1.12 - Consumer Financial Protection Bureau (CFPB)
Overview
The Consumer Financial Protection Bureau is the federal agency charged with monitoring financial institutions and protecting consumers from unfair, deceptive, or abusive acts and practices in the financial marketplace. Created by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the CFPB derives its authority primarily from Title X of that statute, codified at 12 U.S.C. Chapter 53, Subchapter V. The Bureau's jurisdiction extends to any entity offering or providing a "consumer financial product or service," a definition broad enough to encompass certain activities in the digital asset space.
For most of its first decade, the CFPB's engagement with cryptocurrency was minimal. The Bureau issued a consumer advisory about Bitcoin in 2014, began tracking virtual currency complaints through its consumer complaint database in April 2017, and otherwise remained largely silent on the subject. That changed dramatically under Director Rohit Chopra, who took office in October 2021 and pursued an aggressive expansion of the CFPB's regulatory perimeter. Between 2022 and January 2025, the Chopra CFPB invoked previously unused supervisory authority over nonbank entities, issued circulars targeting deceptive crypto marketing practices, proposed rules that would have brought stablecoins and other digital assets under the Electronic Fund Transfer Act, initiated the Bureau's first civil investigation of a crypto firm, and published data-driven analyses of crypto-related consumer complaints. These efforts were galvanized in part by President Biden's Executive Order 14067, which directed multiple agencies -- including the CFPB -- to address consumer protection risks in digital asset markets.
Two institutional developments framed this period. First, in May 2024, the Supreme Court in CFPB v. Community Financial Services Association of America upheld the CFPB's funding mechanism as constitutional in a 7-2 decision, removing what had been an existential legal threat to the agency and validating all of its prior rulemaking and enforcement. Second, and ironically, the constitutional funding structure that the Court affirmed became the central battleground when the incoming Trump administration attempted to effectively dismantle the agency beginning in February 2025.
Under President Trump's second administration, the CFPB was subjected to systematic retrenchment. Director Chopra was fired on February 1, 2025. Acting directors Scott Bessent and then Russell Vought ordered a halt to all substantive agency activity, closed the headquarters, and issued layoff notices to over 1,483 employees. Congress repealed the CFPB's larger participant rule for digital payment applications under the Congressional Review Act. The Bureau withdrew its proposed interpretive rule extending Regulation E to crypto transactions. Pending enforcement actions were abandoned or dismissed. Every crypto-related regulatory initiative from the Chopra era was terminated.
As of February 2026, the CFPB's future remains uncertain. Federal courts have ordered the agency to remain funded and blocked mass layoffs, but approximately 25% of the workforce has departed and the Bureau conducts no meaningful supervisory, enforcement, or rulemaking activity. A trial on the legality of the administration's actions is scheduled for February 2026, and the full D.C. Circuit has granted en banc rehearing of the key funding and layoff case. The CFPB received $145 million from the Federal Reserve for its first quarter 2026 operations, but its capacity to carry out its statutory mandate -- in crypto or any other area -- is severely degraded.
Guidance
Circular 2022-02: Deceptive Representations Involving FDIC Insurance
In May 2022, the CFPB issued its first substantive Consumer Financial Protection Circular, Circular 2022-02, addressing deceptive representations involving the FDIC's name, logo, or deposit insurance. CFPB, Circular 2022-02, Deceptive representations involving the FDIC's name or logo or deposit insurance (2022.05.17). The circular stated that covered persons or service providers likely violate the Consumer Financial Protection Act's prohibition on deception if they misuse the FDIC's name or logo or misrepresent deposit insurance coverage -- regardless of whether such conduct is engaged in knowingly. Id.
The circular specifically identified firms offering digital assets as "particularly prone to making such deceptive claims to consumers about FDIC deposit insurance coverage." Id. This warning proved prescient. In the months that followed, Voyager Digital, Celsius Network, and FTX -- all of which had made representations about the safety of consumer deposits -- collapsed in succession. The FDIC and Federal Reserve Board subsequently issued cease-and-desist letters to Voyager Digital for falsely claiming FDIC insurance coverage, and the FDIC issued similar letters to FTX US and several other entities. See Federal Reserve Board, FDIC and Federal Reserve Board issue letter demanding Voyager Digital cease and desist from making false or misleading representations of deposit insurance status (2022.07.28). Notably, it was the FTC -- not the CFPB -- that ultimately brought the enforcement action against Voyager for its false FDIC insurance claims. See FTC, FTC Reaches Settlement with Crypto Company Voyager Digital (2023.10.12).
