Author Archives: eav8207

CFPB Issues Final “Open Banking” Rule Requiring Covered Entities to Provide Consumers Access and Transferability of Financial Data

by Jarryd Anderson, Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Kannon Shanmugam

Photos of authors

Top Left to Right: Jarryd Anderson, Jessica Carey, and John Carlin. Bottom Left to Right: Roberto Gonzalez, Brad Karp, and Kannon Shanmugam. (photos courtesy of Paul Weiss)

On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a 594-page Notice of Final Rulemaking for its “Personal Financial Data Rights” rule, commonly known as the “Open Banking” rule, which will require covered entities—generally, providers of checking and prepaid accounts, credit cards, digital wallets, and other payment facilitators—to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge.[1] Covered entities are required to comply with uniform standards to provide access to this financial data through consumer and developer interfaces.[2] The rule imposes requirements on authorized third parties (such as fintechs), as well as data aggregators that facilitate access to consumers’ data, including required disclosures to consumers regarding the third parties’ use and retention of the requested data and a requirement that the data only be used in a manner reasonably necessary to provide the requested product or service (thus foreclosing selling the data or using it for targeted advertising or cross selling purposes).[3]

Continue reading

Trust, But Verify…Therein Lies the Rub: A Fresh Look at Audits of Export Controls Compliance Programs

by Brent Carlson and Michael Huneke

Photos of the authors

Left to right: Brent Carlson and Michael Huneke (Photos courtesy of the authors)

Export controls have risen to a top corporate compliance priority in recent years, and now even pose enterprise risk for many companies.[1] The combination of new rules and enforcement signals from the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and increasing bipartisan congressional scrutiny, means that in-house legal and compliance teams face enormous challenges. New, innovative tools and techniques are necessary to stay ahead of the game, and this includes making upgrades to keep a company’s audits effective.

Continue reading

Irish Regulator Fines LinkedIn 310 Million Euros for GDPR Violations

by David Dumont and Tiago Sérgio Cabral

Photos of the authors

Left to right: David Dumont and Tiago Sérgio Cabral (Photos courtesy of the authors)

On October 24, 2024, the Irish Data Protection Commission (the “DPC”) announced that it had issued a fine of €310 million (approx. $335 million) against LinkedIn Ireland Unlimited Company (“LinkedIn”) for breaches of the EU General Data Protection Regulation (“GDPR”) related to transparency, fairness, and lawfulness in the context of the company’s processing of its users’ personal data for behavioral analysis and targeted advertising. In addition to the fine, the DPC also issued a reprimand and an order to bring processing into compliance.  

Continue reading

Click to Cancel: The FTC’s Amended Negative Option Rule and What it Means for Your Business

by Julia Solomon Ensor 

Federal Trade Commission

The FTC has long regulated negative options through the Negative Option Rule and strategic enforcement actions. Recently, the FTC built on that work by announcing a set of common-sense revisions to the Negative Option Rule, now known as the Rule Concerning Recurring Subscriptions and Other Negative Option Programs. The revisions are designed to protect people from misleading enrollment tactics, billing practices, and cancellation policies, and provide businesses with clear rules of the road, all consolidated in one place, to help them build customer trust and avoid enforcement action.

Continue reading

FINMA Sanctions Swiss Private Bank Mirabaud & Cie for Serious Violations of Swiss Financial Market Law

by Jonathan J. Rusch

photo of author

Photo courtesy of the author

For generations, the Swiss financial sector has carefully burnished its reputation as the “perfect home for wealth” and a “financial safe haven.”[1]  That reputation, not surprisingly, has led for some time not only to attraction of persons seeking legitimate investment and wealth management opportunities, but to a high degree of money laundering risk.[2]

In recent years, Swiss government authorities have responded to these money laundering risks with necessary changes in its anti-money laundering (AML) laws and general improvements in its legal and regulatory enforcement of those laws.  The Swiss Attorney General’s Office, for example, has demonstrated an increasing commitment to holding the Swiss banking community accountable for criminal violations of Swiss anti-money laundering (AML) laws.[3]  The Swiss Financial Market Supervisory Authority (FINMA), as the supervisor of the Swiss financial sector, has lately shown increased resolve in imposing significant sanctions on banks that fail to comply with AML laws.[4]

