1.12 - Consumer Financial Protection Bureau (CFPB)


The CFPB is the federal agency charged, principally, with monitoring financial institutions and making sure that they are not selling misleading products to or otherwise deceiving consumers. So far it has taken limited specific action with respect to cryptocurrency or the entities potentially subject to its regulatory oversight. It warned consumers about Bitcoin in 2014, remained largely silent until 2022 (although it has tracked complaints related to virtual currency since April 2017), and now appears poised to begin more significant oversight over crypto firms engaging in activities the CFPB determines "pose risks to consumers."

This enhanced scrutiny comes on the heels of Senator Elizabeth Warren, who is largely credited with inspiring the creation of the CFPB, specifically advocating for the CFPB to intervene to cut down on cryptocurrency fraud. See PYMNTS, Warren: CFPB Has Power to Stop Crypto Fraud (2021.10.28). Shortly thereafter, the agency hired a prominent crypto skeptic to work on "a range of issues including digital assets." Allyson Versprille, Crypto Skeptic Set to Join Consumer Finance Watchdog (2022.01.26).

Finally, the CFPB is working in conjunction with other federal agencies on a report in response to President Biden's Executive Order on crypto, which is due on September 5, 2022.


For traditional financial institutions, CFPB oversight does not typically begin until the institution has over $10 billion in assets. In April 2022, however, the CFPB announced that it was invoking "dormant authority" that had previously been granted to it by the Dodd-Frank Act. Specifically, the Act empowered the CFPB to supervise entities (of any kind) whose activities the CFPB "has reasonable cause to determine . . . pose risks to consumers with regard to the offering or provision of consumer financial products or services." 12 U.S.C. § 5514(a)(1)(C).

Although the CFPB implemented the authority through a procedural rule in 2013, the agency did not actually use that authority. See CFPB, Procedural Rule To Establish Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination, 78 Fed. Reg. 40351 (2013.07.03). Unlike specifically covered entities, the CFPB is not be able to supervise other entities until it has given each entity it proposes to supervise "notice and an opportunity to respond." The basic procedure for this, according to the rule, is that the CFPB will issue a notice to the entity, the entity will respond, the CFPB will make a determination, and the entity can either agree with that determination or appeal it (administratively or through the courts). There is also a procedure for terminating CFPB supervision after it has begun.

In addition to announcing that it would now actually be exercising this authority, the CFPB issued a proposed rule that would permit it to release certain information about its final determinations and orders in exercising the authority. CFPB, Proposed Rule, Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination; Public Release of Decisions and Orders, 87 Fed. Reg. 25397 (2022.04.29). The justification for adding this procedural mechanism is that the otherwise opaque and confidential world of regulatory examinations would benefit from publicly available rulings and determinations that could both serve as precedent and guide industry compliance decisions.

Neither the new proposed rule nor the announcement that the CFPB was invoking previously unused authority specifically mentions crypto companies. Nevertheless, the near immediate consensus from the industry was that this expanded use of authority was directly targeted at crypto companies and other fintechs. See, e.g., Kollen Post, CFPB invokes old rule to expand authority over fintech and crypto firms (2022.04.26).


Because the CFPB's oversight of non-traditional financial institutions is limited to areas where it "has reasonable cause" to believe the entity is engaged in activities that "pose risks to consumers," the CFPB is focusing on enforcement against entities that engage in deceptive acts or practices that would violate the Consumer Financial Protection Act. See CFPB, Circular 2022-02, Deceptive representations involving the FDIC’s name or logo or deposit insurance (2022.05.17).

The one specific practice the CFPB has identified specific to digital assets are misrepresentations regarding FDIC coverage for those assets. Crypto firms should thus be careful to ensure that any reference they make to the FDIC or its insurance protections are accurate.

Statements & Testimony

The leader of the CFPB, Rohit Chopra, also serves on the board of the FDIC. Recently the FDIC voted to permit enhance its enforcement of against entities that falsely claim assets are covered by FDIC insurance. Rohit Chopra, Statement on the Final Rule Regarding False Advertising, Misrepresentations of Insured Status, and Misuse of the FDIC’s Name or Logo (2022.05.17). In connection with that vote, Chopra specifically highlighted a circular about misrepresentations about deposit insurance (see above) and noted:

We are especially concerned about potential misconduct involving novel technologies, including so-called stablecoins and other crypto-assets.

Further, Chopra clarified that although it was the FDIC that was taking specific action regarding its own procedures, nothing in those procedures prevented other agencies from taking action based on them. Thus, in Chopra's view, the CFPB can rely on an FDIC prohibition to take enforcement action on its own against entities that misrepresent whether consumer deposits are covered by FDIC insurance.

Index of Sources

Sources are listed in reverse chronological order.


This article was drafted by @Lawtoshi.

Last updated