/>iOn Thursday, November 21, 2024, the Consumer Financial Protection Bureau (CFPB) published a final rule that will soon provide it with supervisory authority over large companies in the general-use digital consumer payment applications market. This rule will become effective 30 days after it is published in the Federal Register and will subject large participants in the digital payments market to periodic examination by the CFPB to assess whether the entity is complying with existing federal consumer financial laws. To be a larger participant under the rule and thus subject to the CFPB’s new authority, an entity (1) must have an annual volume of more than 50 million consumer payment transactions and (2) must not be a small business concern as defined by the Small Business Administration. The 50 million transaction threshold is a significant increase from the initial proposed rule, which contemplated a five million transaction threshold.
The general-use digital consumer payment applications market is broadly defined in the final rule. As the CFPB puts it:
The market described in the Final Rule includes providers of funds transfer and payment wallet functionalities through digital applications for consumers’ general use in making payments to other persons for personal, family, or household purposes. Examples include consumer financial products and services that are commonly described as “digital wallets,” “payment apps,” “funds transfer apps,” “peer-to-peer payment apps,” “person-to-person payment apps,” “P2P apps,” and the like.
The CFPB notes that the rule “does not impose new substantive consumer protection requirements” on any entity. Rather, it will enable the CFPB to proactively ensure that large participants “follow federal law just like large banks, credit unions, and other financial institutions already supervised by the CFPB.” Whether it be the Electronic Funds Transfer Act or the prohibition on unfair, deceptive or abusive acts or practices, the CFPB has always had regulatory and enforcement authority over participants in the digital payment applications market. Establishing a larger participants rule now gives the CFPB the ability to conduct routine and targeted examinations and obtain information from covered entities regarding their compliance and operational frameworks.
Financial services providers who have already gone through CFPB examinations — especially nonbank entities who haven’t historically been subject to supervisory authority by other federal regulators — know all too well that the CFPB’s examination process can be arduous and resource intensive. The first examination, even for large, sophisticated companies, is often a shock and a rude awakening, yielding numerous matters requiring attention and identifying areas where the CFPB requires enhancement. For example, while no federal consumer financial law explicitly requires that an entity maintain a compliance management system, the CFPB will surely expect to see formal documentation and a robust framework in place to ensure the company complies with its various obligations.
Companies that will now qualify as larger participants in the general-use digital consumer payment applications market would be wise to spend time now preparing for the CFPB’s impending oversight. Targeted risk assessments, mock examination engagements and training on CFPB examinations are all steps that should immediately be contemplated.
