BSCR Firm News/Blogs Feedhttps://www.bscr-law.com/?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10en-us06 Aug 2020 00:00:00 -0800firmwisehttps://blogs.law.harvard.edu/tech/rssU.S. Supreme Court Rules CFPB Structure Unconstitutionalhttps://www.bscr-law.com/?t=40&an=109771&format=xml&p=5258&stylesheet=blog02 Jul 2020Financial Services Law Blog<p>The long-awaited Opinion from the United States Supreme Court has been rendered: The structure of the Consumer Financial Protection Bureau (the &ldquo;CFPB&rdquo;), and specifically its appointment of a single director, removable only for cause, is unconstitutional. The Court rendered its 5-4 <a href="https://d2qwohl8lx5mh1.cloudfront.net/uGcD5IBn1DO-ADScfdVHLw/content">Opinion</a>, authored by Chief Justice Roberts, earlier this week. The Supreme Court held that the CFPB&rsquo;s current structure violates the Separation of Powers clause of the U.S. Constitution. The Supreme Court reasoned that the CFPB &ldquo;lacks a foundation in historical practice and clashes with constitutional structure by concentrating power in a unilateral actor insulated from Presidential Control.&rdquo; The Opinion went on to provide for the longstanding history of the U.S. President&rsquo;s powers to remove executive officials, with very limited exception.</p> <p>Defenders of the CFPB&rsquo;s statutory structure cited to other agencies that have operated under a similar structure, including the Social Security Administration and the Federal Housing Finance Agency. But, the Court held, the former is distinguishable because it does not have the authority to conduct enforcement actions. And the latter is subject to ongoing criticism and constitutional challenges. The Court noted that the Fifth Circuit recently held the FHFA to be unconstitutional in <i>Collins</i> v. <i>Mnuchin</i>, <a href="https://casetext.com/case/collins-v-mnuchin-4#p587">938 F. 3d 553, 587-588</a> (2019).</p> <p>While the High Court was split over first issue, a more overwhelming 7-2 majority ruled on the second issue at hand that unconstitutional &ldquo;removal&rdquo; clause of the statutes creating the CFPB are severable from the other statutory provisions.&nbsp;Therefore, the Court held, the CFPB can continue to operate under the existing statutes.</p> <p>Justice Kagan authored a dissent to the majority opinion, arguing that the President had ample power under the existing structure to remove the CFPB Director when appropriate. She cautioned about why the CFPB was created in the first place and that by undermining its independence, the majority Opinion would send &ldquo;Congress back to the drawing board.&rdquo;</p> <p>Going forward, we now know that the CFPB is not going anywhere, but current and future Presidents will exercise more control over who will be in charge of the Bureau. What is not clear from the Opinion is the impact that it will have on enforcement actions ratified by &ldquo;unconstitutionally insulated&rdquo; directors. Because Mick Mulvaney was an acting director terminable-at-will, actions ratified by him are likely protected under the Opinion. But any actions ratified by the first-appointed director, Richard Cordray, or current director Kathleen Kraninger, may face legal challenges going forward.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10Tips for Small Businesses Considering PPP Loan Reliefhttps://www.bscr-law.com/?t=40&an=108546&format=xml&p=5258&stylesheet=blog30 Apr 2020Financial Services Law Blog<p>In just 2 short weeks, the first round of Paycheck Protection Program (&ldquo;PPP&rdquo;) funding under the CARES Act was exhausted. And it is not difficult to see why &ndash; after all, so long as the employer receiving those funds uses at least 75% of the loan proceeds for payroll costs during the eight-week covered period, the loan amount allocated toward each of the following expenses can be forgiven:</p> <ul> <li>Payroll costs</li> <li>Payment of interest on covered mortgage obligations</li> <li>Payment on any covered rent obligations, and</li> <li>Covered utility payments.</li> </ul> <p>But many small businesses have expressed frustrations about the loan process and lack of access to funding. Adding to those frustrations are the growing reports of not-so-small businesses, or companies with access to other financing, receiving loans and exhausting available funding.</p> <p>With many parts of the country either closed down or reopening in phases, now is still the time to take advantage of PPP loans. Some tips for small businesses considering applying for a PPP loan are provided below:</p> <ul> <li><b>Act swiftly and decisively. </b>The application period is open through June 30, 2020, but since these loans are given on a first-come, first-served basis, it is best to apply as quickly as possible.