Late last year, we discussed the Consumer Financial Protection Bureau’s (CFPB or Bureau) proposed rule aimed at supervising larger technology companies offering digital wallets and payment apps. On November 21, the CFPB finalized this rule, which will bring significant changes to the oversight of nonbank digital payment companies. This final rule is set to take effect 30 days after its publication in the Federal Register.
As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was effective immediately. Apparently in response to industry criticism, in Mortgagee Letter 2024-23 FHA announced revised requirements.
Acting Comptroller of the Currency Michael J. Hsu today issued the following statement in support of the Financial Stability Oversight Council’s (FSOC) Annual Report:
The Consumer Financial Protection Bureau (CFPB) today published an order establishing supervisory authority over Google Payment Corp. The CFPB is responsible for supervising a wide range of financial firms to ensure they are complying with federal consumer financial protection laws. The CFPB has supervised nonbank entities in certain industries like mortgage and payday lending, service providers to banks and credit unions, and larger players in particular markets as defined by rule.
Relying solely on a contract as a means of oversight is like assuming that having speed limit signs eliminates the need for traffic enforcement. A contract might outline the expectations and responsibilities, but it’s not enough to ensure compliance or effectiveness. In the realm of audits—whether you’re assessing internal operations, third-party vendors, or even a fourth party hired by a third party—simply pointing to contractual clauses is not an adequate substitute for robust tests and controls.