AGENCY:

Consumer Financial Protection Bureau.

ACTION:

Proposed rule; request for public comment.

SUMMARY:

The Consumer Financial Protection Bureau (CFPB) proposes a rule to define a market for general-use digital consumer payment applications. The proposed market would cover providers of funds transfer and wallet functionalities through digital applications for consumers' general use in making payments to other persons for personal, family, or household purposes. Larger participants of this market would be subject to the CFPB's supervisory authority under the Consumer Financial Protection Act (CFPA).

DATES:

Comments should be received on or before January 8, 2024.

ADDRESSES:

You may submit comments, identified by Docket No. CFPB–2023–0053 or RIN 3170–AB17, by any of the following methods:

• Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. A brief summary of this document will be available at https://www.regulations.gov/​docket/​CFPB-2023-0053.

• Email: 2023-NPRM-PaymentApps@cfpb.gov. Include Docket No. CFPB–2023–0053 or RIN 3170–AB17 in the subject line of the message.

• Mail/Hand Delivery/Courier: Comment Intake—LP Payment Apps Rulemaking, Consumer Financial Protection Bureau, c/o Legal Division Docket Manager, 1700 G Street NW, Washington, DC 20552. Because paper mail in the Washington, DC area and at the CFPB is subject to delay, commenters are encouraged to submit comments electronically.

Instructions: The CFPB encourages the early submission of comments. All submissions should include the agency name and docket number or Regulatory Information Number (RIN) for this rulemaking. In general, all comments received will be posted without change to https://www.regulations.gov.

All comments, including attachments and other supporting materials, will become part of the public record and are subject to public disclosure. Proprietary information or sensitive personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Comments will not be edited to remove any identifying or contact information.

FOR FURTHER INFORMATION CONTACT:

Christopher Young, Deputy Assistant Director, and Owen Bonheimer, Senior Counsel, Office of Supervision Policy, at 202–435–7700. If you require this document in an alternative electronic format, please contact CFPB_Accessibility@cfpb.gov.

SUPPLEMENTARY INFORMATION:

I. Overview

Section 1024 of the CFPA,^[1] codified at 12 U.S.C. 5514, gives the CFPB supervisory authority over all nonbank covered persons ^[2] offering or providing three enumerated types of consumer financial products or services: (1) Origination, brokerage, or servicing of consumer loans secured by real estate and related mortgage loan modification or foreclosure relief services; (2) private education loans; and (3) payday loans.^[3] The CFPB also has supervisory authority over “larger participant[s] of a market for other consumer financial products or services,” as the CFPB defines by rule.^[4] In addition, the CFPB has the authority to supervise any nonbank covered person that it “has reasonable cause to determine by order, after notice to the covered person and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in Start Printed Page 80198 conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.” ^[5]

This proposed rule (the Proposed Rule) would be a sixth in a series of CFPB rulemakings to define larger participants of markets for consumer financial products and services for purposes of CFPA section 1024(a)(1)(B).^[6] The Proposed Rule would establish the CFPB's supervisory authority over certain nonbank covered persons participating in a market for “general-use digital consumer payment applications.” ^[7] In establishing the CFPB's supervisory authority over such persons, the Proposed Rule would not impose new substantive consumer protection requirements or alter the scope of the CFPB's other authorities. In addition, some nonbank covered persons that would be subject to the CFPB's supervisory authority under the Proposed Rule also may be subject to other CFPB supervisory authorities under CFPA section 1024, including, for example, as a larger participant in another market defined by a previous CFPB larger participant rule. Finally, regardless of whether they are subject to the CFPB's supervisory authority, nonbank covered persons generally are subject to the CFPB's regulatory and enforcement authority.

The proposed market would include providers of funds transfer and wallet functionalities through digital applications for consumers' general use in making payments to other persons for personal, family, or household purposes. Examples include many consumer financial products and services that are commonly described as “digital wallets,” “payment apps,” “funds transfer apps,” “person-to-person payment apps,” “P2P apps,” and the like. Providers of consumer financial products and services delivered through these digital applications help consumers to make a wide variety of consumer payment transactions, including payments to friends and family and payments for purchases of nonfinancial goods and services.

The CFPB is authorized to supervise nonbank covered persons subject to CFPA section 1024 for purposes of (1) assessing compliance with Federal consumer financial law; (2) obtaining information about such persons' activities and compliance systems or procedures; and (3) detecting and assessing risks to consumers and consumer financial markets.^[8] The CFPB conducts examinations, of various scopes, of supervised entities. In addition, the CFPB may, as appropriate, request information from supervised entities prior to or without conducting examinations.^[9] Section 1090.103(d) of the CFPB's existing larger participant regulations provides that the CFPB may require submission of certain records, documents, and other information for purposes of assessing whether a person is a larger participant of a covered market.^[10]

The CFPB prioritizes supervisory activity among nonbank covered persons on the basis of risk, taking into account, among other factors, the size of each entity, the volume of its transactions involving consumer financial products or services, the size and risk presented by the market in which it is a participant, the extent of relevant State oversight, and any field and market information that the CFPB has on the entity.^[11] Such field and market information can include, for example, information from complaints and any other information the CFPB has about risks to consumers and to markets posed by a particular entity.

The specifics of how an examination takes place vary by market and entity. However, the examination process generally proceeds as follows. CFPB examiners contact the entity for an initial conference with management and often request records and other information. CFPB examiners ordinarily also review the components of the supervised entity's compliance management system. Based on these discussions and a preliminary review of the information received, examiners determine the scope of an on-site or remote examination and then coordinate with the entity to initiate this portion of the examination. While on-site or working remotely, examiners spend some time discussing with management the entity's compliance policies, processes, and procedures; reviewing documents and records; testing transactions and accounts for compliance; and evaluating the entity's compliance management system. Examinations may involve issuing confidential examination reports, supervisory letters, and compliance ratings. In addition to the process described above, the CFPB also may conduct other supervisory activities, such as periodic monitoring.^[12]

II. Summary of the Proposed Rule

The CFPB is authorized to define larger participants in markets for consumer financial products or services. Subpart A of the CFPB's existing larger-participant rule, 12 CFR part 1090, prescribed procedures, definitions, standards, and protocols that apply for all markets in which the CFPB defines larger participants.^[13] Those generally-applicable provisions also would apply to the general-use digital consumer payment application market described by the Proposed Rule. The definitions in § 1090.101 should be used to interpret terms in the Proposed Rule unless otherwise specified.

The CFPB includes relevant market descriptions and associated larger-participant tests, as it develops them, in Start Printed Page 80199 subpart B.^[14] Accordingly, the Proposed Rule defining larger participants of a market for general-use digital consumer payment applications would become § 1090.109 in subpart B.

The Proposed Rule would define a market for general-use digital consumer payment applications that would cover specific activities. The proposed market definition generally includes nonbank covered persons that provide funds transfer or wallet functionalities through a digital application for consumers' general use in making consumer payments transactions as defined in the Proposed Rule. The Proposed Rule defines “consumer payment transactions” to include payments to other persons for personal, household, or family purposes, excluding certain transactions as described in more detail in the section-by-section analysis in part IV below. The Proposed Rule also provides specific examples of digital payment applications that do not fall within the proposed market definition because they do not have general use for purposes of the Proposed Rule.

The Proposed Rule would set forth a test to determine whether a nonbank covered person is a larger participant of the general-use digital consumer payment applications market. A nonbank covered person would be a larger participant if it satisfies two criteria. First, the nonbank covered person (together with its affiliated companies) must provide general-use digital consumer payment applications with an annual volume of at least five million consumer payment transactions. Second, the nonbank covered person must not be a small business concern based on the applicable Small Business Administration (SBA) size standard. As prescribed by existing § 1090.102, any nonbank covered person that qualifies as a larger participant would remain a larger participant until two years from the first day of the tax year in which the person last met the larger-participant test.^[15]

As noted above, § 1090.103(d) of the CFPB's existing larger participant regulation provides that the CFPB may require submission of certain records, documents, and other information for purposes of assessing whether a person is a larger participant of a covered market.^[16] This authority would be available to facilitate the CFPB's identification of larger participants of the general-use digital consumer payment applications market, just as in other markets defined in subpart B. In addition, pursuant to existing § 1090.103(a), a person would be able to dispute whether it qualifies as a larger participant in the general-use digital payment applications market. The CFPB would notify an entity when the CFPB intended to undertake supervisory activity; the entity would then have an opportunity to submit documentary evidence and written arguments in support of its claim that it was not a larger participant.^[17]

The CFPB invites comment on all aspects of this notice of proposed rulemaking and on the specific issues on which it solicits comment elsewhere herein, including on any appropriate modifications or exceptions to the Proposed Rule.

III. Legal Authority and Procedural Matters

A. Rulemaking Authority

The CFPB is issuing the Proposed Rule pursuant to its authority under the CFPA, as follows: (1) sections 1024(a)(1)(B) and (a)(2), which authorize the CFPB to supervise nonbanks that are larger participants of markets for consumers financial products or services, as defined by rule; ^[18] (2) section 1024(b)(7), which, among other things, authorizes the CFPB to prescribe rules to facilitate the supervision of covered persons under section 1024; ^[19] and (3) section 1022(b)(1), which grants the CFPB the authority to prescribe rules as may be necessary or appropriate to enable the CFPB to administer and carry out the purposes and objectives of Federal consumer financial law, and to prevent evasions of such law.^[20]

B. Consultation With Other Agencies

In developing the Proposed Rule, the CFPB has consulted with or provided an opportunity for consultation and input to the Federal Trade Commission (FTC), as well as with the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission, on, among other things, consistency with any prudential, market, or systemic objectives administered by such agencies.^[21]

C. Proposed Effective Date of Final Rule

The Administrative Procedure Act generally requires that rules be published not less than 30 days before their effective dates.^[22] The CFPB proposes that, once issued, the final rule for this proposal would be effective 30 days after it is published in the Federal Register .

