Skip to main content


Episode 39: Recent CFPB Rulemaking Activity & Looking Ahead for 2024

Rhonda McGill
January 19, 2024
Episode 38: CFPB Complaints, Enforcements, & Navigating New Compliance Challenges

2024 is already shaping up to be a busy year that will continue to be filled with regulatory and compliance pressures including increased rulemaking, examinations and enforcement. As we enter what is sure to be yet another busy year in the regulatory space, regulators are gearing up to ensure that consumer protection continues to be the focus of their ever-growing agenda.

Today’s episode is part 2 of a discussion featuring CFPB alumni Gary Stein and Melissa Baal Guidorizzi, where they discuss:

  • Recent CFPB rulemaking activity
  • Steps you can take now to get ahead of regulatory scrutiny
  • Looking ahead at rulemaking for 2024
  • Will the upcoming election impact operations at the CFPB?

Show Notes:

Subscribe to COMPLY: The Marketing Compliance Podcast

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Hey COMPLY Podcast listeners and welcome to this week’s episode. Today’s episode is part two of the discussion between John Zanzarella, PerformLine’s SVP of Sales, and CFPB alumni Gary Stein and Melissa Baal Guidorizzi, in this episode the three discuss their thoughts and observations on recent CFPB rulemaking activity, steps you can take now to get ahead of regulatory scrutiny, looking ahead into rulemaking for 2024, and what impact the upcoming election may have on operations at the CFPB. Thanks for listening and enjoy! 

We know this year the CFPB has been very active with things like combating junk fees and issue 29 of their supervisory highlights. There was also the proposed rule to supervise larger non-bank companies that offer services like digital wallets and payments apps. With all of these sort of new rules coming down, I’m curious in your opinion, you know, is there one that stands out that is going to be more of the focus of the CFPB from an enforcement standpoint? And again, you know, any kind of best practices that you would advise clients how to stay ahead of some of those? Would love to just hear some of your thoughts on that. And again, Gary, if you wanna start with this one, go for it.

Yeah, I mean, I think it depends on who you are. If you’re Apple or Google, you’re probably a little more focused on the larger participant rule. But also any of the companies like bill-pay companies that could be swept into that, you know, there’s a data brokers rule, junk fees, as the White House has coined them. I think what’s interesting with them are, like 1033 is a great example of where the statute to do that has existed since the Dodd-Frank was enacted and the Bureau was created. And here it is, 13 years later, and they’re proposing, and I haven’t met a single person who thinks it should have come out sooner, I think the overall direction of the market hadn’t matured enough to do it and everything.

And what’s great here, yes, there will be real implementation work for the ecosystem players, but again there’s an opportunity to pave the cow paths, you know, and look and see, okay, how is this working today? What’s important? What creates consumer harm? And how do we do that? In other instances with some of these rules, and overdraft and NSF fees and things like that, look that’s been talked about for decades. I’d argue that since the creation of the Bureau and maybe since the FFIC started forcing large banks to start reporting NSF OD fees in a more transparent manner so that everybody could see what they’re actually collecting. Banks have increased and fintechs have emerged to offer kind of fee-free alternatives to banking. We’ve seen some decline, maybe not in the overall levels, but companies adopting no fee policies.

So those things have been happening and they’re not catching anyone by surprise. I apologize for the sunlight here. The interesting ones, like the LP rule and the data brokers rule that might sweep in companies that might not have been the primary target, so those rules could create fundamental changes for those types of organizations. So an example in the data brokers side are companies that might be doing fraud screening and fraud monitoring. I think it’s highly justified for the bureau to wonder aloud, maybe hand-in-hand with the prudential regulators, whether consumers are denied access to financial services products because of fraud and don’t have the same recourse they do if it’s because of credit or something. But at the same time, there’s a safety and soundness mission there, and there would be implications if we started giving, you know, fraudsters that are stealing identities adverse action notices, intended for the original consumer, right? So there are that would create some business model changes that probably weren’t as much on the spectrum for some of those entities as those other types of rules. And then there could be a more fundamental review of the business model.


