Monthly LRA Update

LEGISLATIVE DEVELOPMENTS

California Privacy Rights Act of 2020 Approved by Voters

California voters approved the California Privacy Rights Act of 2020 (“CPRA”), which will further strengthen data privacy protections in the state. The CPRA includes the following noteworthy elements:

• California will establish a new agency (the California Privacy Protection Agency) to enforce the state’s privacy laws;
• Consumers will have the right to have inaccurate personal information corrected;
• It establishes a new group of data called “sensitive personal information”, which includes SSNs, driver’s license information, passport information, genetic data, biometric data or health information, among others; and
• It requires businesses to disclose the intended retention period for each category of personal information and requires businesses not to retain information longer than is reasonably necessary for the disclosed purpose.

While the CPRA expands privacy laws in California, it does not repeal or replace the California Consumer Protection Act (CCPA). It is our understanding that businesses need to continue to comply with the CCPA.

The CPRA will be effective January 1, 2023. For the most part, it will only apply to personal information collected after January 1, 2022. It also extends the CCPA’s partial exception for employees, independent contractors, business representatives, etc., through January 1, 2023.

We will continue to review the CPRA and monitor the legislative and regulatory developments related to this law.

REGULATORY DEVELOPMENTS

Banking Regulators Issue Statement on LIBOR Transition

On November 30 the FRB, FDIC, and OCC issued a statement encouraging banks to cease entering into new contracts that use USD LIBOR as a reference rate as soon as practicable and no later than December 31, 2021, in order to facilitate an orderly—and safe and sound— LIBOR transition.

We have been periodically monitoring our clients’ separate account BOLI investment fund exposures to LIBOR-linked securities. All of the insurance carriers and investment managers are mindful of the status of transitioning away from LIBOR.

We will provide another update early next year with values and exposures as of 2020 year-end.

Banking Regulators Publish Sound Practices to Strengthen Operational Resilience

On November 2 the FRB, FDIC, and OCC published a paper titled Sound Practices to Strengthen Operational Resilience.  The paper describes sound practices drawn from existing regulations and guidance for the largest and most complex domestic banking organizations. It addresses the following aspects:

• Governance
• Operational Risk Management
• Business Continuity Management
• Third Party Risk Management
• Scenario Analysis
• Secure and Resilient Information System Management
• Surveillance and Reporting

It also includes an appendix detailing numerous “Sound Practices for Cyber Risk Management.”