chevron-down Created with Sketch Beta.

Business Law Today

December 2023

CFPB Proposes New Oversight of Big Tech and Other Consumer Payment App Providers

Jessie Cheng

Summary

  • The U.S. Consumer Financial Protection Bureau (“Bureau”) has issued a proposed rule to expand its oversight authority with respect to providers of “general-use digital consumer payment apps.” According to press reports, this would include Amazon, Apple, and Facebook with respect to their payment offerings, together with about fourteen other companies.
  • Under the proposed rule, the Bureau would exercise the full plate of supervisory authority over “larger participants” in this market, as defined by their transaction volume and entity size, with new examination powers, such as conducting on-site examinations, imposing reporting requirements, and conducting periodic monitoring.
  • The proposed rule would impose new costs to nonbank providers, but the more significant impact to the digital payments industry is the broad, ongoing line of sight that the Bureau would gain into the activities of leading market participants.
CFPB Proposes New Oversight of Big Tech and Other Consumer Payment App Providers
iStock.com/ljubaphoto

Jump to:

In a shot across the bow to the digital payments industry, the U.S. Consumer Financial Protection Bureau (“Bureau”) has issued a proposed rule to expand its oversight authority to nonbank providers of consumer payment apps. These apps include digital wallets, funds transfer services, and peer-to-peer apps—for both U.S. dollar payments and, surprisingly, also bitcoin and other crypto-asset payments. The Bureau anticipates that the proposal would cover about seventeen companies based on data from various sources, including information it has collected from Amazon, Apple, Facebook, and others with respect to their payment offerings.

Under the proposed rule, if finalized, the Bureau would exercise the full plate of supervisory authority over “larger participants” in this market. On top of its existing rule-writing and enforcement powers, the Bureau would exercise examination powers under the Consumer Financial Protection Act (“CFPA”) over these larger participants, such as conducting on-site examinations, imposing reporting requirements, and conducting periodic monitoring.

These supervisory activities would impose new costs on nonbank providers. The more significant impact to the digital payments industry, however, is the broad line of sight that the Bureau would gain into the activities of leading market participants. Areas of potential scrutiny where the Bureau has strongly signaled interest include the novel ways that consumer financial data and behavior data are used together in “super apps” and in embedding payments within a social media feed. This proposed rule comes hot on the heels of the Bureau’s proposed rule to accelerate open banking, as the Bureau is laying the groundwork for a greater role at the intersection of digital payments and data.

Scope of the Proposed Rule

The proposed rule homes in on the “general-use” digital consumer payment apps market, in recognition of its tremendous growth in recent years. However, the Bureau’s examination authority under the proposed rule would apply to only a subset of nonbank providers in this market—those that are deemed “larger participants.”

The CFPA grants the Bureau broad discretion to choose criteria for assessing whether a nonbank provider is a “larger participant.” Under its proposed criteria, a nonbank provider would be a “larger participant” if it satisfies the following two prongs:

  1. Payment transaction volume prong: The nonbank provider and its affiliates, in aggregate, have an annual “consumer payment transaction” volume of at least five million transactions, and
  2. Entity size prong: The nonbank entity would not be a small business concern as defined by the Small Business Administration size standards for its primary industry (the likely classification would be “Financial Transactions Processing, Reserve, and Clearinghouse Activities”).

A key metric in determining whether a nonbank provider would be considered a “larger participant” for purposes of the proposed rule, therefore, is the volume of “consumer payment transactions” that it facilitates. To fall within that definition (and be counted toward the payment transaction volume prong of the proposed “larger participant” criteria), a transaction must be primarily for personal, family, or household purposes; purely commercial or business-to-business payments would be outside the definition.

The following summarizes additional nuance from the proposed rule on the definition of “consumer payment transactions”:

What is a “consumer payment transaction” under the proposed rule?

What is covered?

  • Any payment transaction that results in a transfer of funds by or on behalf of a consumer to a third party
    • Focus is on the sending of a payment, not the receipt
    • Encompasses a consumer’s transfer of the consumer’s own funds (such as where the nonbank provider transfers the consumer’s balance or instructs the consumer’s bank, on the consumer’s behalf, to make a funds transfer)
    • Also encompasses the use of a consumer’s account or payment credentials to make a payment (such as digital wallet functionality to hold and transmit the consumer’s credit card information)
  • Digital assets, including bitcoin, that are used to make a payment by or on behalf of a consumer to a third party

What is excluded?

  • International payments, such as remittances
  • Exchange transactions (such as conversions of U.S. dollars to a different foreign currency or purchases, sales, or exchanges of digital assets)
  • A consumer’s payment to a marketplace or merchant for the sale or lease of goods or services from that marketplace or merchant (such as by using payment credentials stored by an online marketplace)
  • Consumer lending activities, such as digital apps through which a nonbank lends money to consumers to buy goods or services

Examination Authority

Under the proposed rule, the Bureau would examine for compliance with federal consumer financial protection laws, such as the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices; the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P; and the Electronic Fund Transfer Act and its implementing Regulation E. Under the proposed rule, the Bureau would notify a nonbank provider when it intends to undertake supervisory activity, and the provider would then have an opportunity to claim that it is not a larger participant.

The Bureau’s examination authority would coexist with state oversight of money transmission. While holding a state license would not shield from Bureau oversight a money transmitter that also meets the “larger participant” criteria, the proposed rule notes that the Bureau’s prioritization of supervisory activity among nonbank providers would take into account the extent of relevant state oversight and that the Bureau would coordinate with appropriate state regulatory authorities in examining larger participants.

The Bureau is inviting public comment on the proposed rule through January 8, 2024.

    Author