Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We are closely tracking these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums. You may access this interactive tool at https://covid19.troutman.com/.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On April 1, the Consumer Financial Protection Bureau (CFPB) announced it is rescinding seven policy statements issued last year that provided temporary flexibilities to financial institutions in consumer financial markets, including mortgages, credit reporting, credit cards, and prepaid cards. The seven rescissions provide guidance to financial institutions on complying with their legal and regulatory obligations. These rescissions signal the CFPB’s notice of intent to exercise the full scope of the supervisory and enforcement authority provided under the Dodd-Frank Act. The CFPB is also rescinding its 2018 bulletin on supervisory communications and replacing it with a revised bulletin describing its use of matters requiring attention. One of the rescinded policy statements concerns the Fair Credit Reporting Act (FCRA) and Regulation V. Following the enactment of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the guidance indicated that the CFPB would not enforce the FCRA’s statutory investigation timeframe against furnishers or consumer reporting agencies acting in good faith. In its recission statement, the CFPB stated “consumer reporting agencies and furnishers have had sufficient time to adapt to the pandemic and should be able to regularly meet their obligations under the FCRA and Regulation V.” For more information, click here.
- On April 1, the U.S. Department of the Treasury, the Internal Revenue Service, and the Bureau of the Fiscal Service announced they will disburse several million more payments in the third batch of American Rescue Plan Economic Impact Payments, bringing the total disbursed so far to 130+ million payments worth approximately $335 billion. For more information, click here.
- On April 1, the CFPB issued a warning to mortgage servicers to take necessary steps to prevent a wave of foreclosures this fall. The warning stated that servicers should dedicate sufficient resources and staff now to ensure they are prepared for a surge in borrowers needing assistance when the pandemic-related federal emergency mortgage protections expire in the summer and fall. The CFPB will closely monitor how servicers engage with borrowers, respond to borrower requests, and process applications for loss mitigation. The CFPB will consider a servicer’s overall effectiveness in helping consumers when using its discretion to address arising compliance issues. For more information, click here.
- On March 31, the Home Mortgage Disclosure Act (HMDA) Modified Loan Application Register data for 2020 were published on the Federal Financial Institutions Examination Council’s HMDA Platform for approximately 4,400 HMDA filers. The published data contain loan-level information filed by financial institutions, modified to protect privacy. For more information, click here.
- On March 31, the Federal Reserve Board adopted a final rule, outlining and confirming the use of supervisory guidance for regulated institutions. The final rule codifies a statement issued in September 2018, clarifying the differences between regulations and guidance. Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance. Guidance outlines expectations and priorities, as well as articulates views regarding appropriate practices for a specific subject. For more information, click here.
- On March 30, the U.S. Department of Education announced an expansion of the moratorium on federal student loan interest and collections on all defaulted loans under the Federal Family Education Loan program. It is expected that this action will impact more than one million borrowers. This relief will be made retroactive to March 13, 2020 — the beginning of the COVID-19 national emergency. For more information, click here.
- On March 29, the CFPB Acting Director Dave Uejio and the Federal Trade Commission (FTC) Acting Chairwoman Rebecca Slaughter issued a joint statement regarding their agencies’ work to help stop illegal evictions and protect consumers facing economic hardship due to COVID-19. The statement asserts that “[t]he CFPB and FTC are working with [Centers for Disease Control] to make renters aware of their rights under the eviction moratorium and to help them to understand how to complete declarations needed to stop evictions.” The statement includes information about various relief options and rental protections available to consumers. For more information, click here.
- On March 28, the Centers for Disease Control extended the national ban on evictions through June 30. The eviction ban was set to expire at the end of March 2021. For more information, click here.
- On April 1, New Jersey Governor Phil Murphy signed into law S-3523, which provides $25 million in federal COVID-19 relief aid for small businesses throughout New Jersey. The bill focuses on providing a lifeline to micro-businesses (five or fewer employees) and is part of a five-bill, $100 million relief effort aimed at helping New Jersey’s economy recovery from the yearlong pandemic. For more information, click here.
- On March 31, Nevada Governor Steve Sisolak issued Emergency Directive 043, which extends the moratorium on residential evictions in Nevada due to a tenant’s failure to pay rent or refusal to vacate the property after the expiration or termination of the lease agreement through May 31. Additionally, if a landlord serves a tenant with a notice to vacate or other notice related to the removal of the tenant or surrender of the premises related to an eviction covered under Emergency Directive 036, the landlord must provide the tenant with a statement — in English and Spanish — that provides certain information about the Nevada eviction moratorium and the rental assistance programs in the tenant’s county. Updated guidance and a copy of the required informational statement can be found here. For additional information, click here.