Because the CFPB's oversight of nonbank financial institutions is limited to areas where it "has reasonable cause" to believe the entity is engaged in activities that "pose risks to consumers," Circular 2022-02 served as a clear signal that the CFPB would focus on deceptive practices in the crypto space, particularly around deposit insurance misrepresentations. Crypto firms were put on notice to ensure that any reference to the FDIC or its insurance protections was accurate.
Complaint Bulletin: Crypto-Asset Complaints (November 2022)
On November 10, 2022, the CFPB published a detailed analysis of consumer complaints related to crypto-assets, covering the period from October 2018 through September 2022. CFPB, Complaint Bulletin: An analysis of consumer complaints related to crypto-assets (2022.11.10). The Bureau received more than 8,300 crypto-related complaints during this period, with the substantial majority submitted in the two years preceding publication.
The data revealed troubling trends. Approximately 40% of all crypto-asset complaints involved fraud, theft, account hacks, or scams, and this figure was rising sharply: by September 2022, fraud accounted for 63% of complaints. Transaction-related issues (execution failures, delayed transfers, and disputed transactions) comprised approximately 25% of complaints, while issues involving assets being unavailable when promised accounted for roughly 16%. The bulletin noted that North Korea-associated hackers had reportedly stolen over $2 billion in crypto-assets, with more than $1 billion lost in the first seven months of 2022 alone.
Director Chopra stated that "[o]ur analysis of consumer complaints suggests that bad actors are leveraging crypto-assets to perpetrate fraud on the public." See CFPB, CFPB Publishes New Bulletin Analyzing Rise in Crypto-Asset Complaints (2022.11.10). The complaint bulletin was published in direct response to the mandate of Executive Order 14067, which had directed the CFPB and FTC to "redouble their efforts to monitor consumer complaints" related to digital assets.
Rulemaking
Dormant Authority
For traditional financial institutions, CFPB oversight does not typically begin until the institution has over $10 billion in assets. In April 2022, however, the CFPB announced that it was invoking "dormant authority" that had previously been granted to it by the Dodd-Frank Act. Specifically, the Act empowered the CFPB to supervise entities (of any kind) whose activities the CFPB "has reasonable cause to determine . . . pose risks to consumers with regard to the offering or provision of consumer financial products or services." 12 U.S.C. § 5514(a)(1)(C).
Although the CFPB implemented the authority through a procedural rule in 2013, the agency did not actually use that authority. See CFPB, Procedural Rule To Establish Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination, 78 Fed. Reg. 40351 (2013.07.03). Unlike specifically covered entities, the CFPB is not able to supervise other entities until it has given each entity it proposes to supervise "notice and an opportunity to respond." The basic procedure for this, according to the rule, is that the CFPB will issue a notice to the entity, the entity will respond, the CFPB will make a determination, and the entity can either agree with that determination or appeal it (administratively or through the courts). There is also a procedure for terminating CFPB supervision after it has begun.
In addition to announcing that it would now actually be exercising this authority, the CFPB issued a proposed rule that would permit it to release certain information about its final determinations and orders. CFPB, Proposed Rule, Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination; Public Release of Decisions and Orders, 87 Fed. Reg. 25397 (2022.04.29). The justification for adding this procedural mechanism was that the otherwise opaque and confidential world of regulatory examinations would benefit from publicly available rulings and determinations that could both serve as precedent and guide industry compliance decisions.
Neither the new proposed rule nor the announcement that the CFPB was invoking previously unused authority specifically mentioned crypto companies. Nevertheless, the near-immediate consensus from the industry was that this expanded use of authority was directly targeted at crypto companies and other fintechs. See, e.g., Kollen Post, CFPB invokes old rule to expand authority over fintech and crypto firms (2022.04.26). In April 2024, the CFPB further updated its risk-based nonbank supervision designation process. See Consumer Financial Services Law Monitor, CFPB Updates Risk-Based Nonbank Supervision Designation Process (2024.04). No publicly identified crypto companies were subjected to supervisory examination under this authority before the change in administration in February 2025.
