The Consumer Financial Protection Bureau’s recent data requests show how regulators are teaming up and provide clues about the near future.
In October 2020, the Bureau announced that it requested data from Amazon, Apple, Facebook, Google, PayPal, and Square (now Block) about their payments operations, and that it would compare what it learned with research into Chinese fintechs Alipay and WeChat Pay. They asked about data harvesting and monetization, the notion of locking consumers into using their products, and consumer protection.
Then, in December, the Bureau sent detailed data requests to buy now, pay later companies Affirm, AfterPay, Klarna, PayPal, and Zip. In a 16-page request, it asked for detailed information about these companies’ operations, customer bases, and revenue models. It also included specific questions about data harvesting and monetization.
The in-depth questions about data harvesting and monetization in both requests show that data and privacy will become important issues. Depending on what the CFPB finds, we may see a round of regulations that focus on data and its use.
But the questions about whether customers are locked into using particular platforms show a bigger picture. Regulators are increasingly concerned about the size of companies. For example, the Federal Trade Commission has sued Facebook, asking a judge to order it to sell WhatsApp and Instagram.
As all of this is happening, the Bureau’s director, Rohit Chopra, who sits on the board of the Federal Deposit Insurance Corp., has, along with Martin Gruenberg and acting comptroller of the currency Michael Hsu, forced the FDIC to issue a request for information about the Bank Merger Act. One of the questions is whether any transaction over a certain size should be considered a systemic risk.
The request—first published on the Bureau’s site and not the FDIC’s—led to a battle over whether the Board could do this without the cooperation of FDIC chairwoman Jelena McWilliams, who then announced she will resign in February.
These changes suggest that the banking regulatory agencies will be working more closely with one another in the future. It is not likely that the next head of the FDIC will be able to avoid going along with the other regulators.
Meanwhile, the CFPB is still locked in a court battle with PayPal over the disclosure requirements of the Bureau’s prepaid accounts rule. If the Bureau loses, it may take that as a catalyst to write new regulations that would address the gaps left by the lawsuit.
While the information that comes out of the data requests will not likely influence the ongoing cases, they show that certain topics have regulators’ attention across industries.
The payments industry will need to keep its eyes open for regulatory action on a variety of fronts. It will also need to pay attention to whether state and federal regulators are working in concert.
The industry needs to keep two things in mind.
First, the regulators do not care about whether your businesses thrive or even survive. In their minds, that is secondary to whether any consumer harm happens at all. If 100 people benefit, but one misuses a product, that is often enough to ban it.
Second, the industry needs to tell its story in a coordinated way. While companies may see a temporary competitive advantage in some regulations, if only one company or business model is left, then that will be the one that gets all the future scrutiny. As regards point one above, eventually regulators will come for the last one standing.
Relationships with regulators are about to become more intense. Companies should be working on strategies for weathering the new climate.
—Ben Jackson, email@example.com