July 2020 Vendor Management News

Catch up on these latest third-party risk resources and articles our experts recommend during the month of July to make sure you're staying on top of the latest vendor management industry news. 

Recently Added Articles as of July 30

There's a little something for everyone this week: From emergency intervention from the Fed, all-new cybersecurity enforcement and crypto-currency action to anti-laundering measures as well as new surveys and a CFPB report. Oh, and guess what big-name online retailer is in the hot seat for abusing access to third-party data? I guess you'll have to read on to find out!

Reuters announces fifth annual survey on fintech, regtech and compliance: As tech continues to develop and become more sophisticated, Reuters is continuing to review their approach to fintech and the solutions aimed primarily at improving regulatory compliance (regtech) together with those aimed at the insurance sector (insurtech). To do that, they have released a short survey to collect information. Better yet, the results will be shared anonymously in a special report at the end of the year. Keep your eyes peeled.

Feds offer 911 lending: Through the end of 2020, the Federal Reserve will extend the services of seven emergency lending facilities to help with the effects of the coronavirus. This is a three-month extension which will keep the following operating: Primary Dealer Credit Facility, Money Market Mutual Fund Liquidity Facility, Primary Market Corporate Credit Facility, Secondary Market Corporate Credit Facility, Term Asset-Backed Securities Loan Facility, Paycheck Protection Program Liquidity Facility and Main Street Lending Program. In a recent press release the Fed said that this extension will allow for planning and availability to help the economy recover from the pandemic. Is this the Band-Aid we’ll all been waiting for?

The NYDFS delivers cybersecurity enforcement action: This past week the New York Department of Financial Services brought some heat when it delivered its first enforcement action under its Cybersecurity Regulation against an unnamed large title insurer who will only be known as “the Company.” The NYDFS is hitting this cloaked company with civil monetary penalties and requiring that the company remedy the situation by providing “relief.” The NYDFS tested the waters with a previous investigation on Equifax, but this is the first enforcement under this particular regulation since it took effect in March of 2017.

SEC announces creation of new risk team: The Securities and Exchange Commission unveiled the creation of an all-new team: The Event and Emerging Risks Examination Team (EERT) in the Office of Compliance Inspections and Examinations (OCIE). EERT will work with financial firms around emerging threats and market events in order to create a better response and provide expertise when critical matters come into play. The OCIE is responsible for conducting exams of SEC-registered investment advisors and other like entities.

AIG slapped with $40 million fine: A unit of AIG was forced to cough up a whopping $40 million dollars after an investigation into some of the group’s deceptive retirement plan sales. Two actions brought by the U.S. Securities and Exchange Commission over undisclosed payments to a for-profit entity owned by a Florida’s teachers union in exchange for exclusive business ultimately forced AIG to settle for the above the amount. Ouch.

Anti-laundering measure spells win for banks: Bankers are feeling a little more optimistic now that Congress plans to enact anti-money laundering reforms by the end of the year, which should help crack down on shell companies. The House version of the National Defense Authorization Act includes a measure requiring companies to disclose their true owners at incorporation to the Financial Crimes Enforcement Network. This should help relieve banks of the burden to report their customers’ beneficial owners. Great news for banks, bad news for mobsters.

CFPB issues Spring 2020 semi-annual report: It's heeeeere… the CFPB has issued its Spring 2020 Semi-Annual Report to Congress. This is the fourth edition under Director Kraninger’s leadership. So what’s inside? The new report covers the employee fluctuations within the Bureau, taskforce creations, its Fair Lending Supervision program, as well as a summary of enforcement actions.

Tech unicorn Dave admits security breach: The digital banking app, Dave, which advertises itself as "banking for humans," disclosed a security breach after a hacker published the personal information of over 7 million users online, which included names, addresses, date of birth as well as social security numbers. It seems the breach originated via the network of the tech unicorn's former business partner, Waydev. While the hacker's entry point has been secured, the attack is still being investigated. 

