Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • Ransomware Attack Has Global Impact, Bipartisan Legislation Introduced to Counter Hacking

    Privacy, Cyber Risk & Data Security

    On May 12, a cyberattack spread around the world, affecting more than 230,000 computers in roughly 150 countries, according to a statement issued by the American Bankers Association. The ransomware, known as “WannaCry,” was used to exploit a vulnerability that affects computers running Microsoft Windows (see Department of Homeland Security Alert). Users of infected computers received a message that their files had been encrypted and that they must pay a ransom in bitcoin in order to decrypt their files. However, as conveyed in a press release issued by the Financial Services - Information Sharing and Analysis Center (FS-ISAC), it appears that the majority of the attacks seem to be targeting and impacting non-financial sector entities globally. FS-ISAC “believes the current attacks utilize known vulnerabilities for which there are available software patches,” but that firms and service providers need to implement the patches. Agencies continue to monitor what may be the first in a series of attacks.

    SEC Office of Compliance and Examinations (OCIE) and FBI Issue Responses. The OCIE released a statement cautioning registrants to be vigilant in mitigating risk, and noted a recent OCIE study that determined a substantial number of registrants did not conduct periodic risk assessments, penetration tests, or vulnerability scans, while a smaller number had not updated critical security patches. The OCIE also provided links to guidance on cybersecurity risk management. Likewise, the FBI issued a bulletin providing guidance on additional protection measures following the attack.

    Bipartisan Legislation Introduced. On May 17, bipartisan legislation was introduced in the House and Senate to add transparency and accountability to the federal government process for retaining or disclosing vulnerabilities in technology products, services, applications, and systems. The bill, Protecting our Ability To Counter Hacking (PATCH) Act, follows the apparently leaked NSA hacking tool which opened the door to the global “WannaCry” ransomware attack. It is sponsored by Senators Brian Schatz (D-Haw.),  Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.), and Representatives Ted Lieu (D-Cal.) and Blake Farenthold (R-Tex.). As described in a release issued by Sen. Schatz’s office, the proposed legislation would make the Vulnerabilities Equities Process (VEP) more permanent, while altering its structure. It would also make the Department of Homeland Security the chair of the interagency board overseeing the VEP. Under the bill, the NSA and other security agencies would still be a permanent part of the board, while other agencies and the White House's National Security Council could attend meetings if the board deems it necessary. The established board would also produce a report for Congress on the policies it establishes regarding the disclosure of vulnerabilities no later than 180 days after the enactment of the Act. An unclassified version of the report will be publically available as well. “Striking the balance between U.S. national security and general cybersecurity is critical, but it's not easy,” Sen. Schatz noted. “This bill strikes that balance. Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”

    Coalition for Cybersecurity Policy and Law. The legislation has already received support. The Coalition issued the following statement in support of the proposed bill: “We support the goals of the PATCH Act and we look forward to working with Chairman Johnson, Senators Schatz and Gardner, and Reps. Lieu and Farenthold as it moves forward in both chambers. The events of the past week clearly demonstrate the real-world consequences of exploited vulnerabilities. Governments have a critical role in getting vulnerability information to organizations capable of acting to protect security in a timely manner upon discovery.”

    Privacy/Cyber Risk & Data Security ABA SEC Congress

    Share page with AddThis
  • Proposed FCRA Liability Harmonization Act Seeks to Limit Consumer Remedies in Class Action Suits and Bring Consistency to Consumer Laws

