Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums. You may access this interactive tool at https://covid19.troutman.com/.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On July 1, the Consumer Financial Protection Bureau (CFPB or Bureau) released a new complaint bulletin covering several areas of concern on relief provided in response to the COVID-19 pandemic, including the Centers for Disease Control and Prevention (CDC) eviction moratorium. Some consumers reported facing homelessness because of the negative impact of an eviction on their credit history reported by debt collectors. The CFPB also received alleged consumer claims of being deprived of the full benefit of economic impact payments as a result of overdraft practices at some financial institutions, as well as the bulleting claims that not all student loan borrowers could obtain the timely information and assistance needed from their student loan servicer to receive the full benefit of the variety of federal loan forgiveness, cancellation, and discharge programs offered through the CARES Act. For more information, click here.
- On July 1, the CFPB released an enforcement compliance bulletin reminding landlords, consumer reporting agencies, and others of their critical obligations to accurately report rental and eviction information. For more information, click here.
- On July 1, the Federal Reserve announced that it will soon release a new tool to help community banks implement the “Current Expected Credit Losses” (CECL) accounting standard. Known as the “Scaled CECL Allowance for Losses Estimator,” the spreadsheet-based tool draws on publicly available regulatory and industry data to aid community banks with assets of less than $1 billion in calculating their CECL allowances. For more information, click here.
- On July 1, the Departments of Health and Human Services, Labor, and Treasury issued an interim final rule as part of a law that limits “surprise” medical bills assessed to patients who are unknowingly treated by doctors and facilities outside of the patients’ health care networks. The rule is scheduled to go into effect on January 1, 2022, and represents the first step toward the enactment of the “No Surprises Act,” which Congress passed last year. For more information, click here.
- On June 30, the Federal Financial Institutions Examination Council (FFIEC) issued a new booklet in the FFIEC Information Technology Examination Handbook series, titled, “Architecture, Infrastructure, and Operations.” The booklet provides expanded guidance to help financial institution examiners assess the risk profile and adequacy of an entity’s information technology architecture, infrastructure, and operations. For more information, click here.
- On June 30, the Federal Housing Finance Agency (FHFA) announced changes to loan modification terms for COVID-19-impacted borrowers with mortgages backed by Fannie Mae or Freddie Mac and needing payment reduction for successful home retention. The updated terms specifically address borrowers with permanent COVID-19 hardships and respond to the unprecedented nature of the pandemic. For more information, click here.
- On June 29, the CFPB issued a report highlighting legal violations identified by the Bureau’s 2020 examinations. The report also highlights prior CFPB supervisory findings that led to public enforcement actions in 2020, resulting in more than $124 million in consumer remediation and civil money penalties. For more information, click here.
- On June 29, the U.S. Supreme Court refused to lift the CDC’s moratorium on evictions during the COVID-19 pandemic. The plaintiffs, who include landlords and real estate trade associations from Alabama and Georgia, argue that the CDC exceeded its authority by imposing the ban. The ban applies to tenants that would have no other housing options if evicted. The moratorium is set to expire on July 31. For more information, click here.
- On June 28, the CFPB finalized amendments to federal mortgage servicing regulations to reinforce the ongoing economic recovery as the federal foreclosure moratoria are phased out and which will help protect mortgage borrowers as they exit forbearance. The rules will establish temporary safeguards to help ensure that borrowers have time before foreclosure to explore their options, including loan modifications and selling their homes. The rules cover loans on principal residences, generally exclude small servicers, and will take effect on August 31. For more information, click here.
- On June 25, the Federal Reserve Board announced it will extend for a final time its Paycheck Protection Program Liquidity Facility by an additional month to July 30. The extension represents an operational accommodation to allow additional processing time for banks, community development financial institutions, and other financial institutions to pledge to the facility any Paycheck Protection Program (PPP) loans approved by the Small Business Administration through the PPP program’s June 30 expiration date. For more information, click here.
- On September 1, a new Texas law, allowing remote work for employees of entities licensed by the Texas Finance Commission, will take effect. The licensed entities include vehicle finance companies, traditional installment lenders, and mortgage lenders. The law does not impact most third-party collection agencies, but it does impact some creditors and debt buyers. For more information, click here.
