June 25, 2025
Consumer Financial Services Bites of the Month - June 18, 2025 - "Evening in June With the CFPB"
Justin B. Hosie, Eric L. Johnson and Kristen Yarows
In this month's article, we share some of our top "bites" covered during the June 2025 webinar.
Bite 16: FTC Chairman Notes Plans to Reduce Agency Staffing
On May 15, 2025, FTC Chairman Andrew Ferguson testified before the House Appropriations Committee regarding the FTC's budget and recent changes. Ferguson testified that the FTC is undergoing significant changes in its operational structure. He announced plans to reduce the agency's workforce by about 10%, targeting a staffing level of around 1,100 employees. This would be the FTC's smallest workforce in a decade, but Chairman Ferguson said he is still confident in the agency's ability to execute its core mission. He also said that the agency is continuing to explore cost-cutting measures, including ways to decrease external data storage costs and reduce expert witness expenses. He also testified that the agency has shifted priorities, especially away from rulemaking.
Bite 15: House Subcommittee Holds Hearing on Data Privacy
On June 5, 2025, the House Subcommittee on Financial Institutions held a hearing entitled, "Framework for the Future: Reviewing Data Privacy in Today's Financial System." As described by the Committee Majority Staff, the hearing was intended to explore consumer data privacy laws across both Federal and state jurisdictions, and examined consumer financial data privacy law under the Gramm-Leach-Bliley Act. The hearing included testimony from the Executive Vice President for Electronic Transactions Associations, the Director of Innovation and Technology at America's Credit Unions, a fellow in technology privacy at the Cato Institute, a senior fellow for the Future of Privacy Forum, and Hudson Cook's partner, Becki Kuehn. Kuehn testified about privacy laws, including: the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Right to Financial Privacy Act, and state privacy laws. Her testimony included how these laws collectively provide meaningful protections to consumers, which are essential to maintaining consumer trust in the financial system and preventing misuse of sensitive financial data.
Bite 14: Senate Banking Committee Bill Would Eliminate CFPB Funding
The Senate Banking, Housing and Affairs Committee offered provisions to the "One Big Beautiful Bill" that would eliminate funding for the CFPB. The CFPB has traditionally been funded by the Federal Reserve Board ("FRB"), and the funds have not been allowed to exceed a ceiling of 12% of the FRB's operating expenses recorded in 2009. The Senate Banking Committee's provisions would set that cap to 0%. The House Republicans' version of the "One Big Beautiful Bill" would cap the CFPB's funding at 5% of the FRB's 2009 operating expenses. The Senate Bank Committee's version would also delay the CFPB's implementation of the 1071 rule and change some of the funding of the SEC. The Senate Banking Committee has said that the provisions would not affect the CFPB's "existing ability to request funds from Congress." Another section of the Senate Banking Committee's provision calls for reducing the pay scale for Federal Reserve employees to that of employees at the Department of the Treasury.
Bite 13: Fed's Inspector General Reviewing CFPB Layoffs
On June 6, 2025, the FRB's inspector general sent a letter to Senators Elizabeth Warren (D-Mass) and Andy Kim (D-NJ) informing them that it is taking up their request to investigate attempts to lay off almost all of the CFPB's employees and its attempts to cancel the CFPB's contracts. The senators sent a series of letters to the Government Accountability Office's Comptroller General and the CFPB's Acting IG requesting an investigation into the administration's actions to dismantle the CFPB. The FRB's inspector general noted that they were already reviewing the workforce reductions and are now expanding the review to include the CFPB's canceled contracts. Senator Kim issued a statement to CNBC saying that "an independent OIG investigation is essential to understand the damage done by this administration at the CFPB and ensure it can still fulfill its mandate to work on the people's behalf and hold companies who try to cheat and scam them accountable."
Bite 12: Top CFPB Enforcement Official Quits
On June 10, 2025, media outlets reported that the CFPB's Acting head of enforcement quit her job. As part of leaving the agency, where she had worked since 2011, serving under all agency directors, she sent an email expressing concern for consumers. The email claims that it is clear the CFPB's "current leadership has no intention to enforce the law in any meaningful way." Her predecessor also resigned with similar criticisms of the agency's direction back in February.
