Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications, 99582-99654 [2024-27836]

Download as PDF 99582 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations CONSUMER FINANCIAL PROTECTION BUREAU 12 CFR Part 1090 [Docket No. CFPB–2023–0053] RIN 3170–AB17 Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications Consumer Financial Protection Bureau. ACTION: Final rule. AGENCY: The Consumer Financial Protection Bureau (CFPB) issues this rule to define larger participants of a market for general-use digital consumer payment applications. Larger participants of this market will be subject to the CFPB’s supervisory authority under the Consumer Financial Protection Act (CFPA). A nonbank covered person qualifies as a larger participant if it facilitates an annual covered consumer payment transaction volume of at least 50 million transactions as defined in the rule, and it is not a small business concern. DATES: This rule is effective January 9, 2025. FOR FURTHER INFORMATION CONTACT: George Karithanom, Regulatory Implementation and Guidance Program Analyst, Office of Regulations, at 202– 435–770. If you require this document in an alternative electronic format, please contact CFPB_Accessibility@ cfpb.gov. SUPPLEMENTARY INFORMATION: SUMMARY: khammond on DSK9W7S144PROD with RULES2 I. Overview Section 1024 of the CFPA,1 codified at 12 U.S.C. 5514, gives the CFPB supervisory authority over all nonbank covered persons 2 offering or providing three enumerated types of consumer financial products or services: (1) Origination, brokerage, or servicing of consumer loans secured by real estate and related mortgage loan modification or foreclosure relief services; (2) private 1 Consumer Financial Protection Act of 2010, title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111–203, 124 Stat. 1376, 1955 (2010) (hereinafter, ‘‘CFPA’’). 2 The provisions of 12 U.S.C. 5514 apply to certain categories of covered persons, described in section (a)(1), and expressly excludes from coverage persons described in 12 U.S.C. 5515(a) (very large insured depository institutions and credit unions and their affiliates) or 5516(a) (other insured depository institutions and credit unions). The term ‘‘covered person’’ means ‘‘(A) any person that engages in offering or providing a consumer financial product or service; and (B) any affiliate of a person described [in (A)] if such affiliate acts as a service provider to such person.’’ 12 U.S.C. 5481(6). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 education loans; and (3) payday loans.3 The CFPB also has supervisory authority over ‘‘larger participant[s] of a market for other consumer financial products or services, as defined by rule[s]’’ the CFPB issues.4 In addition, the CFPB has the authority to supervise any nonbank covered person that it ‘‘has reasonable cause to determine by order, after notice to the covered person and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.’’ 5 This rule (the Final Rule) is the sixth in a series of CFPB rulemakings to define larger participants of markets for consumer financial products and services for purposes of CFPA section 1024(a)(1)(B).6 The Final Rule establishes the CFPB’s supervisory authority over nonbank covered persons that are larger participants in a market for ‘‘general-use digital consumer payment applications.’’ In establishing the CFPB’s supervisory authority over such persons, the Final Rule does not impose new substantive consumer protection requirements. In addition, some nonbank covered persons that would be subject to the CFPB’s supervisory authority under the Final Rule also may be subject to other CFPB supervisory authorities, including for example under CFPA section 1024 as a larger participant in another market defined by a previous CFPB larger participant rule. Finally, regardless of whether they are subject to the CFPB’s supervisory authority, nonbank covered persons generally are subject to the CFPB’s regulatory and enforcement 3 12 U.S.C. 5514(a)(1)(A), (D), (E). U.S.C. 5514(a)(1)(B), (a)(2); see also 12 U.S.C. 5481(5) (defining ‘‘consumer financial product or service’’). 5 12 U.S.C. 5514(a)(1)(C); see also 12 CFR part 1091 (prescribing procedures for making determinations under 12 U.S.C. 5514(a)(1)(C)). In addition, the CFPB has supervisory authority over very large depository institutions and credit unions and their affiliates. 12 U.S.C. 5515(a). Furthermore, the CFPB has certain authorities relating to the supervision of other depository institutions and credit unions. 12 U.S.C. 5516(c)(1). One of the CFPB’s objectives under the CFPA is to ensure that ‘‘Federal consumer financial law is enforced consistently, without regard to the status of a person as a depository institution, in order to promote fair competition[.]’’ 12 U.S.C. 5511(b)(4). 6 The first five rules defined larger participants of markets for consumer reporting, 77 FR 42874 (July 20, 2012) (Consumer Reporting Rule), consumer debt collection, 77 FR 65775 (Oct. 31, 2012) (Consumer Debt Collection Rule), student loan servicing, 78 FR 73383 (Dec. 6, 2013) (Student Loan Servicing Rule), international money transfers, 79 FR 56631 (Sept. 23, 2014) (International Money Transfer Rule), and automobile financing, 80 FR 37496 (June 30, 2015) (Automobile Financing Rule). 4 12 PO 00000 Frm 00002 Fmt 4701 Sfmt 4700 authority and to applicable Federal consumer financial law. The market described in the Final Rule includes providers of funds transfer and payment wallet functionalities through digital payment applications for consumers’ general use in making payments to other persons for personal, family, or household purposes. Examples include consumer financial products and services that are commonly described as ‘‘digital wallets,’’ ‘‘payment apps,’’ ‘‘funds transfer apps,’’ ‘‘peer-to-peer payment apps,’’ ‘‘person-to-person payment apps,’’ ‘‘P2P apps,’’ and the like. Providers of consumer financial products and services delivered through these digital applications help consumers to make a wide variety of consumer payment transactions, including payments to friends and family and payments for purchases of nonfinancial goods and services. The CFPB is authorized to supervise nonbank covered persons that are subject to CFPA section 1024(a) for purposes of (1) assessing compliance with Federal consumer financial law; (2) obtaining information about such persons’ activities and compliance systems or procedures; and (3) detecting and assessing risks to consumers and consumer financial markets.7 The CFPB conducts examinations of various scopes of supervised entities. In addition, the CFPB may, as appropriate, request information from supervised entities prior to or without conducting examinations.8 Section 1090.103(d) of the CFPB’s existing larger participant regulations also provides that the CFPB may require submission of certain records, documents, and other information for purposes of assessing whether a person qualifies as a larger participant of a market as defined by a CFPB larger participant rule.9 Consistent with CFPA section 1024(b)(2), the CFPB has established and implemented a risk-based supervisory program that is designed to prioritize supervisory activity among nonbank covered persons subject to CFPA section 1024(a) on the basis of risk.10 The CFPB’s prioritization process 7 12 U.S.C. 5514(b)(1). The CFPB’s supervisory authority also extends to service providers of those covered persons that are subject to supervision under 12 U.S.C. 5514(a)(1). 12 U.S.C. 5514(e); see also 12 U.S.C. 5481(26) (defining ‘‘service provider’’). 