Larger Participant Rule for Digital Payment Applications
On November 7, 2023, the CFPB proposed a rule to define "larger participants" in the market for general-use digital consumer payment applications, which would bring major nonbank payment platforms under the Bureau's supervisory authority. CFPB, CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps (2023.11.07). Notably, the proposed rule included the CFPB's first public statement that the term "funds" under the Consumer Financial Protection Act is not limited to fiat currency or legal tender, asserting that digital assets with "monetary value readily useable for financial purposes, including as a medium of exchange" could qualify.
The CFPB finalized the rule on November 21, 2024, publishing it in the Federal Register on December 10, 2024. See CFPB, Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications, 89 Fed. Reg. 100426 (2024.12.10). The final rule set the threshold at 50 million annual consumer payment transactions -- substantially higher than the 5 million threshold in the proposed rule -- and was estimated to cover the seven largest nonbank providers, including Google Pay, Apple Pay, Venmo, PayPal, Cash App, and Samsung Pay. In a significant departure from the proposed rule, the final rule excluded digital asset transactions from the definition of "consumer payment transaction," limiting its scope to U.S. dollar-denominated transactions. The rule took effect on January 9, 2025.
The rule was short-lived. Congress overturned it under the Congressional Review Act through S.J. Res. 28, introduced by Senator Pete Ricketts (R-NE). The Senate voted 51-47 on March 5, 2025, and the House voted 219-211 on April 9, 2025. President Trump signed the resolution into law on May 11, 2025 (P.L. 119-11). See CRS, Congress Repeals Rule That Would Have Subjected Large, Nonbank Digital Wallet and Payment App Providers to CFPB Supervision. Under the Congressional Review Act, the CFPB is now prohibited from issuing a rule in "substantially the same form" absent new legislation.
Proposed Interpretive Rule: EFTA/Regulation E and Crypto
On January 10, 2025 -- one of Director Chopra's last major regulatory actions -- the CFPB issued a proposed interpretive rule that would have expanded the Electronic Fund Transfer Act ("EFTA") and its implementing Regulation E to cover emerging digital payment mechanisms, including stablecoins, cryptocurrencies, and central bank digital currencies. CFPB, Electronic Fund Transfers Through Accounts Established Primarily for Personal, Family, or Household Purposes Using Emerging Payment Mechanisms, 90 FR 3425 (2025.01.15).
Under the CFPB's proposed interpretation, the term "funds" in the EFTA would extend to "assets that act or are used like money, in the sense that they are accepted as a medium of exchange, a measure of value, or a means of payment." Stablecoins would have categorically qualified as "funds," while other digital assets would have been evaluated on a fact-specific basis. Had the rule been finalized, it would have extended Regulation E's consumer protections -- including unauthorized transfer liability limits, error resolution procedures, and periodic statement requirements -- to crypto transactions conducted through accounts held for personal, family, or household purposes.
The comment period was open through March 31, 2025. The rule was withdrawn on May 15, 2025, by the CFPB under the Trump administration, which announced that it "will not take any further action on this proposed interpretive rule." See Latham & Watkins, US Crypto Policy Tracker: Regulatory Developments.
Enforcement
Nexo Financial Investigation
The CFPB's first civil investigation of a crypto firm targeted Nexo Financial, LLC. The Bureau issued a civil investigative demand ("CID") to Nexo on December 1, 2021, seeking information about whether the firm was complying with consumer protection laws in connection with its interest-bearing crypto lending product, the "Earn Interest Product." See Consumer Financial Services Law Monitor, CFPB Launches Its First Civil Investigation of a Crypto Firm (2022.12).
Nexo petitioned to modify the CID, arguing that its Earn Interest Product fell under SEC jurisdiction and was therefore outside the CFPB's authority. In November 2022, the CFPB published an administrative order denying Nexo's petition. The Bureau found that Nexo was "trying to avoid answering any of the Bureau's questions about the Earn Interest Product (on the theory that the product is a security subject to SEC oversight) while at the same time preserving the argument that the product is not a security subject to SEC oversight." See CFPB, Decision and Order on Petition to Modify Civil Investigative Demand: Nexo Financial LLC (2022.11). The CFPB ordered a corporate representative to appear for oral testimony on December 19, 2022.
The Nexo investigation established an important jurisdictional principle: offering interest-bearing crypto products does not, in the CFPB's view, exempt a firm from the Bureau's consumer protection oversight, even if the SEC also asserts jurisdiction over the same product. Separately, the SEC reached a $45 million settlement with Nexo in January 2023. There has been no public indication that the Nexo investigation continued after the change in administration in February 2025.
