Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Colorado releases privacy act updates

    Privacy, Cyber Risk & Data Security

    Last month, the Colorado attorney general released a third version of draft rules to implement and enforce the Colorado Privacy Act (CPA). A hearing on the proposed draft rules was held February 1. As previously covered by a Special Alert, the CPA was enacted in July 2021 to establish a framework for personal data privacy rights. The CPA, which is effective July 1, 2023 with certain opt-out provisions taking effect July 1, 2024, provides consumers with numerous rights, including the right to access their personal data, opt-out of certain uses of personal data, make corrections to personal data, request deletion of personal data, and obtain a copy of personal data in a portable format. Under the CPA, the attorney general has enforcement authority for the law, which does not have a private right of action. The attorney general also has authority to promulgate rules to carry out the requirements of the CPA and issue interpretive guidance and opinion letters, as well as the authority to develop technical specifications for at least one universal opt-out mechanism. The attorney general previously released two versions of the draft rules last year (covered by InfoBytes here and here).

    The third set of draft rules seeks to address additional concerns raised through public comments and makes a number of changes, including:

    • Clarifying definitions. The modifications add, delete, and amend several definitions, including those related to “bona fide loyalty program,” “information that a [c]ontroller has a reasonable basis to believe the [c]onsumer has lawfully made available to the general public,” “publicly available information,” “revealing,” and “sensitive data inference” or “sensitive data inferences.” Among other things, the definition of “publicly available information” has been narrowed by removing the exception to the definition that had excluded publicly available information that has been combined with non-publicly available information. Additionally, sensitive data inferences now refer to inferences which “are used to” indicate certain sensitive characteristics.
    • Right to opt out and right to access. The modifications outline controller requirements for complying with opt-out requests, including when opt-out requests must be completed, as well as provisions for how privacy notice opt-out disclosures must be sent to consumers, and how consumers are to be provided mechanisms for opting-out of the processing of personal data for profiling that results in the provision or denial of financial or lending services or other opportunities. With respect to the right to access, controllers must implement and maintain reasonable data security measures when processing any documentation related to a consumer’s access request.
    • Right to correct and right to delete. Among other changes, the modifications add language providing consumers with the right to correct inaccuracies and clarify that a controller “may decide not to act upon a [c]onsumer’s correction request if the [c]ontroller determines that the contested [p]ersonal [d]ata is more likely than not accurate” and has exhausted certain specific requirements. The modifications add requirements for when a controller determines that certain personal data is exempted from an opt-out request.
    • Notice and choice of universal opt-out mechanisms. The modifications specify that disclosures provided to consumers do not need to be tailored to Colorado or refer to Colorado “or to any other specific provisions of these rules or the Colorado Privacy Act examples.” Additionally, a platform, developer, or provider that provides a universal opt-out mechanism may, but is not required to, authenticate that a user is a resident of the state.
    • Controller obligations. Among other things, a controller may choose to honor an opt-out request received through a universal opt-out mechanism before July 1, 2024, may respond by choosing to opt a consumer out of all relevant opt-out rights should the universal opt-out mechanism be unclear, and may choose to authenticate that a user is a resident of Colorado but is not required to do so.
    • Purpose specification. The modifications state that controllers “should not specify so many purposes for which [p]ersonal [d]ata could potentially be processed to cover potential future processing activities that the purpose becomes unclear or uninformative.” Controllers must modify disclosures and necessary documentation if the processing purpose has “evolved beyond the original express purpose such that it becomes a distinct purpose that is no longer reasonably necessary to or compatible with the original express purpose.”
    • Consent. The modifications clarify that consent is not freely given when it “reflects acceptance of a general or broad terms of use or similar document that contains descriptions of [p]ersonal [d]ata [p]rocessing along with other, unrelated information.” Requirements are also provided for how a controller may proactively request consent to process personal data after a consumer has opted out.
    • User interface design, choice architecture, and dark patterns. The modifications provide that a consumer’s “ability to exercise a more privacy-protective option shall not be unduly longer, more difficult, or time-consuming than the path to exercise a less privacy-protective option.” The modifications also specify principles that should be considered when designing a user interface or a choice architecture used to obtain consent, so that it “does not impose unequal weight or focus on one available choice over another such that a [c]onsumer’s ability to consent is impaired or subverted.”

