On November 7, 2023, the Consumer Financial Protection Bureau (“CFPB”) announced a new proposed rule wherein providers of digital wallets and payment apps would be defined as “Larger Participants” and would become subject to supervision by the CFPB, as well as need to comply with consumer financial services laws and regulations. Comments to this Larger Participant rulemaking are due by January 8, 2024.
Any entity that will be submitting comments to this rulemaking should also carefully review the CFPB’s proposed rule regarding Personal Financial Data Rights (“PFDR”) and consider submitting comments to that rulemaking, as well, which comments are due on December 29, 2023. We have covered the PFDR rule in several articles – the first providing an overview is available here, the second regarding the entities that would be covered by the rule is available here, a third regarding the obligations of the entities and some of the technology aspects of the PFDR is in this Cabinet issue, and a fourth installment addressing issues not already covered and that summarizes the areas of likely greatest conflict will be published in the Cabinet issue next week.
The Consumer Financial Protection Act (“CFPA”) contains provisions that allow the CFPB to identify markets of consumer financial products and services that are deemed to be significant enough that the CFPB should be able to supervise and examine the large participants in those markets. To this end, the CFPB has engaged in five Larger Participant rulemakings (aside from the original three identified in the CFPA) defining the credit-reporting markets, auto finance markets, student-lending markets, international transfers markets, and the debt-collection markets, to name a few. Prior to these rulemakings, non-bank companies that provided the consumer financial products and services were not subject to supervision by the CFPB. Further, after these rulemakings, only those entities that meet the definition of being a “Larger Participant” in the market become subject to CFPB supervision.
In this rulemaking, the CFPB emphasized that part of its authority to supervise providers in the digital wallet and payment app market also rested upon another section of the CFPA giving them authority to supervise any non-bank covered person that it “has reasonable cause to determine by order, after notice to the covered person and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.” Further, although the CFPB protests that all participants in the digital wallet and payment app space are already covered entities, subject to CFPB enforcement, some of the companies that could be defined as larger participants may not consider themselves to be covered entities to date.
Simply, the scope of this Larger Participant rulemaking intends to cover, “providers of funds transfer and wallet functionalities through digital applications for consumers’ general use in making payments to other persons for personal, family, or household purposes.” These functionalities include digital wallets of all kinds, as well as person-to-person (or P2P) apps. Exclusions from the proposed market include payments made through retailer apps, extensions of credit through apps, and purchases or leases that are made through an app for transportation, lodging, food, an automobile, a dwelling or real property, a consumer financial product or service, to pay a debt, or to split a charge.
Larger Participants would be defined as those entities that are not deemed to be small businesses under the Small Business Act and that provide at least five million covered consumer payment transactions annually through a general-use digital consumer payment application. When it comes to payment volumes, five million transactions annually is not a very high bar, which is presumably why small businesses had to be specifically excluded.