PYMNTS-MonitorEdge-May-2024

CFPB Provides Guidance to Other Agencies on Data Security Enforcement

CFPB Mulls Rules For Open Banking

Saying financial companies that fail to safeguard consumer data may be violating federal law, the Consumer Financial Protection Bureau (CFPB) has published guidance on the matter to other enforcement agencies.

In a press release about a CFPB circular, both of which were released Thursday (Aug. 11), the agency said it is increasing its focus on potential misuse and abuse of personal financial data.

“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud and abuse,” CFPB Director Rohit Chopra said in the release. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”

The new circular provides guidance to consumer protection enforcers and explains potential violations of the data security requirements of the Consumer Financial Protection Act.

In the circular, the CFPB also provides examples of data security practices that are widely implemented. The agency added it is not suggesting that these are required under the act but that failure to implement them might increase companies’ risk of liability.

These security practices include multifactor authentication, adequate password management and timely software updates, the release stated.

The circular comes about three months after Chopra said in a blog post on the CFPB website that the agency was launching an initiative to ensure that other agencies with consumer financial protection responsibilities apply the rules in a consistent manner.

Read more: CFPB Wants Other Agencies to Follow Its Enforcement Views

In the post, Chopra said the CFPB would issue circulars to government agencies and other enforcers in which it would explain how the agency intends to enforce federal consumer financial law.

While the CFPB is the principal regulator responsible for administering the federal consumer financial laws, enforcement responsibility is spread among a large set of state and federal government agencies.

PYMNTS-MonitorEdge-May-2024