Companies rethinking remote work: When the pandemic hit, most companies had no choice but to send everyone home, and for a while, many businesses thought: “hey this is pretty great. We can cut down on overhead… we don’t have to keep up the water cooler service.” But now that this experiment has gone on for longer, it seems the rose-colored glasses have begun to tarnish. Training is tougher. Hiring and integrating new employees, more complicated… not to mention the cyber risk component we just talked about. Some employers say their workers appear less connected and bosses fear that younger professionals aren’t developing at the same rate as they would in offices, sitting next to colleagues and absorbing how they do their jobs. So, what do you think? Is it back to the office they go?

OCC announces national banks can provide crypto assets: Times are a changin’ and so are the ways banks will be able to provide funds. The OCC issues a letter last week stating that: “a national bank [and a federal savings association] may provide . . . cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency.” The letter also underscored the importance of understanding cryptocurrency’s risks and making sure to dot the i's and cross the t’s when it comes to completely proper due diligence. The OCC also made sure to remind banks they should check in with them prior to starting cryptocurrency custody activities. What do you think…too risky? Or is cryptocurrency here for the long run?

Amazon in the hot seat for mistreating third-party sellers: It seems Amazon may be one of many big names to abuse its position. The massive online retailer is being investigated for allegedly using the data it’s collected on third-party sellers improperly. Since third-party businesses use Amazon’s marketplace to sell their own goods, Amazon has access to a treasure trove of product and pricing data it can then use to create its own competing products… as if Bezos really needed any more of a leg up. Quite the disappointment, if we do say so ourselves.

Has COVID-19 improved banks' image: In a recent report it seems that some financial institutions have improved their approval ratings during the pandemic. Research by J.D. Power indicates that overall, the efforts made by many institutions to assist customers during the pandemic has been noticed and 35% indicate that they are at least somewhat less likely to switch to other providers. What about you? Has the pandemic left you ready for a breakup, or has your FI stood strong during the challenge?

Recently Added Articles as of July 23

This week compliance and cybersecurity is still top of mind, with a big-name data breach potentially affecting millions of borrowers. The SEC has been on high alert, slapping UBS with a hefty fine. Meanwhile, we have some literature supporting why investing in compliance is a business must, the IIA updates its Three Lines Model, the OCC works to clarify third-party oversight and more. 

SEC fines UBS $10M: This week, UBS Financial is in the hot seat. After creating a bond offering presented as a retail order, it seems the multinational investment bank violated the time restrictions on the issue of municipal bonds (MUNIES) by allowing their registered representatives to facilitate over 2,000 trades, and as a result the SEC slapped UBS with a $10 million order…quite an expensive “oops.”

FHFA gets its day in court: After the Supreme Court declared the CFPB’s structure unconstitutional, the Federal Housing Finance Agency was left frantically trying to prove how they’re not in the same boat. It seems SCOTUS has decided to hear the FHFA case on its own, which will provide the organization an opportunity to explain their structure and why it is indeed different than the CFPB’s. Assuming the Supreme Court rules that the FHFA’s structure is unconstitutional, it could have an opportunity to decide whether the Third Amendment should be set aside as a remedy for the FHFA’s structural defect.

IIA emphasizes risk management with model update: The Institute of Internal Auditors, or IIA, has updated its Three Lines of Defense Model to further underscore the importance of more active forms of risk management and governance, which go beyond merely defensive moves by the internal audit function. The original Three Lines date back to the 2000s and were in sore need of a refresh. “I think the pandemic has presented enormous risks for organizations, a lot of which organizations were not prepared for,” CEO Richard Chambers said. "It’s one of the reasons why we’ve been talking for a couple of years at the IIA about the importance of being able to identify emerging risks far enough out so that the organization can be prepared to mitigate or address them."

OCC on a mission to clarify third-party oversight: OCC has hatched a plan to clarify who the "true" regulated lender is in lending relationships between banks and third parties. The Office of the Comptroller of the Currency has issued a proposal to help distinguish how lending relationships between national banks and third parties are regulated. The goal? To make it easier for banks to understand the relationship between these entities and as a result, better facilitate affordable access to credit.

FDIC looks to ease fintech collaboration: The FDIC is looking to facilitate tech adaptation with a little help from the fintech community, while also easing the burden of community banks and other financial institutions. Hopefully, this would set standards and possibly provide a voluntary certification. This could be great for smaller banks who just don't have the expertise to assess the security of fintechs… and who knows, moving forward, they may just be able to validate an FDIC certification. Here’s to hoping!