&nbsp;</li> <li><b>Even if you already submitted an application during the first round of PPP loans, be vigilant in communicating with your lender.</b>If you have not received an approval or denial, stay in frequent contact with your lender in order to ensure that your application packet is complete and that additional information is not needed. If your lender asks for additional documentation, make that a first priority and get it promptly submitted in order to ensure you have the best chance at receiving funds.&nbsp;</li> <li><b>Try working with smaller local banks and community lenders. </b>Most people have learned by now that working with a bank with whom you have an established relationship can give you priority in the PPP Loan application process. But if you have not had luck in this regard, consider working with a new community-based lender for a better chance at receiving funding &ndash;local business tends to sympathize and collaborate with other local business.&nbsp;</li> <li><b>What if my business is in a high-turnover industry? </b>While the PPP loan program seems like a &ldquo;no-brainer&rdquo; for many businesses, some high-turnover industries may worry about whether or not they can maintain the appropriate headcount in order for most or all of their loan to be forgiven. This can be especially concerning, given the short two-year maturity period on PPP loans for unforgiven portions. The Amount of forgiveness is determined by multiplying the base forgiveness amount by one of the following fractions, to be selected by the borrower:&nbsp;</li> </ul> <div> <p align="center"><u><b>(Average # of full-time employees per month employed during covered period)</b></u><br /> <b>(Ave. # of full-time employees per month employed from Feb. 15, 2019 &ndash; June 30, 2019)</b>&nbsp;</p> </div> <p align="center"><b>*or*</b>&nbsp;</p> <div> <p align="center"><u><b>(Average # of full-time employees per month employed during covered period)</b></u><br /> <b>(Ave. # of full-time employees per month employed during January and February of 2020)</b>&nbsp;</p> </div> <p>Small business owners who are not confident in employee retention are well-advised to use loan proceeds only for payroll costs and to keep any remaining funds on hand, where possible, in case some repayment is required. And since the CARES Act does not appear to make a distinction between employees who are let go versus those who leave voluntarily, job vacancies should be filled during the covered period to the extent possible. The PPP loan program does carry some risk for high-turnover industries but given that a personal guarantor or collateral is not required, the program is still less risky than traditional loans in most circumstances.</p> <p>The full text of the CARES Act is available <a href="https://assets.documentcloud.org/documents/20059055/final-final-cares-act.pdf">here</a>. Sections 1102 and 1106 provide specific guidance regarding the PPP Loan program and PPP loan forgiveness.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10CFPB Constitutionality Case Submitted to Supreme Court Todayhttps://www.bscr-law.com/?t=40&an=104597&format=xml&p=5258&stylesheet=blog03 Mar 2020Financial Services Law Blog<p>The movement to challenge the constitutionality of the Consumer Financial Protection Bureau (&ldquo;CFPB&rdquo;) was given life through the <i>PHH Mortgage </i>case, and then seemingly was left without a pulse after the <i>PHH Mortgage </i>en banc hearing. But in <i>Seila Law, LLC v. CFPB,</i> No. 19-7 (U.S.), the argument that the CFPB&rsquo;s structure is unconstitutional was resurrected, and it has survived all the way to the Supreme Court of the United States. Today, the High Court heard oral argument from the parties.</p> <p>It is not often that creditors and debt-relief agencies share the same legal argument in similar cases. However, the argument asserted by Seila Law (a consumer debt relief firm) in the case currently before the Supreme Court, PHH Mortgage, a mortgage servicer, are one and the same. Both entities were originally the subject of CFPB enforcement actions. And both argued in defense that the CFPB&rsquo;s structure violates the Separation of Powers Clause of the United States Constitution, due to its single-director, terminable-only-for-cause structure. More information about the original PHH Mortgage holding, which was reversed by the D.C. Circuit court en banc, is discussed in our previous <a href="https://www.bscr-law.com/?t=40&amp;an=61252&amp;format=xml&amp;stylesheet=blog&amp;p=5258">post.