8 See, e.g., 12 U.S.C. 5514(b)(1) (authorizing the CFPB both to ‘‘require reports and conduct examinations on a periodic basis’’ of nonbank covered persons subject to supervision). 9 12 CFR 1090.103(d). 10 12 U.S.C. 5514(b)(2). The CFPB notes that its prioritization process is not the subject of this rulemaking. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 takes into account, among other factors, the size of each entity, the volume of its transactions involving consumer financial products or services, the size and risk presented by the market in which it is a participant, the extent of relevant State oversight, and any field and market information that the CFPB has on the entity. Specifically, as the CFPB Supervision and Examination Manual explains in greater detail, the CFPB evaluates risks to consumers at market-wide and the institution product line levels. At the market-wide level, the CFPB considers and compares risks to consumers across different types of products (e.g., mortgage loans or debt collectors) along with the relative product market size in the overall consumer finance marketplace. At the institution product line level, the CFPB evaluates and compares risks across entities that, regardless of status as a nonbank or an insured depository institution or credit union, offer the same or similar products (e.g., providers of mortgage loans). When evaluating risks across entities in an institution product line, the CFPB considers which entities have business models and market shares that pose greater risk of harm to consumers. The CFPB also places significant weight on ‘‘field and market intelligence,’’ which includes findings from prior examinations and other information about the strength of compliance management systems, metrics gathered from public reports, and the number and severity of consumer complaints the CFPB receives.11 Taken together, this approach of assessing risks at the market-wide level and at the institutional level allows the CFPB to focus on areas where consumers have the greatest potential to be harmed, specifically, on relatively higher-risk institution product lines within relatively higher-risk markets. Finally, as described in CFPA section 1024(b)(3), the CFPB also coordinates its supervisory activities at nonbank covered persons with the supervisory activities conducted by Federal prudential regulators and State regulatory authorities.12 11 See id. For further description of the CFPB’s supervisory prioritization process, see CFPB Supervision and Examination Manual (updated Sept. 2023), part I.A (pages 11–12 of Overview section), https://files.consumerfinance.gov/f/ documents/cfpb_supervision-and-examinationmanual_2023-09.pdf (last visited Nov. 10, 2024). 12 12 U.S.C. 5514(b)(3). The Final Rule further describes this coordination in response to general comments about existing oversight of the market below. As discussed there, the CFPB also coordinates its supervisory activity with the Federal Trade Commission. The CFPB notes that its VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 The specifics of how an examination takes place vary by market and entity. However, the examination process generally proceeds as follows.13 CFPB examiners contact the entity for an initial conference with management and often request records and other information. CFPB examiners may review the components of the supervised entity’s compliance management system. Based on these discussions and a preliminary review of the information received, examiners determine the scope of an on-site or remote examination and coordinate with the entity to initiate this portion of the examination. While on-site or working remotely, examiners discuss with management the entity’s compliance policies, processes, and procedures; review documents and records; test transactions and accounts for compliance; and evaluate the entity’s compliance management system. At the conclusion of that stage of an examination, examiners may review preliminary examination findings at a closing meeting. After the closing meeting, if examiners have identified potential violations of Federal consumer financial law, they also may provide the entity an opportunity to respond in writing to those potential findings.14 Finally, examinations may involve issuing confidential examination reports, supervisory letters, and compliance ratings. In addition to the process described above, the CFPB also may conduct other supervisory activities, such as periodic monitoring.15 II. Background On November 17, 2023, the CFPB published a notice of proposed rulemaking to define larger participants of a market for general-use digital consumer payment applications (Proposed Rule).16 As described in part V below, the Proposed Rule would have defined a larger participant as any nonbank covered person that, in the previous calendar year, both facilitated at least five million consumer payment coordination process is not the subject of this rulemaking. 13 For further description of the CFPB’s examination process, see CFPB Supervision and Examination Manual, part I.A. 14 See, e.g., CFPB, Supervisory Highlights Issue 8, Summer 2015, sec. 3.1.3 (describing supervision process of sending a Potential Action and Request for Response (PARR) letter to a supervised entity), https://files.consumerfinance.gov/f/201506_cfpb_ supervisory-highlights.pdf (last visited Nov. 5, 2024). 15 CFPB Supervision and Examination Manual, part I.A (page 12 of Overview section describing supervisory monitoring). 16 88 FR 80197 (Nov. 17, 2023). PO 00000 Frm 00003 Fmt 4701 Sfmt 4700 99583 transactions by providing general-use digital consumer payment applications and was not a small business concern as defined in the Proposed Rule. The CFPB requested comment on the Proposed Rule. The CFPB received 59 comments from consumer advocate organizations (consumer groups), nonprofits, companies, industry associations, State attorneys general, Members of Congress, and other individuals. The comments are discussed in more detail below. III. Summary of the Final Rule The CFPB is authorized to issue rules to define larger participants in markets for consumer financial products or services. Subpart A of the CFPB’s existing larger-participant regulation, 12 CFR part 1090, prescribed procedures, definitions, standards, and protocols that apply to the CFPB’s supervision of larger participants.17 Those generallyapplicable provisions will apply to the CFPB’s supervision of larger participants in the general-use digital consumer payment application market described by the Final Rule. The definitions in § 1090.101 should be used to interpret terms in the Final Rule unless otherwise specified. The CFPB includes relevant market descriptions and associated largerparticipant tests, as it develops them, in subpart B.18 Accordingly, the Final Rule defining larger participants of a market for general-use digital consumer payment applications is codified in § 1090.109 in subpart B. The CFPB is finalizing the Proposed Rule largely as proposed, with certain changes described below, including changes to increase the transaction threshold that the CFPB will use as part of the test to assess when a nonbank covered person is a larger participant of a market for general-use digital consumer payment applications. The Final Rule defines larger participants of a market for general-use digital consumer payment applications. That market encompasses specific activities. The market definition generally includes nonbank covered persons that provide funds transfer or payment wallet functionalities through a digital payment application for consumers’ general use in making consumer payments transactions as defined in the Final Rule. The Final Rule defines ‘‘consumer payment transactions’’ to include payments to 17 12 CFR 1090.100 through 103. CFR 1090.104 (consumer reporting market); 12 CFR 1090.105 (consumer debt collection market); 12 CFR 1090.106 (student loan servicing market); 12 CFR 1090.107 (international money transfer market); 12 CFR 1090.108 (automobile financing market). 