Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Special Alert: House subcommittee hears testimony on privacy bill

    Privacy, Cyber Risk & Data Security

    The House Subcommittee on Consumer Protection and Commerce held a June 14 hearing, “Protecting America’s Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security,” to listen to testimony from consumer advocates and industry representatives on the recently proposed American Data Privacy and Protection Act (ADPPA).

    The bipartisan initiative faces new headwinds following June 22 remarks by Senate Commerce Chair Maria Cantwell (D-WA), who cited “major enforcement holes” in the legislation on preemption issues — but expressed hope that the sponsors could offer revisions. 

    Privacy/Cyber Risk & Data Security Federal Issues Special Alerts Federal Legislation Consumer Protection FTC House Subcommittee on Consumer Protection and Commerce

    Share page with AddThis
  • Special Alert: DOJ settles claims of algorithmic bias

    Federal Issues

    On June 21,  the United States Department of Justice announced that it had secured a “groundbreaking” settlement resolving claims brought against a large social media platform for allegedly engaging in discriminatory advertising in violation of the Fair Housing Act. The settlement is one of the first significant federal actions involving claims of algorithmic bias and may indicate the complexity of applying “disparate impact” analysis under the anti-discrimination laws to complex algorithms in this area of increasingly intense regulatory focus.

    Federal Issues DOJ Special Alerts Fair Housing Act Algorithms Advertisement Enforcement Settlement Disparate Impact Discrimination

    Share page with AddThis
  • Special Alert: Congress releases draft privacy bill

    Federal Issues

    A comprehensive federal privacy law drew one step closer to reality earlier this month when a bipartisan group of representatives and senators released a draft of the proposed American Data Privacy and Protection Act.

    Passage of the ADPPA, which combines elements of prior proposals in an effort to reach a legislative compromise, is still far from assured. But it represents a meaningful starting point for further discussions, and is already shaping the long-running debate on national privacy standards. This alert looks closely at the proposed statutory text that seeks to define the breadth and scope of a federal privacy regime that policymakers have contemplated for years.

    Greater clarity about bill text and its overall prospects for passage are likely to emerge at the House Energy and Commerce Committee’s hearing scheduled for tomorrow at 10:30 a.m. ET.

    Federal Issues Federal Legislation Privacy/Cyber Risk & Data Security Special Alerts House Energy and Commerce Committee FTC Consumer Protection American Data Privacy and Protection Act

    Share page with AddThis
  • Special Alert: Fed finalizes rule for FedNow platform

    The Federal Reserve Board recently issued a final rule for its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. FedNow will stand alongside private sector initiatives and, like more modern payments systems, will feature credit payments to push funds rather than debit payments to pull funds, offering faster processing.

    Highlights of the new rule and FedNow

    • Not yet open for business. The Fed continues to target release of FedNow for sometime in 2023. It will implement the 24x7x365 real-time payments service in stages, each with additional features and enhancements.
       
    • Not a consumer or business app or service. Depository institutions that are eligible to hold Reserve Bank accounts will be able to use FedNow, which will be administered by the 12 Reserve Banks. Consumers and businesses may not participate in FedNow directly, and therefore, could not send payment orders to a Reserve Bank through it. They would instead send instant payments through their depository institution accounts.
       
    • Bank vnonbank direct participation in FedNow. Eligible institutions include banks, savings associations, credit unions, U.S. branches and agencies of non-U.S. banks, Edge or agreement corporations, some systemically important financial market utilities, and government-sponsored entities (including Fannie Mae and Freddie Mac). We use the term “banks” throughout to simplify the discussion.

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance Special Alerts Federal Reserve FedNow Payments Regulation J Bank Compliance

    Share page with AddThis
  • Special Alert: Eleventh Circuit upholds terms of arbitration agreement in challenge under Dodd-Frank

    Courts

    On May 26, 2022, the United States Court of Appeals for the Eleventh Circuit issued a published decision holding that the Dodd-Frank Act does not prohibit the enforceability of delegation clauses contained in consumer arbitration agreements “in any way.” This opinion is of potentially broad significance in the class action and arbitration space since it is one of the first appellate decisions in the country concerning Dodd-Frank’s arbitration provision and supports broad enforcement of delegation clauses even where a statute could allegedly prohibit arbitration of the underlying claim.