    Additional modifications have been made to personal data use limitations, technical specifications, public lists of universal opt-out mechanisms, privacy notice content, loyalty programs, duty of care, and data protection assessments. Except for provisions with specific delayed effective dates, the rules take effect July 1 if finalized.

    On February 28, the attorney general announced that the revised rules were adopted on February 23, but are subject to a review by the attorney general and may require additional edits before they can be finalized and published in the Colorado Register. 

    Privacy, Cyber Risk & Data Security State Issues State Attorney General Colorado Colorado Privacy Act Consumer Protection

  • California Dept. of Real Estate reminds licensees of fiduciary duty requirements

    The California Department of Real Estate (DRE) recently reminded real estate licensees with a mortgage loan origination (MLO) endorsement of their fiduciary duty to borrowers. DRE licensees (including brokers, salespersons, and broker-associates supervised by a broker) who provide mortgage brokerage services to a borrower act as a fiduciary of that borrower, the DRE said, explaining that this “includes placing the economic interest of the borrower ahead of their own.” The Bulletin noted that California courts have held that the fiduciary relationship not only requires the broker to act in the highest good faith toward their client but also prohibits the broker from obtaining any advantage over the client by virtue of the fiduciary relationship. Licensees who violate their fiduciary duties may face DRE-disciplinary action against their real estate license and/or MLO endorsement and may also expose themselves to civil liability.

    Licensees are reminded that they are required to be aware of all laws, regulations, and rules governing their activities, including the federal Loan Originator Compensation (LO Comp) Rule, which “prohibits loan originators, including brokers, from receiving compensation based on the terms of consumer mortgage transactions.” Prior to the LO Comp Rule, mortgage brokers often received commissions that varied based on the terms of the mortgage loans they obtained for their clients, and in many cases received larger commissions on loans carrying less advantageous terms (e.g., loans with a higher interest rate would result in a larger commission than the same loan with a lower interest rate). The LO Comp Rule now prohibits this practice.

    The Bulletin also reminded licensees that receiving greater compensation for acting against the economic interests of a consumer would also violate a broker’s fiduciary responsibility to place the economic interest of their client ahead of their own, should the decision be motivated by a financial desire to increase compensation. Further, licensees may not steer or direct a borrower to close a loan with a particular lender in exchange for receiving a higher commission unless the transaction is the best loan for the borrower. Licensees must also disclose to a borrower the costs and expenses associated with the loan, and disclose all compensation received in the transaction. Taking any secret or undisclosed compensation, commission, or profit is also prohibited, the Bulletin said.

    Licensing State Issues California Loan Origination LO Comp Rule Steering Mortgages Consumer Finance

  • NYC Banking Commission to combat lending and employment discrimination

    State Issues

    On February 10, the New York City Banking Commission, which consists of the city’s mayor, the comptroller, and the Commissioner of the Department of Finance, announced two transparency measures to combat lending and employment discrimination by designated banks. Designated banks are those eligible to hold NYC deposits and are expected to provide approved banking products and services for city entities. The announcement states that beginning with this year’s biennial designation cycle, a public comment process will now be included prior to and during the Banking Commission’s public hearing to designate banks that will be eligible to hold deposits of city funds. Revisions have also been made to the certifications that banks are required to submit ahead of designation in order “to reinforce the obligation for depository banks to provide detailed plans and specific steps to combat different forms of discrimination in their operations.” NYC Mayor Eric Adams added “[t]hese new steps will ensure the Banking Commission is designating only those banks that have shown that they can protect taxpayer money and that are committed to promoting equity in all aspects of their operations.”

