Category Archives: Consumer Financial Protection Bureau (CFPB)

CFPB Report Signals Shift to State-Level Enforcement

by Paul Connell, Swain Wood, Frank Gorman, John Wells, Mathew Benedetto, and Zach Lass

Top left to right: Paul Connell, Swain Wood, and Frank Gorman.
Bottom left to right: John Wells, Matthew Benedetto, and Zach Lass. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On January 14, 2025, the Consumer Financial Protection Bureau (CFPB) issued a report titled Strengthening State-Level Consumer Protections (the Report) as the agency prepares for the change in presidential administrations. The CFPB offers recommendations to states to strengthen their consumer protection laws and increase enforcement activity against certain companies, including banks and other financial services companies. The Report was accompanied by a lengthy Compendium of Recent CFPB Guidance, which includes a significant amount of the agency’s Biden-era guidance, stating that it is the CFPB’s hope that these “guidance documents implementing the federal consumer financial laws prove useful to the courts in their interpretation of those laws, as well as to the various enforcers of them.”

Continue reading →

CFPB Issues Final “Open Banking” Rule Requiring Covered Entities to Provide Consumers Access and Transferability of Financial Data

by Jarryd Anderson, Jessica S. Carey, John P. Carlin, Roberto J. Gonzalez, Brad S. Karp, and Kannon Shanmugam

Top Left to Right: Jarryd Anderson, Jessica Carey, and John Carlin. Bottom Left to Right: Roberto Gonzalez, Brad Karp, and Kannon Shanmugam. (photos courtesy of Paul Weiss)

On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a 594-page Notice of Final Rulemaking for its “Personal Financial Data Rights” rule, commonly known as the “Open Banking” rule, which will require covered entities—generally, providers of checking and prepaid accounts, credit cards, digital wallets, and other payment facilitators—to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge.[1] Covered entities are required to comply with uniform standards to provide access to this financial data through consumer and developer interfaces.[2] The rule imposes requirements on authorized third parties (such as fintechs), as well as data aggregators that facilitate access to consumers’ data, including required disclosures to consumers regarding the third parties’ use and retention of the requested data and a requirement that the data only be used in a manner reasonably necessary to provide the requested product or service (thus foreclosing selling the data or using it for targeted advertising or cross selling purposes).[3]

Continue reading →

Consumer Financial Protection Bureau Stands Up to Protect Whistleblowers from Overly Broad NDAs

by Benjamin Calitri

Photo courtesy of author

Protections for whistleblowers from overly expansive non-disclosure agreements (NDAs) aimed at preventing whistleblowers from providing information to law enforcement and regulators have been expanding exponentially in the past year. The Securities and Exchange Commission’s (SEC) enforcement of Rule 21F-17(a) has gained teeth by increasing the monetary sanctions for enforcement. The Commodity Futures Trading Commission (CFTC) took its first enforcement of Regulation 165.19(b) against Trafigura for the use of NDAs meant to silence whistleblowers. The latest agency to take action against overly expansive NDAs is the Consumer Financial Protection Bureau (CFPB), which has announced that their employee protection regulation applies to NDAs that seek to silence whistleblowers.

Continue reading →

CFPB “Firing On All Cylinders” After Surviving Constitutional Challenge To Funding Structure

by Nowell D. Bamberger, Elsbeth Bennett, and Andrew Khanarian

From left to right: Nowell D. Bamberger, Elsbeth Bennett and Andrew Khanarian. (Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

The Supreme Court recently upheld the Consumer Financial Protection Bureau’s funding structure in a 7–2 decision that will likely pave the way for renewed regulatory activity by the agency in the near future.

Enacted as part of the Dodd-Frank Act, the CFPB’s unique funding structure permits the agency to annually request an unspecified portion of funds from the Federal Reserve System, subject to an inflation-adjusted cap. In rejecting a constitutional challenge to this funding structure by several trade associations, the Supreme Court held in Consumer Financial Protection Bureau v. Community Financial Services Association of America that the Appropriations Clause merely requires Congress to identify the source and purpose of federal funds, and that Congress’s one-time appropriation for the CFPB in the Dodd-Frank Act meets that minimal constitutional standard. The seven-member majority largely aligned in their reasoning that the Constitution’s text and history, as well as early congressional practice, endorsed funding mechanisms such as this one, and thus provided broad legal support for the fiscal independence of agencies that are delegated substantial powers. As a practical matter, this decision will likely jumpstart long-delayed regulatory and enforcement work at the CFPB, including the vacated payday lending rules that were the subject of this litigation.

