The latest regulations coupled with the Treasury Department guidance have left many scratching their heads as to whether fintech companies will be able to provide small business loans under the recently enacted Paycheck Protection Program (PPP), a crucial part of the U.S. legislature’s latest attempts to address the serious economic impacts of the COVID-19 pandemic. 

The global coronavirus pandemic continues on, and the cyberattacks and scams continue to multiply.  In the midst of the pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed at infecting computers with malware or obtaining sensitive, personal information.  Below are some of the latest examples of attacks and vulnerabilities to be aware of:

covid-19-impact-insight_blog

On March 30, 2020, Christi A. Grimm, Principal Deputy Inspector General of the Department of Health and Human Services (HHS) Office of Inspector General (OIG), issued a letter to the OIG’s website outlining the OIG’s perspective on enforcement during the 2019-novel coronavirus (COVID-19) crisis. Consistent with our recent experiences, OIG stated its desire to minimize

While businesses grapple with the COVID-19 crisis, data privacy and data security regulation remains a pressing concern.  Some significant state laws regarding data privacy and security have gone into effect in 2020, such as the California Consumer Privacy Act (“CCPA”) (effective January 1, 2020) and the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) (effective March 21, 2020).  Regulator expectations for compliance with these new legal requirements seem immune from the virus that has placed strains on business operations and employees responsible for understanding and operationalizing new business processes to comply with these new legal requirements.

As resources are strained and employee focus is diverted to the evolving and unforeseen business demands in addressing COVID-19, the need for focus on data privacy and security appears even greater.  Read on for three data security and privacy recommendations when handling COVID-19 related disruptions to business.

COVID-19 is delaying just about everything these days—except the CCPA.

In letters submitted on March 17 and March 20, a coalition of nearly sixty business and organizations called on California Attorney General Xavier Becerra to temporarily defer CCPA enforcement by six months to January 2, 2021 due to COVID-19. The coalition, which spans a range of industries including tech, telecommunications, advertising, retail, insurance, transportation and real estate, argued that a deferral of enforcement would allow businesses to prioritize the needs of their workforce during the global pandemic. The coalition also pointed to the still-changing nature of the CCPA’s regulations as grounds for a temporary enforcement hiatus, contending that businesses need time to implement the final CCPA requirements.

Under the leadership of U.S. Securities and Exchange Commission Chairman Jay Clayton, the SEC’s Division of Enforcement has made the protection of Main Street investors its overarching priority.  On March 23, 2020, Division of Enforcement Co-Directors Stephanie Avakian and Steven Peikin issued a statement to financial market participants re-emphasizing the SEC’s commitment to safeguard the

As many industries transition to alternate working arrangements in response to COVID-19, certain sectors and functions essential to the nation’s public health, safety and community well-being must continue to operate. The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security recently released an initial list of “Essential Critical Infrastructure Workers” to help guide state/local officials and industry leaders on which sectors and functions should continue during the COVID-19 response. This memorandum was released after President Trump issued guidance that workers in critical infrastructure industry, as defined by DHS, “have a special responsibility” to maintain a normal work schedule.

On March 18, 2020, Square Inc., became the first U.S. fintech company to receive conditional approval of an Industrial Loan Company (“ILC”) charter from the Federal Deposit Insurance Corporation (“FDIC”), to pair with its prior charter approval on March 17, 2020 from the Utah Department of Financial Institutions.  It became the first new de novo

The Financial Crimes Enforcement Network (FinCEN) released a statement to financial institutions on March 16, 2020, concerning the COVID-19 pandemic. The statement covered two main topics:

  • Potential delays by financial institutions in filing required Bank Secrecy Act (BSA) reports
  • Remaining alert to identify malicious or fraudulent transactions, which often arise during natural disasters

    • First, FinCEN