In this episode, Kalama Lui-Kwan, Keith Barnett, and Carlin McCrory discuss recent interviews by Rohit Chopra from the CFPB.
In this episode of The Crypto Exchange, Troutman Pepper Consumer Financial Services Partner Kalama Lui-Kwan welcomes back Keith Barnett and Carlin McCrory to discuss recent interviews by Rohit Chopra from the CFPB related to consumer protection issues, true lender matters, actions against repeat offenders, as well as P2P platforms and the CFPB’s stance on fees.
Keith and Carlin also discuss a recent report released by the CFPB, The Convergence of Payments and Commerce: Implications for Consumers, that examines the challenges in new product categories and risks to consumers inherent in the evolving payment ecosystem.
The Crypto Exchange, The CFPB’s Focus on Crypto and Payments
Recorded September 2022
Kalama Lui-Kwan:
Welcome to another episode of, The Crypto Exchange, the Troutman Pepper podcast, focusing on the world of digital assets and payments. As longtime leaders in the intersecting worlds of law, business and government regulations, our lawyers can go beyond the buzzwords and headlines to make sense of the emerging legal and regulatory frameworks for operating in the digital asset and payments industries. My name is Kalama Lui-Kwan, and I'm one of the hosts of the podcast and a partner at Troutman Pepper. Before we jump into today's episode, I'd like to remind you to visit and subscribe to our blog, consumerfinancialserviceslawmonitor.com. And don't forget to check out our other podcast on troutman.com/podcast. We have episodes that focus on trends that drive enforcement activity, consumer financial services, the Fair Credit Reporting Act, cyber security, hot-button labor and employment law issues, and more.
Today, I'm joined by my colleagues Keith Barnett and Carlin McCrory to discuss recent interviews by Rohit Chopra from the CFPB, related to consumer protection issues around crypto, as well as a recent report released by the CFPB on challenges and risks to consumers in the rapidly evolving payment ecosystem. Keith and Carlin, I'm looking forward to speaking with you today.
Keith, let's start with you. Rohit Chopra, the Director of the CFPB, has been on an interview spree, and the CFPB also released a report on payments. Let's start with this take on several topics from his interviews, and then move into the report. What did Director Chopra say about virtual currencies?
Keith Barnett:
When Chopra was asked about the turmoil in crypto, and how closely the bureau is monitoring these assets from a consumer protection standpoint, he responded by saying that the CFPB'S primary focus is on the effect of real time payments, which do not need to use blockchain based technologies. He went on to infer that, once crypto has a broader adoption, there are many other consumer protection issues that will need to be addressed, but he noted that there should not be any misrepresentations, for example, about deposit insurance. He stated that it must be made clear if money isn't a dollar denominated stablecoin or if it's in a true cash deposit that is insured.
That's pretty important, because insurance, as we noted during our last episode, concerning bankruptcies, insurance has been an issue with cryptocurrency exchanges that have gone bankrupt because customers thought that their fiat or their crypto in the exchanges were FDIC insured, and really they're not. For the most part, they have not been. The FDIC has finalized its rule-making related to representations concerning FDIC insurance as it relates to crypto, and Chopra brought that up during his interview.
One of the things that he did not bring up during his interview, but I'd like to mention, is that in August, the FDIC sent letters to five companies, demanding that they cease and assist from making false and misleading statements about FDIC insurance that they allegedly had, and asked these crypto companies to take immediate corrective action to address the false or misleading statements about FDIC insurance, so that's a big thing. One other big thing, before I turn it back to you, he also added that the CFPB is confronting the question of, will a stable coin or other type of digital currency one day ride the rails of big tech payment platforms?
Kalama Lui-Kwan:
Thanks, Keith. That's true. It's an important question that we all are going to have to navigate. Carlin, we discussed on a prior podcast episode some of Director Chopra's statements regarding P2P platforms. Could you tell us a little bit more about what he said?
