Financial Privacy

Subscribe to Financial Privacy

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February 2012 indicating that the CFPB intended to supervise the consumer reporting market as part of the CFPB’s authority to supervise nonbank providers of consumer financial products and services.  The final rule is effective September 30, 2012. 

The final rule defines a “larger participant” in the consumer reporting market as a nonbank covered person that offers or provides consumer reporting and has annual receipts from consumer reporting in excess of $7 million.

Continue Reading CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance.  The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking.  Starting this year, FFIEC information technology examinations will include reviews for compliance with

On Tuesday, the Payment Card Industry Security Standards Council announced that it was opening the formal feedback period for versions 2.0 of the Payment Card Industry Data Security Standard (“PCI-DSS”) and Payment Application Data Security Standard (“PA-DSS”), which were issued in October 2010 and will become effective exclusively when versions 1.2.1 are officially retired on

In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual.  Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as

On October 27, 2011, Senator John D. Rockefeller, chairman of the Senate Commerce, Science, and Transportation Committee, sent letters to Visa and Mastercard requesting information regarding the companies’ data collection and aggregation practices and proposals.  An October 25, 2011, Wall Street Journal article outlined various initiatives from the two companies pertaining to online behavioral advertising. 

Senator

As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators.  The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for

Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card

Yesterday, a subcommittee of the House Financial Services Committee held a hearing to discuss cybersecurity and security threats to the financial sector.  The panelists included officials from the Secret Service, Federal Bureau of Investigation, and Department of Homeland Security, as well as representatives from Verizon, Symantec, Bank of America, and public interest organizations.  The panelists

The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank.  GLBA requires financial institutions to, among other requirements, establish safeguards to ensure the security and confidentiality of consumer records and to comply with certain requirements governing the disclosure of consumers’ personal information.  Swap dealers and major swap participants are expected to collect and use nonpublic personal information in a similar manner as financial institutions currently subject to GLBA’s financial privacy requirements.  The CFTC’s rule simply extends the financial privacy requirements to swap dealers and major swap participants.

The final rule becomes effective 60 days after the CFTC finalizes its regulations further defining the terms “swap dealer” and “major swap participant.”  On December 21, 2010, the CFTC issued proposed regulations with respect to these definitions.  The proposed definitions of these terms under the Dodd-Frank statute appear after the jump.

Continue Reading CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants

Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that