18 12 E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 99584 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations other persons for personal, household, or family purposes, excluding certain transactions as described in more detail in the section-by-section analysis in part V below. The Final Rule also identifies a limited set of digital payment applications that do not fall within the proposed market definition because they do not have general use for purposes of the Final Rule. The Final Rule sets forth a test to determine whether a nonbank covered person is a larger participant of the general-use digital consumer payment applications market. As further explained below, a nonbank covered person is a larger participant if it satisfies two criteria. First, the nonbank covered person (together with its affiliated companies) must provide general-use digital consumer payment applications with an annual volume of at least 50 million consumer payment transactions denominated in U.S. dollars. Second, the nonbank covered person must not be a small business concern based on the applicable Small Business Administration (SBA) size standard. As prescribed by subpart A of the CFPB’s general larger participant regulation, any nonbank covered person that qualifies as a larger participant would remain a larger participant until two years from the first day of the tax year in which the person last met the larger-participant test.19 As noted above, § 1090.103(d) of the CFPB’s existing larger participant regulation provides that the CFPB may require submission of certain records, documents, and other information for purposes of assessing whether a person is a larger participant of a market as defined by a CFPB larger participant rule.20 As with the CFPB’s other larger participant rules codified in subpart B, this authority will be available to facilitate the CFPB’s identification of larger participants of the general-use digital consumer payment applications market. In addition, pursuant to existing § 1090.103(a), a person will be able to dispute whether it qualifies as a larger participant in the general-use digital payment applications market. The CFPB will notify an entity when the CFPB intends to undertake supervisory activity; if the entity claims not to be a larger participant, it will then have an opportunity to submit documentary evidence and written arguments in support of its claim.21 19 12 CFR 1090.102. CFR 1090.103(d). 21 12 CFR 1090.103(a). 20 12 VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 IV. Legal Authority and Procedural Matters V. Section-by-Section Analysis A. Rulemaking Authority The CFPB is issuing the Final Rule pursuant to its authority under the CFPA, as follows: (1) sections 1024(a)(1)(B) and (a)(2), which authorize the CFPB to supervise nonbanks that are larger participants of markets for consumers financial products or services, as the CFPB defines by rule; 22 (2) section 1024(b)(7), which, among other things, authorizes the CFPB to prescribe rules to facilitate the supervision of covered persons under section 1024; 23 and (3) section 1022(b)(1), which grants the CFPB the authority to prescribe rules as may be necessary or appropriate to enable the CFPB to administer and carry out the purposes and objectives of Federal consumer financial law, and to prevent evasions of such law.24 Subpart B—Markets B. Consultation With Other Agencies In developing the Final Rule and the Proposed Rule, the CFPB consulted with the Federal Trade Commission (FTC), as well as with the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission (CFTC), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network, the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC), on, among other things, consistency with any prudential, market, or systemic objectives administered by such agencies.25 22 12 U.S.C. 5514(a)(1)(B), (a)(2). U.S.C. 5514(b)(7). 24 12 U.S.C. 5512(b)(1). 25 Specifically, 12 U.S.C. 5514(a)(2) directs that the CFPB consult with the FTC prior to issuing a final rule to define larger participants of a market pursuant to CFPA section 1024(a)(1)(B). In addition, 12 U.S.C. 5512(b)(2)(B) directs the CFPB to consult, before and during the rulemaking, with appropriate prudential regulators or other Federal agencies, regarding consistency with objectives those agencies administer. The manner and extent to which provisions of 12 U.S.C. 5512(b)(2) apply to a rulemaking of this kind that does not establish standards of conduct are unclear. Nevertheless, to inform this rulemaking more fully, the CFPB performed the consultations described in that provision of the CFPA. Some commenters questioned whether the CFPB met its consultation obligations based on the statement in the proposal that it ‘‘consulted with or provided an opportunity for consultation and input to’’ the FTC and certain other agencies. 88 FR 80197 at 80199. The CFPB clarifies that it did meet during the rulemaking process with the FTC and other agencies listed above to consult about the rule. Some commenters also suggested that the CFPB is specifically required to consult with the FTC’s Bureau of Competition, in line with those commenters’ view that the CFPB must apply 23 12 PO 00000 Frm 00004 Fmt 4701 Sfmt 4700 Part 1090 Section 1090.109 General-Use Digital Consumer Payment Applications Market Proposed Rule As described further below, the CFPB proposed to establish CFPB authority to supervise nonbank covered persons that are larger participants in this market because: (1) the market has grown dramatically and become increasingly important to the everyday financial lives of consumers; (2) CFPB supervisory authority over its larger participants would help the CFPB to promote compliance with Federal consumer financial law; (3) that authority would help the CPFB to detect and assess risks to consumers and the market, including emerging risks; and (4) that authority would help the CFPB to ensure consistent enforcement of Federal consumer financial law between nonbanks and insured banks and credit unions. To accomplish these goals, the Proposed Rule would have added to existing subpart B of part 1090 of the CFPB’s rules a new § 1090.109 establishing CFPB supervisory authority over nonbank covered persons who are larger participants in a market for general-use digital consumer payment applications.26 As the Proposed Rule explained, many nonbanks provide consumer financial products and services that allow consumers to use digital applications accessible through personal computing devices, such as mobile phones, tablets, smart watches, or computers, to transfer funds to other persons. Some nonbanks also provide consumer financial products and services that allow consumers to use digital applications on their personal computing devices to store payment credentials they can then use to purchase goods or services at a variety of stores, whether by communicating with a checkout register or a selfantitrust principles when defining a market for a larger participant rule. However, the relevant statutory provision, 12 U.S.C. 5514(a)(2), by its terms requires the CFPB to consult with the FTC, and not with specific divisions of the FTC. The CFPB addresses comments regarding the applicability of antitrust principles in discussion of general comments in part V further below. 