To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week:

Federal Activities

State Activities

Federal Activities:

• On May 20, the Consumer Financial Protection Bureau (CFPB) took action against Western Benefits Group for allegedly charging illegal advance fees for student loan debt relief services and misrepresenting to consumers that advance fees would go toward paying down their loans. The CFPB is ordering Western Benefits to permanently cease operations and pay a $400,000 penalty to be deposited in the CFPB’s victims relief fund. The order also rescinds all existing agreements with consumers. For more information, click here.
• On May 20, federal prosecutors announced that Brooklyn, New York resident Thomas John Sfraga admitted to running a million-dollar cryptocurrency and real estate scam, partially through a fictitious company named Vandelay Contracting Corp. Sfraga, who faces up to 20 years in prison and may have to return $1.33 million he stole from investors, pleaded guilty to wire fraud. He allegedly solicited funds for various real estate businesses and cryptocurrency investment opportunities, posing as an entrepreneur named T.J. Stone. Sfraga reportedly convinced 14 victims to invest or loan him funds for fraudulent investments, including a large-scale construction project that was a hoax. For more information, click here.
• On May 17, the CFPB sued the online lending platform SoLo Funds for allegedly deceiving borrowers about the total cost of loans. The CFPB is seeking, among other things, injunctions against SoLo to prevent future violations, monetary relief for borrowers, forfeiture of ill-gotten gains, and a civil money penalty. For more information, click here.
• On May 17, the CFPB announced that it is extending compliance deadlines for the small business lending rule. After the CFPB issued this rule on March 30, 2023, the CFPB now plans to issue an interim final rule to extend compliance deadlines. For more information, click here.
• On May 17, Chinese citizens Daren Li and Yicheng Zhang were arrested on charges of orchestrating a money laundering operation linked to ‘pig butchering’ cryptocurrency schemes. The operation allegedly processed over $73 million in stolen funds. The duo is accused of managing a global network that funneled money from victims through U.S. bank accounts to Deltec Bank in the Bahamas, and then to cryptocurrency wallets. Li, a dual citizen of China and St. Kitts and Nevis, was arrested in Atlanta, while Zhang, a resident of Temple City, California, pleaded not guilty at his arraignment. For more information, click here.
• On May 17, luxury fashion brand Dolce & Gabbana was sued in a shareholder class action in New York federal court. The plaintiff, Luke Brown, alleged that the company sold consumers “essentially worthless” non-fungible tokens (NFTs) that it misrepresented as high-value, and then abandoned the project while retaining over $25 million that was used to fund it. According to the complaint, Dolce & Gabbana and NFT marketplace UNXD Inc., also a defendant, jointly created and marketed a digital asset project in 2022 called the DGFamily, based on the Dolce & Gabbana brand. Brown claimed that the defendants failed to provide the complete set of benefits promised to him and other customers. After selling the NFTs, the defendants allegedly transferred millions of dollars worth of customers’ cryptocurrency to their own wallets and then abandoned the project. Brown, who invested $6,000 in DGFamily products and lost $5,800 due to the defendants’ alleged misconduct, seeks damages, civil penalties, and attorney fees. For more information, click here.
• On May 17, the Federal Reserve Board (Board) announced its denial of two rulemaking petitions due to legal and policy considerations. The first petition asked the Board to develop a framework requiring Board-supervised firms to disclose promised financial commitments to certain corporate initiatives, and the second asked for revisions to the Uniform Financial Institution Rating System framework and adjustments to the framework for financial holding company eligibility. For more information, click here.
• On May 16, the U.S. Supreme Court, in a 7-2 decision, rejected an argument by payday lenders that Congress’s decision to insulate the CFPB from the annual budget process violated the Constitution’s clause about appropriations of federal money. CFPB Director Rohit Chopra commented that, “The court’s ruling makes crystal clear the CFPB is here to stay,” For more information, click here.
• On May 16, the Crypto Council for Innovation, a coalition of digital assets organizations and companies, including Coinbase, Kraken, Andreessen Horowitz, and the Digital Currency Group, among others, wrote a letter to House leaders advocating for the passage of the Financial Innovation and Technology for the 21st Century Act (FIT21). The FIT21 bill would designate the Commodity Futures Trading Commission (CFTC) as a leading regulator of digital assets, establish consumer protections, and set up guardrails against risky behavior. The crypto industry believes that passing this legislation would accelerate the growth of blockchain technology and digital assets, fostering financial inclusion and protecting national security. For more information, click here.
• On May 16, CoinDesk reported that the U.S. Senate voted to overturn the Securities and Exchange Commission’s (SEC) crypto policy known as Staff Accounting Bulletin No. 121 (SAB 121), testing President Joe Biden’s threat to veto the resolution. The Senate voted 60-38 on the effort to overturn the policy, with a dozen Democrats voting alongside a majority of Republicans in favor of the resolution. Issued by the SEC in 2022, SAB 121 held that a company keeping a customer’s cryptocurrencies should record them on its own balance sheet, which could have major capital implications for banks working with crypto clients. Republican lawmakers criticized the SEC for instituting a policy without going through the necessary rule process, and the Government Accountability Office agreed, finding that the regulator erred in how it handled what should have been a rule instead of staff guidance. For more information, click here.
• On May 14, the Federal Trade Commission (FTC) issued a notification that an amendment to the FTC’s Gramm-Leach Bliley Safeguards Rule that requires covered companies to report certain data breaches and other security events to the FTC is now in effect. For more information, click here.
• On May 13, the U.S. Department of Housing and Urban Development (HUD) announced that it has entered into a conciliation agreement with Rocket Mortgage, LLC resolving allegations that Rocket Mortgage denied a mortgage loan application based on race because the home being purchased was located within the Tribal boundaries of a federally recognized reservation. For more information, click here.
• On May 13, the Board and the CFPB jointly adjusted for inflation dollar amounts relating to the availability of customer funds. These changes in Regulation CC include the minimum amount of deposited funds that banks must make available for withdrawal by opening of business on the next day for certain check deposits as well as the amount of funds deposited by certain checks in a new account that are subject to next-day availability. For more information, click here.
• On May 13, President Joe Biden ordered MineOne Partners Ltd., a company partially owned by Chinese nationals, to divest portions of its property near F.E. Warren Air Force Base in Wyoming. The order followed a public tip and a finding by the Committee on Foreign Investment in the United States (CFIUS) that the cryptocurrency mining operation on the property posed a national security risk. The property, located within a mile of the Air Force missile base, was purchased by MineOne Partners in June 2022. The company made improvements to the property to facilitate cryptocurrency mining. CFIUS, which routinely reviews real estate transactions near Air Force bases, had not received a filing from MineOne Partners when the property was purchased. The White House stated that the proximity of the foreign-owned facility to the missile base and the presence of specialized foreign-sourced equipment presented a significant national security risk. For more information, click here.
• On May 13, Seychelles-incorporated Falcon Labs Ltd. agreed to pay nearly $1.8 million in penalties and disgorgement to settle CFTC allegations that it failed to register as a futures commission merchant. This marked a first-of-its-kind action involving digital asset exchanges. The CFTC ordered Falcon Labs to pay nearly $1.2 million in disgorgement and a nearly $600,000 civil penalty. The civil penalty, which was half of the disgorgement sum, was reduced due to Falcon’s substantial cooperation. The CFTC claimed that for nearly a year and a half, Falcon had offered or accepted orders for digital asset derivatives from U.S.-based customers, acting as an intermediary to facilitate their trading on certain digital asset exchanges. Falcon’s disgorgement obligations reflect the CFTC’s estimate that it collected nearly $1.2 million in fees from its customers for serving as an intermediary. For more information, click here.
• On May 10, the Financial Stability Oversight Council (Council) released its Report on Nonbank Mortgage Servicing. The report documents the growth of the nonbank mortgage servicing sector and the critical roles that nonbank mortgage servicers play in the mortgage market. It identifies certain key vulnerabilities that can impair servicers’ ability to carry out these critical functions and describes how these vulnerabilities could amplify shocks to the mortgage market and pose risks to financial stability. The report includes the Council’s recommendations to enhance the resilience of the nonbank mortgage servicing sector, drawing on existing authorities of state and federal regulators and also encouraging Congress to act to address the identified risks. The report was drafted by Council member agencies in coordination with the Government National Mortgage Association (Ginnie Mae). For more information, click here.

