ARTICLE
23 January 2025

CFPB Proposes Interpretive Rule On Emerging Payment Mechanisms Under Regulation E And Requests Information To Consider Extended Data Privacy Protections

SJ
Steptoe LLP

Contributor

In more than 100 years of practice, Steptoe has earned an international reputation for vigorous representation of clients before governmental agencies, successful advocacy in litigation and arbitration, and creative and practical advice in structuring business transactions. Steptoe has more than 500 lawyers and professional staff across the US, Europe and Asia.
On January 10, 2025, the Consumer Financial Protection Bureau (CFPB) promulgated a proposed interpretive rule (Proposed Rule) to apply Regulation E...
United States Technology

On January 10, 2025, the Consumer Financial Protection Bureau (CFPB) promulgated a proposed interpretive rule (Proposed Rule) to apply Regulation E to "emerging payment mechanisms," including transfers of fungible digital assets used for payment or that can be readily exchanged into fiat currency, gaming currencies, and other similar innovative payment currencies. The Proposed Rule could also apply Regulation E to credit card rewards points purchased to pay for goods or services. The CFPB's principal goal apparently is to apply Regulation E's protections regarding unauthorized use and error resolution to emerging payment currencies.

The Proposed Rule would interpret key terms in Regulation E, including "financial institution," "funds," and "account," to achieve the CFPB's goal.

The CFPB is also seeking public comment on how companies that offer financial products collect and use consumer data. In a previous notice, the CFPB found certain payment platforms "collect and use data in excess of what is needed to initiate and complete a transaction" and that "this data can be matched with a wide range of other data about a consumer, including their location, social networking, and browsing history" to develop personalized pricing, among other uses. The CFPB is exploring whether and how to apply existing data and privacy laws, including the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, to such data collection and use.

March 31, 2025, is the deadline for submitting comments on the Proposed Rule and responses to the request for information.

Regulation E Proposal - Key Takeaways

  • "Financial Institution": Clarifies that nonbank entities are included if they directly or indirectly hold an account belonging to a consumer or issue an access device and agree with a consumer to provide EFT services. The CFPB contends that its interpretation of the definition here is no different from the current prevailing understanding.
  • "Funds": The Proposed Rule would interpret "funds," which is not defined in either EFTA or Regulation E, to include "assets that act or are used like money, in the sense that they are accepted as a medium of exchange, a measure of value, or a means of payment." The CFPB states explicitly that this interpretation would cover many stablecoins, "as well as any other similarly-situated fungible assets that either operate as a medium of exchange or as a means of paying for goods or services." Whether a specific digital asset is included in the term "funds" is "fact-specific" and dependent on whether the asset may be "used to make payments" or is "readily exchanged for fiat currency." As a practical matter, the interpretation seems likely to include most widely-used fungible digital assets. The Proposed Rule suggests that non-fungible tokens or NFTs would not constitute "funds" because "they cannot be used to make payments or cannot be readily exchanged for fiat currency." The Proposed Rule acknowledges that certain purchases of a security or commodity are exempt from EFTA but clarifies that EFTA would apply if funds in an investment account, including stocks and bonds, are used to purchase goods or services or obtain cash.
  • "Account": The Proposed Rule would interpret "account" to include not only traditional checking or savings accounts but also "other consumer asset accounts," including accounts "into which funds can be deposited by the consumer or on their behalf and which have features of deposit or savings accounts." The Proposed Rule cites an incomplete list of such features but includes "paying for goods or services from multiple merchants, ability to withdraw funds or obtain cash, or conducting person-to-person transfers."

    Covered accounts could include:
    • Card rewards points accounts that allow consumers to buy points that can be used to purchase goods from multiple merchants;
    • Video game accounts used to purchase virtual items from multiple game developers or players;
    • Virtual currency wallets that can be used to buy goods and services or make person-to-person transfers.

Our Take

In the waning days of Director Chopra's leadership, the CFPB continues to release rules and guidance at a torrid pace. While it is reasonably likely that this proposal, coming only one week before the new administration takes control, will be put on hold, if not revoked, we cannot be certain.

The substance of the Proposed Rule is notable in several respects:

  • The guidance is non-specific and lacks clarity. What constitutes "funds" or an "account" is fact-dependent and subject to standards that are not clearly defined. This leaves interpretation to regulators and courts. That said, it is reasonably clear that the CFPB intends stablecoins, betting currencies, and gaming currencies, at least, to be in scope.
  • The reference to credit card points is troubling, though it is only in passing. Additionally, such points cannot reasonably be considered an "emerging" payment mechanism (if a "payment mechanism" at all). Overall, the CFPB's focus is not on rewards here and will likely prioritize other currencies and accounts first. Moreover, the Proposed Rule refers to rewards that can be purchased by a consumer; few programs allow card rewards to be "purchased," apart from earn via spend or via proprietary point transfers. But the ambiguity could permit aggressive interpretive and enforcement action by states, in particular.
  • While the Proposed Rule focuses on error resolution and unauthorized use protections, all EFTA's provisions would apply to covered currencies, including pre-authorized debit notice requirements, as applicable, and statementing requirements.
  • Given the immutable nature of blockchain transactions, applying Reg E to fungible digital assets is likely to present a range of complex compliance challenges for the industry. For example, because a blockchain transaction cannot be reversed, industry may need to devise other mechanisms to comply with certain requirements related to disputes and refunds.
  • The CFPB cautions that the securities exception is limited. EFTA could still apply if a security is utilized to purchase goods or services from a retailer. While the CFPB's interpretation of the securities exception's scope might not significantly impact the treatment of crypto assets under EFTA, it is important to consider the broader regulatory landscape. Typically, crypto assets fall under the SEC's jurisdiction based on the theory that they may be sold pursuant to investment contracts, a type of security under federal securities laws. However, the crypto asset itself is not classified as a security, even when sold under such contracts. As Congress deliberates legislation to delineate jurisdiction over crypto assets between the SEC and CFTC in the coming months, the intersection of EFTA and securities laws will be a critical area to monitor.

Information Request

The CFPB is also requesting information about how emerging payment mechanisms are utilized with the goal of "strengthening privacy protections and preventing harmful surveillance in digital payments." In addition, the CFPB requests comments on "implementing existing financial privacy law and how to address intrusive data collection and personalized pricing."

Requests include:

  • Scope of consumer use: Types of emerging payment mechanisms consumers are using and how these mechanisms are being integrated into their financial activities.
  • Consumer risks and benefits: Feedback on potential risks, such as unauthorized transactions or error resolution challenges, as well as the benefits these mechanisms may provide consumers.
  • Market practices: Insights into how financial institutions and fintech companies are structuring products and services to address or mitigate risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More