IV. Section-by-Section Analysis

Part 1090

Subpart B—Markets

Section 1090.109 General-Use Digital Consumer Payment Applications Market

The Proposed Rule would add a new § 1090.109 to existing subpart B of part 1090 of the CFPB's rules to establish CFPB supervisory authority over nonbank covered persons who are larger participants in a market for general-use digital consumer payment applications.^[23] Proposed § 1090.109 includes the proposed market definition and market-related definitions in paragraph (a) and a test to define larger participants in a market for general-use digital consumer payment applications in paragraph (b).

Many nonbanks provide consumer financial products and services that allow consumers to use digital applications accessible through personal computing devices, such as mobile phones, tablets, smart watches, or computers, to transfer funds to other persons. Some nonbanks also provide consumer financial products and services that allow consumers to use digital applications on their personal computing devices to store payment credentials they can then use to purchase goods or services at a variety Start Printed Page 80200 of stores, whether by communicating with a checkout register or a self-checkout machine, or by selecting the payment credential through a checkout process at ecommerce websites. Subject to the definitions, exclusions, limitations, and clarifications discussed below, the proposed market definition generally would cover these consumer financial products and services.

The CFPB is proposing to establish supervisory authority over nonbank covered persons who are larger participants in this market because this market has large and increasing significance to the everyday financial lives of consumers.^[24] Consumers are growing increasingly reliant on general-use digital consumer payment applications to initiate payments.^[25] Recent market research indicates that 76 percent of Americans have used at least one of four well-known P2P payment apps, representing substantial growth since the first of the four was established in 1998.^[26] Even among consumers with annual incomes lower than $30,000 who have more limited access to digital technology,^[27] 61 percent reported using P2P payment apps.^[28] And higher rates of use by U.S. adults in lower age brackets may drive further growth well into the future.^[29] Across the United States, merchant acceptance of general-use digital consumer payment applications also has rapidly expanded as businesses seek to make it as easy as possible for consumers to make purchases through whatever is their preferred payment method.^[30]

Consumers rely on general-use digital consumer payment applications for many aspects of their everyday lives. In general, consumers make payments to other individuals for a variety of reasons, including sending gifts or making informal loans to friends and family and purchasing goods and services, among many others.^[31] Consumers can use digital applications to make payments to individuals for these purposes, as well as to make payments to businesses, charities, and other organizations. According to one recent market report, nonbank digital payment apps have rapidly grown in the past few years to become the most popular way to send money to other individuals other than cash,^[32] and are used for a higher number of such transactions than cash.^[33] For many consumers, general-use digital consumer payment applications offer an alternative, technological replacement for non-digital payment methods. ^[34] Start Printed Page 80201 Consumers increasingly have adopted general-use digital consumer payment applications ^[35] as part of a broader movement toward noncash payments.^[36] Amid growing merchant acceptance of general-use digital consumer payment applications, consumers with middle and lower incomes use digital consumer payment applications for a share of their overall retail spending that rivals or exceeds their use of cash.^[37] Such applications now have a share of ecommerce payments volume that is similar to or greater than other traditional payment methods such as credit cards and debit cards used outside of such applications.^[38] Such applications also have been gaining an increasing share of in-person retail spending.^[39]

The Proposed Rule would bring nonbanks that are larger participants in a market for general-use digital consumer payment applications within the CFPB's supervisory jurisdiction.^[40] Supervision of larger participants, who engage in a substantial portion of the overall activity in this market, would help to ensure that they are complying with applicable requirements of Federal consumer financial law, such as the CFPA's prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P,^[41] and the Electronic Fund Transfer Act and its implementing Regulation E.^[42] In addition, as firms increasingly offer funds transfer and wallet functionalities through general-use digital consumer payment applications, the rule would enable the CFPB to monitor for new risks to both consumers and the market.^[43] The CFPB's ability to monitor for emerging risks is critical as new product offerings blur the traditional lines of banking and commerce.^[44]

Finally, the Proposed Rule can help level the playing field between nonbanks and depository institutions, which the CFPB regularly supervises and which also provide general-use digital consumer payment applications.^[45] Greater supervision of nonbanks in this market therefore would further the CFPB's statutory objective of ensuring that Federal consumer financial law is enforced consistently between nonbanks and depository institutions in order to promote fair competition.

109(a)(1) Market Definition—Providing a General-Use Digital Consumer Payment Application

Proposed § 1090.109(a)(1) would describe the market for consumer financial products or services covered by the Proposed Rule as encompassing “providing a general-use digital consumer payment application.” The term would be defined to mean providing a covered payment functionality through a digital application for consumers' general use in making consumer payment transaction(s). This term incorporates other terms defined in proposed § 1090.109(a)(2): “consumer payment transaction(s),” “covered payment functionality,” “digital application,” and “general use.” The term “covered payment functionality” includes a “funds transfer functionality” and a “wallet functionality,” terms which proposed § 1090.109(a)(2) also defines. The term “consumer payment transaction(s)” also incorporates another term—“State,” which proposed § 1090.109(a)(2) defines. The section-by-section analysis of proposed § 1090.109(a)(2) below discusses these and other aspects of the proposed definitions of these terms.

The CFPB seeks comment on all aspects of the proposed market definition, including whether the market definition in proposed § 1090.109(a)(1) or the market-related definitions in proposed § 1090.109(a)(2), discussed in the section-by-section analysis below, should be expanded, narrowed, or otherwise modified.

109(a)(2) Market-Related Definitions

Proposed § 1090.109(a)(2) would define several terms that are relevant to the market definition described above.

Consumer Payment Transaction(s)

The proposed market definition applies to providing covered payment functionalities through a digital application for a consumer's general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would define the term “consumer payment transactions” to mean the transfer of funds by or on behalf of a consumer physically located in a State to another person primarily for personal, family, or household purposes. The proposed definition would clarify that, except for transactions excluded under paragraphs (A) through (D), the term applies to transfers of consumer funds and transfers made by extending consumer credit. Paragraphs (A) through (D) of the proposed definition would exclude the Start Printed Page 80202 following four types of transactions: (A) An international money transfer as defined in § 1090.107(a) of this part; (B) A transfer of funds that is ( 1) linked to the consumer's receipt of a different form of funds, such as a transaction for foreign exchange as defined in 12 U.S.C. 5481(16), or ( 2 ) that is excluded from the definition of “electronic fund transfer” under § 1005.3(c)(4) of this chapter; (C) A payment transaction conducted by a person for the sale or lease of goods or services that a consumer selected from an online or physical store or marketplace operated prominently in the name or such person or its affiliated company; and (D) An extension of consumer credit that is made using a digital application provided by the person who is extending the credit or that person's affiliated company.^[46]

The Proposed Rule would define the term “consumer payment transaction” for purposes of the Proposed Rule. Payment transactions that are excluded from, or otherwise do not meet, the definition of “consumer payment transaction” in the Proposed Rule would not be covered by the market definition in the Proposed Rule. However, persons facilitating those transactions may still be subject to other aspects of the CFPB's authorities besides its larger participant supervisory authority established by the Proposed Rule.

The first component of the proposed definition of “consumer payment transaction” is that the payment transaction must result in a transfer of funds by or on behalf of the consumer. This component therefore focuses on the sending of a payment, and not on the receipt. The proposed definition would encompass a consumer's transfer of their own funds—such as funds held in a linked deposit account or in a stored value account. It also would encompass a creditor's transfer of funds to another person on behalf of the consumer as part of a consumer credit transaction.^[47] For example, a nonbank's wallet functionality may hold a credit card account or payment credential that a consumer uses to obtain an extension of credit from an unaffiliated depository institution. If the consumer uses the digital wallet functionality to purchase nonfinancial goods or services using such a credit card, the credit card issuing bank may settle the transaction by transferring funds to the merchant's bank for further transfer to the merchant, and a charge may appear on the consumer's credit card account. That transfer of funds may constitute part of a consumer payment transaction under the Proposed Rule regardless of whether it is an electronic fund transfer subject to Regulation E.^[48]

The CFPA does not include a specific definition for the term “funds,” but that term is used in various provisions of the CFPA, including in section 1002(15)(A)(iv), which defines the term “financial product or service” to include “engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer.” ^[49] Without fully addressing the scope of that term, the CFPB believes that, consistent with its plain meaning, the term “funds” in the CFPA is not limited to fiat currency or legal tender, and includes digital assets that have monetary value and are readily useable for financial purposes, including as a medium of exchange. Crypto-assets, sometimes referred to as virtual currency, are one such type of digital asset.^[50] For example, relying on plain meaning dictionary definitions, courts have found that certain crypto-assets, including Bitcoin, constitute “funds” for purposes of other Federal statutes because they “can be easily purchased in exchange for ordinary currency, acts as a denominator of value, and is used to conduct financial transactions.” ^[51] For these reasons, under the Proposed Rule, the transfer of funds in the form of the digital assets described above by or on behalf of a consumer physically located in a State to another person primarily for person, family, or household purposes would qualify as a “consumer payment transaction” unless one of the proposed exclusions to the definition of that term applies. And, by extension, providing a covered payment functionality through a digital application for consumers' general use in making such consumer payment transactions would fall within the proposed market definition.

