In this issue. The Consumer Financial Protection Bureau (CFPB) took action to ensure consumers can dispute charges and obtain refunds on buy now, pay later (BNPL) loans; the Securities and Exchange Commission (SEC) adopted rule amendments to Regulation S-P to enhance protection of customer information; the CFPB issued a final rule to implement section 1071 of the Dodd-Frank Act; and the Board of Governors of the Federal Reserve System (Federal Reserve) announced its denial of two rulemaking petitions due to legal and policy considerations. These and other developments are discussed in more detail below.
Regulatory Developments
CFPB Takes Action to Ensure Consumers Can Dispute
Charges and Obtain Refunds on Buy Now, Pay Later
Loans
On May 22, the CFPB issued an interpretive rule (Rule) confirming that BNPL
lenders are credit card providers under the Truth in Lending Act
and Regulation Z, requiring them to provide consumers certain legal
protections and rights applicable to conventional credit cards.
Traditional BNPL products are closed-end loans that are payable in
four or fewer installments without a finance charge and are used to
make purchases on credit. Under the new Rule, BNPL lenders must
investigate disputes initiated by consumers and pause payment
requirements during the investigation and when applicable, issue
credits. BNPL lenders must also refund returned products or
cancelled services to the consumer's account and provide
periodic billing statements like ones received for traditional
credit cards. The Rule is set to go into effect 60 days after
publication in the Federal Register. Public comment on the
Rule will be accepted until August 1, 2024.
SEC Adopts Rule Amendments to Regulation S-P to Enhance
Protection of Customer Information
On May 16, the SEC adopted amendments to Regulation S-P, known as the
"Safeguards Rule," to enhance the treatment of
consumers' nonpublic personal information. Regulation S-P,
which implements the Gramm-Leach Bliley Act, applies to certain
financial institutions, including broker-dealers, investment
companies, registered investment advisers, funding portals, and
transfer agents (covered institutions). The amendments require
covered institutions to (1) adopt incident response programs,
policies, and procedures that are "reasonably designed to
detect, respond to, and recover from unauthorized access to or use
of customer information" and (2) notify customers in writing
if their information is exposed in an incident. Larger covered
institutions will need to comply with the amendments within 18
months of publication in the Federal Register.
"Over the last 24 years, the nature, scale, and
impact of data breaches has transformed substantially. These
amendments to Regulation S-P will make critical updates to a rule
first adopted in 2000 and help protect the privacy of
customers' financial data. The basic idea for covered firms is
if you've got a breach, then you've got to notify.
That's good for investors."
— Gary Gensler, Chairperson, SEC
CFPB Issues Final Rule to Implement Section 1071 of the
Dodd-Frank Act
On May 17, the CFPB announced an extension of the compliance dates for its
small business lending rule requiring collection and reporting of
lending to women-owned, minority-owned, and small businesses. The
rule had previously been stayed in federal district court pending a
final ruling in CFPB v. CFSA. Given the Supreme
Court's May 16 ruling upholding the constitutionality of the
CFPB's funding structure, the CFPB announced an approximately
nine-month extension of the rule's compliance dates to
compensate for the period stayed.
The new compliance dates are as follows:
- Tier 1 institutions (highest volume lenders) – July 18, 2025
- Tier 2 institutions (moderate volume lenders) – January 16, 2026
- Tier 3 institutions (smallest volume lenders) – October 18, 2026
Federal Reserve Denies Two Rulemaking Petitions Due to
Legal and Policy Considerations
On May 17, the Federal Reserve announced its denial of two rulemaking petitions. The first
petition requested that the Federal Reserve and Federal Deposit
Insurance Corporation adopt changes to the Uniform Financial
Institution Rating System, otherwise known as the CAMELS rating
system. The petition asked the Federal Reserve to engage in
rulemaking to change various methodologies and definitions within
CAMELS, and to further study its effectiveness. The Federal Reserve
determined that it would not be an effective use of its limited
resources to revise these methodologies and definitions and
suggested that further studies are unnecessary given the current
mandatory disclosure regime. The second petition sought that the
Federal Reserve promulgate a rule requiring financial institutions
that have pledged to provide financial support for Black Lives
Matter to disclose all activity concerning that pledge. The Federal
Reserve declined to grant the petition, finding that it was unaware
of any legal basis to promulgate the requested rule.
Check Out Goodwin's Latest Industry Insights
New Client Alert: South Carolina Becomes Fifth State to
Enact Law Regulating Earned Wage Access Services
South Carolina has become the fifth state (and the third in 2024)
to enact a law that establishes a financial services oversight
regime for earned wage access services, also known as on-demand pay
services, which allow workers to access earned but unpaid income
before payday. The governor approved the legislation (S 700) on May
21, 2024. South Carolina's law imposes registration and other
substantive requirements on providers and provides important
regulatory certainty for these innovative financial services in the
state. South Carolina joins Kansas, Missouri, Nevada, and Wisconsin, each of which have adopted similar
legislation. To read more, click here.
New Fintech Flash: CFPB Q1 Circular Recap: Essential
Takeaways for Mitigating UDAAP Risk to Remittance Transfer
Providers, Digital Comparison-Shopping Tools Operators, and Lead
Generators
In the first quarter of 2024, the CFPB issued two Consumer
Financial Protection Circulars, putting remittance transfer
providers, digital comparison-shopping tools operators, and lead
generators on notice of certain practices that can violate the
Consumer Financial Protection Act's (CFPA's) prohibition on
unfair, deceptive, and abusive acts and practices. To read more on
the CFPB's Q1 circular recap, click here.
Upcoming Event: Goodwin's Client Reception at
Consensus 2024 (Austin, TX)
Heading to Consensus in Austin, Texas, later this month? Join
Goodwin for an afternoon of authentic Texas BBQ, refreshing
beverages, and engaging conversations with peers in the digital
currency and blockchain community. To RSVP, click here.
Corporate Transparency Act (CTA) Resource
Center
Go-to resource with on-demand webinars and compliance toolkit.
Consumer Finance Insights (CFI)
Blog
The latest on consumer finance regulation, litigation, and
enforcement.
Fintech Flash
The latest news and developments for the rapidly evolving fintech
industry – which often can change in a flash.
Bank Failure Knowledge
Center
Visit our knowledge center for timely updates and analysis on
important developments related to bank failures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.