Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Agencies issue NPRM on incentive-based compensation

    Agency Rule-Making & Guidance

    On May 6, the FDIC, OCC, NCUA and the FHFA issued a NPRM (proposed rule) on incentive-based compensation, pursuant to Dodd-Frank’s Section 956 (Section 956), which required federal regulators to prescribe regulations or guidelines regarding incentive-based compensation at covered financial institutions. Regulators first proposed a rule to implement Section 956 in 2011, and again in 2016. Now, regulators are reproposing the 2016 version without change, albeit with certain alternatives. The current proposal, however, will be published without involvement from the Fed or SEC.

    Section 956 defined “covered financial institutions” as institutions with at least $1 billion in assets and include the following: depository institutions or depository institution holding companies, registered broker-dealers, credit unions, investment advisers, Fannie Mae, and Freddie Mac (or any other financial institution that federal regulators determined should be treated as a covered financial institution). Dodd-Frank required regulators to prohibit incentive-based compensation arrangements that encouraged “inappropriate risks.” The proposed rule included prohibitions intended to make these compensation arrangements more sensitive to risk, such as a ban on incentive-based compensation arrangements that do not include risk adjustment of awards, deferral of payments, or forfeiture and clawback provisions. In addition, the proposed rule set forth recordkeeping and disclosure requirements to help federal regulators monitor potential issues.

    The agencies will review both new comments and those received in 2016 for the prior proposed rule. The agencies invited those who previously submitted comments and resubmit their comments to explain how their viewpoint may have changed from their prior comments. The agencies also requested comments on the compliance date and disclosures, like the recordkeeping and clawback requirements. Comments will be due no later than 60 days following publication in the Federal Register.

    Agency Rule-Making & Guidance Bank Regulatory OCC FDIC FHFA Dodd-Frank SEC Federal Reserve

  • House passes resolution to nullify SEC’s rule on crypto accounting guidance


    On May 8, the U.S. House of Representatives passed H. J. Res. 109, the first step in an attempt to nullify the SEC’s Staff Accounting Bulletin No. 121 (SAB 121) under the Congressional Review Act. SAB 121 describes how the SEC expects entities to account for and disclose their custodial obligations to “safeguard crypto-assets held for their platform users,” and has been in effect since April 11, 2022. As previously covered by InfoBytes, in October 2023, the GAO found SAB 121 was a rule, not guidance, making SAB 121 subject to the Congressional Review Act.

    Securities Accounting SEC Congress Agency Rule-Making & Guidance Congressional Review Act

  • CFTC subcommittee issues report on responsible AI use


    On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.

    Fintech Artificial Intelligence Department of Treasury Governance Anti-Money Laundering

  • State attorneys general push Congress on federal consumer privacy legislation

    Privacy, Cyber Risk & Data Security

    On May 8, the Attorney General of California, Rob Bonta, and 15 other state attorneys general wrote a letter to Congressional leaders following the introduction of the American Privacy Rights Act (APRA) in Congress. The attorneys general encouraged Congress to set a “federal floor, not a ceiling” for consumer privacy rights, as APRA preempts state law under its current draft. The letter highlighted how states have “played a critical role” in setting new data privacy standards without curbing business practices or developments in technology. In addition, the attorneys general expressed concern that the APRA would limit some attorneys general to issue civil investigative demands (CIDs) because their CID authority would require a violation of state or federal law before issuance. The APRA, however, provided that “a violation of [the APRA] or a regulation promulgated under [the APRA] may not be pleaded as an element of any violation of [a state] law.” Despite these concerns, the attorneys general did express their support for other provisions of APRA, such as data minimization by default, stronger consent requirements, and protections for minors.

    Privacy, Cyber Risk & Data Security Congress California State Attorney General HIPAA

  • Fed, OCC, and FDIC release third-party risk management report for community banks

    Privacy, Cyber Risk & Data Security

    On May 3, the Fed, OCC, and FDIC (the regulators) released a report to help community banks assess their third-party relationship risk exposure. The report discusses key considerations in three areas: risk management, third-party relationship life cycle, and governance. In addition, the regulators’ report contained an appendix with additional resources, such as FFIEC interagency guidance and CISA cybersecurity protocols. With respect to risk management, the report suggested community banks apply more rigorous risk-management practices for third parties that support critical bank activities, such as those that could have a significant customer impact or have a significant impact on the bank’s financial condition. In describing the third-party relationship life cycle, the report identified five key stages of the life cycle – planning, due diligence, contract negotiation, ongoing monitoring, and termination. With respect to governance, the report described three key pillars: oversight and accountability, independent review, and documentation and reporting.