The second component of the proposed definition of “consumer payment transaction” is that the consumer must be physically located in a State, a term the proposal would define by reference to jurisdictions that are part of the United States as discussed in the section-by-section analysis below. This component would be satisfied, for example, when the consumer uses a general-use digital consumer payment application on a personal computing device or at a point of sale that is physically located in a State. By contrast, with this limitation, if a consumer is physically located outside of any State at the time of engaging in a payment transaction, then the payment transaction would not be a consumer payment transaction covered by the Proposed Rule.^[52] Thus, this limitation would clarify that the proposed market definition does not include payments initiated by a consumer physically located in a foreign country.^[53] Based on its understanding of the market, the CFPB expects that participants in the proposed market will generally be aware of indicators regarding the consumer's location at the time of a transaction ( e.g., based on the point of sale, the location of the consumer's device, or the consumer's residence). The CFPB requests comment on this limitation.

The third component of the proposed definition of “consumer payment transaction” is that the funds transfer must be made to another person besides the consumer. For example, the other person could be another consumer, a business, or some other type of entity. This component would distinguish the Start Printed Page 80203 proposed market for general-use digital payment applications that facilitate payments consumers make to other persons from adjacent but distinct markets that include other consumer financial products and services, including the activities of taking deposits; selling, providing, or issuing of stored value; and extending consumer credit by transferring funds directly to the consumer. For example, this component of the proposed definition would exclude transfers between a consumer's own deposit accounts, transfers between a consumer deposit account and the same consumer's stored value account held at another financial institution, such as loading or redemptions, as well as a consumer's withdrawals from their own deposit account such as by an automated teller machine (ATM).

The fourth component of the proposed definition of “consumer payment transaction” is that the funds transfer must be primarily for personal, family, or household purposes. The proposed definition of “consumer payment transaction” includes this component to define those payment transactions that are, by their nature, consumer transactions. Under a relevant definition of consumer financial products and services in CFPA section 1002(5)(A), a financial product or service is a consumer financial product or service when it is offered or provided for use by consumers primarily for personal, family, or household purposes.^[54] The Proposed Rule would define a consumer payment transaction as one that is primarily for personal, family, or household purposes, and would define the relevant market activity (providing a general-use digital consumer payments application) by reference to its use with respect to consumer payment transactions. Although a general-use digital consumer payment application also could help individuals to make payments that are not for personal, family, or household purposes, such as purely commercial (or business-to-business) payments, those payments would not fall within the proposed definition of “consumer payment transaction.”

In addition, the proposed definition of “consumer payment transaction” would exclude four types of transfers. First, paragraph (A) of the proposed definition would exclude international money transfers as defined in § 1090.107(a). In its 2014 international money transfer larger participant rulemaking, the CFPB determined that the complexities involved in international money transfers, such as foreign exchange rates, foreign taxes, and legal, administrative, and language complexities, as well as the CFPB's remittances rule, justified treating that market as a separate market from the domestic money transfer market for purposes of that larger participant rule.^[55] In proposing this larger participant rule, the CFPB is not proposing to alter the international money transfer larger participant rule. Rather, the CFPB is proposing this larger participant rule to define a separate market, focused on the use of digital payment technologies to help consumers make payment transactions that are not international money transfers as defined in the international money transfer larger participant rule. Accordingly, the proposed definition of “consumer payment transaction” would exclude an international money transfer as defined in § 1090.107(a). To the extent that nonbank international money transfer providers facilitate those transactions, whether through a digital application or otherwise,^[56] that activity remains part of the international money transfer market, and the CFPB may be able to supervise such a nonbank if it meets the larger-participant test in the international money transfer larger participant rule.

Second, for clarity, paragraph (B) the proposed definition of “consumer payment transaction” would exclude a transfer of funds by a consumer ( 1) that is linked to the consumer's receipt of a different form of funds, such as a transaction for foreign exchange as defined in 12 U.S.C. 5481(16), or ( 2) that is excluded from the definition of “electronic fund transfer” under § 1005.3(c)(4) of this chapter. Paragraph ( 1) of this proposed exclusion would clarify, for example, that the market as defined in the Proposed Rule does not include transactions consumers conduct for the purpose of exchanging one type of funds for another, such as exchanges of fiat currencies ( i.e., the exchange of currency issued by the United States or of a foreign government for the currency of a different government), a purchase of a crypto-asset using fiat currency, a sale of a crypto-asset in which the seller receives fiat currency in return, or the exchange of one type of crypto-asset for another type of crypto-asset. Paragraph ( 2 ) would clarify that transfers of funds the primary purpose of which is the purchase or sale of a security or commodity in circumstances described in Regulation E section 3(c)(4) and its associated commentary also would not qualify as consumer payment transactions for purposes of the Proposed Rule.^[57]

Third, paragraph (C) would exclude a payment transaction conducted by a person for the sale or lease of goods or services that a consumer selected from an online or physical store or marketplace operated prominently in the name of such person or its affiliated company.^[58] This exclusion would clarify that, when a consumer selects goods or services in a store or website operated in the merchant's name and the consumer pays using account or payment credentials stored by the merchant who conducts the payment transaction, such a transfer of funds generally is not a consumer payment transaction covered by the Proposed Rule.

This exclusion also would clarify that when a consumer selects goods or services in an online marketplace and pays using account or payment credentials stored by the online marketplace operator or its affiliated company,^[59] such a transfer of funds generally is not a consumer payment transaction covered by the Proposed Rule. For such transactions to qualify for this exclusion, the funds transfer must be for the sale or lease of a good or service the consumer selected from a digital platform operated prominently in the name (whether entity or trade name) of an online marketplace operator or their affiliated company.^[60] However, Start Printed Page 80204 this exclusion does not apply when a consumer uses a payment or account credential stored by a general-use digital consumer payment application provided by an unaffiliated person to pay for goods or services on the merchant's website or an online marketplace. For example, when a consumer selects goods or services for purchase or lease on a website of a merchant, and then from within that website chooses an unaffiliated person's general-use digital consumer payment application as a payment method, then paragraph (C) would not exclude the resulting consumer payment transaction.

The purpose of this proposed exclusion to the definition of “consumer payment transaction” is to clarify the scope of the proposed market and to clarify which transactions count toward the proposed threshold in the larger-participant test in proposed § 1090.109(b). For example, some online marketplace operators may provide general-use digital consumer payment applications for consumers to use for the purchase or lease of goods or services the consumer selects on websites of unaffiliated merchants. Absent the exclusion in paragraph (C), the providing of such a general-use digital consumer payment application could result in counting all transactions through such an application, including for goods and services the consumer selects from the online marketplace, toward the larger-participant test threshold in proposed § 1090.109(b). Yet the CFPB is not seeking to define a market or determine larger-participant status in this rulemaking by reference to payment transactions conducted by merchants or online marketplaces through their own payment functionalities for their own sales transactions. How a merchant or online marketplace conducts payments to itself for sales through its own platform raises distinct consumer protection concerns from the concerns raised by general-use digital consumer payment applications that facilitate consumers' payments to third parties. The CFPB therefore believes it appropriate to exclude the former type of payment transactions from the market defined in the Proposed Rule.

In this regard, the scope of the term “consumer payment transaction” is narrower than the CFPB's authority under the CFPA, which can extend to payment transactions conducted by merchants or online marketplaces for sales through their own platforms under certain circumstances. The CFPA defines a consumer financial product or service to include “providing payments or other financial data processing products or services to a consumer by any technological means, including processing or storing financial or banking data for any payment instrument . . . .” ^[61] Such activities generally are consumer financial products or services under the CFPA unless a narrow exclusion for financial data processing in the context of the direct sale of nonfinancial goods or services applies.^[62] That exclusion would not apply if a merchant or online marketplace's digital consumer application stores, transmits, or otherwise processes payments or financial data for any purpose other than initiating a payments transaction by the consumer to pay the merchant or online marketplace operator for the purchase of a nonfinancial good or service sold directly by that merchant or online marketplace operator. Other purposes beyond payments for direct sales could include using or sharing such data for targeted marketing, data monetization, or research purposes. The exclusion also would not apply if an online marketplace operator's digital consumer application processes payments or other financial data associated with the consumer's purchase of goods or services at unaffiliated online or physical stores or third-party goods or services on the operator's online marketplace.

Finally, paragraph (D) would exclude an extension of consumer credit that is made using a digital application provided by the person who is extending the credit or that person's affiliated company. The CFPB is proposing this exclusion so that the market definition does not encompass consumer lending activities by lenders through their own digital applications. In this rulemaking, the CFPB is not proposing to define a market for extending consumer credit, as it did, for example, in the larger participant rule for the automobile financing market.^[63] As a result of this proposed exclusion, for example, a nonbank would not be participating in the proposed market simply by providing a digital application through which it lends money to consumers to buy goods or services. Thus, to the extent consumer credit transactions would fall within the proposed definition of consumer payment transactions, this would be because the relevant market participant engages in covered payment-related activities beyond extending credit to the consumer. For example, a nonbank may provide a wallet functionality through a digital application that stores payment credentials for a credit card through which an unaffiliated depository institution or credit union extends consumer credit. The CFPB is proposing a market definition that would reach that nonbank covered person's activities because their role in the transaction is to help the consumer to make a payment, not to themselves extend credit to the consumer.

