Consumer Financial Protection and Payments in the 21st Century
Thank you so much to the Innovative Payments Association for inviting me to speak today. I should note that I’m making this presentation as a CFPB representative on behalf of the Bureau. The presentation does not constitute CFPB guidance or legal advice.
It is quite remarkable to speak to you today more than 12 years after the passage of the Dodd-Frank Act and more than a decade after the CFPB opened its doors. As you may be aware, the CFPB is the administrator and one of the chief enforcers of the federal consumer financial laws, including the Consumer Financial Protection Act, the Fair Credit Reporting Act, and the Electronic Fund Transfer Act. I have had the privilege of serving at the CFPB twice now. I began before the Bureau even opened its doors as an advisor to Holly Petraeus in our Office of Servicemember Affairs, and went on to lead our student lending work. I returned in 2021 as the General Counsel and Senior Advisor to the CFPB Director.
I was especially interested in speaking to this group because of the growing significance of payments and payments-related legal and policy questions in the consumer financial ecosystem. Although the payments system has always been part of the critical infrastructure of the consumer financial marketplace, I think it’s fair to say that payments has not always been on the front page of newspapers around the globe as it is today. In the last few years, payments has become one of the major areas of attention across nearly all stakeholders and market participants in consumer finance and consumer financial protection.
As the people in this room know, growth in the use of noncash payments has accelerated rapidly in the last few years. According to a recent study by the Federal Reserve, in the United States both the value and number of noncash payments (that is, ACH, cards, and checks) grew faster from 2018 to 2021 than in any previous period. The value of noncash payments has increased nearly 10 percent per year since 2018, reaching almost $130 trillion in 2021, with staggering increases in both the value of ACH transfers and the number of card payments. The use of checks as well as ATM cash withdrawals continues to fall rapidly.
Of course, it is also no secret that the players in the payments industry have changed dramatically in the past few years. Large tech firms have sought to integrate payment services into their operating systems, and, drawing on significant customer bases and brand recognition, some of these companies have been able to offer payment products that many consumers now use each and every day. Peer-to-peer payment platforms and digital wallets have also grown quickly, and more traditional financial institutions have redoubled their efforts in this space and continue to expand their offerings to capture their share of the market. Obviously the covid pandemic and other global developments have only accelerated these trends, fueling rapid adoption and significant market disruption that show no signs of abating.
In short, it does not escape me that everything from how we pay for a roof over our heads to how we get paid for work to how we pay at the grocery store (not to mention online) are evolving at an incredible pace. I believe that families and businesses benefit from faster, cheaper, and more secure payment systems. At the same time, these changes present new risks to consumers and to a fair, transparent, and competitive marketplace. At the CFPB, we are dedicated to making sure that the law is applied and enforced in a way that keeps up with changes in the marketplace to prevent consumer harm. So although the payments system has always been part of the consumer financial marketplace’s critical infrastructure, the latest evolution of that system raises pressing legal and policy questions about, among other things, technology and privacy, the future of labor markets and work, and the stability (or fragility) of the banking and financial system.
Given the significance of the payments system to all of these topics, there are many more issues and areas of concern than we could possibly discuss in the time that you are generously sharing with me today. Accordingly, I am going to focus my remarks on just three topics that in my mind really show how payments is at the center of some of the most pressing issues in consumer financial protection. First, I am going to discuss data harvesting and privacy. Second, I am going to discuss the payment of “gig” and other non-standard workers. And third, I am going to discuss liquidity and stability in the peer-to-peer payments system.
Data Harvesting and Privacy
As I said, the first area I’d like to discuss is data harvesting and privacy.
The CFPB is concerned that companies– including but not limited to Big Tech companies with business interests across a vast array of product lines – may today or in the future be using payment data across their products, for purposes such as behavioral targeting or individualized marketing. Companies may also be finding other ways to monetize this data, such as by sharing detailed payments information with data brokers or other third parties. At the very least, these practices may fail to align with consumers’ expectations, and may in certain circumstances violate the law.