</a></p> <p>A second prong has been added to the unconstitutionality argument in <i>Seila: </i>The Supreme Court must first decide whether the structure of the CFPB is constitutional. If the Court finds it is not, then the Court must decide whether the relevant portions of the Dodd-Frank Act, creating its current structure, may be severed from the rest of the Dodd-Frank Act. In other words, is it necessary to abolish the CFPB altogether in the event its structure is unconstitutional, or may the agency itself be preserved with a more balanced model?</p> <p>Interestingly, one Supreme Court Justice has already rendered an opinion on the first argument. It so happens that Justice Brett Kavanaugh was sitting on the D.C. Circuit at the time of the original <i>PHH </i>holding, as well as when the en banc Court overturned the original <i>PHH </i>decision. In his dissent to the latter, Justice Kavanaugh stated that the CFPB&rsquo;s unchecked powers violate the constitution, where the director&rsquo;s power is &ldquo;massive in scope, concentrated in a single person, and unaccountable to the President.&rdquo; Justice Kavanaugh did not recuse himself from the current proceedings, despite critics&rsquo; insistence that he do so due to his history with the <i>PHH </i>case.</p> <p>Kavanaugh&rsquo;s comments during argument today have reportedly echoed his prior opinions. Chief Justice John Roberts is considered the potential swing vote in this case, and his questions during today&rsquo;s argument were directed toward both sides.</p> <p>It is highly unlikely that the Supreme Court will hold that the CFPB should be dismantled altogether. The Trump administration has even softened its position on this issue since President Trump was first campaigning. But for the first time since its creation, there is a real possibility that the structure of the agency will be put into check.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10Update: House Passes SAFE Banking Acthttps://www.bscr-law.com/?t=40&an=96960&format=xml&p=5258&stylesheet=blog28 Sep 2019Financial Services Law Blog<p>In August we <a href="https://www.bscr-law.com/?t=39&amp;anc=827&amp;format=xmldetail&amp;stylesheet=FirmNewsItems_blog&amp;p=5258">reported</a> on the challenges that financial institutions face in Missouri now that medical cannabis use is permitted, and we suggested that the SAFE Banking Act of 2019, <a href="https://www.congress.gov/bill/116th-congress/house-bill/1595?q=%7B%22search%22%3A%5B%22SAFE+Banking+Act%22%5D%7D">H.R. 1595</a>, would provide a much-needed safe harbor for banks handling cannabis money.</p> <p>Although there was doubt even a month ago that the SAFE Banking Act would pass, the bill was approved by 321-103, far more than the required 2/3 majority to pass through the House.</p> <p>The SAFE Banking Act is unique in that it draws both praise and objection from each side of the legislative aisle. While some Republicans support the bill due to its benefit to commerce and the financial services industry, other more socially conservative legislators refuse to support the bill because marijuana remains illegal under federal law, and some believe marijuana to be dangerous.</p> <p>Conversely, while the bill has garnered some Democratic support due to its progress toward future decriminalization of marijuana and scaling back the war on drugs, others simply do not want to give more power or leniency to financial institutions.</p> <p>This dichotomy of perspectives even within each party makes it difficult to predict how the SAFE Banking Act will fare in the Senate. But, there is no doubt that Missouri financial institutions would benefit from its passage, and proponents of the bill continue to push hard for it to be put into law.</p> <p>As a reminder, the SAFE Banking Act would not change the status of cannabis as a Schedule I controlled substance under federal law. But it would permit financial entities to provide checking and savings accounts, credit cards, loans, and other financial products to marijuana-related businesses, and it would also prohibit the feds from seizing assets or taking punitive action against those banking institutions.</p> <p>We will continue to monitor the status of this legislation.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10Now That Missouri is Accepting Marijuana-related Business Licensure Applications, What is the Plan for the Other Green Stuff?https://www.bscr-law.com/?t=40&an=95909&format=xml&p=5258&stylesheet=blog02 Aug 2019Financial Services Law Blog<p>From now until August 17, 2019, Missouri entities may apply for a license to cultivate, dispense, manufacture, test, and transport marijuana, pursuant to last year&rsquo;s passage of Amendment 2, permitting marijuana use for serious medical conditions. A cloudy haze remains, however, over how financial institutions doing business with marijuana-related businesses (&ldquo;MRBs&rdquo;) will be governed.