If you run compliance at a fintech company, two agencies probably occupy most of your attention: the Securities and Exchange Commission and the Consumer Financial Protection Bureau. Both have been active in 2025 and 2026. Both have expanded their reach into fintech. But their approaches, priorities, and enforcement patterns are different.
Understanding those differences matters for how you allocate your monitoring and compliance resources.
The SEC: Expanding the Definition of "Security"
The SEC's relevance to fintech has grown significantly. Three areas deserve close attention:
Crypto and Digital Assets
The SEC has been the primary federal regulator asserting jurisdiction over digital assets. Through enforcement actions and rulemaking, it has established that many tokens and digital asset arrangements qualify as securities under the Howey test. For fintech companies in the crypto space, the SEC is the regulatory body that determines whether your product requires registration.
Key developments to monitor: - New enforcement actions that clarify which asset types the SEC considers securities - Rulemaking around digital asset custody - Guidance on tokenized securities and DeFi protocols - Staff bulletins on broker-dealer and exchange registration requirements
Regulation Best Interest (Reg BI)
For fintech companies that offer investment advice or brokerage services (including robo-advisors), Reg BI is the governing framework. The SEC has been actively enforcing Reg BI, particularly around:
- - Disclosure adequacy for algorithmic recommendations
- - Conflict of interest management in fee structures
- - Care obligation when using automated investment models
Private Fund and Capital Markets Rules
For fintech companies facilitating capital formation (crowdfunding platforms, secondary market platforms, fund administration), SEC rules on Regulation D, Regulation A+, and the new private fund adviser rules are critical.
The CFPB: Consumer Protection with Teeth
The CFPB has a different mandate: protecting consumers in financial transactions. For fintech companies that touch consumer money, the CFPB is often the more immediately relevant regulator.
UDAAP Enforcement
The CFPB's Unfair, Deceptive, or Abusive Acts or Practices authority is broad and principles-based. It has been applied to:
- - Earned wage access products (determining whether advances are loans)
- - Buy now, pay later services (disclosure and refund requirements)
- - Digital payment platforms (error resolution and unauthorized transaction handling)
- - Credit reporting and furnishing practices
UDAAP is notable because it does not require a specific rule violation. The CFPB can bring enforcement based on its determination that a practice is unfair, deceptive, or abusive. This makes it harder to predict and more important to monitor.
Open Banking (Section 1033)
The CFPB's rulemaking on consumer data rights (Section 1033 of Dodd-Frank) is reshaping how fintech companies access and share financial data. The rule establishes:
- - Consumer right to access their financial data in machine-readable formats
- - Requirements for data providers (banks) to make data available
- - Standards for authorized third parties (fintech companies) accessing consumer data
- - Privacy and security requirements for data sharing
For fintech companies that rely on bank data access (account aggregation, personal finance, lending), this is foundational rulemaking.
Small Dollar Lending and BNPL
The CFPB has been active in regulating newer lending products:
- - Defining earned wage access as credit (or not) depending on structure
- - Applying existing lending rules (TILA, ECOA) to buy now, pay later products
- - Examining fee structures for fairness and transparency
Where They Overlap
Several fintech business models fall under both agencies:
Robo-advisors and investment platforms. SEC regulates the investment advice and securities aspect. CFPB may regulate consumer-facing disclosures and practices.
Payment platforms that hold funds. SEC interest if held funds could be considered securities. CFPB interest in the consumer protection aspects of fund holding and transfer.
Crypto platforms serving retail consumers. SEC for securities classification. CFPB for consumer protection in financial transactions.
How to Prioritize Monitoring
For a fintech compliance team with limited resources, here is a practical framework:
Monitor Both, But Differently
SEC monitoring should focus on: - Enforcement actions in your specific business area - Proposed and final rules that affect registration requirements - Staff guidance and no-action letters - Commissioner speeches that signal upcoming priorities
CFPB monitoring should focus on: - Enforcement actions against companies with similar business models - Proposed rules affecting consumer financial products - Supervisory highlights that identify areas of concern - Research reports that often precede rulemaking
The Federal Register Advantage
Both agencies publish through the Federal Register. This is your single best source for monitoring both SEC and CFPB simultaneously. The Federal Register API allows you to filter by agency, so you can track both in one feed rather than checking two separate websites.
This is exactly what Compliance Intel does. Our feed pulls from the Federal Register API filtered by financial regulatory agencies, plus direct RSS feeds from the SEC and CFPB. You see both agencies in one view, filtered and categorized.
Risk-Based Prioritization
Not all updates require the same level of attention:
High priority (review within 24 hours): - Final rules with compliance deadlines - Enforcement actions against companies in your space - Emergency orders or interim final rules
Medium priority (review within 1 week): - Proposed rules (comment periods are typically 60-90 days) - Staff guidance and bulletins - Request for information
Lower priority (review monthly): - Routine filings and approvals - Administrative proceedings unrelated to your business model - International coordination announcements
The 2026 Landscape
Both agencies are active, but with different trajectories. The SEC continues to focus on digital assets, market structure modernization, and climate-related disclosure. The CFPB is focused on open banking implementation, AI in lending decisions, and earned wage access classification.
For most fintech companies, both agencies matter. The question is not which one to watch, but how to watch both efficiently. A systematic monitoring approach that covers the Federal Register, SEC direct feeds, and CFPB publications ensures you are not choosing between agencies. You are tracking both, with the confidence that comes from knowing nothing slipped through while you were focused on the other.