To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Federal Activities:

• On August 10, the Consumer Financial Protection Bureau (CFPB) published a blog about Director Rohit Chopra’s visit to Gallup and Albuquerque, NM. According to the blog post, the CFPB used this opportunity to focus on, among other things, New Mexico consumer complaints, including consumer complaints about the credit reporting of medical debt and junk fees: “Mirroring nationwide trends, complaints about credit reporting make up most of these complaints (42%), followed by debt collection (17%) and mortgage (13%).” For more information, click here.
• On August 9, President Biden signed the Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern, which authorizes the Secretary of the Treasury to regulate certain U.S. investments into countries of concern in entities engaged in activities involving sensitive technologies critical to national security in three sectors: semiconductors and microelectronics, quantum information technologies, and artificial intelligence. For more information, click here.
• On August 9, the Securities and Exchange Commission (SEC) filed an interlocutory appeal in SEC v. Ripple Labs, et al., 20-cv-10832 (S.D.N.Y.), a case in which the Hon. Analisa Torres ruled that three out of four categories of XRP token sales did not constitute an investment contract. In its appeal, the SEC stated that it intended to seek certification of the court’s holding that certain “programmatic sales” over crypto-asset trading platforms in exchange for labor and services did not involve the offer or sale of securities. For more information, click here.
• On August 8, the Office of the Comptroller of the Currency (OCC) issued a bulletin to provide banks with guidance regarding the applicability of the legal lending limit to purchased loans. Loan purchase activities are long-standing banking practices that serve the legitimate business needs of the buying and selling institutions and the public interest. The extensive network of loan-broker channels and increased involvement of nonbank lenders have resulted in growth in the availability of loans for purchase. Unless an exception applies, all loans and extensions of credit made by banks are subject to the legal lending limit, which provides limitations on the total amount of loans and extensions of credit to any one borrower. Whether a loan purchased by a bank is attributable to the seller under the legal lending limit regulation depends on specific facts and circumstances. Consequently, bank management would typically consider more information than it would for in-house originations when determining compliance with the legal lending limit regulation for purchased loans. For more information, click here.
• On August 9, the Commissioner of Data Protection of the Dubai International Financial Centre (DIFC), the leading global financial center in the Middle East, Africa, and South Asia (MEASA) region, issued a first of its kind adequacy decision regarding the California Consumer Privacy Act of 2018 (CCPA), a standalone data protection law. The CCPA was amended by the California Privacy Rights Act of 2020 (CPRA) which took effect on January 1, 2023 (together “amended CCPA). The decision establishes a determination of the amended CCPA’s equivalence with the Data Protection Law, DIFC Law No. 5 of 2020 (DP Law 2020). For more information, click here.
• On August 8, the U.S. Government Accountability Office (GAO) updated its priority open recommendations to the OCC, the Federal Deposit Insurance Corporation (FDIC), and the Federal Reserve. The GAO’s priority open recommendations refer to suggestions from the GAO to bank regulators that have the potential for cost savings, mismanagement reduction, fraud, and abuse, or addressing risky or duplicative issues. In a series of three letters, the GAO offered guidance related to implementing blockchain and financial technology, suggesting that the OCC, FDIC, Federal Reserve, and other financial regulators should coordinate to identify and address blockchain-related risks. The letters also recommended that the three agencies, along with other regulators, explain how lenders may use alternative data to underwrite third-party relationships with fintech lenders that determine borrowers’ creditworthiness after analyzing large amounts of data on borrower characteristics. For more information, click here.
• On August 8, the Federal Reserve issued two supervision letters that provide additional information on its program to supervise novel bank activities, which include: (1) complex technology-driven partnerships with nonbanks to provide banking services; (2) crypto-asset related activities; (3) projects using distributed ledger technology with the potential to impact the financial system; and (4) concentrated provision of banking services to crypto-asset related entities and fintechs. The first letter, SR 23-7, announces the establishment of the “Novel Activities Supervision Program,” which is designed to ensure that risks associated with innovation are appropriately managed by banks. Supervisory teams will be tasked with monitoring and examining novel activities. The program will be risk-based, and the level of supervision will vary based on the level of engagement in novel activities by each supervised banking organization. For more information, click here.
• On August 8, the Federal Reserve provided additional information on its program to supervise novel activities in the banks it oversees. Novel activities include complex, technology-driven partnerships with nonbanks to provide banking services to customers; and activities that involve crypto-assets and distributed ledger or “blockchain” technology. For more information, click here.
• On August 7, PayPal announced its intent to launch PayPal USD (PYUSD), a stablecoin fully backed by U.S. dollar deposits, short-term U.S. treasuries, and similar cash equivalents. The stablecoin will be issued by Paxos Trust Company, a company subject to regulatory oversight by the New York Department of Financial Services, and each PayPal USD token will be redeemable on a 1:1 basis for U.S. dollars. The company stated that the token is designed to reduce friction for in-experience payments in virtual environments; facilitate fast transfers of value; enable direct monetary flows to developers and creators; and foster expansion into digital assets. For more information, click here.
• On August 7, Chairman of the House Financial Services Committee Patrick McHenry (NC-10) issued a statement following PayPal’s announcement of its PayPal USD stablecoin. In the press release, McHenry lauded stablecoins as holding the promise to serve as “a pillar of our 21st century payment systems,” and emphasized the need for clear regulations and robust consumer protection in the industry. For more information, click here.
• On August 4, the Cato Institute and Mackinac Center for Public Policy filed a lawsuit in the U.S. District Court for the Eastern District of Michigan against U.S. Department of Education targeting the Biden administration’s efforts to credit borrowers participating in the Public Service Loan Forgiveness (PSLF) plan and Income-Driven Repayment (IDR) plan by providing credit for periods when loans were in forbearance or deferment, which would affect more than 804,000 borrowers, forgiving approximately $39 billion in loan payments. For more information, click here.
• On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the U.S. Department of Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. For more information, click here.
• On July 31, Figure Technologies, Inc., a fintech company seeking to provide home-equity loans and financial services on its Provenance blockchain platform, withdrew its application to the OCC for a national bank charter. The company’s withdrawal ends a turbulent, three-year application process complicated by regulatory scrutiny of the digital asset industry. The company initially sought the charter as a means to streamline about 200 state licenses it maintained for financial activity across the U.S. In 2022, Figure agreed to rework its banking plan by agreeing to seek federal deposit insurance. However, Figure withdrew its application before any additional steps could be taken, stating the reason was to focus on “other areas of growth with a broad set of established bank partners.” For more information, click here.