Carlin McCrory:
Chopra mentioned P2P payment platforms, but in these interviews he specifically noted that the CFPB is looking very closely at how these apps are operating. He acknowledged that many of the apps have started to make changes to their user interface and user experience, to address some of these customer issues, including asking someone what the last four digits of the recipient's phone number are, or going through a couple more steps to make sure that the sender-recipient transaction is legitimate. He was also asked a follow-up question as to whether the solution to some of this fraud is based in consumer disclosure and education, or redrawing the lines of liability. Chopra's response is that, basically, the answer to this question should be based on consumer expectations. He stated that consumers have protections when they use a debit or credit card and have these expectations, similarly, for these P2P payment platforms. He stated that the staff is reviewing the number of complaints that they've been receiving, which has been, substantially said, an amount, and whether there are certain things that the CFPB needs to communicate, or whether regulatory initiatives should be pursued.
Kalama Lui-Kwan:
Keith, following up on that, Director Chopra was also asked about the impact of FinTech bank partnerships. Could you tell us a little bit more about that?
Keith Barnett:
There's a lot to unpack there, Kalama. Chopra was asked about how the bureau is scrutinizing FinTech and bank partnerships, and his initial response was making sure that FinTechs comply with the Military Lending Act, and he added that some of the bank FinTech partnerships had been violating provisions of the Military Lending Act. Then, he went on to say that there's a different model for small institutions that operate in the community, as long as they are mostly funding loans through deposits and dealing with a lot of repeat customers, and more slanted towards small business and consumer lending. He doesn't really have an issue with that, where he seems to have a problem as what he called a quote, "Rent-a-bank," arrangement. He said, "When you have a rent-a-bank arrangement, it's harder for things to be compliant."
To his credit, he noted that the CFPB does not have jurisdiction over the smaller banks that are involved in the rent-a-bank arrangement, because those banks have less than 10 billion in assets, but he also noted that the bureau has authority over the non-bank FinTech partners, as we have seen over the years, the enforcement actions against payment processors, money transmitters, and others who form these relationships with banks.
One other thing that Chopra said is that he's heard from states that these partnerships are being used to evade state consumer protection laws. That also begs the question of whether we will see states become more active in concert with the CFPB, or even the FDIC or OCC, when it comes to the bank FinTech partnerships, given that Chopra said that he does not have jurisdiction over the smaller banks.
One of the questions that I had at the time was whether the OCC would become more active. Well, it looks like my question was answered soon after Chopra's interview, because after his interview it was announced that the OCC executed a consent agreement with a bank, it was actually earlier this month, arising out of the bank's FinTech partnerships, and the agreement requires the bank to do a lot of things to beef up its compliance with federal law with respect to its FinTech partnerships. For example, the bank must address it's written policies, procedures, and processes governing its third party FinTech relationship partnerships, and the agreement provided specific examples. Some of these, I just want to share with you all, just to show you how the OCC seems to be in line with what Chopra said, and what the CFPB is probably going to do, going forward.
Some of these things that the bank is now required to do, under its enhanced compliance program, is identify and assess the inherent risks of the products, services, and activities performed by the third party FinTech partners, and they also need to detail how the bank selects, assesses, and oversees these third parties, to make sure that they are compliant with, not only federal law, but also the state laws that affect them.
The OCC also wanted to make sure that the bank had a detailed strategic plan, to make sure that they were providing the necessary resources to manage the third party FinTech relationship partners. They even wanted board involvement, like a board review of the approval of the third party fintechs. They also wanted the bank, in particular, to perform a Bank Secrecy Act assessment for each FinTech partner. There are a lot of things to unravel there within that agreement. The agreement was about 10, 11 pages long, was just a laundry list of things that the bank was required to do with respect to its partnership with FinTechs. That is probably going to be used as the roadmap going forward, not only within the OCC, but also the CFPB, and possibly the FTC as well. Even though the FTC does not have jurisdiction over banks, it does have jurisdiction over the FinTech partners, and I can certainly envision a scenario in which the CFPB or the FTC finds that a large bank, or any size FinTech, violated UDAP, arising out of the failure to have effective internal controls with respect to the bank FinTech partnership.