Cyberattack highlights supply chain vulnerabilities: Bigger doesn’t mean better…or safer, as proved by the latest cyberattack on Federal home loan mortgage giant, Freddie Mac. This most recent breach locked their vendor, Illinois-based company, Opus’ system, according to a notice sent to the organization’s borrowers, and so the vendor doesn’t know all the details of the incident or the information that may have been affected. But here’s what we do know: Opus had loan application data on borrowers—such as names, addresses, social security numbers, dates of birth and credit and bank account information. Just more fodder for the fact third-party risk management is a must.

Why investing in compliance is a must: With the stakes higher than ever, compliance is becoming a bigger and more important deal. Unfortunately, some of the industry’s most seasoned still don’t see what the fuss is all about. So…what to do when senior leadership is on the fence? When in the face of opposition, it’s time to make a business case. Start with cost/spend estimation and end with risk mapping. Sometimes all you have to do is put a dollar amount on what’s at stake to get the needed buy-in.

CCPA 2.0 gets closer to general election ballot: It seems like the California Privacy Rights Act, a ballot initiative aimed at protecting consumers from companies that collect large amounts of personal data, is even closer to getting its spot on the November 2020 ballot. Around 900,000 voters and counting have signed the CPRA. However, if passed, CPRA would not go into effect until 2023 during which the California state government would need to create a new agency in order to oversee and enforce the new privacy provisions.  

Cybersecurity protection in a work from home world: COVID-19 has sent almost all operations inside the home front. Kitchen tables have become our business headquarters. The problem is, most are not set up to work from home, and as a result, organizations are more vulnerable than ever. So how do we continue doing what we need to do from home, but keep our organization’s data safe? For starters, avoid unsecured wifi, have a VPN set up for your off-site employees, revamp your digital guidance and make sure employees have the firewalls and anti-virus/malware software on all their devices.   

CFPB announces new complaint feature: Unsurprisingly, the complaint center has clocked a record number of consumer concerns. Many surrounded not only about payment struggles; however, others wrote in about being unable to reach customer service representatives and frustration around only being able to phone-in… only to be further angered by being put on hold for several hours. Others still were concerned that the 90-day forbearance allowance would just simply not be enough, and that credit scores and future loan security would be out the window. But, good news is, you can visit the Consumer Complaint Database and use the CFPB complaint databases’ new feature, which allows users to sort by state, product, issue or keyword to see the top issues possibly facing their members. Also, users can now view complaints over time to gauge trends.

Recently Added Articles as of July 16

Cybersecurity is a hot topic this week, with a cybersecurity report, safety tips for all of us working from home and a special SEC cybersecurity alert. Also, pro tips for supply-chain security and a 2020 Fraud FAQ sheet available for download! Meanwhile, the FHFA finds itself in the hot seat while the DOJ issues brand new compliance guidance. And that's not all! Fintechs seems to play a special role in the COVID-19 world. Check out that and more in the news this week!

CISO releases report highlighting cybersecurity: As part of an exclusive CISO-authored research series, Security Current announced the release of its first installation: CISOs Investigate: Third-Party Risk Management. The report provides a deep dive into the security leaders’ industry expertise and offers insight into how they use technology to make business-driven decisions when they engage partners, vendors, suppliers and other third parties. The series includes both editors and contributors from a range of organizations, so if your summer reading list needs a little love, sounds like this may be a good contender

FHFA scrambles to differentiate itself from CFPB: Remember how just a week or so ago the Supreme Court ruled the Consumer Financial Protection Bureau’s structure unconstitutional? Whelp, it seems the Federal Housing Finance Agency is next up on the docket, leaving the FHFA frantically trying to prove how they’re not in the same boat. The court has decided to hear the FHFA case on its own, which will provide the organization an opportunity to explain their structure and why it is indeed different than the CFPB’s. Until then, the jury’s out!  

