CFPB Fines Online Payment Network for Misrepresenting Security Practices

On March 2, 2016, the CFPB issued its first enforcement action directed at an organization’s information security practices. Dwolla, Inc., entered into a Consent Order with the CFPB which identifies “deceptive acts and practices relating to false representations” relating to the company’s data security practices in violation of UDAAP.

Lessons learned from the CFPB’s first enforcement actions

Since its creation in July 2011, the Consumer Financial Protection Bureau (CFPB) has entered into five public consent orders with financial institutions and, in one case, a service provider, to correct alleged consumer protection violations. While these orders involved some of the biggest institutions in the industry (Capital One, Discover and American Express), there are valuable insights to be gleaned from these orders for both institutions directly monitored by the CFPB and institutions that are examined for consumer protection compliance by their prudential regulators (especially since the Federal Deposit Insurance Corporation (FDIC) joined in two of the orders).

More articles: