Photo of David Stein

David Stein advises clients on credit reporting, financial privacy, financial technology, payments, retail financial services, and fair lending issues. He assists a broad range of financial services firms, consumer reporting agencies, financial technology companies, and their vendors with regulatory, compliance, supervision, enforcement, and transactional matters.

Mr. Stein has significant experience advising clients on compliance with the FCRA, GLBA, ECOA, EFTA, E-Sign Act, TILA, TISA, FDCPA, Dodd-Frank Wall Street Reform and Consumer Protection Act, and FTC Act, as well as state financial privacy laws. Mr. Stein is a member of the firm’s fintech and artificial intelligence initiatives and works with clients on issues related to cutting edge technologies, such as blockchain, virtual currencies, big data and data analytics, artificial intelligence, online lending, and payments technology.

Mr. Stein previously served in senior regulatory, policy-making, and management positions at the Consumer Financial Protection Bureau (CFPB) and the Federal Reserve Board (FRB). He played a significant role in developing regulations and policy on credit reporting, financial privacy, retail payments systems, consumer credit, fair lending, overdraft services, debit interchange, unfair or deceptive acts or practices, and mortgage origination and servicing. Mr. Stein draws upon his government experience in representing clients before the CFPB, the FRB, and other regulatory agencies and leverages his insights into the regulatory process to provide clients with practical, actionable advice.

On January 5, 2021, the CFPB’s (the “Bureau”) Taskforce on Federal Consumer Financial Law (the “Taskforce”) released a report (the “Report”) recommending how consumer protection in the financial marketplace may be improved.  Chartered by the Bureau in January of 2020, the Taskforce was charged with “examin[ing] the existing legal and regulatory environment facing consumers and financial services providers,” and “report[ing] its recommendations for ways to improve and strengthen consumer financial laws and regulations.”
Continue Reading CFPB’s Taskforce on Federal Consumer Financial Law Releases Report

Introduction  

On August 21, 2020, the California legislature enacted the California Consumer Financial Protection Law (CCFPL), which is to take effect on January 1, 2021.[1]  The law renames the “Department of Business Oversight” (DBO) the “California Department of Financial Protection and Innovation (DFPI)” and, among other things, empowers the department to regulate the offering and provision of consumer financial products or services under California consumer financial laws.[2]  The California legislature noted that the CCFPL strengthens “consumer protections by expanding the ability of the department to improve accountability and transparency in the California financial system and promote nondiscriminatory access to responsible, affordable credit, among other purposes.”[3]  In this blog post, we examine the DFPI’s possible authority over California’s principal privacy laws.  Covington will monitor how active the DFPI is in promulgating and enforcing privacy rules as the contours of the DFPI’s authority become apparent over time.


Continue Reading Privacy Oversight and the California Department of Financial Protection and Innovation

On September 15, 2020, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released an Outline of Proposals under Consideration and Alternatives Considered for the small business data collection rulemaking mandated by Section 1071 of the Dodd-Frank Act and a High-Level Summary of the outline of proposals.  The release signals that a Small Business Advisory Panel will convene in October 2020 as required by the Small Business Regulatory Enforcement Fairness Act of 1996 (“SBREFA”) to assess the impact of the Bureau’s outline of proposals under consideration.  Participants in the SBREFA panel are invited to submit written comments by November 9, 2020; other interested stakeholders are invited to submit written comments by December 14, 2020.

Section 1071 amends the Equal Credit Opportunity Act to require financial institutions to collect certain data regarding applications for credit for women-owned, minority-owned, and small businesses, maintain records of responses, and report the data to the CFPB on an annual basis, in accordance with rules and guidance issued by the CFPB.  The purpose of Section 1071 is “to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.”  15 U.S.C. § 1691o-2(a).

The Bureau’s proposals under Section 1071 have been long-awaited by industry associations, consumer groups, state regulators, Congress, and many other stakeholders, and the convening of the SBREFA panel represents the start of a rigorous and potentially lengthy rulemaking process.

