Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Treasury recommends closer supervision of fintech-bank partnerships


    On November 16, the U.S. Treasury Department, in consultation with the White House Competition Council, released a report entitled Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets. The report is a product of President Biden’s July 2021 Executive Order, Promoting Competition in the American Economy, (covered by InfoBytes here), which, among other things, ordered Treasury to submit a report within 270 days on the effects on competition of large technology and other non-bank companies’ entry into the financial services space. Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets is the final report in a series of reports that assesses competition in various aspects of the economy. Among other things, the report found that while concentration among federally insured banks is increasing, new entrant non-bank firms, specifically “fintech” firms, are adding significantly to the number of firms and business models competing in consumer finance markets and appear to be contributing to competitive pressure. In addition to enabling new capabilities, fintech firms are also creating new risks to consumer protection and market integrity, according to the report. The report noted that non-bank firms could “pose risks by engaging in harmful regulatory arbitrage, conducting activities in a manner that inappropriately sidesteps safety and soundness and consumer protection law requirements applicable to an [insured depository institution].”

    The report also noted that new entrant non-bank firms or their offerings may pose risks of reliability or fraud issues, in addition to data privacy risks and the potential for new forms of surveillance and discrimination. The report provided recommendations for regulators to encourage fair and responsible competition that benefits consumers and their financial well-being, including: (i) addressing market integrity and safety and soundness concerns by providing a clear and consistently applied supervisory framework for bank-fintech relationships; (ii) protecting consumers by robustly supervising bank-fintech lending relationships for compliance with consumer protection laws and their impact on consumers’ financial well-being; and (iii) encouraging consumer-beneficial innovation by supporting innovations in consumer credit underwriting designed to increase credit visibility, reduce bias, and prudently expand credit to underserved consumers.

    Fintech Federal Issues Biden Nonbank Supervision

  • Biden nominates Gruenberg for FDIC chair

    On November 14, President Biden announced his intention to nominate Martin Gruenberg to serve as chair and member of the FDIC Board of Directors. Following the resignation of the FDIC’s former chair, Jelena McWilliams (covered by InfoBytes here), Gruenberg has been acting chairman. Since joining the FDIC Board of Directors in 2005, Gruenberg has served as vice chairman, chairman, and acting chairman. Prior to joining the FDIC, Gruenberg served on the staff of the Senate Banking Housing and Urban Affairs Committee as Senior Counsel of the full Committee, and as staff director of the Subcommittee on International Finance and Monetary Policy.

    CSBS President and CEO James M. Cooper issued a statement following the announcement: “Today’s announcement from the White House means that none of the nominees to the FDIC Board will meet the requirement for state bank supervisory experience. This requirement is not only the law but also a great benefit for consumers and the banking sector when the dual-banking system is fully represented on the FDIC Board. We encourage Senators, in their role in the confirmation process, to ask nominees how they will work with state bank regulators to benefit from their experience sitting closer to citizens and local economies.” 

    Bank Regulatory Federal Issues CSBS State Issues FDIC Biden

  • CISA releases new cybersecurity performance goals

    Privacy, Cyber Risk & Data Security

    Recently, the Cybersecurity and Infrastructure Security Agency (CISA) released a new report outlining baseline cross-sector cybersecurity performance goals (CPGs) for all critical infrastructure sectors. The report follows a July 2021 national security memorandum issued by President Biden, which required CISA to coordinate with the National Institute of Standards and Technology (NIST) and the interagency community to create fundamental cybersecurity practices for critical infrastructure, primarily to help small- and medium-sized organizations improve their cybersecurity efforts. The CPGs were informed by existing cybersecurity frameworks and guidance, as well as real-world threats and adversary tactics, techniques, and procedures observed by the agency and its partners. CISA noted in the report that the CPGs are not comprehensive but instead “represent a minimum baseline of cybersecurity practices with known risk-reduction value broadly applicable across all sectors, and will be followed by sector-specific goals that dive deeper into the unique constraints, threats, and maturity of each sector where applicable.” Organizations may choose to voluntarily adopt the CPGs in conjunction with broader frameworks like the NIST Cybersecurity Framework. “The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques,” CISA said in its announcement.