    State Issues New York Consumer Finance Discrimination Fair Lending

  • CSBS says state regulators need access to FinCEN’s beneficial ownership database

    State Issues

    On February 14, the Conference of State Bank Supervisors commented that FinCEN should be more explicit in its inclusion of state regulators as agencies that can request access to FinCEN’s forthcoming secure, non-public beneficial ownership information database. (See comment letter here.) As previously covered by InfoBytes, last December FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information (BOI). The NPRM proposed regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties, and also addressed aspects of the database that are currently in development. Agreeing that the new database would help enhance anti-money laundering and countering the financing of terrorism standards and help prevent the use of privacy to hide illicit activity from law enforcement and government authorities, CSBS asked that the final rule “explicitly define state regulators so that there is no confusion about their ability to access BOI when examining state-chartered banks and non-depository trust companies for compliance with customer due diligence requirements under the Bank Secrecy Act (BSA).” According to CSBS, state regulators conducted over 1,200 BSA exams in 2021. CSBS further pointed out that being able request BOI on an as needed basis would aid investigative and enforcement responsibilities for both state-chartered banks and state-licensed nonbank financial services providers. 

    State Issues Financial Crimes State Regulators CSBS Beneficial Ownership FinCEN Corporate Transparency Act Customer Due Diligence Anti-Money Laundering Combating the Financing of Terrorism Bank Secrecy Act

  • States support DOE’s overhaul of IDR plans

    State Issues

    On February 13, a coalition of state attorneys general led by California and Massachusetts submitted a letter in support of the Department of Education’s (DOE) proposed changes to income-driven repayment plans (IDR) for federal student loan borrowers. As previously covered by InfoBytes, last month the DOE announced a notice of proposed rulemaking (NPRM) designed to reduce the cost of federal student loan payments. According to the NPRM, the DOE is proposing to amend the regulations governing income-contingent repayment plans by amending the Revised Pay as You Earn (REPAYE) repayment plan, and is looking to restructure and rename the repayment plan regulations under the William D. Ford Federal Direct Loan Program, including combining the Income-Contingent Repayment and the Income-Based Repayment (IBR) plans under the umbrella term of IDR plans. The NPRM would ensure that a borrower’s balance would not grow due to accumulation of unpaid interest if the borrower otherwise makes the monthly payments, and would also establish that for individuals who borrow $12,000 or less, loan forgiveness can occur after making the equivalent of 10 years of payments. That period increases by one year for each additional $1,000 that is borrowed. 

    In their letter, the states expressed support for the DOE’s NPRM, but urged the department to take further steps to support struggling borrowers. The states urged the DOE to expand the scope and reach of the proposed reforms by, among other things, creating a simple path for borrowers in default to enroll in IBR or REPAYE, counting all past forbearance and repayment periods and certain deferment periods towards borrowers’ loan forgiveness, making Parent PLUS loans eligible for REPAYE, and expanding the reach of its reforms to “provide more retroactive relief” to borrowers impacted by widespread servicing errors that prevented them from enrolling in IDR. According to the letter, the DOE should also raise the discretionary income threshold to make debt more manageable for borrowers with the greatest need, eliminate the reverse amortization of IDR loan balances, shorten the period in which borrowers must make payments to receive forgiveness under REPAYE, provide viable repayment options, and automatically enroll delinquent borrowers in IDR plans before they face negative credit reporting and default, among other measures.

    State Issues State Attorney General Department of Education Income-Driven Repayment Student Lending Student Loan Servicer Consumer Finance

  • California’s privacy agency finalizes CPRA regulations

    Privacy, Cyber Risk & Data Security

    On February 3, the California Privacy Protection Agency (CPPA) Board voted unanimously to adopt and approve updated regulations for implementing the California Privacy Rights Act (CPRA). The proposed final regulations will now go to the Office of Administrative Law, who will have 30 working days to review and approve or disapprove the regulations. As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020 to amend and build on the California Consumer Privacy Act (CCPA). In July 2022, the CPPA initiated formal rulemaking procedures to adopt proposed regulations implementing the CPRA, and in November the agency posted updated draft regulations (covered by InfoBytes here and here).

