Once finalized, the proposed rule from the Department of Commerce would prohibit the import or sale of connected vehicles and related components that are designed, developed or manufactured by entities linked to China or Russia. This regulation specifically targets “vehicle connectivity systems” (VCS) like Bluetooth, satellite, cellular and Wi-Fi modules, as well as “automated driving systems” (ADS) that allow vehicles to operate autonomously. The first part of the proposed ban would take effect with model year 2027, essentially Jan. 1, 2026.

In a statement released on Monday (Sept. 23), the White House highlighted the growing security risks posed by connected vehicles, which have the ability to collect sensitive driver data, monitor locations and gather information on critical infrastructure. The Biden administration warned that nations such as China and Russia could exploit these capabilities to pose threats to U.S. national security.

“Chinese automakers are seeking to dominate connected vehicle technologies in the United States and globally, posing new threats to our national security, including through our supply chains,” the statement read. “The Biden-Harris Administration is committed to ensuring that our automotive supply chains are resilient and secure from foreign threats.”

Connected vehicles provide many benefits, the statement said, “from promoting vehicle safety to assisting drivers with navigation — but they also pose new and growing threats. These technologies include computer systems that control vehicle movement and collect sensitive driver and passenger data as well as cameras and sensors that enable automated driving systems and record detailed information about American infrastructure. Now more than ever, vehicles are directly connected into our country’s digital networks.”

This initiative arises from growing concerns over potential espionage and cyber threats linked to foreign technology in American vehicles, reflecting a broader strategy to safeguard the automotive supply chain and protect consumer data as connected vehicles proliferate.

National Security Adviser Jake Sullivan highlighted the urgency, noting: “We’ve already seen ample evidence of [China] pre-positioning malware on critical infrastructure for the purpose of disruption and sabotage. And with potentially millions of vehicles on the road, each with 10- to 15-year life spans, the risk of disruption and sabotage increases dramatically,” according to an NPR report.

Software fixes now account for more than 20% of all automotive recalls, according to a decade’s worth of National Highway Traffic Safety Administration recall data, which was analyzed by the law firm DeMayo Law. While that’s a sign of growing inconvenience for drivers, the silver lining is that a software patch is usually a much quicker fix than something requiring hardware replacement.

“Our analysis suggests we’re witnessing a shift in how automotive recalls are handled,” according to a spokesperson for DeMayo Law, speaking to Ars Technica. “The growing number of software-related recalls, coupled with the ability to address issues remotely, could revolutionize the recall process for both manufacturers and vehicle owners.”

China’s opposition to the U.S. proposal underscores the geopolitical tensions at play. A spokesperson from the Chinese Ministry of Commerce criticized the move, stating: “the U.S. practice has no factual basis, violates the principles of market economy and fair competition, and is a typical protectionist act,” according to a Wednesday (Sept. 25) report from The Economic Times.

Meanwhile, Volkswagen of America partnered with Google Cloud to launch a generative AI-powered virtual assistant in its myVW mobile app, initially available for 2024 Atlas and Atlas Cross Sport owners, with plans to expand to most 2020 and newer models by 2025. The assistant provides tailored maintenance information, helps interpret vehicle indicator lights and allows users to identify lights using their smartphone cameras.

The post US Moves to Secure Connected Car Economy by Banning Foreign Technologies appeared first on PYMNTS.com.

In comments delivered in the wake of the proposal earlier this month, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra said, “Over the past decade, we have seen a significant incursion into consumer deposit taking and payments activities by companies that aren’t banks or credit unions … This trend poses significant risks.”

Beyond the new mandates on recordkeeping — wherein FDIC-insured banks holding certain custodial accounts would ensure accurate records are kept determining the individual owner of the funds and to reconcile the account for each individual owner on a daily basis — consumers need more information.

Per Chopra’s concerns: “Disclosure requirements related to the intricacies of pass-through deposit insurance are woefully inadequate. Consumers should, at the very least, be told clearly and concisely that they could face delays or lose their money by banking with a nonbank.”

