As a fintech company, platform offering payment services, or a cryptocurrency business, you may be used to operating in uncharted waters; the Consumer Financial Protection Bureau (CFPB), however, is ready to start drawing some maps. It has announced that it will begin to exercise its supervisory authority over non-bank consumer financial entities that the CFPB has reason to believe pose risks to consumers. It also announced a new procedural rule to govern when CFPB decisions related to these supervisory actions will be made available to the public.
Continue Reading CFPB and Fintech Companies: Charting a New Course on Regulatory Supervision

ThinkstockPhotos-516780641-webThe Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action was against Dwolla Inc., a Des Moines, Iowa-based online payment platform. The CFPB alleged that Dwolla misrepresented its data security practices, and as a result, Dwolla agreed to pay a $100,000 penalty and to implement significant data security measures.1 While this is only its first data security-related action, the CFPB appears to be taking very seriously its role in securing consumers’ financial information. The requirements the agency placed on Dwolla’s board of directors make this clear, as the board will be held accountable for any security shortcoming by the company. This goes beyond the typical requirements imposed by the Federal Trade Commission (FTC), the regulator with the most extensive data security experience, in its data security enforcement actions. As such, companies, especially financial technology start-ups, should take note of the data security requirements placed on Dwolla by the CFPB, and ensure that any statements made regarding the security of consumers’ information are accurate.
Continue Reading CFPB Brings First Data Security Enforcement Action