he U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an online voluntary self-disclosure (VSD) portal for disclosure of potential violations of U.S sanctions earlier this month. The VSD portal will replace the current system, where organizations voluntarily disclose potential violations over email. The VSD portal provides a more secure and user-friendly method of self-disclosure.

OFAC says the improved system will provide a faster acknowledgement of violation submissions and better communication with the agency. While the method of reporting is changing, nothing about the underlying requirements for self-disclosure will change. OFAC continues to offer the potential for a 50 percent reduction in penalties for qualifying self-disclosures.

A VSD is a self-initiated notification to the OFAC of a potential sanctions violation that can earn cooperation credit, should the following OFAC investigation find a violation. Compliance experts warn of the importance of self-reporting, since if caught, there could be severe repercussions like civil penalties (fines of over $1 million for each violation), criminal prosecutions ($20 million in fines for each violation and up to 30 years in prison), and administrative actions, among others.

The main features of the new online portal include the two-step disclosure process and disclosure timeline. The two-step disclosure process includes an initial submission regarding the potential violation which prompts the start of the disclosure timeline, and a final submission which is a detailed report after the completion of the entity’s internal investigation. The disclosure timeline will not change, with OFAC expecting companies to submit a follow-up report within 180 days of the initial notification. Additionally, the new portal allows multiple documents to be filed with OFAC at once efficiently. All other underlying procedures and requirements will stay the same.

The new VSD portal took effect early February. 

The post OFAC Launches New Online Voluntary Self-Disclosure Portal appeared first on Compliance Chief 360.

he California Attorney General’s office has announced a settlement with the Walt Disney Co., resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to answer consumers’ requests to opt-out of the sale or sharing of their data across all devices and streaming services associated with consumers’ Disney accounts. Under the settlement, Disney must pay $2.75 million in civil penalties and must implement opt-out methods that fully stop Disney’s sale or sharing of consumers’ personal information.

The California Department of Justice’s investigation into Disney stems from a January 2024 investigative sweep of streaming services for potential CCPA violations. Effective opt-out is one of the requirements of complying with CCPA. The investigation found that Disney’s opt-out processes did not allow a consumer to completely opt-out of and stop all sale or sharing of their data, in violation of the CCPA.

“Consumers shouldn’t have to go to infinity and beyond to assert their privacy rights. Today, my office secured the largest settlement to date under the CCPA over Disney’s failure to stop selling and sharing the data of consumers that explicitly asked it to,” said Attorney General Bonta. “California’s nation-leading privacy law is clear: A consumer’s opt-out right applies wherever and however a business sells data — businesses can’t force people to go device-by-device or service-by-service. In California, asking a business to stop selling your data should not be complicated or cumbersome.”

The investigation found that each of the methods Disney provided had gaps that allowed Disney to continue to sell and share consumers’ data, including:

Opt-Out Toggles: If a user requested to opt-out of the sale or sharing of their data via an opt-out toggle in Disney’s websites and apps, Disney only applied the request to the specific streaming service the user was watching, and often only the specific device the consumer was using. This meant that in most instances, using the toggle would not stop selling or sharing from other devices or services connected to the consumer’s account.

Webform: If a user opted out using Disney’s webform, Disney only stopped the sharing of personal data through the company’s own advertising platform and offerings. However, Disney continued to sell and share consumer data with specific third-party ad-tech companies whose code Disney embedded in its websites and apps. Disney also failed to provide an in-app, opt-out method in many of its connected TV streaming apps, instead directing consumers to its webform, effectively leaving consumers with no way to stop Disney’s selling and sharing from these apps.

The Global Privacy Control: For consumers who opted out via the Global Privacy Control (GPC), Disney limited the request to the specific device the consumer was using, even when the consumer was logged into their account. The GPC is an easy-to-use ‘stop selling or sharing my data switch’ that is available on some internet browsers or as a browser extension.

