Debt buyers beware: SCOTUS will decide if the FDCPA applies to you

On Friday, January 13, 2017, the U.S. Supreme Court granted certiorari in Henson v. Santander Consumer USA, Inc. This case raises the question whether a debt buyer is a “creditor” or a “debt collector” under the Fair Debt Collection Practices Act (FDCPA). The answer to this question, it turns out, is far from clear since debt buyers fit plausibly into either category. Read more >>

Consumer Lending and Services, Federal Regulatory

Texas OCCC issues advisory bulletin regarding amended MLA rule

Starting today, October 3, 2016, pawnshops nationwide will be obligated to follow the recently updated Military Lending Act (MLA) rule. In response to the release of the amended MLA and updated exam procedures by the Consumer Financial Protection Bureau, the Texas Office of Consumer Credit Commissioner (OCCC) issued an advisory bulletin summarizing the MLA’s requirements for Texas pawnbrokers. The guidance contains 20 questions and answers regarding the new regulations on loans involving military personnel.

Two noteworthy points for Texas pawnbrokers are addressed in the bulletin. First, Texas pawnshops are now required to have a written policy detailing how a person’s covered borrower status is determined. Additionally, an existing pawn loan that is extended in accordance with Texas law by having the borrower sign a memorandum of extension will not be considered to be a new loan or renewal that triggers the disclosure requirements of the MLA. However, the OCCC may modify its guidance if the Department of Defense decides otherwise.

Pawnbrokers make up a segment of the financial services industry that will be affected by these new rules under the Military Lending Act. Attorney, Jackie Mallett recently hosted a webinar discussing the amended rules and how they will affect the pawn industry. View the webinar in its entirety here

Consumer Lending and Services, Fair Lending, Federal Regulatory, Non-Depository Institutions

Amended Military Lending Act goes into effect on October 3; CFPB releases updated exam procedures

Today, September 30, 2016, the Consumer Financial Protection Bureau (CFPB) identified the updated exam procedures it will use to audit lenders who do business with military personnel. According to CFPB Director Richard Cordray, “[t]he updated exam procedures…will help ensure that servicemembers and their families are dealt with in a fair and safe manner when attempting to access credit.” Specifically, the requirements prohibit interest rates above 36 percent MAPR, mandatory waivers of consumer protection laws and mandatory allotments.

In its press release, the CFPB vows to strictly monitor financial institutions, their compliance programs and their “overall efforts to follow the rule’s requirements.” Evaluating everything from staff training to loan implementation, the CFPB will use the new rules to prevent substantial consumer harm. The updated Military Lending Act rules go into effect on October 3 for creditors. Credit card companies must be prepared to comply with the new rules by October 3, 2017.

Pawnbrokers make up a segment of the financial services industry that will be affected by these new rules under the Military Lending Act. Attorney, Jackie Mallett recently hosted a webinar discussing the amended rules and how they will affect the pawn industry. View the webinar in its entirety here

Compliance Management, Consumer Lending and Services, Depository Institutions, Fair Lending, Federal Regulatory, Non-Depository Institutions

Public and private sectors agree: Investment needed in banks’ cybersecurity

The Federal Reserve (the Fed) recently announced that it will participate in a study to determine how effective the central bank is at overseeing cybersecurity practices in the financial industry. The Fed’s Office of Inspector General (OIG) will be conducting the internal audit and plans to release the findings in the fourth quarter of this year.

The announcement comes on the heels of congressional inquiry into the Fed’s security practices in light of the attempted theft of $951 million from a Federal Reserve Bank of New York account held by Bangladesh Bank, the South Asian country’s central bank. While the N.Y. Fed successfully blocked 30 transactions that would have totaled an $850 million withdrawal, five transactions totaling $101 million were successful.

The OIG study will be the first public report to detail how strictly the central bank holds the financial industry to the regulations that are in place to protect from hackers and other criminals. “The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions,” according to the OIG. Mary Jo White, Chair of the Securities and Exchange Commission, described attacks like the one against the N.Y. Fed as the biggest risk currently facing the financial industry.