    Privacy, Cyber Risk & Data Security Agency Rule-Making & Guidance Federal Issues CISA NIST Biden Critical Infrastructure

  • CFPB issues guidance on “junk fees”

    Federal Issues

    On October 26, President Biden discussed guidance issued by the CFPB to help banks avoid charging illegal “junk fees” on deposit accounts. The Bureau’s Circular 2022-06 noted that overdraft fees can be considered an “unfair” practice and violate the Consumer Financial Protection Act (CFPA) even if such fees are in compliance with other laws and regulations. Specifically, the Circular noted that “overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair.” The guidance further stated that unanticipated overdraft fees are likely to impose substantial injury on consumers that they cannot reasonably avoid and that are not outweighed by countervailing benefits to consumers or competition. The Bureau’s compliance bulletin on surprise depositor fees explained that a returned deposited item is a check that a consumer deposits into their checking account that is returned to the consumer because the check could not be processed against the check originator’s account. The bulletin stated that “blanket policies of charging returned deposited item fees to consumers for all returned transactions irrespective of the circumstances or patterns of behavior on the account are likely unfair under the [CFPA].” The Bureau further explained that indiscriminately charging depositor fees, regardless of circumstances, are likely illegal and noted that the bulletin is intended to put regulated entities on notice regarding how the agency plans to exercise its enforcement and supervisory authorities in the context of deposit fees. The bulletin urged financial institutions to charge depositor fees only in situations where a depositor could have avoided the fee, such as when a depositor repeatedly deposits bad checks from the same originator. The Bureau emphasized the guidance as part of its Junk Fee Initiative, noting that since it launched the initiative in January 2022, the CFPB has taken action to constrain “pay-to-pay” fees (covered by InfoBytes here), and has announced an advance notice of proposed rulemaking soliciting information from credit card issuers, consumer groups, and the public regarding late payments, credit card late fees, and card issuers’ revenue and expenses (covered by InfoBytes here). 

    Federal Issues Agency Rule-Making & Guidance CFPB Consumer Finance Biden Overdraft Junk Fees CFPA

  • 8th Circuit temporarily pauses Biden’s student debt relief plan


    On October 21, the U.S. Court of Appeals for the Eighth Circuit issued an order granting an emergency motion filed by state attorneys general from Nebraska, Missouri, Arkansas, Iowa, Kansas, and South Carolina to temporarily prohibit the Biden administration from discharging any federal loans under its student debt relief plan (announced in August and covered by InfoBytes here). The states’ motion requested an administrative stay prohibiting President Biden from discharging any student loan debt under the cancellation plan until the appellate court issues a decision on the states’ motion for an injunction pending an appeal. The order follows an October 20 ruling issued by the U.S. District Court for the Eastern District of Missouri, which dismissed the states’ action for lack of Article III standing after concluding that the states—which attempted “to assert a threat of imminent harm in the form of lost tax revenue in the future”— failed to establish imminent and non-speculative harm sufficient to confer standing. “It should be emphasized that ‘standing in no way depends upon the merits of the Plaintiff[s’] contention that the particular conduct is illegal,’” the district court said. “While Plaintiffs present important and significant challenges to the debt relief plan, the current Plaintiffs are unable to proceed to the resolution of these challenges.” The 8th Circuit ordered an expedited briefing schedule on the states’ motion for an injunction pending appeal, which required both parties to file responses the same week the order was issued.

    Courts Appellate Eighth Circuit Student Lending Biden Department of Education Debt Relief Consumer Finance

  • OFAC sanctions Nicaraguan mining authority; Biden issues new E.O. expanding Treasury’s authority to hold Nicaraguan regime accountable

    Financial Crimes

    On October 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13851 against the Nicaraguan mining authority General Directorate of Mines and a Government of Nicaragua official. OFAC stated that the mining authority is “being designated for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly,” the Nicaraguan Minister of Energy and Mines whose property and interests in property were blocked in 2021. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons in the U.S. are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more in the aggregate by one or more of such persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license.

    The same day, President Biden signed a new E.O., Taking Additional Steps to Address the National Emergency With Respect to the Situation in Nicaragua, to amend E.O. 13851 and, according to the announcement, expand Treasury’s “authority to hold the Ortega-Murillo regime accountable for its continued attacks on Nicaraguans’ freedom of expression and assembly.” The new E.O. grants Treasury authority to target certain persons operating or that have operated in Nicaragua’s gold sector, as well as other sectors identified by Treasury in consultation with the State Department. According to OFAC’s announcement, the E.O. “provides expanded sanctions authorities that could be used to prohibit new U.S. investment in certain identified sectors in Nicaragua, the importation of certain products of Nicaraguan origin into the United States, or the exportation, from the United States, or by a United States person, wherever located, of certain items to Nicaragua.” In conjunction with the E.O., OFAC issued Nicaragua-related General License 4, which authorizes the wind down of transactions involving the Directorate General of Mines of the Nicaraguan Ministry of Energy and Mines that are otherwise normally prohibited by the Nicaragua Sanctions Regulations, and issued one related frequently asked question regarding that General License.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Biden Nicaragua

  • Biden authorizes borrowers to separate joint consolidation loans

    Federal Issues

    On October 11, President Biden signed S. 1098, which amends the Higher Education Act of 1965 to authorize borrowers to separate joint consolidation loans. According to the bill, borrowers are permitted to split up federally guaranteed student loans held by private lenders into two new federal direct loans. The bill is effective immediately.

