Skip to main content
close search
site logo
Dive Brief

CFPB urges up-to-date data safeguards for finance firms

Published Aug. 15, 2022
Anna Hrushka's headshot
Senior Reporter
Entrance to CFPB building
The exterior of the CFPB office in Washington, D.C., is shown. The image by Ted Eytan is licensed under CC BY-SA 2.0

Dive Brief:

  • Financial companies could violate the Consumer Financial Protection Act (CFPA) if they fail to adequately safeguard consumers’ data, according to a circular released Thursday by the Consumer Financial Protection Bureau (CFPB).
  • In the circular, the CFPB provided examples of practices — such as multifactor authentication, password management and timely software updates — that financial firms should embrace to lower the risk of violating the federal consumer financial protection law.
  • The move comes as the agency is “increasing its focus on potential misuse and abuse of personal financial data,” it said.

Dive Insight:

"Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse," CFPB Director Rohit Chopra said in a statement. "While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take common-sense steps to protect personal financial data."

The failure to implement the data security measures highlighted in the circular might increase the risk that a firm’s conduct triggers liability under the CFPA, the bureau said.

“Inadequate authentication, password management, or software update policies or practices are likely to cause substantial injury to consumers that is not reasonably avoidable by consumers, and financial institutions are unlikely to successfully justify weak data security practices based on countervailing benefits to consumers or competition,” the agency said. “Inadequate data security can be an unfair practice in the absence of a breach or intrusion.”

The agency, however, said the circular does not suggest multifactor authentication, password management or software updates are specifically required under the CFPA.

The CFPB cited the 2017 Equifax breach, which affected the “sensitive personal data of hundreds of millions of Americans,” as an example of a high-profile data security incident that violated the CFPA and other laws. 

The agency in 2019 charged Equifax with violating the CFPA.

“Equifax’s 2017 failure to patch a known vulnerability resulted in hackers gaining access to Equifax’s systems that exposed the personal information of nearly 148 million consumers,” the CFPB said.

Editors' picks

  • JPMorgan Chase building signage in New York City
    Image attribution tooltip
    Michael M. Santiago / Staff via Getty Images
    Image attribution tooltip

    JPMorgan, Zelle may have upper hand if litigation ensues

    If the banks that own Zelle’s parent battle the Consumer Financial Protection Bureau in court, they may find some federal judges open to their arguments, said lawyers specializing in the area.

    By Patrick Cooley • Aug. 16, 2024
  • Michael Barr, the Federal Reserve's vice chair for supervision, speaks during a congressional hearing, while sitting next to Martin Gruenberg, chair of the FDIC and Michael Hsu, acting comptroller of the currency
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Did regulators send warning shot at already roiled BaaS space?

    It’s clear the Synapse debacle was on regulators’ minds when they issued last week’s statement highlighting risks associated with banks’ third-party partnerships, analysts said.

    By Caitlin Mullen • July 31, 2024

Company Announcements

View all | Post a press release
Agent IQ and Narmi Announce Strategic Partnership to Improve Digital Banking Experiences
From Narmi
October 31, 2024
Zingly Announces a Proven, Safe-AI Solution for Banks and Financial Institutions to Drive Reve…
From Zingly.ai
October 28, 2024
Agent IQ and Narmi Announce Strategic Partnership to Improve Digital Banking Experiences
From Agent IQ
October 31, 2024
WyHy Federal Credit Union Goes Digital with Narmi Account Opening
From Narmi
October 29, 2024
Editors' picks
  • JPMorgan Chase building signage in New York City
    Image attribution tooltip
    Michael M. Santiago / Staff via Getty Images
    Image attribution tooltip

    JPMorgan, Zelle may have upper hand if litigation ensues

    If the banks that own Zelle’s parent battle the Consumer Financial Protection Bureau in court, they may find some federal judges open to their arguments, said lawyers specializing in the area.

    By Patrick Cooley • Aug. 16, 2024
  • Michael Barr, the Federal Reserve's vice chair for supervision, speaks during a congressional hearing, while sitting next to Martin Gruenberg, chair of the FDIC and Michael Hsu, acting comptroller of the currency
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Did regulators send warning shot at already roiled BaaS space?

    It’s clear the Synapse debacle was on regulators’ minds when they issued last week’s statement highlighting risks associated with banks’ third-party partnerships, analysts said.

    By Caitlin Mullen • July 31, 2024
Latest in Regulations & Policy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell