Like most industries today, consumer finance service companies are significantly affected by the novel coronavirus (COVID-19). Troutman Pepper has developed a COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading healthcare organizations, and tools businesses can use for free.
Our banking and loan clients are also facing new challenges affecting their industry as a result of COVID-19, especially the ever-changing rules and regulations around evictions and foreclosures. We are following these updates closely and have assembled an interactive tracking tool containing state orders and guidance material regarding residential lockdowns and eviction moratoria. You can access this interactive tool at https://covid19.trutman.com/.
To help you stay on top of relevant activities, below is a breakdown of some of the biggest COVID-19-related events at the federal and state levels that have impacted the fundraising services industry. consumption last week:
Privacy and cybersecurity activities
- On September 23, the Consumer Financial Protection Bureau (CFPB) released its first in-depth report analyzing complaint submission patterns by U.S. census tract. The report, “Consumer Complaints Across the Credit Lifecycle, by Demographics,” finds that complaints from wealthier communities and communities with higher percentages of non-Hispanic white residents were more common in the show. loans and service delivery, while complaints from communities of color and low-income communities were more frequently related to credit reports, identity theft and delinquent services. The report based its findings on nearly one million consumer complaints submitted to the CFPB between 2018 and 2020, and uses a new approach to categorize complaints by matching affected consumers to U.S. Census demographics at the area level. census. For more information, click here.
- On September 22, the Internal Revenue Service announced that it had awarded new contracts to three private sector collection agencies to collect overdue tax debts. As of September 23, taxpayers with unpaid tax bills can be contacted by one of the following three agencies: CBE Group, Inc., Coast Professional, Inc. and ConServe. For more information, click here.
- On September 21, U.S. Senators voted 49 to 48 to advance the nomination of Rohit Chopra – President Joe Biden’s choice to lead the CFPB – from the Senate Banking Committee to the Senate. Chopra faces a final confirmation vote as early as this week. For more information, click here.
- On September 21, U.S. Senators Catherine Cortez Mastro, Sherrod Brown and Elizabeth Warren introduced a new bill that would reward whistleblowers for reporting wrongdoing to the CFPB, with up to 30% settlement compensation or up to to $ 50,000 if the settlement is less than $ 1 million. For more information, click here.
- On September 21, the U.S. House of Representatives Rules Committee passed amendments on credit reports and medical debt collection for military and private student loans. For more information, click here.
- On September 20, the Department of Justice (DOJ) announced that it had entered into a consent order with the New Jersey Higher Education Student Assistance Authority (HESAA) to resolve DOJ’s claim that HESAA violated the law. on military aid (SCRA) by securing court judgments against two servicemen for amounts owed on student loans. The regulations require the HSEAA to pay the two servicemen $ 15,000 and a civilian fine of $ 20,000 to the United States. It also requires HESAA to provide SCRA training to its employees and external legal advisers and to develop new SCRA-compliant policies and procedures. For more information, click here.
- On September 23, the Governor of California enacted a Debt Collection Bill that will adjust how collectors deal with situations where an individual claims a debt is fraudulent as a result of identity theft. The law will probably come into force on January 1, 2022. For more information, click on here.
- On September 23, the West Virginia attorney general filed a lawsuit, seeking to fine a New York collection agency for operating in the state without a license, while barring the company from collecting debts in the state. For more information, click here.
- On September 22, the California Department of Financial Protection and Innovation launched its first enforcement action against a buyer and debt collector, resulting in a fine of $ 375,000 for unlawfully threatening to sue consumers and submitting negative information to credit bureaus without notifying consumers. For more information, click here.
- On September 20, the Massachusetts Legislature held a hearing on a bill that would require businesses calling people in that state and using a caller ID number displaying a Massachusetts area code to be physically present. in the state or face fines of up to $ 10,000 per appeal. . For more information, click here.
Privacy and cybersecurity activities:
- On September 24, the PCI Security Standards Council (PCI SSC) released guidelines to support the principles and procedures that describe the application of remote assessments. The organization has developed the “PCI SSC Remote Assessment Guidelines and ProceduresâTo meet the changing needs of the payments industry due to the changes caused throughout the COVID-19 pandemic. The guidelines specifically address concerns that may arise from an assessor’s inability to perform an on-site assessment. PCI SSC guidelines include:
- Feasibility considerations for using remote assessments;
- Steps to properly plan and prepare for the remote assessment;
- Detailed guidelines and best practices on using remote testing methods for different types of testing activities;
- PCI SSC Evaluator Requirements and Expectations Regarding the Use of Remote Evaluation Activities; and
- Addendum to the report template to document the use of remote assessment methods.
To read the full announcement, click here.
- Last week, reports revealed that several healthcare organizations had suffered data breaches. In one case, hackers demanded that the healthcare provider pay $ 5.9 million to publish data obtained in a ransomware attack. Hackers allegedly gained access to the organization’s systems and encrypted over a thousand files from invoices, research and other documents. In a similar report, hackers allegedly encrypted the financial records of a health center and demanded $ 30,000 for their release. For those interested in knowing how states are considering ways to limit an organization’s response options during a ransomware attack, check out our article by clicking here.
Executives are reminded to follow several precautions to protect themselves against ransomware. CISA recommended that companies must:
- Never click on links or open attachments in unsolicited emails;
- Regularly back up data and keep it on a separate device;
- Segment data based on use cases;
- Practice correctly cyber hygiene;
- To follow safe practices when using devices that connect to the Internet;
- Restrict the authorization of users to install and run software applications;
- Activate powerful spam filters to prevent phishing emails from reaching end users and authenticate incoming emails to prevent email spoofing;
- Update software and operating systems with the latest patches; and
- Configure firewalls to block access to known malicious IP addresses.
For the full list of recommendations, see CISA Ransomware Guide. For business leaders interested in evaluating their cybersecurity practices on their networks, check out CISA Cyber ââSecurity Assessment Tool.