Skip to main content
Examiner

The Examiner

"My hand trembles, but my heart does not."
Stephen Hopkins, Rhode Island delegate to the Continental Congress, on signing the Declaration of Independence on this date in 1776

FTC Data Security Proposal Maintains State Role

CSBS supports a recent Federal Trade Commission (FTC) proposal that would increase consumer protections for nonbank customers and recognize the role of state regulation, as noted in a comment letter submitted earlier this week.

The proposal would bolster general safeguard requirements that nonbank financial institutions must apply to their information security systems, with concerns about data security for customers in mind. 

The FTC’s recent proposal gives implicit acknowledgement to the role of states in setting data security standards, as it is modeled in part on cybersecurity regulations issued by the New York Department of Financial Services.

The proposal strengthens the Safeguards Rule, which since the enactment of the Gramm-Leach-Bliley Act in 2003 has required certain nonbank financial institutions to protect the financial information of their customers. The law explicitly preserved the rights of states to enact and enforce state laws that are more protective of consumers by ensuring that its regulations serve as a floor and not a ceiling for data breach and security protections.

Congress has shown an increased interest in addressing cybersecurity, particularly due to recent data breaches. In March, CSBS responded to a Senate Banking Committee request for feedback on the issue.

CSBS and state regulators strongly believe that any laws and regulations related to data privacy and security must continue to preserve a state’s ability to apply more stringent laws. In today’s comment letter, CSBS encourages the FTC to continue its policy of applying a two-part test to assess whether to preempt state laws, which the FTC has noted would be very rare.

States have, in fact, been a leader in enhancing consumer protections in the areas of data privacy, security and control. Not only have many states enacted regulations that tighten data security, states have also responded to data breaches. Notably, state regulators examined and took action against Equifax following its large-scale data breach in 2018.

Back to Top


A CSBS Paper: Overview of State Nonbank Supervision

In the second chapter of a paper series on reengineering nonbank supervision, CSBS describes the existing authorities and supervisory processes that have been granted to nonbank regulators in supervising the industry. 

State financial regulators are the primary regulators of nonbanks operating within the United States. Together, they have forged a series of initiatives, collectively known as CSBS Vision 2020, to modernize nonbank licensing and supervision.

The paper series will contribute research and engage discussion on possible actions that might be taken by: 1) creating stakeholder awareness on the state supervision of nonbanks; and 2) serving as a change document to assist state supervisors in identifying the current state of supervision and making informed changes to state supervisory processes.

To date, CSBS has published two chapters: Introduction to the Nonbank Industry and Overview of State Nonbank Supervision, both of which can be found here

In the chapter on nonbank supervision published this week, CSBS makes the following key points:

  • State regulators are considered the primary or prudential regulator of nonbanks. State attorneys general, the CFPB, and law enforcement perform crucial roles in consumer protection.
  • Supervision is oversight via licensing, examination, enforcement, and handling of consumer complaints
  • The Nationwide Multistate Licensing System (NMLS) converts the licensing process from weeks to days. Further, NMLS call reports provide a wealth of detailed information that states utilize to assess risk at the industry and individual company levels. 
  • The consumer protection role of the state system is to ensure that business practices do not result in consumer harm through negligence, non-compliance, or intentional acts intended to enrich the nonbank to the consumer's harm
  • Examinations allow states to monitor the services and products offered to consumers and determine whether a company is operating in a safe and sound manner
  • Enforcement actions are an integral part of the consumer complaint process
  • The nonbank is responsible for maintaining a sound financial condition so that it is able to meet statutory and regulatory obligations; comply with laws, rules, and directives of their supervisors; and ensure that consumers are treated appropriately and protected from harm
  • Through self-assessment and self-reporting, management builds trust with regulators, and that trust will carry the institution through the examination and beyond 
  • Nonbanks with a poor culture of compliance are likely to have issues related to compliance and consumer protection. Compliance staff should be empowered with enough authority and autonomy to implement an effective compliance program.
  • Information sharing among the states is effective and beneficial in licensing, examination, investigation, and enforcement

Back to Top


 Thomas Siems Joins CSBS as Senior Economist

This week CSBS announced that Thomas F. Siems has joined the organization as senior economist. In this new role, Tom will focus on economic research of small business lending, consumer credit, risk, the role of community banks and policy development.

John Ryan, CSBS president and CEO: “Financial services are changing, becoming more data-driven for banks and other financial institutions. Tom’s focus on quantitative research at CSBS will contribute to the development of sound financial services policy and support the state system of financial regulation in a changing environment.”

Senior Economist Thomas Siems: “I’m thrilled to lead research into new areas that will help regulators collaborate with federal counterparts and Congress to oversee a dynamic banking and financial services industry.”

Prior to joining CSBS, Tom spent more than 30 years at the Federal Reserve Bank of Dallas. There he led a team to advance economic understanding, growth and stability and advised the bank president on economic trends and public policy. He is the author of more than 75 academic articles and delivered a 2015 TEDxSMU talk, “The Wealth of Innovations.

Tom earned his Ph.D. from Southern Methodist University in operations research where his dissertation focused on measuring management quality and predicting bank failures. He went on to serve as SMU’s executive-in-residence and chief engineering economist, teaching courses in economics, operations research, systems engineering, and data analytics and advising the dean of the Bobby B. Lyle School of Engineering.

Back to Top

Featured Posts

Recent Posts

exit