On June 28, California enacted AB 375, the California Consumer Privacy Act (CCPA). The CCPA grants expansive consumer privacy protections including data privacy rights similar to those provided by the EU General Data Protection Regulation (GDPR), the new pan European privacy law that went into effect on May 25 of this year. In addition, the CCPA provides a private right of action for data breach victims and the potential to recover damages. The law goes into effect January 1, 2020. Companies that have implemented GDPR-compliant programs may find that little or no fine tuning will be required. Others that are not yet GDPR compliant, or not subject to the GDPR, could face significant challenges adapting to what is effectively a stringent national privacy regime given the size of the California market and the difficulty of separating California users from non-California users. Although we expect a press for practical revisions before the law goes into effect, it is not too early to start preparing to comply. Companies may seek guidance from the California Attorney General (AG) on how to comply. While the CCPA provides no time frame for a response, or even a guarantee that one will be provided, businesses that move to analyze the likely effects of the CCPA on their operations and take advantage of this mechanism are more likely to get their concerns addressed before the law enters into force. For more information, read the client alert issued by Goodwin’s Privacy and Cybersecurity practice.
On July 11, the OCIE issued a risk alert that highlighted the most common deficiencies that OCIE Staff (Staff) observed in recent examinations of investment advisers’ compliance with their best execution obligations under the Investment Advisers Act of 1940. The Staff identified the following eight common deficiencies:
- Not performing best execution reviews.
- Not considering materially relevant factors during best execution reviews.
- Not seeking comparisons from other broker-dealers.
- Not fully disclosing best execution practices.
- Not disclosing soft dollar arrangements.
- Not properly administering mixed use allocations.
- Inadequate policies and procedures relating to best execution.
- Not following best execution policies and procedures.
These deficiencies resulted in a range of actions against advisers. As a result, some advisers chose to amend relevant disclosures, revise compliance policies and procedures, or otherwise adjust their practices regarding best execution or soft dollar arrangements. OCIE also encouraged advisers to reflect upon their own practices, policies, and procedures in these areas and to promote improvements in their compliance programs.
On July 3, the NYDFS published a Notice of Adoption regarding the addition of Part 201 to Title 23 of the NYCRR. The new regulations require every consumer credit reporting agency that assembles, evaluates, or maintains a consumer credit report on one thousand or more New York consumers within the previous 12-month period to register with the NYDFS by September 15, 2018. NYDFS expects an online registration form to be available next month. Annual renewal requirements will begin February 1, 2019.
Registrants are “covered entities” subject to NYDFS’ cybersecurity regulations, and they are prohibited from engaging in certain practices enumerated in the new regulations. Acting without a registration is prohibited. Significantly, other entities regulated by the NYDFS may neither pay fees or compensation nor transmit information to any consumer reporting agency that has failed to register.
On July 16, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) issued a Financial Institutions Letter, FIL-39-2018, reminding banks of recent changes to Call Reports due on July 30, 2018. The FDIC issued a separate but related Financial Institutions Letter, FIL-40-2018, on July 17. In FIL-2-2018 and FIL-12-2018, the Agencies had previously announced that they were implementing additional burden-reducing revisions to the FFIEC 051, FFIEC 041, and FFIEC 031 Call Reports this quarter. The revisions taking effect this quarter include removing or consolidating data items, adding new or raising certain existing reporting thresholds, and reducing the frequency of reporting data items. In addition, S. 2155, the recent financial regulatory reform law enacted on May 24, 2018, includes two sections that affect reporting in the second quarter 2018 Call Report. Section 214 of S. 2155 addresses the risk weighting of acquisition, development, or construction (ADC) loans considered high volatility commercial real estate (HVCRE) and defines “HVCRE ADC Loan” for risk-based capital purposes. Under Section 202 of S. 2155, qualifying institutions may exclude a capped amount of reciprocal deposits from treatment as brokered deposits.
Beginning this quarter, institutions with consolidated total assets of $100 billion or more that do not have foreign offices must begin filing the FFIEC 031 report instead of the FFIEC 041. Eligible small institutions, generally those with domestic offices only that reported total assets less than $1 billion in the Call Report for June 30, 2017, had the option to file either the streamlined FFIEC 051 report form or the FFIEC 041 report form for the March 31, 2018, report date. An eligible small institution is expected to file the same report form, either the FFIEC 051 or the FFIEC 041, for the second through fourth quarters of 2018 that it filed for the first quarter of 2018.
The Federal Reserve, the FDIC and the OCC (collectively, the Agencies), based on the recommendations of an interagency working group, have revised the following interagency forms:
- Interagency Biographical and Financial Report
- Interagency Bank Merger Act Application
- Interagency Notice of Change in Control
- Interagency Notice of Change in Director or Senior Executive Officer
According to the Agencies, the changes are being made to:
- improve the clarity of the requests;
- reflect new laws, regulations, capital requirements and accounting rules;
- delete information requests that have been determined to be unnecessary for the analysis of the proposal; and
- add transparency for filers regarding the information that is required to consider a proposal.
The revised forms are effective immediately and may be used for all applicable future applications filed with the Agencies.
On July 17, the Federal Reserve, FDIC, OCC, SEC, and Commodity Futures Trading Commission (CFTC) (collectively, the Agencies) published in the Federal Register their proposed rule to simplify and tailor compliance requirements relating to Section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, commonly known as the “Volcker Rule.” By statute, the Volcker Rule generally prohibits banking entities from engaging in proprietary trading and from owning or controlling hedge funds or private equity funds. Details of the proposed rule were included in the June 6 edition of the Roundup. Comments are due on September 17, 2018.
Enforcement & Litigation
On June 26, the Third Circuit affirmed summary judgment in favor of defendant Yahoo, Inc. in a putative Telephone Consumer Protection Act (TCPA) class action, Dominguez v. Yahoo, Inc., because the plaintiff had failed to provide any relevant and admissible evidence that Yahoo’s systems met the TCPA’s automated telephone dialing system (ATDS) definition. In reaching its conclusion, the Third Circuit relied upon the D.C. Circuit’s recent decision in ACA International v. FCC (which we covered here). View the LenderLaw Watch blog post.
On July 11, Deputy Attorney General Rod J. Rosenstein announced that President Trump issued an executive order establishing a new Task Force on Market Integrity and Consumer Fraud, comprised of a number of divisions of the Department of Justice (DOJ), including the FBI and various United States Attorney’s Offices as designated by the Attorney General. The focus of the Task Force is to investigate and prosecute consumer and corporate fraud that targets the public and the government, with a particular emphasis on the elderly, service members and veterans. View the Digital Currency + Blockchain Perspectives blog post.
The Mortgage Bankers Association brings together inside and outside counsel, compliance officers, company executives, government relations professionals, policy directors, and quality assurance professionals to discuss current topics impacting the mortgage industry’s regulatory environment for this three-day conference. Goodwin is a sponsor and Tony Alexis, partner in Goodwin’s Financial Industry practice and head of the Consumer Financial Services Enforcement practice, will be speaking on the “Applied Compliance: Trends in RESPA Section 8 Compliance” track. Sabrina Rose-Smith, partner in Goodwin’s Financial Industry and Consumer Financial Services Litigation practices, will be speaking on the “Emerging Compliance Risk: Navigating State UDAP Laws” track. For more information, visit the event website.
Goodwin partner Michael Isenman will be a panelist at the Fiduciary Investment Advisors (FIA) 2018 Annual Conference. Mike will be a speaker on the panel “401(k)/403(b) Mock Deposition: How to Protect Against & Prepare for Defined Contribution Litigation).” For more information, visit the event website.