Menu

CFPB Rescinds RESPA Compliance and Marketing Services Agreements Bulletin, Provides Clarity on RESPA Fee Prohibition in FAQs

The Consumer Financial Protection Bureau (CFPB ) rescinded Bulletin 2015-05, RESPA Compliance and Marketing Services Agreements on October 7, 2020, stating that the bulletin did not provide the regulatory clarity necessary for compliance with the Real Estate Settlement Procedures Act (RESPA) and Regulation X. The CFPB also issued frequently asked questions (FAQs) to clarify when marketing services agreements (MSAs) are acceptable under RESPA. More ›

NYS DFS Publishes its Investigative Report of the Twitter Hack of July 2020

The New York State Department of Financial Services issued a press release on Thursday announcing the publication of its investigative report of the July 2020 Twitter hack. The exhaustive report reviews the facts surrounding the hack, provides a visual timeline, and explores the cybersecurity weaknesses at Twitter that made the hack possible, including a lack of leadership, vulnerability to social engineering, and a failure to address the new vulnerabilities caused by the pandemic-driven shift to mass remote working. More ›

Fourth Edition of 50 State Guide on Student Loan Servicing Regulations Now Available

An important resource for financial services compliance professionals has been updated. The Fourth Edition of the 50 State Guide on Student Loan Servicing Regulations is a quick reference guide and resource for student loan servicers regarding the regulations specific to the industry, along with pending legislation, litigation, and court rulings. More ›

Validating Cyber Compliance in Light of the First DFS Enforcement Action

We recently reported on the New York State Department of Financial Services' (DFS) first enforcement action under its 2017 cybersecurity regulation ("Part 500"), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. DFS' statement of charges provides important insight into the agency's priorities and expectations when assessing how a company has addressed and mitigated a data exposure, and offers a roadmap for how other regulators might interpret similar data security laws being implemented across the country. Given increasing regulatory scrutiny and the fact that inappropriate cybersecurity procedures and practices could result in significant financial liabilities, companies should proactively re-assess where they stand in relation to applicable cyber mandates.

We highlight here some key takeaways from the recent DFS enforcement action that entities subject to Part 500 should carefully consider when validating their current state of compliance. More ›

Another Cybersecurity Wake Up Call: Connecticut Insurance Department Issues Guidance on Cyber Law Set to go Into Effect

Covered entities received two cybersecurity wake up calls from insurance regulators this month. As we have reported, the New York State Department of Financial Services (DFS) issued its long-awaited first cyber enforcement action pursuant to its groundbreaking and first-in-nation cybersecurity regulation. In addition, the Connecticut Insurance Department issued a Bulletin to all licensees, providing guidance for compliance with the Connecticut Insurance Data Security Law (the Act), which goes into effect on October 1, 2020. The Act was modeled after the National Association of Insurance Commissioners Model Cybersecurity Law, which itself was modeled after the DFS cybersecurity regulation. More ›

New York Courts Lift Suspension of Foreclosure Proceedings, Add Additional Conference Requirement

On July 24, 2020, the New York State Courts issued Administrative Order 157/20 (AO/157/20). Effective July 27, 2020, AO/157/20 removes the formal suspension of all residential foreclosures, but keeps a limited suspension of commercial foreclosures in place until August 19, 2020. Under this new directive, foreclosure actions can be resumed by courts first scheduling at least one conference. Those conferences are expected to be the same as the mandatory CPLR 3408 settlement conferences—even if settlement conferences were previously held—because the courts were directed to consider all aspects of the case, including "the effects, if any, that the COVID-19 pandemic has had upon the parties." More ›

Long-Awaited DFS Cyber Enforcement Action Sees Charges Filed Against Title Insurer For Exposing Millions of Documents Containing Consumer Personal Information

After several years of anticipation, the New York State Department of Financial Services (DFS) has filed its first enforcement action under the agency's groundbreaking and first-in-the-nation 2017 cybersecurity regulation (Part 500 of Title 23 of the New York Codes, Rules, and Regulations), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. This action is a wakeup call to covered entities to fully implement the directives of Part 500. More ›

SCOTUS Decides Federal Debt is not Exempted from TCPA, While FCC Autodialer Declaration Further Alters TCPA Landscape

With a major U.S. Supreme Court decision leading the way, recent developments continue to reshape the landscape of the Telephone Consumer Protection Act (TCPA). More ›

FCC Clarifies Autodialer Definition, Including in Bulk Text Message Context

The Federal Communications Commission (FCC) recently issued a Declaratory Ruling clarifying the definition of an autodialer. Exactly what constitutes an autodialer under the TCPA has been a burgeoning topic in consumer litigation. The TCPA prohibits any person from texting or calling a cellular telephone number using an automatic dialing system (“autodialer” or “ATDS”) without prior express consent. The TCPA defines an ATDS as equipment which has the capacity to (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers. More ›

SCOTUS Holds CFPB's Single Director Structure Unconstitutional, Leaves Open Questions on Existing Bureau Matters

Earlier today, the United States Supreme Court issued a two part decision in Seila Law LLC v. Consumer Financial Protection Bureau. The Court first decided, in a 5-4 decision with Chief Justice Roberts authoring the Court's opinion, that the CFPB's leadership by a single Director removable only for inefficiency, neglect, or malfeasance violates the separation of powers doctrine. The Court next decided that the Director's unconstitutional removal protection is severable from the other provisions of Dodd-Frank that establish the CFPB and define its authority. The severability holding was also authored by Roberts, but drew a 7-2 split. More ›

Search
Subscribe via Email