About the California Consumer Protection Act

The CCPA has opened up a whole new world of privacy protection and increased privacy rights for California consumers, such as the right to know how businesses collect, share, and disclose their personal information. The CCPA vests California consumers with control over the personal information that businesses collect about them, including the right to request that businesses stop selling or sharing their personal information.

Today’s settlement represents the seventh enforcement action under the CCPA. The Attorney General’s office has also announced settlements with Sephora and DoorDash as well as mobile app gaming company, Jam City; streaming service, Sling TV; website publisher, Healthline.com; and entertainment company, Tilting Point Media. In order to monitor the businesses’ compliance with the CCPA, Attorney General Bonta has conducted investigative sweeps related to location data, streaming apps and devices, employee information, and surveillance pricing. 

Joseph McCafferty is editor & publisher of Compliance Chief 360.

The post Disney Settles ‘Opt-Out’ Privacy Case with California for $2.75 Million appeared first on Compliance Chief 360.

magine driving on a constantly changing highway: the speed limits and lane directions are shifting and updating, the exit ramps and destinations rerouting, all while you are mid-journey. How do you, the driver, stay on course? You rely on an up-to-the-minute navigation system. You watch for new road signs. And you drive defensively to avoid collisions.

Today’s regulatory landscape shifts frequently, seemingly on an almost daily basis. This dynamic environment is characterized by unprecedented velocity and complexity as new legislation emerges, enforcement priorities pivot like sudden detours, and technological advancements create novel risks of unexpected road hazards.

Compliance leaders are the vigilant drivers on this ever-changing highway, actively seeking counsel, staying abreast of new regulations, and engaging in preemptive risk management. This demanding, unpredictable terrain requires more than a periodic compliance tune-up; compliance programs must receive constant attention to operate at peak performance in this dynamic environment.

Mapping the Original Routes: The Advent of U.S. Regulation

Business regulation in the United States has been around since nearly the dawn of the country, of course, but its scope, focus, and intensity have evolved significantly since then.

The first major regulatory agency, the Interstate Commerce Commission (ICC), dates back to 1887 amid the rise of large industries and concerns about monopolies and safety. Economic regulation was the focus then, and the ICC was created primarily to regulate the railroad industry. President Franklin D. Roosevelt vastly expanded the federal regulatory apparatus in the wake of the Great Depression. New agencies were created to oversee banking (FDIC), securities (SEC), labor relations (NLRB), and communications (FCC), effectively paving new regulatory roads. The rapid growth of federal agencies during the New Deal led to the Administrative Procedure Act of 1946, which was enacted to bring order, uniformity, fairness, and accountability to the burgeoning federal administrative state, establishing standardized road rules for regulators.

The Wave of Social and Safety Regulations. The 1960s and 1970s gave rise to a new wave of agencies, like the Environmental Protection Agency (EPA), the Occupational Safety and Health Administration (OSHA), and the Consumer Product Safety Commission (CPSC), which focused on broader societal goals. These agencies often set standards for business operations, moving beyond purely economic controls and adding new types of safety lanes and environmental considerations to the compliance map.

Navigating Regulatory Cycles: From Cruise Control to Heavy Traffic. The regulatory environment has oscillated since the 1980s. Major financial crises and corporate scandals tend to trigger periods of heavier regulation—imagine sudden traffic jams and new toll booths—often followed by periods of deregulation and burden reduction driven by inefficiency concerns. This cyclical pattern has become more pronounced and faster in recent decades.

Today’s High-Speed, Multi-Lane Mayhem

Today’s regulatory landscape is unique and characterized by unprecedented complexity, stemming from interconnected factors.

The Global Expressway and Tech-Driven Detours. Regulation was once primarily national and driven by industrialization and economic crises. Now it is intensely global, interconnected, and touches on broader societal issues. Rapid technological advancements, particularly in artificial intelligence, data analytics, and digital finance, create novel risks and ethical considerations that necessitate new rules of the road for privacy, cybersecurity, and market conduct. Regulators struggle to keep pace, leading to reactive rulemaking, which results in poorly marked lanes, sudden regulatory potholes, or regulations that quickly become outdated before the asphalt even dries.

