Consumer Protection

Subscribe to Consumer Protection

On December 28, 2016, the New York State Department of Financial Services (NYDFS) issued a revised proposed cybersecurity regulation, Cybersecurity Requirements for Financial Services Companies.  The revised proposed regulation reflects several substantive changes made in response to over 150 public comments received by NYDFS in response to the original proposed regulation published this past September.  These regulations represent the culmination of NYDFS’s multiyear inquiry into the efforts of banking institutions and insurance companies to prevent cybercrime, which included an extensive assessment and review of NYDFS-regulated banks, NYDFS-regulated insurance companies, and third-party vendors.  NYDFS is accepting further comments to the proposed regulation through January 27, 2017.

Much like the version proposed in September, the revised regulation is designed to set certain minimum cybersecurity standards and processes to be followed by regulated institutions.  We have summarized below the key obligations that the regulations would impose, along with their effective dates, if they are implemented in their current form.

Continue Reading NYDFS Issues Revised Proposed Cybersecurity Regulation

Below is a summary of some of the significant legal, regulatory and industry actions that occurred over the past week. This alert is not intended to be a comprehensive list of all such developments, but rather a selection of publicly-reported news that may be of particular interest.

U.S. Developments

Regulatory Developments

CFPB Declines to Make

Last week, the Conference of State Bank Supervisors (CSBS) and the North American Securities Administrators Association (NASAA) released model consumer guidance that they jointly developed to assist state regulatory agencies in providing consumers with information about virtual currency and factors consumers should consider when transacting with or investing in virtual currency.  Within days of the model guidance release, the Maryland Commissioner of Financial Regulation and the Nevada Department of Business and Industry both issued their own Advisories.  The Maryland advisory notice adds a statement that Maryland does not currently regulate virtual currencies.  Given the breadth of Maryland’s money transmitter statute, Maryland likely has the authority to regulate virtual currencies without any amendments to its laws, but appears to have decided to take a “wait-and-see” approach for now.  The Nevada guidance adopts the CSBS model advisory language verbatim with only insubstantial changes in the introductory language, and does not comment on whether current Nevada law covers virtual currency.
Continue Reading CSBS Model Virtual Currency Advisory: DO YOUR HOMEWORK! Maryland and Nevada Release Their Own Similar Advisories

The Washington State Department of Financial Institutions (“DFI”) issued a consumer alert warning of the risks of holding virtual currencies for investment or as a currency.  The Washington DFI specifically called out virtual currency’s volatility, lack of backing or guarantee, connection to criminal activity and potential tax repercussions.  This warning is the Washington DFI’s second announcement on virtual currencies following its earlier determination that it interprets Washington law to include digital or virtual currency in the definition of “money” in the Uniform Money Services Act, chapter 19.23 RCW.  The DFI also recently revised certain regulations to require all authorized delegates of licensed money transmitters to have a physical presence in Washington unless the licensed money transmitter received prior approval for an out of state licensed delegate.  This revision effectively requires all internet-based companies, including virtual currency firms, to obtain prior approval before acting as an authorized delegate for a licensed money transmitter.
Continue Reading Washington Consumer Alert

On March 10, the Securities Commissioner of the State of Texas issued an emergency order against Balanced Energy, LLC (“BE”), ordering it to immediately cease and desist its sale of working interests in oil wells (“C&D”). The primary basis for the C&D appeared to be that the working interests constituted unregistered securities, and that by offering them for sale without a qualified exemption, BE was violating both state and federal securities laws. However, the C&D also noted BE’s claims that it is the first company in the oil and gas exploration and production industry to accept bitcoin as payment for its prospects. The C&D concluded that BE’s failure to disclose the risks associated with using bitcoin to purchase unregistered working interests constituted fraud and materially misleading conduct in connection with the offer for sale of securities – activity that threatened immediate and irreparable public harm. The C&D specifically focused on perceived risks inherent to the use of bitcoin and the risk that fluctuation in the price of bitcoin may affect business operations. These findings regarding BE’s use of bitcoin follow the Securities Commissioner’s previous issuance of a press release addressing the risks associated with investments tied to digital currencies.
Continue Reading Texas Cease and Desist Order

On March 11, the New York State Department of Financial Services issued an Order announcing that that it “will consider formal proposals and applications in connection with the establishment of regulated virtual currency exchanges operating in New York.”  While the Order itself is silent on timing, an accompanying press release makes clear that the NYDFS will begin accepting applications from exchanges “immediately.”  The press release also makes clear that while exchanges can begin submitting applications at any time, approved applicants will ultimately be required to adhere to the proposed “BitLicense” regulatory framework, which the NYDFS promised would be announced no later than the end of the second quarter of 2014.
Continue Reading New York BitLicense Order

On November 19, the New Jersey Attorney General entered into a $1,000,000 settlement with E-Sports, a website that had allegedly deployed malicious software onto its own users’ computers, creating a virtual network to mine bitcoins. The AG asserted claims for deceptive and unconscionable commercial practices under the New Jersey Consumer Fraud Act, N.J. Stat. §