26 As explained in the Proposed Rule and discussed further below, the general-use digital payment applications described in this Final Rule are ‘‘financial products or services’’ under the CFPA. 12 U.S.C. 5481(15)(A)(iv), (vii). Nonbanks that offer or provide such financial products or services to consumers primarily for personal, family, or household purposes are ‘‘covered persons’’ under the CFPA. 12 U.S.C. 5481(5)(A), (6). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 checkout machine, or by selecting the payment credential through a checkout process at ecommerce websites. Subject to the definitions, exclusions, limitations, and clarifications discussed in the Proposed Rule, the proposed market definition generally would have covered these consumer financial products and services. The Proposed Rule explained that the CFPB proposed to establish supervisory authority over nonbank covered persons who are larger participants in this market because this market has large and increasing significance to the everyday financial lives of consumers.27 Consumers are growing increasingly reliant on general-use digital consumer payment applications to initiate payments.28 Recent market research 27 The Proposed Rule explained that, in proposing a larger participant rule for this market, the CFPB was not proposing to determine the relative risk posed by this market as compared to other markets. It noted that, as explained in its previous larger participant rulemakings, ‘‘[t]he Bureau need not conclude before issuing a [larger participant rule] that the market identified in the rule has a higher rate of non-compliance, poses a greater risk to consumers, or is in some other sense more important to supervise than other markets.’’ 88 FR 80197 at 80200 (citing Consumer Debt Collection Larger Participant Rule, 77 FR 65775 at 65779). 28 See CFPB, Issue Spotlight: Analysis of Deposit Insurance Coverage Through Payment Apps (June 1, 2023) (CFPB Deposit Insurance Spotlight), https:// www.consumerfinance.gov/data-research/researchreports/issue-spotlight-analysis-of-depositinsurance-coverage-on-funds-stored-throughpayment-apps/full-report/ (last visited Oct. 23, 2023); see also McKinsey & Company, Consumer digital payments: Already mainstream, increasingly embedded, still evolving (Oct. 20, 2023) (describing results of consulting firm’s annual survey reporting that for the first time, more than 90 percent of U.S. consumers surveyed in August 2023 reported using some form of digital payment over the course of a year), https://www.mckinsey.com/industries/ financial-services/our-insights/banking-matters/ consumer-digital-payments-already-mainstreamincreasingly-embedded-still-evolving (last visited Oct. 30, 2023); J.D. Power, Banking and Payments Intelligence Report (Jan. 2023) (reporting results of a survey of Americans that found that from the first quarter of 2021 to the third quarter of 2022, the number of respondents who had used a mobile wallet in the past three months rose from 38 percent to 49 percent), https://www.jdpower.com/business/ resources/mobile-wallets-gain-popularity-growingnumber-americans-still-prefer-convenience (last visited Oct. 23, 2023); PULSE, PULSE Study Finds Debit Issuers Focused on Digital Payments, Mobile Self-Service, Fraud Mitigation (Aug. 17, 2023) (reporting that nearly 80 percent of debit card issuers reported increases in consumers’ use of mobile wallets in 2022), https:// www.pulsenetwork.com/public/insights-and-news/ news-release-2023-debit-issuer-study/ (last visited Oct. 30, 2023); FIS, The Global Payments Report (2023) (FIS 2023 Global Payments Report) at 175 (industry study reporting that in 2022 digital wallets became the leading payment preference of U.S. consumers shopping online), https:// www.fisglobal.com/-/media/fisglobal/files/ campaigns/global-payments%20report/FIS_ TheGlobalPaymentsReport_2023.pdf (last visited Nov. 5, 2024); Digital Payment Industry in 2023: Payment methods, trends, and tech processing payments electronically, eMarketer (formerly known VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 indicates that 76 percent of Americans have used at least one of four wellknown P2P payment apps, representing substantial growth since the first of the four was established in 1998.29 Even among consumers with annual incomes lower than $30,000 who have more limited access to digital technology,30 61 percent reported using P2P payment apps.31 And higher rates of use by U.S. adults in lower age brackets may drive further growth well into the future.32 as Insider Intelligence) (Jan. 9, 2023) (projecting 2023 transaction volume by U.S. P2P mobile payment app providers to reach over $1.1 trillion), https://www.emarketer.com/insights/digitalpayment-services/ (last visited Nov. 5, 2024); Consumer Reports Survey Group, Peer-to-Peer Payment Services (Jan. 10, 2023) (Consumer Reports P2P Survey) at 1 (reporting results from a survey finding that four in ten Americans use P2P services at least once a month), https://advocacy.consumer reports.org/wp-content/uploads/2023/01/P2PReport-4-Surveys-2022.pdf (last visited Oct. 23, 2023); Kevin Foster, Claire Greene, and Joanna Stavins, 2022 Survey and Diary of Consumer Payment Choice: Summary Results (Sept. 17, 2022) at 8 (reporting results of survey conducted by Federal Reserve System staff finding that, as of 2022, two thirds of consumers reported adopting one or more online payment accounts in the previous 12 months—a share that was nearly 20 percent higher than five years earlier), https:// www.atlantafed.org/-/media/documents/banking/ consumer-payments/survey-diary-consumerpayment-choice/2022/sdcpc_2022_report.pdf (last visited Oct. 30, 2023); FDIC, FDIC National Survey of Unbanked and Underbanked Households (2021) at 33 (Table 6.4 reporting finding that nearly half of all households (46.4 percent) used a nonbank app in 2021), https://www.fdic.gov/analysis/householdsurvey/2021report.pdf (last visited Oct. 23, 2023). 29 See, e.g., Monica Anderson, Pew Research Center, Payment apps like Venmo and Cash App bring convenience—and security concerns—to some users (Sept. 8, 2022) (Pew 2022 Payment App Article), https://www.pewresearch.org/short-reads/ 2022/09/08/payment-apps-like-venmo-and-cashapp-bring-convenience-and-security-concerns-tosome-users/ (last visited Oct. 23, 2023). 30 Emily A. Vogels, Pew Research Center, Digital divide persists even as Americans with lower incomes make gains in tech adoption (June 22, 2021) (reporting results of early 2021 survey by Pew Research Center, finding 76 percent of adults with annual household incomes less than $30,000 have a smartphone and 59 percent have a desktop or laptop computer, compared with 87 percent and 84 percent respectively of adults with household incomes between $30,000 and $99,999, and 97 percent and 92 percent respectively of adults with household incomes of $100,000 or more), https:// www.pewresearch.org/short-reads/2021/06/22/ digital-divide-persists-even-as-americans-withlower-incomes-make-gains-in-tech-adoption/ (last visited Oct. 23, 2023). 31 Consumer Reports P2P Survey at 2 (55 percent reported ongoing use and six percent stated they used to use this kind of service). 