The CFPB’s Closer Look at Big Tech’s Payments Companies
On October 21, 2021, the Consumer Financial Protection Bureau (CFPB) ordered six of the largest technology companies in the United States to turn over information about their payment systems and practices. The CFPB has issued these orders to gain insights into how these large technology companies use personal payment data and manage data access to users with CFPB Director Rohit Chopra stating, “Big Tech companies are eagerly expanding their empires to gain greater control and insight into our spending habits…” The CFPB has stated that this information will allow the agency to ensure adequate consumer protection with the Bureau issuing these orders under Section 1022 (c)(4) of the Consumer Financial Act. This section authorizes the agency to order participants in the payment markets to turn over information that will help the agency monitor consumers’ risks.
The orders seek to illuminate the range of these consumer payment products and their underlying business practices. Specifically, the orders will compel information on:
- Data harvesting and monetization. The CFPB believes payment companies may be actively sharing payment data across product lines and with data brokers and other third parties. They argue that in some cases, large technology companies may be using this data for behavioral targeting. These practices may not align with consumers’ expectations. The orders seek information on how those companies collect and use data.
- Access restrictions and user choice. When payment systems gain scale and network effects, merchants and other partners feel obligated to participate, and the risk increases that payment systems operators will limit consumer choice and stifle innovation by anticompetitively excluding certain businesses. The orders seek to understand any restrictive access policies and how they affect the choices available to families and businesses.
- Other consumer protections. Consumers expect certain assurances when dealing with companies that move their money. They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under laws such as the Electronic Fund Transfer Act and the Gramm-Leach-Bliley Act.
This regulatory scrutiny of Big Tech adds to the jurisdictional creep that we have witnessed over the past few years as the Bureau expanded their supervisory oversight over third-party vendors and also support the narrative that we are seeing regarding a more aggressive CFPB under its new leadership. All technology companies focused on payments and/or the movement of money both domestically and internationally should be hyper-aware of the possible regulatory risks associated with their practices and should track the CFPB’s activity closely while reassessing their practices to ensure their regulatory risk exposure is within their tolerance levels.
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.