The Board of Governors of the Federal Reserve System (Federal Reserve) has released additional details on its pilot climate scenario analysis exercise (CSA). The Federal Reserve has the responsibility of making institutions aware of potential risks, including those regarding climate change. The CSAs are intended to “advance the ability of supervisors and banks to analyze and manage emerging climate-related financial risks.” The CSA will examine the six largest U.S. banks: Bank of America Corporation, Citigroup Inc., The Goldman Sachs Group, Inc., JPMorgan Chase & Co., Morgan Stanley, and Wells Fargo & Company.

The Consumer Financial Protection Bureau (CFPB or Bureau) has proposed a new system that would require nonbank financial companies to register their use of certain terms and conditions. The proposed rule (Rule) seeks to collect information about the use of terms and conditions that attempt to “censor…customers and force individuals [to surrender] their legal rights.” The Consumer Financial Protection Act of 2010 requires the Bureau to monitor the financial product and services market for risks to consumers. The Bureau claims that “any time a consumer legal protection is being relinquished or constrained pursuant to a term or condition contained in a form contract, some degree of risk to the consumer arises. For that reason, an assessment of the risk is warranted.”

Compared to 2021, nationwide consumer reporting agencies (NCRAs) appear to have made significant improvements regarding their responses to customer complaints in 2022, as found by the Consumer Financial Protection Bureau (CFPB). The CFPB is required by the Fair Credit Reporting Act to submit an annual report to Congress that details certain consumer complaints transmitted by the CFPB to the three largest NCRAs—Equifax, Experian, and TransUnion. According to the data collected from the consumer complaint process as well as focus groups and interviews of low-to-medium income households, all three NCRAs have raised their reported relief to complaints.

On January 9, 2023, the Consumer Financial Protection Bureau (CFPB) published an article letting new institutions know what they can expect from a CFPB supervisory role.

Since the Inflation Adjustment Act, amended by the Debt Collection Improvement Act of 1996 and the Federal Civil Penalties Inflation Adjustment Act Improvement Act of 2015, federal agencies are required to adjust civil penalty amounts according to inflation each year. In December 2022, pursuant to the Inflation Adjustment Act and Office of Management and Budget (OMB) guidance, the Consumer Financial Protection Bureau (CFPB) released the changes, effective January 15, 2023.

On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the compliance deadline for certain provisions of its updated Safeguards Rule (the “Rule”) from December 9, 2022 to June 9, 2023.

On January 1, 2023, the Office of the Comptroller of the Currency’s (OCC) revised Policies and Procedures Manual (PPM), PPM 5000-7. for assessing civil money penalties (CMP) was placed into use.

On October 14, 2022, the Chairman of the House Subcommittee on Economic and Consumer Policy (the “Subcommittee”), Raja Krishnamoorthi (D-IL) sent a letter to Consumer Finance Protection Bureau (“CFPB” or the “Bureau”) Director Rohit Chopra requesting information and documents on the Bureau’s efforts to combat cryptocurrency-related fraud.

On October 6, 2022, the Office of the Comptroller of the Currency (“OCC”) released its Supervision Operating Plan for 2023 (the “Plan”), outlining its risk-focused bank policy initiatives and supervisory strategies for the new year.

The priorities will apply to national banks of all sizes, as well as federal savings associations, federal branches, federal agencies, and technology service providers.

On October 6, 2022, the Office of the Comptroller of the Currency (“OCC”) announced that the Federal Financial Institutions Examination Council (“FFIEC”) issued an update to the FFIEC Cybersecurity Resource Guide for Financial Institutions (“Guide”).

On October 3, 2022, the Federal Reserve Board (“FRB” or the “Board”) announced that it had finalized updates to the Board’s rule amending Regulation II, concerning debt and credit card interchange transaction fees and routing, to provide clarification as to the rule’s requirements.

On September 29, 2022, the Federal Reserve Board (FRB) announced that six of the nation’s largest banks are going to be participating in a pilot climate scenario analysis exercise designed by the FRB to “enhance the ability of supervisors and firms to measure and manage climate-related financial risks.”

On September 7, 2022, the Federal Reserve Board (“FRB”) Vice Chair for Supervision, Michael Barr, spoke at the Brookings Institution at Washington, D.C. and outlined his goals for “making the financial system safer and fairer.”

On September 6, 2022, the Office of the Comptroller of the Currency (“OCC”) released its strategic plan for fiscal years (FY) 2023-2027 (“Plan”).

On August 19, 2022, the Consumer Financial Protection Bureau (“CFPB”) published a blog stating that the Bureau will “modernize” how credit card data is collected.

On August 11, 2022, the Federal Trade Commission (“FTC”) released an advance notice of proposed rulemaking (“ANPR”) to govern “commercial surveillance.”

In August of 2022, the Federal Deposit Insurance Corporation (“FDIC”) issued guidance warning supervised financial institutions against “assessing multiple non-sufficient funds ("NSF") fees arising from the re-presentment of the same unpaid transaction.”

On August 17, 2022, the Securities Industry and Financial Markets Association (“SIFMA”) issued a comment on regarding the New York State Department of Financial Services’ (“NYFDS”) proposed amendments to the cybersecurity requirements for financial services companies, the Cybersecurity Requirements for Financial Services Companies (“Part 500”).

On August 11, 2022, the Consumer Financial Protection Bureau (“CFPB”) published a Circular stating “[i]nadequate security for the sensitive consumer information collected, processed, maintained, or stored by … [a] company can constitute an unfair practice” under the Consumer Financial Protection Act (“CFPA”).

On July 7, 2022, the Federal Reserve Board (“Board”) published its annual Cybersecurity and Financial System Resilience Report. The issuance of the report is mandated under the Consolidated Appropriations Act, 2021 (“CAA”), which requires the Board to provide a description of measures Board it “has undertaken to strengthen cybersecurity within the financial services sector and with respect to the Board’s functions as a regulator, including the supervision and regulation of financial institutions and third-party service providers.”