The CFPB’s proposed rule could subject “Big Tech” companies offering certain consumer financial services to the same regulatory scrutiny imposed on banks and financial institutions with respect to such consumer financial services.
On November 7, 2023, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule This would allow the CFPB to supervise certain large non-bank companies that provide consumer financial services such as digital wallets and payment apps. If passed, it would subject large technology companies processing more than five million payment transactions per year, such as Apple, Meta and Alphabet, to CFPB oversight reviews for the first time. Under the proposed rule, these large nonbank companies would be required to adhere to certain federal funds transfer, privacy, and other federal consumer financial protection laws, including protections against unfair, deceptive, and abusive practices.
The CFPB believes that imposing consistent consumer protection laws among large technology companies and depository institutions will help level the playing field, promote competition, and protect consumers’ privacy rights. The proposed rule aims to promote competition by requiring companies that offer transaction accounts, such as checking accounts, credit cards and digital wallets, to give consumers access to their personal financial data so that they can share this data more easily with another provider. It would also prohibit companies that receive such personal data from using it for purposes other than financial services products offered to consumers. Large technology companies would therefore not be allowed to use this personal data for targeted advertising purposes, sell it to brokers or keep it indefinitely.
The proposed rule is part of the CFPB’s efforts to oversee the shift to “open banking” in the United States and to supervise large technology companies as they enter consumer financial markets, thereby blurring the line traditional between banking activities and commercial activities. Earlier this year, the CFPB released a report claiming that large technology companies have had a negative impact on competition and innovation in the mobile payment industry. As part of this report, the CFPB requested information from these companies about their use of sensitive personal data (available here). The CFPB has indicated that it believes the current lack of regulatory oversight or oversight of large technology and payment companies puts consumers at risk because these companies are not subject to the same consumer financial protection laws as banks and credit unions. Last year, the CFPB also issued an interpretive ruling providing that technology companies that market financial products using behavioral targeting techniques must comply with federal consumer financial protection laws. here). According to CFPB Director Rohit Chopra, “federal and state law enforcement can and should hold these companies accountable if they violate the law.”
Comments on the proposed rule (available here) must reach the CFPB no later than January 8, 2024.