    Federal Issues

    On May 4, Rep. Barry Loudermilk (R-Ga.) introduced legislation that would limit the damages consumers could be awarded in class actions under the Fair Credit Reporting Act (FCRA) and eliminate the availability of punitive damages in such cases. As set forth in a May 8 press release issued by Rep. Loudermilk’s office, the FCRA Liability Harmonization Act (H.R. 2359) would “protect the right of consumers to pursue statutory damages and the right to just compensation for actual harm.”  Rep. Loudermilk, a member of the Financial Services Committee, has argued that eliminating the availability of punitive damages and capping class action damages would enable FCRA to be consistent with other consumer protection laws such as TILA, FDCPA, ECOA, and EFTA,  all of which have caps on punitive damages. A comment letter from 12 organizations in the consumer financial services industry expressed support for the proposed measure on similar grounds. Among other things, the letter notes that the absence of a cap on class action recoveries under FCRA—which allows plaintiffs to pursue unlimited damages, including punitive damages and attorneys’ fees—forces businesses to settle suits over “technical” or “speculative” violations in order to avoid the danger of excessive damage awards. The proposed legislation is co-sponsored by Rep. Edward Royce (R-Cal.), Rep. Ted Budd (R-N.C.), Rep. Peter King (R-N.Y.), and Rep. Ann Wagner (R-Mo.).

    Federal Issues FCRA Class Action Congress

    Share page with AddThis
  • Legislation Proposed to Require Study on Homeowners’ Privacy of Collected HMDA Information

    Federal Issues

    On April 27, Reps. Randy Hultgren (R-Ill.) and Andy Barr (R-Ky.) reintroduced legislation to “protect against the misuse of consumers’ sensitive financial information” collected under the Home Mortgage Disclosure Act (HMDA). According to a May 5 press release issued by Rep. Hultgren’s office, the Homeowner Information Privacy Protection Act (H.R. 2204) would require the Comptroller General of the United States to conduct a study to determine whether the data required to be published, made available, or disclosed under HMDA could result in: (i) exposing the mortgagor’s or applicant’s identity; (ii) exposing the mortgagor or applicant to identity theft or loss of personal, sensitive information; (iii) marketing or selling unfair, deceptive, or abusive financial products based on such information; (iv) personal financial loss or emotional distress resulting from the exposure to identify theft or the loss of sensitive personal financial information; and (v) “the potential legal liability facing the Bureau and market participants in the event the data required to be published, made available, or disclosed under the final rule leads or contributes to identity theft or the capture of sensitive personal financial information.” The bill further provides that the Comptroller will submit reports detailing the findings and conclusions as well as any recommendations for legislative and regulatory actions to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate. In addition, the bill proposes to delay the effective date of the new reporting requirements set forth in the 2015 HMDA rule to January 1, 2019.

    As previously covered in InfoBytes Special Alerts (see here and here), the CFPB has proposed amendments to the 2015 HMDA rule, which clarifies the collection and reporting requirements for several data points, among other things.

    Federal Issues Congress HMDA Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • American Bankers Association Argues for “Strong, Consistent” National Data Protection Standard

    Privacy, Cyber Risk & Data Security

    In a May 8 letter to Congress, the American Bankers Association (ABA) called on Congress to pursue national data protection standards for companies that handle consumers’ sensitive financial data. The letter notes that the financial sector has an excellent track record in protecting consumer data, citing data from the Identity Theft Resource Center indicating that only 0.2% of records exposed in data breaches were attributable to the financial sector, as opposed to the 81.3% of records exposed at businesses included retail, adding that the industry is highly motivated and under constant oversight to ensure that Federal privacy and data protection laws such as the Gramm-Leach-Bliley Act are followed.  On the other hand, the ABA notes, other industries are not required to protect consumer data under Federal law and have strongly opposed legislation that would add such requirements. The association concludes that a “strong, consistent national standard for fighting data breaches” is necessary to create a “security infrastructure that brings banks, payment networks and retailers together to safeguard sensitive financial data.”

    Privacy/Cyber Risk & Data Security Congress ABA

    Share page with AddThis
  • FHFA Director Appeared Before the Senate Banking Committee on May 11; Discussed Fannie/Freddie, Proposed "Underserved Markets Plans"

    Federal Issues

    On May 11, the Senate Committee on Banking, Housing, and Urban Affairs met in open session at 10:00 a.m. to discuss “The Status of the Housing Finance System After Nine Years of Conservatorship.” Federal Housing Finance Agency (FHFA) Director Mel Watt was the only witness scheduled to testify.