State Activities:

• On May 16, a New York state jury convicted Robert Taylor, the operator of a network of unlicensed bitcoin ATMs, on charges of operating an unlicensed money transmitter and tax fraud. Taylor’s business, primarily based in New York City laundromats, had converted over $5.6 million for customers between 2017 and 2018, generating more than $1 million in fees that went unreported. The jury found Taylor guilty on all seven counts, which included three counts of operating an unlicensed money transmission business, two counts of criminal tax fraud, and two counts of offering a false instrument of filing. Taylor’s operation, which extended to New Jersey and Miami, had not obtained a money transmission license or the BitLicense required under New York State regulations. Despite his business earning over $1 million in fees, Taylor had only reported a $3,000 income on his 2017 tax returns and a loss of $140,000 on his 2018 returns. For more information, click here.
• On May 13, the New York Department of Financial Services (DFS) released a letter providing guidance to licensed entities about its Cybersecurity Program Template. An existing DFS regulation (23 NYCRR Part 500) requires covered entities to maintain a cybersecurity program designed to identify and assess cybersecurity risks, among other things. DFS developed the template to assist regulated entities with creating a cybersecurity program that meets the state’s regulatory requirements for such programs. For more information, click here.
• On May 13, Oklahoma passed a groundbreaking bill, OKHB3594, protecting residents’ right to self-custody digital assets. Signed into law by Governor Kevin Stitt, the bill bans any restrictions on the use or self-custody of digital assets using self-hosted or hardware wallets. It also permits home and industrial crypto mining, provided local noise ordinances are adhered to. The law, which will take effect on November 1, 2024, was hailed as a significant step in protecting “fundamental bitcoin rights” by Satoshi Act Fund CEO Dennis Porter. For more information, click here.
• On May 9, Maryland Governor Wes Moore approved SB 571. The bill will require covered entities to complete a data impact assessment if they offer an online product that is reasonably likely to be accessed by children. The bill also requires certain privacy protections for some online products and prohibits the collection and sharing of certain data. The bill also allows for certain monitoring practices that will enable a parent to monitor a child’s activity or location without signaling to the child that such information is being shared with the parent. The bill takes effect October 1, 2024. For more information, click here.
• On May 9, Connecticut Governor Ned Lamont signed a bill into law that will prohibit health care providers and hospitals from reporting a patient’s medical debt to credit rating agencies. The bill also voids any medical debt that is reported to such agencies. For more information, click here.
• On May 8, the Colorado legislature passed the Colorado Artificial Intelligence Act (SB 205). If enacted, the bill would require developers of “high-risk” artificial intelligence systems to use reasonable care to avoid algorithmic discrimination. The bill creates a rebuttable presumption in favor of the developer if the developer complies with certain other provisions of the bill. Those provisions include, among others: (a) providing a statement disclosing specified information about the system to a deployer; (b) furnishing information and documentation to a deployer that would enable completion of an impact assessment; and (c) issuing a publicly available statement that summarizes the types of high-risk systems the developer has created or substantially and intentionally modified, along with information about how the developer manages risk of algorithmic discrimination. For more information, click here.