Geopolitical Junctions and ESG Overpasses. Geopolitical events like conflicts, trade disputes, or shifting alliances trigger immediate regulatory responses, particularly concerning sanctions, tariffs, and export controls, forcing abrupt rerouting. Mounting societal and investor pressure, especially concerning Environmental, Social, and Governance (ESG) criteria, drives demand for greater corporate transparency and accountability. This adds new lanes and destinations to the compliance map beyond traditional financial and operational rules.

Exiting to Variable-Speed State Routes. Increasingly, states are implementing their own regulations in areas like data privacy and environmental standards. This creates a complex patchwork of requirements, like navigating a series of local roads with differing speed limits after exiting the federal highway. These regulations can vary significantly across state lines, complicating compliance for companies operating nationwide and requiring drivers to adjust their speed and awareness.

The Whiplash Effect. Heightened political volatility is responsible for the pace and volume of change. Major regulatory shifts historically occurred over decades. Today, significant changes can happen rapidly, driven by executive actions, geopolitical events, or swift legislative responses. Political changes bring new enforcement priorities and legislative agendas. Rules implemented by one administration may be quickly frozen, reviewed, or repealed by the next. This “regulatory whiplash” created by frequent and intense policy reversals creates a far more uncertain operating environment that forces companies to constantly slam on the brakes or accelerate unexpectedly, making smooth navigation nearly impossible.

The Breakdown Lane: Why Periodic Inspections Aren’t Enough

How can companies avoid breakdowns while driving through this demanding, unpredictable terrain? They must adopt a continuous evaluation mindset rather than conducting backward-looking, periodic assessments of compliance programs.

A reactive approach to compliance is insufficient. Periodic reviews often focus on identifying past failures or existing gaps. They are not designed to proactively identify and mitigate emerging threats before they materialize into significant compliance issues.

Furthermore, concentrating evaluation efforts into discrete periods can create significant resource demands, potentially pulling focus from day-to-day compliance operations. And while accurate for a specific point in time, the findings can quickly become outdated. By the time a periodic review is completed, the risks it assessed may have evolved, or new, more pressing risks may have emerged. This can lead to a false sense of security for businesses. A “clean” report from a periodic review might mask underlying vulnerabilities that have developed since the review period or were outside its specific scope. Business leaders must therefore proactively identify and mitigate emerging threats before they materialize into significant compliance issues.

Think of your vehicle’s engine again. An annual inspection might confirm it met standards last year, but it won’t detect a slow leak that started last month or predict a component failure likely to occur next week due to recent heavy usage on rough roads.

The High-Performance Engine: Embracing Continuous Compliance Monitoring

Continuous evaluation moves beyond the static snapshot. It involves embedding monitoring, feedback, and adaptation into the compliance program’s daily fabric. This approach treats the compliance program not as a fixed structure to be occasionally inspected but as a living system that must constantly adapt to its environment, much like a modern vehicle with adaptive cruise control and lane-keep assist.

Adopting a continuous evaluation mindset yields significant advantages:

• Early Hazard Detection: Compliance professionals can identify potential issues and emerging risks much sooner, allowing for timely intervention and mitigation before they escalate into major accidents.
• Enhanced Agility: It enhances adaptability and enables the compliance program to flex and adjust rapidly to regulatory or business environment changes, like smoothly changing lanes in shifting traffic.
• Optimized Resource Allocation: It allows for a more consistent and targeted allocation of compliance resources towards the most pressing current risks, rather than cyclical surges of reactive maintenance.
• Demonstrable Diligence: It provides ongoing evidence to regulators, auditors, and government investigators that the compliance program is actively managed, responsive, and effective in mitigating risk, like having a clean driving record and well-maintained vehicle logs.
• Fostering a Proactive Culture: It promotes a culture where compliance awareness and feedback are ongoing processes, not just annual events, making every employee a co-pilot in vigilance.