- On March 30, North Carolina Governor Roy Cooper signed Executive Order 206, which extends the statewide residential eviction moratorium through June 30 in coordination with the Centers for Disease Control and Prevention’s recent extension of the nationwide moratorium. North Carolina’s eviction moratorium halts evictions for nonpayment of rent and sets forth certain procedures for landlords and their tenants who may qualify for eviction protection. An updated Frequently Asked Questions (FAQ) to assist residential landlords and tenants comply with the changes can be found here. For more information on North Carolina’s residential eviction moratorium, click here.
- On March 30, Arkansas Governor Asa Hutchinson announced during a news conference that he is lifting the statewide mask mandate as of that day. Businesses still have the right to require customers to wear masks, and the governor asked that citizens respect these requirements. For more information, click here.
- On March 29, Florida Governor Ron DeSantis signed SB-72 into law. The bill provides “heightened legal protections against liability as a result of the COVID-19 pandemic” for “certain business entities, educational institutions, governmental entities, and religious institutions.” The plaintiffs will be required to submit an affidavit from a medical professional attesting that COVID-19-related damages occurred as a result of the defendant’s acts or omissions, and the plaintiffs must prove gross negligence by clear and convincing evidence to recover. For more information, click here.
- On March 29, Iowa’s congressionally funded rent, mortgage, and/or utility assistance programs went into effect. The Iowa Finance Authority will handle the $195 million programs. Eligible participants may qualify for 12 months of assistance. For more information, click here.
- On March 27, Colorado Governor Jared Polis extended an executive order that temporarily suspends certain state statutory deadlines to allow the continued use of federal funds from the 2020 CARES Act. The following day, the governor also extended an executive order related to protections provided to Colorado tenants from late fees due to COVID-19, while also extending a prior executive order to temporarily provide relief and state support to public utility customers to mitigate, respond to, and recover from the economic disruption due to the presence of COVID-19 in Colorado. For more information, click here.
- On March 24, New York Attorney General Letitia James released guidance regarding exemption of American Rescue Plan Act stimulus funds from garnishment. According to the press release, “Attorney General James’ guidance is based on multiple state and federal consumer protection laws and clarifies that any attempt to garnish stimulus funds from New Yorkers will be treated as a violation of these laws.” For more information, click here.
Privacy and Cybersecurity Activities:
- On April 2, Wired reported on the incoming use of COVID-19 vaccine passports, writing that “experts say there will be no escaping their development and that it is not too soon to discuss whether they will endanger privacy[.]” Organizations and governments are working on vaccine passports in an effort to reopen day-to-day operations. Many governments have already announced they will only admit travelers who have received their COVID-19 vaccines, with states in the U.S. currently debating whether they should be used at all. To learn more about vaccine passports and potential compliance issues for companies making or using them, check out Troutman Pepper’s Law360 article by clicking here.
- On March 30, Massachusetts Attorney General Maura Healey issued an advisory to its residents about “potential scams and misinformation intended to exploit the pandemic, while reminding residents to have confidence in the vaccination process.” The AG’s office shared that it has received reports about consumers receiving scam emails or texts after registering for the COVID-19 vaccine. A breach has not been reported to indicate that patient information has been leaked; nonetheless, the AG’s office “urges people to remain cautious about vaccine scams,” as well as:
- Be wary of requests for payment to acquire a vaccine;
- Avoid disinformation campaigns on social media; and
- Report spam or scams to the Internet Crime Complaint Center (IC3.gov).
To read the complete advisory, click here.
- On March 29, the National Institute of Standards and Technology (NIST) shared its “privacy-preserving encounter metrics that could help slow down [or prevent] future pandemics,” including the current COVID-19 pandemic. Encounter metrics are used to “measure levels of interactions between members of a population. A level of interaction could be the number of people in a bathroom who are talking to each other or a group of people walking down a hallway.” While it may sound similar to current contact tracing approaches, NIST’s method does not rely on pseudonyms; instead, NIST’s process uses “encounter IDs” to promote privacy. In lieu of using pseudonyms linked to specific devices, NIST states its approach instead labels each “each encounter with a random number[,]” making it more difficult for a cyber attacker to obtain a user’s identity. For those unfamiliar with contact tracing, click here. To read NIST’s full announcement, click here.
- On March 29, the CFPB announced that it and other federal financial regulatory agencies are gathering insight on financial institutions’ use of artificial intelligence (AI). The agencies seek information from the public on how financial institutions use AI in their activities, including fraud prevention, personalization of customer services, credit underwriting, and other operations. For more information, click here.