CFPB Aiming to Oversee Digital Payments
18 Januari 2024In late 2023, the Consumer Financial Protection Bureau (CFPB) proposed a rule that would subject nonbank fintech companies to the CFPB’s authority. The CFPB articulated that it intends the rule to “level the playing field” between banks and fintech companies by regulating digital payments, such as peer-to-peer mobile payment apps. This would add an extra layer of oversight beyond the federal and state money transmitter laws traditionally used to regulate these types of services.
Overview of the Proposed Rule
The CFPB asserts that it has the authority to expand the scope of the entities and services that it supervises—including those that the CFPB may define by rule as “larger participant[s] of a market” for consumer financial products or services.1 The new proposed rule would expand the scope of CFPB-supervised and examined entities by defining a new market under the CFPB’s purview, namely “general-use digital consumer payment applications.” The rule defines the market as having:
- “a covered payment functionality . . . in making consumer payment transaction(s);”
- through a “digital application;” and
- “for consumers’ general use.”
According to the CFPB, the new market definition would encompass digital payment and wallet applications for personal, family, or household purposes. We examine each of the elements of the definition, and the limits of the definition, below.
Covered Payment Functionality in Making Consumer Payment Transactions
“Covered payment functionality” is defined as “funds transfer functionality . . . a wallet functionality . . or both.” Such “funds transfer” and “wallet” functionalities must facilitate “consumer payment transactions,” which are transfers of funds (including credit) primarily for “personal, family, or household purposes.” Consumer payment transactions, however, would not include transfers between the same customer’s accounts, international money transfers, exchanges between different currencies, purchases/sales of securities or commodities, or purchases of goods or services using payment credentials stored by the goods’ merchants or the service providers (or affiliate), among other exceptions.
Digital Applications
“Digital applications” are defined as “software program[s] a consumer may access through a personal computing device, including but not limited to a mobile phone, smart watch, tablet, laptop computer, desktop computer.” The definition is broad, including most digital payment technologies, such as smartphone apps, “tap to pay,” QR codes, biometric payments (e.g., fingerprint), and other internet technologies. In an in-person retail purchase transaction, a consumer may activate a covered payment functionality by placing their personal computing device next to a merchant’s retail payment terminal. The digital application then may transmit payment instructions or payment credentials to a merchant payment processor. For instance, a mobile phone may transmit such data by using near-field communication (NFC) technology built into the mobile phone.
Consumers’ General Use
“General use” refers to the “absence of significant limitations on the purpose of consumer payment transactions.” The definition includes general peer-to-peer payments, and close-loop prepaid programs, but excludes specific payments such as those limited only to transportation, food, or lodging.
Issues and Limitations of the Proposed Rule
With such a major shift in proposed policy, the CFPB may create unintended consequences if the final rule is not drafted with due care. Indeed, below are three issues we encourage the industry and CFPB to contemplate.
Expansive Scope With a Minor Limitation
The proposed rule would limit the CFPB’s authority over companies providing general-use digital consumer payment applications to only those (1) with an annual volume of at least five million consumer payment transactions, and (2) that are not a small business concern. The CFPB estimated that these limitations would only bring seventeen (17) entities within the new rule. Nevertheless, the digital payments market is highly concentrated, with these 17 entities facilitating $1.7 trillion in transactions, or 88% of all transactions in the general-use digital payments industry. So this limitation has limited practical impact. Prudent policy-making may suggest adopting flexible compliance dates depending on the size or complexity of the covered entity.
Jurisdictional Issues With Securities and Commodities
“Consumer payment transactions” would exclude any transfer of funds that are primarily for the purchase or sale of a security (regulated by the U.S. Securities and Exchange Commission (SEC)) or a commodity (subject to the Commodity Futures Trading Commission’s (CFTC)’ enforcement authority). The new rule would require these assets to be either regulated by the SEC or CFTC, or traded by their respective regulated intermediaries, such as broker dealers. At present, most digital assets have not been officially classified by the regulators as a security or a commodity, but some like bitcoin, certain stablecoins, and ether, have been deemed commodities,2 and several others have been deemed securities.3 To fall under this exception (or comply with the proposed rule), cryptocurrency wallets and other digital payment providers would have to continually monitor which digital assets they support, in spite of little clarity on the security or commodity status of most digital assets.
In a similar vein, the CFPB’s interpretation of “funds” rests on uncertain ground in the context of digital assets. Because SEC Chair Gary Gensler has indicated his belief that the “vast majority” of cryptocurrencies are securities,4 the CFPB is entering into uncharted territorial waters with respect to the SEC. Moreover, with major digital asset commodities like bitcoin (the most prolific cryptocurrency), the proposed rule raises questions as to exactly which digital asset transfers the rule covers. Will the CFPB treat the rule as a “catch-all” applicable to every digital asset that has not been deemed a security or commodity or traded by their respective intermediaries?
Unintended Implications for Video Games
In terms of the scope of the rule, it would not specifically exempt video game transactions (unlike many money transmission statutes), which are digital transactions for in-game items or game currency. Indeed, the CFPB’s interpretation of “funds” may include video game currencies because they are, in the CFPB’s own words, “digital assets that have monetary value [(e.g., game currencies that are bought or sold with other currencies)], and are readily useable . . . as a medium of exchange [(e.g., to purchase virtual assets)].” The new rule may inadvertently encompass gaming that has traditionally not been regulated by the CFPB because digital assets are continually integrated into gaming, and there are otherwise robust markets using non-cryptocurrency game currencies and assets.
Conclusion
In proposing the new digital payment applications rule, the CFPB is seeking to make a large policy shift toward supervising large nonbank providers of consumer-based payments applications. The CFPB is likely to continue to refine the rule, and clarify portions that are currently ambiguous or unclear, as it considers the comments received in response to its notice of proposed rulemaking. The comment period closed on January 8, 2024. K&L Gates will continue to monitor developments as they occur.
We acknowledge the contributions to this publication from our first year associate Joshua L. Durham.