PYMNTS Intelligence reported in past coverage that 36% of U.S. consumers used these nonbank financial institutions (FIs), outpaced by millennials — where 44% of this demographic used non-bank FIs, while 43% of bridge millennials did so. And we found that 31% of consumers earning less than $50,000 annually used a non-bank FI in 2023 compared to 37% of those earning more than $100,000 annually.

Misuse of the Logos

Chopra warned that “we must continue to take enforcement actions against nonbanks that make misrepresentations about deposit insurance or misuse the FDIC name or logo.”

On this last point, we note, at the end of last year, the FDIC amended and updated those regulations, where regulations address instances “regarding misrepresentations of deposit insurance coverage … where a person, including a non-bank entity, provides information to consumers that may be misleading, confuse consumers as to whether they are doing business with a bank, and whether their funds are protected by deposit insurance.”

Among those regulations: FDIC terms of images may not be used in marketing or advertising materials to “inaccurately imply or represent that any uninsured financial product or nonbank entity is insured or guaranteed by the FDIC.” The rules took effect in April of this year and the full compliance date looms soon — Jan. 1, 2025.

In examples of enforcement actions focused on the logos and the signage and the representations of deposit insurance: In March, the FDIC issued a cease and desist letter to PrizePool Inc., stating that returns to customers on the company’s “Stacked” savings account — marketed at 4.5% to 6.5% — were stated as being “risk free” and that deposits were FDIC insured up to $500,000. Other cease and desist demands, issued by the FDIC to AmeriStar and HighLine, focus on claims that certain high-yield accounts were “insured by the FDIC” and used the latter’s name and logo.

The post CFPB’s Chopra: Consumers Need More Disclosure on Nonbank Risks appeared first on PYMNTS.com.

Currently, these firms must safeguard funds, which means their customers can lose money or face delays in accessing their funds if the firm fails, the FCA said in a Wednesday (Sept. 25) press release.

Firms can respond to the proposal until Dec. 17, according to the release.

“We’re consulting on proposals to make safeguarding rules stronger and clearer for payment and eMoney firms so customers get as much of their money back as quickly as possible if the firm goes out of business,” Matthew Long, director of payments and digital assets at the FCA, said in the release.

In addition to the proposal, the FCA will publish stronger interim safeguarding rules for firms by the middle of next year, according to the release.

The current proposal aims to minimize shortfalls in safeguarded relevant funds, ensure these funds are returned as cost-effectively and quickly as possible, and strengthen the FCA’s ability to identify and intervene in firms that do not meet its safeguarding expectations, according to the consultation paper.

The proposed rules would apply to authorized payment institutions, eMoney institutions, small eMoney institutions, and credit unions that issue eMoney in the U.K. under the Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs), per the consultation paper.

The proposal comes at a time when the use of payments firms has been growing and the FCA has seen poor safeguarding practices from firms, according to the press release.

The regulator wrote to CEOs of payments and eMoney firms in March 2023, asking about their safeguarding and wind-down arrangements, per the release.

In the letter, the FCA said payments firms should ensure their customers’ money is safe, that their firm does not compromise the integrity of the financial system and that they meet their customers’ needs.

“We welcome the competition and innovation we have seen in the payments sector and the improved choice, convenience and value this can provide for customers,” the FCA said in the letter. “However, we remain concerned that many payments firms do not have sufficiently robust controls and that as a result some firms present an unacceptable risk of harm to their customers and to financial system integrity.”

The post UK’s FCA Proposes That Payments Firms’ Client Assets Be Held on Trust appeared first on PYMNTS.com.

While he vetoed a privacy bill aimed at empowering consumers, he approved legislation designed to curb social media addiction among minors. These actions reflect the current landscape of privacy rights and underscore the ongoing struggle between consumer protection and corporate interests in California’s tech-heavy economy.