Moreover, the potential for harm is exacerbated when payment systems gain scale. The risk increases that payment system operators will use their market power to exclude new competitors, limiting consumer choice and stifling innovation. Additionally, when consumers have no choice but to have their financial data turned over to particular companies, there may be significant questions about whether they are being treated fairly. We have seen in other contexts how the use of new technologies and data analysis actually results in discrimination and bias. In part due to these concerns, the CFPB has issued a series of orders to find out more about the business practices of Big Tech companies to better understand how these firms use personal payments data and manage data access.
It's also increasingly apparent that the risks to consumers from these practices are not limited to Big Tech. We have seen reports that banks may be creating products for the specific purpose of acquiring payments data. Indeed, a recent article was entitled “Banks want in on digital wallets — and the consumer data that comes with them,” suggesting that one of the primary reasons that large banks are introducing their digital wallet is to get access to payment information. And we have seen Buy Now, Pay Later lenders collect consumer data—and deploy models, product features, and marketing campaigns based on that information—to increase the likelihood of incremental sales and maximize the lifetime value extracted from each current, past, or potential borrower.
Although these are new technologies and, in some ways, new concerns about consumer harm, Congress gave the CFPB powerful tools to address these risks and challenges. Let me highlight two pressing issues.
- First, the Consumer Financial Protection Act defines financial product or service to include “providing payments or other financial data processing products or services to a consumer.” 12 U.S.C. § 5481(15)(vii). And that product or service qualifies as a “consumer financial product or service” within the Bureau’s jurisdiction if it is “offered or provided for use by consumers primarily for personal, family, or household purposes.” 12 U.S.C. § 5481(5).
- Importantly, the Bureau is authorized to take actions to prevent unfair, deceptive, or abusive acts or practices performed “in connection with” transactions for consumer financial products or services. And the collection of massive amounts of data from processing payments and similar activity, which companies then monetize for other purposes, certainly seems to me like acts or practices performed in connection with processing payments.
- The statute does contain a relevant exception with respect to certain sellers of nonfinancial goods or services who engage in financial data processing “solely because” they transmit or store payments data “exclusively” for the purpose of the consumer paying for the goods or services that are sold directly by the seller to consumers. 12 U.S.C. § 5481(15)(vii).
- By its terms, the exclusions relate only to payment processing by a seller that is necessary to effectuate the sale of nonfinancial goods or services directly by that seller claiming the exception.
- In other words, this narrow exception seems to be designed for the conduct of mom-and-pop merchants simply processing or storing payments data to effectuate payment transactions directly with their customers.
- We have significant doubts about whether entities fall under this exception when they harvest and monetize reams of data associated with their customers’ transactions.
- Second, when the Fair Credit Reporting Act (or FCRA) was passed more than 50 years ago, it was intended to regulate the new — at that time — phenomenon of agencies that compiled and sold vast quantities of information on Americans
- Before passing the FCRA, Congress held a series of investigative hearings and uncovered a wide variety of abuses in the emerging consumer reporting market. The results of those hearings will sound eerily familiar to anyone aware of modern concerns about the sale of financial data.
- For example, Congress found that many consumers were unaware that data about them was being bought and sold because non-disclosure agreements between consumer reporting agencies and users hid the arrangement behind a shroud of secrecy.
- Congress also criticized the fact that consumers were not given access to the information being bought and sold, which was often obsolete or irrelevant.
- 50 years later, it is clear that these concerns have not gone away. The CFPB is very interested in the potential applicability of the FCRA and its requirements, including the limitations on the use of consumer reports, to those who market data on consumers’ financial transactions.
In sum, Congress has armed the CFPB with critical authorities to address concerns about how data is bought, sold, used, and protected, and the payments industry should pay close attention to complying with legal requirements in this area.
“Gig” and Other Non-Standard Workers
The next area I’d like to discuss is the payment of “gig” and other non-standard workers.
People increasingly earn income outside of standard, long-term employment relationships, often facilitated by digital platforms. Surveys have indicated that, in any given month, between 25 to 35 percent of workers participate in “non-standard work” – meaning “gig work” for employers like Uber or TaskRabbit as well as other forms of freelance, independent, or other non-standard work. And this trend has affected a broad range of workers. For example, a recent AARP study found that more than a quarter of older workers are performing freelance or gig work.
