The Consumer Financial Protection Bureau (CFPB) has remained busy as we head into the final week of 2021. The agency released updated FAQs regarding the Electronic Fund Transfer Act (EFTA) and Regulation E, issued orders to file information to five buy now, pay later (BNPL) companies, and halted the lending activities of a prominent venture capital-backed fintech lender.

Electronic Fund Transfers FAQs updated

The CFPB updated its Electronic Fund Transfers FAQs on December 13, 2021. These FAQs are issued as a "Compliance Aid." Compliance Aids, according to a Policy Statement published by the CFPB in the Federal Register in early 2020, are nonbinding decisions designed to clarify the requirements of existing rules and statutes for compliance professionals, industry stakeholders and the public.

The FAQs update focuses on four topics relating to electronic funds transfers (EFTs):

  1. What transactions are covered
  2. What institutions are covered
  3. Error resolution
  4. Error resolution for unauthorized EFTs

There are several new interpretations since the last update to the FAQs in June 2021. Many of the new interpretations applicable to person-to-person (P2P) payments providers are noteworthy and appear inconsistent with long-standing industry interpretations of Regulation E.

First, the CFPB suggests that a P2P payment can be an EFT, which is defined by Regulation E as "any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account." 12 CFR § 1005.3(b)(1). According to the FAQs, an EFT can include P2P debit card "pass-through" payments initiated through a payments services provider that does not hold a consumer's account, on the basis that such provider can still be a "financial institution" for purposes of an EFT. The FAQs explain that this is, in part, because non-account-holding providers of P2P payment or bill payment services are considered financial institutions if the provider issues an access device and agrees to provide EFT services. The FAQs appear to characterize a "mobile wallet" as an access device, but do not further define or describe what would make it an access device. Importantly, if an entity is considered a financial institution under Regulation E, that entity has error resolution obligations if a consumer notifies the financial institution of an error.

Second, the FAQs explain that, in a narrower set of circumstances, a non-bank P2P provider will also be considered a service provider if both of the following apply:

  • It issues an access device through which a consumer can access an account with an account-holding institution.
  • There is not an agreement between the non-bank P2P payment provider that issues the access device and the financial institution that holds the account.

The FAQs further explain that an automated clearing house (ACH) agreement alone is not sufficient, "[h]owever, an ACH agreement combined with another agreement to process payment transfers – such as an ACH agreement under which members specifically agree to honor each other's debit cards" would be.

BNPL faces increased CFPB scrutiny

Last week, the CPFB issued orders to five companies that offer BNPL products in an effort to gather insight into the various BNPL products on the market, consumers' usage of the products and the companies' business practices. The CFPB noted that it expects to publish aggregated findings and insights obtained from the companies' responses. Of note, the CFPB is coordinating its efforts with state agencies, the rest of the Federal Reserve System, and its international partners in Australia, Sweden, Germany and the UK's Financial Conduct Authority.

The orders to file are not supervisory orders, but are market-monitoring orders that the CFPB issued under its mandate to "monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services." In fact, this is the second set of market-monitoring orders issued to fintech companies since October, and companies should expect the continued use of this authority under CFPB Director Rohit Chopra.

The CFPB had previously indicated an interest in BNPL products, and the orders confirm the CFPB's focus on these products and the companies that offer them. Specifically, the CFPB is concerned with three principal aspects of the BNPL market:

  1. That these products can lead to debt accumulation by consumers due to the potential ease of obtaining BNPL products, the inherent challenges for consumers to keep track of payment schedules on multiple purchases with multiple companies, and the potential for fees.
  2. That there are potential compliance gaps. (The agency indicated that it is seeking information to determine whether companies are sufficiently complying with consumer protection laws, and is troubled that certain protections that currently apply to other forms of credit may not apply to BNPL products.)
  3. That BNPL companies' data collection, behavioral targeting and data monetization practices may create potential risks for consumers.

Based on the CFPB's generic order, it is seeking additional information in several areas:

  • A description of the BNPL products offered.
  • Business models and metrics, including transaction metrics, volume, payment methods and fees.
  • Practices relating to servicing, credit reporting, returns and refunds, delinquencies, defaults, debt collection and charge-off.
  • Consumer protection, including state licensing.
  • How often and by what method users contact the company about various issues, and user demographics.
  • How data is collected and retained, and the purposes associated with harvesting data.
  • How BNPL product data is monetized.

The CFPB orders come on the heels of a letter sent by the Senate Banking Committee to Chopra that urges the CFPB to review and oversee BNPL products to combat the potential for consumer harm.

CFPB closes lending operations of VC-backed fintech lender

A fintech lender settled a September 2021 CFPB lawsuit alleging that the lender continued to engage in certain marketing activities in violation of a 2016 CFPB order. The lawsuit also alleged that the lender had engaged in certain fair lending violations. The lender agreed to stop making new loans, stop collecting on certain outstanding loans and pay a monetary penalty.

The CFPB stated that the lender offered a variety of consumer-focused loans and advertised to consumers that making timely payments and taking free courses offered through the lender's website would enable them to receive lower interest rates on future loans and access to larger loan amounts. The lawsuit contended that repayment and participation in the free courses did not lead to more favorable rates or access to larger loans. Additionally, the CFPB contended that the lender did not provide timely and accurate adverse-action notices, in violation of the Equal Credit Opportunity Act.

In a CFPB press release on the matter, Chopra noted that the lender "was backed by some of the biggest names in venture capital," and this enforcement action indicates that the popularity of a company with investors will not influence CFPB oversight decisions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.