Alston & Bird Consumer Finance Blog

Department of Financial Protection and Innovation

The California Financial Protection Bureau? California Moves to Fill the CFPB Void

By

What Happened?

On May 12, 2026, California Governor Gavin Newsom announced the appointment of former Consumer Financial Protection Bureau (“CFPB”) Director Rohit Chopra as Secretary of the newly created California Business and Consumer Services Agency (“BCSA”).

The BCSA is a cabinet-level reorganization that will officially launch on July 1, 2026, consolidating a wide range of licensing, regulatory, and enforcement functions across numerous consumer-facing sectors of the California economy. These include oversight bodies such as the Department of Financial Protection and Innovation (“DFPI”), Department of Consumer Affairs, and other key regulators impacting financial services, real estate, and technology markets.

Governor Newsom framed the move explicitly as a response to the federal government’s retrenchment in consumer financial protection under the Trump administration, positioning California to “strengthen the state’s efforts to protect consumers and honest businesses” as federal enforcement is scaled back.

Chopra, who previously led the CFPB and served as a Federal Trade Commission commissioner, is widely known for aggressive enforcement initiatives targeting “junk fees,” repeat offenders, and unfair or abusive practices in consumer finance.

Why Does It Matter?

The creation of the BCSA—and the selection of Chopra to lead it signals a deliberate effort by California to function as a state-level analogue to a weakened CFPB. As federal consumer protection oversight contracts, California is positioning itself to step into the resulting regulatory vacuum.

This mirrors broader state-level trends, where states are expanding their authority and enforcement posture to address unfair, deceptive, and abusive acts and practices (“UDAAP”) in the absence of robust federal oversight. For example, as we have noted in prior posts, New York has moved to modernize its UDAAP framework in anticipation of increased enforcement and oversight of the financial services industry. California now appears poised to follow a similar path, albeit through a different structural approach.

Unlike a single regulator the BCSA is structured as a coordinating “umbrella” agency that brings together dozens of previously fragmented entities. This consolidation is designed to align enforcement priorities, streamline supervision, and enable coordinated rulemaking across industries that increasingly intersect (e.g., fintech, payments, and digital platforms).

For financial services companies, the most significant implication is the integration of the DFPI into a broader enforcement framework. The DFPI already exercises expansive authority over mortgage banking and finance lending activities and, under the California Consumer Financial Protection Law (“CCFPL”), supervises a broad spectrum of nonbank financial products, including lending, payments, and emerging fintech offerings. The new structure allows California to pursue cross-sector enforcement strategies, particularly where financial products intersect with technology platforms, data practices, or broader consumer marketplaces.

Chopra’s appointment strongly suggests that California enforcement will reflect the priorities and philosophy that characterized his tenure at the CFPB. During that time, the Bureau emphasized:

  • Aggressive enforcement against “junk fees” and pricing practices;
  • Scrutiny of repeat offenders and systemic compliance failures;
  • Focus on unfairness and abusiveness theories, not just deception; and
  • Increased attention to digital platforms, data usage, and algorithmic decision-making.

Expect these same themes to shape California’s enforcement agenda, with a particular emphasis on identifying “pattern and practice” violations affecting broad segments of consumers, rather than isolated compliance issues.

What Do You Need to Do?

In light of California’s evolving regulatory posture, financial services companies should take proactive steps to reassess their compliance frameworks with an eye toward increased state-level scrutiny.

First, companies should assume that CFPB-style UDAAP standards will remain highly relevant and ensure that policies and controls are calibrated to address unfair and abusive practices, not just deception.

Second, institutions should evaluate their operations holistically, recognizing that California regulators may take a “full lifecycle” view of consumer interactions. This includes:

  • Product design and pricing;
  • Marketing and disclosures;
  • Servicing and communications; and
  • Complaint handling and remediation practices.

Third, companies should prepare for greater inter-agency coordination within California, which may lead to:

  • More complex and multi-dimensional investigations; and
  • Parallel scrutiny across licensing, conduct, and consumer protection regimes.

Finally, organizations should closely monitor developments from the BCSA and its component agencies, particularly the DFPI, as enforcement priorities and rulemaking agendas begin to take shape under Chopra’s leadership.

A Friendly Reminder of the Importance of Robust Consumer Complaint Handling Processes

By ,

What Happened?