    The hearing comes after Fannie Mae (Fannie) and Freddie Mac (Freddie) published their first quarter financial reports. On May 2, Freddie announced $2.2 billion in net income in the first quarter—all of which Freddie expects to distribute to the Treasury, bringing the total to $108.2 billion in dividends. (See also Q1 2017 Supplement.) Notably, the $2.2 billion figure was down from its fourth quarter net income of $4.8 billion. Similarly, on May 5, Fannie reported net income of $2.8 billion in the first three months of 2017, money that will be sent to Treasury, which brings its total payments to $162.7 billion. The net income was a significant decline from the $5 billion it reported for the fourth quarter of 2016.

    Fannie and Freddie also recently released their respective “Underserved Markets Plans” for public comment. As previously covered by InfoBytes, FHFA published a final rule in the December 18 Federal Register implementing certain Duty to Serve provisions of the Federal Housing Enterprises Financial Safety and Soundness Act of 1992, as amended by the Housing and Economic Recovery Act of 2008. Among other things, these provisions require Fannie and Freddie to each adopt a formal “Underserved Markets Plan” to improve the availability of mortgage financing for residential properties that serve “very low-, low-, and moderate-income families” in three specified underserved markets: manufactured housing, affordable housing preservation, and rural markets. The Plans can be accessed through the following links:

    As explained on the FHFA’s DTS Underserved Markets Plan page, the activities and objectives in each of these Plans may be subject to change based on factors including public input, FHFA comments, compliance with the Enterprises' Charter Acts, safety and soundness considerations, and market or economic conditions. To this end, “views of interested stakeholders are sought on whether the proposed Plans would effectively serve the underserved markets if carried out as proposed, or if there are modifications that each Enterprise should consider making to its proposed Plan to better serve these underserved markets.”  The period during which the Enterprises are receiving public input on the proposed Plans will end on July 10. 

    Pursuant to the same new rule, FHFA has also published a Proposed Evaluation Guidance to provide: (i) FHFA's expectations regarding the development of the Underserved Markets Plans, and (ii) the process by which FHFA will evaluate Fannie’s and Freddie’s achievements under their Plans each year.  The deadline for public input on FHFA’s Proposed Evaluation Guidance is June 7.

    Federal Issues FHFA Congress Senate Banking Committee Fannie Mae Freddie Mac Treasury Department

    Share page with AddThis
  • Rep. Cummings Calls for House Oversight Committee to Assert Jurisdiction Over Financial CHOICE Act

    Federal Issues

    As  covered in last week’s InfoBytes, on May 4 the House Financial Services Committee approved the revised Financial CHOICE Act of 2017, H.R. 10, in a party-line vote, 34-26. In a May 3 letter to House Oversight and Government Reform Committee Chairman Jason Chaffetz, Rep. Elijah Cummings (D-Md.), the Ranking Minority Member on that Committee,  urged the Committee “not to waive its jurisdiction over the Financial CHOICE Act, H.R. 10”—which he argues includes “numerous provisions that clearly fall within the legislative jurisdiction of the Committee.” Rep. Cummings also states in his letter that the proposed legislation would “destroy key financial regulations and consumer protections” and “place our economy at greater risk of another crisis.” Accordingly, he argues that “[i]t is imperative that the Committee review and vote on [H.R. 10’s] dangerous proposals.”

    Federal Issues Congress Financial CHOICE Act House Oversight Committee House Financial Services Committee

    Share page with AddThis
  • Financial CHOICE Act of 2017 Approved by House Financial Services Committee

    Federal Issues

    On May 4, GOP efforts to overhaul existing financial regulations took a step forward as the House Financial Services Committee approved H.R. 10, a revised version of the “Financial CHOICE Act of 2017” in a party-line vote, 34-26. The vote concluded a two week period that included both a three-day markup, of the GOP-backed legislation—during which several Democrat committee members sought, unsuccessfully, to remove various provisions of the bill—and, a two-day hearing that included testimony from 18 different witnesses.