    In Attix v. Carrington Mortgage Services, LLC, the Eleventh Circuit reversed a decision of the United States District Court for the Southern District of Florida denying Carrington’s motion to compel arbitration that was based on the plaintiff’s argument that the anti-waiver provision in the Dodd-Frank Act, prohibited enforcement of the arbitration agreement.  The anti-waiver provision of the Dodd-Frank Act provides that “no other agreement between the consumer and the creditor relating to the residential mortgage loan or extension of credit . . . shall be applied or interpreted so as to bar a consumer from bringing an action in an appropriate district court of the United States.” The district court agreed with the plaintiff’s argument that the Dodd-Frank Act prohibited arbitration of the underlying dispute and in doing so, side-stepped the delegation clause that delegated such threshold determinations to an arbitrator.

    In a 52-page published opinion, the Eleventh Circuit reversed the decision of the district court, holding that the Dodd-Frank Act does not prohibit enforcing delegation clauses, such as the clause at issue, which “clearly and unmistakably” delegates to the arbitrator “threshold arbitrability disputes.”  The circuit court found that in such circumstances, all questions of arbitrability are delegated to an arbitrator “unless the law prohibits the delegation of threshold arbitrability issues itself.”

    The court went on to broadly hold that the Dodd-Frank Act does not prohibit the enforceability of delegation clauses “in any way.” In doing so, the Eleventh Circuit explained that if Dodd-Frank had been intended to prohibit the enforcement of delegation clauses, then it could have been drafted that way, but instead, “the actual statute is silent as to who may decide whether a particular contract falls within the scope of its protections.” While the Dodd-Frank Act prohibits arbitration agreements from being applied or interpreted in a particular manner, it does not prohibit the enforcement of delegation clauses, and as a result, the court held that under the terms of Carrington and the plaintiff’s agreement, the arbitrator (and not the court) must determine the threshold question of whether the Dodd-Frank Act prohibits enforcement of Carrington’s arbitration agreement since it is a “quintessential arbitrability question.” 

    Significantly, the court also held that a challenge to an agreement to arbitrate on the basis that a statute precludes its enforcement is not a “specific challenge” to a delegation clause found within the arbitration agreement, such that the court lacks jurisdiction to review the enforceability of the delegation clause. In other words, where a challenge “is only about the enforceability of the parties’ primary arbitration agreement” and there is a delegation clause, “an arbitrator must resolve it.” As the Eleventh Circuit explained, “when an appeal presents a delegation agreement and a question of arbitrability, we stop. We do not pass go.” 

    This case has significance for anyone considering drafting an arbitration agreement particularly in a class action context.  A threshold drafting question is whether or not to delegate issues of arbitrability to the arbitrator or allow a court to resolve the issue.  Under this decision, a question of whether a statute bars arbitration of claims is for the arbitrator to decide when there is a delegation clause, unless the statute also explicitly bars delegation clauses.  This decision reinforces that inclusion of a properly drafted delegation clause in an arbitration agreement can result in a case improperly filed in court being more quickly sent to arbitration, even where the dispute is whether a statute prohibits the claim from being arbitrated in the first instance.

    Buckley represented Carrington on appeal with a team comprising Fredrick Levin, who argued the appeal, Scott Sakiyama, Brian Bartholomay, and Sarah Meehan. For questions regarding the case, please contact one of the team members or a Buckley attorney with whom you have worked in the past.

    Courts Special Alerts Appellate Eleventh Circuit Dodd-Frank Arbitration

    Share page with AddThis
  • Special Alert: Breaking down the proposed CRA overhaul

    Federal Issues

    The federal banking agencies last week announced their highly anticipated proposal to revamp and modernize regulations implementing the Community Reinvestment Act. The proposal may significantly impact the compliance obligations of large banks, which the proposal generally defines as those with assets greater than $2 billion, while granting smaller banks the option of continuing to comply under the existing framework. The proposal aims to bring to a close the CRA reform process that began more than a decade ago, and was marked most recently by the OCC’s decision to pull back its 2020 regulatory overhaul (as covered by InfoBytes here).

    Federal Issues Bank Regulatory Special Alerts Federal Reserve OCC FDIC CRA Agency Rule-Making & Guidance

    Share page with AddThis
  • Special Alert: Federal court says state bank, fintech partner must face Maryland’s allegation of unlicensed lending before state ALJ

    Courts

    A federal court late last month told a state-chartered bank and its fintech partner that they must return to a state administrative law proceeding to fight a Maryland enforcement action alleging that their failure to obtain a license to lend and collect on loans violated state law — potentially rendering the terms of certain loans unenforceable.

