Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 15, the FTC announced its supplemental notice of proposed rulemaking relating to the protection of consumers from impersonation fraud, especially from any impersonations of government entities. The first action from the FTC was a final rule that prohibited the impersonation of government, business, and their officials or agents in interstate commerce. The second action was a notice seeking public comment on a supplemental proposed rulemaking that would revise the first action and add a prohibition on, and penalties for, the impersonation of individuals for entities who provide goods and services (with the knowledge or reason to know that those goods or services will be used in impersonations) that are unlawful. In tandem, these actions sought to prohibit the impersonation of government and business officials.
The FTC notes that these two actions come from “surging complaints” on impersonation fraud, specifically from artificial intelligence-generated deep fakes. The final rule will expand the remedies and provide monetary relief, whereas the FTC stated this rule will provide a “shorter, faster and more efficient path” for injured consumers to recover money. The rule would enable the FTC to seek monetary relief from scammers that use government seals or business logos, spoof government and business emails, and impersonate a government official or falsely imply a business affiliation.
On February 15, the FCC adopted a rule to protect consumers from robocalls and robotexts. According to the rule, robocallers and robotexters must honor do-not-call and consent revocation requests within 10 business days from receipt. In addition, the rule will allow consumers to revoke consent under the TCPA through any unreasonable means and will clarify that the TCPA would not be violated when a one-time text message is sent confirming a consumer’s request that no further text messages be sent if the confirmation text only confirms the opt-out request and does not include marketing information.
The new rule clarified that revocation of consent can be made via automated methods such as interactive voice responses, key press activation on robocalls, responding with “stop” or similar messages to text messages, or using designated website or phone numbers provided by the caller all will constitute reasonable means to revoke consent. If a called party uses any of these designated methods to revoke consent, it will be considered definitively revoked, and future robocalls and robotexts from that caller must cease. The caller cannot claim that the use of such a mechanism by the called party is unreasonable. Any revocation request made through these specified means will be considered “absolute proof” of the called party's reasonable intent to revoke consent. Furthermore, when a consumer uses a method other than those discussed in the rule to revoke consent, “doing so creates a rebuttable presumption that the consumer has revoked consent when the called party satisfies their obligation to produce evidence that such a request has been made, absent evidence to the contrary.”
The Commission also included a notice of proposed rulemaking, seeking comment on “whether the TCPA applies to robocalls and robotexts from wireless providers to their own subscribers and whether consumers should have the ability to revoke consent and stop such communications.” The rule will go into effect 30 days after publication in the Federal Register, except for certain amendments that will not be effective until six months following OMB review.
On October 24, FDIC announced a proposed rule to implement the Fair Hiring in Banking Act (FHB Act). The proposed rule amends 2 C.F.R. part 303, subpart L, and part 308, subpart M. The Federal Deposit Insurance Act (FDI Act) prohibits a person from participating in the affairs of an FDIC-insured institution if he or she has been convicted of an offense involving dishonesty, breach of trust, or money laundering, or has entered a pretrial diversion or similar program in connection with a prosecution for such an offense, without the prior written consent of the FDIC, among other provisions. The proposed rule would incorporate several statutory changes to the FDI Act, such as:
- Excluding certain offenses from the scope of the FHB Act based on the amount of time that has passed since the offense occurred or since the individual was released from incarceration;
- Clarifying that the FHB Act does not apply to the following offenses, if one year or more has passed since the applicable conviction or program entry: using fake identification, shoplifting, trespassing, fare evasion, and driving with an expired license or tag;
- Excluding certain offenses from the definition of “criminal offenses involving dishonesty,” including “an offense involving the possession of controlled substances”;
- Excluding certain convictions from the scope of the FHB Act that have been expunged, sealed, or dismissed. While existing FDIC regulations already exclude most of those offenses, the proposed rule would modestly broaden the statutory language concerning such offenses to harmonize the FDIC’s current regulations concerning expunged and sealed records with the statutory language; and
- Prescribing standards for the FDIC’s review of applications submitted under the FHB Act.
The proposed rule also provides interpretive language that addresses, among other topics, when an offense “occurs” under the FHB Act, whether otherwise-covered offenses that occurred in foreign jurisdictions are covered by the FDI Act, and offenses that involve controlled substances.
Comments will be accepted for 60 days after publication in the Federal Register.
On October 24, Assistant Secretary for Financial Institutions at the U.S. Department of Treasury Graham Steele delivered remarks at the Gov2Gov Summit to discuss the benefits and risks of artificial intelligence (AI) and machine learning (ML) in the financial services sector.
First, Assistant Secretary Steele discussed the role of cloud computing and cloud service providers (CSPs) in supporting financial institutions’ work, following the Department’s release of a February report which discussed the financial sector’s adoption of cloud services. Assistant Secretary Steele indicated, among other things, that while cloud services can offer more scalable and flexible solutions for financial services institutions to store and manage their data, financial institutions have struggled to understand clearly and implement the cloud services they are purchasing from large, market-dominating CSPs. Assistant Secretary Steele stated that the Department is working toward a model that will allow financial institutions to “unbundle” cloud service packages so that financial institutions can provide more individualized services.
Next, Assistant Secretary Steele discussed the potential advantages and disadvantages of the use of AI among financial institutions, which use AI for tasks including credit underwriting, fraud prevention, and document review. Among the benefits AI offers to financial institutions are reduced costs, improved performance, and the identification of complex relationships. The risks of AI, according to Assistant Secretary Steele, fall into three categories: (i) the design of AI, which can raise discrimination concerns, such as in consumer lending; (ii) how humans implement AI, including the possible overreliance on AI to render financial decisions; and (iii) operational and cyber risks, including the dangers around data quality and security, as AI consumes significant volumes of data.
Last, Assistant Secretary Steele discussed how policymakers are addressing privacy and discrimination concerns with AI. He mentioned the White House’s Blueprint for an AI Bill of Rights, which would require, among other things, regular assessment of algorithms for certain disparities and biases. Assistant Secretary Steele also cited regulatory actions that can address the risks of AI, including a CFPB rulemaking under the FCRA and Federal banking agency guidance on third party risk management.