Bite 11: FTC Provides Guidance on Safeguards Rule
On June 16, 2025, the FTC released FAQs that discuss application of the Safeguards Rule to motor vehicle dealers, providing specific examples. The FTC amended the Rule in 2021 to provide more specific guidelines addressing new technology. The FTC amended the Rule again in 2023 to require financial institutions to report certain data breaches and security incidents to the FTC. The FAQs clarify which records the Safeguards Rule covers, including: (1) applications approved for financing and leasing; (2) spreadsheets of the names and addresses of customers who financed or leased cars; and (3) financial information related to individual consumers who financed or leased cars. The FAQs address the topics that an information security program should cover, discuss the ten different elements that should be included in the dealer's programs, and inform dealers that their Safeguards Rule obligations are distinct from their obligations under the Privacy Rule.
Bite 10: FTC Takes Action Against Webhosting Provider over Data Security
On May 21, 2025, the FTC finalized an order against a webhosting provider who allegedly failed to implement standard data security tools and practices despite advertising "award-winning security." Earlier in the year, the FTC had alleged that the company failed to use multi-factor authentication, monitor for security threats, and secure connections to its consumer data. The FTC alleged that these failures caused several data breaches that allowed hackers to gain unauthorized access to customers' websites and data. The order prohibits the company from making misrepresentations regarding its security and compliance with any privacy or security program sponsored by a government, self-regulatory, or standard-setting organization. The order also requires the company to establish and implement a comprehensive information-security program that protects the security, confidentiality, and integrity of its website-hosting services. Additionally, the order requires the company to hire an independent third-party assessor to conduct reviews of its information-security program.
Bite 9: 4th Circuit Rejects Arbitration Agreement by Operator
On May 30, 2025, the U.S. Court of Appeals for the Fourth Circuit held that a fintech operating a mobile cash advance app o could not enforce a borrower's arbitration agreement with the third-party loan provider. The borrower sued the fintech individually and on behalf of a class, alleging that it violated the Maryland Consumer Loan law, the Truth in Lending Act, the Electronic Funds Transfer Act, and the Maryland Consumer Protection Act. The fintech moved to compel arbitration of the claims pursuant to an arbitration agreement in the loan provider's terms of service. The trial court concluded that the fintech was not entitled to enforce the loan provider's arbitration agreement, and the appellate court affirmed the trial court's decision. The appellate court concluded that the borrower's claims against the fintech did not rely on the loan provider's terms of service with the borrower, which contained the arbitration provision. The appellate court concluded that the borrower's claims did not allege substantially interdependent and concerted misconduct by both the fintech and the loan provider. According to the court, the borrower didn't allege misconduct by the loan provider at all.
Bite 8: City of Baltimore Drops Lawsuit over CFPB Funding
On May 29, 2025, the City of Baltimore voluntarily dismissed it's lawsuit over CFPB funding. The city dropped the lawsuit because of the government's position that it won't transfer money from its reserve fund to dismantle the CFPB. Since February, the government has acknowledged in court filings that returning the CFPB's funds to the FRB would not be possible. The CFPB's Chief Financial Officer and Chief Operating Officer both said in declarations that they were not aware of any mechanism that would make such a transfer possible. U.S. District Judge Matthew Maddox previously denied Baltimore's request for a temporary restraining order after determining that the city failed to prove the administration "took final agency action" to defund the CFPB.
Bite 7: CFPB Moves to Vacate Section 1033 Data Sharing Rule
On May 30, 2025, the CFPB filed a motion for summary judgment in a lawsuit challenging the Section 1033 Rule. In the motion, the CFPB wrote that the rule exceeds the agency's statutory authority and is arbitrary and capricious. The plaintiffs also asked the U.S. District Court for the Eastern District of Kentucky to vacate the rule. The CFPB wrote in its filing, that in light of the President's directive to review existing regulations, the CFPB's "new leadership has considered the rule and the arguments set forth in plaintiffs' complaint and amended complaint and has concluded that the rule exceeds the bureau's statutory authority and is arbitrary and capricious." In late March, the judge stayed the lawsuit for 60 days to allow the CPFB to review its position on the matter. The CFPB passed its final rule in October 2024, after about five years of work to enact it.
Bite 6: CFPB Settles Lawsuit with Pawnshop Company
On May 29, 2025, media outlets reported that the CFPB and a pawnshop company and its subsidiaries reached a settlement to resolve the CFPB's lawsuit against the companies. On November 12, 2021, the CFPB filed a lawsuit against the pawnshop company and its subsidiaries, alleging that the companies entered pawn transactions with active-duty servicemembers and their dependents in violation of the Military Lending Act. The lawsuit also alleged violations of a 2013 consent order with the CFPB. The lawsuit alleged that the company charges exceeded the MLA's 36% cap and included mandatory arbitration provisions despite the MLA's prohibition. In March, the CFPB informed the court that it would proceed with the litigation. The terms of the settlement agreement have not yet been disclosed.