</p> <p>As most are aware, while cannabis is now legal in some form or fashion in more than 30 states as well as D.C., cannabis manufacture and use is still prohibited by federal law. Consequently, handling of proceeds from MRBs is considered money laundering, and financial institutions are required to submit Suspicious Activity Reports (&ldquo;SARs&rdquo;) with FinCEN when certain red flags are raised in relation to suspected cannabis business.</p> <p>The SAFE Banking Act of 2019, <a href="https://www.congress.gov/bill/116th-congress/house-bill/1595?q=%7B%22search%22%3A%5B%22SAFE+Banking+Act%22%5D%7D">H.R. 1595</a>, would provide a safe harbor for financial institutions handling MRB money while the legality of cannabis continues to be debated at the federal level. More specifically, the SAFE Banking Act would prevent federal regulators from interfering with relationships between financial institutions and MRBs in states where cannabis is legal, and it would allow MRBs to access traditional banking services without threat of seizure or prosecution. The bill, if passed, would not change the status of cannabis as a Schedule 1 controlled substance.</p> <p>In recent weeks, several Missouri credit unions and banks have joined together to urge passage of the SAFE Banking Act, in anticipation of this month&rsquo;s open application process. Unfortunately, there is not much confidence that it will be passed.</p> So, how much money are we talking about? Last year, cannabis reportedly generated over $8 billion. The revenues are expected to triple over the next 5 years. Even though Missouri&rsquo;s share will be a fraction of anticipated revenues, that&rsquo;s still going to be a whole lot of green. Now, Missouri financial institutions and prospective MRBs will remain in the sticky situation of figuring out what to do with all of it.https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10Compliance Check for Financial Institutions: Is Your Website ‘Accessible' to those with Disabilities?https://www.bscr-law.com/?t=40&an=92115&format=xml&p=5258&stylesheet=blog10 Jun 2019Financial Services Law Blog<p>What do Amazon, Domino&rsquo;s, and Beyonc&eacute; have in common? Their websites have all have been the subject of high profile lawsuits alleging failure to comply with the Americans with Disabilities Act of 1990 (the &ldquo;ADA&rdquo;). Your financial institution could be, too, if it has not taken measures to ensure its website is ADA compliant.</p> <p>We most often associate the ADA with physical limitations of brick and mortar buildings. But in recent years, several courts have extended the protections of the ADA to customers using websites in times where we conduct most of our business online. The relevant portion of the ADA provides that &ldquo;No individual shall be discriminated against on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation by any person who owns, leases (or leases to) or operates a place of public accommodation.&rdquo; 42 U.S.C. &sect;12182(a). Even though the ADA has not been amended to specifically address websites, several courts have held that the ADA applies to website accessibility, whether by nexus to a physical location or by the website&rsquo;s public nature.</p> <p>There is currently a split among the circuits as to whether or not a website falls under the scope of the ADA, but recent cases show a tilt in favor of holding that websites are either places of public accommodation in their own right, or have a sufficient nexus to services provided out of a brick and mortar location to fall under the ADA. In one of the more recent cases, the Ninth Circuit Court of Appeals held that an ADA lawsuit could proceed against Domino&rsquo;s for alleged failure to comply with appropriate accessibility standards for its website. The Court reasoned, &ldquo;The statute applies to the services of a place of public accommodation, not services in a place of public accommodation. To limit the ADA to discrimination in the provision of services occurring on the premises of a public accommodation would contradict the plain language of the statute.&rdquo; Domino&rsquo;s had not established that compliance would be an undue burden or would materially alter its business, such that the ADA claim was permissible.