The Consumer Financial Protection Bureau is asserting the ability to perform examinations of major digital wallet and mobile payments providers in a regulatory proposal. This would be the first time entities like Apple Pay, Google Pay and more than a dozen other big tech consumer payment providers would come under the examination-level scrutiny of a federal banking regulator.
At present, the CFPB only has proposed oversight for some players, but those players have very deep pockets (in terms of lawyers and lobbyists). However, the bureau has succeeded at this before given its wide scope to issue and enforce rules affecting nonbank institutions.
The proposal represents the sixth time the CFPB, founded in 2011, has proposed expanding its regulatory turf. The bureau is unusual among banking regulators in that it can, through issuing a rule, assert authority over larger participants in markets for consumer financial products and services. Past target areas have included consumer credit reporting, consumer debt collection, student loan servicing, international money transfers, and auto financing.
The banking industry has a multi-faceted relationship with the big techs that run the digital wallets. Enabling an issuer’s cards to be used through Apple Pay, for example, is pricey and some community banks in particular have still not gotten on board because of the costs. On the other hand, the industry, through Zelle, which is owned by a consortium of very large banks, has its own person-to-person payments service. Some institutions resist joining that for reasons of cost as well.
The same bank-owned parent organization that owns Zelle, Early Warning Services, is in the midst of establishing Paze, an ecommerce-only digital wallet that it is now describing as an “online checkout solution.” In response to a request for comment on the CFPB matter, Early Warning observed that both of its payment services, as well as the banks and credit unions it serves, “are subject to regulation and oversight by bank and financial services regulatory agencies.”
Thus far if the companies and their trade groups are worried about the proposal, they are apparently keeping their powder dry for the formal comment stage. So far, “this hasn’t been characterized as Armageddon by the big tech folks,” says Jonah Crane, partner at Klaros Group and formerly deputy assistant secretary for the federal Financial Stability Oversight Council.
How CFPB Would Target Nonbank Digital Payment Players Like Apple and Google
The proposed rule follows a major study the CFPB published in early September. CFPB Director Rohit Chopra accompanied the study’s release with an aggressive speech that dwelled especially on Apple’s dominance of digital wallets and payments apps, with Google also coming in for criticism. This effort goes back to a late 2021 inquiry sent to major big tech payment providers to develop detailed baseline data.
Bureau Targets Biggest Payments Players:
The CFPB proposes to cover larger players that individually handle more than 5 million transactions annually. The bureau believes this will place 17 major organizations under its examination authority.
As proposed, this would include on-site exams by CFPB teams that could result in both confidential exam ratings and reports. As proposed, most of the focus would be on compliance issues, including such matters as electronic funds transfer laws and regulations and privacy rules. The bureau would also focus on “UDAAP” — unfair, deceptive, or abusive acts or practices — a compliance focus the CFPB has been expanding. Banking institutions subject to CFPB examination and enforcement have been facing UDAAP scrutiny for some time. The public comments phase ends on Jan. 8, 2024.
While the Chopra speech and the study mentioned Apple and Google, no provider names appear in the proposed regulation. The following types of services are listed: digital wallets, payment apps, funds transfer apps, person-to-person payment apps and P2P apps. The bureau estimates that this represents 9% of nonbanks that provide general digital consumer payment applications. The announcement indicates that the proposed exam jurisdiction would cover providers of about 88% of the known nonbank digital consumer payment transactions.
“If it walks like a bank and talks like a bank, regulate it like a bank,” commented the Bank Policy Institute. “Maintaining trust in the U.S. financial system is paramount, and any Big Tech firm engaged in these activities must be required to not only follow the same rules, but also demonstrate ongoing compliance through regular direct supervision.” Outreach to Apple, lambasted the most directly by CFPB’s report, was not returned.
When regulators propose new compliance and regulatory duties, they are required to estimate the costs involved. The CFPB’s proposal estimates that it will cost each big tech $25,001 per exam.
Brian Johnson, managing director at Patomak Global Partners, previously served as CFPB deputy director. He chuckles over that figure. “That estimate,” says Johnson, “is nowhere close to reality.” He says that based on his own insider’s experience, the costs of handling even a basic CFPB exam are “at least 10 times that.”
“I think CFPB has a license to go on a fishing expedition” in each tech company it examines, should the proposal go through, says Klaros Group’s Crane.
“What protection will the CFPB process actually provide?” asks payments consultant Richard Crone. “It’s not obvious to me.”
What Experts Are Saying about CFPB’s Push to Examine Big Techs
An element in the CFPB’s announcement is the notion of a “level playing field” among providers. This is an argument the banking industry itself has been using for decades going back to the days when savings and loans could offer 0.25% more on savings accounts than banks could. It is an unusual focus for the bureau, which stated in its document that its move would ensure that “federal consumer financial law is enforced consistently between nonbanks and depository institutions in order to promote fair competition.”