Cybersecurity protection in a work from home world: The pandemic has forced almost all operations to move to the home front. What was once simply a kitchen table is now not just our breakfast nook, but our break room, our office and everything in between. Many were just not set up to work from home, and as a result, organizations have become more vulnerable than ever. So how do we continue doing what we need to do from our couches, back patios and the bottom stair of the laundry room? Number one:  take time to evaluate your remote workforce plan, assess its strengths and weaknesses and fix it as quickly as possible. Number two:  set up a virtual private network (VPN). And number three: make sure employees are up to speed, and if necessary, whip out the NDAs and security agreements.  

DOJ issues revised compliance guidance: Is your compliance situation more than just a paper program? The Department of Justice wants to know. On June 1, the DOJ issued an updated  version of its “Evaluation of Corporate Compliance Programs” (the “DOJ Guidance”) as a roadmap for both prosecutors and corporations alike to make sure their compliance program is up to snuff when it comes to preventing, detecting and responding to misconduct and goes beyond a few bullet points on a print out. The guidance asks readers to consider three fundamental questions: Is the corporation’s compliance program well designed? Is the program being applied earnestly and in good faith? And, does the corporation’s compliance program work in practice? Pretty interesting…where does your organization land?  

2020: The year of credit union fraud: From phishing attacks and identify theft to payment app misuse and other schemes, tricksters and thieves have come out of the woodworks to take advantage of the many vulnerabilities we’ve faced in light of the pandemic. So, what’s the silver bullet, here? Education, awareness and more education. To help in the good fight against cybercrime, there’s a brand new ‘Let’s Talk Fraud: Fraud in 2020’ FAQ sheet available as well as a monthly webinar serious to help provide tools, tips and strategies to keep the criminals at bay and our organizations safe.   

CFPB files lawsuit against My Loan Doctor: In the beginning of July, the CFPB filed a complaint against My Loan Doctor LLC and founder Dr. Edgar Radjabli, crying “quackery” for practices and marketing tactics that were in violation of the Consumer Financial Protection Act’s prohibition against unfair, deceptive, or abusive acts or practices. Specifically, it seems consumers fell victim to the good ole’ snake oil game and were offered Healthcare Finance Savings CD Accounts and High Yield CD Accounts which were falsely represented. Oh, and the Bureau contends that Loan Doctor falsely represented itself to be a commercial bank and that the safety of consumers’ deposits was comparable to the safety of a savings account. It seems another one bites the dust at the hands of the CFPB.  

New fintech program to provide regulatory relief: A new legal memorandum will create a “sandbox” in Fintech hub: Israel. The plan is to borrow from regulatory programs which have already been implemented in Japan, Australia and Singapore. The goal is to create a wholly unique, “regulatory sandbox,” which aims to provide relief for companies who participate.  Hopefully this will help both fintech companies and regulators deal with the regulatory challenges that have wracked Israel’s fintech field while also promoting this industry in Israel, improving diversity while also protecting the public. 

SEC announces cybersecurity alert: The Office of Compliance Inspections and Examinations (OCIE) recently announced that it’s gotten wind of some devious activity, which includes an increase in the sophistication of ransomware attacks on SEC registrants. The OCIE has encouraged broker-dealers, investment advisers and investment companies to monitor the cybersecurity alerts published by the Department of Homeland Cybersecurity and the CISA. Spread the word and remember: Nefarious activity never sleeps.  

OCC unveils plan to introduce bank charter for payment companies: Acting Comptroller of the Currency, Brian Brooks, announced the OCC’s plans to introduce yet another special purpose national bank charter. This one would give payment companies a nationwide servicing platform and federal preemption of state laws regarding licensing and regulation of money transmitters and payment services providers. The greater plan would allow the payment charter to replace the state-by-state money transmitter licensing approach which is used by many non-bank processors and Fintechs. Seems like a nice idea, but state banking regulators and licensing authorities may not be onboard and could subject the plan to legal challenge in the coming months.   

Researchers share five ways to prevent supply chain security threats: Cybersecurity vulnerabilities are part and parcel as technology improves, which means our defenses must improve too — and, the larger the organization or networks, the more complicated the issue becomes, and supply chains are no exception. Ever since the 2015 Supermicro incident in which more than a handful of US firms found unauthorized malware, undoubted planted with malintent (pun intended) in their server boards by Chinese hackers, it’s become abundantly clear that increased supply chain cybersecurity action must be taken. How? Well, for starters, third-party risk management is a must, as is identifying supply chain vulnerabilities, looping in suppliers, and relying on cybersecurity experts and technology.  

