In a move that signals regulators may be adopting a new approach in dealing with the fast-growing financial technology sector, the Consumer Financial Protection Bureau (CFPB) fined Iowa-based digital payment platform Dwolla for allegedly making false representations about the company's cybersecurity practices.
Although financial services has historically been a heavily regulated industry, financial technology, or “fintech” companies have received light regulatory oversight, easing their ability to roll out new financial innovations. The CFPB's enforcement against Dwolla may also be a stern warning to other fintech companies that will need to need to take cybersecurity and other regulatory requirements more seriously than they have until now.
Dwolla agreed to settle the allegations by paying a $100,000 fine. The digital payments company did not admit or deny the allegations.
The CFPB, a federal regulator established in 2010 as part of The Dodd-Frank Wall Street Reform and Consumer Protection Act following the financial collapse of 2007-2008, stated in a release that Dwolla falsely claimed that its “information is securely encrypted and stored."
“Consumers entrust digital payment companies with significant amounts of sensitive personal information,” stated CFPB director Richard Cordray. “It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”
“They're showing their teeth,” JP Vergne, a professor at Ivey Business School and founder of fintech research institute Crypto Capitalism Center, told SCMagazine.com. Vergne said it is often unclear which regulatory authority applies to approximately 15,000 fintech startups. “That concerns regulators across the world.”