Rohit Chopra, director of the US Consumer Financial Protection Bureau (CFPB), has long focused on “big technology” and the use of consumer data. This interest predates his time at the CFPB and continues in this role. The CFPB has taken several high-profile actions regarding these issues. These include:
- providing advance notice of proposed rulemaking to implement section 1033 of the Dodd-Frank Act, which gives the CFPB rulemaking authority over how financial institutions must provide consumer account information (predating Chopra’s arrival at the agency);
- For big tech and buy-now, post-paid (BNPL) companies, including how they use consumer data to inform their business;
- Issuing an advisory opinion providing that digital marketing providers who are materially involved in the development of a content strategy may be “service providers” of covered financial institutions that prohibit unfair, deceptive or abusive practices or acts (UDAAP) (read our analysis); And
- Issuing a circular stating that financial companies may be in violation of that UDAAP prohibition if they do not take appropriate steps to protect customer information.
Lost in the controversy is a recent report by the CFPB that provides important insights into how the agency (and perhaps Chopra) thinks about these issues and what next steps we can expect. The report, titled “Payments and Commerce: Implications for Consumers,” the agency discusses three new use cases in the payment space and their implications for consumers.
Use cases
“Super Apps”
The first use case is what the CFPB calls “super apps.” CFBB defines “super apps” as apps that combine multiple services into a single smartphone application and cites a few foreign examples of such apps. The report acknowledges that the “US market is growing” and that the foreign super-app model is unlikely to catch on in the US, instead focusing on what the report describes as a “banking by app approach”.[b]Yond mobile banking apps offered by most financial services companies, this concept combines additional services related to financial services and payments to add value and retain the user. As for these apps, the report notes that “convenience value is determined by the wallet provider” and can be exploited if users are not fully aware of the app’s capabilities and permissions.
Buy now, pay later.
The second use case focuses on the BNPL products that are spread in the market. The report describes these products as “a form of unsecured short-term credit that allows consumers to pay off purchases in four interest-free installments at the time of sale.” CFBB describes the evolution of BNPL’s market from its first iteration, in which suppliers offered their products on merchant websites, to what the agency calls BNPL’s supplier-driven “lead generation” model.[e] Consumer traffic directly through their own applications and monetiz[e] Traffic by charging referral (or affiliate) fees to merchants willing to pay for prime ad space. The CFPB likens this evolution to the emergence of indoor shopping malls in the traditional retail context—where consumers go to a store (or visit a particular retailer’s website) and now shop at multiple stores (the mall) in one place. or BNPL App).
“Embedded Business”
A third use case is what the CFPB terms “embedded commerce”—the ability to make a purchase or payment directly within an app or social media feed “rather than interacting with traditional ad-based retail websites. According to the agency,[e]Fraudulent trading makes it easy for a consumer to be scammed by a legitimate merchant or unknowingly end up with a subscription that results in ongoing payments.
Risks to consumers
“Monetizing Consumer Financial Information”.
After exploring these use cases, the agency will describe what it considers to be emerging risks to consumers from developments in the payments ecosystem. First, and while director Chopra’s previous comments have been less than impressive, is what CFBB calls “the monetization of consumer financial data.” After describing the myriad ways consumers generate and companies collect data, the CFPB says, “More data creates greater opportunities to misuse that data.” Reflecting director Chopra’s frequent skepticism about algorithms and machine learning, the report says that companies using this technology to increasingly use customers’ financial data to automatically generate results can reap huge financial benefits from consumers. Making decisions with some clarity. The agency intends to monitor the UDAAP and fair lending risks associated with these activities, the report said. The report identifies a lack of understanding of how consumer data is used and the sale of that data to third parties as risks.
“Size and Market Power”.
The second consumer risk identified in the report is the risk of “scale and market power”. In this regard, the report is consistent with Director Chopra’s repeated comments on the antitrust lens of trying to view abuse of market power and consumer protection issues. In the absence of regulation, the report said, payment providers could degenerate into monopolies, duopolies or oligopolies, “The current payment ecosystem includes, for example, four major card networks and two major services for payment processing.” Bank-to-bank transactions. The use of consumer data exacerbates this risk, the report says, because “data aggregation has the potential to create more sustainable business models, especially when combined with financial and non-financial data.” Although the CFPB is not an antitrust enforcer, as we discussed earlier, it asserts discretion under the UDAAP authority based on allegations of abuse of market power.
to be taken
Finally, the report concludes with a brief section on the CFPB’s future areas of focus: (i) outlining legislation to implement Section 1033 to “give consumers more control over their financial data, including their payment and transaction data;” (ii) issuing a report on the BNPL market and determining “whether regulatory interventions are appropriate”; and (iii) focusing on the transition to real-time payments and “seeking to mitigate the potential consequences of large technology companies entering this space,” “evaluating ways to protect consumers and reduce fraud losses by consumers and market participants.” It’s focused on large technological engagements, particularly in how consumer data is used (or, in the agency’s view, misused). Market participants should consider potential CFPB attitudes and actions as they continue to innovate in these areas.