    • An Executive Summary of the proposed legislation is available here.
    • A Comprehensive Summary of the proposed legislation is available here.
    • A copy of the Legislative Text of the proposed legislation is available here.

    Originally introduced by Committee Chairman Jeb Hensarling (R-TX) in September 2016, the main focus of the CHOICE Act was to give financial institutions the option of avoiding many of the rules set up by the 2010 Dodd-Frank law if they maintain a high level of capital and are “well-managed” as defined in the bill. The legislation, if enacted, would also end the Dodd-Frank Act’s taxpayer-funded bailouts of large financial institutions and would impose greater penalties on those who commit fraud and insider trading, while also demanding greater accountability from banking regulators. A summary of changes incorporated in the latest iteration of the proposed legislation—recently referred to as “CHOICE Act 2.0”—was released by the Committee last week and included, among other things:

    • the elimination of the CFPB supervisory and examination authority;
    • a restructuring of the CFPB, FHFA, OCC, and FDIC into bipartisan commissions appointed by the President;
    • an opt-out of many regulatory requirements for banks and other financial institutions if they maintain a 10% leverage ratio (among other conditions);
    • subjecting the federal banking regulators to greater congressional oversight and tighter budgetary control;
    • reforms in bank stress tests;
    • materially reducing the authority of the Financial Stability Oversight Council (FSOC) and the establishment of a new process of identifying financial institutions as "systemically important";
    • a repeal of the Orderly Liquidation Authority and the creation of a new bankruptcy process for banks;
    • a repeal of the Volcker Rule; and
    • facilitated capital raising by small companies, including through crowd-funding.

    Looking ahead, the House could vote to pass the bill later this month. While a party-line vote would pass the House, the bill will likely need to pick up a minimum of 60 votes—including support from several Democrats—in order for it to pass in the Senate.

    Federal Issues House Financial Services Committee Financial CHOICE Act Congress Dodd-Frank CFPB FHFA OCC FDIC

    Share page with AddThis
  • Following Hearing, House Financial Services Committee Chairman Formally Introduces Financial CHOICE Act of 2017

    Federal Issues

    On April 26, the House Financial Services Committee held a hearing to discuss The Financial CHOICE Act – a GOP proposal to “reform the financial regulatory system” that was initially introduced and considered, though differing in a number of respects from the current version, but not adopted in the last Congress. The hearing debated the merits of a discussion draft, which was released on April 19 by Committee Chairman Jeb Hensarling (R-TX). Shortly after Wednesday’s hearing, Chairman Hensarling formally introduced H.R. 10, The Financial CHOICE Act of 2017. An Executive Summary of the proposed legislation has also been released. 

    The April 26 hearing – a video of which can be accessed here – included testimony from the following witnesses:

    • Mr. Peter J. Wallison, a Senior Fellow and Arthur F. Burn Fellow, Financial Policy Studies with the American Enterprise Institute (prepared statement)
    • Dr. Norbert J. Michel, a Senior Research Fellow, Financial Regulations and Monetary Policy, with the Heritage Foundation (prepared statement)
    • The Honorable Michael S. Barr, a Professor of Law at University of Michigan Law School (prepared statement)
    • Mr. Alex J. Pollock, a Distinguished Senior Fellow with the R Street Institute (prepared statement)
    • Dr. Lisa D. Cook, an Associate Professor of Economics and International Relations at Michigan State University (prepared statement)
    • Ms. Hester Peirce, a Director in the Financial Markets Working Group and Senior Research Fellow at the Mercatus Center at George Mason University (prepared statement)
    • Mr. John Allison, Former President and Chief Executive Officer with the Cato Institute (prepared statement)