32 See id. (85 percent of surveyed consumers aged 18 to 29 and 85 percent of surveyed consumers aged 30 to 44 reported using a digital payment application, compared with 67 percent of consumers aged 45 to 59 and 46 percent of consumers aged 60 and over); see also ArianaMichele Moore, The U.S. P2P Payments Market: Surprising Data Reveals Banks are Missing the Mark (AiteNovarica 2023 Impact Report) at 6, 24 (Figure 13 reporting 94 percent and 86 percent adoption of P2P accounts and digital wallets among the youngest adult cohort born between 1996 and 2002, PO 00000 Frm 00005 Fmt 4701 Sfmt 4700 99585 Across the United States, merchant acceptance of general-use digital consumer payment applications also has rapidly expanded as businesses seek to make it as easy as possible for consumers to make purchases through whatever is their preferred payment method.33 The Proposed Rule described how consumers rely on general-use digital consumer payment applications for many aspects of their everyday lives. In general, consumers make payments to other individuals for a variety of reasons, including sending gifts or making informal loans to friends and family and purchasing goods and services, among many others.34 Consumers can use digital applications to make payments to individuals for these purposes, as well as to make payments to businesses, charities, and other organizations. According to one recent market report, nonbank digital payment apps have rapidly grown in the past few years to become the most popular way to send money to other individuals other than cash,35 and are compared with 57 percent and 40 percent among the oldest cohort born before 1995), https://aitenovarica.com/report/us-p2p-payments-marketsurprising-data-reveals-banks-are-missing-mark (last visited Oct. 23, 2023) and https://datosinsights.com/reports/us-p2p-payments-marketsurprising-data-reveals-banks-are-missing-mark/ (last visited Nov. 5, 2024). 33 See Geoff Williams, Retailers are embracing alternative payment methods, though cards are still king (Dec. 1, 2022) (National Retail Federation article citing its 2022 report describing a Forrester survey indicating that 80 percent of merchants accept Apple Pay or plan to do so in the next 18 months, 65 percent of merchants accept Google Pay or plan to do so in the next 18 months, and, online, 74 percent accept PayPal or plan to do so), https:// nrf.com/blog/retailers-are-embracing-alternativepayment-methods-though-cards-are-still-king (last visited Oct. 23, 2023); see also The Strawhecker Group (TSG), Merchants respond to Consumer Demand by Offering P2P Payments (June 8, 2022) (TSG: Merchants Offering P2P Payments) (reporting results of TSG and Electronic Transactions Association survey of over 500 small businesses merchants finding that 82 percent accept payment through at least one digital P2P option), https:// thestrawgroup.com/merchants-respond-toconsumer-demand-by-offering-p2p-payments/ (last visited Oct. 23, 2023). 34 AiteNovarica 2023 Impact Report at 8–9 (Figure 1 reporting 66 percent of 5,895 consumers surveyed reported making at least one domestic P2P payment in 2022 whether via digital means or not, and Figure 2 reporting that, of consumers who made P2P payments in 2022, among other purposes, 70 percent did so for birthday gifts, 64 percent for holiday gifts, 49 percent for other gift occasions, 46 percent to lend money, 41 percent to make a charitable contribution, 39 percent paid for services, 39 percent purchased items, 31 percent provided funds in an emergency situation, and 18 percent provided financial support). 35 Id. at 25 (Figure 14 reporting that, among other payment methods or sources, 74 percent of consumers made P2P payments in cash, 69 percent used alternative digital P2P payment services, defined as services offered by nonbank providers E:\FR\FM\10DER2.SGM Continued 10DER2 99586 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 used for a higher number of such transactions than cash.36 For many consumers, general-use digital consumer payment applications offer an alternative, technological replacement for non-digital payment methods.37 Consumers increasingly have adopted general-use digital consumer payment applications 38 as part of a broader movement toward noncash payments.39 Amid growing merchant acceptance of general-use digital consumer payment applications, consumers with middle and lower incomes use digital consumer payment applications for a share of their overall retail spending that rivals or exceeds their use of cash.40 Such applications now have a share of ecommerce payments volume that is similar to or greater than other traditional payment methods such as credit cards and debit cards used outside of such applications.41 Such applications also have been gaining an increasing share of in-person retail spending.42 via mobile app, web service, or digital wallet, and 27 percent used Zelle through a bank’s mobile application). 36 Id. at 27–28 (Figure 15 reporting that, compared with 20 percent of P2P transactions made in cash, 37 percent of P2P transactions made through alternative P2P payment services). 37 See Marqueta, 2022 State of Consumer Money Movement Report (May 26, 2022) at 1 (summary of report describing results of industry survey finding that 56 percent of US consumers felt comfortable leaving their non-digital wallet at home and taking their phone with them to make payments), https:// www.marqeta.com/resources/2022-state-ofconsumer-money-movement (last visited Oct. 23, 2023). 38 AiteNovarica 2023 Impact Report at 24 (Figure 13 reporting 81 percent of U.S. adults surveyed held one or more P2P accounts and 69 percent had one or more digital wallets). 39 The Federal Reserve Payments Study: 2022 Triennial Initial Data Release (indicating a rapid increase in core non-cash payments between 2018 and 2021 and a rapid decline in ATM cash withdrawals during the same period), https:// www.federalreserve.gov/paymentsystems/frpayments-study.htm (last visited Nov. 19, 2024). 40 PYMNTS, Digital Economy Payments: The Ascent of Digital Wallets (Feb. 2023) at 16–17 (December 2022 survey finding 6.1 percent of overall consumer spending by consumers with lower incomes made using digital consumer payment applications, compared with 9.9 percent of consumer spending by consumers with middlelevel incomes), https://www.pymnts.com/study/ digital-economy-payments-ecommerce-shoppingretail-consumer-spending/ (last visited Oct. 23, 2023). 41 See FIS 2023 Global Payments Report at 176 (reporting 32 percent share of ecommerce transactions, by value, made using a digital wallet, compared with 30 percent by credit card and 20 percent by debit card). 