Kalama Lui-Kwan:
He also gave his opinion on fees, and we've seen the CFPB discussed so-called junk fees. That's certainly been another area of focus for the Bureau. Carlin, could you tell us more about that, and also maybe talk a bit about the order that the CFPB issued just this morning?
Carlin McCrory:
Yeah. Law360 also asked Chopra about fees, and he stated that banks are starting to move away from charging overdraft and NSF fees and that he has asked the CFPB's examiners to pay more attention to the financial institutions that have a high level of their deposit account fee revenue coming in. He stated most institutions want to provide a good service, and they aren't trying to scare away their customers by assessing different fees, and he noted that the CFPB has taken action against the institutions who program their systems in a way to specifically trigger more fees on the customer. In his interview with, American Banker, Chopra noted that he has been pleased with the number of shifts and fees charged, and that it's a positive sign for the marketplace.
This area is specifically interesting, because we're seeing Chopra regulating by interviewer, by blog post, rather than actually going through the process to amend Reg. E. He's making these statements, and financial institutions are acting to change their policies and procedures, and the way they're charging fees, without any firm changes to Reg. E in this situation for overdraft fees.
The FDIC also came out with guidance recently on multiple re-presentment of NSF fees and potential UDAPs, which we won't get into today, but this has has definitely been a hot area recently. As you mentioned, Kalama, just today, the CFPB came out with a consent order against a bank for charging what the CFPB called, "Illegal surprise overdraft fees." The CFPB alleged that the bank committed unfair and abusive acts and practices when it charged overdraft fees on transactions that had a sufficient balance at the time the bank authorized the transaction, but then later settled with an insufficient balance. These are commonly called, "Authorized positive overdraft fees."
The CFPB alleged that, from August 2018 through July 2021, this bank generated at least $141 million in these authorized positive overdraft fees. It was alleged that the bank was aware that government agencies had previously found that one or more financial institutions violated the law by charging this type of overdraft fee, and that the bank's leadership knew about the way they were charging fees, and could have discontinued, but they chose to wait while the bank pursued other changes that would generate new fee revenue, to make up for ending the fees. So I think this is, again, a really hot area, and something financial institutions need to take a close look at, because clearly the CFPB is keen on this topic.
Kalama Lui-Kwan:
It does seem that the CFPB is focused on larger institutions, especially those that are, in their view, repeat offenders. Keith, could you maybe talk a little bit more about that apparent emphasis on repeat offenders?
Keith Barnett:
Chopra was asked about taking on repeat offenders, and possibly including an admission of wrongdoing as a part of that approach. He said that the CFPB actually is focusing on, as you put it, Kalama, the large market actors that are repeat offenders, and they are focusing on the business incentives and the individuals making the decisions, and less of what he called, "The paperwork provisions." One of the things that the CFPB is looking at is, are these folks repeat offenders, and are the acts in which they are engaging some form of profit center for the bank, that hurts consumers?
Now, ironically, in the enforcement action that Carlin just mentioned, the CFPB'S press release highlighted the fact that particular bank was a repeat offender to the extent that it had a similar issue, and a similar enforcement action, with the CFPB about nine years ago. The other thing here, though, is that in the enforcement action that Carlin mentioned, there's no admission of wrongdoing with respect to this 2022 enforcement action, so even though Chopra said that they might include an admission of wrongdoing as a part of the approach, that was not here. We'll see if we expect to see that in the future.
Chopra also noted that the CFPB has established more units within the agency, to focus on compliance order monitoring. To that extent, the CFPB is focusing on more joint actions with state agencies and other entities that may have remedial tools, like the OCC. The OCC agreement that I mentioned earlier was not a joint one with the CFPB, but that agreement reads like a CFPB agreement, without the monetary penalty.
