The CFPB And Cyber Threats

In a presentation titled “Navigating CFPB Investigations and Enforcement Actions” by Jonathan Pompan, Partner, Co-Chair CFPB Task Force, Venable LLP, he asked, “Who is subject to a potential CFPB Investigation? The CFPB authorizes the Bureau to conduct investigations to ascertain whether any person is or has been engaged in conduct that, if proved, would constitute a violation of any provision of Federal consumer financial law. This includes: Banks and Credit Unions, All Mortgage Related businesses, Small-Dollar Lenders, Private Student Lenders, Debt Collectors, Consumer Reporting, Consumer Credit and related activities, Money transmitting, check cashing, and related activities, Prepaid cards, Debt Relief, Financial Advisors, Service Providers, and more…” And that’s not all.

Pompan goes on to explain CFPB Investigation and Enforcement Authority, which can lead to significant ramifications. He says, “CFPB may investigate, issue subpoenas and civil investigative demands, and compel testimony. The CFPB may conduct hearings and adjudications to enforce compliance, including cease-and-desist orders. In addition, the CFPB may initiate actions for civil penalties or an injunction: Penalties up to $1M per day for knowing violations, criminal referrals to DOJ, State Attorney General may also enforce the CFPB with notice to the CFPB. The CFPB may enforce rules issued by the FTC to the extent such rules apply to a covered person or service provider.”

What triggers these types of CFPB Investigations? ” Violation of Federal Consumer financial law, Risk to Consumers, Consumer Complaints to the CFPB and third-parties, Government agency referrals and complainants, media coverage and low history of supervision,” stated Pompan.

In addition to the above-mentioned potential risks for exposing non-public information, there is also a significant reputational risk to an organization that has leaked non-public information.

As you can see, exposing non-public information can have severe adverse effects on your business. In today’s highly regulated financial climate, enforcement of consumer protection is at an all-time high.

How can banks, credit unions, and mortgage lenders protect themselves? As we already discussed, e-mail has become a cornerstone of every business operation. With that being said the key lies in protecting non-public information when it is the Public Internet Danger Zone.

As you can see from the graphic above, the fundamental problem is that most carriers deploy a “One to Many” solution. Each of these solutions is different, unmanageable, and benefits the One but Not the Many. The ideal solution needs to deploy a “Many to Many” solution, one that protects the user with compliance, leverages the community, and delivers mutual benefits for all involved.

The ideal solution is to encrypt email that protects non-public information across the Internet (Firewall to Firewall). It should host a transaction audit for e-mail exchange that is simple and absolute with on scrubbing required. The solution needs to support Subscribers, Non Subscribers and is priced so that no one is left behind. In addition, it should not require user interaction, no need to purchase keys, and be platform-independent. Therefore, there is no need for a new e-mail client, delivering browser access to administrative and auditing functions.