To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Federal Activities:

• On May 4, the Consumer Financial Protection Bureau (CFPB) published a report on high-cost specialty financial products, such as medical credit cards, sold to patients as a way to alleviate the growing costs of medical care. For more information, click here.
• On May 4, the White House published technology standard document “United States Government National Standards Strategy for Critical and Emerging Technology.” According to the White House, “The United States will prioritize efforts for standards development for a subset of [critical and emerging technology (CET)] that are essential for U.S. competitiveness and national security … .” Among other things, these CET include digital identity infrastructure and distributed ledger technologies. For more information, click here.
• On May 3, the Securities and Exchange Commission (SEC) published a final ruling on changes made to the Form PF. The ruling stated that the SEC was still assessing a proposed definition for the term “digital asset.” In the original proposal, the SEC defined “digital asset” as an asset issued and/or transferred using distributed ledger or blockchain technology (distributed ledger technology), including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.” For more information, click here.
• On May 2, the White House published a blog post, titled “The DAME Tax: Making Cryptominers Pay for Cost They Impose on Others.” The acronym “DAME” refers to digital asset mining energy, and the White House’s blog post expands upon a proposed excise tax, which the White House included in its FY 2024 budget proposal, indicating that the White House seeks to impose on “[a]ny firm using computing resources, whether owned by the firm or leased from others, to mine digital assets … .” For the first year after the effective date of the proposal, these firms would be subject to an excise tax of 10% of the costs of electricity they use in digital asset mining. The excise tax would then increase to 20% in the second year, and it would reach its maximum of 30% in year three. If adopted, the proposal would become effective for taxable years beginning after December 31, 2023. The White House estimates that the DAME tax will raise $3.5 billion in revenue over 10 years. For more information about the White House’s blog post, click here. For more information about the White House’s FY 2024 budget proposal, click here.
• On May 2, the Federal Housing Administration published Mortgagee Letter 2023-09 to implement provisions of the Adjustable-Rate Mortgages (ARM): Transitioning from LIBOR to Alternative Indices final rule. The final rule replaces LIBOR with the secured overnight financing rate (SOFR) as the approved index for newly originated forward ARMs and codifies HUD’s approval of SOFR as an index for newly originated home equity conversion mortgages ARMs. For more information, click here.
• On May 1, the CFPB proposed a rule to implement a congressional mandate to establish consumer protections for residential property assessed clean energy (PACE) loans. PACE loans, secured by a property tax lien on the borrower’s home, are often promoted as a way to finance clean energy improvements, such as solar panels. The proposed rule would require lenders to assess a borrower’s ability to repay a PACE loan and would provide a framework for how these loans will be treated under the Truth in Lending Act. For more information, click here.
• On May 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement with Poloniex LLC (Poloniex), a cryptocurrency exchange previously known as Poloniex, Inc. For apparent violations of OFAC sanctions programs totaling 65,942, Poloniex agreed to remit $7,591,630 to OFAC to resolve its potential civil liability. According to OFAC, between approximately July 28, 2015 and September 2, 2019, Poloniex processed 65,942 online digital asset-related transactions with a combined value of approximately $15,335,349 for 232 customers apparently located in sanctioned jurisdictions, including Crimea, Cuba, Iran, Sudan, and Syria. For more information, click here.
• On May 1, the Federal Trade Commission (FTC) announced a permanent ban from debt relief telemarketing for operators of debt relief scam. The FTC charged the defendants with taking tens of millions of dollars from people by falsely promising to eliminate or substantially reduce their credit card debt. For more information, click here.
• On April 28, the SEC announced settled charges against Coinme, Inc., its subsidiary Up, Global SEZC, and the CEO of both entities for conducting unregistered offers and sales of securities in the form of a crypto-asset called “UpToken,” as well as for making false and misleading statements concerning the demand for UpToken and the amount raised in the offering. For more information, click here.
• On April 26, both the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation issued separate advisories, warning against the risks associated with overdraft fees, particularly those associated with “Authorize Positive, Settle Negative” transactions. For more information, click here.
• On April 25, the U.S. Department of the Treasury issued the 2023 De-Risking Strategy, as mandated by Congress in the Anti-Money Laundering Act of 2020. The first of its kind, the strategy examines the phenomenon of financial institutions de-risking and its causes, and it identifies those greatest impacted. It also offers recommended policy options to combat it. For more information, click here.
• On April 25, the Federal Bureau of Investigation, with assistance from the Virtual Currency Response Team, the Cyber Police Department and Main Investigation Departments of the National Police of Ukraine, and the Prosecutor General’s Office of Ukraine seized websites that allegedly offered virtual currency exchange services to individuals for illegal activities. For more information, click here.

