Mr. Leibowitz is a partner in Davis Polk’s Litigation Department. [Full Bio]

The main lesson from the CFPB symposium on “abusive acts or practices” is that there won’t be any clarity anytime soon.  In response to long-lasting concerns from the financial services industry that the indefinite scope and meaning of what amounts to an “abusive” act or practice generates uncertainty and impedes
Continue Reading

The FTC is expanding its enforcement efforts for fintech, particularly in the areas of online and small-business lending, payments, and cryptocurrencies.  At a recent event in Washington, D.C., the FTC’s Director of Consumer Protection, Andrew Smith, stated, “Commissioners are really interested in [fintech].  Finance will be a steady part of
Continue Reading

In October 2016, the U.S. federal banking agencies jointly issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards (the “Enhanced Standards”).  The Enhanced Standards would apply on an enterprise-wide basis to large financial institutions and their service providers, as detailed in this memorandum.  The U.S. federal


Continue Reading

In September 2016, the New York State Department of Financial Services (the “NYDFS”) proposed new cybersecurity regulations (the “Proposed Rules”) for banks, insurance companies and other financial institutions regulated by the NYDFS (“Covered Entities”).[1]  The Proposed Rules reflect an ongoing interest in cybersecurity by


Continue Reading

On March 2, 2016, the CFPB announced that it had settled an enforcement action with Dwolla, Inc., an online payment platform, for making allegedly deceptive statements regarding its data security practices and the safety of its online payment system. Dwolla agreed to pay a $100,000 civil penalty and to undertake


Continue Reading