CMFA Analyst: There are issues with the Consumer Financial Protection Bureau's proposed digital wallet rules
Compiled by: Jack Solowey
When you use a government-regulated product, you might think that regulation is necessary for the smooth operation of that product or its industry. However, when regulators first propose special oversight years after a product has been functioning as expected, you may find yourself asking, "Why is regulation still needed?"
When it comes to the Consumer Financial Protection Bureau (CFPB) proposing to bring popular payment applications (such as Apple Pay, Google Pay, PayPal, Venmo, and Cash App) under regulatory oversight, the CFPB's answer to this question is: the applications are quite popular—CFPB sees success as a reason for stricter supervision.
The digital payment app market does not urgently need regulators to save consumers, and the proposed rules by the CFPB provide a real-time demonstration of how regulators will not hesitate to "fix" certain issues, even in—perhaps especially in—cases where, as the old saying goes, "it ain't broke."
This month, the CFPB proposed designating major digital consumer payment applications as "larger participants" in the consumer financial services market, placing them under institutional oversight. The Dodd-Frank Act grants the CFPB the authority to regulate these larger participants, meaning the CFPB can not only take enforcement actions against violations of consumer financial protection laws but also proactively monitor and examine these specific businesses.
The proposed rules state that the covered digital payment applications will face a range of potential CFPB regulatory activities, including record requests, regulatory meetings, record reviews, and on-site examinations for compliance assessments, reporting, and ratings. These examinations typically take about eight to ten weeks on average.
When a business is trying to get work done, all this bureaucratic hassle brings to mind a scene from The Simpsons, where Homer Simpson supervises a team of engineers:
Homer: "Are you guys working?"
Engineers: "Yes, sir."
Homer: "Can you work a little harder?"
According to the proposal, who exactly will be regulated by the CFPB? The proposed rules will cover providers of "general digital consumer payment" applications (including funds transfer and digital wallet applications) that meet transaction volume (5 million transactions per year) and company size (not classified as a small business under the law) requirements. The proposal includes some notable exceptions, such as exemptions for applications that facilitate payments for specific goods or services (i.e., not for general use) and exemptions for transactions conducted through proprietary platforms in these markets.
The proposal mentions "digital wallets," raising another question of whether cryptocurrency transfers and wallets fall within the scope. The answer is: "Maybe."
According to the CFPB, covered funds transfers include cryptocurrency transfers, so the rule may cover custodial crypto wallets (where service providers control access to users' funds via private keys) used for these purposes. However, the proposed rules do not include the purchase or trading of cryptocurrencies, as it does not involve one form of funds exchanging for another, nor does it include the purchase of securities and commodities regulated by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). (The unresolved jurisdictional issues of the SEC and CFTC over cryptocurrencies have created unnecessary regulatory ambiguity.)
The proposed rules regarding self-custodied crypto wallets (where users control their own private keys) may depend on interpretive issues (including those related to the definition of "wallet functionality"), which could leave room for the agency to include certain self-custodied wallets under regulatory oversight. (If the CFPB goes this route, it would be another example of placing core crypto technology under poorly conceived regulation.)
When it comes to the reasons for the CFPB proposing this rule, it is paradoxical that data indicating the digital payment application market is not collapsing is cited by the CFPB as a basis for special regulation of the market. "The CFPB proposed to regulate non-bank covered persons, which are larger participants in the market, because the market has significant and growing importance in consumers' daily financial lives." In other words, merely meeting consumer demand necessitates stricter scrutiny.
How popular are these applications? According to data from the CFPB itself, 76% of Americans have used one of the four major payment applications; 61% of low-income consumers report using payment applications; merchants' acceptance of payment applications "has rapidly expanded as businesses seek to make it as easy as possible for consumers to make purchases using their preferred payment methods"; and adoption among younger users may drive further growth.
Separate survey data often supports the view that consumers' positive evaluations of these applications align with their expressed preferences. According to Morning Consult's 2017 survey data, a significant number of American adults are very satisfied or somewhat satisfied with various digital payment applications, including Venmo (71%), Apple Pay (82%), Google Wallet (79%), and PayPal (91%). Recently, some have even attempted to define Apple Pay as making payments "too easy," which is detrimental to consumers' interests.
The CFPB's proposal is not an example of a regulator seeking to build much-needed order in a fragmented, lawless industry, but rather an example of an agency raising compliance requirements in an already regulated space. For instance, consumer financial products and services (including consumer payment services provided through any technology) are already subject to the CFPB's authority to enforce prohibitions against unfair, deceptive, or abusive acts. Additionally, the CFPB already has the authority to oversee relevant financial service providers and can issue orders when there is reasonable cause to determine that a provider poses a risk to consumers, but the agency has failed to do so in a compelling manner in the proposal.
The CFPB is attempting to exercise regulatory authority over the digital payment application market without needing to identify specific risks faced by consumers, indicating a fundamental flaw in the agency's regulatory approach.
In terms of digital payment applications, the proposed regulatory regime is not aimed at failures in the consumer financial services market but rather at the success of the market. In this regard, one cannot help but ask: what other regulatory regimes that consumers take for granted initially began to address problems?
