Exterior of the CFPB headquarters in Washington, D.C. Credit/Adobe Stock
The CFPB announced Thursday that it finalized a rule to give the Bureau supervisory authority over nonbank companies that offer digital funds transfers and payment wallet apps. Specifically, the rule applies to those organizations that handle more than 50 million transactions per year.
According to a statement from the CFPB Thursday morning, “The rule will help the CFPB to ensure that these companies … follow federal law just like large banks, credit unions and other financial institutions already supervised by the CFPB.”
The Bureau stated it estimates most of the apps covered by the new rule process more than 13 billion payment transactions each year.
"Digital payments have gone from novelty to necessity and our oversight must reflect this reality,” CFPB Director Rohit Chopra said. "The rule will help to protect consumer privacy, guard against fraud and prevent illegal account closures."
The final rule will enable the CFPB to supervise companies in the following areas:
- Privacy and Surveillance: Large technology companies are collecting vast quantities of data about an individual’s transactions. Federal law allows consumers to opt-out of certain data collection and sharing practices, and also prohibits misrepresentations about data protection practices.
- Errors and Fraud: Under longstanding federal law, consumers have the right to dispute transactions that are incorrect or fraudulent, and financial institutions must take steps to look into them. The CFPB is particularly concerned about how digital payment apps can be used to defraud older adults and active duty servicemembers. Some popular payment apps appear to design their systems to shift disputes to banks, credit unions and credit card companies, rather than managing them on their own.
- Debanking: Given the volume of payments consumers make through many popular payment apps, consumers can face serious harms when they lose access to their app without notice or when their ability to make or receive payments is disrupted. Consumers have reported concerns to the CFPB about disruptions to their lives due to closures or freezes.
Just yesterday, Harper testified in front of the U.S. House of Representatives Financial Services Committee and again asked for third-party vendor authority after more than 1,000 cyber incidents have been reported by credit unions since the NCUA’s cyber incident reporting rule that went into effect in September 2023.
“The data also shows that seven out of 10 reportable cyber incidents are related to credit union vendors, further underscoring the need for Congress to reinstate the NCUA’s third-party vendor examination authority,”
The NCUA declined to comment on today’s announcement from the CFPB.
While the CFPB has always had enforcement authority over these organizations, the new “rule gives the CFPB the authority to conduct proactive examinations to ensure companies are complying with the law in these and other areas,” the CFPB stated. “Supervision can prevent harm by detecting problems early. Supervision also is an important tool for the CFPB to assess risks that can emerge rapidly in this market, including from outages and other issues that could lead to millions of consumers losing access to their funds.”
The rule will be effective 30 days after publication in the Federal Register.
READ MORE: CFPB final rule
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Michael Ogden
Editor-in-Chief at CU Times. To connect, email at [email protected]. As Editor-in-Chief of CU Times since 2016, Michael Ogden has led the editorial team in all aspects of content strategy and execution, including the creation of the publication’s exclusive and proprietary research database of the credit union industry’s economic landscape. Under Michael’s leadership, CU Times has successfully shifted to an all-digital editorial product with new focuses on the payments, fraud, lending and regulatory beats. Most recently, he introduced a data-focused editorial product for subscribers that breaks down credit union issues into hard data, allowing for a deeper and more factual narrative for readers. In 2024, he launched the "Shared Accounts With CU Times" podcast, which offers a fresh, inside-the-newsroom perspective through interviews with leaders from the credit union industry and the regulatory world. He dives into pressing credit union issues, while revealing the personalities working behind-the-scenes to push the credit union world forward. His background includes years as a radio and TV anchor/reporter and a public relations and digital/social media manager, where he covered the food and music industries, as well as cooperatives and credit unions. Over the years, he has launched numerous exclusive video and podcast series, including a successful series of interactive backstage interviews with musicians at music festivals, showcasing his social media and live streaming production skills.