Newsom vetoed a bill that sought to simplify how consumers manage their data privacy online. This legislation would have mandated that internet browsers and mobile operating systems implement an “opt-out preference signal,” enabling users to easily send legally binding requests to opt out of data sharing under the California Consumer Privacy Act (CCPA).

In his veto letter, Newsom expressed concerns about imposing such mandates on operating system developers, arguing that no major mobile platform currently supports an opt-out signal. He emphasized the importance of allowing developers to make design decisions rather than placing regulatory burdens on them.

“Last year, I signed SB 362 (Becker), which requires the California Privacy Protection Agency to establish an accessible deletion mechanism allowing consumers to request that data brokers delete all of their personal information,” Newsom wrote in the letter. “I am concerned, however, about placing a mandate on operating system (OS) developers at this time. No major mobile OS incorporates an option for an opt out signal. By contrast, most internet browsers either include such an option or, if users choose, they can download a plug-in with the same functionality. To ensure the ongoing usability of mobile devices, it’s best if design questions are first addressed by developers, rather than by regulators.”

The vetoed bill was a priority for the California Privacy Protection Agency and would have affected major tech companies like Google, Microsoft and Apple, all of which lobbied against it.

“It’s disappointing that this marks the end of the road for this landmark privacy legislation during this session,” said Matt Schwartz, policy analyst at Consumer Reports, in a statement. “Ultimately, industry worked overtime to squash this bill, as it empowered Californians to better protect their privacy, undermining the commercial surveillance business model of these tech companies. We strongly disagree with the idea expressed in the Governor’s veto statement that it should be left to operating systems to provide privacy choices for consumers. They’ve shown time and again they won’t meaningfully do so until forced.”

Meanwhile, Newsom signed a law aimed at mitigating the impact of social media on minors. This legislation prohibits social media platforms from knowingly offering addictive feeds to users under 18 without parental consent, set to take effect in 2027. It reflects a growing recognition of the negative effects of social media on young people, including increased isolation, anxiety and unhealthy consumption patterns.

Critics of the legislation argued it may unintentionally restrict adults’ access to content due to age verification issues and could compromise online privacy by necessitating greater data collection from users, the Orange County Register said in a report.

The law defines an “addictive feed” as any platform where multiple user-generated media pieces are recommended or prioritized for display based on user information or device association, with certain exceptions.

This new legislation comes on the heels of a recent New York law that allows parents to block algorithm-driven content for their kids. Utah has also passed laws last year aimed at restricting children’s access to social media.

California’s new law will take effect in a state home to many of the largest tech firms in the world. Previous attempts to implement similar regulations failed, but Gov. Newsom had already made strides in 2022 with a pioneering law that prevents online platforms from misusing personal data in ways that could endanger children. This initiative is part of a growing movement across the country focused on mitigating the effects of social media on young people’s wellbeing.

“Every parent knows the harm social media addiction can inflict on their children — isolation from human contact, stress and anxiety, and endless hours wasted late into the night,” Newsom said in a Friday (Sept. 20) statement. “With this bill, California is helping protect children and teenagers from purposely designed features that feed these destructive habits.”

Under the new law, social media platforms are prohibited from sending notifications to minors from midnight to 6 a.m. and from 8 a.m. to 3 p.m. on weekdays during the school year. All accounts for minors must be set to private by default.

The post Newsom Vetoes California Privacy Bill That Upped Consumer Data Control appeared first on PYMNTS.com.

The lawmakers want to assess whether the SEC “undermined banking regulators” by issuing SAB 121, which “upends bank custody rules for digital assets,” according to a Tuesday (Sept. 24) press release issued by the House Financial Services Committee (HFSC).

The letters were sent by Rep. Patrick McHenry of North Carolina, Rep. Bill Huizenga of Michigan, Rep. French Hill of Arkansas and Rep. Andy Barr of Kentucky. They were addressed to the heads of the Federal Reserve Board, the Federal Deposit Insurance Corp. (FDIC), the Office of the Comptroller of the Currency (OCC) and the SEC, according to the release.