The banking industry naturally likes the sound of that. However, “everyone’s in favor of that, as long as it’s not their ox getting gored,” observes Johnson.
Johnson says the proposal’s broad outlines aren’t surprising. “They derive from the current director’s own personal priorities,” he explains. Rohit Chopra served as a member of the Federal Trade Commission before coming back to CFPB as its head and competition is a major FTC concern. Chopra has also made it plain that he is very concerned about privacy and how companies in general use personal data.
On CFPB's Push for Exam Authority:
The proposal doesn't cite any alleged consumer harm in the payments area, which a consumer-focused agency might have been expected to bring up as a reason for introducing a new regulatory regime.
Johnson says the CFPB seems to see big tech’s involvement in payments as “a matter of potential emerging risk. I find that unique.” He finds it odd that the proposal wasn’t backed up by findings of major consumer problems.
“It seems like it’s about speculative concerns about what might transpire in the future,” says Johnson.
In that sense, pulling the big techs under an examination umbrella makes it easier to get continual information about what’s going on at covered companies, suggests David Sewell, a banking attorney who is partner at Freshfields Bruckhaus Deringer US LLP. The 2021 inquiry entailed the CFPB issuing orders to Amazon, Apple, Facebook (now Meta), Google, PayPal and Square to complete a mammoth questionnaire.
“This means the difference between responding to subpoenas and having routine checkups by examiners,” says Sewell. If the proposal goes through, the big techs will find themselves in more of a regulator-regulated position for financial services purposes, a position they are not accustomed to.
The bureau has a long history of reaching to the limit of its grasp and getting challenged, Sewell notes. “It would surprise me if it weren’t challenged over this,” he explains.
In spite of talk of leveling playing fields, to expand on Johnson’s analogy, watching someone else get gored doesn’t ease your own pain. The move doesn’t remove any regulatory burden from traditional players. And it may instead legitimize the rivals, creating a more of a public perception of safety enjoyed by traditional financial institutions. (More on that shortly.)
Will the CFPB move change the competitive dynamic in digital wallets and other mobile payments? There is strong doubt.
“At the end of the day, I’m not sure it changes much for the regulated banks,” says Sewell, “though there is merit to the argument that this levels the playing field.” What future baggage this change may bring with it remains to be seen.
“I don’t really anticipate that this move stems the tide of competition,” says Crane of Klaros Group. For one thing, ultimately the payments that begin on nonbank digital services finish up on banking rails, he points out. He adds that he doesn’t see that a lot of the competitive impact of the big techs’ services arises at all from their skirting consumer protection laws.
“I’m not convinced that that is a big part of the story here,” says Crane. He adds that much will hinge on where the boundaries turn out to be with the 17 earmarked providers.
Crane thinks there may be a game within the game, so to speak, something that the exam process serves as a means to get the CFPB in the door. “I think it revolves around data and understanding how the big techs are using the data,” he explains. He says that is a big question mark that CFPB wants to know more about, especially given Chopra’s concerns about use of personal financial information.
- Cheat Sheet: Understanding the CFPB’s Brief Against Apple and Google in Contactless Payments
- ‘Real-Time Payments’ Expert Pivots to ‘Chuck,’ a P2P Platform for Community Banks
Could CFPB Jurisdiction Over Big Tech Payment Players Boost Them?
In banking law and regulation there is a long history of unintentional results, for a variety of reasons. One, specific to the CFPB, is that it often addresses issues by product type, rather than provider category. Payments consultant Richard Crone brings up a potential sleeper issue.
“The additional review and oversight by the CFPB actually increases the viability, safety and value proposition of digital wallets like Apple Pay and Google Pay and other fintech platforms such as PayPal and Plaid,” says Crone. He suggests that the additional scrutiny would actually “pay a backhanded compliment and serve as a propellant” for these firms.
Crone points out that there is already a process that reviews outside third-party processors such as those that the CFPB is aiming at. Regulated banks and credit unions are required to obtain “SSAE 18” reports on internal controls from such processors. [These are based on evaluations of internal controls of tech platforms and similar companies conducted by major accounting firms. SSAE 18 stands for “Statement on Standards for Attestation Engagements 18, an auditing standard maintained by the American Institute of Certified Public Accountants.]
Adding a more public examination mechanism on top of this will polish up the tech firms, which would actually help promote them, rather than leveling the playing field, Crone contends. He suggests that if the CFPB is looking at all to take the tech firms down a notch, its efforts won’t work out that way.