This Post is a “Part II” to our recent blog post describing the CFPB’s current plans to consider new rules that may narrow lenders’ exposure to “disparate-impact” liability under the Equal Credit Opportunity Act (“ECOA”), as well as other federal developments along the same lines, particularly with respect to auto lending. Today, we report on

This post recently appeared in our sister publication, Consumer FinSights.

In its recently published Fall 2018 Rulemaking Agenda, the Bureau of Consumer Financial Protection announced that it is considering future rulemaking activity regarding the requirements of the Equal Credit Opportunity Act (“ECOA”) – specifically, “concerning the disparate impact doctrine in light of recent

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report on the results of investigations made by the SEC’s Division of Enforcement into nine public companies that were victims of cyber-related frauds.  In each case, the SEC investigation focused on whether the target companies had complied with the applicable requirements of the Securities Exchange Act of 1934, as amended (Act). The Act requires public companies to devise and maintain a system of internal control over financial reporting designed to provide reasonable assurance that, among other things, transactions are executed in accordance with company management’s authorization, that transactions are properly recorded and that access to assets is permitted only with management’s authorization.

Ultimately, the SEC did not pursue enforcement actions against any of these companies, but released the report to advise public companies that cyber-fraud incidents must be taken into account when designing and maintaining internal control procedures.

In the latest sign of regulatory scrutiny of asset-advance companies offering consumers what regulators believe are in fact regulated “credit” under federal law and “loans” under state law, the Bureau of Consumer Financial Protection (BCFP) filed its first new lawsuit under Acting Director Mulvaney last Thursday. The complaint, filed in the Central District of California,

It seems that most employees and plan participants “think” their retirement money and data are not at risk.  This is due, in part, because:

  • there are few published incidents of breaches or potential hacks;
  • there has been not a single legal decision involving a cybersecurity breach and a retirement plan; and
  • there is no comprehensive federal regulation that protects qualified retirement plans and service providers.

This blog discusses whether retirement plans are really at risk; and if so why. It concludes with some helpful hints and practical advice to reduce such risks, some of which are tips employers (or plan sponsors) can share with retirement plan participants.

South Carolina has become the first state to enact cybersecurity legislation for the insurance industry.

On May 3, Governor McMaster signed a bill requiring South Carolina insurers to “develop, implement, and maintain a comprehensive information security program” for their customers’ data. 2017 SC H.B. 4655 (NS). Based on the insurance industry model rules, the South Carolina Insurance Data Security Act has three primary aims: it requires “licensees” to prevent, detect and remediate insurance customer data breaches.