The Financial Crimes Enforcement Network (“FinCEN”) just issued another Advisory pertaining to two consumer fraud schemes exacerbated by the COVID-19 pandemic. This Advisory focuses on “imposter schemes” and “money mule schemes, ”which we discuss below.

This most recent Advisory is the latest in a string of pronouncements relating to the pandemic by FinCEN, which has stated that it regularly will issue such documents. As we have blogged, FinCEN issued an Advisory on May 18 regarding medical scams related to the pandemic, and issued a companion Notice that “provides detailed filing instructions for financial institutions, which will serve as a reference for future COVID-19 advisories.” On April 3, 2020, FinCEN also updated its March 16, 2020 COVID-19 Notice in order to assist “financial institutions in complying with their Bank Secrecy Act (“BSA”) obligations during the COVID-19 pandemic, and announc[ing] a direct contact mechanism for urgent COVID-19-related issues.”

The most recent Advisory again provides a list of potential red flags that FinCEN believes that financial institutions should be monitoring for, in order to detect, prevent, and report such suspicious activity. As we previously have commented: although such lists can be helpful to financial institutions, they ultimately may impose de facto heightened due diligence requirements. The risk is that, further in time, after memories of the stressors currently imposed by COVID-19 have faded, some regulators may focus only on perceived historical BSA/AML compliance failures and will invoke these lists not merely as efforts by FinCEN to assist financial institutions in deterring crime, but as instances in which FinCEN was putting financial institutions on notice.

Further, the most recent Advisory suffers from the fact that its list of red flags for imposter schemes is best directed at consumers themselves, rather than at financial institutions offering services to consumers: many of the red flags pertain to anomalies in the communications sent directly by fraudsters to targeted consumer victims – information that financial institutions rarely possess.
Continue Reading  FinCEN Issues Advisory on COVID-19 and Imposter and Money Mule Schemes

On April 30th, U.S. Senators from across multiple committees joined together to announce legislation that would protect consumer privacy rights in the wake of the COVID-19 pandemic. Sen. Roger Wicker (R-MS), Chair of the Senate Committee on Commerce, Science, and Transportation; Sen. John Thune (R-SD), Chair of the Subcommittee on Communications, Technology, Innovation,

On September 13, 2019—the last day of the legislative session—California lawmakers approved five amendments intended to clarify the scope of the California Consumer Privacy Act (the “CCPA”), but rejected several industry-backed proposals that would have exempted personal information used for targeted advertising and loyalty programs.

Five amendments passed:  AB 25, 874, 1146, 1355, and 1564. 

Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws.  These laws come on the heels of Connecticut’s law enacted a few days earlierNotably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity

On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”).  In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi

New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead.  New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA

At what has been described as a marathon hearing that lasted late into the night of July 9, the California Senate Judiciary Committee advanced several amendments to the California Consumer Privacy Act (the “CCPA”), but major changes that opponents claimed would have eroded privacy protections for consumers largely failed.  The bills advanced from the Senate

Since the passage of the California Consumer Privacy Act (CCPA) in June 2018, over a dozen US states have proposed their own privacy laws, many of which are nearly identical to the CCPA.  Some of these proposals have since become law.  Others are in different stages of the legislative process.  To help clients keep track of the status of these proposed laws, Ballard has launched a US State Privacy Law Tracker.  We’ll be updating the Tracker as these laws progress and states propose new privacy laws, so check back regularly. 
Continue Reading  Ballard Launches US State Privacy Law Tracker

In April 2019, the California Assembly Privacy and Consumer Protection Committee rejected a proposal known commonly as the “Privacy for All Act” (AB-1760), which among other things would have provided a private right of action for all violations of the California Consumer Privacy Act (CCPA). The rejection of AB-1760 was a blow to consumer privacy advocates. A similar measure, SB-561, would also have provided a private right of action for all privacy violations. That bill has also been defeated, meaning that the CCPA’s private right of action provisions will not be expanded this year.
Continue Reading  Proposed Expansion of CCPA’s Private Right of Action Defeated in State Senate