CFPB Publishes Circular Confirming Failure to Safeguard Consumer Data Could Be Unfair in Violation of CFPA
On August 11, the CFPB published a Circular, announcing the CFPB’s increased focus on potential misuse and abuse of personal financial data. The Circular details circumstances under which financial companies could violate the CFPA by unfairly putting consumer data at risk through inadequate data security safeguards. Although the Circular does not require any specific measures to be taken, it provides examples of measures that, when not taken, will typically meet the first two elements of an unfairness claim and increase the likelihood that an entity’s conduct will trigger liability under the CFPA’s prohibition of unfair practices. These measures include failing to: (i) leverage multi-factor authentication; (ii) maintain password management policies and practices to detect re-use of logins and passwords by employees at other entities; and (iii) maintain protocols to immediately update software and address vulnerabilities once they become publicly known.
“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse. While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”
- CFPB Director Rohit Chopra
Federal Reserve Announces Final Guidelines for Reviewing Requests to Access Federal Reserve Accounts and Payment Services
On August 15, the Federal Reserve announced final guidelines establishing a set of factors for Reserve Banks use in reviewing requests to access Federal Reserve accounts and payment services. The new factors are being implemented in response to the growth of novel types of financial products and institutions. The factors are meant to promote consistency and transparency across the various Reserve Banks when they review such requests for access to Federal Reserve accounts and payment services. The factors reflect the policy goals of: (i) ensuring the safety and soundness of the banking system; (ii) effectively implementing monetary policy; (iii) promoting financial stability; (iv) protecting consumers; and (v) promoting a safe, efficient, inclusive and innovative payment system.
Under the new guidelines, the Reserve Banks will use a tiered review framework to determine the level of due diligence and scrutiny it will apply to different types of institutions with varying degrees of risk. Generally, if the institution has federal deposit insurance, it will receive a more streamlined review process. Institutions that engage in novel activities or for which regulators are developing supervisory and regulatory frameworks will receive a more extensive review.
The new guidelines are effective once they are published in the Federal Register.
CFTC and SEC Share Joint Proposal to Amend Form PF
On August 10, the CFTC and the SEC jointly proposed a set of amendments to Form PF, which is the reporting form filed by certain SEC-registered private fund investment advisers designed to enable the federal regulators to monitor for emerging systemic risks in the financial market. Over the last decade, private funds have grown exponentially, and have adopted new practices and investment strategies. The amendments are expected to adapt to these new developments by improving the quality of data collected through Form PF.
Among other things, the proposed amendments would: (i) require filers to provide additional information about advisers and the private funds they advise (e.g., identifying information, assets under management, withdrawal and redemption rights, fund performance), assist in identifying investment trends, improve data quality and comparability, and reduce reporting errors; (ii) require more detailed information from hedge funds about the investment strategies, counterparty exposures, and trading and clearing mechanisms to provide greater insight into hedge funds’ operations and strategies; and (iii) enhance how large hedge fund advisers report the performance and certain risk metrics of their investment activities.
The deadline for submitting comments is the later of October 11, 2022 and 60 days after the date of publication in the Federal Register.
BD and IA Conflicts of Interest: SEC Staff Says Don’t Set It (Them) and Forget It (Them)
Goodwin published a client alert about a recent SEC staff bulletin covering the standards of conduct for broker-dealer and investment adviser conflicts of interest.
Read the client alert to learn more.
Check Out Goodwin’s Latest Industry Insights
FinReg + Policy Watch Blog
Stay on top of developments affecting the financial services community.
LenderLaw Watch Blog
Stay on top of news and legal issues in the consumer finance industry.
Consumer Finance Enforcement Watch Blog
Stay on top of enforcement actions, trends and issues.
Digital Currency + Blockchain Perspectives Blog
Stay on top of digital currency industry news, regulatory developments and issues.