Upgrading Your Compliance Vehicle: Implementing Continuous Evaluation

 Implementing a continuous evaluation framework requires a shift in mindset and potentially investment in technology and skills. It necessitates moving away from purely reactive, audit-driven checks towards proactive, data-informed monitoring. Key steps include:

• Leadership Buy-in: Secure commitment from senior management, emphasizing the strategic value of proactive compliance risk management as an essential vehicle safety feature, not just a cost.
• Technology Enablement: Identify and leverage appropriate tools for data aggregation, analytics, monitoring, and regulatory intelligence gathering. This means investing in an advanced “cockpit” with real-time “dashboard telemetry” (data analytics platforms) and a constantly updating “GPS” (AI-powered horizon scanners and regulatory update services) to see around the next bend and anticipate merging traffic or road closures.
• Data Integration: Break down silos to ensure relevant data from across the organization feeds into the compliance monitoring process, like ensuring all vehicle sensors report to the central computer.
• Skill Development: Train and equip compliance teams with the skills needed for data analysis, trend spotting, and interpreting diverse feedback sources, turning them into expert navigators.
• Phased Implementation: Start by focusing on high-risk areas and gradually expand the continuous monitoring approach across the program, like mastering local routes before embarking on a cross-country journey.

Driving Towards a Resilient Future: The Road Ahead

The pace of regulatory change shows no signs of slowing down or becoming less complex. For compliance programs to remain effective guardians of organizational integrity and value, they must evolve beyond periodic check-ups. Like maintaining a high-performance engine for a demanding journey, continuous monitoring, regular feedback, and agile adjustments are essential. By embracing a continuous evaluation model, compliance professionals can move from simply reacting to the past to proactively navigating the complexities of the present and preparing for the uncertainties of the future, ensuring their programs are not just compliant on paper but resilient in practice, ready for any road, any condition.  

Kristin B. Johnson (kristin.johnson@woodsrogers.com) is an attorney in the Government & Special Investigations Practice at the Virginia law firm Woods Rogers.

The post Maintenance Checks Required: Navigating the Chaotic Compliance Highway appeared first on Compliance Chief 360.

Atkins published a few initial potential questions to be raised at the roundtable in determining whether the CEO compensation rules are not only cost-effective but also necessary for the purpose of providing information that will enable investors to make informed investment decisions.

“While it is undisputed that these requirements, and the resulting disclosure, have become increasingly complex and lengthy, it is less clear if the increased complexity and length have provided investors with additional information that is material to their investment and voting decisions,” Atkins said in a statement.

Among Atkins proposed questions, was the chair’s inquiry into the “pay-versus-performance” and “bonus claw back” rules that were recently adopted by the SEC in 2022. The “pay-versus-performance” rule ultimately requires public companies to disclose in a clear manner the relationship between the executive compensation actually paid by the company and the financial performance of the company itself. Meanwhile, the “bonus claw back” rules originally require companies to adopt policies that require executive officers to pay back incentive-based compensation that they were awarded erroneously.

This announcement comes at a time when the agency has demonstrated a shift toward reducing regulatory enforcement, in line with the priorities set by the Trump administration “The SEC, in its regulatory capacity, is tasked to balance investor protection with promoting capital formation and market efficiency,” according to Atkins. “In years past, the commission has unfortunately demonstrated a tendency to prioritize regulatory expansion over meticulous economic analysis, potentially jeopardizing this delicate balance.”

Since President Trump took office, the SEC has largely ceased pursuing high-profile cases against companies within its jurisdiction and has released staff-level statements suggesting that meme coins and certain crypto mining activities fall outside its regulatory scope.

Regulatory Rollbacks Draw Criticism

While many are in support of deregulation, many have expressed their opposition to it. SEC Commissioner, Caroline Crenshaw, believes that such deregulation may pave a path for a crisis similar to the financial crisis that occurred in 2008. It feels all too familiar to those of us who have lived through 2008,” Crenshaw warned, quoting a report from an independent commission that found that the 2008 crisis was preventable and that “the public stewards of our financial system ignored warnings and failed to question, understand, and manage evolving risks.”