42 See, e.g., 2023 Pulse Debit Issuer Study (Aug. 17, 2023) at 11 (reporting that mobile wallet use at point of sale nearly doubled in 2022, representing nearly 10 percent of total debit card purchase transactions in 2022), https:// content.pulsenetwork.com/2023-debit-issuer-study/ 2023-pulse-debit-issuer-study-white-paper (last visited Nov. 5, 2024); Digital Economy Payments: VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 The Proposed Rule would have brought nonbanks that qualified as larger participants in a market for general-use digital consumer payment applications under the CFPB’s supervisory jurisdiction.43 The Proposed Rule explained that supervision of larger participants, who engage in a substantial portion of the overall activity in this market, would help to ensure that they are complying with applicable requirements of Federal consumer financial law, such as the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and its implementing Regulation P,44 and the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E.45 The Proposed Rule also explained that, as firms increasingly offer funds transfer and wallet functionalities through general-use digital consumer payment applications, the rule would enable the CFPB to detect and assess new risks to both consumers and the market.46 As stated in the Proposed Rule, the CFPB’s ability to detect and assess emerging risks is critical as new product offerings blur the traditional lines of banking and commerce.47 The Proposed Rule explained that the CFPB regularly supervises depository institutions that provide general-use digital consumer payment applications.48 As the Proposed Rule The Ascent of Digital Wallets at 12 (December 2022 survey finding 7.5 percent of in-person consumer purchase volume made with a digital consumer payment application). See also CFPB Issue Spotlight, Big Tech’s Role in Contactless Payments: Analysis of Mobile Devices Operating Systems and Tap-to-Pay Practices (Sept. 7, 2023) (CFPB Contactless Payments Spotlight) (describing market report by Juniper Research forecasting that the value of digital wallet tap-to-pay transactions will grow by over 150 percent by 2028), https:// www.consumerfinance.gov/data-research/researchreports/big-techs-role-in-contactless-paymentsanalysis-of-mobile-device-operating-systems-andtap-to-pay-practices/full-report/ (last visited Oct. 23, 2023). 43 12 U.S.C. 5514(a)(1)(B). 44 See generally 12 CFR part 1016—Privacy of Consumer Financial Information (CFPB’s Regulation P implementing 15 U.S.C. 6804). 45 15 U.S.C. 1693 et seq., implemented by Regulation E, 12 CFR part 1005. See, e.g., 12 CFR 1005.11 (Procedures for financial institutions to resolve errors). 46 88 FR 80197 at 80201 & n.43 (citing CFPB, The Convergence of Payments and Commerce: Implications for Consumers (Aug. 2022) (CFPB Report on Convergence of Payments and Commerce) at sec. 4.1 (highlighting the potential that consumer financial data and behavioral data are used together in increasingly novel ways), https://files.consumerfinance.gov/f/documents/ cfpb_convergence-payments-commerceimplications-consumers_report_2022-08.pdf (last visited Oct. 27, 2023)). 47 See generally id. 48 For example, as the Proposed Rule noted, some depository institutions and credit unions provide PO 00000 Frm 00006 Fmt 4701 Sfmt 4700 noted, greater supervision of nonbanks in this market therefore would further the CFPB’s statutory objective of ensuring that Federal consumer financial law is enforced consistently between nonbanks and depository institutions in order to promote fair competition.49 The Proposed Rule also recognized that States have been active in regulation of money transmission by money services businesses and that many States actively examine money transmitters.50 The Proposed Rule stated that the CFPB would coordinate with appropriate State regulatory authorities in examining larger participants. General Comments Received 51 In this part of the section-by-section analysis, the Final Rule summarizes and responds to comments about general aspects of the proposal, including the rulemaking process, the CFPB’s general reasons for issuing the proposal, and certain other general topics. Comments on Rulemaking Process Some comments addressed the rulemaking process. First, some commenters suggested that the CFPB should not have issued, and should not finalize, the Proposed Rule during the general bill-payment services and other types of electronic fund transfers through digital applications for consumer deposit accounts. Id. at n.45. 49 12 U.S.C. 5511(b)(4). 50 88 FR 80197 at 80198 n.12, 80214 n.108 (citing CSBS, Reengineering Nonbank Supervision, Ch. 4: Overview of Money Services Businesses (Oct. 2019) (CSBS Reengineering Nonbank Supervision MSB Chapter), https://www.csbs.org/sites/default/files/ other-files/Chapter%204%20%20MSB%20Final%20FINAL_updated_0.pdf (last visited Nov. 5, 2024)). 51 Some commenters provided additional recommendations that are outside the scope of this rulemaking, such as increasing education of consumers who use general-use digital consumer payment applications, promulgating new consumer protections for these consumers, or imposing information collection requirements such as collecting the legal entity identifier (LEI) of larger participants. The Final Rule does not address these comments, which are outside the scope of a rulemaking under CFPA section 1024(a)(1)(B) to define and establish supervisory authority over larger participants in a market for consumer financial products and services. In addition, a consumer group suggested that the CFPB the CFPB expressly clarify that meeting the definition of a larger participant does not automatically cause application of exclusions in State privacy laws for GLBA compliance and that the CFPB coordinate with States to avoid risk of preempting State privacy laws when the CFPB supervises for compliance with the GLBA and its implementing Regulation P. This rulemaking does not establish or interpret substantive consumer protection requirements and thus does not interpret Regulation P (including its provision describing its relationship with State laws in 12 CFR 1016.17); it also does not itself govern State coordination, which occurs separately when the CFPB carries out nonbank supervision. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations pendency of a Supreme Court case concerning the constitutionality of the CFPB’s funding structure under the Appropriations Clause.52 Second, some industry commenters, a nonprofit commenter, an individual commenter, and some Members of Congress asked the CFPB to extend the comment period, such as by an additional 30 or 45 days. These commenters cited various reasons for their request, including the number of holidays during the comment period, the complexity of the proposed market including coverage of digital assets, the complexity of the proposed largerparticipant test that included multiple steps, a need for more specifics regarding which products and services were encompassed in the market and the risks the CPFB believed they pose that justify the need for the Proposed Rule, and overlap between the comment period for the Proposed Rule, the comment period for the CFPB’s proposal regarding personal financial data rights, and the CFPB’s new market-monitoring orders covering some of the same entities. One industry commenter added that the decision not to extend the comment period formed part of the basis for their view that the CFPB should withdraw the Proposed Rule. Comments on the Large and Growing Market khammond on DSK9W7S144PROD with RULES2 Commenters agreed that the market for general-use digital consumer payment applications has grown substantially in recent years. For example, consumer groups, several nonprofits, a payment network, an industry association, two banking industry associations, and a credit union association agreed (and an industry provider acknowledged 53) that there has been rapid growth and widespread consumer adoption of general-use digital consumer payment applications. In support of their view, these commenters cited data in the Proposed Rule as well as other public information. An industry association stated that digital consumer payment applications have helped millions of U.S. consumers to send money to friends and family and make retail payments more efficient. A group of State attorneys general noted that a significant portion of consumers with 52 See CFPB v. Cmty. Fin. Servs. Ass’n of Am., Ltd., 601 U.S. 416 (2024) (U.S. argued Oct. 3, 2023). 