CFPB proposes new federal oversight

The Consumer Financial Protection Bureau (CFPB) is proposing new oversight rules to ensure large tech companies offering digital wallet and payment app services adhere to the same supervisory standards as traditional financial institutions, aiming to create a level playing field and enhance consumer protection in the evolving digital payment landscape. The proposed CFPB rule is the sixth aimed at defining key players in significant consumer finance markets, following rules on consumer reporting, debt collection, student loans, money transfers, and auto financing. This proposed oversight is targeted toward nonbank financial companies, such as Apple, Meta, Google, and other big technology companies that manage over five million transactions annually. This initiative by the CFPB aims to establish uniformity in the financial landscape by creating a regulatory environment these 'larger participants' will be required to adhere to, just like large banks, credit unions, and other financial institutions already supervised by the CFPB are required to.

The COVID-19 pandemic pushed digital transactions and mobile payments to the forefront of the e-commerce industry and introduced new customers, firms, and various types of products to this method of payment. The digital payments market size by transactions was valued at $2,476.8 trillion in 2023 and is expected to grow at a compound annual growth rate of 14.3% over the forecast period, resulting in an estimate $5,848.5 trillion by 2030. With this massive growth, the CFPB recognizes the importance of implementing sophisticated regulatory strategies, mirroring the rapid progress in the payment services domain.

The below charts further highlight the growth of digital wallets including Figure 1 which depicts the forecasted growth of the U.S. Total Digital Wallet Near-Field Communication (“NFC”) Transaction Value, expected to surge to $587.52 billion by 2030, and Figure 2 which illustrates a dynamic expansion in the mobile payment industry between some of the largest non-financial 

The below charts further highlight the growth of digital wallets including Figure 1 which depicts the forecasted growth of the U.S. Total Digital Wallet Near-Field Communication (“NFC”) Transaction Value, expected to surge to $587.52 billion by 2030, and Figure 2 which illustrates a dynamic expansion in the mobile payment industry between some of the largest non-financial companies. These graphs further stress the importance the CFPB's proposed regulatory oversight has in aiming to fortify consumer protection and uphold the integrity of the market as digital payment platforms continue to integrate into the fabric of daily financial transactions.

The CFPB's 6th proposed rule will require significant organizational recalibrations for large tech companies, potentially leading to profound impacts across their operations including:

1. Sophisticated Governance Structures:

• Development of robust governance frameworks akin to those in the traditional banking sector, designed to withstand heightened regulatory scrutiny and ensure regulatory compliance at all organizational levels.

2. Intricate Compliance Architecture:

• Establishment of a comprehensive compliance infrastructure that is both resilient to changes in the regulatory environment and adaptable to new regulations. This architecture must:
  • Guarantee the protection of customer data through advanced security measures.
  • Ensure transparency in all transactional processes to uphold integrity and trust.
  • Promote ethical practices in handling user funds, aligning with best practices in financial management.

3. Compliance:

• Adhering to a more stringent regulatory framework that may necessitate revisions to existing policies and the introduction of new compliance procedures to meet the updated standards.

4. Consumer Protection:

• Placing a stronger emphasis on protecting consumer rights and interests, particularly concerning the security and privacy of consumer data, to foster a safer and more trustworthy financial ecosystem.

5. Operational Structure:

• Potential organizational restructuring to integrate enhanced governance and compliance frameworks into the operational fabric of the company, ensuring that compliance is embedded in all business processes and functions.

6. Risk Management:

• Bolstering risk management frameworks to better identify, assess, and mitigate regulatory and operational risks, ensuring that risk management practices are in line with the heightened regulatory expectations.

7. Intensified Internal Monitoring and Auditing:

• Strengthening internal controls and audit processes to proactively detect and address any compliance issues or lapses before they escalate. This includes:
  • Implementing sophisticated monitoring tools and analytics to track compliance in real-time.
  • Conducting regular audits and reviews to assess compliance health and identify areas for improvement.
  • The potential for significant penalties and sanctions from the CFPB for failing to adhere to compliance standards, mirroring past high-profile cases with financial institutions like Wells Fargo and U.S. Bank, which faced heavy fines for regulatory violations.
  • On December 20, 2022, Wells Fargo was ordered by the CFPB to pay a hefty sum of $3.7 billion, which included both redress to consumers and civil penalties due to widespread mismanagement across several of its major product lines which led to substantial financial harm to millions of its customers.
  • On December 19, 2023, U.S. Bank was fined $37.5 million for its illegal practices of accessing customers' personal data and opening unauthorized accounts and again was penalized $21 million for its unlawful conduct during the COVID-19 pandemic revolving around unemployed consumers being unable to access their unemployment benefits as the bank had frozen their accounts​​.

These instances underscore the CFPB's commitment to protecting consumers and ensuring financial institutions adhere to their legal standards and serve as a warning to these digital payments companies that these regulations once passed will be imperative to be adhered to.

At Sia Partners, we provide a vast suite of services designed to bolster risk management strategies, from rigorous documentation and record retention to advanced risk analysis. Our team consists of former regulators, industry professionals, and skilled data science experts dedicated to assisting large technology companies with the latest regulatory implementation support. With our experience, Sia Partners is well-equipped to navigate nonbank digital payment entities through the complexities of the CFPB's proposed regulations, and our commitment to innovation is aimed at helping these institutions achieve operational efficiencies while ensuring compliance with the latest regulatory standards. For more information on our innovative solutions, please visit our website Heka.