    The Missouri-chartered bank and its partners attempted to remove an action brought by the Office of the Maryland Commissioner of Financial Regulation to the U.S. District Court for the District of Maryland, but the district court determined that removal was not proper and that Maryland’s Office of Administrative Hearings was the appropriate venue.

    OCFR initially filed charges in January 2021 in Maryland’s Office of Administrative Hearings against the bank and its partner asserting the bank made installment and consumer loans and extended open-ended or revolving credit in the state without being licensed or qualifying for an exception to licensure. As a result, OCFR said they “‘may not receive or retain any principal, interest, or other compensation with respect to any loan that is unenforceable under this subsection.’” It said that not only are the bank’s loans to all Maryland consumers possibly unenforceable, but also that the bank, or its agents or assigns, could in the alternative be “prohibited from collecting the principal amount of those loans from any of these consumers or from collecting any other money related to those loans.”

    The OCFR’s charge letter also said the fintech company that provided services to the bank violated the Maryland Credit Services Business Act by providing advice and/or assistance to consumers in the state “with regard to obtaining an extension of credit for the consumer when accepting and/or processing credit applications on behalf of the Bank without a credit services business license.” Additionally, the OCFR alleged violations of the Maryland Collection Agency Licensing Act related to whether the fintech company engaged in unlicensed collection activities, thus subjecting it to the imposition of fines, restitutions, and other non-monetary remedial action.

    The defendants filed a notice of removal to federal court last year while the enforcement action was still pending before the OAH; OCFR moved to remand the case back to the agency.

    In granting the OCFR’s motion to remand, the court concluded that the OCFR persuasively argued that the defendants have not properly removed this case from the OAH for several reasons, including that the OAH does not function as a state court. “Pursuant to 28 U.S.C. § 1441, a defendant may remove to federal court ‘any civil action brought in a State court of which the district courts of the United States have original jurisdiction.’” However, the court determined that, while defendants correctly observed that the OAH possesses certain “court-like” attributes, its limitations clearly showed that it does not function as a state court.

    In reaching this conclusion, the court considered several undisputed facts, including that the OCFR is a unit of the Maryland Department of Labor “responsible for, among other things, issuing licenses to entities wishing to issue loans to consumers in Maryland and investigating violations of Maryland’s consumer loan laws.” The court also said that, while OCFR has authority under Maryland law to investigate potential violations of law or regulation and has the ability to issue cease and desist orders, revoke an individual’s license, or issue fines, it cannot enforce its own subpoenas or orders — and that its decisions are not final and may be appealed to a state circuit court.

    The defendants had argued that the case involved a federal question as a result of the complete preemption of state usury laws by Section 27 of the FDI Act. The court said licensure, not state usury law claims, was the issue at hand. 

    During a status conference held last month to discuss OCFR’s motion to remand, defendants requested an opportunity to file a motion certifying the case for appeal. The court will hold in abeyance its remand order pending resolution of that motion. Parties’ briefings are due by the end of May.


    If you have any questions regarding the ruling or its ramifications, please contact a Buckley attorney with whom you have worked in the past.

    Courts State Issues Maryland State Regulators Licensing Fintech Debt Collection Consumer Lending Usury Special Alerts

    Share page with AddThis
  • Special Alert: CFPB revises UDAAP manual to include discriminatory practices

    Federal Issues

    On March 16, the Consumer Financial Protection Bureau announced significant revisions to its Unfair, Deceptive, or Abusive Acts or Practices exam manual, in particular highlighting the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. Congress has enacted several statutes that outlaw discrimination on specified prohibited bases, including the Equal Credit Opportunity Act (ECOA), which generally makes it unlawful to discriminate on a prohibited basis when extending credit and which the CFPB is authorized to enforce.  With this announcement, the Bureau made clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice — and therefore the CFPB can bring discrimination claims related to non-credit financial products (and other agencies that have UDAP authority may follow in the CFPB’s lead).  

    Federal Issues Special Alerts CFPB Agency Rule-Making & Guidance UDAAP Unfair Deceptive Abusive ECOA Examination Discrimination Fair Lending Disparate Impact

    Share page with AddThis
  • Special Alert: Latest developments in OFAC sanctions against Russia

    Financial Crimes

    Beginning February 21, the U.S. Department of the Treasury’s Office of Foreign Assets Control has issued significant sanctions in response to the Russian Federation’s military invasion of Ukraine and its recognition of Ukraine’s separatist regions.

