Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • CFTC announces collaboration agreement with U.K. fintech team

    Fintech

    On February 19, the U.S. Commodity and Futures Trading Commission (CFTC) and the United Kingdom’s Financial Conduct Authority (FCA) released the Cooperation Arrangement on Financial Technology Innovation (Agreement). The Agreement outlines a commitment to collaborate and support each regulator’s efforts to encourage responsible fintech innovation; monitor development and trends; and obtain more effective and efficient regulation and oversight of the market. The Agreement specifies how program officials with LabCFTC in the U.S. and FCA Innovate in the U.K. will collaborate to share information, provide regulatory support to fintech businesses, and refer fintech businesses that wish to operate in the other jurisdiction to each other. In the announcement for the Agreement, CFTC Chairman J. Christopher Giancarlo stated, “we believe that by collaborating with the best-in-class FCA FinTech team, the CFTC can contribute to the growing awareness of the critical role of regulators in 21st century digital markets.”

    Fintech CFTC UK

    Share page with AddThis
  • Attorney General Sessions announces plans to create Cyber-Digital Task Force

    Privacy, Cyber Risk & Data Security

    On February 20, U.S. Attorney General Jeff Session announced plans to create a Cyber-Digital Task Force (Task Force) designed to combat global cyber threats. According to the DOJ’s press release, Attorney General Sessions stated that the Task Force will “advise me on the most effective ways that this Department can confront these threats and keep the American people safe.” His February 16 memorandum identified certain cyber-related issues as particularly “pressing,” including: (i) the use of the internet to spread violent ideologies; (ii) the theft of corporate, governmental, and private information on a large scale; (iii) the use of technology to evade or frustrate law enforcement; and (iv) the weaponization of consumer devices, including computers and other consumer devices, to attack U.S. citizens and businesses. The Task Force will issue a report by June 30, 2018 outlining the DOJ’s current cyber-related activities and offering recommendations.

    Privacy/Cyber Risk & Data Security DOJ

    Share page with AddThis
  • Department of Education releases RFI on undue hardship threshold

    Lending

    On February 21, the Department of Education published a Request for Information (RFI) seeking feedback on whether there is a need to clarify the threshold for “undue hardship” when evaluating bankruptcy cases in which borrowers seek to discharge student loans. According to the RFI, current U.S. Bankruptcy Code states that student loans can be discharged in bankruptcy claims only if “excepting the debt from discharge would impose an ‘undue hardship’ on the borrower and the borrower’s dependents.” However, according to the RFI, the term “Undue hardship” has never been defined by Congress in the Bankruptcy Code, nor has the Department been delegated the authority to do so. Instead, the context for proving a hardship claim falls under one of two tests summarized in the department’s 2015 Dear Colleague Letter (2015 Letter). The RFI requests comments on the following: (i) what factors should be considered when evaluating undue hardship claims; (ii) the weight to be given to any such factors; (iii) whether the use of two tests result in any “inequities among borrowers”; (iv) under what circumstances should loan holders “concede an undue hardship claim by the borrower”; and (v) whether and how changes should be made to the 2015 Letter. Comments on the RFI are due May 22.

    Lending Student Lending Department of Education Bankruptcy

    Share page with AddThis
  • Supreme Court denies writ challenging data breach standing

    Courts

    On February 20, the U.S. Supreme Court denied without comment a medical insurance company’s petition for writ of certiorari to challenge an August 2017 D.C. Circuit Court of Appeals decision, which reversed the dismissal of a data breach suit filed by the company’s policyholders in 2015. According to the D.C. Circuit opinion, the policyholders sued the medical insurance company after the company announced that an unauthorized party had accessed personal information for 1.1 million members. The lower court dismissed the policyholder’s case, holding that they did not have standing because they could not show an actual injury based on the data breach. In reversing the lower court’s decision, the D.C. Circuit, citing the Supreme Court ruling in Spokeo, Inc. v. Robins, held that it was plausible that the unauthorized party “has both the intent and the ability to use [the] data for ill.” This was sufficient to show that the policyholders had standing to bring the claims because they alleged a plausible risk of future injury.