Covered Payment Functionality

The proposed market definition applies to providing covered payment functionalities through a digital application for a consumer's general use in making payment transactions. Proposed § 1090.109(a)(2) would define two types of payment functionalities as covered payment functionalities: a funds transfer functionality and a wallet functionality. Proposed § 1090.109(a)(2) would define each of those two functionalities as described below.

A nonbank covered person would be participating in the proposed market if its market activity includes only one of the two functionalities, or both functionalities. Similarly, a particular digital application may provide one or both functionalities. A nonbank's level of participation in the proposed market would not be based on which functionality is involved; rather, it would be based on the annual covered payment transaction volume as defined in proposed § 1090.109(b).

The CFPB proposes to treat these two covered payment functionalities as part of a single market for general-use digital consumer payment applications. The technological and commercial processes these two payment functionalities use to facilitate consumer payments may differ in some ways. However, consumers can use both types of covered payment functionalities for the same common purposes, such as to make payments for retail spending and sending money to friends and family. For example, a funds transfer functionality may transfer a consumer's funds in a linked stored value account to a merchant to pay for goods or services, or to friends or family. Similarly, a wallet functionality may transmit a stored payment Start Printed Page 80205 credential to facilitate a consumer's payment to a merchant or to friends and family. Indeed, the same nonbank covered person may provide a digital application that encompasses both functionalities depending on the payment method a consumer chooses. For example, a nonbank covered person's digital application may allow the consumer to access a wallet functionality to make a payment using a credit card for which a third party extends credit, or a funds transfer functionality to make a payment from a stored value account the nonbank provides. The role these two functionalities play in a single market therefore is driven by their common uses, not their specific technological and commercial processes.

(A) Funds Transfer Functionality

The first payment functionality included in the definition in covered payment functionality in proposed § 1090.109(a)(2) is a funds transfer functionality. Paragraph (A) would define the term “funds transfer functionality” for the purpose of this rule to mean, in connection with a consumer payment transaction: ( 1) receiving funds for the purpose of transmitting them; or ( 2 ) accepting and transmitting payment instructions.^[64] These two types of funds transfer functionalities generally describe how nonbanks help to transfer a consumer's funds to other persons, sometimes referred to as P2P transfers. The nonbank either already holds or receives the consumer's funds for the purpose of transferring them, or it transmits the consumers payment instructions to another person who does so. Paragraph ( 1), for example, would apply to a nonbank transferring funds it holds for the consumer, such as in a stored value account, to another person for personal, family, or household purposes. Even if the nonbank providing the funds transfer functionality does not hold or receive the funds to be transferred, it generally would qualify under paragraph ( 2) by transmitting the consumer's payment instructions to the person that does hold or receive the funds for transfer. Paragraph ( 2), for example, would apply to a nonbank that accepts a consumer's instruction to send money from the consumer's banking deposit account to another person for personal, family, or household purposes, and then transmits that instruction to other persons to accomplish the fund transfer. A common way a nonbank may engage in such activities is by acting as a third-party intermediary to initiate an electronic fund transfer through the automated clearinghouse (ACH) network. Another common way to do so is to transmit the payment instructions to a partner depository institution. However, in some circumstances, a nonbank may be able to execute a consumer's payment instructions on its own, such as by debiting the consumer's account and crediting the account of the friend or family member, without transmitting the payment instructions to another person. In those circumstances, the nonbank generally would be covered by paragraph ( 1) because, to conduct the transaction in this manner, the nonbank typically would be holding or receiving the funds being transferred.

The CFPB requests comment on the proposed definition of funds transfer functionality, and whether it should be modified, and if so, how and why.

(B) Wallet Functionality

The other payment functionality included in the definition in covered payment functionality in proposed § 1090.109(a)(1) is a wallet functionality. Paragraph (B) would define the term wallet functionality as a product or service that: ( 1) stores account or payment credentials, including in encrypted or tokenized form; and ( 2 ) transmits, routes, or otherwise processes such stored account or payment credentials to facilitate a consumer payment transaction.^[65] Through this proposed definition, the proposed market would include payment functionalities that work together first to store account or payment credentials and second, to process such data to facilitate a consumer payment transaction.

As indicated above, paragraph (B)( 1 ) of the proposed definition of “wallet functionality” would clarify that “account or payment credentials” can take the form of encrypted or tokenized data. Storage of account or payment credentials in these forms would satisfy the first prong of the “wallet functionality” definition. For example, the first prong would be satisfied by storing an encrypted version of a payment account number or a token ^[66] that is specifically derived from or otherwise associated with a consumer's payment account number.

Paragraph (B)( 2) of the proposed definition of “wallet functionality” would describe the types of processing of stored account or payment credentials that would fall within the definition. For example, consumers commonly use wallet functionalities provided through digital applications to pay for purchases of goods or services on merchant websites. To facilitate such a consumer payment transaction, a consumer financial product or service may transmit a stored payment credential to a merchant, its payment processor, or its website designed to accept payment credentials provided by the wallet functionality. This type of product or service would be covered by paragraph (B)( 2). Start Printed Page 80206

The CFPB requests comment on the proposed definition of the term wallet functionality, whether it sufficiently encompasses digital wallets in the market today, and whether it should be modified, and if so, how and why.

Digital Application

The proposed market definition applies to providing covered payment functionalities through a digital application for a consumer's general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would define the term “digital application” as a software program accessible to a consumer through a personal computing device, including but not limited to a mobile phone, smart watch, tablet, laptop computer, or desktop computer.^[67] The proposed definition would specify that the term includes a software program, whether downloaded to a personal computing device, accessible from a personal computing device via a website using an internet browser, or activated from a personal computing device using a consumer's biometric identifier, such as a fingerprint, palmprint, face, eyes, or voice.^[68]

Market participants may provide covered payment functionalities through digital applications in many ways. For example, a consumer may access a nonbank covered person's covered payment functionality through a digital application provided by that nonbank covered person. Or, a consumer may access a nonbank covered person's covered payment functionality through a digital application provided by an unaffiliated third-party such as another nonbank, a bank, or a credit union.^[69] In either case, a consumer typically first opens the digital application on a personal computing device and follows instructions for associating their deposit account, stored value account, or other payment account information with the covered payment functionality for use in a future consumer payment transaction. Then, when the consumer is ready to initiate a payment, the consumer may access the digital application again to authorize the payment.

Moreover, consumers have many ways to access covered payment functionalities through digital applications to initiate consumer payment transactions. To make a P2P payment, a consumer may use an internet browser or other app on a mobile phone or computer to access a nonbank covered person's funds transfer functionality, such as a feature to initiate a payment to friends or family or to access a general-use bill payment function. The consumer then may direct the nonbank covered person to transmit funds to the recipient or the consumer may provide payment instructions for the nonbank covered person to relay to the person holding the funds to be transferred. Or, in an online retail purchase transaction, a consumer may access a wallet functionality by clicking on or pressing a payment button on a checkout screen on a merchant website. The consumer then may log into the digital application or display a biometric identifier to their personal computing device to authorize the use of a previously-stored payment credential. Or, in an in-person retail purchase transaction, a consumer may activate a covered payment functionality by placing their personal computing device next to a merchant's retail payment terminal. The digital application then may transmit payment instructions or payment credentials to a merchant payment processor. For example, a mobile phone may transmit such data by using near-field communication (NFC) technology built into the mobile phone,^[70] by generating a payment-specific quick response (QR) code on the mobile phone screen that the consumer displays to the merchant payment terminal, or by using the internet, a text messaging system, or other communications network accessible through the mobile phone.

Through the proposed definition of digital application, the Proposed Rule excludes from the proposed market payment transactions that do not rely upon use of a digital applications. For example, gateway terminals merchants obtain to process the consumer's personal card information are not personal computing devices of the consumer. Merchants generally select these types of payment processing services, which are provided to consumers at the point of sale to pay for the merchant's goods or services. Their providers may be participating in a market that is distinct in certain ways from a market for general-use digital consumer payment applications. In addition, the proposed definition of “digital application” would not cover the consumer's presentment of a debit card, a prepaid card, or a credit card in plastic, metallic, or similar form at the point of sale. In using physical payment cards at the point of sale, a consumer generally is not relying upon a “digital application” because the consumer is not engaging with software through a personal computing device to complete the transaction. However, when a consumer uses the same payment card account in a wallet functionality provided through a digital application, then those transactions would fall within the market definition.

In addition, there are other examples of payment transactions that do not rely upon the use of a digital application, including transactions relying upon the in-person payment of physical fiat currency (cash), and transactions where a consumer mails or hand delivers a paper payment instrument such as a paper check.

The CFPB requests comment on the proposed definition of “digital application,” and whether it should be modified, and if so, how and why. For example, the CFPB requests comment regarding whether defining the term “digital application” by reference to software accessible through a personal computing device is appropriate, and if so, why, and if not, why not and what alternative approach should be used and why.

