To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Federal Activities:

• On August 19, the Federal Deposit Insurance Corporation (FDIC) issued letters, demanding that five crypto-related companies cease and desist from issuing consumer disclosures that imply the companies’ products are insured by the FDIC. For more information, click here.

• On August 19, the U.S. Department of the Treasury announced an additional group of four state plans approved under the State Small Business Credit Initiative (SSBCI) for up to $750 million in funds to expand access to capital for small businesses. The Treasury announced more than $2.25 billion in funding approvals to promote small business growth through SSBCI. The American Rescue Plan reauthorized and expanded SSBCI, which was originally established in 2010. For more information, click here.

• On August 19, the Consumer Financial Protection Bureau (CFPB) announced in a blog post that it is modernizing how it collects credit card data. For more information, click here.

• On August 18, the FDIC issued guidance to FDIC-supervised institutions to address certain consumer compliance risks associated with assessing multiple non-sufficient funds fees, arising from the re-presentment of the same unpaid transaction. Additionally, the FDIC shared its supervisory approach after it identifies a law violation, as well as expectations for full corrective action. For more information, click here.

• On August 17, U.S. Senate Banking Committee Member Pat Toomey (R-PA) issued a letter to FDIC Director and Acting Chairman Martin Gruenberg, expressing his concerns regarding whistleblower reports and noting that the FDIC, on occasion, has requested that banks refrain from expanding their relationships with crypto-related companies. For more information, click here.

• On August 16, the Securities and Exchange Commission filed a complaint in the U.S. District Court of the Western District of Washington against the founder of three crypto-related companies and the companies themselves, alleging that in 2017, the defendants conducted an unregistered crypto asset securities offering in violation of Sections 5(a) and (c) of the Securities Act of 1933. For more information, click here.

• On August 16, the CFPB director issued a statement on the announcement regarding the cancellation of loans for ITT Tech students. For more information, click, here.

• On August 15, the Federal Reserve Board (Fed) finalized its guidelines, governing requests by certain novel financial institutions (including crypto-related financial institutions) for a Federal Reserve Bank “master account,” which is necessary for an institution to obtain direct access to the Federal Reserve’s payment systems and to settle transactions with other participants in central bank money. Although the Fed’s guidelines outline a tripart evaluation process in considering requests to access master accounts, the Fed made clear that applications for master account access submitted by crypto-related institutions would be subject to the strictest scrutiny. For more information, click here.

• On August 15, a federal court in the U.S. District Court for the Central District of California entered an order, authorizing the IRS to serve a John Doe summons on SFOX, a Los Angeles-based cryptocurrency broker, to produce trading records for SFOX users who conducted trades totaling at least $20,000 between 2016 and 2021. For more information, click here.

• On August 15, the U.S. District Court for the Southern District of New York rejected a proposed settlement of a securities class action involving Block.one, creator of the EOS token and EOS blockchain, concluding that the lead plaintiff could not adequately represent the class since a dissimilarity existed between its EOS token purchases and the class members’ EOS token purchases: The lead plaintiff conducted most of its EOS purchases on foreign cryptocurrency exchanges, which are not subject to federal securities laws, whereas the class members conducted most of their EOS purchases on domestic cryptocurrency exchanges, which are subject to federal securities laws. For more information, click here.

• On August 12, the Commodity Futures Trading Commission (CFTC) filed a civil enforcement action in the U.S. District Court for the Southern District of Ohio against Rathnakishore Giri and his two companies, NBD Eidetic Capital LLC and SR Private Equity LLC. The CFTC alleged that through his companies, Giri perpetrated a $12 million bitcoin Ponzi scheme by luring investors through false and misleading statements in violation of the Commodity Exchange Act and CFTC regulations. For more information, click here.

• On August 11, the CFPB published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization, poor password management, and lax software update policies — as examples of data security practices that would likely cause substantial unavoidable injury to consumers without a countervailing benefit and that could trigger liability for financial institutions and/or their service providers. For more information, click here.

State Activities:

• On August 17, New York Attorney General Letitia James reached a settlement with landlord Clipper Equity LLC, which was accused of “tenant blacklisting,” a practice whereby landlords allegedly deny a prospective tenant’s application based on information the landlord discovers in the housing court records. The practice became illegal in 2019, and James took action against Clipper Equity LLC as a reminder to all New York landlords that blacklisting is “an unfair and illegal practice” that “will not go unchecked.” For more information, click here.

• On August 16, two Chicago plaintiffs initiated a potential class-action lawsuit in Illinois state court against a national consumer reporting agency. The lawsuit alleges willful and negligent violations of the Fair Credit Reporting Act, resulting from a technology glitch that allegedly led to the reporting of inaccurate credit information for consumers applying for various loans. According to the complaint allegations, nearly 25 million credit reports were requested during the active glitch period, and consumers were subjected to credit scores that were inaccurate by as much as 130 points. For more information, click here.

• On July 29, New York State’s Department of Financial Services released draft amendments to its Part 500 Cybersecurity Regulation for financial service companies that, among other things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs; (3) require enhancements to governance policies and procedures; (4) announce new restrictions on privileged accounts; and (5) clarify its enforcement authority. For more information, click here.