- On July 1, the Connecticut Department of Banking issued an “Order Establishing Requirements for Conducting Business from a Remote Office Location,” allowing individuals working for consumer collection agencies, debt adjusters, debt negotiators, mortgage brokers, mortgage services, sales finance companies, small loan companies, and student loan servicers to work from remote office locations not licensed as branch office locations. This order is effective until modified or vacated and requires licensees to comply with certain measures, including maintaining the safety of personal information and data security and operating under implemented policies and procedures. For more information, click here.
- On July 1, Pennsylvania Governor Tom Wolf vetoed a bill passed by the state legislature that would allow state courts to place accounts in the hands of private collection agencies to pursue individuals with overdue court fines and costs. Under current law, state courts cannot use private collection agencies to try and recover unpaid court costs and fines, many of which are incurred by individuals living outside of the particular county in which they were fined in the first place. For more information, click here.
- On June 30, Maine Governor Janet Mills declined to veto a new law that expands consumer protections against garnishments. Under the newly enacted law, consumers now can protect $500 per week of their wages, up from $290 a week. Consumers also can protect $160,000 of their home’s equity, up from $95,000, and $10,000 of their interest in a motor vehicle, up from $7,500. The new law further protects up to $3,000 in consumers’ bank accounts. Previously, consumers were not allowed to protect any of the funds in their bank accounts. For more information, click here.
- The California commissioner of financial protection and innovation recently issued proposed changes to the notice of rulemaking for acquiring a debt collection license under the Debt Collection Licensing Act. While licenses will not be required until 2022, comments to the new proposed changes are due July 12. For more information, click here.
- Recently, the Nevada Financial Institutions Division indicated that it will not renew its guidance allowing licensee employees to work remotely from home. The current guidance — which requires licensees to comply with certain measures, including maintaining the safety of personal information and data security and operating under implemented policies and procedures — is set to expire on July 31. For more information, click here.
- On June 26, Minnesota Governor Tim Walz signed into law a bill that expands the regulation of the accounts receivable management industry to include debt buyers and affiliated companies. Under HF 6, “debt buyers” are defined as businesses “engaged in the purchase of any charged-off account, bill, or other indebtedness for collection purposes, whether the business collects the account, bill, or other indebtedness, hires a third party for collection, or hires an attorney for litigation related to the collection” and subject to provisions of the bill. For more information, click here.
Privacy and Cybersecurity Activities:
- On June 29, CyberScoop reported that cybercriminals are increasingly utilizing legitimate cybersecurity tools, such as Cobalt Strike, to mount their attacks on large online platforms. As the pandemic has pushed many businesses to interact online, it is inevitable that cybercriminal activity is on the rise. A cybersecurity firm reported that there was a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. In addition, cybercriminals are “also turning to trusted services like Dropbox, Google Drive, SendGrid, and Constant Contact” to distribute malware. To read more about these cybercriminal activity trends, click here.
- On June 28, Law360 reported that, in an upcoming patent infringement suit, U.S. District Judge Hawyood S. Gilman of the Northern District of California will exempt attorneys and witnesses who certify they’ve been vaccinated from the court’s mask mandate. This represents “one of the first in-person trials in the Northern District of California since the onset of the pandemic.” Moreover, “remote access to the proceedings — a hallmark of pandemic-era trials — [will] not be provided in the case.” To read more about Judge Gilman’s order, click here. This comes after more than a year of virtual hearings in which court proceedings have been streamed on the internet, which many legal commentators have warned presents serious privacy concerns for witnesses and jurors who may be reluctant to participate if their appearances could end up online.
- On June 17, U.S. Senator Kirsten Gillibrand reintroduced a new version of her bill, the Data Protection Act (DPA) of 2021, that would create an independent federal agency aimed at protecting consumer data, safeguarding privacy, and ensuring that all data practices are fair and transparent. First introduced in 2020, Senator Gillibrand updated the bill to include provisions to protect against privacy discrimination and to oversee the use of high-risk data practices. Additionally, the DPA would have the authority and resources to effectively enforce data protection rules and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. For more information, click here.