CFPB Issues Proposed Rule to Expand Supervisory Authority, Conduct Examinations of Digital Wallets and Mobile Payment Apps

Yesterday, the Consumer Financial Protection Bureau (CFPB) released a notice of proposed rulemaking that would allow the agency to supervise and conduct examinations of certain non-bank providers of digital wallets and payment apps. The move is intended to address perceived regulatory arbitrage by ensuring large technology firms and other nonbank payments companies are subjected to appropriate oversight,” according to CFPB Director Rohit Chopra.

While the Bureau has always had enforcement authority over digital wallets and payment apps, the proposed rule would newly authorize the Bureau to supervise” the providers, including by conducting periodic examinations, which can include on-site or remote inspections, review of company compliance policies and procedures, testing transactions and accounts, and evaluating management and recordkeeping systems. Examinations may result in supervisory letters, compliance ratings, or, if inspectors identify perceived legal violations, enforcement actions with fines and civil penalties.

The Bureau’s proposed rule – its sixth effort to supervise nonbank providers of financial services – comes as an increasing number of financial transactions occur outside the traditional banking system. Payment systems are critical infrastructure for our economy,” Director Chopra said in a press release announcing the new rule. These activities used to be conducted almost exclusively by supervised banks” and the proposed rule is intended to require fintech providers to play by the same rules as banks and credit unions.”

The rule would open up supervision and inspection for larger participants” offering general-use digital consumer payment applications,” including digital wallets, payment apps, funds transfer apps, person-to-person (P2P) payment apps, or similar. The proposed rule notes that subject entities would be examined for compliance with federal consumer financial laws and their prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and Regulation P, and the Electronic Fund Transfer Act and Regulation E, amongst other laws.

The rule would only apply to companies that the CFPB defines as larger participants” and proposes a threshold of companies that process five million transactions in a year (including affiliated companies) that are not considered a small business concern” by the Small Business Administration. The Bureau estimates that 17 providers of general-use digital consumer payment applications would currently meet the proposed threshold and that those providers handle roughly 88% of known transactions in the nonbank market for general-use digital consumer payment applications. Notably though, those numbers are just estimates – and could be based on incomplete or inaccurate data. Either way, that number is likely to grow as fintech transactions continue to grow in popularity.

A few additional highlights on scope and key definitions:

  • The proposed rule applies to larger participants providing a covered payment functionality through a digital application for consumers’ general use in making consumer payment transactions.”
  • A covered payment functionality” is a funds transfer functionality,” a wallet functionality” or both. Wallet functionality is defined broadly to include any product or service that stores account or payment credentials, and that transmits, routes, or otherwise processes such stored account or payment credentials to facilitate a consumer payment transaction.
  • Digital applications” are defined as software programs run from a personal computing device, like a mobile phone, watch, or a tablet. The application should be available for general use,” meaning it does not have significant limitations on its use for consumer payment transactions. According to the proposed rule, if the application can only be used to buy a specific category of products or services (i.e., transportation, lodging, food), it does not meet the definition of general use.
  • The proposed rule defines consumer payment transactions” to include paying another person for a personal, family, or household purpose” and to exclude international money transfers or foreign exchange transfers, or a transaction conducted by a person for the sale of goods/services at that person’s store or marketplace.

The Bureau solicits comments on all aspects of the proposed rule, as well as specific definitions and limitations, and will accept comments until January 8.