53 As discussed further below, this commenter stated that growth alone was insufficient to justify the Proposed Rule, and that the CFPB must make certain specific findings regarding market risk. The Final Rule responds to those comments further below in the discussion of general comments about the relevance of risks to consumers to the rulemaking. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 lower incomes frequently rely upon general-use digital consumer payment applications. Two nonprofit commenters also agreed that adoption by younger individuals may drive further growth.54 An industry association observed that the proposed market has experienced rapid increases in consumer adoption that likely will continue. As a consequence, this commenter described this market as still in what industry lifecycle literature describes as a stage of market growth as opposed to market maturity. Several of these commenters stated that these general-use digital consumer payment applications increasingly are accepted by retailers and embedded into in-person and online commerce, which is itself growing. They pointed to this as one trend driving existing growth and future growth in the market. A comment from several consumer groups stated that as merchants seek to avoid interchange fees, they will increasingly rely upon digital payment applications as a payment method at the point of sale. A banking association and consumer group stated that they also expected the lines between banking, commerce, and technology to further converge and blur.55 A comment from several consumer groups stated that nonbank providers of consumer financial products and services have greater latitude under U.S. law to integrate those products into commercial platforms, and that large technology firms’ business models depend on data collection.56 54 While not disputing the rapid growth in the market, some other industry commenters suggested that the broader consumer payments sector should be considered, including when defining the market and setting the threshold for the larger-participant test, as discussed in the section-by-section analysis of those provisions further below. 55 One of these commenters pointed to an industry white paper describing a trend in the market toward ‘‘embedding financial services into nonfinancial apps and other digital experiences.’’ Google LLC White Paper, Embedded finance: The new gold rush in financial services (2021) (Google LLC Embedded Finance White Paper) at 4 (‘‘These embedded experiences will soon permeate all aspects of our lives that involve money—and they’ll feel so frictionless that users won’t be aware of the underlying work financial institutions are doing to support these transactions.’’), at 6 (‘‘Embedded finance means, simply, embedding your financial services in the non-financial products, services or technologies consumers already use and love. Since they spend much of their time in non-financial applications in their everyday lives—but only a fractional amount of time in financial applications—the growth opportunity for financial services companies is considerable.’’), https:// cloud.google.com/resources/financial-servicesembedded-finance-whitepaper (last visited Nov. 5, 2024). 56 One consumer group commenter added that in its view, Big Tech firms have a business model that seeks to maximize data collection based on different goals from publicly-chartered and regulated financial institutions. PO 00000 Frm 00007 Fmt 4701 Sfmt 4700 99587 Another nonprofit commenter suggested in general terms that CFPB supervision of larger participants in the general-use digital consumer payment applications market could help the CFPB to detect and assess risks to the U.S. financial system. It stated that the market may present such risk, given how general-use digital consumer payment applications facilitate a high volume of transactions, including flows of funds through stored value accounts that are not FDIC-insured. However, some industry and nonprofit commenters stated that the rapid growth in the market and widespread consumer adoption merely indicates that the market is successful and popular among consumers. In their view, as discussed further below, the fact that the market is large and growing market is not an adequate basis for subjecting its larger participants to supervision, absent findings of risks to consumers or markets or market failures.57 Comments on Promoting Compliance With Federal Consumer Financial Law The Proposed Rule stated that CFPB supervision of larger participants would promote compliance with applicable requirements of Federal consumer financial law. A group of State attorneys general, consumer groups, some nonprofit and individual commenters, a banking association, and a comment from a payment network and an industry association generally agreed that the proposal would serve this purpose, as described below. However, as described further below, some industry and nonprofit and other commenters disagreed or stated that the proposal did not provide sufficient support for the claim that it would serve this purpose.58 Several commenters expressed concern that larger participants may be violating or inadequately incentivized to comply with one or more of the Federal consumer financial laws cited in the Proposed Rule. A joint comment from consumer groups stated that consumers are exposed to unfair, deceptive and abusive practices in the payments area, and stated that oversight of this market is needed to ensure market participants comply with the prohibition against 57 The Final Rule further summarizes and responds to those comments in the discussion below of general comments on detecting and assessing risks (including emerging risks) to consumers and markets. 58 Some commenters also suggested that existing State and Federal oversight of some market activities, including for compliance with Federal consumer financial law, was adequate. The Final Rule separately addresses comments on those general topics further below. E:\FR\FM\10DER2.SGM 10DER2 99588 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 unfair, deceptive, and abusive acts and practices.59 This comment assessed the risk of abusive practices as high due to what the comment described as lack of competition and consumer choice with respect to the larger participants defined in the Proposed Rule. A comment from a group of State attorneys general stated that the Proposed Rule, coupled with existing State consumer protection statutes, would allow the Federal and State governments to work together to prevent and abate unfair, deceptive, and abusive acts and practices in the market. A consumer group and a nonprofit commenter stated that the Proposed Rule would be especially useful in promoting compliance with the prohibition against unfair, deceptive, and abusive acts and practices by companies that provide financial services to incarcerated and recently incarcerated persons. And a consumer group and nonprofit commenter stated that it was common sense that unfair, deceptive, and abusive acts and practices protections be applied to new entrants and technologies like those described in the Proposed Rule. As an example of how supervision of larger participants would promote compliance, a banking association noted that the CFPB’s publication Supervisory Highlights 60 communicates CFPB expectations of compliance to the overall market and encouraged its use in this market, and stated that the proposal should enable the CFPB to publish Supervisory Highlights identifying problematic conduct in this market. A comment from several consumer groups pointed to findings in Supervisory Highlights related to violations of Regulation E and other provisions of Federal consumer financial law violations at banks. The comment stated that the CFPB also should supervise larger nonbank companies handling consumer payments, including payment apps, because such violations at 59 See 12 U.S.C. 5531, 5536 (prohibiting unfair, deceptive, and abusive acts and practices in connection with the offering or provision of consumer financial products and services). 