Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

• On March 31, the U.S. Supreme Court significantly limited the jurisdiction of federal courts to confirm or vacate arbitral awards under Sections 9 and 10 of the Federal Arbitration Act (FAA) in Badgerow v. Walters. The Court confirmed its prior rulings that the FAA itself does not create subject matter jurisdiction and held that a federal court must have an “independent jurisdictional basis” to confirm or vacate an award. The impact of the ruling is significant and will result in parties turning to state courts to confirm arbitral awards in ostensible federal question cases. For more information, click here.

• On March 31, Rep. Trey Hollingsworth (R-IN) and Sen. Bill Hagerty (R-TN), introduced the Stablecoin Transparency Act (S. 3970 and H.R. 7328) in both the House of Representatives and the Senate. The bill requires stablecoins to be backed by government securities with maturities less than 12 months or domestic dollars, while requiring stablecoin issuers to publicly release audited reports of reserves executed by third-party auditors. For more information, click here.

• On March 30, the Consumer Financial Protection Bureau (CFPB) sanctioned Edfinancial for deceiving student loan borrowers about their eligibility for Public Service Loan Forgiveness, and the steps they could have taken to obtain loan cancellation. Edfinancial made a series of deceptive statements to borrowers about loan cancellation for public service, including falsely telling borrowers with FFELP loans that they could not qualify for the program. For more information, click here.

• On March 29, the CFPB issued a report, showing that credit card issuers charged $12 billion in late fees in 2020. Late fee penalties are charged in addition to interest when a cardholder does not make the minimum payment by the due date. For more information, click here.

• On March 28, Representative Stephen Lynch (D-MA), along with co-sponsors Jesús G. García (D-IL), Rashida Tlaib (D-MI), Ayanna Pressley (D-MA), and Alma Adams (D-NC), introduced H.R. 7231, the Electronic Currency and Secure Hardware Act (ECASH Act). The bill would direct the U.S. Treasury secretary to develop and issue a digital analogue to the U.S. dollar, or “e-cash,” intended to “replicate and preserve the privacy, anonymity-respecting, and minimal transactional data-generating properties of physical currency instruments such as coins and notes to the greatest extent technically and practically possible,” all without requiring a bank account. For more information, click here.

• On March 24, the Department of Justice (DOJ) announced that it charged two individuals in non-fungible token (NFT) fraud and money laundering related to purchasers of NFTs advertised as “Frosties.” According to a DOJ press release, “[r]ather than providing the benefits advertised to Frosties NFT purchasers, [defendants] transferred the cryptocurrency proceeds of the scheme to various cryptocurrency wallets under their control.” U.S. Attorney for the Southern District of New York Damian Williams said the defendants “promised investors the benefits of the Frosties NFTs, but when it sold out, they pulled the rug out from under the victims, almost immediately shutting down the website and transferring the money.” For more information, click here.

• On March 23, the CFPB Director Rohit Chopra issued a statement regarding the final report of the Interagency Task Force on Property Appraisal and Valuation Equity (PAVE). For more information, click here.

State Activities:

• On March 31, California Attorney General Rob Bonta filed an amicus brief “in defense of state laws protecting consumers from false and misleading advertising” in the Ninth Circuit Court of Appeals case of Moreno v. Vi-Jon. The case purportedly centers around false advertising related to claims made on the front and back labels of hand sanitizer that allegedly misstate the effectiveness of the product against common, harmful viruses and bacteria. According to the press release, the district court dismissed “the case, finding both that [the plaintiff] should have known that [the defendant’s] claims were untrue, and that [the plaintiff] lacked standing to even pursue the litigation.” The attorney general’s office argued that the court erred in dismissing the case as economic injury from deceptive advertising should be sufficient to establish standing. For more information, click here.

• On March 29, Virginia Attorney General Jason Miyares joined 20 other states in a multistate action against the Center for Disease Control and Prevention’s (CDC) use of a mask mandate for public transportation. According to the press release, “the CDC’s unlawful mask mandate exceeds the agency’s authority by not authorizing economy-wide measures.” Attorney General Miyares stated, “The CDC’s mask mandate on public transportation, like air travel, is scientifically unnecessary at this stage of the pandemic. Not only are the CDC’s mask mandates for public transportation an example of federal overreach, but they are outdated as states across the country have lifted mask mandates in other aspects of daily life.” For more information, click here.

• On March 29, New York Attorney General Letitia James sent letters to the largest credit card companies and major debt collectors operating in New York, warning those companies of new state regulations that prevent them from suing consumers for old debts. According to the press release, the Consumer Credit Fairness Act of 2021 “will go into effect next month and reduces the statute of limitations for consumer debt collection from six years to three years.” The act also mirrors many of the regulations promulgated in Regulation F by the CFPB. For more information, click here.

• On March 24, Manhattan District Attorney Alvin L. Bragg, Jr. announced the indictment of an individual for “operating a global money laundering business that enabled at least 7 clients, who engaged in a wide-range of criminal activity, to use Bitcoin anonymously to hide and obscure their illegal proceeds,” which involved the individual “convert[ing] more than $2.3 million into Bitcoin and more than $380,000 worth of Bitcoin into U.S. dollars, using a rotating set of accomplices … to open bank and cryptocurrency exchange accounts to launder criminal proceeds.” For more information, click here.

• On March 15, the D.C. Council of the District of Columbia Committee of the Whole met in a full hearing, in part to hear amendments introduced to B24-0357 — the Protecting Consumers from Unjust Debt Collection Practices Amendment Act of 2021. Raised in July 2021 as a trio of legislation, B24-0357, Emergency B24-0347, and Temporary B24-0348 address debt collection in the district during the pandemic. All three affect debt collection in D.C.; legislation such as this is often introduced as a series of emergency, temporary, and permanent bills. B24-0357 is the permanent version of the Protecting Consumers legislation. For more information, click here.

Privacy and Cybersecurity Activities:

• On March 29 and 30, the California Privacy Protection Agency (CPPA) held pre-rulemaking “informational sessions” regarding the California Privacy Rights Act (CPRA). In addition to rulemaking, the CPPA handles the future implementation and enforcement of the CPRA. Last week’s sessions included 10 “informational presentations” given by experts from government and academia, covering various topics, such as dark patterns, automated decision-making, and cybersecurity audits. These sessions intend to help the CPPA and general public understand various topics relevant to the CPRA rulemaking process and will be followed by “stakeholder sessions” later this month. For more information, click here.

• On March 29, the Office of the Comptroller of the Currency (OCC) issued a bulletin aimed at ensuring that OCC-regulated entities use the appropriate “designated points of contact” when complying with the Computer-Security Incident Notification: Final Rule (OCC Bulletin 2021-55). This rule requires that banking organizations notify their federal regulator “no later than 36 hours after the banking organization determines that a notification incident has occurred.” Under the bulletin, OCC-regulated entities may carry out this notification by contacting their supervisory office, submitting a notification via the BankNet website (available here), or contacting the BankNet help desk. A similar release published by the Federal Deposit Insurance Company (FDIC) is available here, and our summary and analysis of the interagency final rule is available here.