    According to the CPPA’s final statement of reasons, the proposed final regulations (which are substantially similar to the version of the proposed regulations circulated in November) address comments received by stakeholders, and include the following modifications from the initial proposed text:

    • Amending certain definitions. The proposed changes would, among other things, modify the definition of “disproportionate effort” to apply to service providers, contractors, and third parties in addition to businesses, as such term is used throughout the regulations, to limit the obligation of businesses (and other entities) with respect to certain consumer requests. The term is further defined as “when the time and/or resources expended to respond to the request significantly outweighs the reasonably foreseeable impact to the consumer by not responding to the request,” and has been modified “to operationalize the exception to complying with certain CCPA requests when it requires ‘disproportionate effort.’” The proposed changes also introduce the definition of “unstructured” personal information, which describes personal information that could not be retrieved or organized in a predefined manner without disproportionate effort on behalf of the business, service provider, contractor, or third party as it relates to the retrieval of text, video, and audio files.
    • Outlining restrictions on how a consumer’s personal information is collected or used. The proposed changes outline factors for determining whether the collection or processing of personal information is consistent with a consumer’s “reasonable expectations.” The modifications also add language explaining how a business should “determine whether another disclosed purpose is compatible with the context in which the personal information was collected,” and present factors such as the reasonable expectation of the consumer at the time of collection, the nature of the other disclosed purpose, and the strength of the link between such expectation and the nature of the other disclosed purpose, for assessing compatibility. Additionally, a section has been added to reiterate requirements “that a business’s collection, use, retention, and/or sharing of a consumer’s personal information must be ‘reasonably necessary and proportionate’ for each identified purpose.” The CPPA explained that this guidance is necessary for ensuring that businesses do not create unnecessary and disproportionate negative impacts on consumers.
    • Providing disclosure and communications requirements. The proposed changes also introduce formatting and presentation requirements, clarifying that disclosures must be easy to read and understandable and conform to applicable industry standards for persons with disabilities, and that conspicuous links for websites should appear in a similar manner as other similarly-posted links, and, for mobile applications, that conspicuous links should be accessible in the business’ privacy policy.
    • Clarifying requirements for consumer requests and obtaining consumer consent. Among other things, the proposed changes introduce technical requirements for the design and implementation of processes for obtaining consumer consent and fulfilling consumer requests, including but not limited to “symmetry-in-choice,” which prohibits businesses from creating more difficult or time consuming paths for more privacy-protective options than paths to exercise a less privacy protective options. The modifications also provide that businesses should avoid choice architecture that impairs or interferes with a consumer’s ability to make a choice, as “consent” under the CCPA requires that it be freely give, specific, informed, and unambiguous. Moreover, the statutory definition of a “dark pattern” does not require that a business “intend to design a user interface to have the substantial effect of subverting or impairing consumer choice.” Additionally, businesses that are aware of, but do not correct, broken links and nonfunctional email addresses may be in violation of the regulation.
    • Amending business practices for handling consumer requests. The revisions clarify that a service provider and contractor may use self-service methods that enable the business to delete personal information that the service provider or contractor has collected pursuant to a written contract with the business (additional clarification is also provided on a how a service provider or contractor’s obligations apply to the personal information collected pursuant to its written contract with the business). Businesses can also provide a link to resources that explain how specific pieces of personal information can be deleted.
    • Amending requests to correct/know. Among other things, the revisions add language to allow “businesses, service providers, and contractors to delay compliance with requests to correct, with respect to information stored on archived or backup systems until the archived or backup system relating to that data is restored to an active system or is next accessed or used.” Consumers will also be required to make a good-faith effort to provide businesses with all necessary information available at the time of a request. A section has also been added, which clarifies “that implementing measures to ensure that personal information that is the subject of a request to correct remains corrected factors into whether a business, service provider, or contractor has complied with a consumer’s request to correct in accordance with the CCPA and these regulations.” Modifications have also been made to specify that a consumer can request that a business disclose their personal information for a specific time period, and changes have been made to provide further clarity on how a service provider or contractor’s obligations apply to personal information collected pursuant to a written contract with a business.
    • Amending opt-out preference signals. The proposed changes clarify that the requirement to process opt-out preference signals applies only to businesses that sell or share personal information. Language has also been added to explain that “the opt-out preference signal shall be treated as a valid request to opt-out of sale/sharing for any consumer profile, including pseudonymous profiles, that are associated with the browser or device for which the opt-out preference signal is given.” When consumers do not respond to a business’s request for more information, a “business must still process the request to opt-out of sale/sharing” to ensure that “a business’s request for more information is not a dark pattern that subverts consumer’s choice.” Additionally, business should not interpret the absence of an opt-out preference signal as a consumer’s consent to opt-in to the sale or sharing of personal information.
    • Amending requests to opt-out of sale/sharing. The revisions, among other things, clarify that, at a minimum, a business shall allow consumers to submit requests to opt-out of sale/sharing through an opt-out preference signal and through one of the following methods—an interactive form accessible via the “Do No Sell or Share My Personal Information” link, the Alternative Opt-out Link, or the business’s privacy policy. The revisions also make various changes related to service provider, contractor, and third-party obligations.
    • Clarifying requests to limit use and disclosure of sensitive personal information. The regulations require businesses to provide specific disclosures related to the collection, use, and rights of consumers for limiting the use of personal sensitive information in certain cases, including, among other things, requiring the use of a link to “Limit the Use of My Sensitive Personal Information” and honoring any limitations within 15 business days of receipt.  The regulations also provide specific enumerated business uses where the right to limit does not apply, including to ensure physical safety and to prevent, detect, and investigate security incidents.

