The consumer protection group Consumer Financial Protection Bureau (CFPB) came into increased focus last week as its activity was scrutinized by judges, questioned by politicians, and criticized by bankers. On top of that, it is working on new rules for financial institutions’ handling of consumer data. The result was a busy week for the CFPB.
New Consumer Data Rules Proposed
On October 27, the CFPB proposed new rules governing use of consumer data by financial institutions. It says the proposed rules will improve consumer privacy and competition by providing stricter guidelines for using consumers’ sensitive financial data. CFPB Director Rohit Chopra called it a way to make the marketplace better for consumers.
“Dominant firms shouldn’t be able to hoard our personal data and appropriate the value to themselves,” Chopra said in a statement. “The CFPB’s personal financial data rights rulemaking has the potential to jumpstart competition, giving Americans new options for financial products.”
The rules will be submitted to a small business review panel. The Dodd-Frank Act requires that consumers have access to the data they generate. However, businesses sometimes hide behind red tape or rely on consumers’ ignorance of the law to avoid filling their legal requirements. The CFPB aims to clamp down on that.
Watchdog groups warned about potential risks to consumer privacy. The Bank Policy Institute recommended taking steps to prevent “screen scraping,” an attack that could expose consumer data by intercepting information on an application’s display screen.
“It is essential that consumers’ data is protected regardless of what type of entity has access to that information, and better protection means requiring Big Tech and other nonbanks to adhere to the same obligations, expectations and direct oversight applied to banks,” said Bank Policy Institute Vice President Paige Pidano Paridon.
The American Bankers Association’s Brooke Ybarra echoed that sentiment, saying that companies with access to sensitive consumer data “must be held to the same high standards and supervision related to data security, privacy and consumer protection that banks must meet today.”
CFPB Case Against MoneyGram At Risk
Money transfer company MoneyGram International called the CFPB’s rules “void and unenforceable” in a motion asking U.S. District Judge Katherine Polk Failla to dismiss the CFPB’s case against it. MoneyGram cited a Fifth Circuit court’s ruling declaring the CFPB’s independent funding structure to be unconstitutional and invalidating a payday lending rule.
“The decision confirms defendants’ argument that the CFPB’s statutory funding structure violates the Appropriations Clause [of the U.S. Constitution], and that the appropriate remedy must grant defendants meaningful relief here, resulting in the dismissal of an enforcement action brought by an unconstitutionally structured regulator,” MoneyGram said in a letter to District Judge Failla.
The CFPB and the New York Attorney General (NYAG) jointly filed the complaint, alleging that MoneyGram violated the CFPB’s 2010 remittance rule requiring companies to provide accurate information about when money transfers will be available to recipients. The complaint also alleges that MoneyGram failed to adequately respond to customer complaints about remittance transfer errors.
MoneyGram’s legal defense included a claim that the CFPB engaged in “forum shopping” by joining forces with the NYAG to file its complaint. MoneyGram argued that the Northern District of Texas would have been a more appropriate place to file the complaint. The defense implied that New York courts would have been a friendlier avenue for regulators’ cases against financial service providers.
The CFPB alleges that MoneyGram ignored “the substance of the complaint” in its response to MoneyGram’s legal defense – which sounds a lot like the CFPB complaining that MoneyGram was trying to win on a technicality.
Bankers Object to CFPB’s Attempt to Move Fraud Liability Away from Zelle
The American Bankers Association sent a letter to the CFPB objecting to its proposal to shift fraud liability from peer-to-peer payment networks like Zelle to associated banks. It says the increased liability to banks could backfire by emboldening scammers. The proposed reshuffling of fraud liability could also make Zelle less widely available – likely due to banks refusing to have anything to do with peer-to-peer payment apps.
In this case, banks say that fraud on peer-to-peer payment networks are only a small percentage of their total transaction volume. Chainalysis seems to back this up with its most recent annual Crypto Crime Report – at least as far as cryptocurrencies, which have many of the qualities of a peer-to-peer payment network and don’t strictly require a bank account, are concerned. Yes, fraud and money laundering do happen over peer-to-peer payment networks, but it’s not as prevalent as politicians and regulators want people to believe.
Banks cited their strict controls, which should theoretically help prevent most financial crimes. They say that they can warn their customers if it looks like they might be about to send money to a scammer. However, they can’t catch everything.
Elizabeth Warren Disagrees With the American Bankers Association
Senator Elizabeth Warren appeared to disagree with the American Bankers Association in a letter she sent to the CFPB. In the letter, she urged the CFPB to increase fraud protections for consumers – even if it meant increasing fraud liability for banks.
“My investigation, which is based on previously non-public information obtained from the banks that own and run the platform, shows that Zelle is increasingly becoming a tool of bad actors who use the platform to defraud consumers, while the big banks that own Zelle do little to stop them or provide recourse to their consumers,” she said.
This incidentally echoing the arguments that she and other politicians have made about digital assets even in the face of Chainalysis’ data – the same Chainalysis that, earlier this year, helped track down the hackers who stole millions of dollars’ worth of bitcoin in 2016.
Warren’s letter claims that banks are providing compensation for fraud on Zelle in only 9% of cases. It also says that banks are refusing to reimburse victims of unauthorized payments, which violates U.S. law and CFPB regulations. Warren singled out the longtime “problematic” bank Wells Fargo, citing its “long record in ripping off customers.”
“The Wells Fargo data indicates that the bank has a significant problem with fraudulent activity on Zelle. Wells Fargo customers were reporting fraud and scams on the platform at a rate that is nearly 2.5 times higher in 2022 than it was in 2019, and that is more than twice as high for Wells customers compared to customers of other banks,” she wrote in her letter.
Wells Fargo, of course, claimed that it was no worse than any other bank, which is probably a low bar: “We don’t believe the numbers in a recent report are done on a comparable basis, and therefore the analysis is misleading and inaccurate. Based on the data we’ve seen, our Zelle fraud and scam rates are consistent with the industry and have never been twice as high compared to other banks.”
With high-profile cases, new proposed rules, and a back-and-forth between the CFPB, banks, and Elizabeth Warren over fraud on Zelle, it’s been a busy week for the CFPB. Its employees were likely happy to see the Halloween weekend coming up.