</p> <p>While ADA website litigation is not altogether new, it has gained traction in the past couple of years. Financial Services Litigators are closely monitoring these cases across the country and expect these filings against banks and credit unions to increase, due to increasing popularity of, and reliance upon, online banking by customers. Financial institutions are encouraged to ensure their websites comply with the current industry standard for accessibility, as well as state-level requirements. In evaluating its website, a financial institution should ask these questions:</p> <ul> <li>Is the website &ldquo;perceivable&rdquo;? Does it: <ul> <li>Provide&nbsp;text alternatives&nbsp;for non-text content</li> <li>Provide&nbsp;captions and&nbsp;other alternatives&nbsp;for multimedia</li> <li>Create content that can be&nbsp;presented in different ways</li> <li>including by assistive technologies, without losing meaning</li> <li>&nbsp;Make it easier for users to&nbsp;see and hear content</li> </ul> </li> </ul> <ul> <li>Is the website &ldquo;operable&rdquo;? Does it: <ul> <li>Make all functionality available from a&nbsp;keyboard</li> <li>Give users&nbsp;enough time&nbsp;to read and use content</li> <li>Avoid content that causes&nbsp;seizures</li> <li>Help users&nbsp;navigate and find content</li> </ul> </li> </ul> <ul> <li>Is the website &ldquo;Understandable&rdquo;? Does it: <ul> <li>Make text&nbsp;readable and understandable</li> <li>Make content appear and operate in&nbsp;predictable&nbsp;ways</li> <li>Help users&nbsp;avoid and correct mistakes</li> </ul> </li> </ul> <ul> <li>Is the website &ldquo;Robust&rdquo;? Does it: <ul> <li>Maximize&nbsp;compatibility&nbsp;with current and future user tools.</li> </ul> </li> </ul> <p>The Eighth and Tenth Circuits have not yet issued rulings applicable to this topic. We will continue to monitor for new cases and provide updates.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10CFPB Proposes to Rescind Underwriting Requirement of 2017 Payday Loan Rulehttps://www.bscr-law.com/?t=40&an=88934&format=xml&p=5258&stylesheet=blog26 Feb 2019Financial Services Law Blog<p>Earlier this month, the CFPB took one of its first substantial steps under new leadership, with a Notice of Proposed Rulemaking seeking to rescind the underwriting requirements of the Bureau&rsquo;s 2017 Final Rule regarding payday loans, vehicle title loans, and high-cost installment loans (the &ldquo;2017 Payday Loan Rule&rdquo;). Signed by new director Kathy Kraninger and published on February 6, this proposal is open for comment through May 7, 2019.</p> <p>This recent proposal seeks to eliminate the &ldquo;identification&rdquo; provision in the 2017 Payday Loan Rule that makes it an unfair and abusive practice for lenders to make these types of loans without making a reasonable determination that the customer will have the ability to repay those loans. The new proposed rule also seeks to remove the &ldquo;prevention&rdquo; provision, which set forth certain underwriting guidelines that lenders were going to be required to use in an effort to prevent loans from issuing to borrowers not reasonably likely to be able to repay. Also subject to elimination were new recordkeeping and reporting requirements promulgated by the 2017 Rule. Director Kraninger&rsquo;s new proposal did not seek to remove any of the new payment policies put into effect by the 2017 Rule.</p> <p>In its Notice, the CFPB reasoned that there was not sufficient evidence to support the 2017 Rule, particularly where the 2017 Rule would prevent many consumers from accessing credit when needed. The CFPB also noted that most states have some degree of regulation in place as to payday loans, with varying levels of oversight and intricacy. To impose an additional federal, uniform requirement over the industry, it maintains, would be overly burdensome to both lenders and consumers seeking credit.</p> <p>The CFPB acknowledged that, in response to the original proposed 2017 Payday Loan Rule, it received a substantial number of comments from those who observed undesirable consequences from payday lending. However, those comments were far outnumbered by those from consumers who reported that payday loans, title loans, and other applicable products had been a necessary tool for survival in hard times where no other financing was available due to poor or nonexistent credit history.</p> <p>In the alternative, the CFPB also proposed that enforcement of the 2017 Payday Loan Rule underwriting requirements be delayed due to massive overhaul in technology and training payday lenders would have to undergo in order to meet these underwriting requirements.</p> <p>Director Kraninger has welcomed comment on all sides regarding this proposal, but it seems likely at this point that the anticipated underwriting requirements of the 2017 Rule will not be implemented or enforced.</p> <p>The Notice of Proposed Rulemaking to rescind the underwriting requirements may be found <a href="https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_payday_nprm-2019-reconsideration.pdf">here.</a> BSCR will continue to monitor until a final rule is issued.