    Privacy, Cyber Risk & Data Security Third-Party Risk Management Communications Decency Act Bank Regulatory OCC Federal Reserve

  • Tennessee amends consumer debt proceeding requirements and garnishment exemptions

    State Issues

    On May 3, the Governor of Tennessee signed into law HB 2320 (the “Act”), which will amend pleading requirements for consumer debt suits and garnishment exemptions. The Act would require that, in a civil suit or arbitration requesting judgment on a consumer debt, the plaintiff creditor would provide the following in the initial pleading: (i) if the debtor’s agreement does not exist, then provide written evidence of the debtor’s agreement or a document provided to the debtor while the account was active; (ii) a statement that the debt has been transferred or assigned; (iii) the date of the transfer or assignment; (iv) the name of any prior holders of the debt; and (v) the name or a description of the original creditor. Additionally, the Act will amend Tennessee’s garnishment provisions to automatically exempt them from execution, seizure, or attachment funds up to $2,500 in a debtor’s deposit account with a bank or financial institution. The Act will go into effect on July 1.

    State Issues State Legislation Tennessee

  • Georgia amends provisions for telemarketing provisions for defendants

    State Issues

    On May 6, Georgia enacted SB 73 (the “Act”), which amends, among other things,  Georgia’s telemarketing laws. The Act clarifies that no person or entity can make or cause any telephone solicitation violations, now on behalf of another person or entity, and sets forth that there is a private right of action against violators. The Act also amends the damages to be the actual monetary loss for each violation or a violation up to $1,000 in damages, whichever is greater.  However, if a class action lawsuit is brought under the Act, the $1,000 in statutory damages would not apply. The Act further provides that ignorance would not be a valid defense if a defendant did not make or was not aware how a telephone solicitation violated applicable laws. However, it is defensible if the defendant had established policies and procedures to prevent violations, and enforced such procedures, or if a phone number was provided in error so long as the defendant did not have any knowledge of the mistake.

    State Issues Georgia Telemarketing State Legislation

  • Tennessee amends its Consumer Protection Act

    State Issues

    Recently, the Governor of Tennessee signed into law HB 2711 (the “Act”) which amends, among other things, the state’s Consumer Protection Act. In particular, the Act establishes the factors that a court may consider when determining a civil penalty for violation of the Consumer Protection Act. The court may consider (i) the defendant’s participation in the attorney’s general complaint resolution process; (ii) and the defendant’s restitution efforts prior to the action; (iii) whether there was good or bad faith; (iv) injury to the public; (v) one’s ability to pay; (vi) the public’s interest in eliminating the benefits derived by the violator; and (vii) the state’s interest. Additionally, the Act expands its protection of elderly people to “specially targeted consumers” which includes persons who are at least 60 years old, persons under 18, and current and former military service members. Persons who are found to have targeted specially targeted consumers can be liable for penalties up to $10,000. Furthermore, the Act makes other changes such as procedural requirements for actions brought by the attorney general. The Act is effective immediately.

    State Issues State Legislation Consumer Protection Act Civil Money Penalties

  • Florida enacts new requirements for payment transaction classification

    State Issues

    On May 2, the Governor of Florida signed into law HB 939 (the “Act”) which, among other things, will expand the definition of “depository institution” and amend the requirements for information returns relating to payment-card and third-party network transactions.

    As it will relate to Florida’s commercial financing disclosure law, the Act will expand the definition of “depository institution” to mean a bank, credit union, savings or thrift association, or an industrial loan company doing business under the authority of a charter issued by the U.S., Florida, or any other state or territory which is authorized to transact business in Florida and is insured by the FDIC or NCUA Share Insurance Fund.

    Additionally, the Act will require third-party settlement organizations handling transactions for participating payees located in Florida to establish a system to identify whether transactions are for goods and services or are personal payments. Third-party settlement organization will be required to create a mechanism that clearly obligates the sender to classify the transaction type prior to completion. The Act will also set forth how the sender of the payment will be responsible for categorizing the transaction accurately. Furthermore, third-party settlement organizations will be instructed to keep detailed records that reflect the transaction type as specified by the sender. However, this requirement will not be applicable to third-party settlement organizations that are contractually bound to process transactions exclusively for goods and services. The Act will define “participating payee,” “third party network transaction,” and “third party settlement organization” as defined by the Internal Revenue Code. The Act will go into effect July 1.

    State Issues Florida State Legislation Payments

  • Arizona court upholds debt collection act from industry challenge


    On May 3, the Arizona Court of Appeals affirmed the state superior court’s decision to uphold Arizona’s Predatory Debt Collection Act (the “Act”) after being challenged by judgment creditors. The Act lowered the interest rate cap on medical debt, increased the amount of the homestead exemption, increased the dollar value of personal property and assets exempt from creditor claims, and increased the amount of exempt earnings in garnishment actions. The plaintiffs alleged that the “Saving Clause” of the Act was unconstitutionally vague and unintelligible due to its failure to directly state whether the Act would apply when a judgment pre-dates the Act but a wage garnishment proceeding post-dates the Act. The appellate court found that the Saving Clause was not vague or unintelligible as the language “provides a framework and examples consistent with how Arizona courts have long ensured prospective application of the law[.]” As such, the appellate court upheld the superior court’s decision and could not rule the Act as unconstitutional.

    Courts Arizona Appellate Debt Collection Predatory Lending


Upcoming Events