This sentiment seems to be echoed by the private sector as well. An international survey conducted by Kaspersky Lab and B2B International found that among businesses around the globe, protection from cyberattacks ranked amongst their highest priorities. Of the 5,500 businesses surveyed, 41 percent have invested in an in-house solution for protecting their financial transactions and 45 percent use a bank-provided solution.

While the investment rate is prolific, firms’ confidence in their ability to thwart an attacker is not so widespread. The most confident sector — the telecommunications industry — reported confidence with their fraud security at a 70 percent rate.  Only 67 percent of financial institutions reported their confidence in the same. Forty-seven percent of the firms surveyed indicated that their protections needed improvement.

Looking at the financial industry specifically, 48 percent of the respondents “admitted what they do to address the problem can be described as ‘mitigation’ rather than ‘prevention.’”  One of the largest concerns for banks – (38 percent of the organizations surveyed agreed it’s a problem for them) is distinguishing an attack from normal customer activity.  

Depository Institutions, Federal Regulatory, Non-Depository Institutions

FDIC under fire following recent string of data breaches

A recent data breach at the Federal Deposit Insurance Corporation (FDIC) is just one of many that have occurred in the past several months. The banking regulator is now under fire for its responses following a slew of breaches involving more than 10,000 sensitive and private data records. The FDIC was questioned about the breaches on May 12, 2016, during a hearing held by the House of Representatives Subcommittee on Oversight. Representatives criticized the FDIC, suggesting that it handled the incidents too slowly, did not notify Congress in a timely manner and failed to provide requested documents.

The FDIC was also criticized for failing to notify its employees who were affected by the breaches. It is estimated that the personal data of approximately 160,000 people have been impacted by these breaches, which occurred between October 30, 2015, and the present. The information includes names, bank account numbers and, possibly, social security numbers. According to Republican Representative Barry Loudermilk, chair of the subcommittee, the FDIC has still not notified any of these employees that their private information may have been compromised.

Evidence shows that at least seven recent breaches were caused by former employees as they were leaving the FDIC. The FDIC maintains that these breaches occurred inadvertently, but Congress is skeptical that the breaches were not intentional. One case is allegedly the subject of a criminal investigation. While the FDIC has indicated that it is completing a “top to bottom review” of its technology information policies, it appears that Congress will continue to apply pressure to the FDIC related to its response and handling of these breaches. According to Rep. Loudermilk in the subcommittee’s press release, the American people “have good reason to question whether their private banking information is properly secured by the FDIC.”  

Depository Institutions, Federal Regulatory, Legal Developments

Announcing our Cybersecurity Law blog

Readers of the Financial Services Law blog are invited to visit our newly-launched Cybersecurity Law blog, an online resource featuring news, information and legal analysis on current cybersecurity and data breach issues. Articles and posts, authored by Bricker & Eckler attorneys, share in-depth insights and legal implications on topics that have both local and global significance.  

We encourage you to subscribe to the blog via FeedBurner to have frequent updates sent directly to your inbox. Additionally, be sure to visit the blog and bookmark the site for easy reference. 

Compliance Management, Consumer Lending and Services, Depository Institutions, Fair Lending, Federal Regulatory, Federal Regulatory, Legal Developments, Non-Depository Institutions, State Regulatory

Do your company’s cybersecurity practices deceive consumers?

Not a day goes by without breaking news of a cybersecurity breach. Indeed, thoughts of a system hack keep many executives up at night. Small- and medium-sized businesses often fear that they do not have the robust resources or staff to adequately handle these threats.

The Consumer Financial Protection Bureau (CFPB) has now weighed in on these issues with a consent order that delivers cybersecurity guidelines.Of particular importance is the fact that the CFPB has now used its ultimate weapon — Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) — as a tool to ensure that companies adopt effective security protocols.

For a detailed analysis of the CFPB's consent order and what it means for consumer-facing businesses, read the latest Cybersecurity Insight

Federal Regulatory