Aug 22, 2022

CFPB Circular Emphasizes Banks’ Responsibility to Protect Customer Data

Aug 22, 2022 | Banks, Market

By: Ken Chase.

In a new circular published this week, the Consumer Financial Protection Bureau outlined financial companies’ responsibility to protect their customers’ personal and financial data. In a move that analysts viewed as a potential crackdown on financial firms, the CFPB noted that failure to adequately safeguard consumer data could place banks in violation of the Consumer Financial Protection Act.

 The circular was created to answer questions concerning financial entities’ possible violation of that Act due to a failure to provide adequate information security and data protection. The bureau’s response and analysis left no doubt about the CFPB’s position on that issue: when the regulatory bureau finds that an institution has neglected to implement any of three basic security controls, that institution is likely to face punitive action.

Those three security controls include basic considerations recognized as the bare minimum in data safeguards: multifactor authentication to verify identities, password management, and regular timely updates to software systems.

Multifactor authentication, or MFA, is becoming a priority for regulators concerned about data protection. The CFPB clearly expressed its belief that this security measure can help to reduce unauthorized access to customers’ accounts and personal data.

Proper password management can help to eliminate one of the most common access points for data breaches. According to the CFPB, an organization’s failure to maintain adequate password management practices and systems would likely trigger a liability finding in the event that customer data security was negatively impacted.

The CFPB’s position on software updates was equally straightforward. In its view, companies that fail to install regularly issued security patches could be liable for any resulting vulnerabilities that leave customer data unprotected from hackers and other bad actors. As a result, companies have an obligation to quickly install updates and patches as they are released, while also replacing any software systems that are no longer receiving vendor support and maintenance.

As the CFPB notes in its circular, “In certain circumstances, failure to comply with these specific requirements may also violate the CFPA’s prohibition on unfair acts or practices. The CFPA defines an unfair act or practice as an act or practice: (1) that causes or is likely to cause substantial injury to consumers, (2) which is not reasonably avoidable by consumers, and (3) is not outweighed by countervailing benefits to consumers or competition.”

Learn more 

UBS to Buy Credit Suisse in Emergency Rescue

UBS to Buy Credit Suisse in Emergency Rescue

UBS reached an agreement to purchase embattled Credit Suisse on Sunday for a reported $3.2 billion. The agreement came after weekend negotiations orchestrated by the Swiss National Bank and Swiss regulators, which pushed for the emergency rescue as a way to shore up...

Report: UBS in Discussions for Credit Suisse Acquisition

Report: UBS in Discussions for Credit Suisse Acquisition

The Financial Times has reported that UBS is currently involved in talks to acquire part or all of embattled Credit Suisse. The Times’ sources reportedly include “multiple people briefed on the talks” who claimed that Switzerland’s central bank and financial...

Regulators Vow to Cover Uninsured Deposits at Failed Banks

Regulators Vow to Cover Uninsured Deposits at Failed Banks

The Treasury Department, Federal Reserve Board, and Federal Deposit Insurance Corporation issued a joint statement on Sunday confirming that all Silicon Valley Bank uninsured deposits will be fully covered. The same announcement confirmed similar protections for...