“After a crisis happens, the first thing people ask is, ‘How could this have happened?’ And, more specifically, ‘Where were the regulators?” Crenshaw said. “But before a crisis happens, everyone demands that regulators get out of their way. I don’t want us to suffer the same fate.”

While Atkins has yet to respond to such comments, it is almost certain the agency will address such issues at its incoming roundtable meeting. The roundtable will be open to the public and held at the SEC’s headquarters. The discussion will be streamed live on the SEC website and a recording will be posted at a later date.

The post SEC to Revisit Executive Pay Disclosure Rules appeared first on Compliance Chief 360.

According to the parties’ joint status report, the CFPB renounced an order that initially directed the agency to oversee Google’s payment division. The status report additionally included that Google Payment agreed to drop its lawsuit against the CFPB that originally challenged the order.

The initial order was issued by the CFPB under the former CFPB Director, Rohit Chopra. It represented the agency’s broader effort in exerting pressure on larger tech companies by supervising their consumer financial activities. Such efforts were a priority of the Biden Administration, especially in regulating non-bank financial institutions such as digital wallets and payment application such as Venmo and Zelle.

However, the Trump administration has taken a different stance on such regulation efforts. Since President Trump took office in January, the CFPB has dropped numerous cases against payment application companies and other financial companies. In February, the agency dropped a lawsuit against Rocket Homes that alleged the company of offering kickbacks to brokers who referred customers to Rocket Mortgage. In March, the agency dropped a lawsuit against Zelle, Wells Fargo, and other major banks that alleged the companies of failing to protect consumers from widespread fraud.

Under the leadership of the now acting Director of the CFPB, Russell Vought, the CFPB retracted the Google Payment order on the basis that “extending Bureau supervision to GPC would be an unwarranted use of the Bureau’s powers and resources,” according to the Withdrawal Notice.

The agency continues to display its opposition to payment application regulations and enforcement actions in line with the Trump administration’s agenda. This latest dismissal could lead to additional challenges against regulations aimed at oversight of tech companies.

The post CFPB Ends Oversight of Google Payment Amid Regulatory Shift appeared first on Compliance Chief 360.

According to the bill, the CFPB’s budget would take a big hit as well as its penalty money obtained from enforcement actions. The funds received from these enforcement actions will be used for victim compensation with the leftovers being sent to the Treasury. Specifically, the legislation will require that “if the Bureau makes payments to all of the direct victims of activities for which that civil penalty was imposed, the Bureau shall transfer all amounts that remain in the Civil Penalty Fund with respect to that civil penalty to the general fund of the Treasury.”

Essentially, the CFPB’s budget would decrease around 60% and its funding from the Federal Reserve would be capped at 5% of the central bank’s operating expenses under the proposal — down from the current limit of 12% as laid out in the Dodd-Frank Act.

The Legislation Represents Larger Effort to Cut Government Spending

The CFPB has come under a significant amount of fire since the start of the Trump administration. There have been many efforts by President Trump to dismantle the agency such as attempted mass firings, an order to suspend agency operations, and so on.

This legislation represents a broader effort by Republicans to create at least $1.5 trillion in spending cuts in order to pass a $5 trillion tax cut as part of President Trump’s policy agenda. “For too long, government spending has been on a one-way ratchet,” House Financial Services Committee Chairman French Hill, R-Ark., said at the start of Wednesday’s markup. “We are here with one purpose, to do our part to put our nation back on a responsible fiscal trajectory.”

Republicans are in support of this funding as they see it as a means towards diminishing “reckless government spending.” Meanwhile Democrats perceive the bill as hypocritical in that such substantial spending cuts themselves are “reckless.” Accordingly, many Democrats believe that the CFPB runs a profitable business, putting more money in consumer pockets than the expenses it incurs to do so.

