CFPB Proposes Reining in Payment Apps

‘Tis the season of giving thanks and this year some people may be thankful that the CFPB is finally taking payment apps seriously. The proliferation of nonbank companies in the consumer payment space has slowly but surely caused regulators to take notice. The CFPB in particular just issued a proposed rule to supervise nonbank companies that qualify as larger participants in the payment app marketplace.

The words “larger participant” may ring a bell. The CFPB has the authority to supervise nonbank entities that it deems “a larger participant of a market for other consumer financial products or services.” You may be familiar with previously-issued “larger participant” rules for nonbanks engaged in consumer reporting, consumer debt collection, student loan servicing, international money transfers, and automobile financing. This proposed rule would apply to providers of “digital wallets,” “funds transfer apps,” “payment apps,” and “person-to-person or P2P payments apps.” These providers would be considered a “larger participant” if they meet two criteria.

First, during the preceding calendar year, the provider must not be a “small business concern” under the Small Business Act. Second, to be subject to the rule, an entity must have an annual consumer payment transaction volume of at least five million transactions.

A “consumer payment transaction” is a payment transaction that results in the transfer of funds by or on behalf of a consumer.  In addition to encompassing a consumer’s transfer of their own funds, a “consumer payment transaction” would encompass a creditor’s transfer of funds to another person on behalf of a consumer as part of a consumer credit transaction.  Hence, even though a credit card payment is not an electronic fund transfer subject to Regulation E, the proposed rule would cover the use of digital wallet functionality to purchase nonfinancial goods or services using stored credit card credentials. The CFPB projects that this threshold would make roughly 17 entities subject to its supervision, which is around 9% of all known nonbank companies fitting these criteria.

Also of note, the Consumer Financial Protection Act (CFPA) allows the CFPB to supervise all service providers to entities that it supervises. This would result in the CFPB supervising all service providers to larger participant nonbank providers of payment apps and digital wallets. In addition, as the CFPB also notes, it can supervise any nonbank provider of digital wallets and payment apps—regardless of its size—that the CFPB has reasonable cause to determine is engaged in conduct that poses risks to consumers when providing financial products or services.

This all sounds good so far, but you’re probably wondering what it’s going to mean for these entities to be subject to CFPB supervision. In the CFPB’s view, it would help to ensure that these entities are complying with applicable requirements of Federal consumer financial law, such as the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P, and the Electronic Fund Transfer Act and its implementing Regulation E. In addition, as entities increasingly offer funds transfer and wallet functionalities through payment apps, the rule would enable the CFPB to monitor for new risks to both consumers and the market.