Photo of Matthew White

Matt White guides clients through regulatory compliance challenges and represents clients in regulatory and civil investigations and litigation.

Matt has counseled fintech and payment companies on regulatory compliance matters, including those involving the Electronic Fund Transfer Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Truth in Lending Act, and their respective implementing regulations (Regulations E, V, P, and Z). Adept with the Consumer Financial Protection Bureau’s (CFPB) Prepaid Rule, Matt has provided guidance regarding prepaid cards and related compliance.

Matt has also aided clients in developing regulatory compliant products and functionalities, including an earned wage access program, reimbursement prepaid card programs, new merchant cash advance products, and tokenized payment capabilities. In connection with products on which Matt advises, he has also negotiated high-stakes technology sales agreements involving complex regulatory issues, including compliance with data privacy laws, financial regulations, and card network rules.

Beyond helping clients strategize for regulatory complexity, Matt also helps clients navigate government investigations and enforcement actions brought by the Federal Trade Commission (FTC), CFPB, and state attorneys general.

On Nov. 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining federal and state privacy protections for consumers’ financial data. In the report, the CFPB “critiques” the privacy protections available under the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA), asserting that the federal framework has “limitations.” The CFPB then

On Oct. 22, 2024, the CFPB issued a final rule that will require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s final rule, called the “Personal Financial Data Rights Rule,” implements Section 1033 of Title X of the Dodd-Frank Act, a to-date

On Oct. 16, 2024, the Federal Trade Commission announced its final “Click-to-Cancel” Rule for subscription services and other negative option offers. The rule requires sellers to make it as easy for consumers to cancel subscriptions as it was to sign up for them. The rule also changes businesses’ marketing, disclosure, consent, and recordkeeping requirements and

On April 4, 2024, the CFPB issued a report titled “Banking in Video Games and Virtual Worlds” that examines the financial and privacy risks to consumers in online video gaming marketplaces.

The CFPB’s report explains that gaming platforms facilitate the storage and exchange of valuable assets while collecting large amounts of data from their users.

On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title

On Nov. 9, 2022, the New York Department of Financial Services (NYDFS) issued a proposed second amendment to its 2017 cybersecurity regulation for financial service companies.[1] In July 2022, NYDFS issued a draft version of the changes, but the current amendment has significant changes. Most of the proposed changes will take effect 180 days