Weekly RoundUp
May 23, 2024

CFPB Takes Action to Ensure Consumers Can Dispute Charges and Obtain Refunds on Buy Now, Pay Later Loans

In this issue. The Consumer Financial Protection Bureau (CFPB) took action to ensure consumers can dispute charges and obtain refunds on buy now, pay later (BNPL) loans; the Securities and Exchange Commission (SEC) adopted rule amendments to Regulation S-P to enhance protection of customer information; the CFPB issued a final rule to implement section 1071 of the Dodd-Frank Act; and the Board of Governors of the Federal Reserve System (Federal Reserve) announced its denial of two rulemaking petitions due to legal and policy considerations. These and other developments are discussed in more detail below.

Regulatory Developments

CFPB Takes Action to Ensure Consumers Can Dispute Charges and Obtain Refunds on Buy Now, Pay Later Loans
On May 22, the CFPB issued an interpretive rule (Rule) confirming that BNPL lenders are credit card providers under the Truth in Lending Act and Regulation Z, requiring them to provide consumers certain legal protections and rights applicable to conventional credit cards. Traditional BNPL products are closed-end loans that are payable in four or fewer installments without a finance charge and are used to make purchases on credit. Under the new Rule, BNPL lenders must investigate disputes initiated by consumers and pause payment requirements during the investigation and when applicable, issue credits. BNPL lenders must also refund returned products or cancelled services to the consumer’s account and provide periodic billing statements like ones received for traditional credit cards. The Rule is set to go into effect 60 days after publication in the Federal Register. Public comment on the Rule will be accepted until August 1, 2024.

SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of Customer Information
On May 16, the SEC adopted amendments to Regulation S-P, known as the “Safeguards Rule,” to enhance the treatment of consumers’ nonpublic personal information. Regulation S-P, which implements the Gramm-Leach Bliley Act, applies to certain financial institutions, including broker-dealers, investment companies, registered investment advisers, funding portals, and transfer agents (covered institutions). The amendments require covered institutions to (1) adopt incident response programs, policies, and procedures that are “reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information” and (2) notify customers in writing if their information is exposed in an incident. Larger covered institutions will need to comply with the amendments within 18 months of publication in the Federal Register.

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially. These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”
—    Gary Gensler, Chairperson, SEC

CFPB Issues Final Rule to Implement Section 1071 of the Dodd-Frank Act
On May 17, the CFPB announced an extension of the compliance dates for its small business lending rule requiring collection and reporting of lending to women-owned, minority-owned, and small businesses. The rule had previously been stayed in federal district court pending a final ruling in CFPB v. CFSA. Given the Supreme Court’s May 16 ruling upholding the constitutionality of the CFPB’s funding structure, the CFPB announced an approximately nine-month extension of the rule’s compliance dates to compensate for the period stayed.

The new compliance dates are as follows:

  • Tier 1 institutions (highest volume lenders) – July 18, 2025
  • Tier 2 institutions (moderate volume lenders) – January 16, 2026
  • Tier 3 institutions (smallest volume lenders) – October 18, 2026

Federal Reserve Denies Two Rulemaking Petitions Due to Legal and Policy Considerations
On May 17, the Federal Reserve announced its denial of two rulemaking petitions. The first petition requested that the Federal Reserve and Federal Deposit Insurance Corporation adopt changes to the Uniform Financial Institution Rating System, otherwise known as the CAMELS rating system. The petition asked the Federal Reserve to engage in rulemaking to change various methodologies and definitions within CAMELS, and to further study its effectiveness. The Federal Reserve determined that it would not be an effective use of its limited resources to revise these methodologies and definitions and suggested that further studies are unnecessary given the current mandatory disclosure regime. The second petition sought that the Federal Reserve promulgate a rule requiring financial institutions that have pledged to provide financial support for Black Lives Matter to disclose all activity concerning that pledge. The Federal Reserve declined to grant the petition, finding that it was unaware of any legal basis to promulgate the requested rule.

Check Out Goodwin's Latest Industry Insights

New Client Alert: South Carolina Becomes Fifth State to Enact Law Regulating Earned Wage Access Services
South Carolina has become the fifth state (and the third in 2024) to enact a law that establishes a financial services oversight regime for earned wage access services, also known as on-demand pay services, which allow workers to access earned but unpaid income before payday. The governor approved the legislation (S 700) on May 21, 2024. South Carolina’s law imposes registration and other substantive requirements on providers and provides important regulatory certainty for these innovative financial services in the state. South Carolina joins Kansas, Missouri, Nevada, and Wisconsin, each of which have adopted similar legislation. To read more, click here.

New Fintech Flash: CFPB Q1 Circular Recap: Essential Takeaways for Mitigating UDAAP Risk to Remittance Transfer Providers, Digital Comparison-Shopping Tools Operators, and Lead Generators
In the first quarter of 2024, the CFPB issued two Consumer Financial Protection Circulars, putting remittance transfer providers, digital comparison-shopping tools operators, and lead generators on notice of certain practices that can violate the Consumer Financial Protection Act’s (CFPA’s) prohibition on unfair, deceptive, and abusive acts and practices. To read more on the CFPB’s Q1 circular recap, click here.

Upcoming Event: Goodwin’s Client Reception at Consensus 2024 (Austin, TX)
Heading to Consensus in Austin, Texas, later this month? Join Goodwin for an afternoon of authentic Texas BBQ, refreshing beverages, and engaging conversations with peers in the digital currency and blockchain community. To RSVP, click here.

Corporate Transparency Act (CTA) Resource Center
Go-to resource with on-demand webinars and compliance toolkit.

Consumer Finance Insights (CFI) Blog
The latest on consumer finance regulation, litigation, and enforcement. 

Fintech Flash
The latest news and developments for the rapidly evolving fintech industry – which often can change in a flash. 

Bank Failure Knowledge Center
Visit our knowledge center for timely updates and analysis on important developments related to bank failures.


This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.