.svg)
The US Consumer Financial Protection Bureau (CFPB) has issued a proposed rule, titled “Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications," which would establish the CFPB’s supervisory authority over certain non-bank covered persons participating in a market for general-use digital consumer payment applications.
The bigger picture
The CFPB is an independent bureau within the Federal Reserve system. The CFPB is responsible for enforcing federal consumer financial laws and protecting consumers in the financial marketplace.
Under the Consumer Financial Protection Act, the CFPB has supervisory powers and oversight over significant players in the consumer financial market, as defined by CFPB regulations. Furthermore, the CFPB has the authority to supervise any non-bank covered person if it has reasonable cause to believe that the covered person's actions pose risks to consumers in the realm of financial products or services.
Pursuant to Section 1024(a)(1)(B);(a)(2) of the Consumer Financial Protection Act, the CFPB is authorized to supervise non-bank covered persons for the purposes of:
- Assessing compliance with federal consumer financial law.
- Obtaining information about such persons’ activities and compliance systems or procedures.
- Detecting and assessing risks to consumers and consumer financial markets.
Additionally, Section 1022(b)(1) of the Consumer Financial Protection Act stipulates that the CFPB has the authority to prescribe necessary or appropriate rules to enable it to administer and carry out the purposes and objectives of federal consumer financial law, and to prevent law evasion.
Why now and why this particular market?
According to the proposed rule, consumers rely on general-use digital consumer payment applications for many aspects of their everyday lives.
By bringing non-banks that are larger participants in this market (the general-use digital consumer payment applications market) under its supervision, the CFPB is able to better ensure that they are complying with applicable requirements of federal consumer financial law. This includes the Consumer Financial Protection Act’s prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P, and the Electronic Funds Transfer Act and its implementing Regulation E. The proposed rule would also enable the CFPB to monitor new risks to both consumers and the market.
Lastly, the proposed rule states that it will further the CFPB’s statutory objective of ensuring that federal consumer financial law is enforced consistently between non-banks and depository institutions to promote fair competition.
Who does the proposed rule apply to?
The proposed rule targets non-bank covered persons that are larger participants in the general-use digital consumer payment applications market. This encompasses providers of widely used financial products and services commonly referred to as digital wallets, payment apps, funds transfer apps, and person-to-person payment apps.
According to the proposed rule, a non-bank covered entity is a larger participant of the general-use digital consumer payment applications market if the non-bank covered entity meets both of the following criteria:
- It provides annual covered consumer payment transactions volume of at least 5m transactions.
- During the preceding calendar year it was not a “small business concern” as defined by Section 3(a) of the Small Business Act.
How does the CFPB define the market for general-use digital payment applications?
The objective of the proposed rule is to bring non-bank covered persons that are larger participants of the general-use digital consumer payment applications market under the supervisory authority of the CFPB. In order to do so, the CFPB has defined the market for general-use digital payment applications.
This market would include providers of funds transfer and wallet functionalities through digital applications for consumers’ general use in making payments to other persons for personal, family or household purposes.
The proposed rule further breaks down the market definition as follows:
- “Providing a general-use digital consumer payment application” means providing a covered payment functionality through a digital application for consumers’ general use in making consumer payment transactions.
- “Covered payment functionality” means a funds transfer functionality and/or a wallet functionality.
- Funds transfer functionality means receiving funds for the purpose of transmitting them or accepting and transmitting payment instructions. Funds also include digital assets that have monetary value and are readily usable for financial purposes, including as a medium of exchange.
- Wallet functionality means a product or service that stores account or payment credentials, including in encrypted or tokenized form, and transmits, routes, or otherwise processes such stored account or payment credentials.
- “Digital application” means a software program a consumer may access through a personal computing device, including but not limited to mobile phones, smart watches, tablets, laptop computers, and desktop computers.
- “General use” means the absence of significant limitations on the purpose of consumer payment transactions facilitated by the covered payment functionality provided through the digital consumer payment application.
- “Consumer payment transactions” means transfer of funds by or on behalf of a consumer physically located in the state to another person primarily for personal, family and household purposes. The term applies to transfers of consumer funds and transfers made by extending consumer credit (with few exceptions). The definition of “consumer payment transactions” includes four components:
- The payment transaction must result in a transfer of funds by or on behalf of the consumer.
- The consumer must be physically located in a state.
- The funds transfer must be made to another person besides the consumer.
- The funds transfer must be primarily for personal, family or household purposes.
- “Covered payment functionality” means a funds transfer functionality and/or a wallet functionality.
How does the proposed rule affect Big Tech and other non-bank digital payment applications providers?
The proposed rule would not impose new substantive consumer protection requirements or alter the scope of the CFPB’s current regulatory and enforcement authorities. non-bank covered entities are generally subject to the CFPB’s regulatory and enforcement authority regardless of whether they were subject to the bureau’s supervisory authority.
However, this proposed rule would bring those non-bank covered persons under the supervisory umbrella of the CFPB and enhance supervision of their digital payment applications products.
If the proposed rule is finalized, what does CFPB supervision entail?
According to the CFPB, supervised entities will be subject to a comprehensive, ongoing process of pre-examination scoping and review of information, data analysis and on-site examinations. CFPB supervision will also include regular communication with supervised entities and prudential regulators.
Non-bank covered persons will also be subject to a risk-based supervision program that will include conducting individual examinations and may also include reporting requirements for businesses to support the CFPB in determining what businesses need greater focus.
What could the examination process look like?
According to the proposed rule, the examination process generally proceeds as follows:
- CFPB examiners contact the entity for an initial conference with management and often request records and other information.
- The CFPB reviews the components of the supervised entity’s compliance management system.
- The CFPB discusses with the management the entity’s compliance policies, processes and procedures; reviews documents and records, tests transactions and accounts for compliance; and evaluates the entity’s compliance management system.
- The CFPB may request information from supervised entities prior to or without conducting examinations.
In addition to the examination process described above, the CFPB may conduct other supervisory activities, such as periodic monitoring.
Considerations for the examination process
To prepare for a potential examination process, as described above, non-bank covered entities that fall within the scope of the proposed rule should consider the following:
- Prepare for initial contact and information request:
- Be prepared for initial communication from CFPB examiners and plan to schedule a comprehensive conference with the management team.
- Ensure that all requested records and information are readily accessible and well-organized for CFPB submission.
- Review and strengthen compliance management system (CMS):
- Conduct an internal review of your existing compliance policies, processes and procedures, and update and strengthen as necessary to align with CFPB standards.
- Maintain detailed and accurate records of all compliance-related activities, and ensure that documentation is complete, up-to-date and easily retrievable.
- Prepare for in-depth evaluations:
- Regularly conduct internal audits and reviews of transactions and accounts to ensure compliance with CFPB regulations.
- Implement testing procedures for transactions and accounts to identify and rectify any compliance issues proactively.
- Continuously evaluate and improve compliance management systems based on internal assessments and feedback from the CFPB.
- Be proactive in information sharing:
- Proactively identify information that the CFPB might request, and prepare to share this information even if an examination is not currently scheduled.
What happens next?
The comment period for the proposed rule closed on January 8, 2024, and the CFPB has not officially released a timeline for when the final rule will be issued. However, media sources are speculating that the rule will be finalized in fall 2024.
