Credit Authority Regulatory Bodies: CFPB, FTC, and Federal Oversight
Federal oversight of the consumer credit system spans multiple agencies with distinct statutory mandates, enforcement tools, and jurisdictional boundaries. The Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and a constellation of banking regulators collectively govern how credit data is collected, reported, and used. Understanding how these bodies interact — and where their authority begins and ends — is foundational to navigating credit system fundamentals and consumer protection rights.
Definition and scope
The consumer credit regulatory framework in the United States operates under overlapping federal statutes, each delegating authority to specific agencies. The two primary civilian-facing regulators are the CFPB and the FTC, though the Federal Reserve, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA) also exercise supervisory authority over credit-granting institutions within their respective charters.
The Consumer Financial Protection Bureau was established under Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Pub. L. 111-203). Its mandate covers supervision and enforcement of federal consumer financial laws, including the Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunity Act (ECOA). The CFPB holds examination authority over depository institutions with more than $10 billion in assets and over non-bank financial companies such as credit reporting agencies, debt collectors, and mortgage servicers (12 U.S.C. § 5514).
The Federal Trade Commission operates under the FTC Act (15 U.S.C. § 41 et seq.) and shares FCRA enforcement authority with the CFPB for entities outside CFPB's direct supervisory reach — primarily smaller financial firms and non-bank entities. The FTC's Bureau of Consumer Protection handles identity theft, deceptive credit repair practices, and credit reporting violations through its law enforcement function.
The scope of these bodies extends to credit reporting agencies overview — including the three nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) — which are subject to CFPB examination on an ongoing basis.
How it works
Federal credit oversight operates through three discrete mechanisms: rulemaking, supervision, and enforcement.
- Rulemaking — The CFPB promulgates regulations implementing consumer financial statutes. For example, CFPB's Regulation V (12 C.F.R. Part 1022) implements the FCRA, establishing requirements for accuracy, dispute handling, and permissible purpose for credit data access (CFPB, Regulation V).
- Examination and supervision — The CFPB conducts periodic examinations of covered entities, reviewing internal compliance programs, dispute resolution procedures, and data furnisher practices. Examination findings can lead to supervisory letters, memoranda of understanding, or referrals for formal enforcement.
- Enforcement actions — Both the CFPB and FTC may bring civil actions. The CFPB may impose civil money penalties up to $1,000 per day for unintentional violations, up to $25,000 per day for reckless violations, and up to $1,000,000 per day for knowing violations under 12 U.S.C. § 5565 (CFPB, Civil Penalty Authority). The FTC may seek civil penalties under the FCRA of up to $50,120 per violation (adjusted annually for inflation under the Federal Civil Penalties Inflation Adjustment Act, FTC penalty schedule).
- Interagency coordination — The CFPB, FTC, and prudential regulators coordinate through the Financial Stability Oversight Council (FSOC) and through memoranda of understanding on data sharing and concurrent jurisdiction.
The fair-credit-reporting-act-fcra and equal-credit-opportunity-act-ecoa pages detail the specific statutory requirements these agencies enforce.
Common scenarios
Federal credit regulators intervene across a predictable range of circumstances. Four representative scenarios illustrate where oversight is most frequently triggered:
Scenario 1: Inaccurate credit report data
A consumer disputes a derogatory account that does not belong to them. Under FCRA § 611, the consumer reporting agency has 30 days to investigate and correct or delete inaccurate information. If the agency fails to comply, it is subject to CFPB or FTC enforcement. The process for consumers is described in disputing credit report errors.
Scenario 2: Unlawful denial of credit
A lender denies a credit application based on a prohibited basis — race, sex, national origin, or religion — under ECOA (15 U.S.C. § 1691). The CFPB holds primary enforcement authority over large banks; the FTC and Department of Justice Civil Rights Division may act against smaller creditors or in cases involving systemic discrimination.
Scenario 3: Identity theft and fraudulent reporting
A consumer reports identity theft, triggering FCRA rights to place fraud alerts and credit freezes. The CFPB coordinates with the FTC's IdentityTheft.gov platform, the designated federal resource for identity theft remediation. See credit freeze and fraud alert options for the procedural framework.
Scenario 4: Credit repair fraud
A company promises to remove accurate negative items from credit reports for an upfront fee — a practice prohibited under the Credit Repair Organizations Act (CROA), 15 U.S.C. § 1679 et seq. The FTC has primary CROA enforcement authority and has brought more than 30 enforcement actions against fraudulent credit repair operators since CROA's enactment.
Decision boundaries
The boundaries between agency jurisdictions are not always self-evident. Three contrast points clarify how authority is allocated:
CFPB vs. FTC jurisdiction
| Dimension | CFPB | FTC |
|---|---|---|
| Primary statute | Dodd-Frank Title X, FCRA, ECOA | FTC Act, FCRA (shared), CROA |
| Supervisory exam authority | Yes — covered persons ≥$10B assets, non-banks | No direct examination authority |
| Civil penalty authority | Yes — up to $1,000,000/day (knowing violations) | Yes — up to $50,120/violation (FCRA) |
| Rulemaking | Yes — Regulation V and others | Limited — shares rulemaking on FCRA |
| Primary non-bank targets | Large credit bureaus, mortgage servicers, large debt collectors | Smaller creditors, credit repair firms, smaller collectors |
Prudential regulators vs. CFPB
For depository institutions with $10 billion or less in assets, the prudential regulator (OCC for national banks, FDIC for state non-member banks, Federal Reserve for state member banks, NCUA for credit unions) retains primary consumer compliance examination authority — not the CFPB (12 U.S.C. § 5516). The CFPB may still enforce the law through litigation but does not conduct routine examinations of those smaller institutions.
State law interaction
Federal statutes generally establish floors, not ceilings. States may enact stronger consumer credit protections. California's Consumer Credit Reporting Agencies Act, for example, grants consumers rights beyond those in the federal FCRA. State attorneys general may also bring FCRA enforcement actions under 15 U.S.C. § 1681s(c), adding a third enforcement tier beneath the federal structure.
Practitioners and researchers analyzing credit score models comparison should note that scoring model governance is not directly regulated by any single agency — FICO and VantageScore methodologies are subject to FCRA accuracy and permissible-purpose requirements but not to model-specific rulemaking as of the current statutory framework.
References
- Consumer Financial Protection Bureau (CFPB)
- Federal Trade Commission (FTC) — Consumer Protection
- Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. 111-203
- CFPB Regulation V (12 C.F.R. Part 1022) — Fair Credit Reporting
- 12 U.S.C. § 5514 — CFPB Supervision of Non-Bank Covered Persons
- [12 U.S.C. § 5516 — Supervision of Covered Persons Subject to Prudential Regulators](https://uscode.house.
📜 17 regulatory citations referenced · ✅ Citations verified Feb 25, 2026 · View update log