State Activities:

• On May 5, New York Attorney General Letitia James proposed “the strongest and most comprehensive set of regulations on cryptocurrency in the nation” through what James deems as the Crypto Regulation, Protection, Transparency, Oversight (CRPTO) Act. According to the press release, the proposed legislation is three-fold:
  1. Eliminate Conflicts of Interests. Among other things, the bill would prohibit digital asset firms from borrowing or lending customer assets and prohibit investment advisers from maintaining custody of customer assets under certain circumstances.
  2. Increase Transparency Through Public Financial Disclosures. The bill would require digital asset firms to publish and distribute a prospectus that includes material information related to the firm’s business, financial condition, results of operations, risk factors, and conflicts of interests.
  3. Strengthen Retail (Consumer) Investor Protections. The bill would codify KYC provisions and require digital asset firms to monitor their customers’ transaction activity and prohibit crypto firms from engaging in business with firms that refuse to comply with the proposed KYC provisions.

Furthermore, the bill would ban the use of the term “stablecoin” to describe or market digital assets, unless those assets are backed one-to-one with U.S. currency or high-quality liquid assets as defined by federal law. For more information about Attorney General James’ press release, click here. For more information about the CRPTO Act, click here.

• On May 4, Colorado Governor Jared Polis signed SB93 into law. Among other things, the bill: (1) caps the rate of interest on medical debt to 3% per annum; (2) requires a debt collector or collection agency collecting on a medical debt to provide the consumer, upon the consumer’s written or oral request, an itemized statement concerning the debt, while allowing the consumer to dispute the validity of the debt after receipt of the itemized statement; (3) establishes requirements relating to payment plans for medical debt, including written documentation of the payment plan between the consumer and the creditor, debt collector, or debt collection agency; (4) prohibits collection on the debt during any appeal proceedings and prohibits reporting the debt to a consumer reporting agency until a certain amount of time after the payment plan becomes inoperative; (5) requires a debt collector or collection agency that files a legal action to collect medical debt to include an itemization of the charges, and prior to the entry of a default judgment against the creditor, provides evidence of the debt; and (6) requires a health care provider or health care facility to provide, upon request of a prospective patient, an estimate of the total cost of a health care service (service) to a person who intends to self-pay for the service (self-pay estimate). For more information, click here.
• On May 4, New York Attorney General Letitia James announced that consumers would begin receiving their share of a $141 million settlement with a well-known tax preparation company, following settlement of claims that the company engaged in predatory and deceptive marketing practices. The AG’s office reached the multistate settlement with the tax preparation company in 2022 on behalf of low-income taxpayers reportedly tricked into paying for tax services for tax years 2016, 2017, and 2018 that should have been free through the IRS Free File Program. Eligible consumers will be notified by mail and will receive a check without filing a claim. Most consumers are expected to receive between $29 and $30. For more information, click here.
• On May 2, Florida Attorney General Ashley Moody released a video announcement, highlighting consumer protection resources for seniors in recognition of National Older Americans Month and Elder Law Month. Moody expressed that “Florida is proud of its large senior population and the allure our state has on retires from across the country. We work hard to protect older Floridians and our stellar reputation as the place to live out the Golden Years.” Among other things, Moody underscored the (1) Senior Protection Team – an intra-agency group of experts who work together to fight fraud and assist seniors; (2) Seniors vs. Crime Program – a program that uses volunteer retired citizens to educate Floridians on consumer fraud and to assist in select consumer investigations; and (3) Scams at Glance Program – a program that provides low-tech resources to help older Floridians “stay one step ahead” of scammers. For more information, click here.