Continue reading →

Mitigating AI Risks for Customer Service Chatbots

by Avi Gesser, Jim Pastore, Matt Kelly, Gabriel Kohan, Melissa Muse and Joshua A. Goland

Top left to right: Avi Gesser, Jim Pastore, and Matt Kelly. Bottom left to right: Gabriel Kohan, Melissa Muse and Joshua A. Goland (photos courtesy of Debevoise & Plimpton LLP)

Online customer service chatbots have been around for years, allowing companies to triage customer queries with pre-programmed responses that addressed customers’ most common questions. Now, Generative AI (“GenAI”) chatbots have the potential to change the customer service landscape by answering a wider variety of questions, on a broader range of topics, and in a more nuanced and lifelike manner. Proponents of this technology argue companies can achieve better customer satisfaction while reducing costs of human-supported customer service. But the risks of irresponsible adoption of GenAI customer service chatbots, including increased litigation and reputational risk, could eclipse their promise.

We have previously discussed risks associated with adopting GenAI tools, as well as measures companies can implement to mitigate those risks. In this Debevoise Data Blog post, we focus on customer service chatbots and provide some practices that can help companies avoid legal and reputational risk when adopting such tools.

Continue reading →

With The Fintech Sector’s Return to Explosive Growth, Here Are Top U.S. Legal Issues to Watch

by Jamillia Ferris, Vinita Kailasanath, Christine Lyon, Jan Rybnicek, and David Sewell

Left to right: Jamillia Ferris, Vinita Kailasanath, Christine Lyon, Jan Rybnicek, and David Sewell (photos courtesy of Freshfields Bruckhaus Deringer LLP)

Freshfields recently hosted a U.S. Fintech Hot Topics Webinar to highlight on-the-ground insights from our Antitrust and Competition, Data Privacy and Security, Financial Services Regulatory, and Transactional teams. The fintech sector has recently seen a return to explosive growth and is expected to continue growing rapidly notwithstanding regulatory and economic headwinds. Our top takeaways from the panel discussion are below, and the full recording is available here.

Continue reading →

Executive Order Prohibits Transfer of Sensitive Personal Data to “Countries of Concern”

by Patrick J. Austin and John Pilch

From the left to right: Patrick J. Austin and John Pilch

On February 28, 2024, U.S. President Joe Biden issued Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO), which authorizes the U.S. Attorney General to restrict large-scale transfers of personal data to “countries of concern.” The “countries of concern” identified in the EO include China (along with Hong Kong and Macau), Russia, Iran, North Korea, Cuba and Venezuela, according to a summary issued by the White House.

Continue reading →

President Biden Issues Executive Order Granting Authorities to Regulate the Transfer of Sensitive U.S. Data to Countries of National Security Concern

by Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis, Andrew J. DeFilippis, Joshua Spiegel, and George L. McMillan

Top left to right: Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis.
Bottom left to right: Andrew J. DeFilippis, Joshua Spiegel and George L. McMillan. (Photos courtesy of Sullivan & Cromwell LLP).

SUMMARY

On February 28, 2024, President Biden issued Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Executive Order”), delegating new authorities to the U.S. Department of Justice (“DOJ”) and other agencies to regulate the transfer of sensitive U.S. data to countries of national security concern. The Executive Order focuses primarily on personal and other sensitive information, such as U.S. persons’ financial information, biometric data, personal health data, geolocation data, and information relating to government personnel and facilities.[1]

Continue reading →

CFPB Report Highlights Role of Big Tech Firms in Mobile Payments

by the Consumer Financial Protection Bureau

Apple and Google set regulations on “tap-to-pay” which can impact innovation and competition

The Consumer Financial Protection Bureau (CFPB) published a new issue spotlight highlighting the impacts of Big Tech companies’ policies and practices that govern tap-to-pay on mobile devices like smartphones and watches. Apple currently forbids banks and payment apps from accessing the tap-to-pay functionality on Apple iOS devices and imposes fees through Apple Pay. Google’s Android operating system does not currently have such a policy. The issue spotlight explains how regulations imposed by mobile operating systems can have a significant impact on innovation, consumer choice, and the growth of open and decentralized banking and payments in the U.S.

“Regulations imposed by Big Tech firms have a big impact on whether consumers and businesses can make payments using third-party apps,” said CFPB Director Rohit Chopra. “We are carefully evaluating Big Tech’s role in our banking and payments system.”

Continue reading →

Consumer Advisory: Your Money Is at Greater Risk When You Hold it in a Payment App, Instead of Moving it to an Account with Deposit Insurance

Editor’s Note: the NYU Law Program on Corporate Compliance and Enforcement is following the recent banking failures and policy developments arising from the crisis. In this post, the Consumer Financial Protection Bureau (CFPB) highlights the risk of holding money in uninsured accounts at payment apps.

by the Consumer Financial Protection Bureau

CFPB Logo

More than three quarters of adults in the United States have used a payment app, sometimes called a P2P (peer-to-peer or person-to-person) app. Widely used nonbank payment apps include PayPal, Venmo, and Cash App. The apps can be used on a computer or mobile device to send money to someone else without writing a check or handing over cash.

Young adults use payment apps even more frequently. According to a March 2022 survey by Consumer Reports, 85 percent of consumers aged 18 to 29 have used one of these apps.

Continue reading →