State Activities:

• On August 9, New York Governor Kathy Hochul announced a statewide cybersecurity strategy designed to protect the state’s digital infrastructure from cyber threats. Among other things, the strategy sets forth several high-level objectives for cybersecurity across the state, clarifies agency roles and responsibilities, explains how existing and planned initiatives will integrate into a unified approach, and reaffirms the state’s commitment to providing services, advice, and assistance to county and local governments. Additionally, the strategy provides a cyber risk mitigation roadmap for public and private stakeholders. The strategy is backed by a $600 million commitment to bolster cybersecurity throughout the state. For more information, click here.
• On August 9, Attorney General (AG) Rob Bonta joined a coalition of 44 AGs to express his support for the Governing Unaccredited Representatives Defrauding VA Benefits act (GUARD), which was designed by Congress to protect veterans from financial exploitation. GUARD, which is comprised of H.R. 1139 and S. 740, would reinstate criminal penalties for unaccredited claims representatives who charge unauthorized fees for purportedly assisting veterans with filing claims to obtain benefits through the Department of Veterans affairs. The nation has seen an influx in recent years of claims representatives targeting veterans, oftentimes charging them up to five times the amount of the veteran’s retroactive benefits for certain services. Naturally, GUARD has received widespread support from various veterans’ organizations. For more information, click here.
• On August 9, District of Columbia AG Brian Schwalb issued a supplemental business advisory to follow up on the AG’s previous consumer alerts regarding restaurants’ obligations to adequately disclose fees to consumers. Amid increasing confusion amongst consumers, the AG issued this guidance to assist restaurant owners in complying with the District’s Consumer Protection Practices Act (CPPA). District restaurants are permitted under current law to charge service fees or other surcharges; however, such charges can violate the CPPA if they are not timely, prominently, and clearly disclosed to diners before they place their orders. For more information, click here.
• On August 1, B25-0357 was signed by Mayor Muriel Bowser (D). The bill allows consumers to request that credit reporting agencies include a statement with their credit reports to indicate they were financially impacted by the COVID-19 pandemic. The bill also prohibits users of credit reports from considering adverse information that was the result of the consumer’s action or inaction during the COVID-19 public health emergency. In the District of Columbia, emergency legislation goes into effect immediately on signature by the mayor and is in effect for no longer than 90 days. A temporary amendment, B25-0358, of similar effect also passed its first reading in the council in July by a vote of 12-0. Temporary legislation becomes effective after it is signed by the mayor and a subsequent 30-day congressional review period. For more information, click here.
• On July 27, B25-0363, the Foreclosure Moratorium and Homeowner Assistance Fund Coordination Emergency Amendment Act of 2023, was signed by Mayor Muriel Bowser (D). Among other things, the bill:
  • Preserves and continues foreclosure protections for homeowners who applied for funding from the DC Homeowner Assistance Fund program before September 30, 2022, and whose applications remain under review, pending approval, pending payment, or under appeal;
  • Permits mortgage lenders, etc., beginning on July 25, 2022, to send notices to warn of intention to initiate or continue foreclosure actions; and
  • Requires all foreclosure notices sent after October 1, 2022, to, among other things, inform the homeowner of the DC Homeowner Assistance Fund program and the program’s potential ability to cure eligible housing debts, including the specific type of debt or debts owed to the entity sending the notice.

In the District of Columbia, emergency legislation goes into effect immediately on signature by the mayor and is in effect for no longer than 90 days. A temporary amendment, B25-0364, also passed its first reading in the council by a vote of 12-0. (Councilmember Vincent Gray (D) was absent for the vote.) Temporary legislation becomes effective after it is signed by the mayor and a subsequent 30-day congressional review period. For more information, click here.