COVID-19 may create new opportunities for fintechs: The economy is now moving into the “recover” phase of the pandemic. And fintechs may reap some benefits as many customers are continuing to proceed with a new normal, which has included a spike in digital financial services and e-commerce usage. While there are certainly challenges that fintechs are facing and must respond to during these challenging times, like the inundation with requests from their customers asking for forbearance and relief, their innovative skills may lead to some serious advantages.  

Recently Added Articles as of July 7

It seems the headlines are a buzz this week. The Supreme Court holds fast to its ruling that the CFPB structure was unconstitutional; however, it certainly seems to have left some questions in its wake. Yet, the CFPB isn't taking the Court's decision lying down and has ratified its prior rulings nonetheless. Meanwhile, the pandemic seems to continue taking a toll on the CFPB complaint center and offshore call centers alike. The show will still go on for the ten lucky fintech finalists who will compete virtually in the 2020 Fintech Accelerator Program. And it's official: the CCPA enforcement begins! Check out that and more in the news this week!

CFPB stands by its prior regulatory actions: Despite the Supreme Court ruling around its decision that the single-director structure of the CFPB violates the separation of powers mandated by the U.S. Constitution, this week, the CFPB ratified most of its actions taken between January 4, 2012 and June 30, 2020. In response, Director Kathleen L. Kraninger said, “The Bureau is taking action to ensure that consumers and market participants understand that the same rules continue to govern the consumer financial marketplace,” which seems to be a professional way of saying, We don’t care if our leadership is unconstitutional, our actions and regs stand.  Will this bring clarity amidst all the unrest and changes? One can only hope.

CFPB’s most common consumer complaints: Let’s be honest, this year has been far from rosy. It's likely we all have more than a few complaints; but man, oh man, does the CFPB have its hands full. Unsurprisingly, the complaint center has clocked a record number of consumer concerns. Many surrounded not only about payment struggles, but others wrote in about being unable to reach customer service representatives and frustration around only being able to phone-in… only to be further angered by the put on hold for several hours. Others still were concerned that the 90-day forbearance allowance would just simply not be enough, and that credit scores and future loan security would be out the window. Credit unions can visit the Consumer Complaint Database and sort by state, product, issue or keyword to see the top issues possibly facing their members.

Pandemic endangers offshore call centers: For banks, especially offshore call centers have played a big role in the day-to-day administration of most global banks. The pandemic has messed up just about everything, offshore call centers included. Vulnerabilities, privacy concerns and international regulations have plagued the offshore industry, which has more than doubled since 2000. Call centers in India were forced to shut down due to a blanket lockdown in March by India’s Prime Minister, leaving call centers unmanned and some customers indefinitely “on hold.” Things have improved some, but not much, leaving the questions of “service resilience” on the tip of everyone’s tongue. Here’s to hoping we all come out stronger on the other end.

Foreign Corrupt Practices 101: Ever since the SEC filed a $21.7 million FCPA compliance resolution, it seems new interest has arisen by regulators when it comes to enforcing the Foreign Corrupt Practices Act. If you’ve ever been curious about prohibited practices when it comes to FCPA or which regulators enforce FCPA, along with penalties, non-compliance and tips and best-practices, this podcast is a good go-to.

The show goes on for 2020 FIS Fintech Accelerator Program: Ten fintech companies have been selected to participate in the fifth edition of the FIS Fintech Accelerator program. The 2020 event will be held virtually due to the pandemic, however, like years prior, the program will provide early stage fintech companies with mentorship, training and access to both capital and financial institutions. The finalists hail from all over the world, including Sequretek from Mumbai India; Silot from Singapore; Cirrus Secure from Evergreen, Colorado; Surfly from Amsterdam and Stratyfy from New York…just to name a few.