• On May 1, Oklahoma Governor Kevin Stitt approved HB1443. Among other things, the bill prohibits student loan servicers from: (1) directly or indirectly employing any scheme, device, or artifice to defraud or mislead student loan borrowers; (2) engaging in any unfair or deceptive practice toward any person or misrepresent or omit any material information involving the servicing of a student education loan, including, but not limited to, misrepresenting the amount, nature, or terms of any fee or payment due or claimed to be due on a student education loan, the terms and conditions of the loan agreement, or the borrower’s obligations under the loan; (3) incorrectly applying or failing to apply student education loan payments to the outstanding balance of a student education loan; (4) providing inaccurate information to a credit bureau, thereby harming a student loan borrower’s creditworthiness; or (5) failing to report both the favorable and unfavorable payment history of the student loan borrower to a nationally recognized consumer credit bureau at least annually if the student loan servicer regularly reports information to a credit bureau, except in the case of loan rehabilitation. HB1443 will go into effect on November 1. For more information, click here.
• On May 1, Washington Governor Jay Inslee signed HB1349, which, among other things: (1) provides that a borrower who has not been referred to mediation as of June 7, 2012 may only be referred to mediation after a notice of default has been issued but no later than 90 days prior to the date of sale listed in the notice of trustee’s sale; (2) provides that a borrower who has not been referred to mediation as of June 7, 2012 and who has had a notice of sale recorded may only be referred to mediation if the referral is made at least 90 days prior to the date of sale listed in the notice of trustee’s sale; (3) provides documentation requirements to demonstrate the ownership interest of the claimant in the real property; and (4) places certain requirements before a foreclosure proceeding, including providing a consumer, 90 days prior to the date of sale listed in the notice of trustee’s sale with a notice of default. HB1349 will take effect on July 23. For more information, click here.
• On May 1, Indiana joined California, Virginia, Colorado, Connecticut, Utah, and Iowa to become the seventh state to enact a “comprehensive” data privacy law. Governor Eric Holcomb signed SB-5, known as the Indiana Consumer Data Protection Act (INCDPA), which takes a generally more business-friendly approach to data privacy, limiting, for example, where instances of disclosure of personal data require opt-in consent. The INCDPA applies to a person that conducts business within the state or produces products or services targeted to the state’s residents and that during a calendar year: (1) controls or processes personal data of at least 100,000 consumers who are Indiana residents; or (2) controls or processes personal data of at least 25,000 consumers who are Indiana residents and derives more than 50% of gross revenue from the sale of personal data. The INCDPA also recognizes a distinction between controller (an entity that determines the purpose and means of processing personal data) and a processor (an entity that processes personal data on behalf of a controller). Under the law, a processor is obligated to adhere to a controller’s instructions and a contract between the two must include:
  1. Confidentiality of personal data;
  2. Deletion or return of personal data when the agreement terminates;
  3. Proof of compliance with the INCDPA upon request;
  4. Cooperation with data protection impact assessments; and
  5. Use of subcontractors that are subject to the same privacy requirements as processors.

Additionally, the INCDPA grants consumers the rights to, among other things, (1) confirm whether a controller is processing the consumer’s personal data and access to such data (subject to certain limitations); (2) correct inaccuracies in the consumer’s personal data that the consumer previously provided to a controller; (3) to delete personal data provided by or obtained about the consumer; (4) to obtain a copy or summary of the consumer’s information provided to a controller; and (5) to opt out of the processing the consumer’s personal data for purposes of targeted ads, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. For more information, click here.