    Courts Privacy/Cyber Risk & Data Security Spokeo Class Action U.S. Supreme Court Appellate D.C. Circuit

    Share page with AddThis
  • Treasury releases Orderly Liquidation Authority report

    Federal Issues

    On February 21, the U.S. Department of the Treasury released a report on the Orderly Liquidation Authority (OLA) and Bankruptcy Reform. The report is in response to the April 2017 Presidential Memorandum requiring the Treasury Department to review and provide recommendations for improving the OLA under the Dodd-Frank Act, previously covered by InfoBytes here. According to the Treasury Department’s announcement, the recommendations outlined in the report “ensure that taxpayers are protected by strengthening the bankruptcy procedure for a failed financial company and retaining OLA in very limited circumstances with significant reforms.” In addition to recommending a new Chapter 14 of the Bankruptcy Code for distressed financial companies, the report recommends significant reforms to the OLA process, such as (i) creating clear rules administered with impartiality, including restricting the FDIC’s ability to treat similarly situated creditors differently; (ii) ensuring market discipline and strengthening protection for taxpayers by, among other things, only allowing the FDIC to lend on a secured basis; and (iii) strengthening judicial review to provide a stronger check on the decision to invoke OLA.

    Federal Issues Department of Treasury Dodd-Frank Orderly Liquidation Authority Trump Bankruptcy

    Share page with AddThis
  • FDIC releases 2017 annual report, among key issues are living wills, cybersecurity, and simplifying regulations

    Federal Issues

    On February 15, the FDIC released its 2017 Annual Report, which includes, among other things, the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. The report also provides an overview of key FDIC initiatives, performance results, and other aspects of FDIC operations, supervision developments, and regulatory enforcement, including the following:

    • Living Wills. The report discusses the FDIC’s continued evaluation of resolution plans for Systemically Important Financial Institutions (SIFIs) and notes there remain “inherent challenges and uncertainties” associated with the plans, specifically within four areas: “intra-group liquidity; internal loss-absorbing capacity; derivatives; and payment, clearing, and settlement activities.” Further, the FDIC and Federal Reserve (who share joint responsibility for reviewing and assessing resolution plans) reviewed plans submitted by the eight largest U.S. SIFIs and noted that four of the firms’ plans had shortcomings—although no deficiencies were identified—and stipulated that the plans must be resubmitted by July 1, 2019. (See previous InfoBytes coverage here on recent comments by FDIC Chairman Martin concerning living will challenges.)
    • Cybersecurity. Among other initiatives, the report discusses a collaboration between the FDIC, the Federal Reserve, and the OCC to update the interagency Cybersecurity Assessment Tool, which “helps financial institutions determine their cyber risk profile, inherent risks, and level of cybersecurity preparedness.” The report provides feedback from institutions currently using the tool.
    • Simplifying Regulation. In accordance with the requirements of the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA), the report discusses the FDIC’s, Federal Reserve Board’s, and OCC’s regulatory review process done in conjunction with the National Credit Union Administration and the members of the Federal Financial Institutions Examination Council (FFIEC). As previously covered in InfoBytes here and here, a report was issued in March outlining initiatives designed to reduce regulatory burdens, particularly on community banks and savings associations, and last September a proposed rule to simplify capital rule compliance requirements and reduce the regulatory burden was issued.

    Federal Issues FDIC SIFIs Living Wills Privacy/Cyber Risk & Data Security Federal Reserve OCC NCUA FFIEC EGRPRA

    Share page with AddThis
  • CFPB releases RFI on external engagements

    Federal Issues

    On February 21, the CFPB released its fifth Request for Information (RFI) in a series seeking feedback on the bureau’s operations. This RFI solicits public comment on how the Bureau can best “conduct future external engagements while continuing to achieve the Bureau’s statutory objectives.” According to the RFI, the Bureau’s “external engagements” are public and non-public meetings, including: field hearings, town halls, roundtables, and meetings of its advisory board and councils. The Bureau is required by the Dodd-Frank Act to have a Consumer Advisory Board.  The Bureau has also chosen to form three advisory councils: the Community Bank Advisory Council, the Credit Union Advisory Council, and the Academic Research Council. 