CFPB pilot program raising eyebrows: Organizations and companies have long awaited a bit more clarity when it comes to the Consumer Financial Bureau’s opinions around federal rulings. In response, CFPB Director, Kathy Kraninger announced they’d begin accepting requests for formal advisory opinion through a pilot program. However, others aren’t quite so sure that’s a good idea. Some feel that the agency just simply hasn’t put out enough guidance to provide “clear rules of the road,” while others fear the move could be used to favor some organizations over others. Some even suggest it may allow some companies to use CFPB opinions to circumvent financial laws. A tricky business indeed.    

US Supreme Court leaves some questions unanswered: This week, in Seila Law v. CFPB, the U.S. Supreme Court held fast to its decision that the single-director structure of the CFPB, untouchable by the President, violates the separation of powers mandated by the U.S. Constitution. The decision will allow the CFPB to continue to operate; however, now the Director can be removed, at will, by the President. But questions remain… what impact will the decision have with respect to ongoing rule-making, such as the CFPB’s proposed debt collection regulation? And, how will the decision affect other independent U.S. Government agencies, if at all? Seems there's quite a bit left unaddressed.

CA officially begins CCPA enforcement: July 1, 2020 marks the official date that California begins enforcing the California Consumer Protection Act, or better known as CCPA. So, what does this mean? Companies must be prepared to find and report on specific consumer data — information they’ve acquired as early as July 1, 2019 —and be able to provide answers around exactly how that information is being used, and if it has been sold to third parties. Also, assuming the company is not required to keep it for regulatory or legal reasons, consumers can also demand it be disposed of...forever. But here’s the thing: are companies fully prepared for this level of data inquiry? We certainly hope so.

Why making nice with regulators is good for business: When it comes down to it, it’s not just what you know, it’s who you know, and the same goes for regulators. Regulatory compliance can be stormy, but relationship-building definitely helps calm the waters… especially in a climate such as these when global crisis calls for fast action and added communication. So, remember, when in doubt, reach out!  

Recently Added Articles as of July 2

There’s no shortage of headlines this week. Perhaps the biggest was the Supreme Court’s landmark decision that the CFPB’s leadership structure is unconstitutional… so it seems it’s back to the drawing board. Meanwhile, the CFPB is opening an advisory window for regulated entities but with major caveats,  which is kind of like asking the principal if it’s okay to graffiti the bathroom wall (all the while holding a paint can behind your back). The OCC published a new handbook for examiners on exam procedures regarding UDAP and UDAAP and the CFPB director, Kathy Kraninger, expresses her concern over record complaint volume levels recorded in April and May. Check out these articles, and more, in the news this week.

The OCC releases new UDAP/UDAAP booklet: The OCC issued a new "Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices" booklet to help further support examiners with supervisory information when it comes to bank practices. The booklet specifically covers section 5 of the Federal Trade Commission Act which prohibits banks from general trickery and deception. For a simple breakdown of what the bulletin covers, check out our blog post.

COVID-19 elevates compliance risk - OCC releases report: The Office of the Comptroller of the Currency (OCC) released a report, Semiannual Risk Perspective for Spring 2020, this past Monday covering key issues facing the federal banking system and effects from COVID-19. It stated that due to the nature of the pandemic, the combination of economic impacts, modified business operations (such as remote work) and government aid programs have only worsened operational risks when it comes to the finance industry. Banks were holding strong as we entered into the pandemic, but the increased strains due to loan volumes, inflated balance sheets and all of the above conditions have deeply affected bank earnings, credit quality and operations. It seems, for now, the outlook will remain uncertain. What's important is to manage challenges through maintaining effective controls for third-party due diligence, monitoring and oversight. Other articles like this one, this one, this one and this one have also been published about the report. 

Supreme Court rules CFPB leadership structure unconstitutional: This week, the Supreme Court ruled that the Consumer Financial Protection Bureau’s (CFPB) single-director structure is unconstitutional because it violates the separation of powers. In other words: The President is freely at will to declare “You’re Fired!” when it comes to the director of the Consumer Financial Protection Bureau. However, the ruling came with a silver lining: the structure can be salvaged if the CFPB removes its “for-cause” termination provision. “Today’s Supreme Court decision finally brings certainty to the operations of the bureau,” CFPB Director Kathy Kraninger announced on Twitter, “We will continue with our important mission of protecting consumers with no question that we are fully accountable to the president. Consumers and market participants should understand that the same rules continue to govern the consumer financial marketplace.”

