OBSERVATIONS FROM THE FINTECH SNARK TANK
Three things are certain in life: death, taxes, and fraud. Add a new certainty for 2025: A new director of the Consumer Financial Protection Bureau (CFPB).
Whoever the new director is (I’m willing to step in and step up, Mr. President), that person could help truly protect the financial lives of Americans by refocusing the bureau on fraud, scams, and cybersecurity.
The Fraud, Scams, and Cybersecurity Problem
According to a new study from Cornerstone Advisors, nearly 100 million Americans believe fraud, scams, and cybersecurity is the #1 issue the US government should focus on fixing in the banking industry. There is broad support for this in terms of:
- Age. Four in Gen Zers and Gen Xers, a third of Millennials, and 44% of Baby Boomers think fraud/scams/cybersecurity is the top banking issue the government should deal with.
- Race. Roughly four in 10 Asian-Americans, Black or African-Americans, Hispanic or Latino people, and White people believe fraud, scams, and cybersecurity is the most important banking issue to be fixed.
According to YouGov, a quarter of American adults have experienced bank and credit account fraud, making it the most prevalent type of fraud reported. The Federal Trade Commission (FTC) estimated that Americans lost more than $10 billion to fraud in 2023, up 14% from 2022.
The CFPB is Exacerbating—Not Fixing—the Fraud Problem
The CFPB recently issued a final rule to implement Section 1033 of the Consumer Financial Protection Act of 2010. Hailed by many in the banking industry as bringing “open banking” to the US, the rule mandates that financial institutions provide consumers with access to their personal financial data upon request.
The rule aims to empower consumers by granting them access to and control over their financial data. But implementing it will exacerbate fraud because of the:
1) Education gap. Managing financial data involves understanding things like data security, third-party provider credentials, and consent agreements. But, as so many people here like to point out, we have a financial literacy (or illiteracy) problem in the US. Many consumers lack formal education in financial literacy or cybersecurity, making them vulnerable to exploitation or mismanagement of their data.
2) Volume of data and providers. Many consumers—particularly younger ones—interact with upward of a hundred financial providers. Constantly monitoring, authorizing, and renewing consent for multiple providers will create an unsustainable load for the average consumer. Revoking data access requires knowledge of the process and vigilance to ensure that 3rd parties no longer have the data. Many consumers simply won’t spend the time to track these activities.
3) Vulnerability to data privacy risks. Many consumers are unaware of how their data may be used once shared. PII isn’t even needed anymore for marketers to accurately individual consumers. Providers could use data for purposes like targeted advertising or profiling, potentially violating consumer expectations.
4) Inability to address data breaches. While there are some good tools available today, most consumers lack the resources to track and resolve data breach issues. Financial recovery, identity restoration, and credit monitoring require expertise and time that many consumers do not have.
The New Director Should Remake the CFPB
The bureau—which one industry insider (who, not surprisingly, prefers to go unnamed) calls the Center For Punishing Banks—needs a complete overhaul.
The root of the CFPB’s ineffectiveness is that it believes that the way to fix the banking industry’s problems is to regulate.
To be effective, the CFPB must innovate, not regulate.
In order to remake the bureau, step one for the new director should be to fire all the lawyers (don’t feel bad for them—they’ll find new, higher paying jobs) and replace them with technologists and fraud/risk management experts.
Step two should be to address the root of the fraud/scam/cybersecurity problem, not the symptoms, as the bureau recently did with its lawsuit against the big banks that run Zelle, the person-to-person (P2P) payment tool.
As Ken Palla, a former banker who managed online security threat analysis and implemented security solutions, points out:
“Zelle has some of the lowest fraud/scam losses for a P2P service. In 2023, with $806 billion in transaction amounts, the fraud and scam losses totaled an estimated $400 million.”
Palla gets to the heart of why the CFPB needs a makeover:
“Where the CFPB should be focused is creating a US government response to this massive consumer financial scam problem. The government needs to be involved because these scams are initiated and controlled by transnational criminal organizations and by nation states.”
The idea has broad industry support. Samantha Beeler, President of the League of Southeastern Credit Unions wrote:
“Enforcement data from the CFPB shows that the agency has shifted its focus away from predatory actors and instead broadened its reach into the day-to-day operations of financial institutions. The focus of consumer protection must shift to where it matters most: addressing financial fraud, cybersecurity risks, and predatory actors.”
There are calls from some industry observers for DOGE to eliminate the CFPB altogether. That’s not likely to happen.
Americans need a CFPB—just not the one they’ve got.
Read the full article here