A short list of highlights of the proposals follows after the jump, and we plan to publish a more detailed client alert on the CFPB’s outline of proposals in the near future.


Continue Reading CFPB Outlines Small Business Data Collection Proposals

Today, July 7, 2020, the Consumer Financial Protection Bureau (“CFPB”) released final amendments to its small-dollar lending rule published in November 2017 (the “2017 Rule”), specifically repealing the mandatory underwriting provisions of the rule.  The CFPB did not rescind or alter the payments provisions of the 2017 Rule, and instead ratified those provisions and will move forward to implement those provisions.  We address each aspect of the final amendments below.

Continue Reading CFPB Finalizes Amendments to Payday Lending Rule

On April 1, 2020, the Consumer Financial Protection Bureau (“CFPB”) released a statement on “Supervisory and Enforcement Practices Regarding the Fair Credit Reporting Act and Regulation V in Light of the CARES Act.” This statement provides guidance outlining the CFPB’s expectations of furnishers and consumer reporting agencies (“CRAs”) during the COVID-19 pandemic, and signals that the CFPB will take a flexible supervisory and enforcement approach to compliance with the Fair Credit Reporting Act (“FCRA”) and its implementing regulation, Regulation V.

The key points of the CFPB’s guidance are discussed below.
Continue Reading CFPB Releases Guidance on FCRA and Regulation V Compliance During COVID-19

On December 10, the Federal Trade Commission (“FTC”) and Consumer Financial Protection Bureau (“CFPB”) held a joint workshop on accuracy in consumer reporting. The workshop included remarks from FTC Commissioner Noah Joshua Phillips, CFPB Assistant Director for Supervision Policy Peggy Twohig, CFPB Deputy Director Brian Johnson, and FTC Deputy Director for the Bureau of Economics Andrew Stivers. The workshop included four panels:

  • Panel 1: Furnisher Practices and Compliance with Accuracy Requirements
  • Panel 2: Current Accuracy Topics for Traditional Credit Reporting
  • Panel 3: Accuracy Considerations for Background Screening
  • Panel 4: Navigating the Dispute Process

Panelists included a range of stakeholders in the consumer reporting ecosystem, including representatives from consumer reporting agencies (“CRAs”), trade associations, furnishers, and consumer advocacy organizations.

In her closing remarks, Maneesha Mithal, Associate Director in the FTC’s Division of Privacy & Identity Protection, discussed three key takeaways and themes from the workshop:

  • (1) Alternative Data: Mithal noted that the issue of alternative data came up on almost every panel, and that there appeared to be a consensus that using some types of alternative data may benefit consumers and the industry. Mithal noted that a number of panelists expressed caution about using “fringe data,” including social media data.In a panel discussion, Michael Turner, founder and President of the Policy and Economic Research Council (“PERC”), drew a distinction between “proven payment data,” including payments for utilities, media, and rent, and unproven “fringe data” or “unstructured data,” including information from social media. Turner, along with a number of other panelists, believed that reporting proven payment data would be beneficial for consumers. Francis Creighton, President and CEO of the Consumer Data Industry Association (“CDIA”), noted that consumers are currently experiencing the “downside” impacts of the reporting of negative information about the non-payment or late payment of obligations for utilities, media, and rental housing, but are not receiving the “upside” benefits of reporting on the positive payment histories on those recurring obligations. Consumer advocates, such as Ed Mierzwinski of U.S. Public Interest Research Group (“PIRG”), expressed skepticism regarding the use of certain alternative data, such as utility payment data, and the ability of the industry to ensure the accuracy of such data.
  • (2) Role of Technology: Mithal also noted that there was some consensus that technology, including Artificial Intelligence (“AI”) and pattern recognition, may improve the quality and accuracy of consumer report information. Mithal stated that there appeared to be less consensus regarding the use of technology in data matching, with some panelists expressing the view that manual review is still necessary to ensure maximum possible accuracy. Mithal also noted that some panelists expressed the view that the CFPB should exercise its supervisory authority to examine CRAs and furnishers’ use of technology in consumer reporting.
    • In general, industry panelists spoke favorably about the prospects for AI and other technologies. For example, Eric Ellman, Senior Vice President, Public Policy and Legal Affairs at CDIA, discussed the use of technology in dispute intake, including filtering credit repair disputes from legitimate consumer disputes. Chi Chi Wu of the National Consumer Law Center expressed skepticism about relying on AI and other technologies for data matching and dispute investigations.
  • (3) Accuracy: Mithal concluded by discussing the accuracy of consumer reporting more generally, and stated that some panelists believe that the regulators should issue specific guidance in this area. Mithal also noted that panelists discussed both the importance of data accuracy with respect to consumer reports and furnished data, including ways in which CRAs may oversee furnishers.
    • In general, industry panelists pointed to substantial improvements made in recent years with regard to the accuracy of consumer reports, with repeated emphasis on improvements brought about by the National Consumer Assistance Plan (“NCAP”), an outgrowth of a multi-state attorney general settlement with the three nationwide CRAs in May 2015. Turner discussed improvements between the early and more recent studies of data accuracy. Consumer advocates stressed continuing problems with data accuracy, including the reappearance of derogatory information on consumer reports.