General Use

The proposed market definition applies to providing covered payment functionalities through a digital application for a consumer's general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would define the term “general use” as the absence of significant limitations on the purpose of consumer payment transactions facilitated by the covered payment functionality provided through the digital consumer payment application. In proposing the general Start Printed Page 80207 use qualification in the market definition, the CFPB seeks to confine the market definition to those digital payment applications that consumers can use for a wide range of purposes. Digital payment applications with general use as described in the Proposed Rule can serve broad functions for consumers, such as sending funds to friends and family, buying a wide range of goods or services at different stores, or both. As reflected in the non-exhaustive list of examples discussed below, other consumer financial products and services provide payment functionalities for more limited purposes. While those other products and services also serve important functions for consumers, they do not have the same broad use cases for consumers. As a result, those products participate in a market or markets distinguishable from a market from general-use digital consumer payment applications.

The proposed definition of general use would clarify that a digital consumer payment application that would facilitate person-to-person, or peer-to-peer (P2P), transfers of funds would qualify as having general use. Even if a payment functionality provided through a digital application is limited to P2P payments, and that constitutes a limitation on the purpose of payments, that limitation would not be significant for purposes of the proposed market definition. For example, a P2P application that permits a consumer to send funds to any family member, friend, or other person would qualify as general use, even if that P2P application could not be used as a payment method at checkout with merchants, retailers, or other sellers of goods or services. A P2P application also would have general use for purposes of the Proposed Rule even if it can only transfer funds to recipients who also register with the application provider, or otherwise participate in a certain network (sometimes referred to as “closed loop” P2P systems). Although the network of potential recipients in a closed loop system may be limited in certain respects, often any potential recipient may have the option of joining such a system (and many consumers already may have joined such systems), so the universe of potential recipients for such payments often is still broad. Moreover, a digital consumer payment application still may have general use even when the universe of potential recipients for a funds transfer is fixed, such as when a consumer can only make a transfer of funds to friends or family located in a prison, jail, or other secure facility. Such funds may be available to the recipient for a variety of purposes, including to purchase food, toiletries, medical supplies, or phone credits while incarcerated, and, if not used by the recipient while incarcerated, may revert to an unrestricted account.^[71]

To provide clarity as to the proposed market definition, the proposed definition of general use would include examples of limitations that would be significant for purposes of the proposal, such that a covered payment functionality offered through a digital consumer payment application with such limitations would not have general use.^[72] The examples would illustrate some types of digital consumer payment applications that would not have general use. The list of examples is not exhaustive, and other types of digital consumer payment applications would not have general use to the extent they cannot be used for a wide range of purposes.

In addition, some payment functionalities may be provided through two different digital consumer applications. For example, from a merchant's ecommerce digital application, a consumer may click on a payment button that links to a third-party general-use digital consumer payment application, where the consumer authenticates their identity and provides payment instructions or otherwise authorizes the payment. Even if the merchant's digital application would not itself qualify as having general use, the consumer's use of the third-party general-use digital consumer payment application would still constitute covered market activity with respect to the third-party provider.

The first example of a payment functionality that would not have general use, in paragraph (A) of the proposed definition of general use, would be a digital consumer payment application whose payment functionality is used solely to purchase or lease a specific type of services, goods, or property, such as transportation, lodging, food, an automobile, a dwelling or real property, or a consumer financial products and service. For example, when a consumer uses a payment functionality in a digital application for a consumer financial product or service to pay for that consumer financial product or service, such as by providing payment card information to a credit monitoring app to pay for credit monitoring services, this limited purpose for that payment functionality would not have general use under the Proposed Rule.^[73] Paragraph (A) of the proposed definition specifies these examples of significant limitations, such that a payment functionality provided through digital consumer payment application with these limitations would not have general use.

Second, as indicated in paragraph (B) of the proposed definition of general use, accounts that are expressly excluded from the definition of “prepaid account” in paragraphs (A), (C), and (D) of § 1005.2(b)(3)(ii) of Regulation E,^[74] also would not have general use for purposes of the Proposed Rule. Those provisions in Regulation E exclude certain tax-advantaged health medical spending accounts, dependent care spending accounts, transit or parking reimbursement arrangements, closed-loop accounts for spending at certain military facilities, and many types of gift certificates and gift cards. While these types of accounts may support payments through digital applications with varied purposes to different types of recipients, the accounts remain sufficiently restricted as to the purpose to warrant exclusion from the proposed market here.

Third, as indicated in paragraph (C), a payment functionality provided through a digital consumer payment application that solely supports payments to pay a specific debt or type of debt or repayment of an extension of consumer credit does not have general use. For example, a consumer mortgage lender's mobile app or website may provide a functionality that allows a Start Printed Page 80208 consumer to pay a loan. Or a debt collector's website may provide a means for a consumer to pay a debt. These digital consumer payment applications have a use that is significantly limited, to only pay a specific debt or type of debt. In general, digital applications that solely support payments to specific lenders, loan servicers, and debt collectors would not be within the proposed market definition.^[75] The CFPB considers such digital applications generally to be more part of the markets for consumer lending, loan servicing, and debt collection. The CFPB has issued separate larger participant rules for such markets and CFPA section 1024(a) also grants the CFPB supervisory authority over participants in certain lending markets, including mortgage lending, private student lending, and payday lending. In addition, other digital applications may only help a consumer to pay certain other types of debts, such as taxes or other amounts owed to the government, including fines. Under this proposed example, those payment functionalities provided through those applications also would not have general use.

Fourth, as indicated in paragraph (D), a payment functionality provided through a digital application that solely helps consumers to divide up charges and payments for a specific type of goods or services would be excluded. Some payment applications, for example, may be focused solely on helping consumers to split a restaurant bill. This example is a corollary of the example in paragraph (A). Since a payment functionality limited to paying for food would not have general use under paragraph (A), paragraph (D) would clarify that neither would a payment functionality that enables splitting a bill for food have general use.

The CFPB requests comment on the proposed definition of general use and examples of significant limitations that take a payment functionality provided through a digital consumer application out of the general use category. The CFPB also requests comment on whether the examples of significant limitations should be changed or clarified, and whether additional examples of significant limitations should be included, and if so, what examples and why.

State

Proposed § 1090.109(a) would define the term “State” to mean any State, territory, or possession of the United States; the District of Columbia; the Commonwealth of Puerto Rico; or any political subdivision thereof. For consistency, the CFPB is proposing to use the same definition of “State” as used in the international money transfer larger participant rule, § 1090.107(a), which drew its definition from Regulation E subpart A.^[76] The CFPB requests comment on the proposed definition of State.

109(b) Test To Define Larger Participants

Proposed § 1090.109(b) would set forth a test to determine which nonbank covered persons are larger participants in a market for general-use digital consumer payment applications as described in proposed § 1090.109(a). Under the proposed test, a nonbank covered person would be a larger participant if it meets each of two criteria set forth in paragraphs (1) and (2) of proposed § 1090.109(b) respectively. First, paragraph (1) specifies that the nonbank covered person must provide annual covered consumer payment transaction volume as defined in paragraph (3) of proposed § 1090.109(b) of at least five million transactions. Second, paragraph (2) specifies that the nonbank covered person must not be a small business concern based on the applicable Small Business Administration (SBA) size standard listed in 13 CFR part 121 for its primary industry as described in 13 CFR 121.107. Paragraphs (1), (2), and (3) of this proposed definition are analyzed below.^[77]

Criteria

The CFPB has broad discretion in choosing criteria for assessing whether a nonbank covered person is a larger participant of a market.^[78] The CFPB selects criteria that provide “a reasonable indication of a person's level of market participation and impact on consumers.”^[79] As the CFPB has noted in previous larger participant rulemakings, for any given market, there may be “several criteria, used alone or in combination, that could be viewed as reasonable alternatives.” ^[80]

Here, the CFPB is proposing to combine the two criteria described above: the annual covered consumer payment transaction volume and the size of the entity by reference to SBA size standards. The Proposed Rule's larger-participant test would combine these criteria as follows: a nonbank covered person would be a larger participant if its annual covered consumer payment transaction volume exceeded the proposed threshold, discussed in the section-by-section analysis further below, and, during the same time period ( i.e., the preceding calendar year), it was not a small business concern.

The first criterion would be based on the number of consumer payment transactions. Specifically, proposed § 1090.109(b)(3) would define the term “annual covered consumer payment transaction volume” as the sum of the number of the consumer payment transactions that the nonbank covered person and its affiliated companies facilitated by providing general-use digital consumer payment applications in the preceding calendar year.^[81] This is an appropriate criterion for a market defined by reference to products that facilitate certain consumer payments. Each transaction counted under this criterion also generally is a payment. In that way, a transaction is essentially a well-understood unit of market activity.

As in the CFPB's international money transfer larger participant rule, here the number of transactions also reflects the extent of interactions between the nonbank covered person providing the in-market consumer financial product or service. Each one-time consumer payment transaction typically results from a single interaction with at least Start Printed Page 80209 one consumer.^[82] And, in the case of recurring consumer payment transactions, consumers also have at least one interaction with the covered persons in the market. The number of transactions also is a common indicator of market participation. State regulators, for example, require money transmitters to report this metric.^[83]

The CFPB considered proposing different criteria, such as the dollar value of transactions or the annual receipts from market activity. However, it is not proposing either of those alternatives. First, the proposed market includes digital wallets which often are used for consumer retail spending, which can grow in amount through inflation. For this market, a dollar value criterion may become affected by inflation or other factors. In addition, as discussed in the impacts analyses in parts V and VI, some of the data sources the CFPB relied upon in formulating the Proposed Rule may be overinclusive by including certain payments that are not within the market defined in the Proposed Rule, such as certain business-to-business payments. Those payments may have higher dollar values. By proposing number of transactions as a criterion, the Proposed Rule is less affected by those data distortions. At the same time, in general, a higher number of transactions also may often comprise a higher dollar value of transactions.

