Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 1, the SBA announced that three new Small Business Lending Company (SBLC) licenses have been issued to lenders focused on underserved markets, which is notably the first expansion of the SBLC program in more than 40 years. An SBLC license permits lending institutions to leverage government guarantees during the process of approving small business loans, decreasing risk for the lender, and lowering costs for the borrower. Consequently, SBA noted, SBLCs can extend a greater number of loans to small businesses than would be feasible without government support. The announcement stated that SBA's current SBLCs surpass banks and credit unions in their ability to provide loans to minority-owned businesses.
In June, the SBA opened a window for new applications for lenders. In announcing the new licensees, SBA Administrator Isabel Guzman stated that “[w]ith the addition of three new Small Business License Companies, the SBA will be able to serve even more small business owners who need capital to start, operate, and grow their businesses.” The SBA highlighted that “[e]ach of the three new SBLC license holders will focus on historically underserved markets, including small businesses in Native, rural, and low-income communities.”
Recently, the U.S. Senate passed a joint resolution of disapproval (S.J. Res. 32) under the Congressional Review Act to nullify the CFPB’s small business lending rule. As previously covered on InfoBytes, the rule, which requires financial institutions to collect and report to the CFPB credit application data for small businesses, has faced opposition from various politicians and is the subject of litigation brought by financial institutions that would be subject to the rule in the U.S. District Court of the Southern District of Texas. In support of the joint resolution, Sen. John Kennedy (R-LA), who introduced the legislation, recently argued on the floor that “the CFPB is setting these small business people… up for lawsuits” because “[it] has promulgated a rule that totally perverts our intention in section 1071.” If the House of Representatives similarly passes the joint resolution, and President Biden signs it, the CFPB’s rule will be nullified under the Congressional Review Act.
The joint resolution follows the order from the U.S. District Court for the Southern District of Texas granting a nationwide preliminary injunction enjoining the CFPB from enforcing the rule (covered by InfoBytes here and here).
On October 31, the GAO opined that the SEC’s Staff Accounting Bulletin 121 (SAB 121) is a rule, and thus the SEC was required to submit it for congressional review. SAB 121 describes how SEC staff would expect entities to account for and disclose their custodial obligations for engaging in crypto-asset services, noting that crypto companies may have to present such obligations as a liability on their balance sheets. The GAO found that SAB 121 provides interpretive guidance, but the SEC failed to submit a report as required under the Congressional Review Act (CRA) before a rule can take effect.
The GAO’s opinion notes that the SEC maintains a different position than the GAO on the nature of SAB 121, arguing that SAB 121 is not a rule (and thus subject to CRA review), but instead is “guidance” indicating “how the Office of the Chief Accountant and the Division of Corporation Finance would recommend that the agency act,” and is not an agency statement from the full Commission. However, the GAO’s found that “[SAB 121] is a statement made by the SEC,” and that “a statement issued by a subset of the agency may still constitute an agency statement for CRA purposes.”
On October 30, the HM Treasury of the UK Government released a report titled “Future Financial Services Regulatory Regime for Cryptoassets,” confirming its plans to regulate digital assets more strictly. The regulatory framework includes descriptions of requirements for the admission of digital assets to a trading venue, including disclosure documents. To make cryptocurrencies subject to the FCA’s rule-making powers, the HM Treasury expanded the definition of “specified instruments” to include digital currencies, but not its definition of “financial instrument.”
The UK Government created the report based on stakeholder feedback on an extensive survey on cryptoassets. The report summarizes responses to 51 survey questions and provides explanations regarding the UK government’s intentions to proceed with the framework. The report outlines how the UK can attract more crypto businesses while also protecting consumer interests. Topics include, among other things, (i) confirmation that the proposed regime does not intend to capture activities relating to cryptoassets which are specified investments that are already regulated; (ii) information regarding the future FCA authorization process for cryptoasset activities; (iii) the UK government’s support for the use of publicly available information to compile appropriate disclosure and admission documents; and (iv) acknowledgment of the potential need for a staggered implementation for cross-venue data sharing obligations. The report recognizes the rapidly evolving nature of the crypto sector and emphasizes that “the government continues to consider that developing a fully bespoke regime outside of the FSMA framework would risk creating an un-level playing field between cryptoasset firms and the traditional financial sector.”
Any legislative changes in response to this report on how the UK Government regulates cryptoassets will occur in 2024, “subject to Parliamentary time.”
