The Consumer Financial Protection Bureau has made it increasingly clear that the agency’s enforcement unit will be less aggressive going forward.
But that move could actually expose fintechs to more risk, not less.
Late last month, acting Director Mick Mulvaney told a conference of state attorneys general that the CFPB would no longer be “pushing the envelope” or “look[ing] to create law where there isn’t” through enforcement actions. Instead, the acting director said, the CFPB will be “looking to the state regulators and state attorneys general for a lot more leadership when it comes to enforcement.” This would amount to a considerable change that comes with its own set of risks for companies that deal with consumers or the public.
For the emerging fintech space, one key area of concern in the pre-Mulvaney regime was the CFPB’s enforcement of the Dodd-Frank Act’s prohibition on unfair, deceptive, or abusive trade practices. Since many fintech companies rely heavily on the collection and analysis of consumer data — think payment companies and marketplace lenders — those companies’ practices and disclosures around protecting that data risked possible CFPB action.
Recall, for example, the CFPB’s enforcement action in 2016 against Dwolla for misrepresenting its data security practices. Dwolla had represented to its customers that its data protection practices surpassed the industry standard for protection, and that consumer information was “securely encrypted and stored.” In reality, the CFPB charged, Dwolla failed to encrypt sensitive personal information and did not perform adequate data security testing on its services. According to the CFPB, Dwolla’s misrepresentations concerning its data security environment amounted to deceptive trade practices, and the company was ordered to pay a penalty and address flaws in its data security scheme.
Under the new regime, it is not yet clear whether the CFPB’s overall scaling back of enforcement activity will affect its approach to the data-driven fintech space. But should the CFPB leave these issues to state authorities, fintech companies may, counterintuitively, have more to worry about.
The perception that federal enforcers have left a field open may embolden the agency’s state counterparts to step into the fray. It was not that long ago that Eliot Spitzer’s aggressive enforcement of New York law led news outlets to dub him the “Sheriff of Wall Street,” amid questions about the SEC’s scaled-back role in the securities markets. Indeed, state attorneys general have been indicating for months that they intend to step up to fill gaps left by federal authorities. (It is possible, of course, that other federal regulators, such as the FTC, could also seek to fill a perceived vacuum.)
For state authorities looking for an increased role in the market, fintech companies’ protection of consumer information could become an area of focus. All 50 states have statutes prohibiting unfair and deceptive practices. And state attorneys general know how to use their authority to bring enforcement actions for data-privacy-related failures. Acting Director Mulvaney has also indicated that he will generally not interfere with state actions to enforce provisions of Dodd-Frank itself, which the statute authorizes.
In all, with the CFPB encouraging state authorities to step into the fray, the consequence of the CFPB’s preference for less enforcement at the federal level may not mean less enforcement activity overall. Instead, it could lead to more inconsistent and unpredictable efforts by state authorities under a disparate set of views of what practices are acceptable.
In the meantime, fintech companies must remain vigilant regarding their privacy practices and disclosures to make sure they are up to snuff in all the jurisdictions in which they operate.
Initial analyses of Home Mortgage Disclosure Act data show UWM ahead in 2023 loan numbers and dollar volume, but Rocket's market share still looks competitive.
There are two series, 2024-1 and 2024-2, that have revolving periods—three for the 2024-1 and five for the 2024-2—during which noteholders will not receive any principal.
The trust employs a 24-month revolving period. There is an increased risk that collateral quality could deteriorate as the transaction evolves with new collateral.
Harmonizing standards for liquidity coverage ratios and discount window pledges could prevent the type of strains that led to last year's bank failures, according to a new paper whose authors include former Federal Reserve Govs. Dan Tarullo and Jeremy Stein.
The banking giant has launched an online platform that links small-business owners and entrepreneurs in need of capital to community development financial institutions. The platform was developed in partnership with Community Reinvestment Fund USA.