Mr. Leibowitz is a partner in Davis Polk’s Litigation Department. [Full Bio]

The main lesson from the CFPB symposium on “abusive acts or practices” is that there won’t be any clarity anytime soon.  In response to long-lasting concerns from the financial services industry that the indefinite scope and meaning of what amounts to an “abusive” act or practice generates uncertainty and impedes
Continue Reading Additional Clarity Could be Coming on the CFPB’s “Abusive” Acts or Practices Authority—But Don’t Hold Your Breath

The FTC is expanding its enforcement efforts for fintech, particularly in the areas of online and small-business lending, payments, and cryptocurrencies.  At a recent event in Washington, D.C., the FTC’s Director of Consumer Protection, Andrew Smith, stated, “Commissioners are really interested in [fintech].  Finance will be a steady part of
Continue Reading The FTC’s Growing Enforcement Interest in Fintech

In October 2016, the U.S. federal banking agencies jointly issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards (the “Enhanced Standards”).  The Enhanced Standards would apply on an enterprise-wide basis to large financial institutions and their service providers, as detailed in this memorandum.  The U.S. federal

Continue Reading Banking Regulators Float Broad Cyber Risk Approach

In September 2016, the New York State Department of Financial Services (the “NYDFS”) proposed new cybersecurity regulations (the “Proposed Rules”) for banks, insurance companies and other financial institutions regulated by the NYDFS (“Covered Entities”).[1]  The Proposed Rules reflect an ongoing interest in cybersecurity by

Continue Reading New York State Department of Financial Services Proposes New Cybersecurity Regulations

On March 2, 2016, the CFPB announced that it had settled an enforcement action with Dwolla, Inc., an online payment platform, for making allegedly deceptive statements regarding its data security practices and the safety of its online payment system. Dwolla agreed to pay a $100,000 civil penalty and to undertake

Continue Reading CFPB Brings First Ever Data Security Enforcement Action: Review and Analysis