Continue Reading FTC and CFPB Host Workshop on Accuracy in Consumer Reporting

On May 7, 2019, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) released its long-anticipated proposed rule on debt collection. The proposed rule would amend Regulation F, which implements the Fair Debt Collection Practices Act (“FDCPA”), and would govern the activities of debt collectors, as defined in the FDCPA. Certain provisions also rely on the Bureau’s authority under sections 1031 and 1036 of the Dodd-Frank Act to regulate unfair, deceptive, or abusive acts or practices. CFPB Director Kathleen Kraninger described the Bureau’s action as an effort to “modernize the legal regime for debt collection” and “ensure we have clear rules of the road where consumers know their rights and debt collectors know their limitations.”

Continue Reading CFPB Proposes Debt Collection Rule under FDCPA

On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”).  Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect customer data.

In addition, the FTC is proposing to expand the definition of “financial institution” under the Safeguards Rule and the Privacy Rule to include “finders.”  Finally, the FTC is proposing to amend the Privacy Rule to make technical and conforming changes resulting from legislative amendments to GLBA in the Dodd-Frank Act and FAST Act of 2015.

Proposed Revisions to the Safeguards Rule’s Information Security Program Requirements

The Safeguards Rule establishes requirements for the information security programs of all financial institutions subject to FTC jurisdiction.  The Rule, which first went into effect in 2003, requires financial institutions to develop, implement, and maintain a comprehensive information security program.  As currently drafted, the Safeguards Rule has few prescriptive requirements, but instead generally directs financial institutions to take reasonable steps to protect customer information.

The FTC’s proposed revisions would add substantially more detail to these requirements.  Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, explained that the purpose of the proposed changes is “to better protect consumers and provide more certainty for business.”  The new requirements are primarily based on the cybersecurity regulations issued by New York Department of Financial Services (“NYSDFS”), and the insurance data security model law issued by the National Association of Insurance Commissioners.

Some of the specific proposed changes include:


Continue Reading FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule

On January 28, 2019, Senator Mike Crapo (R.-Id.), Chair of the Senate Committee on Banking, Housing, and Urban Affairs, published a column signaling his support for data privacy and security legislation in the 116th Congress.

In his column, Senator Crapo emphasizes what he sees as the “incredibly positive” developments associated with the development of

On October 17, 2018, Federal Reserve Board Governor Lael Brainard discussed the potential for financial innovation, and in particular, fintech products and services, to foster financial inclusion of underserved families and small businesses.  She has frequently addressed the importance of fintech, including cryptocurrencies, digital currencies and distributed ledger technologies and the role of banks in