The most recent example of FINMA’s resolve took place on September 17, when FINMA disclosed that it had taken strong AML-related measures against a prominent Swiss private bank, Mirabaud & Cie SA.[5]  It stated that in June 2023, it had concluded enforcement proceeding against Mirabaud, finding that Mirabaud breached its AML obligations under Swiss law and “seriously violated provisions of financial market law concerning adequate organisation (governance), risk management and money laundering prevention over a prolonged period.”  It also took the highly unusual steps of confiscating CHF 12.7 million of unlawfully generated profits, opening three proceedings against individuals, and prohibiting Mirabaud from accepting any new clients with increased money-laundering risks until compliance with Swiss financial market law has been restored.

This post will explain the background and basis of FINMA’s actions and provide several observations on its significance.

Continue reading

California’s Legislative Push on AI: A Wave of New Obligations and Prohibitions

by Beth George, Janet Kim, Sean Quinn, Madeline Cimino, and Christine Chong

Photos of authors

From left to right: Beth George, Janet Kim, Sean Quinn, Madeline Cimino, and Christine Chong (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

California Governor Gavin Newsom recently signed into law a wave of legislation – totaling 19 laws – addressing the opportunities and risks of AI and placing California at the forefront of AI regulation in the United States. From election integrity to performer rights and healthcare transparency, the state has enacted measures aimed at managing potential negative impacts of the AI boom. At the same time, Governor Newsom vetoed SB 1047, the most comprehensive bill on his desk, signaling his interest in balancing the need for regulation to promote the safe deployment of AI with an interest in fostering growth in this important new sector of the California tech economy.

Continue reading

Operation AI Comply: Continuing the Crackdown on Overpromises and AI-related Lies

by Julia Solomon Ensor

Federal Trade Commission

Maybe you grew up daydreaming about artificial intelligence, or AI. You imagined its potential to change the future, possibly with an army of helpful robots to take on your least favorite human tasks. The Star Wars franchise had R2-D2. The Jetsons had Rosey. There was RoboCop. And when everything else was gone, the world had WALL-E, the stoic trash collector looking for love. Now, as a business owner, you’re always watching for the next big invention to fine-tune processes and increase profitability. And some marketers can’t resist taking advantage of that by using the language of AI and technology to try to make it seem like their products or services deliver all the answers.

Continue reading

BIS Final Rule on Voluntary Self-Disclosure Process and Penalty Guidelines Highlights Significant Export Control Violations and Higher Penalties

by Christopher Timura, David Burns, Adam M. Smith, Stephenie Gosnell Handler, Samantha Sewall, Cody Poplin, Chris Mullen, and Audi Syarief

Top left to right: Christopher Timura, David Burns, Adam M. Smith, and Stephenie Gosnell Handler.
Bottom left to right: Samantha Sewall, Cody Poplin, Chris Mullen, and Audi Syarief. Photos courtesy of the authors.

In a final rule effective September 16, 2024, the Department of Commerce’s Bureau of Industry and Security (“BIS”) updated its process for handling voluntary self-disclosures from industry and expanded its discretion to impose higher monetary penalties for violations of export control laws. Whether to submit a voluntary self-disclosure remains a fact-dependent decision and requires careful weighing of factual, legal, practical and policy considerations.

Continue reading

The Top 5 Mid-Year Developments in Anti-Money Laundering Enforcement in 2024

by Stephanie Brooker, M. Kendall Day, Ella Capone, Chris Jones, and Ben Schlichting

Photos of the authors

From left to right: Stephanie Brooker, M. Kendall Day, Ella Capone, Chris Jones, and Ben Schlichting. (Photos courtesy of Gibson Dunn & Crutcher LLP)

In this piece, we analyze some of the most important mid-year trends and developments in AML regulation and enforcement thus far in 2024.  Overall, 2024 has been very active, including key proposed and finalized rules, DOJ policy initiatives, and a notable judicial opinion discussed below.  For a longer version of this piece, please visit Gibson Dunn’s website.

Continue reading