    The proposed final regulations also clarify when businesses must provide a notice of right to limit, modify how the alternative opt-out link should be presented, provide clarity on how businesses should address scenarios in which opt-out preference signals may conflict with financial incentive programs, make changes to service provider, contractor, and third party obligations to the collection of personal information, as well as contract requirements, provide clarity on special rules applicable to consumers under 16-years of age, and modify provisions related to investigations and enforcement.

    Separately, on February 10, the CPPA posted a preliminary request for comments on cybersecurity audits, risk assessments, and automated decisionmaking to inform future rulemaking. Among other things, the CPPA is interested in learning about steps it can take to ensure cybersecurity audits are “thorough and independent,” what content should be included in a risk assessment (including whether the CPPA should adopt the approaches in the EU GDPR and/or Colorado Privacy Act), and how “automated decisionmaking technology” is defined in other laws and frameworks. The CPPA noted that this invitation for comments is not a proposed rulemaking action, but rather serves as an opportunity for information gathering. Comments are due March 27.

    Privacy, Cyber Risk & Data Security State Issues California CCPA CPPA CPRA Compliance State Regulators Opt-Out Consumer Protection

  • NYDFS implements state CRA revisions

    State Issues

    On February 8, NYDFS announced the adoption of updates to the state’s Community Reinvestment Act (CRA) regulation. The final regulation implements amendments to Banking Law § 28-b, and allows the Department to obtain necessary data to evaluate how well regulated banking institutions are serving minority- and women-owned businesses in their communities. These findings will be integrated into institutions’ CRA ratings, NYDFS said. As previously covered by InfoBytes, NYDFS issued proposed revisions last October, announcing that the modifications are intended to minimize compliance burdens by making sure the regulation’s proposed language complements requirements in the CFPB’s proposed rulemaking for collecting data on credit access for small and minority- and women-owned businesses. The final regulation details how regulated institutions must collect and submit the necessary data to NYDFS while abiding by fair lending laws. Regulated institutions must inquire as to whether a business applying for a loan or credit is minority- or women-owned or both, and submit a report to the Department providing application details, such as the date of application, type of credit applied for and the amount, whether the application was approved or denied, and the size and location of the business. The final regulation also includes a form for regulated institutions to use to obtain the required data from business loan applications. NYDFS said it will publish a data submission template in the coming months for regulated institutions to use during CRA evaluations. The final regulation takes effect August 8, and provides for a compliance date six months following the publication of the Notice of Adoption in the State Register. Regulated institutions will also have an additional transition period of three months from the compliance date to comply with certain provisions.

    State Issues State Regulators NYDFS Bank Regulatory New York CRA Agency Rule-Making & Guidance Fair Lending

  • New York FY 2024 budget proposes to end unfair overdraft practices

    State Issues

    On February 1, the New York governor released the state’s FY 2024 budget proposal, which includes measures for ending certain bank overdraft and insufficient fee practices. Specifically, the proposed legislation would amend section 9-y of the banking law to grant authority to the NYDFS superintendent to promulgate regulations related to (i) supervised banking organizations’ transaction processing practices; (ii) the charges (including overdraft and insufficient funds fees) that banks may impose in connection with dishonored transactions; and (iii) associated disclosures provided to consumers regarding how transactions are processed and any associated fees. In an accompanying budget briefing book, the governor said the proposed measures are part of “nation-leading legislation that comprehensively addresses abusive bank fee practices, which tend to disproportionally harm low- and moderate-income New Yorkers.” Proposed actions include “stopping the opportunistic sequencing of transactions in a way designed to maximize fees charged to consumers, ending other unfair overdraft and non-sufficient funds fee practices, and ensuring clear disclosures and alerts of any permissible bank processing charges.”