    Since Buckley’s last update on February 25, there have been a number of developments in the sanctions against Russia, which include:

    Financial Crimes Digital Assets OFAC Department of Treasury OFAC Sanctions OFAC Designations Ukraine Ukraine Invasion Russia Special Alerts DOJ FinCEN Biden NYDFS Of Interest to Non-US Persons Cryptocurrency

    Share page with AddThis
  • Special Alert: NYDFS guidance on cybersecurity and virtual currency responds to events in Ukraine

    State Issues

    The New York Department of Financial Services last week issued guidance on its cybersecurity and virtual currency regulations in response to the Russian military actions in Ukraine and recently imposed sanctions. NYDFS specifically raised the specter of elevated cyber risk due to ongoing cyberattacks against Ukraine, which could spill over to other networks, as well as potential direct attacks against U.S. critical infrastructure.

    Updated cybersecurity regulation guidance

    NYDFS suggested that regulated entities with programs pursuant to its cybersecurity regulation (23 NYCRR 500) have the potential to mitigate increased cyber threats and should take the following steps:

    • Review cybersecurity programs for compliance, with particular attention to certain safeguards and core cybersecurity hygiene measures, including access control, vulnerability management, and privileged access review
    • Review, update, and test incident-response and business-continuity plans and ensure they address ransomware events
    • Review and implement practices pursuant to the June 2021 Ransomware Guidance
    • Re-evaluate plans to maintain essential services and protect critical data in the event of an extended outage or service disruption
    • Conduct a full test of backup and recovery abilities
    • Provide additional cybersecurity awareness training and reminders for all employees 

    NYDFS also advised that regulated entities should keep track of known threat actors and take extra precautions when doing business in Russia and Ukraine, including segregating Russian and Ukrainian networks. Regulated entities must report cybersecurity events that meet the criteria of 23 NYCRR 500.17(a) as promptly as possible and within 72 hours, and should also report cybersecurity events immediately to law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency.

    Guidance in response to recent sanctions

    In the last week, the Biden administration imposed significant new sanctions targeting Russian assets, the Russian financial market, and Russian business dealings in response to Russia’s invasion of Ukraine. (See InfoBytes coverage here.) NYDFS reiterated that regulated entities should fully comply with U.S. sanctions on Russia, as well as Part 504 of its regulations regarding transaction monitoring and filtering. In order to comply with the new sanctions, NYDFS recommended that regulated entities take the following steps immediately:

    • Monitor all communications from NYDFS, the U.S. Department of the Treasury, the Office of Foreign Assets Control (OFAC), and other federal agencies on a real-time basis to keep tabs on the latest developments
    • Modify transaction monitoring and filtering programs as necessary to capture new sanctions as they are proposed
    • Monitor all transactions, particularly trade finance transactions and funds transfers, and identify and interdict transactions prohibited by U.S. sanctions.
    • Update OFAC compliance policies and procedures on a continuous basis to incorporate the recent sanctions and any new sanctions that may be imposed.

    Updated virtual currency regulation guidance

    NYDFS also cautioned that sanctioned entities may attempt to use virtual currency to evade sanctions. It said regulated entities must ensure they have “tailored policies, procedures, and processes to protect against the unique risks that virtual currency present” and are complying with the relevant state and federal laws, including the OFAC Sanctions Compliance Guidance for the Virtual Currency Industry and New York virtual currency regulation (23 NYCRR 200).  Additionally, regulated entities should monitor the effectiveness of virtual currency-specific control measures, including sanctions lists, geographic screening, geolocation tools/IP address identification and blocking capabilities, and transaction monitoring and investigative tools, including blockchain analytics tools.

    Buckley will continue to monitor the ongoing situation in Ukraine and provide updates in conjunction with significant developments.

    If you have any questions regarding the NYDFS guidance or the recent Ukraine-related sanctions against Russia, please visit our Privacy, Cyber Risk & Data Security or Bank Secrecy Act/Anti-Money Laundering & Sanctions practice pages, or contact a Buckley attorney with whom you have worked in the past.

    State Issues Financial Crimes Federal Issues NYDFS OFAC Department of Treasury OFAC Sanctions Privacy/Cyber Risk & Data Security Russia Ukraine Ukraine Invasion 23 NYCRR Part 500 Special Alerts

    Share page with AddThis

Pages