly, 50 percent or more. GL 42 does not authorizes transactions involving the Venezuelan National Constituent Assembly convened by Nicolas Maduro or the National Assembly seated on January 5, 2021. OFAC also released three new related FAQs and one amended FAQ.

    Additionally, OFAC released cyber-related GL 1C, which authorizes certain transactions with Russia’s Federal Security Service that would normally be prohibited by the Weapons of Mass Destruction Proliferators Sanctions Regulations, and issued three amended cyber-related FAQs. A few days later, OFAC issued Russia-related GL 8G, which authorizes certain transactions related to energy that would otherwise be prohibited by E.O. 14024, involving certain entities, including Russia’s central bank. OFAC clarified that GL 8G does not authorize prohibited transactions related to (i) certain sovereign debt of the Russian Federation; (ii) the “opening or maintaining of a correspondent account or payable-through account for or on behalf of any entity subject to Directive 2 under E.O. 14024, Prohibitions Related to Correspondent or Payable-Through Accounts and Processing of Transactions Involving Certain Foreign Financial Institutions”; and (iii) or “[a]ny debit to an account on the books of a U.S. financial institution of the Central Bank of the Russian Federation,” among others.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Biden Sudan Venezuela Russia

  • Biden administration questions crypto assets

    Federal Issues

    President Biden recently issued his sweeping economic report, in which the administration’s Council of Economic Advisers addressed numerous economic policy concerns, including the current crypto ecosystem and the perceived appeal of crypto assets. The report discussed claims made about the purported benefits of crypto assets, such as the decentralized custody and control of money, as well as the potential for “improving payment systems, increasing financial inclusion, and creating mechanisms for the distribution of intellectual property and financial value that bypass intermediaries that extract value from both the provider and recipient,” but argued that “[s]o far, crypto assets have brought none of these benefits.” The report countered that, in fact, “crypto assets to date do not appear to offer investments with any fundamental value, nor do they act as an effective alternative to fiat money, improve financial inclusion, or make payments more efficient; instead, their innovation has been mostly about creating artificial scarcity in order to support crypto assets’ prices—and many of them have no fundamental value.”

    Arguing that these issues raise questions about the role of regulations in protecting consumers, investors, and the financial system on a whole, the report conceded that some of the potential benefits of crypto assets —including (i) serving as investment vehicles; (ii) offering money-like functions without having to rely on a single authority; (iii) enabling fast digital payments; (iv) improving the underbanked population’s access to financial services; and (v) improving the current financial technology infrastructure through distributed ledger technology—may be realized down the road.  However, the report cautioned that “[m]any prominent technologists have noted that distributed ledgers are either not particularly novel or useful or they are being used in applications where existing alternatives are far superior.” Highlighting the risks and costs of crypto assets, the report asserted, among other things, that cryptocurrencies are not as effective as a medium of exchange and do not serve “as an effective alternative to the U.S. dollar” due to their use as both money and an investment vehicle.

    Federal Issues Digital Assets Biden Cryptocurrency Fintech


Upcoming Events