Executive Order 14067 Response
President Biden signed Executive Order 14067, "Ensuring Responsible Development of Digital Assets," on March 9, 2022. The order directed the Secretary of the Treasury, in consultation with the CFPB and other agencies, to submit a report within 180 days on the implications of digital asset adoption for U.S. consumers, investors, and businesses. See Executive Order 14067, 87 Fed. Reg. 14143 (2022.03.14). The order also encouraged the CFPB Director and the Chair of the FTC to "consider the extent to which privacy or consumer protection measures within their respective jurisdictions may be used to protect users of digital assets."
Director Chopra issued a statement on the executive order, noting that the CFPB would be focused on protecting consumers who use digital assets. See CFPB, CFPB Director Chopra Statement on President Biden's Digital Assets Executive Order (2022.03.09). In July 2022, the CFPB published a request for comment on digital asset-related issues. See CFPB, Ensuring Responsible Development of Digital Assets; Request for Comment, 87 Fed. Reg. 40796 (2022.07.08).
On September 16, 2022, the White House released its "First-Ever Comprehensive Framework for Responsible Development of Digital Assets," accompanied by Treasury reports on The Future of Money and Payments, Crypto-Assets: Implications for Consumers, Investors, and Businesses, and an Action Plan to Address Illicit Financing Risks of Digital Assets. See White House, FACT SHEET: White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets (2022.09.16). These reports encouraged the CFPB and FTC to "redouble their efforts to monitor consumer complaints and to enforce against unfair, deceptive, or abusive practices" in digital asset markets. The CFPB's November 2022 crypto-asset complaint bulletin (discussed above) was a direct response to this mandate.
Executive Order 14067 was revoked on January 23, 2025, by President Trump's executive order on digital financial technology, which declared federal policy would instead support "the responsible growth and use of digital assets, blockchain technology, and related technologies." See White House, Executive Order on Strengthening American Leadership in Digital Financial Technology (2025.01.23).
The CFPB Under the Trump Administration
Leadership Transition
On February 1, 2025, President Trump fired Director Rohit Chopra and appointed Treasury Secretary Scott Bessent as acting director. See Washington Post, Trump removes Rohit Chopra as director of CFPB (2025.02.01). Bessent immediately ordered CFPB attorneys to stop defending regulations in court, halt the issuance of final rules, cease settlement of enforcement actions, and suspend participation in litigation. Russell Vought, the confirmed director of the Office of Management and Budget and a principal architect of the Project 2025 conservative policy agenda, subsequently assumed the role of acting director.
Dismantlement
Under Vought's direction, the CFPB was subjected to systematic retrenchment. On approximately February 8, 2025, Vought closed the CFPB's headquarters and instructed all staff to cease work, including all supervision and examination activity, all stakeholder engagement, all pending investigations, all public communications, and all enforcement actions. See NPR, Russell Vought closes CFPB HQ, tells staff to stop work (2025.02.08). The Department of Government Efficiency ("DOGE") accessed the CFPB's internal computer systems, and the agency's social media accounts were deleted. Id. Layoff notices were subsequently issued to over 1,483 employees. As of early 2026, approximately 25% of the CFPB's pre-Trump workforce has departed. See Government Executive, CFPB staves off furloughs after receiving funding, but still pushes to shut itself down (2026.01).
Crypto Initiatives Abandoned
Every crypto-related regulatory initiative from the Chopra era was terminated or abandoned under the new administration:
Regulation E interpretive rule (stablecoins, crypto, CBDCs): withdrawn May 15, 2025.
Larger participant rule (digital payment applications): repealed via Congressional Review Act, P.L. 119-11, signed May 11, 2025.
Section 1033 open banking rule: stayed; the CFPB stated it "exceeds the agency's statutory authority" in June 2025 and initiated reconsideration via advance notice of proposed rulemaking in August 2025.
Nexo Financial investigation: no public indication of continuation.
PayPal/Venmo investigations: no public indication of continuation.
Zelle lawsuit (filed December 2024): dismissed with prejudice in March 2025.