Yeah, so I’m gonna take it, I’m gonna pull up and be more, a little bit 10,000 foot on it, because to me, all of the rules that are coming out now hand-in-hand with some of the supervisory and enforcement actions that have come out recently, really is just along the lines of a larger strategy, that data in and of itself, and payments are really clear focuses of the CFPB. And the fact that payments and data flow together, that data is a consumer protection concern, is really something that we’re seeing all across. So we hadn’t really mentioned the Fair Credit Reporting Act yet. All of the things that are happening out of the Bureau now is an attempt to really regulate the flow of both funds and consumer information. And there’s gonna be some issues for all the players in the space related to how that plays out, because funds and data don’t actually function the same way.

And so some of the things, just picking some of the soft points or things that are TBD in these rules and how they will play out. In 1033, there’s a lot about the collection, the limited collection of data for the only what is reasonably necessary for a product or service, limited holds, but data does more than that in this economy. And a lot of companies rely on data for different things like marketing or improvement of products and user experience. So how is that gonna work? You know, it’s unclear and while the actual data has to flow, and that’s part of the rule, who’s liable for what, even if the obligations are actually laid out, you know, someone’s supposed to take the express informed consent, which is a new level of requirement that I think is going to be a real level of friction for most, but who’s liable for that not happening is still unclear TBD, right?

And then the LP rule, while it’s not really an enforcement piece in the Office of Enforcement traditional sense, it’s an expansion of the examination authority. It’s the first time the CFPB came out and said that crypto digital assets could be underneath its jurisdiction. That’s really important because that is a nod to the fact that now we can have enforcement actions that are on crypto products that are consumer financial products. And so what you see is all of this is like a full court press on expanding the Bureau’s jurisdiction over markets that it conceives our consumer facing, but maybe not as traditional financial services as many who have been working in this space have thought.

Yeah, and I think that’s a great point and to riff on that, and maybe to go even higher level than that, when you think about it there used to be a line that we used to use at the Bureau on a lot of press releases, you know, helping consumers take control of their financial lives. At the end of the day consumers have assets, it’s easy, and we’ve always thought of those assets as the dollars in their bank account or they might owe. But as Melissa’s pointed out, data is increasingly that too. And so transparency and control and ensuring that consumer, whether it’s express written consent, the concept of a consumer authorization and directive and ensuring that if you are accessing or touching those consumer assets that you are doing that in-line with what a consumer would expect or want.

And the want comes from the authorization. The expect comes from probably the transparency there. And you’re right, the world’s only gonna get more complicated. You know the types of credit services available to us are expanding and becoming more and more specialized, right? The horses out of the barn, we’re not gonna go back just to having an auto loan, a mortgage, and a credit card. And the way we pay, we’ve moved on from check and cash, to card and ACH and now a variety of other mechanisms, and it’s not gonna be reduced down to one or two things. So as all these models come about, I think what we’ve always tried to think about is what is the spirit of existing regulation? What is it trying to ensure, and what have the lawmakers and the regulators thought in terms of what could go wrong and apply that lens to these existing models? And if you think about it that way, you could probably anticipate the consumer risks before a regulator is knocking on your door.

Yeah, it’s really interesting. I like the way that you sort of started out a little bit more in the weeds and pulled up to the higher level view. Melissa, the way you broke it down, you know, kind of just talking about the focus being on data and payments across these different segments is really a good way to look at it. It certainly seems consistent with a lot of what we’re seeing there. So now I’m gonna ask you to look ahead, right? And I don’t know the answer to this, but when you all were at the Bureau, if you could have seen the writing on the wall that some of these current rules would make their way into the public domain, and maybe those are things already being worked on, looking into next year and beyond. Can you give me an idea of what you think the CFPB has in store for financial institutions or beyond in 2024?

Hmm, it’s a good question. Talking with our former colleagues that are still there I think everybody there is quite busy, so don’t expect nothing. There’s obviously a lot of balls in the air right now. All the rules we discussed, and none of them have been finalized. You know, there were data collections started like on BNPL that really, the shoe hasn’t dropped on that. There’s always been a constant rumor of something coming out back on overdraft, we talked a little bit about that NSF earlier. And I will say, by the way, Melissa and I are both payment data geeks. We probably both spent some time in mortgage, but less attuned, or at least I am to that in some of the other collateralized lending markets. 

If we tend to show a bias on those types of things. I mean to me, what I really would like to see if we can sit on Santa’s lap, is I’d like to see something to help the market get to, with just enough tough love but not for the sake of being tough, a clean way to enable the BaaS model. Because I firmly believe that if banking has become, it is a balance sheet driven business. And back in the day when I was a former consultant and banker, a lot of projects had to do with branch location, it was a geographic business. That’s no longer really the case unless you’re in AG lending and certain other commercial businesses, it tends not to be. I mean, even credit union charters are broad, they’re not generally geographic or many are. 