In the letter to SEC Chair Gary Gensler, the lawmakers considered whether the SEC’s publication of SAB 121 disrupted an effort by other agencies to create an Interagency Statement on Crypto-Asset Custody Services and a related request for information (RFI) about crypto-asset custody ancillary activities, per the release.

“Shortly after SAB 121’s publication, emails between agencies’ employees suggest that the document contained ‘various ambiguities’ and left open questions regarding its scope,” the letter said. “It is unclear if any communications occurred between the SEC and any of the prudential regulators to discuss the regulatory treatment of digital asset custodial services prior to SAB 121’s publication. It also remains unclear what impact SAB 121’s publication had on the interagency workstream, which was intended to include both an Interagency Statement as well as an RFI. Ultimately, neither document was published despite the considerable time and resources dedicated to the initiative.”

It was reported in September 2022 that the accounting guidance from the SEC was holding many banks back from offering their clients cryptocurrency products and services.

The accounting guidance requires that public companies holding crypto assets for clients count them as liabilities on the balance sheets, making it uneconomical for banks to offer that service.

The SEC said in its advisory that this practice is necessary because crypto has “technological, legal and regulatory risks.”

In June, President Joe Biden vetoed a congressional resolution that challenged SAB 121 and aimed to overturn the SEC’s current stance on banks and crypto.

“SAB 121 reflects considered technical SEC staff views regarding the accounting obligations of certain firms that safeguard crypto assets,” Biden said at the time in a statement.

The post Lawmakers Probe Whether SEC Guidance on Digital Assets ‘Undermined’ Banking Regulators appeared first on PYMNTS.com.

And as Wired reported Saturday (Sept. 22), experts say it’s too soon to tell what their replacements may bring.

Last week brought the resignation of EU Commissioner Thierry Breton, a longtime, outspoken foe of Big Tech companies. 

“I’m sure [the tech giants are] happy Mr. Breton will go, because he understood you have to hit shareholders’ pockets when it comes to fines,” Umberto Gambini, a former adviser at the EU Parliament and now a partner at consultancy Forward Global, told Wired.

Breton’s replacement will be Finland’s Henna Virkkunen, from the center-right EPP Group, who has worked on the EU’s Digital Services Act (DSA).

“Her style will surely be less brutal and maybe less visible on X than Breton,” said Gambini. “It could be an opportunity to restart and reboot the relations.”

Also leaving her regulatory role is Margrethe Vestager, who has spent 10 years as Europe’s top competition watchdog. She went out on a high note, with a court requiring Apple to pay a $14.4 billion tax bill in Ireland.

The report noted that while political priorities might be changing, the new rules introduced in the last five years still need to be enforced.

There’s still a legal fight over Google’s $1.7 billion antitrust fine, and that company is under investigation — along with Apple and Meta — for violating the Digital Markets Act. And companies like TikTok, Meta and X are also subject to DSA investigations.

“It is too soon for Elon Musk to breathe a sigh of relief,” says J. Scott Marcus, senior fellow at think tank Bruegel, who argued that Musk’s alleged practices as his social media platform would likely draw scrutiny no matter who was in charge of EU competition.

“The tone of the confrontation might become a bit more civil, but the issues are unlikely to go away,” Marcus said.

In other big tech news, PYMNTS wrote last week about new research that suggests tech giants could gain an edge in generative artificial intelligence (AI), raising questions about the competitive future of the sector, a trend that has many in the industry worried.

“We are likely to see decreasing prices for smaller models and continued differentiation across large models,” Alex Mashrabov, CEO of Higgsfield AI, told PYMNTS. 

Observers say that a lack of competition in the generative AI industry could bring about higher prices and fewer choices for businesses hoping to integrate AI tools into their operations. This concentration of power might also hinder innovation, potentially slowing the development of new AI applications.