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10Fifth Circuit Denies Recovery of Attorneys' Fees Despite FDCPA's Mandatory Recovery Provisionhttps://www.bscr-law.com/?t=40&an=86064&format=xml&p=5258&stylesheet=blog26 Nov 2018Financial Services Law Blog<p>It is well known to financial services practitioners that a &ldquo;debt collector&rdquo; under the FDCPA is prohibited from using false or misleading information in furtherance of collecting a debt, and that a debt collector is liable for the claimant&rsquo;s attorneys&rsquo; fees for such a violation. But a recent decision out of the Fifth Circuit serves as a worthwhile reminder that the conduct of a party and its counsel, as well as reasonableness of the fees, matters in considering whether or not to grant recovery of fees.</p> <p>In <i>Davis v. Credit Bureau of the South</i>, the defendant&rsquo;s name alone reveals a violation of 15 U.S.C. &sect;&sect; 1692e(10), (16), as it had ceased to be a credit reporting agency years before it attempted to collect a past due utility debt from Ms. Davis under that name. Cross motions for summary judgment were filed, and the Court found that the defendant was liable for statutory damages under the FDCPA for inaccurately holding itself out as a credit reporting agency.</p> <p>Subsequently, Davis&rsquo; attorneys filed a motion for recovery of their fees, relying upon 15 U.S.C. &sect; 1692k(a)(3), which states that a debt collector who violates these provisions of the FDCPA &ldquo;is liable [ . . . ] [for] the costs of the action, together with reasonable attorneys&rsquo; fees as determined by the court.&rdquo; The motion sought recovery of fees in the amount of $130,410.00 based upon on hourly rate of $450.00. The trial court was, as it held, &ldquo;stunned&rdquo; by the request for fees and denied the motion. For its holding, the court cited to the fact that there was disposed of by summary judgment with a Fifth Circuit case directly on point, and that there were substantial duplicative and excessive fees charged by Plaintiff&rsquo;s multiple counsel. The trial court also characterized the rate of $450.00 as excessive in light of the relative level of difficulty of the case and the fact that the pleadings were &ldquo;replete with grammatical errors, formatting issues, and improper citations.&rdquo; From this order, Davis appealed.</p> <p>In its holding, the Fifth Circuit recognized that the FDCPA&rsquo;s express language, and several other circuit holdings, suggest that attorneys&rsquo; fees to a prevailing claimant are mandatory. However, the Court relied upon other circuits that have permitted &ldquo;outright denial&rdquo; (as opposed to a mere reduction) of attorney&rsquo;s fees for FDCPA claims in &ldquo;unusual circumstances,&rdquo; as well as other Fifth Circuit cases with similar conduct under other statutes containing mandatory attorney fee recovery, to deny recovery of fees altogether. The Court found there was extreme, outrageous conduct that precluded recovery of fees, where the record showed Davis and her counsel had colluded to create the facts giving rise to the action. For instance, Ms. Davis misrepresented that she was a citizen of Texas rather than Louisiana in order to cause the defendant to mail a collection letter, thus &ldquo;engaging in debt collection activities in the state of Texas.&rdquo; Furthermore, Davis and her counsel made repeated, recorded phone calls to the defendant asking repetitive questions in order to generate fees. While the FDCPA&rsquo;s fee recovery provision was intended to deter bad conduct by debt collectors, the Fifth Circuit found it was even more important in this case to deter the bad conduct of counsel.</p> <p>&nbsp;</p> <p>The <i>Davis </i>opinion may be found <a href="http://www.ca5.uscourts.gov/opinions/pub/17/17-41136-CV0.pdf">here</a> and is a cautionary tale that attorneys&rsquo; fees, as well as behavior throughout a case, may be held under the microscope, even where the law suggests that fees are recoverable as a matter of right.&nbsp;</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10House Financial Services Committee introduces bill to provide uniform reporting standards in the event of data breacheshttps://www.bscr-law.com/?t=40&an=81144&format=xml&p=5258&stylesheet=blog17 Oct 2018Financial Services Law Blog<p>In the spirit of National Cybersecurity Awareness Month, BSCR reports that Rep. Luetkemeyer of Missouri introduced H.R. 6743, a measure aimed at amending the Gramm-Leach-Bliley Act to provide a national uniform standard for addressing cyber security data breaches. The bill has already made some traction, as it was ordered by vote to be reported to committee last month.