To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Federal Activities:

• On July 21, the Chairman of the U.S. House Financial Services Committee (FSC) Patrick McHenry (NC-R) announced the markup of legislation to provide clarity for the digital asset ecosystem. The FSC will meet on July 26 to markup H.R. 4763, the Financial Innovation and Technology for the 21st Century Act; H.R. 4766, the Clarity for Payment Stablecoins Act of 2023; and H.R. 1747, the Blockchain Regulatory Certainty Act, among others. The related memorandum states that H.R. 4763 establishes a digital asset market structure framework appropriate for the unique characteristics of digital assets, H.R. 4766 provides a clear regulatory framework for the issuance of payment stablecoins that are designed to be used as a means of payment, and H.R. 1747 provides blockchain developers and service providers with a safe harbor from licensing and registration, as long as they do not exercise control over digital assets. For more information, click here.
• On July 21, the Banque de France published a second report to share lessons learned from its wholesale Central Bank Digital Currency (CBDC) experiments using distributed ledger technologies (DLT). The report stated that these experiments showed the operational feasibility and practical implementation of the three models it has conceptualized for issuing CBDCs directly on the DLT: (1) the interoperability model, (2) the distribution model, and (3) the integration model. For more information, click here.
• On July 20, the Consumer Financial Protection Bureau (CFPB) published a report highlighting the risks employer-driven debt poses to workers. For more information, click here.
• On July 20, a Kentucky federal judge dismissed crypto-nonprofit Coin Center’s suit, challenging a forthcoming tax reporting requirement requiring firms to report the personal information of individuals transacting in amounts greater than $10,000. The suit, which was also brought by Raymond Walsh, his crypto-mining company, Quiet Industries Corp., and attorney Dan Carman, named the U.S. Department of the Treasury, the U.S. Department of Justice, the IRS, and their leadership. The plaintiffs argued that a reporting requirement would enable the government to identify both parties in a transaction when coupled with public information on the blockchain, which infringes upon their right to keep information not subject to the disclosure private, and violating constitutional rights to privacy. The suit was dismissed as premature because the rule has not yet taken effect. For more information, click here.
• On July 19, the Federal Trade Commission (FTC) sought comment on an application from the Entertainment Software Rating Board (ESRB) and others for a new mechanism for obtaining parental consent under the Children’s Online Privacy Protection Act Rule (COPPA). Under the COPPA Rule, online sites and services directed to children under 13 must obtain parental consent before collecting or using personal information from a child. The rule lays out several acceptable methods for gaining parental consent but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the FTC for approval. For more information, click here.
• On July 19, the White House released a fact sheet announcing that the Biden administration is cracking down on so-called “junk fees” in rental housing to lower costs for renters. The fact sheet noted that major rental housing platforms and several states joined the president’s effort to crack down on rental housing junk fees for consumers and increase transparency. The fact sheet explained that hidden fees increase the costs consumers pay — studies have found that consumers pay upward of 20% extra when the actual price of the product or service is not disclosed upfront. The fact sheet further explained that by providing the true costs of rent, people can make an informed decision about where to live and not be surprised by additional costs that push them over budget. For more information, click here.
• On July 19, in an effort to prevent money laundering and stop crypto-facilitated crime and sanctions violations, a group of U.S. senators introduced new, bipartisan legislation requiring decentralized finance (DeFi) services to meet the same anti-money laundering (AML) and economic sanctions compliance obligations as other financial companies, including centralized crypto trading platforms, casinos, and even pawn shops. The legislation also aims to modernize key Treasury Department AML authorities and set new requirements to ensure that “crypto kiosks” don’t become a vector for laundering the proceeds of illicit activities. For more information, click here.

State Activities:

• On July 20, the Washington Attorney General (AG) published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act. The My Health My Data Act (HB 1155) passed the Washington State Legislature on April 17, and was signed into law by Governor Jay Inslee on April 27. The FAQs included information on the law’s effective dates and applicability. For more information click here.
• On July 20, the Vermont Department of Financial Regulation (DFR) issued an investor alert highlighting the increasing risks associated with cryptocurrency investments on social media platforms and urging the public to exercise extreme caution. For more information click here.
• On July 18, the New York Department of Financial Services issued a letter to all regulated auto lenders and auto loan servicers regarding consumer rebates for cancelled ancillary products. In its opening, the letter highlights the fact that certain regulated auto lenders and auto loan servicers have failed to credit rebates to consumers whose vehicles were stolen or deemed a total loss. Citing a need to protect consumers from unfair, deceptive, and abusive acts and practices, the letter instructs institutions to calculate, obtain, and credit rebates from the cancellation of ancillary products in every case in which the consumers are entitled to such rebates. During its examinations, the department found that certain institutions failed to obtain, properly calculate, and credit consumer accounts for the portion of unused products, like extended warranties, vehicle service contracts, and guaranteed asset protection, when the consumer’s automobile is a total loss or is repossessed. The letter also outlined the reasons the department believes such practices are unfair and deceptive. For more information, click here.
• On July 18, Oregon Governor Tina Kotek signed SB 619 into law, a bill related to protections for the personal data of consumers. The act creates several new provisions and amends Section 180.095, previous version. This enactment makes Oregon the 11th state to implement such privacy measures for its consumers. The act applies to “any person that conducts business in [the] state, or that provides products or services to residents of [the] state” and (1) controls or processes certain personal data of 100,000 or more consumers during a calendar year, or (2) controls or processes the personal data of 25,000 or more consumers during a calendar year, while deriving 25%or more of the person’s annual gross revenue from selling personal data. For more information, click here.
• On July 14, California AG Rob Bonta announced an investigative sweep, through inquiry letters sent to large California employers requesting information on the companies’ compliance with the California Consumer Privacy Act (CCPA) with respect to the personal information of employees and job applicants. Effective January 1, covered businesses must also comply with the CCPA’s robust privacy protections as it relates to employee data. Businesses subject to the CCPA have specific legal obligations, such as providing notice of privacy practices and fulfilling consumer requests to exercise their rights to access, delete, and opt out of the sale and sharing of personal information. For more information, click here.
• The Washington Office of the AG published several FAQs to offer guidance related to the state’s My Health My Data Act. Certain provisions of the act, which passed in the legislature on April 17, went into effect on July 23. The act is the first law in the nation to protect personal health data not covered by the Health Insurance Portability and Accountability Act (HIPAA). Under the law, certain entities are required to follow specific requirements about how and when they may collect and share personal health data. The FAQs address topics such as the act’s effective dates and the AG’s role in enforcing the act. Additionally, the FAQs address the applicability of the act to businesses organized under the laws of other states that store data in the State of Washington. The FAQs also address how regulated entities may comply with sections 6 and 9 of the act, which appear to be in conflict with each other. For more information, click here.