The post Big Tech Awaits Changing of EU Regulatory Guard appeared first on PYMNTS.com.

The regulator charged the registered investment adviser with overvaluing about 4,900 largely illiquid collateralized mortgage obligations (CMOs) and executing hundreds of cross-trades between advisory clients that favored certain clients over others, according to a Thursday (Sept. 19) press release.

Macquarie Asset Management, the parent company of MIMBT, said in a statement issued Thursday that the product that was the focus of the SEC’s investigation was discontinued in April 2021, and the firm agreed to settle the investigation without admitting to or denying the SEC’s findings.

“Our business is built on the principles of integrity and accountability,” the firm said in the statement. “This legacy matter is not consistent with how we do business. We have already undertaken and are focused on completing additional remedial steps to address the issues identified in the investigation, with clients the priority. We also continue to invest in our risk culture to ensure we discharge our fiduciary duties to the highest standard.”

The SEC alleged that MIMBT valued thousands of smaller-sized, “odd lot” CMOs using prices obtained from a third-party pricing service that were intended for larger-sized, institutional lots only, according to the regulator’s press release. The odd lot CMOs traded at a discount to institutional positions.

The regulator alleged that MIMBT then marked thousands of odd lot CMO positions at inflated prices and overstated the performance of client accounts holding the overvalued CMOs, the release said.

The SEC also alleged MIMBT, rather than selling the overvalued CMOs into the market, arranged cross-trades with affiliated accounts to minimize losses to redeeming investors, per the release. These trades resulted in the retail mutual funds absorbing losses that otherwise would have been borne by the selling account when sold into the market, the release said.

“It is alarming that a fiduciary took advantage of retail mutual funds it advised and executed unlawful cross-trades to mitigate its overvaluation of fund assets,” Eric I. Bustillo, director of the SEC’s Miami Regional Office, said in the release. “Utilizing a third-party pricing service does not negate an investment adviser’s obligation to value assets accurately.”

MIMBT agreed to a censure and to pay a $70 million penalty and an additional $9.8 million in disgorgement and prejudgment interest.

The post Macquarie to Pay $79.8 Million to Settle SEC Fraud Charges appeared first on PYMNTS.com.

The European Commission began a pair of “specification proceedings” to ensure the tech giant is meeting the interoperability standards of Europe’s Digital Markets Act (DMA), according to a Thursday (Sept. 19) press release.

“Under the DMA, Apple must provide free and effective interoperability to third-party developers and businesses with hardware and software features controlled by Apple’s operating systems iOS and iPadOS, designated under the DMA,” the release said.

The first proceeding centers on several iOS connectivity features and functionalities, mainly used for and by connected devices such as smartwatches, headphones and virtual reality headsets.

“Companies offering these products depend on effective interoperability with smartphones and their operating systems, such as iOS,” the release said. “The commission intends to specify how Apple will provide effective interoperability with functionalities such as notifications, device pairing and connectivity.”

The second proceeding will examine whether Apple’s process for addressing interoperability requests from developers and third parties for its operating system is transparent, fair and timely, the release added.

“Today is the first time we use specification proceedings under the DMA to guide Apple toward effective compliance with its interoperability obligations through constructive dialogue,” Margrethe Vestager, the commission’s head of competition policy, said in the release. “We are focused on ensuring fair and open digital markets. Effective interoperability, for example with smartphones and their operating systems, plays an important role in this.”

The DMA, designed to increase competition in the digital economy, caused Big Tech companies to scramble to comply with the new set of regulations when they went live in March.

Last month, Apple announced a series of operating system changes for European users designed to comply with the law. For example, Apple will now provide more information about browsers to users who view the choice screen, an update shown to all EU users who have Apple’s Safari browser set as their default browser.