But in any event, so that means now you’ve got to serve and compete with everybody in the marketplace. And how do you do that? You’re gonna do that by being specialized, going after very defined target segments, use cases on the small and larger business side industry verticals. And that requires specialization that I think many banks haven’t traditionally invested in. And where many fintechs emerge in saying, hey, we see this slice of the pie, we can help do it. And so it’s really, I’m a big believer in the BaaS model. I think the fintechs get the benefit of oversight and structure, not to mention insured deposits, from bank-relationships. And the banks, if they aren’t able to use these fintechs third parties as product development R&D distribution centers, I think we’d see a massive amount of bank consolidation. So when I look forward, there’s a lot of hemming and hawing about how this works, and I think we’d all agree that we haven’t reached a mature state where every bank understands its obligation for its underlying fintechs, and every fintech is aware of what their expectations should be. So I’d love to see more focus on setting that so that the model will work for everybody. Having said that, I think we’ll probably see more punitive regulations.

Yeah. So Gary’s always the more positive viewpoint, I’m a lawyer.

I was going to say, that’s the non-attorney in him.

That’s the non-attorney in him. I agree, I think there’s gonna be a lot more activity from every sector in the CFPB. They’re very, very busy. Everybody’s working hard. More enforcement probably with the increase of staff, you’ll see more investigations, you’ll see more of them move to the end game, whether it’s litigation or consent order and some big items. There are probably gonna be some big announcements in 2024, I think that’s not gonna be a surprise to anyone. The rules are gonna move forward, 1033 should close, I think next year. FCRA will probably get a notice of proposed rulemaking in the next year. I think there is a lean on overdraft, probably something comes out. There’s a big push, I think at the CFPB to lock in the gains of some of the work that’s been done over the last year and I think in the last couple years. And I think you’ll see that in either advisory opinions or more of the rulemaking. And supervision is gonna continue to actually note the dollars and cents it gets back in their exams. And we’re seeing that examiners are asking for more and more money back from exam subjects. And so I think that’s gonna happen as well.

Yeah. I do think, believe it or not, there is a fixed capacity to what the Bureau can churn out. I mean, Melissa touched on this a little bit on the enforcement side. Rulemaking if done correctly not to suggest that the Bureau is not doing it correctly, it’s a heavy lift. I mean, you need data-driven evidence to do it, right. There’s these public comment periods that we’re going through and it really has to be thought out. And then on top of all of that, as we continue to see there’s gonna be legal threats and pushback on some of these things if they feel like the authorities weren’t implemented effectively to carry out those rules. So there will be a lot coming out, but you could easily get to a point where parts of the bureau are kind of consumed also.

So you know, I’d advise everybody to pay attention to the regulatory agenda. I think the fall one hasn’t come out yet, but it generally comes out, I thought around the end of November. You know some of that may just be a confirmation on what we’ve already heard, but it can be an early indicator of things. The first administration would indicate things on the pre-roll status and stuff that’s in the pipeline. And so just look for the inter-agency regulatory agendas and look up to CFPB and you’ll in a few days we should probably get some more insights.

Yeah, it sounds like, I mean just in the last five minutes, you all gave a lot of good things for the listeners to think about. When it comes to planning for next year and the CFPB’s potential agenda, now is the time to start thinking about your regulatory change management practices. And like we talked about, whether it’s having to hire additional staff or make that proposal or adding technology that allows you to automate in certain areas and do more with less. It does seem like next year is going to be another year where a lot of these things are gonna be top of mind and need to be actioned on by companies.

I guess the last question I’ll ask you, and it’s sort of in the same vein heading into an election year, Gary, you had mentioned earlier that the CFPB in its 12 year history pretty much had two resets, right? In 2016 and 2020 when we flipped administrations. Looking into 2024, if there is an administration shift, do we think there will be another sort of reset because that’s just kind of natural bringing in new people? And if not, if it remains the same administration, do we think that will allow the CFPB to continue some of the momentum they’ve created over the last two years and build on some of these rules and programs?