The last thing that I want to mention is that Chopra noted that the Consumer Financial Protection Act, civil penalty factors, and whether there's intentional or willful misconduct, is a major part of the remedial approach. He said that the CFPB can get redressed discouragement civil penalties, but also order limitations on the activities of the business that has violated the law. So he's really saying that, "Hey, not only do we have monetary penalties, but we can also seek injunctive relief."
That is important, and then the last thing I want to mention, and this is something that the executives who are listening need to be wary of, is that Chopra also said that just because a person works at a larger company, or a bank, or whichever, it does not mean that he or she is able to escape individual liability. Which is a definitive shift from the CFPB'S prior practices, wherein they left the individuals within the larger banks, or other financial institutions, alone with respect to enforcement actions, but when you saw the smaller, more mom and pop FinTechs or financial institutions, the CFPB, in the past, had named the individuals
Kalama Lui-Kwan:
Carlin, last month in August, the CFPB released a report titled, The Convergence of Payments and Commerce: Implications for Consumers. Could you tell us a little bit more about that report?
Carlin McCrory:
The CFPB issued the report in which it examines the challenges and risks to consumers inherent in the evolving payment ecosystem, if you will, and the emergence of product offerings that blur lines between banking and commerce. The report highlights three new product categories, the first being, super apps. What the CFPB means by this are apps that provide access to a variety of products and services within a single app, so it minimizes having to work with several different providers. The CFPB notes that, in the US, the super app concept is following the bank-in-app approach, and it identifies using a virtual wallet as an example of a US super app bank-in-app product.
The second new product is, buy now, pay later, products, and the third is embedded commerce, embedded commerce being the incorporation of payment capabilities within any area of a social media feed, that enables the customer to shop directly through a social media website or app, instead of having to go to the retailer's website.
The CFPB highlights, in the report, its two main concerns, the first being monetization of consumer financial data. The CFPB is concerned that as technology drives integration between financial service providers and non-financial companies, that these companies will have more opportunities to aggregate, monetize, and misuse consumers' financial data. The CFPB is also concerned that the data-handling practices of companies and service providers may be somewhat opaque, if you will, to consumers, and their data may be used and shared for purposes that they didn't necessarily intend for their data to be used, or even understand that their data would be used in a certain way. The report said this could lead to feelings of, quote, "Powerlessness," and, quote, "Digital resignation."
The second concern is scale and market power. The CFPB said the payment ecosystem continues to evolve. It's possible that these emerging business models will allow certain companies to quickly gain scale through the engagement of merchants and consumers, and aggregate vast amounts of consumer data, which will result in the creation of a, quote, "New generation of dominant incumbents."
The CFPB actually laid out a proposed plan of what it may do. They may propose rules pursuant to Section 1033 of Dodd-Frank, in an effort to provide consumers with control over their financial data, including their payments data, and transactional data. The CFPB may also assess new models of lending integrated with payments and eCommerce, such as, buy now, pay later, products. The CFPB may also seek to mitigate the consequences of these large tech firms moving into the realtime payment space, by considering the experiences of other jurisdictions, where the shift towards realtime payments has already occurred. Europe's been in realtime payments for a while, and the US is playing catch up to a certain extent. I know the CFPB wants to take a look at that, and make sure we reduce fraud losses incurred by consumers, that we talked a little bit about earlier, as well as other market participants.
Kalama Lui-Kwan:
Thanks very much for that. Keith and Carlin, thank you both for joining us today, and thank you to our audience for listening to today's episode. Don't forget to visit our blog, consumerfinancialserviceslawmonitor.com, and subscribe so you can get the latest updates. Please make sure to also subscribe to this podcast via Apple Podcast, Google Play, Stitcher, or whatever platform you use. We'll look forward to next time.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.