    Federal Issues Federal Legislation Student Lending Biden Consumer Finance

  • Biden outlines aggressive approach for strengthening U.S. cybersecurity

    Privacy, Cyber Risk & Data Security

    On October 11, President Biden outlined actions for strengthening and safeguarding the nation’s cybersecurity. In addition to stressing the importance of improving cybersecurity and resilience measures for critical infrastructure owners and operators, the Biden administration outlined additional priorities that focus on (i) strengthening the federal government’s cybersecurity requirements; (ii) countering ransomware attacks, including by making it more difficult for criminals to move illicit money; (iii) collaborating with allies and partners to build collective cybersecurity, develop coordinated responses, and develop cyber deterrence; (iv) imposing costs on and sanctioning malicious cyber actors; (v) implementing internationally-accepted cyber “rules of the road”; (vi) strengthening cyber-education efforts; (vii) developing quantum-resistant encryption algorithms to protect privacy in digital systems such as online banking; and (viii) establishing research centers and workforce development programs under the National Quantum Initiative to protect investments, companies, and intellectual property and prevent harm as technology in this space continues to develop.

    Privacy, Cyber Risk & Data Security Federal Issues Biden Ransomware Of Interest to Non-US Persons

  • Biden issues executive order on EU-U.S. privacy shield replacement

    Privacy, Cyber Risk & Data Security

    On October 7, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) to address the facilitation of transatlantic data flows between the EU and the U.S. The E.O. outlines commitments the U.S. will take under the EU-U.S. Data Privacy Framework, which was announced in March as a replacement for the invalidated EU-U.S. Privacy Shield. As previously covered by InfoBytes, the Court of Justice of the EU (CJEU) issued an opinion in the Schrems II case (Case C-311/18) in July 2020, holding that the EU-U.S. Privacy Shield did not satisfy EU legal requirements. In annulling the EU-U.S. Privacy Shield, the CJEU determined that because the requirements of U.S. national security, public interest, and law enforcement have “primacy” over the data protection principles of the EU-U.S. Privacy Shield, the data transferred under the EU-U.S. Privacy Shield would not be subject to the same level of protections prescribed by the GDPR.

    Among other things, the E.O. bolsters privacy and civil liberty safeguards for U.S. signals intelligence-gathering activities, and establishes an “independent and binding mechanism” to enable “qualifying states and regional economic integration organizations, as designated under the E.O., to seek redress if they believe their personal data was collected through U.S. signals intelligence in a manner that violated applicable U.S. law.” Specifically, the E.O. (i) creates further safeguards for how the U.S. signals intelligence community conducts data transfers; (ii) establishes requirements for handling personal information collected through signals intelligence activities and “extends the responsibilities of legal, oversight, and compliance officials to ensure that appropriate actions are taken to remediate incidents of non-compliance”; (iii) requires the U.S. signals intelligence community to make sure policies and procedures reflect the E.O.’s new privacy and civil liberty safeguards; (iv) establishes a multi-layer review and redress mechanism, under which the Civil Liberties Protection Officer in the Office of the Director of National Intelligence (CLPO) is granted the authority to investigate complaints of improper collection and handling of personal data and may issue binding decisions on whether improper conduct occurred and what the appropriate remediation should be; (v) directs the U.S. attorney general to establish a Data Protection Review Court (DPRC) to independently review CLPO decisions, thereby serving as the second level of the E.O.’s redress mechanism (see DOJ announcement here); and (vi) calls on the Privacy and Civil Liberties Oversight Board to review U.S. signals intelligence community policies and procedures to ensure they are consistent with the E.O.

    Privacy, Cyber Risk & Data Security Federal Issues Biden EU Consumer Protection EU-US Privacy Shield Of Interest to Non-US Persons GDPR EU-US Data Privacy Framework

  • White House proposes AI “Bill of Rights”

    Federal Issues

    Recently, the Biden administration’s Office of Science and Technology Policy released a Blueprint for an AI Bill of Rights. The blueprint’s proposed framework identifies five principles for guiding the design, use, and deployment of automated systems to protect the public as the use of artificial intelligence grows. The principles center around topics related to stronger safety measures, such as (i) ensuring systems are safe and effective; (ii) implementing proactive protections against algorithmic discrimination; (iii) incorporating built-in privacy protections, including providing the public control over how data is used and ensuring that the data collection meets reasonable expectations and is necessary for the specific context in which it is being collected; (iv) providing notice and explanation as to how an automated system is being used, as well as the resulting outcomes; and (v) ensuring the public is able to opt out from automated systems in favor of a human alternative and has access to a person who can quickly help remedy problems. According to the announcement, the proposed framework’s principles should be incorporated into policies governing systems with “the potential to meaningfully impact” an individual or community’s rights or access to resources and services related to education, housing, credit, employment, health care, government benefits, and financial services, among others.

    Federal Issues Privacy, Cyber Risk & Data Security Biden Artificial Intelligence Fintech


Upcoming Events