On August 11, 2022, the CFPB published a circular confirming that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data. The circular provides guidance to consumer protection enforcers, including examples of when firms can be held liable for lax data security protocols. According to the CFPB, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.

On August 10, 2022, the CFPB issued an interpretive rule laying out when digital marketing providers for financial firms must comply with federal consumer financial protection law. According to the CFPB, digital marketers acting as service providers can be held liable for committing unfair, deceptive, or abusive acts or practices as well as other consumer financial protection violations.

On August 10, 2022, the CFPB filed a consent order against Hello Digit, LLC for using a faulty algorithm that caused overdrafts and overdraft penalties for customers. According to the CFPB, the financial technology company falsely guaranteed no overdrafts with its product, broke its promises to make amends on its mistakes, and pocketed a portion of the interest that should have gone to consumers.

On August 9, 2022, the Federal Reserve System published its Consumer Compliance Outlook Second Issue 2022. Consumer Compliance Outlook is the agency’s publication focusing on consumer compliance topics.

Early in August 2022, the CFPB announced that it will host events wherein it will conduct technical conversations about software used by financial institutions to facilitate compliance with the CFPB’s small business lending rulemaking. The Bureau will conduct two events - the first is a virtual meeting on August 19, 2022 and the second one is an in-person meeting on September 15, 2022. The same materials will be covered at both.

On August 3, 2022, the FDIC published its Supervisory Insights, Summer 2022 Edition. The FDIC’s Supervisory Insights is published by the Division of Risk Management Supervision to promote sound principles and practices for bank supervision.

On August 2, 2022, the Acting Comptroller of the Currency Michael J. Hsu spoke at the joint meeting of the FBIIC and FSSCC where he discussed cybersecurity risks facing the financial sector. In his remarks, Hsu talked about the three intersecting risks that he believes the financial industry should pay attention to - the risk of evolving cybersecurity threats, the risk to critical operations, and the risk of complacency.

On July 29, 2022, the FDIC issued a Financial Institution Letter (FIL) to address certain misrepresentations about FDIC deposit insurance by some crypto companies. Through the FIL, the FDIC issued an Advisory to FDIC-insured institutions to address misconceptions about the scope of deposit insurance coverage and related concerns. The FDIC also published in its website a Fact Sheet to clarify for customers of non-bank entities, such as crypto companies, and the public generally, that deposit insurance does not cover non-deposit products, including crypto assets.

On July 28, 2022, the FDIC and the Federal Reserve Board issued a joint letter demanding that the crypto brokerage firm Voyager Digital cease and desist from making false and misleading statements concerning the company’s FDIC deposit insurance status and take immediate corrective action to address these false statements. The FDIC is authorized to implement the Federal Deposit Insurance Act which prohibits any person from representing or implying that an uninsured deposit is insured or from knowingly misrepresenting the extent and manner in which a deposit liability, obligation, certificate, or share is insured under the Act.