February 11th 2025

The CFPB’s Secret Data Empire:

Why Congress Must Shut It Down

The Consumer Financial Protection Bureau is the most unaccountable agency in the federal government. Created in the wake of the 2008 financial crisis under the guise of consumer protection, it quickly became something else entirely: a data-hoarding leviathan that rivals the NSA in its collection and storage of Americans’ private financial records. Unlike the NSA, which at least operates under the constraints of national security oversight, the CFPB is a rogue entity. It does not answer to Congress for its budget, as it receives its funding from the Federal Reserve rather than through appropriations. It does not report its activities transparently, having fought to conceal the full extent of its data collection programs. And it is uniquely positioned to weaponize financial information against political opponents, businesses, and individuals.

From the beginning, the CFPB sought to build an enormous database of personal financial transactions. By 2014, it had compiled records on 173 million loans. It was vacuuming up 87% of the U.S. credit card market’s transaction data and openly sought to increase that to 95%. It was tracking mortgage transactions, auto loans, and even consumer spending habits. The scale of this data-mining operation was staggering, yet the Bureau resisted transparency at every turn. When Congress inquired about the scope of its activities, the CFPB stonewalled. Lawmakers had to pass legislation forcing the Bureau to disclose what it had been collecting on American citizens.

The findings were chilling. The CFPB was not merely analyzing market trends; it was amassing detailed, account-level data on millions of Americans without their knowledge or consent. The Bureau’s claim that it anonymized the data was laughable. Given the specificity of the information—credit scores, mortgage details, social security numbers, individual transactions—the ability to identify individuals from such datasets was well within reach. The agency had, in effect, created a financial surveillance apparatus that made the IRS, NSA, and CIA look restrained by comparison.

Under the Trump administration, the CFPB’s runaway data collection was finally reined in. A series of reforms halted the mass gathering of personally identifiable information, and policies were put in place to prevent the Bureau from functioning as an unregulated domestic intelligence agency. But as soon as the Biden administration took control, the CFPB reverted to its old ways. New leadership under Rohit Chopra resumed aggressive data acquisition, operating under the same opaque policies that had prompted Congressional intervention years before. The Bureau returned to hoarding credit card, mortgage, banking, and payment app data—covering virtually every financial transaction an American could make. If you have a mortgage, a credit card, a bank account, or use services like Venmo, the CFPB has your data.

What makes the CFPB so uniquely dangerous is its structure. Because it is funded by the Federal Reserve rather than Congress, lawmakers have little ability to restrict or monitor its activities. This financial independence means the agency operates with virtually no oversight. The Federal Reserve simply transfers the requested funds, bypassing the legislative checks and balances that apply to every other federal agency. This design was deliberate. Those who created the CFPB wanted an agency that could regulate and penalize private businesses without being answerable to elected representatives. In effect, it is a shadow regulatory state operating outside democratic control.

Recent reports from the Federal Reserve’s Inspector General confirm that the CFPB continues to engage in deeply troubling data practices. The most recent audit found major security lapses, including inadequate safeguards for sensitive financial information. The report outlined systemic failures in protecting consumer data, reinforcing longstanding fears that the CFPB has little interest in following the same security protocols it demands of private institutions. This is an agency that collects vast amounts of data but cannot even manage to secure it properly. The irony would be amusing if it weren’t so dangerous.

There is no fixing the CFPB in its current form. It is a rogue agency with too much power, too little oversight, and a history of brazen dishonesty about its activities. A financial regulatory body that amasses data on nearly every American citizen without accountability is an unacceptable threat to liberty.

Donald Trump and Russell Vought must act immediately. Their first step should be to appoint a special Inspector General tasked with uncovering what the CFPB has been doing for the past four years. How much data has it collected? What security breaches have occurred? Have financial records been weaponized for political purposes? These questions must be answered.

But oversight alone is not enough. Congress must move to abolish the CFPB entirely. Its regulatory functions can and should be absorbed by existing agencies—ones that are accountable to Congress and managed by officials who answer to the president. The CFPB, as an independent entity, is a failed experiment. It has proven itself to be an unaccountable behemoth with an insatiable appetite for Americans’ financial information. The only way to ensure it does not continue its abuses is to dismantle it.

The CFPB is a threat to privacy, due process, and democratic accountability. It is time to put an end to its unchecked power. If financial consumer protection is truly the goal, let it be handled by agencies that respect the limits of government authority. Anything less than full abolition is an invitation for continued abuse.

===Amuse