Dodd-Frank (2010) created the CFPB within the Federal Reserve. The CFPB has rulemaking authority over the FCRA, GLBA and Fair Debt Collection Practices Act, enforces all nondepository institutions and depository institutions over $10 billion in assets, and can act against unfair, deceptive, AND abusive acts or practices.
🔑 UDAAP, not just UDAP
The FTC and state AGs enforce "unfair and deceptive" acts. The CFPB adds a third prong: abusive acts or practices. This "abusive" standard is the Dodd-Frank innovation and may reach privacy notices and protections.
The CFPB enforces over all nondepository financial institutions and depository institutions with more than $10 billion in assets. For depository institutions with $10 billion or less, the CFPB writes rules but enforcement stays with banking regulators.
Key terms - quick answers
What is “Abusive act or practice”?
A CFPB enforcement standard covering practices that materially interfere with a consumer's understanding of a product, or take unreasonable advantage of a consumer's lack of understanding, inability to protect their interests, or reasonable reliance on the provider.