CFPB Requests Information on Payment System Plans and Practices of Large Technology Companies

The Consumer Financial Protection Bureau (CFPB) released a statement on October 21, 2021, announcing that it has ordered six of the largest US technology companies that operate payment systems to turn over information about their payments-related products, plans and practices. The CFPB issued the orders to gain insight into how these firms use personal payments data (including with third parties), and to identify how this data can potentially be used to limit consumer choice and hinder innovation. On November 5, 2021, the CFPB published a request inviting interested parties to submit comments to inform the agency’s inquiry no later than December 6, 2021.

Scope of the orders

The CFPB asserts that the orders build on the efforts of the Federal Trade Commission to bring heightened scrutiny to some of the largest US technology companies. Specifically, the six orders allegedly seek to illuminate the scale of these companies’ consumer payment products, as well as the underlying business practices. In its statement, the CFPB described these as an “initial” set of orders, and it revealed that the agency also will be studying the payments practices of at least two large Chinese technology companies.

The comprehensive nature of the inquiry is reflected in an example order that the CFPB made publicly available. Broadly, the CFPB is seeking information related to the data gathering practices of the six technology companies, but the order also demonstrates that it is seeking information regarding the specifics of how these companies are making decisions based on the user data they collect. Ultimately, the CFPB says, it intends to use this information to ensure that these companies are maintaining adequate consumer protections.

The example order includes 55 questions, which generally fall within three primary categories:

• Data harvesting and monetization
• Access restrictions and eligibility requirements for products
• Prioritization of consumer protections

More specifically, the CFPB asked each company to:

• Describe and provide detailed information about each of its products
• Explain its activities involving data collection from customer use of its products and from web scraping
• Provide information on how it monetizes product data
• Identify and provide policies and procedures governing access restrictions for products
• Provide information on how it is complying with certain consumer protections, including obligations under federal consumer financial law
• Provide use metrics for its products
• Disclose its organizational structure as it relates to its payments products

Statutory authority

The CFPB stated that the orders were issued pursuant to Section 1022(c)(4) of the Consumer Financial Protection Act. This section states in relevant part that the CFPB has “the authority to gather information from time to time regarding the organization, business conduct, markets, and activities of covered persons and service providers.”¹ The CFPB may gather this information in a number of ways, including by requiring covered persons to supply “answers in writing to specific questions.”² Through this authority, the CFPB argues that it will be able to obtain information from technology companies that will enable the agency to monitor risks to consumers and to publish aggregated findings that are in the public interest.

Comments and outlook

Under the Biden administration, the CFPB has taken a more active role in enforcing consumer protections, and many expected this trend to continue once the Senate confirmed Rohit Chopra as director of the agency in September. Following the issuance of the six orders, it is clear that the CFPB plans to use its broad monitoring authority to gather information on companies outside of the agency’s traditional purview. As Chopra remarked in the director’s statement on the inquiry, the CFPB hopes that such orders “will yield insights that may help the CFPB to implement other statutory responsibilities, including any potential rulemaking under Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.” In November 2020, the CFPB issued an advance notice of proposed rulemaking on Section 1033, which provides for consumer rights to access financial records.

But further, this announcement is one of several recent statements signaling that Chopra is keyed on large technology companies. In written testimony before the House Committee on Financial Services on October 28, 2021, Chopra again noted the influence of “Big Tech” companies in the payments space, which he contended “have sought to gain greater control over the flow of money in our economy.” So, while it remains to be seen how insight gained from the companies’ responses to these orders will shape CFPB rulemaking or enforcement activities, Chopra seems to be positioning the CFPB as another Big Tech watchdog.

Law clerk James Dionne contributed to this alert.

Notes

1. 12 U.S.C. § 5512(c)(4)(A).
2. Id. § 5512(c)(4)(B)(ii).

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.