PCAOB to be Dissolved Into the SEC

Under the proposed legislation, the PCAOB, known to oversee the audits of public companies, will merge into the SEC. This results from Republican criticism of the agency that it lacks accountability and transparency. The SEC would essentially assume the duties and responsibilities of the PCAOB.

While many are in support of such a significant move, many believe that such a move is not practical. Congresswoman Janelle Bynum cautioned against merging the PCAOB into the SEC, describing the proposal as a significant and potentially risky shift that demands closer examination. She urged Republicans to “pump the brakes” and introduced an amendment that would delay the transfer of oversight authority until the SEC can confirm that the change would not heighten investor risk.

In contrast, many believe that that such a move is crucial towards President Trump’s government spending agenda. “I appreciate my colleague’s newfound passion for fiscal discipline,” Congresswoman Ann Wagner said. “However, the committee print before us today is a result of extensive member input to deliver on the promise to rein in out-of-control spending.  

The post House GOP Bill Targets CFPB Budget Cuts and PCAOB Dissolvement appeared first on Compliance Chief 360.

The draft provides clearer guidance on when a digital asset falls under the jurisdiction of the SEC, the CFTC, or both. Essentially, the draft would grant power and funding to the CFTC and require firms to register with the it as well. The SEC, on the other hand, would retain oversight over securities and specific hybrid assets. It will also have the authority to oversee digital commodity activities by SEC-registered broker-dealers and exchanges, even though the  firms will be required to register the activity with the CFTC as well.

In addition to allocating oversight authority to the SEC and CFTC, the draft also provides key crypto definitions such as definitions for “digital commodity,” “blockchain system,” and “stablecoins.” In fact, it explicitly excludes digital commodities and payment stablecoins from the definitions of a security.

This draft represents a longstanding effort by the Republican Party to regulate digital assets. According to many, the digital assets market is in need of regulation as it is unstable and dangerous without such.  “We made historic progress in the 118th Congress to build bipartisan, bicameral consensus in crafting a functional regulatory framework for digital assets,” House Financial Services Committee Chair French Hill said. “Our discussion draft builds upon that work and provides much-needed regulatory clarity for the digital asset ecosystem by protecting consumers and safeguarding the long-term integrity of digital asset markets in the United States.”

Congress in Disagreement as to how Crypto Should be Regulated

Although many are in support of such regulations, many are skeptical of how exactly it will be regulated and whether this bill represents the most efficient and effective way of doing so. Congresswoman Maxine Waters announced that she intends to block the draft as she is concerned with conflicts of interest that may arise from the Trump family crypto investments.

Other senators, such as Ruben Gallego said that he understands the need to regulate digital assets but yet finds issue with how the bill itself addresses such a use. “[T]he bill as it currently stands still has numerous issues that must be addressed, including adding stronger provisions on anti-money laundering, foreign issuers, national security, preserving the safety and soundness of our financial system, and accountability for those who don’t meet the act’s requirement,” a group of Democratic Senators led by Gallego said. Although they are against the bill’s current version, they are “eager to continue working with our colleagues to address these issues.”

While both the Democratic and Republican parties are in agreement that the digital asset market should be a regulated one, the parties are in some sort of disagreement as to how exactly it should be regulated. Additional hearings are scheduled to take place to hear each side’s views on the matter.  

The post House GOP Bill Draft Outlines Crypto Oversight Framework appeared first on Compliance Chief 360.

The panel’s decision comes almost a month after an appeals court modified a trial court’s order which effectively allowed the CFPB to engage in mass firing after conducting a “particularized assessment” of each fired employee. Under this order, the CFPB was required to show that any dismissed employees were in fact “unnecessary expenses” to the agency.

The D.C. panel specifically defined “particularized assessment” as involving “a determination, conducted by the decisionmaker responsible for the reduction in force, that each division or office within the Consumer Financial Protection Bureau will be able to perform any statutorily required duties of that division or office without the employees subject to the reduction in force.”

