On October 18, the Supreme Court granted certiorari in Seila Law v. Consumer Financial Protection Bureau (CFPB). The question presented before the Court is “whether the substantial executive authority yielded by the CFPB, an independent agency led by a single director, violates the separation of powers.”  In addition, the Court requested that the parties brief and argue an additional question: “If the Consumer Financial Protection Bureau is found unconstitutional on the basis of the separation of  powers, can 12 U.S.C. § 5491(c)(3) [the for-cause removal provision] be severed from the Dodd-Frank Act?”

Continue Reading Supreme Court Grants Certiorari in Seila Law v. Consumer Financial Protection Bureau

On Friday, the leaders of the Securities and Exchange Commission (“SEC”), Commodity Futures Trading Commission (“CFTC”), and Financial Crimes Enforcement Network (“FinCEN”) (collectively, the “Agencies”) issued a “Joint Statement on Activities Involving Digital Assets” (the “Joint Statement”).  The Joint Statement serves as a reminder that businesses engaged in activities involving digital assets – or, as they are sometimes called, virtual currencies or cryptocurrencies – should be attentive to their anti-money laundering (“AML”) obligations, including under the Bank Secrecy Act (“BSA”).

The Joint Statement notes that the BSA requires “financial institutions” to:  (1) establish and implement an effective AML program; and (2) comply with certain recordkeeping and reporting requirements, including the filing of suspicious activity reports (“SARs”).  These requirements apply not just to a financial institution’s traditional lines of businesses, but also to its businesses involving digital assets.


Continue Reading Leaders of the SEC, CFTC, and FinCEN Issue Joint Statement Emphasizing AML Obligations for Digital Asset Activities

On July 23, the New York State Department of Financial Services (“DFS”) announced a new Research and Innovation Division.  The Division will assume responsibility for licensing and supervising virtual currencies.  It will also “assess efforts to use technology to address financial exclusion; identify and protect consumer data rights; and encourage innovations in the financial services

On June 7, 2019, 26 Democratic senators sent a letter to Consumer Financial Protection Bureau (the “Bureau”) Director Kathleen Kraninger criticizing the Bureau’s proposed rule to modify Regulation F under the Fair Debt Collection Practices Act.  As we have previously discussed, the Bureau released its long-anticipated proposed rule on May 7, 2019.  Director Kraninger described

On May 2, 2019, the Consumer Financial Protection Bureau (“CFPB”) released a notice of proposed rulemaking (the “NPRM”) proposing to raise coverage thresholds for collecting and reporting data under the Home Mortgage Disclosure Act (“HMDA”).  In addition, the Bureau released an advanced notice of proposed rulemaking (the “ANPR”) requesting comment on the costs and benefits

On April 29, 2019 the New York State Department of Financial Services (“DFS”) announced that it has created a new division, called the Consumer Protection and Financial Enforcement Division, which combines the previously separate Enforcement Division and Financial Frauds and Consumer Protection Division.

The new division will be “responsible for protecting and educating consumers and

On April 25, 2019, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a Request for Information (the “RFI”) related to the Remittance Rule, the Bureau’s existing regulation that implements the Electronic Funds Transfer Act (“EFTA”) as amended by the Dodd-Frank Act.  The Remittance Rule requires certain disclosures in the case of remittance payments (electronic

On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”).  Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect customer data.

In addition, the FTC is proposing to expand the definition of “financial institution” under the Safeguards Rule and the Privacy Rule to include “finders.”  Finally, the FTC is proposing to amend the Privacy Rule to make technical and conforming changes resulting from legislative amendments to GLBA in the Dodd-Frank Act and FAST Act of 2015.

Proposed Revisions to the Safeguards Rule’s Information Security Program Requirements

The Safeguards Rule establishes requirements for the information security programs of all financial institutions subject to FTC jurisdiction.  The Rule, which first went into effect in 2003, requires financial institutions to develop, implement, and maintain a comprehensive information security program.  As currently drafted, the Safeguards Rule has few prescriptive requirements, but instead generally directs financial institutions to take reasonable steps to protect customer information.

The FTC’s proposed revisions would add substantially more detail to these requirements.  Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, explained that the purpose of the proposed changes is “to better protect consumers and provide more certainty for business.”  The new requirements are primarily based on the cybersecurity regulations issued by New York Department of Financial Services (“NYSDFS”), and the insurance data security model law issued by the National Association of Insurance Commissioners.

Some of the specific proposed changes include:


Continue Reading FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule

On January 28, 2019, Senator Mike Crapo (R.-Id.), Chair of the Senate Committee on Banking, Housing, and Urban Affairs, published a column signaling his support for data privacy and security legislation in the 116th Congress.

In his column, Senator Crapo emphasizes what he sees as the “incredibly positive” developments associated with the development of