With respect to annual receipts, that data is less available, especially for market participants that are not publicly traded or that do not file call reports on money transmission at the State level. In addition, in the context of the market at issue in the Proposed Rule, an annual receipts criterion could miss significant market participation and consumer impacts, such as where a provider is subsidizing a product or otherwise not earning significant per-transaction revenues. For example, when a consumer links their deposit account directly to a general-use digital consumer payment application, the provider may receive lower revenue for funds sent to friends and family, compared with paying a merchant or using a network branded payment card (where there is an interchange fee that may provide a source of revenue). Yet, the risks to and impact on the consumer may be just as significant from payments they make to individuals from a linked deposit account.

As noted above, the CFPB is proposing a second criterion that also must be satisfied for a nonbank covered person to be a larger participant, in addition to the annual covered payment volume criterion. Under the second criterion, the nonbank must not be a “small business concern” as that term is defined by section 3(a) of the Small Business Act, 15 U.S.C. 632(a), and implemented by the SBA under 13 CFR part 121, or any successor provisions. Thus, under the Proposed Rule, an entity would be a small business concern if its size were at or below the SBA standard listed in 13 CFR part 121 for its primary industry as described in 13 CFR 121.107.^[84]

The CFPB is proposing this second criterion because it does not seek to use this rulemaking as a means of expending its limited supervisory resources to examine small business concerns. The consumer digital payments applications market is potentially broad and dynamic, with rapid technological developments and new entrants. But many well-known market participants have large business operations that have an impact on millions of consumers. In light of its resources, the CFPB believes that it would be preferable to focus on larger entities, instead of requiring all entities with an annual covered consumer payment transaction volume over five million to be subject to supervisory review under the Proposed Rule. If a particular nonbank covered person were a small business concern participating in this market in a manner that posed risks to consumers, the CFPB has authority to pursue risk-based supervision of such an entity pursuant to CFPA section 1024(a)(1)(C).^[85]

The CFPB requests comment on its proposed criteria, including whether, instead of basing the annual volume criterion described above on number of consumer payment transactions, it should be based on a different metric, such as the dollar value of consumer payment transactions, and, if so, why.

Threshold

Under the Proposed Rule, a nonbank covered person would be a larger participant in the market for general-use digital consumer payment applications if the nonbank covered person satisfies two criteria. First, it must facilitate an “annual covered consumer payment transaction volume,” as defined in proposed § 1090.109(b)(3) and discussed above, of at least five million transactions. As explained in proposed § 1090.109(b)(3)(i) and discussed above, the volume is aggregated across affiliated companies. Thus, the proposed threshold includes the aggregate annual volume of both consumer-to-consumer or consumer-to-business transactions facilitated by all general-use digital consumer payment applications provided by the nonbank covered person and its affiliated companies in the preceding year.^[86] Second, under proposed § 1090.109(b)(2) and explained above, the CFPB also proposes to exclude from larger-participant status any entity in the proposed market that is a small business concern based on applicable SBA size standards.^[87] The CFPB Start Printed Page 80210 believes that this proposed threshold and the proposed small entity exclusion, discussed above, are a reasonable means of defining larger participants in this market.^[88]

The CFPB estimates that the proposed threshold would bring within the CFPB's supervisory authority approximately 17 entities,^[89] about 9 percent of all known nonbank covered persons in the market for general-use digital consumer payment applications.^[90] The CFPB notes at the outset that this is a rough estimate because the available data on entities operating in the proposed market for general-use digital consumer payment applications is incomplete.^[91]

The CFPB anticipates that the proposed annual covered consumer payment transaction volume threshold of five million would allow the CFPB to supervise market participants that represent a substantial portion of the market for general-use digital consumer payment applications and have a significant impact on consumers. Available data indicates that the market for general-use digital consumer payment applications is highly concentrated, with a few entities that facilitate hundreds of millions or billions of consumer payment transactions annually, and a much larger number of firms facilitating fewer transactions. The CFPB believes that a threshold of five million is reasonable, in part, because it would enable the CFPB to cover in its nonbank supervision program both the very largest providers of general-use digital consumer payment applications as well as a range of other providers of general-use digital consumer payment applications that play an important role in the marketplace. Further, certain populations of consumers, including more vulnerable consumers, may not transact with the very largest providers and instead may transact with the range of other providers that exceed the five million transaction threshold.

According to the CFPB's estimates, the approximately 17 providers of general-use digital consumer payment applications that meet the proposed threshold collectively facilitated about 12.8 billion transactions in 2021, with a total dollar value of about $1.7 trillion. The CFPB estimates that these nonbanks are responsible for approximately 88 percent of known transactions in the nonbank market for general-use digital consumer payment applications.^[92] At the same time, this threshold would likely subject to the CFPB's supervisory authority only entities that can reasonably be considered larger participants of the market defined in the Proposed Rule.

Proposed § 1090.109(b)(3)(i) also would clarify how the activities of affiliated companies of the nonbank covered person are included in the test when the affiliated companies also participate in the proposed market. It provides that, in aggregating transactions across affiliated companies, an individual consumer payment transaction would only be counted once even if more than one affiliated company facilitated the transaction. It also provides that the annual covered consumer payment transaction volumes of the nonbank covered person and its affiliated companies are aggregated for the entire preceding calendar year, even if the affiliation did not exist for the entire calendar year.

Because the general-use digital consumer payment applications market has evolved rapidly and market participants can grow quickly, the CFPB also is not proposing a test that is based on averaging multiple years of market activity. As a result, if an entity has less than the threshold amount for one or more calendar years but exceeds the threshold amount in the most recent calendar year, it would be a larger participant. This will ensure that the CFPB can supervise nonbanks that quickly become larger participants, without waiting several years.

The CFPB also is considering a lower or higher threshold. For example, an annual covered consumer payment transaction volume threshold of one million might allow the CFPB to supervise approximately 19 entities, still representing approximately 88 percent of activity in this market.^[93] Lowering the threshold would not substantially increase the number of entities subject to supervision, in part because many entities that exceed a lower threshold would be excluded as small entities, and would result in only a marginal increase in market coverage. In comparison, the CFPB estimates that an annual covered consumer payment transaction volume threshold of 10 million would allow the CFPB to supervise approximately 14 entities, representing approximately 87 percent of activity in this market.^[94] However, at this higher threshold the CFPB would not be able to supervise as varied a mix of nonbank larger participants that, as discussed above, have a substantial impact on the full spectrum of consumers in the market.

The CFPB seeks comment, including suggestions of alternatives on the proposed threshold for defining larger participants of the market for general-use digital consumer payment Start Printed Page 80211 applications as defined in the Proposed Rule.

V. Dodd-Frank Act Section 1022(b) Analysis

A. Overview

The CFPB is considering potential benefits, costs, and impacts of the Proposed Rule.^[95] The CFPB requests comment on the preliminary analysis presented below as well as submissions of additional data that could inform the CFPB's analysis of the costs, benefits, and impacts of the Proposed Rule.

The Proposed Rule would define a category of nonbank covered persons that would be subject to the CFPB's nonbank supervision program pursuant to CFPA section 1024(a)(1)(B). The proposed category would include “larger participants” of a market for “general-use digital consumer payment applications” described in the Proposed Rule. Participation in this market would be measured on the basis of aggregate annual transactions, defined in the Proposed Rule as “annual covered consumer payment transaction volume.” If a nonbank covered person, together with its affiliated companies, has an annual covered consumer payment transaction volume (measured for the preceding calendar year) of at least five million and is not a small business concern, it would be a larger participant in the market for general-use digital consumer payment applications. As prescribed by existing § 1090.102, any nonbank covered person that qualifies as a larger participant would remain a larger participant until two years after the first day of the tax year in which the person last met the larger-participant test.^[96]

B. Potential Benefits and Costs to Consumers and Covered Persons

This analysis considers the benefits, costs, and impacts of the key provisions of the Proposed Rule against a baseline that includes the CFPB's existing rules defining larger participants in certain markets.^[97] Many States have supervisory programs relating to money transfers, which may consider aspects of consumer financial protection law. However, at present, there is no Federal program for supervision of nonbank covered persons in the market for general-use digital consumer payment applications with respect to Federal consumer financial law compliance. The Proposed Rule extends the CFPB's supervisory authority to cover larger participants of the defined market for general-use digital consumer payment applications.

The CFPB notes at the outset that limited data are available with which to quantify the potential benefits, costs, and impacts of the Proposed Rule. As described above, the CFPB has utilized various sources for quantitative information on the number of market participants, their annual revenue, and their number and dollar volume of transactions.^[98] However, the CFPB lacks detailed information about their rate of compliance with Federal consumer financial law and about the range of, and costs of, compliance mechanisms used by market participants. Further, as noted above in the section-by-section analysis of the proposed threshold, the CFPB lacks sufficient information on a substantial number of known market participants necessary to estimate their larger-participant status.^[99]

In light of these data limitations, this analysis generally provides a qualitative discussion of the benefits, costs, and impacts of the Proposed Rule. General economic principles, together with the limited data that are available, provided insight into these benefits, costs, and impacts. Where possible, the CFPB has made quantitative estimates based on these principles and data as well as on its experience of undertaking supervision in other markets.