The complete ban of mass firings issued by the panel comes as a result of a dispute on whether the CFPB Director, Russell Vought, can execute the mass firings while in compliance with the panel’s definition of “particularized assessment.” Many top officials within the CFPB believe that the agency only requires around 200 employees to satisfy its duties and responsibilities such as supervising banks and enforcing consumer financial law. However, many agency employees believe that mass firings would essentially render it impossible for the CFPB to function properly.

The panel’s decision, although not permanent, effectively prohibits the CFPB from pursuing “reductions-in-force”.  According to the panel, it is best to restore the block of mass firings while the parties battle it out in court. By doing so, CFPB employees would still be protected in the case that President Trump loses.

The decision will ultimately be in effect until the panel rules on the original trial court’s injunction issued by Judge Amy Berman Jackson. Judge Jackson initially imposed the injunction that prohibited the CFPB from conducting mass employee firings but also deleting agency data, permanently shredding service contracts, idling employees with stop-work orders or taking the agency’s complaint-handling functions offline. Judge Jackson based her ruling on evidence that showed Director Vought’s “a hurried effort to dismantle and disable the agency entirely.

According to the panel, this order “ensures that plaintiffs can receive meaningful final relief should the defendants not prevail in this appeal, rather than continue collateral litigation over the meaning and reviewability of the ‘particularized assessment’ requirement imposed by this court’s stay order.”

“Reinforcing this conclusion, we have already accommodated the government’s interests by substantially expediting the [injunction] appeal, with oral argument scheduled less than three weeks from today,” the order added. “At that time, we will carefully consider the separation of powers and other arguments raised by the parties.”

One of the panel judges, Judge Rao, dissented from the decision to restore the injunction. He said that the panel’s order raises many separation of power issues and that the CFPB should be permitted to follow President Trump’s orders. Specifically, Judge Rao said that “because the preliminary injunction entered by the district court raises serious separation of powers concerns and has paved the way for ongoing judicial supervision of an executive branch agency, I would continue the stay pending appeal.”

The CFPB has come under fire recently for its series of voluntary lawsuit dismissals against banks and other financial institutions. The agency recently dropped its $2.25 million student loan debt collection against the National Collegiate Student Loan Trusts. The lawsuit aimed at defending college students after they allegedly became victims of deceptive and unfair debt collection litigation strategies.  

The post D.C. Appeals Panel Reinstates Block on CFPB Mass Firings appeared first on Compliance Chief 360.

The DMA requires that companies provide consumers with options on how their personal data is used in order to ensure fair business practices within the tech sector. Under the DMA, app developers distributing their apps via Apple’s App Store should be able to inform customers, free of charge, of alternative offers outside the App Store, steer them to those offers and allow them to make purchases. However, the EU found that Apple imposed numerous restrictions that effectively restricted consumers from doing so. The EU found that consumers could not fully benefit from alternative and cheaper offers as Apple prevents app developers from directly informing consumers of such offers. Apple did not adequately show that these restrictions are objectively necessary and thus were in violation of the DMA’s anti-steering obligation.

Meta “Consent or Pay” Advertising Model Illegal

In regard to Meta, the EU found that the social media platform giant violated the DMA by not allowing its users to exercise their right to freely consent to the combination of their personal data. Under the DMA, companies such as Meta are required to seek users’ consent for combining their personal data between services. Those users who do not consent must have access to a less personalized but equivalent alternative.

“In November 2023, Meta introduced a binary “Consent or Pay” advertising model. Under this model, EU users of Facebook and Instagram had a choice between consenting to personal data combination for personalized advertising or paying a monthly subscription for an ad-free service,” according to the EU. “However, according to the EU, this model is not compliant with the DMA “as it did not give users the required specific choice to opt for a service that uses less of their personal data but is otherwise equivalent to the ‘personalised ads’ service.”

Ultimately, the “Consent or Pay” model which provided users of Facebook and Instagram with an option to either consent to their personal data being used for advertisements or paying a subscription for an ad-free service was in violation of the DMA. However, since Meta did not provide an option to opt-in into a service that used less of their personal service, the EU found such a model noncompliant.

