The Consumer Financial Protection Bureau (CFPB) recently welcomed nonbank fintech companies to the world of CFPB regulation by announcing its intention to hold nonbank financial companies to the same standards as traditional banking institutions when it comes to consumer financial products and services. The announcement includes specific reference to the CFPB's authority to supervise certain nonbanks "whose activities the CFPB has reasonable cause to determine pose risks to consumers" under federal consumer protection laws. 

Reaching deep into the bowels of regulatory obsolescence for the 2013 CFPB final rule defining the CFPB process for supervising "nonbank covered persons," the announcement codifies the CFPB's intent to begin examining certain consumer products and services offered by nonbank financial institutions and affiliates.

Invoking "dormant authority" provisions of the Dodd-Frank Act permitting the CFPB to supervise a broad range of consumer financial products and activities, the CFPB intends to increase the agility and oversight with which it supervises entities in markets outside of existing nonbank supervision programs. Implicating money transmitters, custodians, payment product providers, and data processors, the announcement brings numerous financial technology providers under potential CFPB examination and supervision.

While the 2013 final rule does not establish new consumer protection requirements or particular consumer financial products or services to be regulated. The rule does define a series of risk indicators and information that may indicate that consumer harm is possible and trigger CFPB examination and supervision.

  • The following products may be subject to supervision and examination: 
    • the extension of credit, lending activities and real estate services;
    • the taking of deposits;
    • acting as a custodian of funds or financial instruments;
    • transmitting and exchanging funds, issuing stored value and payment instruments;
    • providing payments and financial data processing;
    • financial advisory services and consumer reporting; and
    • other financial products and services as may be defined by the Bureau.
  • The 2013 rule does not define "risk to consumers," but does note that potentially unfair, deceptive, or abusive acts or practices, or other acts or practices that potentially violate federal consumer financial law would pose a risk to consumers. 
  • The CFPB may base reasonable cause determinations for examination and supervision on complaints or on information from other sources, such as judicial opinions and administrative decisions. This information includes whistleblower complaints, information from state and federal CFPB partners and news reports.

The announcement was accompanied by a proposed procedural rule which relates to certain notice, confidentiality, and reporting terms in the 2013 final rule. The proposed rule defines a public reporting framework for final decisions and orders relating to the supervision of "nonbank covered persons" and industry participation relating to information appropriate for release.  

The CFPB has not, in recent years, targeted nonbanks, persons, services, and products for examination and oversight. The announcement signals that, to the extent they provide services to consumers, certain products may give rise to CFPB supervision. Given the breadth of services covered in the rule, this anticipated oversight may implicate many financial technology and fintech market participants and service providers. Significant care must be taken to assess and address the implications of offering certain services and products to consumers following the CFPB announcement. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.