    The RFI broadly requests feedback on all aspects of these external engagements but also highlights specific topics on which comment is requested, including (i) strategies for seeing feedback from diverse external stakeholders; (ii) information related to the methods, such as town halls and field hearings, the Bureau uses to receive feedback; (iii) the current process for transparency in the details of the events; (iv) strategies for promoting transparency while protecting confidential business information; and (v) other approaches not currently utilized by the Bureau. The RFI is expected to be published in the Federal Register on February 26. Comments will be due 90 days from publication.

    Federal Issues RFI CFPB Succession CFPB

    Share page with AddThis
  • CFTC offers large reward to “pump-and-dump” scheme whistleblowers

    Fintech

    On February 15, the Commodity Futures Trading Commission (CFTC) issued a Consumer Protection Advisory on virtual currency “pump-and-dump” schemes, which offers eligible whistleblowers between 10 and 30 percent of enforcement actions of $1 million or more, which result from the shared information. The notice cautions consumers against falling for the fraudulent “pump-and-dump” schemes, which capitalize on consumers’ fear of missing the potentially lucrative—yet volatile—cryptocurrency market. The advisory warns consumers that many of the perpetrators of these schemes use social media to promote false news reports and create fake urgency for consumers to buy the cryptocurrency immediately. Then, after the price reaches a certain level, the schemers sell their virtual currency and the price begins to fall.

    Fintech Virtual Currency CFTC Bitcoin Cryptocurrency Whistleblower Enforcement

    Share page with AddThis
  • House Financial Services Committee holds hearing on current data security regulatory regime

    Privacy, Cyber Risk & Data Security

    On February 14, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Examining the Current Data Security and Breach Notification Regulatory Regime” to discuss opportunities to reform data security regulations at the federal and state level in order to close gaps in the regulations and reduce vulnerabilities in the system. Subcommittee Chairman Blaine Luetkemeyer (R-Mo.) opened the hearing by stating that (1) technological advancements are paired with increasingly sophisticated threats to data security; and (2) data breaches seem to be increasing in number and severity. Luetkemeyer emphasized that the time has come to consider regulatory reform to address these complex issues.

    The hearing’s five witnesses offered numerous insights related to the current issues with data security. Among the issues discussed included highlighting the significance of the global data threats the U.S. faces today and the cost they have on the public’s trust in technology. Several witnesses commented on the inconsistencies in state data breach laws and offered suggestions for future regulatory reform, such as federal legislation that (i) requires companies to maintain reasonable data security policies; (ii) implements prompt consumer notification requirements of suspected breaches; and (iii) contains a safe harbor for compliance with federal data security standards. The hearing also had significant discussion regarding whether a new federal law should preempt current state laws in their entirety. The discussion recognized the challenges of pursuing a preemption approach. On one hand, partial preemption would not solve the inconsistencies that exist today, but total preemption may override state laws that currently provide strong protections with a weaker national standard.

    Privacy/Cyber Risk & Data Security House Financial Services Committee Data Breach

    Share page with AddThis
  • FDIC adopts final rule to remove references to external credit ratings from international banking regulations

    Agency Rule-Making & Guidance

    On February 15, the FDIC announced it adopted a final rule, which removes references to external credit ratings from its international banking regulations related to permissible investment activities and the pledging of assets. According to FIL-9-2018, among other things, the amended final rule (adopted February 14) modifies the FDIC’s definition of “investment grade” under FDIC Rules and Regulations Part 347 by replacing references to external credit ratings with standards of creditworthiness that conform to Section 939A of the Dodd-Frank Act. As FIL-9-2018 explains, the final rule defines “investment grade” as a security issued by an entity that has adequate capacity to meet financial commitments for the projected life of the exposure. And as the final rule itself explains, this revision was made to “encourage regular, in-depth analysis by the banking organization of credit risks of securities, which is a prudent practice already expected of banks.” The final rule takes effect on April 1.

    Agency Rule-Making & Guidance FDIC International Credit Ratings Dodd-Frank

    Share page with AddThis

Pages