NCUA delays on-site operations: Because of the evolving and unpredictable nature of the COVID-19 pandemic, the National Credit Union Administration will be delaying the start of its phased resumption of on-site operations. However, it will continue to coordinate off-site examination and supervision efforts with state supervisory authorities.

November California ballot to see additional data privacy referendum: On this year’s ballot, California will have another chance to expand on its groundbreaking data privacy law passed just two years ago. The referendum, known as the California Privacy Rights Act, will provide an extra layer of consumer protection by allowing the state increased agency to police data privacy. The measure was just approved last week with an astounding 623,000 signatures, and while consumers seem to be onboard, if the measure passes, industries will have to shell out more dollars in order to comply. It’s seems like a small price to pay for peace of mind, but I guess we’ll see what the general consensus is come November.

CFPB log record-breaking complaint volumes in spring: Consumer Financial Protection Bureau Director, Kathy Kraninger, expressed her concern over record complaint volume levels recorded in April and May when she spoke in front of the Consumer Data Industry Association, and unfortunately, with viral numbers on the rise, it doesn’t seem the summer will look much better.

Apple catches TikTok spying: Ever wonder if your phone is spying on you? Well, jury’s out and the verdict is yes, your phone is spying on you. This time the offender is widely popular social app, TikTok, which Apple caught copying information saved on users’ clipboards. While TikTok claims user privacy is of utmost importance, it seems they have yet to release a fix on their own. In response, Apple initially dismissed the vulnerability issue, but has now make changes to the iOS to protect users; but while iPhone users can rest easy, Android users still need to be on the alert.

EY failed to ask Wirecard for 3 years of bank statements: Talk about a “whoopsie.” For three years, Ernst & Young, the global accounting firm hired to verify Wirecard’s financials, seemed to simply just forget to ask for some pretty crucial information from the Singapore bank where the German payment processor claimed it had up to 1 billion euros ($1.1 billion) in cash. The problem is… that amount seems to have gone unaccounted for. Between 2016 and 2018, EY relied on screenshots and other various documents to verify large amounts of deposit holdings (yikes). As a result, the EY stands to lose a couple big customers: both VISA and MasterCard are re-considering their dealings with Wirecard. If we’ve said it once, we’ve said a million times: you've gotta do your due diligence!  

CFPB settles UDAAP and FCRA actions: The CPFB filed a consent order with three companies after the Bureau claimed all three were in violation of the Dodd-Frank UDAAP prohibition in relation to deed servicing. Some of the misdeeds included a failure to establish adequate policies and procedures, failure to provide accuracy and integrity of information, and purposefully targeting buyers who would be unable to obtain conventional financing, to name just a few. As part of the settlement, one of the companies to pay a $25,000 civil money penalty and the two other companies to jointly pay a $10,000 civil money penalty.

SEC forces Telegram Inc. to return mega dollars: As a result of a complaint filed by the SEC, Telegram Group Inc. is settling in court, returning $1.2 billion to investors and paying a whopping $18.5 million in penalty fines — ouch. The complaint was filed in response to unregistered offering of digital tokens or, “Grams” by both Telegram and its subsidiary TON Issuer Inc, which were offered and sold in violation of the registration requirements of the federal securities law. Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit, “New and innovative businesses are welcome to participate in our capital markets, but they cannot do so in violation of the registration requirements of the federal securities law.” Had the SEC not intervened, Telegram would have flooded the market with illegal offerings… once again the SEC comes to rescue of the unsuspecting consumer!

CFPB launches pilot advisory opinion: The CFPB announced earlier this year that  they would unveil an advisory opinion program and it seems, this week, that pilot program has become a reality. The AO went into effect yesterday with the publication of the Bureau’s procedural rule in the Federal Register, which allows stakeholders to request interpretive guidance “to resolve regulatory uncertainty with respect to regulatory or, where applicable, statutory provisions.”

Looking for ways to improve your program in light of the recent pandemic? Download the infographic.