Photo of Jeffrey P. Taft

Jeffrey P. Taft

Subscribe to Jeffrey P. Taft's Posts

Jeffrey Taft is a partner in the Firm's Financial Services Regulatory & Enforcement group and the Cybersecurity and Data Privacy practice. His practice focuses primarily on bank regulation, bank receivership and insolvency issues, payment systems, consumer financial services and cybersecurity/privacy issues. He has extensive experience counseling financial institutions, merchants, technology companies and other entities on various federal and state banking and consumer credit issues, including compliance with the Bank Holding Company Act, National Bank Act, International Banking Act, Consumer Financial Protection Act, Truth-in-Lending Act, the Fair Credit Reporting Act, the Electronic Fund Transfer Act, the Equal Credit Opportunity Act, the Fair Debt Collection Practices Act, the Real Estate Settlement Procedures Act, state unfair or deceptive acts or practices statutes, CFPB's UDAAP authority and the development and implementation of privacy, cybersecurity and information security programs under the Gramm-Leach Bliley Act, the NYDFS cybersecurity regulation and industry standards, such as PCI DSS and NIST.

Read Jeff's full bio.

 

Contact:Read more about Jeffrey P. Taft

Although the Fifth Circuit Court of Appeals vacated the Federal Trade Commission’s (“FTC”) Combating Auto Retail Scams Trade Regulation Rule (“CARS Rule”) on January 27, 2025, the FTC and state attorneys general continue to target the auto sales and lending industries through enforcement actions and legislation. Among those efforts, the California legislature is considering its

On Friday, the Trump administration installed Russell Vought, the recently-confirmed head of the Office of Management and Budget, as the new acting director of the Consumer Financial Protection Bureau (“CFPB” or “Bureau”).  Vought replaced Scott Bessent who served as the acting director of the Bureau for less than a week.  Vought quickly issued a notice directing staff to pause all agency activity.  The directive goes further than the similar directive issued by former Acting Director Bessent and notably instructs staff to “cease all supervision and examination activity” and to “cease any pending investigations.”  Significantly, it has been reported that today Vought instructed Bureau staff to “not perform any work tasks” at all. It has also been reported that the Bureau’s DC headquarters will be closed from February 10 through the 14th.Continue Reading New Acting Director Installed at the CFPB

As we reported earlier this week, the CFPB’s new Acting Director and Treasury Secretary, Scott Bessent, has directed Bureau employees not to make any filings or appearances in litigation, other than to seek a pause in the proceedings. This directive played out almost immediately this week—including in a case before the Fifth Circuit brought by

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) marked a significant milestone in the shift towards open banking in the United States with the finalization of its rulemaking on Personal Financial Data Rights. As we discussed in our Legal Update on the October 2023 proposed rule, the final rule provides the long-awaited implementation of Section 1033 of the Dodd-Frank Act, enacted in 2010, and establishes a comprehensive regulatory framework to provide consumers—and their authorized third parties—with rights to receive structured, consistent and timely access to consumers’ personal financial data held by financial institutions and other financial services providers.

The 594-page final rule is intended to allow consumers to access and share data held by banks, credit unions, credit card issuers, digital wallets, payment apps and other financial service providers, with the goal of improving customer choice and increasing competition, while strengthening consumer protections by imposing limitations on authorized third parties’ collection, use and retention of consumers’ data. Financial institutions subject to the final rule could face a variety of compliance, operational and technical challenges as they build out the infrastructure necessary to comply with the final rule. For the largest financial institutions, which include depository institutions with total assets in excess of $250 billion and non-depository institutions that generated at least $10 billion in total receipts in either calendar year 2023 or calendar year 2024, compliance is required by April 1, 2026, with compliance by smaller covered institutions required in phases beginning April 1, 2027, through April 1, 2030.Continue Reading CFPB Issues Long-Awaited Open Banking Rule; Lawsuit Immediately Filed

For the most recent edition of Supervisory Highlights, the Consumer Financial Protection Bureau focused on examiners’ findings in the auto finance sector. Several of these practices were identified by the CFPB in prior Supervisory Highlights. Many of the CFPB’s concerns relate to trends in the marketing, sales, financing, and refunds related to add-on products like optional vehicle- or payment-protection, and to consumers’ difficulty in cancelling those products or receiving refunds. The Federal Trade Commission and state regulators also have prioritized these areas, and several states have recently passed legislation addressing add-on products (including refunds, cancellation and notification). In several of the findings, the CFPB noted that the failures related to inadequate oversight of service providers, reflecting another recurring theme in CFPB’s compliance management expectations.