On October 27, the FTC approved an amendment to the Safeguards Rule to require nonbanks to report data breaches. Under the amended rule, financial institutions, including mortgage brokers, motor vehicle dealers, and payday lenders, will be required to notify the FTC of data breaches as soon as possible, and no later than 30 days after the discovery of incident involving at least 500 consumers. Notice of an incident is required if unencrypted consumer information was acquired without their authorization, as the FTC noted that encrypted consumer information is unlikely to cause consumer harm. The FTC will provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. Additionally, the amended rule will require nonbanks to “to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.” As previously covered by InfoBytes, the FTC recently extended compliance on some Safeguards provisions finalized in October 2021 (covered by InfoBytes here), to June of this year.
The commission voted 3-0 to publish the amendment, which will become effective 180 days after its publication in the Federal Register.
On October 31, Ohio State AG Dave Yost filed a complaint against debt collectors for violations of the FDCPA and Ohio Consumer Sales Practices Act. The complaint alleged that the defendants frequently changed the names they used to engage in collection activities and purposefully used names to sound like law firms to mislead consumers. The AG’s complaint also included allegations that the debt collectors failed to honor written requests to verify debts, threatened legal action, engaged in harassing or abusive behavior, and made false, misleading, and deceptive representations.
On October 26, a U.S. District Court for the Eastern District of New York granted a motion to dismiss an FDCPA suit holding that there is nothing in the FDCPA that prohibits debt collectors from reporting information about a debt to a credit reporting agency. The plaintiff filed a complaint in January 2023 alleging that the defendant violated the FDCPA by communicating with the plaintiff after the plaintiff requested that the debt collector stop all communications. The plaintiff further alleged that the defendant violated the FDCPA by reporting this debt to the major credit reporting agencies, which subsequently led to the plaintiff being denied credit. While the judge ruled that the plaintiff had standing to sue because of the denial of credit, the judge also ruled that the statute “expressly permits communications with ‘a consumer reporting agency if otherwise permitted by law,’” and that the plaintiff did not allege that negligence was the proximate cause of damages.
On October 27, the U.S. Court of Appeals for the Second Circuit denied a petition for a panel rehearing en banc in a False Claims Act (FCA) suit that was dismissed in 2020. The whistleblower suit, filed in 2019, alleged violations of the U.S.’s sanctions on Iran by exchanging foreign currency for U.S. dollars on behalf of Iranian and related terrorist entities. In July 2020, the whistleblower suit was dismissed after the court agreed with U.S. Attorney for the Southern District of New York’s motion to dismiss because the compliant was “legally deficient as it is premised on an incorrect legal theory of liability that is inconsistent with both the FCA and the law regarding civil forfeiture.” The plaintiff appealed to the 2nd Circuit arguing that the district court needed to hold a hearing; however, the 2nd Circuit found the suit had been properly dismissed and that the judge considered extensive briefing before making the determination of the dismissal.
On October 26, the U.S. District Court for the District of New Jersey dismissed without prejudice a FCRA and FDCPA lawsuit filed against a law firm and credit reporting agency. The plaintiff alleged that the defendants published inaccurate and incomplete information regarding a trade line for debt allegedly owed to a healthcare facility. The plaintiff claimed that the credit reporting agency refused to validate the debt. The judge held that the FDCPA did not apply to the credit reporting agency because it was not a debt collector, and that plaintiff did not provide any facts that the tradeline was inaccurate. The judge also found that plaintiff failed to state a claim under the FDCPA against the law firm because “merely furnish[ing] a trade line to a credit reporting agency does not violate any provision of the FDCPA.” The plaintiff is allowed to move for leave to file an amended complaint within thirty (30) days if a stronger factual basis for the claims is provided.
On October 27, Fed Vice Chair for Supervision, Michael Barr, delivered a speech at the Economics of Payments XII Conference discussing the Fed’s place in the payments system and highlighting its role as a bank supervisor and operator of key payment infrastructure. Emphasizing the Fed’s introduction of its FedNow instant payment service (covered by InfoBytes here), which was designed to enable secure instant payments in response to the increasing demand for secure and convenient payment options, Barr encouraged banks to build upon the new payment infrastructure. He also noted that ongoing experimentation with new payment technologies, such as stablecoins, creates a need for regulation, particularly where an asset is “pegged to government-issued currencies.”
Regarding central bank digital currencies (CBDCs), the Fed is engaged in research and in discussions with various stakeholders; however, it has not decided on whether to issue a CBDC. The Vice Chair stressed that any move in this direction would require “clear support” from the Executive Branch and authorization from Congress.
Barr emphasized the Fed’s commitment to working with the international community to improve cross-border payment systems as well as the need for research into both traditional and emerging payment methods, noting that innovation should “promote broad access and financial inclusion.” Finally, the remarks touched on the Fed’s proposed revisions to the interchange fee cap for debit card issuers, with a call for public input on the matter (covered by InfoBytes here).