Well, let’s remember that even before that, the Supreme Court could rule against the constitutionality of the Bureau, although by the hearing they had earlier this fall, it didn’t sound like they would create the chaos that could be in the market by unwinding everything that’s been done. But we should hold that out there. I’m glad you asked this question, John, because I was just thinking that, if there is an administration change I think, yes, the threat of examination or the depth of it or the threat of enforcement actions may subside. But you know, again, we talked about this, the point of all these regulatory obligations is to ensure that, at least in the CFPB, consumers are treated fairly. And if I go back to what I said before, if you embrace the spirit of what’s trying to be done there, I wouldn’t take my foot off the gas of any of those things.

You might not have to staff up for exams quite as soon or as frequently as you thought, but if you are harming your consumers, you’re probably harming your own business outlook. If the Democrats win again I still expect at some point that Director Chopra would move on. I mean, they’re on a five-year term maximum anyhow. And so we’ve seen both, Melissa and I worked with Rohit, in the first iteration of the Bureau. And the way that the Bureau is being administered now is different than it was under Rich. Their people have different styles and you are also at a point where in some ways it was easier in the beginning. It was harder because new kid on the block, we’re contentiously created, let’s be careful about how we do that, but there were a lot of statutory obligations. Now rulemaking is becoming, after 1033 and 1071, more discretionary if you will. And so that just increases the likelihood that whoever the leadership is, is going to come in with different focus than the one before it. It could be less on payments and more on mortgage, especially depending upon how interest rates move and housing policies change. So all those types of things could change the flavor.

So what I’ll say is I’m gonna put in a plug for career staff and the fact that after 12 years, there are people who are still there from day one. And so what happens up top will always change the decor and maybe some of the direction. But the work that’s there, the stuff that’s in the pipeline, the sunken costs of what already has been done is gonna maintain no matter who’s up top after 2024. And so it does not behoove anyone to take their foot off the gas, as Gary said, because the extensions of all the powers I talked about in enforcement, the broader jurisdiction will all be there. And I don’t know about you Gary, but what I thought was interesting about serving all the different directors is once in that seat, no matter who it is, the tools become a little bit more fun to use.

Regardless of how you use them, you might not use them to the same degree, but they’re still there. And I think there is that piece of it that maintains no matter what. So you might have like a reprieve or what seems like a reprieve, but all of that stays for the next time. And it is not gonna do you well to sort of decide that you don’t have to do anything and then wait till the tide turns again.

Yeah, I agree. And it does seem now we mentioned this a little bit in our pre-call, just the state of the economy as a whole. Gary, when I think back to what you said, the Bureau was founded on helping consumers take control of their financial lives. Well, consumers are heading into another year of uncertainty, high interest rates and increasing debt. And so the idea that this organization is here to help those consumers it feels like will be an important thing to maintain some balance in no matter how the election goes. And in addition to that, just look at the complaint volume number. It does seem like more consumers are now aware of the CFPB and what they’re here to do, probably in a way that they weren’t in 2016 when we saw the first shift in administration.

Way to bring it back, John.

Yeah, thank you, I appreciate that. Well with all that, we made it through just about an hour, we covered a lot of ground. You all were fantastic. We really appreciate the time and the insights and to help our audience kind of prepare for what may be another challenging year for the compliance and legal side of the business. This will certainly be a great resource for them. Just so they know how can they get in touch with you if anyone has any follow up questions.

We both have very robust websites, I’m sure. I’m at, Melissa Baal Guidorizzi, all my contact information is right there. And I’m also on LinkedIn.

Yep. 99FinTech with the word spelled out, fintech dot com., and also on LinkedIn. And if you can’t find us, call John and John will forward to us.

Definitely, and if you need anything from PerformLine, call me anyway and I’ll make sure that you get that. But Gary and Melissa, thanks for your time. Have a great holiday season. We look forward to seeing you again soon.

Thank you, thanks for having us.

Thank you.

Thanks for listening to this week’s episode of the COMPLY Podcast! I hope you were able to take away some useful information that will help you to prepare your business for what’s to come in the new year. As always, I am also happy to connect outside of the podcast, feel free to follow or connect with me on LinkedIn. You can also find additional resources related to today’s discussion, as well as contact information for our guests in today’s show notes. As always for the latest content on all things marketing compliance head to And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!

author avatar
Rhonda McGill Senior Director of Client Success
Rhonda is the Senior Director of Client Success at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.