CFPB Archives - Finovate

3 Takeaways from Bilt’s Breakup and Troubled Transition from Wells Fargo

By David Penn Posted on June 3, 2026
Categories: CFPB, List series

The recent crisis involving Bilt, a fintech that specializes in rent-payment rewards, is almost a perfect storm of the challenges faced by fintechs, banks, regulators, and their customers when it comes to third-party partnerships and their discontents.

This week, the Consumer Financial Protection Bureau (CFPB) reported that it had met with Bilt to discuss the issues surrounding the flawed transition process when its partnership with Wells Fargo ended in February of this year. The two companies had been working together since 2022 to offer the Bilt Mastercard. When the partnership ended, Bilt struggled to efficiently move customers into its new Bilt 2.0 structure. Customer complaints were rampant: rent and mortgage payments were returned, delayed, or debited without reaching intended recipients. Card declines were reported amid general confusion about the new arrangement. Massachusetts Senator Elizabeth Warren, who took an early interest in the problem, said that there had been a 1,300% spike in CFPB complaints due to the problems of the Bilt transition.

The CFPB’s statement today expresses confidence in the steps Bilt is taking to remedy the situation, including “reimbursing fees for more than 500 newly identified customers from its outreach following discussions with the CFPB.” The agency also noted that it would “continue monitoring Bilt’s efforts until it is satisfied that full redress will be provided and will share another update at such time.”

What are some of the biggest takeaways from Bilt’s breakup with Wells Fargo and its complaint-ridden transition process?

Partnerships are hard, breaking up can be harder

For all the understandable concern about making fintech/bank partnerships work, there is relatively little discussion about what fintechs should do—or need to do—when a partnership is ending to ensure that the transition does not negatively impact customers or damage relationships with other partners.

Arguably, this is the biggest single takeaway from the Bilt breakup and transition: whether it is because of a regulatory decision, a business challenge, or a bank failure, when transitions out of these partnerships go poorly, the negative impacts tend to fall disproportionately on consumers. There is also some question about who bears the responsibility of protecting customer data and funds during transitions. As such, when these events occur, they can have an industry-wide impact on consumer trust toward fintechs and can blunt innovation by making new technologies and services seem risky to end users and potential partners.

The human touch helps in a crisis

Even though there were reportedly issues with customers accessing live customer support due to “high volumes,” the fact that many Bilt customers were steered toward AI chatbots to resolve issues was a operational and, potentially reputational, mistake.

On the operational level, many customers reported that AI chatbots were unable to answer their questions or provide basic information, let alone resolve specific complaints. Reputationally, this can leave an impression that a firm does not care about effectively triaging customer problems, even if it is understandably not able to solve some problems immediately.

This is also a reminder that human agents that can respond with authentic empathy to confused and frustrated customers are still valuable at a time of increasingly agentic customer care.

Regulatory clarity requires regulatory authority

The lack of regulatory clarity about the ultimate responsibility for safeguarding consumer data and capital during transitions like the one involving Bilt and Wells Fargo is a real problem.

But this lack of clarity is compounded when the disposition of the regulatory body itself is difficult to discern. In its statement, the CFPB underscored its preference for a “collaborative process” rather than what is called a “protracted investigation, followed by a public enforcement action, which could be litigated for years before consumers get any redress.” This, plus a swipe at the Biden-era CFPB director Rohit Chopra, suggests that the CFPB prefers to pursue a less confrontational approach when it comes to holding companies accountable when their actions harm consumers.

This is perhaps better than no approach at all. Recall that the Trump Administration in February 2025 launched a near-shutdown of the CFPB, stopping all enforcement actions, halting new and ongoing investigations, and even locking staff out of buildings. Many of the administration’s actions have been put on hold by a federal court judge ruling in 2025, and oral arguments on a lawsuit challenging the administration’s actions against the CFPB were heard this February. In the meantime, a slimmed-down CFPB has changed its mission to focus on what it calls issues of “clear consumer harm, particularly fraud affecting servicemembers and veterans.”

How well this approach will serve the consumers harmed by the next failed fintech/bank partnership remains to be seen.

Photo by Javier Allegue Barros on Unsplash

CFPB 2.0: Prepaid Cards, Earned Wage Access, and Financial Inclusion

By David Penn Posted on January 5, 2021
Categories: CFPB, Daily news, PayActiv, PayPal

With a Democratic administration only weeks away from taking office, some are wondering about the prospects for a revitalized Consumer Financial Protection Bureau (CFPB). Created during the last Democratic administration – and largely sidelined during the now-ending Trump administration – the CFPB has found itself back in the fintech headlines in recent days.

PayPal Takes On CFPB Over Card Rules

A federal judge brought resolution to a lawsuit PayPal filed against the Consumer Financial Protection Bureau in December 2019. U.S. District Court Judge Richard Leon agreed with PayPal that the CFPB had overstepped its authority in its effort to regulate prepaid cards and digital wallets. PayPal had asserted that in forcing them to include “short form” fee disclosures that included categories that were not relevant, the CFPB’s rule was confusing customers. What’s worse, customers were being led to believe, PayPal claimed, that they were exposed to a wide variety of potential fees – which was not the case.

The situation seems almost to be one of mistaken identity. The rules being applied by the CFPB with regard to expenses like ATM balance inquiries make sense for providers of reloadable prepaid cards, but not for PayPal, which does not subject its customers to these fees. That said, it was the CFPB’s rule-making authority itself that was the target of what Reuters described as a judicial “decision studded with exclamation points.”

PayActiv Wins Earned Wages Access Approval

Meanwhile, the Consumer Financial Protection Bureau’s aim seems to be more true in the case of of earned wage access. PayActiv, Finovate alum and innovator in the earned wage access space, announced last week that its program is exempt from Federal lending laws per new regulations established by the CFPB.