The company also plans to introduce new default settings for dialing phone numbers, sending messages, translating text, navigation, managing passwords, keyboards and call spam filters, while also giving EU users the ability to delete five of its apps: the App Store, Messages, Photos, Camera and Safari.

The post EU Wants Apple to Give Third Parties Operating System Access appeared first on PYMNTS.com.

The potential suspensions announced by Brazil’s Finance Ministry will begin Oct. 1 as part of the country’s tightening of online gambling rules, Bloomberg reported Tuesday (Sept. 17).

The Finance Ministry also plans to bar companies from offering credit to gamble on their websites and prohibit consumers from using credit cards to place bets, according to the report.

Gambling-related financial problems have become an “epidemic” in Brazil, demanding government action, Finance Minister Fernando Haddad told reporters in Brasilia, per the report.

“It’s becoming a serious social problem, and we have to face it,” Haddad said, according to the report.

Brazil legalized online gambling in 2018, the report said. Today, about 52 million Brazilians participate in online betting, including 25 million who started doing so within the past six months.

This rapid expansion — which has made the country one of the world’s fast-growing gaming markets — has drawn the attention of the country’s authorities, per the report.

Online gambling firms that want to operate in Brazil will have to pay a fee of 30 million reais ($5.5 million), the report said. To date, 108 companies have requested the required authorization.

It was reported in April that some of the sports betting world’s biggest players have turned their sights on Brazil and explored entry into the country’s new, regulated online gambling market.

At that time, more than 130 companies had pre-registered interest in a Brazilian license, expecting that the market could be set for further growth thanks to a 2023 law establishing the regulatory framework to allow fixed-odds sports betting and virtual online gaming services.

Tuesday’s report of Brazil’s tightening of online gambling rules on the heels of an effort in the United States that aims to require states that allow sports betting to meet minimum federal standards covering advertising, affordability and artificial intelligence.

The lawmakers who introduced the U.S. bill Thursday (Sept. 12) said they want to address the public health impact of sports betting and create a “safer, less addictive product.”

One of the proposed bill’s requirements would prohibit operators from accepting deposits via credit card.

The post Brazil to Bar Use of Credit Cards in Online Gambling appeared first on PYMNTS.com.

A consent decree resolving this investigation requires AT&T to pay $13 million and to strengthen its data governance practices, the FCC said in a Tuesday (Sept. 17) press release.

“The Communications Act makes clear that carriers have a duty to protect the privacy and security of consumer data, and that responsibility takes on new meaning for digital age data breaches,” FCC Chairwoman Jessica Rosenworcel said in the release. “Carriers must take additional precautions given their access to sensitive information, and we will remain vigilant in ensuring that’s the case no matter which provider a customer chooses.”

Reached by PYMNTS, an AT&T spokesperson provided a statement saying that the company began notifying customers of the incident in March 2023, consistent with FCC regulations, and that the data included information like the number of lines on an account — it did not include sensitive personal information.

“Protecting our customers’ data remains one of our top priorities,” the AT&T statement said. “A vendor we previously used experienced a security incident last year that exposed data pertaining to some of our wireless customers. Though our systems were not compromised in this incident, we’re making enhancements to how we manage customer information internally, as well as implementing new requirements on our vendors’ data management practices.”

The FCC investigation found that AT&T used a vendor to host customer information; that the vendor should have destroyed or returned that information when it was no longer needed to fulfill contractual obligations, years before the breach occurred; and that AT&T failed to ensure the vendor adequately protected the information and returned or destroyed it as required by the contract, according to the agency’s press release.

Large businesses are attractive targets for cybercriminals, PYMNTS reported in August. The combination of valuable data, complex systems and the potential for significant ransom payments makes them particularly vulnerable.

Understanding the methods used by attackers and implementing a multi-layered approach to security can help businesses prevent a disruption from escalating into a disaster.

The post AT&T to Pay $13 Million and Add Safeguards After 2023 Data Breach appeared first on PYMNTS.com.