MVA White Collar Defense, Investigations, and Regulatory Advice Blog

The Consumer Financial Protection Bureau (CFPB) issued releases in May and June that reflected their continued focus on consumer protection issues associated with both bank fees and the use of artificial intelligence (AI) by financial institutions. On May 10, 2023, the CFPB issued Circular 2023-02 (the Circular) advising that a financial institution’s unilateral reopening of a deposit account to process a debit or deposit received after account closure can constitute an unfair act or practice under the Consumer Financial Protection Act (CFPA). On June 6, 2023, the CFPB ...

On August 11, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued a circular (Circular 2022-04 or, the “Circular”) addressing whether insufficient data and information security practices can violate the prohibition against unfair acts or practices in the Consumer Financial Protection Act (“CFPA”). The CFPB concluded that inadequate security practices could give rise to a claim not only under federal data security laws like the Gramm-Leach-Bliley Act (“GLBA”), but also under the CFPA as well. The Circular discusses the elements of a claim under the CFPA and identifies a few specific practices that the CFPB identified as likely giving rise to a violation of the CFPA. The Circular, however, does not otherwise provide direction to the industry on expected information security practices.