CFPB’s Overreach: Applying Regulation E to Unhosted Wallets is Legally and Technologically Unsound

The Consumer Financial Protection Bureau (CFPB) recently issued a proposed interpretive rule that aims to expand the scope of Electronic Fund Transfer Act (EFTA) and Regulation E to include unhosted blockchain wallets such as MetaMask.

Consensys, a leader in Ethereum-based software, submitted a formal comment strongly opposing this regulatory move, arguing that the proposal is fundamentally flawed on legal, policy, and procedural grounds.

At Anderson P.C., we share their concerns. The CFPB’s attempt to classify unhosted wallets as “financial institutions” under EFTA is an overreach that not only misunderstands blockchain technology but also imposes impossible compliance burdens on developers of decentralized software.

What is the CFPB Proposing?

On January 10, 2025, the CFPB issued a proposed interpretive rule designed to clarify how EFTA and Regulation E apply to modern digital payment systems (the “Proposed Rule”). The stated intent is to extend consumer protections to users of:

1. Digital wallets and payment apps

2. Gaming platforms with in-game currencies

3. Digital assets such as stablecoins

Historically, EFTA and Regulation E cover electronic fund transfers (EFTs) that involve “accounts” used for personal, family, or household purposes. The CFPB now seeks to interpret “funds” broadly to include stablecoins and certain digital assets, potentially classifying wallet providers, fintech firms, and gaming platforms as financial institutions.

This expansion means that unhosted wallets, which do not hold or control user funds, could be subject to compliance obligations under EFTA’s error resolution, unauthorized transaction protections, and disclosure requirements.

If finalized, the rule could significantly reshape the regulatory landscape for crypto and fintech companies.

Key Concerns with the CFPB’s Proposal

1. Unhosted Wallets Are Not Financial Institutions

Under the CFPB’s proposal, a non-custodial wallet could be treated the same way as a bank or fintech company—even though:

1. Unhosted wallets do not hold or control user funds. They merely allow users to access blockchain networks.

2. They cannot freeze, reverse, or modify transactions.

3. Developers do not act as intermediaries in transactions.

This is akin to regulating Ford for how drivers use their vehicles—a misapplication of existing law to a fundamentally different technology.

2. The CFPB’s Definition of “Funds” is Overly Broad

The CFPB argues that digital assets like stablecoins should be considered “funds” under EFTA. While some courts have classified certain cryptocurrencies as “funds” for other regulatory purposes, the legal basis for applying this definition to all digital wallets is highly questionable.

Moreover, extending EFTA liability to wallet providers ignores the decentralized nature of blockchain—where transactions are publicly recorded and cannot be reversed by any single entity.

3. Compliance is Impossible for Wallet Developers

If finalized, this rule would create insurmountable compliance burdens on unhosted wallet providers. EFTA mandates financial institutions to:

1. Investigate and resolve transaction errors

2. Limit consumer liability for unauthorized transactions

3. Provide mandatory disclosures

Wallet developers cannot reasonably comply with these requirements. They do not control user funds and have no ability to undo blockchain transactions.

Some U.S.-based blockchain developers would be forced offshore, damaging innovation and ceding leadership in crypto and digital finance to foreign jurisdictions.

4. Procedural Concerns

The CFPB is using an interpretive rule—bypassing the Administrative Procedure Act (APA), which requires formal rulemaking for substantive changes. Courts routinely strike down regulatory overreach when agencies attempt to rewrite laws without congressional approval.

* * *

Attorney Advertising—Anderson P.C. is a U.S. law firm and provides this information as a service to clients, prospective clients, and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.

Anderson P.C. is a boutique law firm dedicated to defending clients in government investigations and securities enforcement actions initiated by the SEC, FINRA, DOJ, and other regulatory bodies. We provide focused, strategic counsel and regulatory guidance across the full spectrum of federal laws and regulations affecting broker-dealers, investment advisers, banks, asset managers, private funds, public companies, senior executives, and digital assets. Our deep expertise allows us to navigate complex legal challenges and deliver results-driven solutions tailored to our clients' unique needs.

If you have any questions or need legal assistance related to government investigations, securities enforcement actions, or regulatory compliance, please don't hesitate to contact us. Our team at Anderson P.C. is here to provide the expert guidance and support you need to navigate these complex challenges.