Last week, we reported that on December 30, 2020, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued compliance assistance sandbox (“CAS”) approval to Payactiv, Inc. (“Payactiv”) regarding specific aspects of its earned wage access (“EWA”) product.

Payactiv’s Chief Legal Officer, David Reidy, expressed Payactiv’s reaction to the Approval Order this way – “We are grateful for the hard work and commitment the Bureau showed through this whole process. Everyone involved believes in EWA as an important and innovative benefit for workers. I couldn’t be more proud that Payactiv is the first and only EWA provider to be granted this approval.”

The recently-passed California Privacy Rights Act (CPRA) augments and supplements California’s existing privacy law, the California Consumer Privacy Act (CCPA).  We are sure many practitioners are wondering how it stacks up with the European Union’s General Data Protection Regulation (GDPR). See below for Part I of our two part series comparing the CPRA and the GDPR (and see Part II here).

HOW DOES THE CPRA CHANGE THE CCPA?

The CPRA makes several significant changes to the CCPA:

  • It introduces the concept of “sensitive personal data”;
  • It introduces new obligations on businesses, and GDPR-style “principles”;
  • It introduces new rights for consumers; and
  • It creates a new supervisory authority for data protection and privacy in California — the California Privacy Protection Agency.

These changes are very significant – but do they represent a move closer to GDPR, or a move away?

New York, California and six other States filed a widely expected lawsuit on January 5 seeking to invalidate the “True Lender” Rule recently issued by the Office of the Comptroller of the Currency (“OCC”).  As we previously reported, the OCC’s True Lender Rule — finalized in October and effective since December 29 —provides bright-line tests for determining, in the context of a lending partnership between a national bank (or federal thrift) and a third-party (often a FinTech or other non-bank firm), which entity actually “made” the loan, i.e., which entity was the “true lender.”

On December 30, 2020, the Consumer Financial Protection Bureau (“CFPB”) granted approval to Payactiv, Inc. (“Payactiv”) to offer its earned wage access (“EWA”) program under the CFPB’s Policy on the Compliance Assistance Sandbox, among the first approvals under the CFPB’s regulatory sandbox.

In its approval order, the CFPB granted approval to various aspects of Payactiv’s EWA program and grants Payactiv a safe harbor from liability under the Truth in Lending Act (“TILA”) and Regulation Z.

On December 10, 2020, FinCEN Director Kenneth Blanco delivered prepared remarks at the ABA’s annual Financial Crimes Enforcement Conference. At the outset, Director Blanco addressed the importance of U.S. national security amidst the unprecedented environment created by the COVID-19 pandemic. In his remarks, Director Blanco announced “important guidance” and “much needed clarity” concerning FinCEN’s voluntary Section 314(b) information sharing program.

Section 314(b) of the USA PATRIOT Act provides financial institutions safe harbor from civil liability when sharing with another financial institution information regarding customers suspected of possible terrorist financing or money laundering activities. 31 C.F.R. § 1010.540(b)(1). Financial institutions share information under this provision to facilitate investigations of suspicious activity and assist in preparing more complete Suspicious Activity Reports (“SARs”).

A federal court recently allowed a plaintiff’s state law negligence claim, which utilized the Anti-Kickback Statute (“AKS”) and federal physician self-referral law (the “Stark Law”) as legal support to survive a motion for summary judgment. In Post v. AmerisourceBergen Corporation, No. 1:19-CV-73 (N.D.W. Va. Nov. 2, 2020), Plaintiff, Frances G. Post, filed suit against

The November 2020 election left a lot of questions.  Among them, companies doing business in California are now asking about compliance with yet another California data privacy law, this time the California Privacy Rights and Enforcement Act of 2020 (the “CPRA”).  This article gives an overview addressing the what, when, and how of the CPRA.  (We won’t hazard a guess as to the why—we leave that to the backers of the new law.)

What is the CPRA?

The CPRA builds on the California Consumer Privacy Act of 2018 (the “CCPA”) in a number of key ways.  It includes: new consumer rights, new requirements for businesses, and a number of other miscellaneous changes.  Some parts of the CCPA will remain in effect, and others are rephrased or clarified.  We provide below a high-level overview of topics we believe businesses should be thinking about now as they look ahead to building-out their CPRA compliance programs.

In an earlier article, we provided an overview of the Consumer Financial Protection Bureau’s (“CFPB”) earned wage access (“EWA”) advisory opinion.  In the opinion, the CFPB identified seven requirements for a “Covered EWA Program,” i.e., an EWA program that would “not involve the offering or extension of ‘credit’” under the Truth In Lending Act (“TILA”) and its Regulation Z.

On December 3, 2020, the SEC announced that FinHub (the Strategic Hub for Innovation and Financial Technology) was being upgraded to an independent office. Acknowledging the importance of the all things fintech (emerging technologies and innovation in financial services), the SEC stated that creating a stand-alone office:
“[S]trengthens the SEC’s ability to continue fostering innovation in emerging technologies in our markets consistent with investor protection. The office will continue to lead the agency’s work to identify and analyze emerging financial technologies affecting the future of the securities industry, and engage with market participants, as technologies develop.”

As we previously explained, the Consumer Financial Protection Bureau’s (“CFPB”) recently finalized Advisory Opinion Policy allows any person or entity to request an advisory opinion from the agency.  When the CFPB finalized that Policy on November 30, 2020, it concurrently issued its first two advisory opinions: one addressing earned wage access (“EWA”) programs, and one concerning private education loan products.  This article specifically comments on the important EWA advisory opinion.

EWA programs generally allow employees to access wages they have already worked for and accrued, but have not yet been paid.  In its EWA advisory opinion, the CFPB stated that EWA programs incorporating several specific features do “not involve the offering or extension of ‘credit,’” and thus, do not fall under the purview of Regulation Z, which implements the Truth In Lending Act (“TILA”).