An executive order from President Donald Trump could scale back the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act.
The vast piece of financial reform legislation passed as a reaction to the 2008 financial crisis and covered about 2,300 pages, places regulation of the financial industry in government hands. It also established a number of government agencies charged with overseeing different aspects of the banking system.
The President’s executive order “Core Principles for Regulating the United States Financial System” provides guidelines by which the Administration will judge the advisability of implementing financial regulatory changes not needing Congressional approval.
The Treasury Secretary delegated the portfolio for financial regulatory reform, and through his role as chair of the Financial Stability Oversight Council (established by Title I of the Dodd-Frank) has the task of identifying what will have the effect of making the U.S. financial system safe, sound and competitive. This will probably contain adjustments to Dodd-Frank Act rules, frequently criticized by the industry as being onerous, costly, and ineffectual.
The Banking Compliance Index disclosed that since January 2013, banks and credit unions have engaged with more than 1,200 new rules covering over 53,000 pages in the Federal Register.
However, repealing or revising Dodd-Frank requires new Congressional legislation, not an executive order. Last summer, Rep. Jeb Hensarling (R-Texas), chair of the House Financial Services Committee, introduced the Financial Choice Act, which would repeal the Volcker Rule (limiting trading by financial institutions), and the Durbin Amendment (limiting debit card transactions fees), while also replacing Dodd-Frank, according to a January 30 New York Times article.
In other regulatory news, states continue to push for more stringent consumer protection and notification requirements.
A New York state regulation, which took effect March 1, requires financial institutions to provide minimum cybersecurity standards and report breaches to regulators in an effort to limit consumers.
New York’s Department of Financial Services regulates numerous financial entities including credit unions, banks, trusts, budget planners, check cashers, money transmitters, licensed lenders, and mortgage brokers.
New York Governor Andrew Cuomo described the regulation in a statement as the first of its kind in the nation. “New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever-increasing threat of cyberattacks.”
The new rules require written policies and procedures, risk assessments, monitoring and testing, audit trails, access controls, application security, third-party service provider cybersecurity standards, encryption, data retention, specific hiring and training practices, incident response planning, notification to the DFS regarding cybersecurity events, and annual compliance certifications.
A covered entity must also designate a chief information security officer to oversee and implement its cybersecurity program, policies, and procedures. The revised rule gives financial service organizations at least a year-and-a-half to comply with the requirements.
Last week, New Mexico passed House Bill 15, called the Data Breach Notification Act, which requires any entity that gathers and stores personal information to warn people of a compromise. A business would have 30 days to alert consumers of a potential breach if the business believes there is a serious risk of identity theft or fraud as a result. Non-compliance could result in a fine up to $150,000.
New Mexico state representative Bill Rehm, R-Albuquerque, the bill’s sponsor said, “New Mexico is one of two states, Arkansas is the other, that do not have a data breach bill. There is no federal law for data breach.” So, it falls back to individual states to protect consumers.