Statements & Testimony
Director Chopra, who served on the board of the FDIC by virtue of his position, issued a statement in May 2022 supporting the FDIC's final rule on false advertising and misrepresentations of insured status. Rohit Chopra, Statement on the Final Rule Regarding False Advertising, Misrepresentations of Insured Status, and Misuse of the FDIC's Name or Logo (2022.05.17). In connection with that vote, Chopra specifically highlighted the CFPB's Circular 2022-02 and noted:
We are especially concerned about potential misconduct involving novel technologies, including so-called stablecoins and other crypto-assets.
Chopra clarified that although the FDIC was taking the specific action regarding its own procedures, nothing prevented other agencies -- including the CFPB -- from taking independent enforcement action against entities that misrepresent FDIC insurance coverage.
Throughout his tenure, Chopra testified before the Senate Banking Committee and House Financial Services Committee on multiple occasions, including in April 2022, June 2024, and December 2024. See, e.g., CFPB, Written Testimony of Director Rohit Chopra before the Senate Committee on Banking, Housing, and Urban Affairs; CFPB, Prepared Statement of Rohit Chopra (2024.12.11). His testimony addressed Big Tech's role in financial services, digital payment platforms, and nonbank oversight. On stablecoins, Chopra stated publicly that "it is not a great idea to have big tech giants become a major issuer of stablecoins" due to "so many issues with privacy, surveillance and competition." See PYMNTS, Ex-CFPB Director Chopra Says 'Big Tech' Shouldn't Issue Stablecoins (2025).
Index of Sources
Sources are listed in reverse chronological order.
ABA Banking Journal, D.C. circuit court grants en banc rehearing of CFPB layoff lawsuit (2026.01)
Consumer Finance Monitor, CFPB receives funding for continued operations (2026.01.23)
NPR, Nearly 2 dozen states sue the Trump administration over funding for CFPB (2025.12.22)
CFPB, Personal Financial Data Rights Reconsideration, ANPRM (2025.08.22)
P.L. 119-11 (S.J. Res. 28), Congressional Review Act disapproval of CFPB Larger Participant Rule (2025.05.11)
Axios, Union sues Trump admin over CFPB shutdown attempt and DOGE access (2025.02.10)
NPR, Russell Vought closes CFPB HQ, tells staff to stop work (2025.02.08)
Washington Post, Trump removes Rohit Chopra as director of CFPB (2025.02.01)
White House, Executive Order on Strengthening American Leadership in Digital Financial Technology (2025.01.23)
CFPB, Block, Inc. Consent Order (2025.01)
CFPB, Proposed Interpretive Rule, Electronic Fund Transfers Through Accounts Established Primarily for Personal, Family, or Household Purposes Using Emerging Payment Mechanisms, 90 FR 3425 (2025.01.15)
CFPB, Prepared Statement of Rohit Chopra, Testimony Before the Senate Banking Committee (2024.12.11)
CFPB, Final Rule, Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications, 89 FR 100426 (2024.12.10)
CFPB, Finalizes Personal Financial Data Rights Rule (2024.10.22)
Supreme Court, Consumer Financial Protection Bureau v. Community Financial Services Assn. of America, Ltd., 601 U.S. ___ (2024.05.16)
CFPB, Statement on Supreme Court Decision in CFPB v. CFSA (2024.05.16)
FTC, FTC Reaches Settlement with Crypto Company Voyager Digital (2023.10.12)
CFPB, Decision and Order on Petition to Modify CID: Nexo Financial LLC (2022.11)
Federal Reserve Board, FDIC and Federal Reserve Board issue letter demanding Voyager Digital cease and desist (2022.07.28)
CFPB, Ensuring Responsible Development of Digital Assets; Request for Comment, 87 Fed. Reg. 40796 (2022.07.08)
CFPB, Circular 2022-02, Deceptive representations involving the FDIC's name or logo or deposit insurance (2022.05.17)
CFPB, Proposed Rule, Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination; Public Release of Decisions and Orders, 87 Fed. Reg. 25397 (2022.04.29)
Allyson Versprille, Crypto Skeptic Set to Join Consumer Finance Watchdog (2022.01.26)
PYMNTS, Warren: CFPB Has Power to Stop Crypto Fraud (2021.10.28)
CFPB, CFPB Warns Consumers About Bitcoin (2014.08.11)
CFPB, Procedural Rule To Establish Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination, 78 Fed. Reg. 40351 (2013.07.03)
Authors
This article was originally drafted by @Lawtoshi and is subsequently being updated in conjunction with Claude Code.
Last updated