</p> <p>Some key amendments would be to revise the following two sections of the GLBA:</p> <p><b><i>Standards with respect to breach notification</i></b></p> <p><i>Each agency or authority required to establish standards described under subsection (b)(3) with respect to the provision of a breach notice shall establish the standards with respect to such notice that are contained in the interpretive guidance issued by the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision titled Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, published March 29, 2005 (<a href="http://api.fdsys.gov/link?collection=fr&amp;volume=70&amp;page=15736" title="Link to U.S. Government Publishing Office">70 Fed. Reg. 15736</a>), and for a financial institution that is not a bank, such standards shall be applied to the institution as if the institution was a bank to the extent appropriate and practicable.</i></p> <p><b>Relation to State laws</b></p> <p><i>(a)</i></p> <p><i>In general</i></p> <p><i>This subtitle preempts any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of any State, or political subdivision of a State, with respect to securing personal information from unauthorized access or acquisition, including notification of unauthorized access or acquisition of data.</i></p> <p>The full text of the proposed amendments can be found at this <a href="https://www.govtrack.us/congress/bills/115/hr6743/text">link.</a></p> <p>It is this second provision that is troubling some state-level authorities. In a <a href="https://www.csbs.org/csbs-opposes-hr-6743-consumer-information-notification-requirement-act">letter</a> to Chairman Hensarling, John W. Ryan, the President and CEO of the Conference of State Bank Supervisors (CSBS) expressed concern on behalf of state regulators that the bill, if enacted into law, could hurt efforts to protect consumers more than help. Arguing that the GLBA and state privacy laws already provide sufficient guidance for cyber breach events, Mr. Ryan contends that H.R. 6743 would actually undermine state consumer protection laws, and that it would undermine the authority of state attorneys general and other authorities to enforce reporting requirements.</p> <p>BSCR will continue to monitor the status of H.R. 6743, and our Financial Services Law Blog will keep the community posted as to pertinent events.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10$224 million sought in lawsuit against AT&T over cryptocurrency thefthttps://www.bscr-law.com/?t=40&an=79775&format=xml&p=5258&stylesheet=blog22 Aug 2018Financial Services Law Blog<p>A cyber thief was able to trick AT&amp;T into providing Michael Terpin&rsquo;s account information, enabling that thief to make off with nearly $24 million in cryptocurrency belonging to Terpin, according to a complaint filed in the U.S. District Court for the District of California in Los Angeles.</p> <p>In the lawsuit, among other things, Terpin alleges that AT&amp;T was negligent in failing to protect its customers&rsquo; private data, and that it willfully disregarded unlawful transactions between AT&amp;T employees and cyber thieves. Terpin claims that his digital currency was lost due to a &ldquo;SIM swap fraud,&rdquo; where the customer&rsquo;s phone number is transferred to a SIM card operated by a hacker, who then resets the customer&rsquo;s passwords and logs into their accounts in order to obtain confidential data and access to assets. Terpin believes that an AT&amp;T employee cooperated in the swap that caused him to lose digital coins that would have been valued at $23.8 million in January of 2018, during a time where the value of the bitcoin was soaring, as previously <a href="https://www.bscr-law.com/?t=40&amp;an=72169&amp;format=xml&amp;stylesheet=blog&amp;p=5258">reported</a> by the BSCR financial services law blog. Because he has been publicly involved in cryptocurrency enterprises, Terpin was a prime target for cyber thieves.</p> <p>AT&amp;T has responded to the complaint publicly, stating, &ldquo;We dispute these allegations and look forward to presenting our case in court.&rdquo; Terpin, though, alleges that the telecommunications juggernaut has simply become &ldquo;too big to care,&rdquo; prioritizing expansion and acquisition over investing in hiring qualified professionals, providing ongoing training, or investing in systems that would better protect customer data.</p> <p>While it remains to be seen what the outcome of this litigation will be, this lawsuit serves as a cautionary tale to any large institution that possesses sensitive online account data of its customers. These institutions would be well advised to look into their hiring and training procedures, as well as to consider implementing secure storage systems, in order to curtail future liability. BSCR will continue to monitor this litigation and will provide updates as milestones occur in the case.</p>https://www.bscr-law.com?t=39&anc=827&format=xml&directive=0&stylesheet=rss&records=10