The CFPB has framed many of these targeted practices as unfair, deceptive or abusive acts or practices (“UDAAP”), which is consistent with certain of the agency’s recent consent orders or suits related to auto servicing practices.

In response to the findings, the CFPB generally demanded ceasing the allegedly noncompliant practices, developing policies and procedures to ensure compliance going forward, and in some cases refunding amounts to consumers.

Motor vehicle dealers, auto finance companies, servicers and secondary market purchasers of auto loans should take note of these highlighted practices when evaluating their policies and procedures.Continue Reading CFPB Supervisory Highlights Target Certain Auto Lending and Servicing Practices

In response to the significant ambiguities raised by New Hampshire’s recent amendments to its Motor Vehicle Retail Installment Sales Act — not to mention their immediate effectiveness and draconian liability provisions — the state’s Banking Department has issued several nuggets of guidance.

Recently, the Department sought to address the pressing question of whether persons involved in various financing transactions and securitizations involving motor vehicle retail installment contracts must now obtain a license. As of August 26, 2024, the Department’s web site states that securitization trusts that are established for the purpose of pooling retail installment contracts and reconstituting them into securities are not required to obtain a sales finance company license in the state. While the Department stated further that the licensing requirement will typically be fulfilled by the servicer or other entity responsible for servicing the contracts in the securitization trust, it did not expressly address the licensing obligations applicable in other types of financing transactions or to other types of special purpose entities. We expect that a similar licensing exemption would apply to those transactions and entities, because the servicer would need to be licensed or an exempt entity.Continue Reading New Hampshire Banking Department Clarifies Licensing for Motor Vehicle Financing

On August 2, 2024, New Hampshire enacted legislation that significantly revises its Motor Vehicle Retail Installment Sales Act, effective July 1, 2024.

Unfortunately, that effective date is not a typographical error. The New Hampshire Banking Department apparently tried during the legislative process to extend the effective date until January 1, 2025, but that extension did not make it into the enacted bill. While the bill was enacted with an effective date of July 1, 2024, the Department attempts at least to provide assurances that the bill became effective upon signing, and not retroactively. Still, the effective date of the amendments is just one of the topics requiring clarification.Continue Reading New Hampshire Significantly Amends its Motor Vehicle Retail Installment and Sales Finance Company Act

On July 18, 2024, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) issued a proposed interpretive rule (the “Proposed Rule”) purporting to clarify the application of the Truth in Lending Act (“TILA”) and Regulation Z to earned wage access (“EWA”) programs.  Unlike other interpretive rules issued by the Bureau, including the interpretive rule on the application of certain TILA and Regulation Z “credit card” provisions to buy now, pay later products, the Proposed Rule is styled as a proposal and request for comment that will not become effective until after the CFPB considers comments and issues a final interpretive rule.  In this blog post, we discuss the important features of the Proposed Rule.Continue Reading A New Play in EWA?  CFPB Issues Proposed Interpretive Rule On Earned Wage Access

On March 29, 2024, the United States District Court for the Northern District of Texas issued a preliminary injunction prohibiting enforcement of the new Community Reinvestment Act (“CRA”) regulations against the plaintiffs in the case.

The CRA, passed in 1977, generally requires insured depository institutions to participate in investment, lending, and service activities that help

On March 5, the Consumer Financial Protection Bureau (the “Bureau”) issued a Final Rule that would significantly restrict late fees that consumer credit card issuers may charge to a mere $8.

Within two days, the Final Rule faced a challenge in the Northern District of Texas by a coalition of trade groups including the United