The discussion below describes three categories of potential benefits and costs. First, the Proposed Rule, if adopted, would authorize the CFPB's supervision of larger participants of a market for general-use digital consumer payment applications. Larger participants of the proposed market might respond to the possibility of supervision by changing their systems and conduct, and those changes might result in costs, benefits, or other impacts. Second, if the CFPB undertakes supervisory activity of specific providers of general-use digital consumer payment applications, those entities may incur costs from responding to supervisory activity, and the results of these individual supervisory activities might also produce benefits and costs. Third, the CFPB analyzes the costs that might be associated with entities' efforts to assess whether they would qualify as larger participants under the rule.

1. Benefits and Costs of Responses to the Possibility of Supervision

The Proposed Rule would subject larger participants of a market for general-use digital consumer payment applications to the possibility of CFPB supervision. That the CFPB would be authorized to undertake supervisory activities with respect to a nonbank covered person who qualified as a larger participant would not necessarily mean that the CFPB would in fact undertake such activities regarding that covered person in the near future. Rather, supervision of any particular larger participant as a result of this rulemaking would be probabilistic in nature. For example, the CFPB would examine certain larger participants on a periodic or occasional basis. The CFPB's decisions about supervision would be informed, as applicable, by the factors set forth in CFPA section 1024(b)(2),^[100] relating to the size and transaction volume of individual participants, the risks their consumer financial products and services pose to consumers, the extent of State consumer protection oversight, and other factors the CFPB may determine are relevant. Each entity that believed it qualified as a larger participant would know that it might be supervised and might gauge, given its circumstances, the likelihood that the CFPB would initiate an examination or other supervisory activity.

The prospect of potential CFPB supervisory activity could create an incentive for larger participants to allocate additional resources and attention to compliance with Federal consumer financial law, potentially leading to an increase in the level of Start Printed Page 80212 compliance. They might anticipate that by doing so (and thereby decreasing risk to consumers), they could decrease the likelihood of their actually being subject to supervisory activities as the CFPB evaluated the factors outlined above. In addition, an actual examination would be likely to reveal any past or present noncompliance, which the CFPB could seek to correct through supervisory activity or, in some cases, enforcement actions. Larger participants might therefore judge that the prospect of supervision increases the potential consequences of noncompliance with Federal consumer financial law, and they might seek to decrease that risk by taking steps to identify and cure or mitigate any noncompliance.

The CFPB believes it is likely that many market participants would increase compliance in response to the CFPB's supervisory activity authorized by the Proposed Rule. However, because finalization of the Proposed Rule itself would not require any provider of general-use digital consumer payment applications to alter its conduct, any estimate of the amount of increased compliance would require both an estimate of current compliance levels and a prediction of market participants' behavior in response to a final rule. The data that the CFPB currently has do not support a specific quantitative estimate or prediction. But, to the extent that nonbank entities allocate resources to increasing their compliance in response to the Proposed Rule, that response would result in both benefits and costs.^[101]

Benefits From Increased Compliance

Increased compliance with Federal consumer financial laws by larger participants in the market for general-use digital consumer payment applications would be beneficial to consumers who use general-use digital payment applications. Increasing the rate of compliance with Federal consumer financial laws would benefit consumers and the consumer financial market by providing more of the protections mandated by those laws.

The CFPB would be examining for compliance with applicable provisions of Federal consumer financial laws, including the Electronic Fund Transfer Act and its implementing Regulation E, as well as the privacy provisions of the Gramm-Leach-Bliley Act. In addition, the CFPB would be examining for whether larger participants of the market for general-use digital consumer payment applications engage in unfair, deceptive, or abusive acts or practices.^[102] Conduct that does not violate an express prohibition of another Federal consumer financial law may nonetheless constitute an unfair, deceptive, or abusive act or practice. To the extent that any provider of general-use digital consumer payment applications is currently engaged in any unfair, deceptive, or abusive acts or practices, the cessation of the unlawful act or practice would benefit consumers. Providers of general-use digital consumer payment applications might improve policies and procedures in response to possible supervision in order to avoid engaging in unfair, deceptive, or abusive acts or practices.

The possibility of CFPB supervision also may help make incentives to comply with Federal consumer financial laws more consistent between the likely larger participants and banks and credit unions, which are subject to Federal supervision with respect to Federal consumer financial laws. Although some nonbanks are already subject to State supervision, introducing the possibility of Federal supervision could encourage nonbanks that are likely larger participants to devote additional resources to compliance. It could also help ensure that the benefits of Federal oversight reach consumers who do not have ready access to bank-provided general-use digital consumer payment applications.

Costs of Increased Compliance

To the extent that nonbank larger participants would decide to increase resources dedicated to compliance in response to the possibility of increased supervision, the entities would bear any cost of any changes to their systems, protocols, or personnel. Whether and to what extent entities would increase resources dedicated to compliance and/or pass those costs to consumers would depend not only on the entities' current practices and the changes they decide to make, but also on market conditions. The CFPB lacks detailed information with which to predict the extent to which increased costs would be borne by providers or passed on to consumers, to predict how providers might respond to higher costs, or to predict how consumers might respond to increased prices.

2. Benefits and Costs of Individual Supervisory Activities

In addition to the responses of market participants anticipating supervision, the possible consequences of the Proposed Rule would include the responses to and effects of individual examinations or other supervisory activity that the CFPB might conduct in the market for general-use digital consumer payment applications.

Benefits of Supervisory Activities

Supervisory activity could provide several types of benefits. For example, as a result of supervisory activity, the CFPB and an entity might uncover compliance deficiencies indicating harm or risks of harm to consumers. In its supervision and examination program, the CFPB generally prepares a report of each examination. The CFPB would share examination findings with the entity because one purpose of supervision is to inform the entity of problems detected by examiners. Thus, for example, an examination might find evidence of widespread noncompliance with Federal consumer financial law, or it might identify specific areas where an entity has inadvertently failed to comply, or it may identify weaknesses in compliance management systems including policies and procedures. These examples are only illustrative of the kinds of information an examination might identify.

Detecting and informing entities about such problems should be beneficial to consumers. When the CFPB notifies an entity about risks associated with an aspect of its activities, the entity is expected to adjust its practices to reduce those risks. That response may result in increased compliance with Federal consumer financial law, with benefits like those described above. Or it may avert a violation that would have occurred if CFPB supervision did not detect the risk promptly. The CFPB may also inform entities about risks posed to consumers that fall short of violating the law. Action to reduce those risks would also be a benefit to consumers.

Given the obligations providers of general-use digital consumer payment applications have under Federal consumer financial law and the existence of efforts to enforce such law, the results of CFPB supervision also may benefit providers under supervision by detecting compliance problems early. When an entity's noncompliance results in litigation or an enforcement action, the entity must face both the costs of defending its action and the penalties for noncompliance, including potential Start Printed Page 80213 liability for damages to private plaintiffs. The entity must also adjust its systems to ensure future compliance. Changing practices that have been in place for long periods of time can be expected to be relatively difficult because they may be severe enough to represent a serious failing of an entity's systems. Supervision may detect flaws at a point when correcting them would be relatively inexpensive. Catching problems early can, in some situations, forestall costly litigation. To the extent early correction limits the amount of consumer harm caused by a violation, it can help limit the cost of redress. In short, supervision might benefit providers of general-use digital consumer payment applications under supervision by, in the aggregate, reducing the need for other more expensive activities to achieve compliance.^[103]

Costs of Supervisory Activities

The potential costs of actual supervisory activities would arise in two categories. The first would involve any costs to individual providers of general-use digital consumer payment applications of increasing compliance in response to the CFPB's findings during supervisory activity and to supervisory actions. These costs would be similar in nature to the possible compliance costs, described above, the larger participants in general might incur in anticipation of possible supervisory actions. This analysis will not repeat that discussion. The second category would be the cost of supporting supervisory activity.

Supervisory activity may involve requests for information or records, on-site or off-site examinations, or some combination of these activities. For example, in an on-site examination, CFPB examiners generally contact the entity for an initial conference with management. That initial contact is often accompanied by a request for information or records. Based on the discussion with management and an initial review of the information received, examiners determine the scope of the on-site exam. While on-site, examiners spend some time in further conversation with management about the entity's policies, procedures, and processes. The examiners also review documents, records, and accounts to assess the entity's compliance and evaluate the entity's compliance management system. As with the CFPB's other examinations, examinations of nonbank larger participants in the market for general-use digital consumer payment applications could involve issuing confidential examination reports and compliance ratings. The CFPB's examination manual describes the supervision process and indicates what materials and information an entity could expect examiners to request and review, both before they arrive and during their time on-site.

The primary costs an entity would face in connection with an examination would be the cost of employees' time to collect and provide the necessary information. If the Proposed Rule is adopted, the frequency and duration of examinations of any particular entity would depend on a number of factors, including the size of the entity, the compliance or other risks identified, whether the entity has been examined previously, and the demands on the CFPB's supervisory resources imposed by other entities and markets. Nevertheless, some rough estimates may provide a sense of the magnitude of potential staff costs that entities might incur.