On February 27, 2024, the California Department of Financial Protection and Innovation (the Department) entered into a public consent order with a company that provides consumer financial services to California residents. The consent order alleges that between January 2020 and September 2022, the Department received complaints from consumers raising concerns about their accounts and customer service interactions with the company, which the Department forwarded to the company for investigation and response. The Department also investigated the company’s handling of those consumer complaints.

The Department found that the company’s complaint handling was deficient in that “occasional mistakes” that occurred in the Company’s responsiveness to consumer complaints were substantial enough to have violated the California Consumer Financial Protection Law (CCFPL). The Department alleged that as between the company and the consumer, the company was in the better position to accurately evaluate the available information in most cases and to respond to consumers’ complaints in a timely manner and while the number of mistakes during the Department’s investigation period was relatively small in comparison to the overall number of consumer complaints received, the Department concluded that the mistakes were important to the affected consumers.

To resolve these allegations, the company agreed to (1) desist and refrain from violating the CCFPL through its complaint handling processes, (2) pay a penalty of $ 2.5 million, (3) enhance existing customer service procedures or processes, (4) establish, implement, enhance, and maintain testing policies, procedures, and standards reasonably designed to, at a minimum, ensure compliance with the law, and (5) report to the Department annually for two years on these standards. These standards require the company to:

  • Ensure customer service support 24 hours a day, seven days a week;
  • Ensure sufficient customer service support staffing;
  • Ensure sufficient customer service support training; and
  • Investigate and implement policies and procedures to maintain the accurate, prompt and proper handling of consumer complaints.

Why is it Important?

The CCFPL was enacted in September 2020 and grants the Department expanded authority over persons engaged in offering or providing a consumer financial product or service in California and their affiliated service providers. Notably, under the CCFPL, it is unlawful for a “covered person” or “service provider,” to do any of the following:

  • Engage, have engaged, or propose to engage in any unlawful, unfair, deceptive, or abusive act or practice (UDAAP) with respect to consumer financial products or services.
  • Offer or provide to a consumer any financial product or service not in conformity with any consumer financial law or otherwise commit any act or omission in violation of a consumer financial law.
  • Fail or refuse, as required by a consumer financial law or any rule or order issued by the Department thereunder, to do any of the following:
    • Permit the Department access to or copying of records.
    • Establish or maintain records.
    • Make reports or provide information to the Department.

The CCFPL defines a “covered person” to mean, to the extent not preempted by federal law, any of the following:

  • Any person that engages in offering or providing a consumer financial product or service to a resident of California.
  • Any affiliate of a person described above if the affiliate acts as a service provider to the person.
  • Any service provider to the extent that the person engages in the offering or provision of its own consumer financial product or service.

A “servicer provider” includes any person that provides a material service to a covered person in connection with the offering or provision by that covered person of a consumer financial product or service, including a person that either:

  • Participates in designing, operating, or maintaining the consumer financial product or service.
  • Processes transactions relating to the consumer financial product or service, other than unknowingly or incidentally transmitting or processing financial data in a manner that the data is undifferentiated from other types of data of the same form as the person transmits or processes.

The term “service provider” does not include a person solely by virtue of that person offering or providing to a covered person either a support service of a type provided to businesses generally or a similar ministerial service, or time or space for an advertisement for a consumer financial product or service through print, newspaper, or electronic media.

Notwithstanding the broad definition of “covered person,” the CCFPL contains numerous exemptions, including for banks; licensed escrow agents; licensees under the California Financing Law; licensed broker-dealers or investment advisers; licensees under the Residential Mortgage Lending Act; licensed check sellers, bill payers, or proraters; and licensed money transmitters, among others.

The Department is authorized to impose civil money penalties for any violation of the CCFPL, rule or final order, or condition imposed in writing by the Department in an amount not to exceed the greater of $5,000 for each day during which a violation or failure to pay continues, or $2,500 for each act or omission. Reckless violations are subject to increased penalties not to exceed the greater of $25,000 for each day during which the violation continues, or $10,000 for each act or omission. For knowing violations, the Department is authorized to assess penalties not to exceed the lesser of one percent of the person’s total assets, $1 million for each day during which the violation continues, or $25,000 for each act or omission.

What Do You Need to Do?

It is always important to take consumer complaints seriously and to respond timely and accurately. Now is the time to review your company’s complaint management procedures to make sure they are robust. It is always important to mine your consumer complaints so that you can learn from them and correct errors timely to ensure mistakes don’t recur, and the Department’s latest settlement is a reminder that companies subject to the CCFPL also have a legal obligation to do so.