According to the EU, Meta introduced another version of the free personalized ads model, offering a new option that allegedly uses less personal data to display advertisements. The EU is currently analyzing the model to assess whether it is compliant with the DMA.

“Apple and Meta have fallen short of compliance with the DMA by implementing measures that reinforce the dependence of business users and consumers on their platforms,” Teresa Ribera, an executive vice president at the European Commission, said. “We have taken firm but balanced enforcement action against both companies, based on clear and predictable rules.”

Both companies are expected to appeal the decisions however, each are required to comply with the decision within 60 days or else will be subject to additional fines.  

The post EU Hits Apple and Meta with Fines for Digital Markets Act Violations appeared first on Compliance Chief 360.

Atkins, confirmed by a 52–44 vote, is expected to ease regulatory enforcement and roll back compliance requirements for corporations. Atkins’ anticipated intentions are expected to differ greatly to that of his predecessor, Gary Gensler, who was known for his pro-regulatory policies. Although Gensler instituted regulations aimed at restricting company actions and increasing regulatory requirements, the SEC underwent major changes since his departure in January.

Following Gensler’s departure as SEC Chair, then-Acting Chair Mark Uyeda signaled a less regulation-heavy approach. Under his leadership, the SEC dropped ten major crypto enforcement cases and extended compliance deadlines for rules implemented during Gensler’s tenure.

Many anticipate that Atkins will follow in Uyeda’s footsteps, adopting a more reserved approach to regulatory enforcement, including in the crypto space. “To look at what Chair Atkins’ priorities might be, I’ve been really focused on what acting Chair Uyeda and Commissioner Hester Peirce have been doing,” an attorney at Morrison Foersterr said, noting that both Uyeda and Peirce acted as counsel to Atkins during his time as SEC commissioner.

Atkins’ Confirmation Draws Mixed Reactions

While many have pointed out Atkins’ intention to lower regulatory enforcement, many believe that doing so merely represents his preference for “Wall Street payers”. Senator Elizabeth Warren voted against his nomination citing Atkins’ leadership before the 2008 financial crisis. “This job is about judgment and holding up on your resume that you were one of the people on the job to exercise judgment in the run-up to the biggest crash since the Great Depression, and now your hindsight is not 20/20. It’s 20/0,” Warren told one of the Senate committees.

On the other hand, many perceive Atkins’ confirmation as a “step in the right direction” as was expressed by Senator Tim Scott. “His tenure will mark a pivotal moment to roll back harmful Biden-era policies, promote capital formation, and enhance opportunities for retail investors,” Scott said in a statement. “Chairman Atkins will also provide regulatory clarity for digital assets, allowing American innovation to flourish, and ensuring we remain competitive on the global stage. I look forward to collaborating with Chairman Atkins to reignite our capital markets, which are vital for economic growth, job creation, and innovation.”

According to Atkins, his top priority will be “to work with [his] fellow commissioners and Congress to provide a firm regulatory foundation for digital assets through a rational, coherent, and principled approach.”

“This is a pivotal moment for our economy. Entrepreneurs, businesses, and individuals here at home and across the globe are eager to invest in America now that President Trump is at the helm,” Atkins told senators. “Yet, the current regulatory environment for our financial system inhibits investment and too often punishes success. Unclear, overly politicized, complicated, and burdensome regulations are stifling capital formation, while American investors are flooded with disclosures that do the opposite of helping them understand the true risks of an investment.”

As Atkins returns to the SEC, he will have to deal with a smaller staff. Hundreds of SEC staffers have reportedly taken the deferred resignation offered to federal workers via the Office of Personnel Management’s January email. As a result, at least 500 SEC employees left the agency, in an effort by the Trump administration to cut costs across federal agencies.   

The post Senate Confirms Paul Atkins as SEC Chair appeared first on Compliance Chief 360.