Read our recap of some of the CFPB’s recent bulletins and reports, as well as a proposal from the FCC to address data security breaches.
01/16/2023 3:45 P.M.
5 minute read
The Consumer Financial Protection Bureau continues to issue enforcement actions, research reports and bulletins on a regular basis.
Here are a few of the bureau’s updates you should know about this week, as well as a notice of proposed rulemaking from the Federal Communications Commission regarding data breach reporting:
CFPB Report Finds Household Financial Health is Declining After Several Years of Increased Savings
The CFPB released a new report, “Making Ends Meet,” which revealed that consumer financial health continued to be supported by pandemic relief, high employment, and increased savings accumulated during the first year of the pandemic.
However, the report also found that more families were having difficulty paying all their bills in 2022 compared to 2021. After a significant drop in 2021, income variability increased, and consumer use of high-cost credit products returned to pre-pandemic levels. Between 2021 and 2022, the finances of Hispanic consumers, rental property tenants, and buyers under the age of 40 drastically deteriorated. In addition, there are still wide differences in how people manage their finances. Low-income, Black, and Hispanic consumers are much more likely to struggle to pay their expenses and less inclined to apply for credit out of fear of rejection.
Looking to the future, the bureau reported that many consumers are unprepared for an economic downturn, should one occur. If they lost their main source of income, 37% of households could not cover their expenses for more than a month.
What New Supervised Institutions Should Know About Working with the CFPB:
The CFPB recently released an overview of what newly supervised institutions can expect from a supervisory relationship with the bureau, noting that they conduct supervisory activities for the purposes of: “(A) assessing compliance with federal consumer financial law; (B) obtaining information about a supervised institution’s activities and compliance systems and procedures; and (C) detecting and assessing risks to consumers and to markets for consumer financial products and services.”
New entities can expect risk-based supervision that is detailed in the bureau’s exam manual, based on a prioritization process measuring an entity’s relevant risk to consumers. The bureau will then conduct an exam based on this analysis, including interviews, collecting and reviewing available information related to the supervised entity, and draw preliminary conclusions about the entity’s compliance management.
At the end of an exam, the bureau will present the regulated entity with an exam report that details their findings as well as any specific goals and actions the bureau may expect the entity to take to address certain violations of law, risk of such violations or compliance management practices. If the bureau conducts an exam at your business, it can help your agency evaluate its compliance processes.
Accounts receivable management industry companies can use the bureau’s semiannual supervisory highlights reports to measure compliance standards with regard to the bureau’s enforcement of federal consumer financial laws and to help limit risks to consumers as well as track areas the bureau is focused on in its supervisory examinations. When it comes to finding solutions to problems or creating new regulatory measures, however; the CFPB’s actions need to be based on current data and results from working with all stakeholders.
Learn more about the CFPB’s supervision and examinations.
FCC Proposes Updated Data Breach Reporting
The Federal Communications Commission recently released a notice of proposed rulemaking (NPRM) to strengthen the commission’s rules for notifying consumers and federal law enforcement of breaches of customer proprietary network information (CPNI). The commission plans to better align its rules with recent changes in federal and state laws addressing data breaches in other areas.
“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
The NPRM will launch a formal proceeding to collect data on this subject and solicit feedback on rule amendments proposed by the commission. The FCC also suggests getting rid of the present need to wait seven business days before notifying customers of a breach and intends to make its regulations clearer, forcing carriers to notify consumers of any unintentional breaches and to notify the FCC, FBI, and U.S. Secret Service of any breaches that are reportable.
The FCC will also solicit feedback on whether it should mandate that certain types of information be included in customer breach warnings to help ensure they contain relevant information that may be used by consumers. The commission’s telecommunications relay services (TRS) data breach reporting rule is also up for amendment, and those changes are also proposed in the notice.
“Our mobile phones are in our palms, pockets, and purses. We rarely go anywhere without them. There is good reason for this—the convenience and safety of being able to reach out anytime and virtually anywhere is powerful,” Rosenworcel said in a news release available on the FCC’s website. “But this always-on connectivity means that our carriers have access to a treasure trove of data about who we are, where we have traveled, and who we have talked to. It is vitally important that this deeply personal data does not fall into the wrong hands.”
More information on the proposed rulemaking (PDF).
Do you have an item to submit for the Regulatory Recap? Share it with us at [email protected], Attn: Lori Bowes.
If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.