    State Issues New York Overdraft NSF Fees Consumer Finance State Legislation NYDFS Bank Regulatory

  • NYDFS finalizes commercial financing disclosures

    State Issues

    On February 1, NYDFS adopted a final regulation (23 NYCRR 600) outlining disclosure requirements for commercial financing transactions in the state. Under the state’s Commercial Finance Disclosure Law (CFDL)—which was enacted at the end of December 2020—providers of commercial financing, which include persons and entities who solicit and present specific offers of commercial financing on behalf of a third party, are required to give consumer-style loan disclosures to potential recipients when a specific offering of finance is extended for certain commercial transactions of $2.5 million or less.

    The final regulation took into consideration comments received on revised proposed regulations published in 2021 and 2022 (covered by InfoBytes here and here), and provides specific instructions for providers on how to comply with the CFDL. Among other things, the final regulation:

    • Outlines detailed definitions for terms used within the CFDL and in the regulation;
    • Clarifies the definition of “finance charge” with respect to commercial financing transactions, and explains how the finance charge and annual percentage rate should be calculated; 
    • Describes allowed tolerances and specifies occurrences where providers or financers will not assume liability for disclosure errors or inadvertent disclosures;
    • Lays out formatting and content requirements for disclosures required by the CFDL for the following types of financing: (i) sales-based financing; (ii) closed-end financing; (iii) open-end financing; (iv) factoring transaction financing; (v) lease financing; (vi) general asset-based financing; and (vii) all other commercial financing transactions that do not fall within the aforementioned categories; 
    • Clarifies specific itemization disclosure requirements for when the amount financed is greater than the recipient funds;
    • Outlines signature requirements;
    • Describes how the CFDL’s disclosure threshold of $2,500,000 is calculated; 
    • Explains how providers should calculate required disclosures for commercial financing transactions with multiple payment options/balances payable on demand;
    • Details certain duties of financers and brokers involved in commercial financing; 
    • Prescribes a process under which certain providers that use the opt-in method of calculating an estimated annual percentage rates will report data to the superintendent; and
    • Specifies provisions related to the assignment of commercial financing agreements.

    23 NYCRR 600 will take effect upon publication of the Notice of Adoption in the State Register. The compliance date is six months after the Notice of Adoption is published.

    State Issues NYDFS State Regulators Commercial Finance Disclosures Bank Regulatory 23 NYCRR 600

  • District Court preliminarily approves $2.75 million autodialer TCPA settlement

    Courts

    On January 31, the U.S. District Court for the District of Maryland preliminarily approved a class action settlement in which a cloud computing technology company agreed to pay $2.75 million to resolve alleged violations of the TCPA and the Maryland Telephone Consumer Protection Act. According to the plaintiff, the defendant violated the TCPA by, among other things, placing unsolicited telemarketing calls using an automated dialing system to class members on residential and cell phone numbers. Under the terms of the proposed settlement agreement, the defendant must establish a non-reversionary fund of $2.75 million to go to class members to whom the defendant (or a third party acting on its behalf) made (i) one or more phone calls to their cell phones; (ii) two or more calls while their numbers were on the National Do Not Call Registry; or (iii) one or more calls after the recipients asked the defendant or the third party to stop calling. “Plaintiff has also shown that a class action litigation is superior to other available methods for adjudicating this controversy,” the court wrote. “Plaintiff's counsel estimate that the average settlement payment to each Class Member would be approximately $30.00 to $60.00. Given this, the individual claims of each Class Member would be too small to justify individual lawsuits.” The court also approved proposed attorneys’ fees (not to exceed a third of the total settlement fund), as well as up to $60,000 for plaintiff’s out-of-pocket expenses and a $10,000 service fee award.

    Courts TCPA Autodialer Class Action State Issues Maryland Do Not Call Registry

Pages

Upcoming Events