    On April 28, Democrats held a separate hearing pursuant to Clause (d)(5) of Rule 3 of the Committee rules, which entitles members of the minority party to call its own hearing on any matter that is the subject of a majority hearing. The second hearing day – a video of which can be accessed here – included testimony from the following witnesses:

    • The Honorable Elizabeth Warren, United States Senator
    • Rohit Chopra, Senior Fellow, Consumer Federation of America
    • Corey Klemmer, Corporate Research Analyst, Office of Investment, AFL-CIO
    • Rev. Willie Gable, Pastor, National Baptist Convention USA, Inc. (prepared statement)
    • John C. Coffee Jr., Adolf A. Berle Professor of Law, Columbia University (prepared statement)
    • Rob Randhava, Senior Counsel, Leadership Conference on Civil and Human Rights (prepared statement)
    • Melanie Lubin, Maryland Securities Commissioner, North American Securities Administrators Association (prepared statement)
    • Emily Liner, Senior Policy Advisor, Economic Program, Third Way (prepared statement)
    • Amanda Jackson, Organizing and Outreach Manager, Americans for Financial Reform
    • Ken Bertsch, Executive Director, Council of Institutional Investors (prepared statement)
    • Sarah Edelman, Director, Housing Policy, Center for American Progress (CAP)

    Ranking Minority Member Maxine Waters (D-CA) also used the hearing to express her strong disapproval of what she has dubbed the “Wrong Choice Act.” Among other things, the ranking member alleged that the proposed legislation would “destroy[] Wall Street reform, gut[] the Consumer Financial Protection Bureau, and returns us to the financial system that allowed risky and predatory Wall Street practices and products to crash our economy.” 

    Federal Issues Financial CHOICE Act House Financial Services Committee Congress Dodd-Frank CFPB FDIC FSOC OCC FHFA

    Share page with AddThis
  • Trade Organizations Express Opinions on Proposed Legislation Regarding PACE Financings

    Federal Issues

    On April 24, various trade associations submitted a joint letter to U.S. Representatives Brad Sherman (D-CA) and Edward Royce (R-CA) expressing their opinions on the legislators’ recently-introduced bill, the Protecting Americans from Credit Entanglements (PACE) Act of 2017 (H.R.1958). The PACE Act of 2017 would, among other things, require specific consumer disclosures for Property Assessed Clean Energy (PACE) financings—a financial product that allows homeowners to pay for energy-efficient retrofitting (such as solar panels and high-efficiency air conditioners) through their property tax assessments. More than 30 states currently have PACE programs. The proposed legislation and its companion bill, S. 838, introduced by Sen. Tom Cotton (R-AR) in the Senate, would subject PACE financing originators and sales personnel to TILA requirements.

    Federal Issues Congress Lending PACE programs TILA

    Share page with AddThis
  • GAO Publishes Study Examining Fintech Industry Regulation


    On April 19, the U.S. Government Accountability Office (GAO) published a study examining four “subsectors” within the fintech industry—marketplace lenders, mobile payments, digital wealth management platforms, and distributed ledger technology (also known as blockchain)—and highlighting the types of products and services offered and how they are regulated. The report, Financial Technology – Information on Subsectors and Regulatory Oversight, is the first in a series of planned reports on fintech, following a request by Congress for a review of issues related to the industry. From July 2016 to April 2017, GAO reviewed agency publications, guidance, final rulemakings, initiatives, and enforcement actions, and also conducted interviews with representatives from the federal prudential regulators, state supervision agencies, and trade associations in order to compile the findings in the report. The report provides an overview of the technologies associated with each subsector, identifies primary users of the products and services, notes potential benefits and risks, and highlights industry trends and current regulations and oversight. Notably, GAO stated it made no recommendations in this report.

    Fintech GAO Examination Congress

    Share page with AddThis