All in Regulatory Update

On August 26, 2022, the FTC published its FY 2022-2026 Strategic Plan and its FY 2021-2023 Performance Report and Performance Plan as required under the GPRA Modernization Act of 2010. The Strategic Plan sets the FTC’s priorities over the next years and will serve as the foundation for annual performance reporting, while the Annual Performance Plan establishes strategies and targets based on the new Strategic Plan.

On August 19, 2022, the FDIC issued letters demanding five companies and their officers, directors, and employees cease and desist from making false and misleading statements about FDIC deposit insurance and take immediate corrective action to address these false or misleading statements. According to the FDIC, the companies made false representations—including on their websites and social media accounts—stating or suggesting that certain crypto–related products are FDIC–insured or that stocks held in brokerage accounts are FDIC–insured.

On August 16, 2022, the Federal Reserve issued a Supervisory Letter regarding the engagement in crypto-asset-related activities by Federal Reserve-Supervised banking organizations. In its letter, the Federal Reserve reminded banking organizations of the risks posed by crypto-assets as well as provided instructions on the steps to be taken by any banking organization engaging or seeking to engage in crypto-asset-related activities.

On August 11, 2022, the FTC issued an alert warning consumers of scammers demanding utility payments in cryptocurrency. According to the FTC, utility scams are increasing where scammers pretend to be a utility company threatening to immediately turn off a consumer’s service. The latest twist on utility scams is asking consumers to pay in Bitcoin or another type of cryptocurrency.

On August 11, 2022, the CFPB published a circular confirming that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data. The circular provides guidance to consumer protection enforcers, including examples of when firms can be held liable for lax data security protocols. According to the CFPB, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.

On August 10, 2022, the CFPB issued an interpretive rule laying out when digital marketing providers for financial firms must comply with federal consumer financial protection law. According to the CFPB, digital marketers acting as service providers can be held liable for committing unfair, deceptive, or abusive acts or practices as well as other consumer financial protection violations.

On August 10, 2022, the CFPB filed a consent order against Hello Digit, LLC for using a faulty algorithm that caused overdrafts and overdraft penalties for customers. According to the CFPB, the financial technology company falsely guaranteed no overdrafts with its product, broke its promises to make amends on its mistakes, and pocketed a portion of the interest that should have gone to consumers.

Early in August 2022, the CFPB announced that it will host events wherein it will conduct technical conversations about software used by financial institutions to facilitate compliance with the CFPB’s small business lending rulemaking. The Bureau will conduct two events - the first is a virtual meeting on August 19, 2022 and the second one is an in-person meeting on September 15, 2022. The same materials will be covered at both.