The key issue was whether or not PayActiv’s Earned Wages Access (EWA) program, which enables workers to get access to their already-earned wages in advance of scheduled paydays, involves credit. If it did, the program would be subject to the Federal Truth in Lending Act, as well as Regulation Z.

Fortunately, the CFPB ruled that “the accrued cash value of an employee’s earned but unpaid wages is the employee’s own money” and, as such, does not create a debt obligation. PayActiv added that the approval was both the first of its kind from the CFPB and specific to PayActiv’s EWA program. The CFPB added that the company’s initiative was an “innovative mechanism for allowing consumers to bridge the gap between paychecks (and) differs in kind from products the Bureau would generally consider to be credit.”

PayActiv co-founder and CEO Safwan Shah called the approval a “watershed moment” for his company. “We are very proud that the CFPB has recognized this important innovation and validated PayActiv’s pioneering work in creating low or no-cost employer-sponsored access to earned wages. Employers can take comfort in knowing that PayActiv continues to be the leader in responsible EWA for employees.”

Synchrony Gets Nod for Secured/Unsecured Credit Card

The new dual feature credit cards (DFCC) from Synchrony Bank are designed to provide financing opportunities for consumers who do not have strong credit profiles. Cardholders provide a security deposit in order to use the credit cards in their secured mode and, if certain eligibility criteria are met after a minimum of one year, the cardholder becomes eligible to use the card in its unsecured mode. And last week, the CFPB gave the wholly-owned subsidiary of Synchrony Financial the green light to go forward with its DFCC solution.

In large part, the CFPB’s ruling for Synchrony represented a broader embrace of bringing financing to consumers with lower credit scores. The Bureau referred to these efforts as “represent(ing) a potentially significant point of access to credit for certain consumers” and favorably compared Synchrony’s dual feature card to other secured card offerings.

Critically, Synchrony will provide complete transparency with regard to the cost differences between the secured and unsecured features, including the lower rate on the secured card. Cardholders that graduate to the unsecured Synchrony credit card are not eligible to return to the secured card.

Photo by Ekaterina Bolovtsova from Pexels

CFPB Sets Sights on Data-Security Practices

By Jim Bruene Posted on March 29, 2016
Categories: CFPB, Dwolla, Regulations

_____________________________

Guest post by Erica A.N. Kramer and Justin B. Hosie*
________________________________

It’s hard to imagine that the Consumer Financial Protection Bureau (CFPB), which is not tasked with enforcing information-safeguarding (Congress left that with the FTC), would impose civil fines on a company for safeguarding representations, when the company in question didn’t have a data breach.

It’s even harder to imagine such an action when the very same agency announced a policy to encourage consumer-friendly financial innovations just a few weeks before imposing the fines. However, we now live in an age when the CFPB seeks to encourage financial innovation one day and stifle it in the next, even when no consumer harm appears to exist.

What happened
Earlier this month, the CFPB announced a consent order in its “first data-security action.” The announcement sends a clear message that the CFPB now has its sights on data-security practices. This enforcement action clearly shows that the CFPB is once again stretching its authority by simply labeling a representation as deceptive and blurring the lines between federal agencies’ jurisdictions. Consequently, we’re likely to see a significant increase of regulatory scrutiny in the data-security arena in the upcoming months.

The action targeted Dwolla, a Finovate alum operating a digital payment network that allows members to send and receive money. It has more than 650,000 members and transfers as much as $5 million per day. The CFPB alleged that Dwolla misrepresented its data-security practices by describing its network as “safe” and “secure” and its data-security practices as exceeding industry standards. While there appears to have been no consumer harm whatsoever, according to the CFPB’s unilateral assertions, Dwolla’s data-security practices did not live up to its claims and the representations constituted deceptive acts and practices. As a result, the CFPB imposed restrictions on Dwolla’s future conduct and ordered Dwolla to pay $100,000 into the CFPB Civil Penalty Fund.

Implications
Imposing civil penalties on innovative companies like Dwolla seems particularly heavy-handed when you consider the lack of evidence of consumer harm. Despite the extremely high volume of money and personal information moving through its network, Dwolla never experienced a data breach or received a consumer complaint regarding its data-security policies.

As Dwolla explained in its blog on March 2, “Dwolla was incorporating new ideas because we wanted to build a safer product, but at the time we may not have chosen the best language and comparisons to describe some of our capabilities.” Dwolla also explained that it is continually learning, growing, and adjusting its data-security practices to ensure members are provided with the security they expect. Unfortunately, the CFPB’s order demonstrates little tolerance for the growing pains and adjustments often accompanied by developing new technologies.

Recommendations
Given the CFPB’s none-too-subtle foreshadowing that more data-security-enforcement actions are on the horizon, we urge Fintech companies to consider several important factors:

Understate, don’t exaggerate: The CFPB has little tolerance for puffery when it comes to data security. Make sure your claims match your practices.

Act, don’t react: Address potential data-security vulnerabilities as soon as they come to your attention. Don’t wait for a problem to arise.

Evolve your practices and your claims: Make sure that your data-security practices are growing and changing in lockstep with your product’s development.

Follow the rules: Make compliance your top priority. Institute and follow a robust compliance management system that includes regular oversight and input by your company’s management and board.

Since there’s no way to avoid regulatory scrutiny, make sure your data-security practices are above reproach before the CFPB set its sights on your company.

——————-

*Justin B. Hosie is a partner at Hudson Cook LLP, licensed to practice law in Florida and Tennessee. Erica A.N. Kramer is an associate at Hudson Cook LLP, licensed to practice law in Florida. You can contact Justin for more information at 423-490-7560 or [email protected].