The rise of this category of work has created concerns in a variety of different areas, including but not limited to employment and consumer protection. Gig workers tend to have lower hourly earnings as compared to service workers receiving W-2s and tend to face greater economic insecurity. And non-standard workers are substantially less likely to be paid via direct deposit. One recent study reported that less than half of all millennial gig workers were paid by direct deposit. Industry has reported that the majority of non-standard workers get paid with digital payment tools.
The Bureau has heard directly from workers and worker organizations about the challenges these workers face in navigating consumer financial markets, including with respect to how they are paid. Analysts expect gig work and other forms of non-standard work to continue to grow, and with that, a demand for nontraditional payment systems to compensate those workers. One particular area of interest and concern is the intersection between how non-standard workers are paid and the Electronic Fund Transfer Act (or EFTA).
- For instance, we are very concerned about gig workers being improperly required to receive payment at a particular financial institution or through a particular payment product or app.
- EFTA’s “compulsory use” provision prohibits “requir[ing] a consumer to establish an account for receipt of electronic fund transfers with a particular financial institution as a condition of employment….” 15 U.S.C. § 1693k(2).
- As the FTC’s recent policy statement on gig work indicated, companies may misclassify workers as independent contractors to attempt to avoid applicable law. And a company’s choice to classify gig workers as independent contractors does not determine whether those workers are protected by EFTA.
- Accordingly, employers concerned with compliance or litigation risk should err on the side of caution and provide gig workers with payment options that do not require workers to establish an account with a particular institution.
- And that is just one example of the ways that evolution in the labor markets has changed how workers are paid, raising important questions for the payments industry about compliance with the federal consumer financial laws.
- To briefly touch on another example, more and more people in non-standard work arrangements use personal peer-to-peer products to receive payment for work as well as for their personal financial transactions.
- Notwithstanding misguided arguments that we have seen from some companies, when people use a personal peer-to-peer product for work transactions, EFTA applies. That is, consumers do not lose critical EFTA protections with respect to fraud and error resolution simply because they use a personal peer-to-peer app for a side hustle to keep a roof over their head.
I could go on. The point is that we are already seeing how the changing nature of work has and will continue to present crucially important issues of consumer protection that we will be watching at the CFPB, and the payments industry should pay attention as well.
Liquidity and Stability in Peer-to-Peer Payments
Finally, the third area I’d like to discuss is liquidity and stability in the peer-to-peer payment system.
Peer-to-peer payment products are sometimes used in connection with banking products, like deposit accounts, debit cards, and credit cards. However, they are also increasingly used as a substitute for banking products. Millions of consumers are using these apps for transactions every day, and data suggest they are leaving tens of billions of dollars in these products at any given time. Moreover, according to a recent FDIC survey, unbanked households are twice as likely to use prepaid cards or nonbank online payment services to conduct four or more types of transactions. We are concerned that real risks accompany the use of these products that must be considered with their rapid rise.
For example, the collapse of FTX and other crypto trading platforms was a wake-up call for many Americans who assumed their assets were safe or even insured when stored in nontraditional accounts. As we have seen more recently with the fall of Silicon Valley Bank and others, a “bank run” can happen in any part of the financial sector where people are promised quick access to their funds, but the company making that promise has invested those funds somewhere else. With respect to consumer banking, depositors of $250,000 or less are protected with FDIC and NCUA insurance; they can be sure they won’t lose their money if the institution fails.
However, consumers who store funds in a payment app do not have the same level of protection. As CFPB Director Chopra recently stated:
Of course, that is just one issue that is front of mind with respect to peer-to-peer apps; there are others, and I am sure the topics will continue to multiply as the use of these products continues to grow.
Thank you very much, again, for generously sharing your time with me today. As I said at the top, the evolution of the payments system has increasingly put it at the center of some of the most pressing issues in consumer finance, and there are many more issues and areas of concern that we could discuss. I hope that my remarks today have given you just a little bit of a sense of the concerns that we are confronting at the CFPB. Thank you, and I look forward to questions.