Bite 5: FTC Takes Action Against Debt Collection Company
On June 16, 2025, the FTC announced a proposed settlement involving a debt collection company and its owners. The FTC had sued the company and its owners alleging that the company attempted to collect debt that consumers did not actually owe. The complaint also alleged that the defendants violated the FTC's Rule on Impersonating Government and Businesses. The proposed settlement order will: (1) permanently ban all the defendants from the debt collection industry; (2) prohibit the defendants from making any material misrepresentations about any good or service they sell or market; (3) prohibit the defendants from using false, fictitious, or fraudulent representations to get consumers' financial information and from impersonating any business; and (4) require the defendants to turn over substantially all their assets, including the contents their bank and investment accounts. The proposed settlement includes a total monetary judgment of $8,254,368, which is partially suspended due to an inability to pay.
Bite 4: CFPB Dismisses Lawsuit Against Lease-to-Own Company
On May 28, 2025, media outlets reported that the CFPB dismissed its lawsuit with prejudice against a lease-to-own company and its affiliates. The CFPB filed the lawsuit in July 2023 and alleged that the company obscured the terms of its agreements and misrepresented consumers' payment terms. The lawsuit alleged violations of the Consumer Financial Protection Act, the Truth in Lending Act, the Electronic Fund Transfer Act, and the Fair Credit Reporting Act. In 2024, a federal judge ruled in favor of the company, finding that the company's lease-to-own transactions to lease goods were not "credit", dismissing most of the CFPB's claims. The court held that agreements leasing-to-own goods were not credit because they didn't give consumers the right to defer payment of debt, incur debt and defer its payment, or make purchases and defer payment. The judge's ruling limited the claims in the case, and the CFPB decided to dismiss the entire case with prejudice.
Bite 3: CFPB Resumes $4.2 Million in Redress from Sales-Training Company
On June 4, 2025, the California Department of Financial Protection and Innovation confirmed that the CFPB has resumed the distribution of $4.2 million in redress to former students of the now-closed sales-training company. The $4.2 million restitution comes from a 2023 settlement related to the company's bankruptcy case in Delaware federal court. Under the settlement agreement, the company was required to cease operations and refund payments collected from students under income share agreements. The contracts that financed the online job training contained controversial fine print that could require repayment regardless of job placement outcomes. Last month, the DFPI alongside attorneys general from eleven states sent a formal letter expressing concern over the CFPB's lack of response and delays in issuing consumer checks from the agency's civil penalty fund. The CFPB finalized the distribution plan in May 2024, but actual payments had not been sent nearly a year later.
Bite 2: CFPB Will Proceed in Lawsuit Against Individual in Debt Relief Case
On June 9, 2025, it was reported that the CFPB will proceed in an lawsuit against an individual in a debt relief case that the CFPB had previously administratively stayed. The CFPB previously requested to stay the lawsuit in February following the change in administration. The parties had largely settled claims in December 2024, and there is only one individual remaining in the case. Earlier this month, Russell Vought authorized the CFPB to continue its suit against that individual who is accused of violating the Telemarketing Sales Rule by allowing the company to charge advanced fees for debt relief services. The lawsuit alleged that the defendants violated the Telemarketing Sales Rule when requesting and receiving more than $3.4 million in advance fees by enrolling more than 3,300 customers between 2015 and 2019. A hearing on the matter will be held on July 11th in the U.S. District Court for the Central District of California.
Bite 1: Judge Blocks CFPB's Effort to Undo Redlining Settlement
On June 12, 2025, a federal judge blocked the CFPB's attempt to reverse a $105,000 settlement with a mortgage broker. The judge ruled that allowing the CFPB to unwind the consent order "would erode public confidence in the finality of judgments" and open "a Pandora's box." The CFPB's investigation started under President Trump's first term, and after a lengthy court battle including an appeal to the 7th Circuit, the CFPB and the mortgage broker settled the case in late 2024. Earlier this year, the CFPB sought to void its own settlement with the mortgage broker. The judge noted that the investigation and initiation of the lawsuit occurred under the prior Trump administration and said, now "current CFPB leadership under the second Trump administration, in an act of legal hara-kiri that would make a samurai blush, falls on the proverbial sword and attests that the lawsuit lacked a legal or factual basis." The judge also agreed with Amici that granting the motion to unwind the settlement would set a precedent suggesting that a new administration could seek to vacate or otherwise nullify the voluntary resolution of a case between a prior administration.
Still hungry? Please join us for our next Consumer Financial Services Bites of the Month. If you missed any of our prior Bites, request a replay on our website.