The cost of supporting supervisory activity may be calibrated using prior CFPB experience in supervision. Examinations of larger participants in the market for general-use digital consumer payment applications are anticipated to be approximately 8 weeks on average, with an additional two weeks of preparation.^[104] This estimate assumes that each exam requires two weeks of preparation time by staff of providers of general-use digital consumer payment applications prior to the exam as well as on-site assistance by staff throughout the duration of the exam. The CFPB has not suggested that counsel or any particular staffing level is required during an examination. However, for the purposes of this analysis, the CFPB assumes, conservatively, that an entity might dedicate the equivalent of one full-time compliance officer and one-tenth of the time of a full-time attorney to assist with an exam. The national average hourly wage of a compliance officer is $37; the national average hourly wage for an attorney is $71.^[105] Assuming that wages and salaries account for 70.6 percent of total compensation for private industry workers, the total employer cost of labor to comply with an exam amounts to approximately $25,001.^[106]

The overall costs of supervision in the market for general-use digital consumer payment applications would depend on the frequency and extent of CFPB examinations. Neither the CFPA nor the Proposed Rule specifies a particular level or frequency of examinations.^[107] The frequency of examinations would depend on a number of factors, including the CFPB's understanding of the conduct of market participants and the specific risks they pose to consumers; the responses of larger participants to prior examinations; and the demands that other markets' make on the CFPB's supervisory resources. These factors can be expected to change over time, and the CFPB's understanding of these factors may change as it gathers more information about the market through its supervision and by other means. The CFPB therefore declines to predict, at this point, precisely how many examinations in the market for general-use digital consumer payment applications it would undertake in a given year.

3. Costs of Assessing Larger-Participant Status

A larger-participant rule does not require nonbanks to assess whether they are larger participants. However, the CFPB acknowledges that in some cases providers of general-use digital consumer payment applications might decide to incur costs to assess whether they qualify as larger participants or potentially dispute their status.

Larger-participant status would depend on both a nonbank's aggregate annual transaction volume and whether the entity is a small business concern based on the applicable SBA size standard. The CFPB expects that many market participants already assemble general data related to the number of transactions that they provide for general-use digital consumer payment applications. Moreover, many providers are required to report transaction data to State regulators.^[108]

To the extent that some providers of general-use digital consumer payment applications do not already know whether their transactions exceed the threshold, such nonbanks might, in response to the Proposed Rule, develop new systems to count their transactions in accordance with the proposed market-related definitions of “consumer payment transactions,” “covered payment functionality,” “general use,” and “digital application” discussed above. The data that the CFPB currently has do not support a detailed estimate of how many providers of general-use digital consumer payment applications would engage in such development or how much they would spend. Regardless, providers of general-use digital consumer payment applications would be unlikely to spend significantly more on specialized systems to count transactions than it would cost to be supervised by the CFPB as larger participants.

The CFPB notes that larger-participant status also depends on whether an entity is subject to the proposed small business exclusion. In certain circumstances, larger-participant status may depend on determinations of which SBA size standard applies, and by extension, which NAICS code is most applicable. Therefore, providers of general-use digital consumer payment applications may incur some administrative costs to evaluate whether the small business exclusion applies. However, providers would not need to engage in this evaluation if they could establish that their annual covered consumer payment transaction volume was below five million. In any event, the data that the CFPB currently has do not support a detailed estimate of how many providers of general-use digital consumer payment applications would engage in such efforts or how much they would spend.

It bears emphasizing that even if a nonbank market participant's expenditures on an accounting system enabled it to successfully prove that it was not a larger participant (which, again, it would not need to do if it was a small business concern according to SBA standards), it would not necessarily follow that this entity could not be supervised under other supervisory authorities the CFPB has that this rulemaking does not establish. For example, the CFPB can supervise a nonbank entity whose conduct the CFPB determines, pursuant to CFPA section 1024(a)(1)(C) and regulations implementing that provision, poses risks to consumers. Thus, a nonbank entity choosing to spend significant amounts on an accounting system directed toward the larger-participant transaction volume test could not be sure it would not be subject to CFPB supervision notwithstanding those expenses. The CFPB therefore believes very few if any nonbank entities would be likely to undertake such expenditures.

4. Considerations of Alternatives

The CFPB is considering one major alternative: choosing a different transaction volume threshold to define larger participants. One alternative would be to set the threshold substantially higher—for example at 10 million aggregate annual consumer-to-consumer or consumer-to-business transactions. Under such an alternative, the benefits of supervision to both consumers and covered persons would likely be reduced because entities impacting a substantial number of consumers and/or consumers in important market segments might be omitted. On the other hand, the potential costs to covered persons would of course be reduced if fewer entities were defined as larger participants and thus fewer were subject to the CFPB's supervisory authority on that basis. Conversely, lowering the threshold would subject more entities to the CFPB's supervisory authority, but the total direct costs for actual examination activity might not change substantially because the CFPB conducts exams on a risk basis and would not necessarily examine more entities even if the rule's coverage were broader.

C. Potential Specific Impacts of the Proposed Rule

1. Depository Institutions and Credit Unions With $10 Billion or Less in Total Assets, as Described in Dodd-Frank Act Section 1026

The Proposed Rule would not apply to depository institutions or credit unions of any size. However, as discussed in the section-by-section analysis of “digital application” above, it may apply to nonbank covered persons that provide covered payment functionalities through a digital application of a bank or credit union. In addition, it might have some competition-related impact on depository institutions or credit unions that provide general-use digital consumer payment applications. For example, if the relative price of nonbanks' general-use digital consumer payment applications were to increase due to increased costs related to supervision, then depository institutions or credit unions of any size might benefit by the relative change in costs. These effects, if any, would likely be small.

2. Impact of the Provisions on Consumers in Rural Areas

Because the Proposed Rule would apply uniformly to consumer payment transactions that both rural and non-rural consumers make through general-use digital consumer payment applications, the rule should not have a unique impact on rural consumers. The CFPB is not aware of any evidence suggesting that rural consumers have been disproportionately harmed by the failure of providers of general-use digital consumer payment applications to comply with Federal consumer financial law. The CFPB seeks information from commenters related to how digital consumer payments affect rural consumers.

VI. Regulatory Flexibility Act Analysis

The Regulatory Flexibility Act (RFA), as amended by the Small Business Regulatory Enforcement Fairness Act of 1996, requires each agency to consider the potential impact of its regulations on Start Printed Page 80215 small entities, including small businesses, small governmental units, and small not-for-profit organizations.^[109] The RFA defines a “small business” as a business that meets the size standard developed by the SBA pursuant to the Small Business Act.^[110]

The RFA generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) of any proposed rule subject to notice-and-comment rulemaking requirements, unless the agency certifies that the proposed rule would not have a significant economic impact on a substantial number of small entities.^[111] The CFPB also is subject to certain additional procedures under the RFA involving the convening of a panel to consult with small entity representatives prior to proposing a rule for which an IRFA is required.^[112]

The Director of the CFPB certifies that the Proposed Rule, if adopted, would not have a significant economic impact on a substantial number of small entities and that an IRFA therefore is not required.

The Proposed Rule would define a class of providers of general-use digital consumer payment applications as larger participants of a market for general-use digital consumer payment applications and thereby authorize the CFPB to undertake supervisory activities with respect to those nonbank covered persons. The Proposed Rule would use a two-pronged test for determining larger-participant status. First, the proposed threshold for larger-participant status would be five million in annual covered consumer payment transaction volume. Second, the proposed larger-participant test would incorporate a small entity exclusion. As a result, larger-participant status would only apply to a nonbank covered person that, together with its affiliated companies, both meets the proposed five-million transaction threshold and is not a small business concern based on the applicable SBA size standard. Because of that exclusion, the number of small entities participating in the market that would experience a significant economic impact due to the Proposed Rule is, by definition, zero.

Finally, CFPA section 1024(e) authorizes the CFPB to supervise service providers to nonbank covered persons encompassed by CFPA section 1024(a)(1), which includes larger participants.^[113] Because the Proposed Rule would not address service providers, effects on service providers need not be discussed for purposes of this RFA analysis. Even were such effects relevant, the CFPB believes that it would be very unlikely that any supervisory activities with respect to the service providers to the approximately 17 larger participants of the proposed nonbank market for general-use digital consumer payment applications would result in a significant economic impact on a substantial number of small entities.^[114]

VII. Paperwork Reduction Act

The CFPB has determined that the Proposed Rule would not impose any new recordkeeping, reporting, or disclosure requirements on covered entities or members of the public that would constitute collections of information requirement approval under the Paperwork Reduction Act, 44 U.S.C. 3501, et seq.

VIII. Signing Authority

The Director of the CFPB, having reviewed and approved this document, is delegating the authority to electronically sign this document to Emily Ross, Executive Secretary, for purposes of publication in the Federal Register .

List of Subjects

• Consumer protection
• Electronic funds transfers
• Electronic products

Authority and Issuance

For the reasons set forth above, the CFPB proposes to amend 12 CFR part 1090 as follows:

PART 1090—DEFINING LARGER PARTICIPANTS OF CERTAIN CONSUMER FINANCIAL PRODUCT AND SERVICE MARKETS

1. The authority citation for part 1090 continues to read as follows:

Authority: 12 U.S.C. 5514(a)(1)(B); 12 U.S.C. 5514(a)(2); 12 U.S.C. 5514(b)(7)(A); and 12 U.S.C. 5512(b)(1).

2. Add § 1090.109 to read as follows:

Footnotes