60 The CFPB periodically publishes Supervisory Highlights to share key examination findings in order to help industry limit risks to consumers and comply with Federal consumer financial law. Each Supervisory Highlights publication shares recent examination findings, including information about recent enforcement actions that resulted, at least in part, from the CFPB’s supervisory activities. These reports also communicate operational changes to the CFPB’s supervision program and provide a convenient and easily-accessible resource for information on the CFPB’s recent guidance documents. Supervisory Highlights does not refer to any specific institution in order to maintain the confidentiality of supervised entities. See https:// www.consumerfinance.gov/compliance/ supervisory-highlights/ (last visited Nov. 5, 2024). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 nonbanks are just as likely if not more so. Regarding EFTA and Regulation E, a comment from consumer groups stated that oversight is needed to ensure payment app and digital wallet providers comply with the EFTA’s consumer protections for electronic fund transfers, highlighted payment fraud as a significant risk, and stated that violations of the EFTA related to digital payments are extremely common, even among banks that are closely supervised by regulators. The commenter cited to several findings of EFTA violations from CFPB examinations in this area that the CFPB has published in Supervisory Highlights. A credit union association commenter stated that nonbanks that offer consumer payment services have error resolution responsibilities under Regulation E which the CFPB cannot effectively assess without exercising supervisory authority. Commenters also addressed risks posed to consumers associated with potential violations of the GLBA and Regulation P.61 A comment from a group of State attorneys general supported the Proposed Rule in part because it would allow the CFPB to examine digital payment applications for compliance with the privacy provisions of the GLBA. The comment stated the Proposed Rule would permit the CFPB to address the critical data privacy issues posed by digital payment applications by allowing the CFPB to assess how applications are storing, using, and sharing their collections of sensitive consumer data as well as changes to larger participants’ privacy policies. A consumer group commenter stated that its review had identified multiple risks associated with peer-topeer payment application companies. The commenter stated that more than 25,000 consumers had signed a petition urging the CFPB to take action with respect to various risks posed by payments applications, including risks associated with fraud and collection and storage of consumer information.62 Other commenters such as a company, nonprofits, and an industry association stated that the Proposed Rule did not adequately assess the degree of existing compliance or 61 Title V, subtitle A of the GLBA and its implementing regulation, Regulation P, govern the treatment of nonpublic personal information about consumers by financial institutions. 62 Similarly, other commenters emphasized potential risks with respect to use of consumer data and risks to consumer privacy that may be associated with payment application and digital wallet providers, including the risk of losing money through fraud or mistakes or having personal data collected and shared. PO 00000 Frm 00008 Fmt 4701 Sfmt 4700 otherwise explain how it would promote compliance. For example, one commenter criticized the statement in the proposal that CFPB supervision would incentivize compliance as circular, given what it viewed as inadequate discussion in the Proposed Rule of the level of existing noncompliance or risks of noncompliance.63 In addition, several industry comments suggested that EFTA/Regulation E, GLBA/Regulation P, or both do not apply to certain market participants, which they viewed as undermining the notion that the Proposed Rule would promote compliance with Federal consumer financial law. A company commenter added that the proposal did not explain how the prohibition against unfair, deceptive, or abusive acts or practices applied to market participants, or why supervision is the appropriate mechanism to identify and prevent any anticipated violations of Federal consumer financial law more broadly. Further, an industry commenter stated that State supervision by itself is more effective and better at enforcing the law than CFPB supervision. Comments on Detecting and Assessing Risks to Consumers and Markets, Including Emerging Risks Comments from a group of State attorneys general, a payment network, a banking association, consumer groups, and nonprofits agreed that CFPB supervision of larger participants in this market would help the CFPB to detect and assess risks to consumers and markets, including emerging risks, in this rapidly growing and evolving market. For example, an industry association generally described the potential for CFPB supervision to promote maturity in the market, which it described as immature and rapidly evolving.64 In addition, these comments pointed to several reasons why the CFPB supervision and examination process is well suited to this goal. A consumer group stated that supervisory authority is one of the most basic tools regulators have to identify new risks in the market as early as possible, before market failures with wide-ranging implications occur. Several consumer groups added that CFPB should not rely only on third-party sources of 63 Further below, the Final Rule summarizes and responds to comments more broadly addressing the general topic of risks to consumers in the market. 64 In its view, the Proposed Rule may result in development of a robust, consumer-protected market, given how previous larger participant rules had helped to ensure consumer protection remains a prominent concern among participants in those markets. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 information to assess market activity, which would lead to delayed responses to problems, compared with supervision.65 A nonprofit commenter stated that because supervision occurs outside of the adversarial legal process, it is an especially effective tool for rapidly gathering information that can prevent dubious practices before they develop. Several comments also identified various existing and emerging risks in the market that the commenters believed the CFPB would be able to effectively detect and assess though supervision, including risks with respect to consumers’ loss of funds and loss and misuse or abuse of data. The Final Rule summarizes these comments below. In addition, a group of State attorneys general stated that the rule will allow the CFPB to detect and assess risks that emerge not only from the existing products and services, but also as a result of future technological advancements in the market. With respect to the potential for consumers to lose funds or access to funds, a group of State attorneys general noted that research cited in the proposal indicated that almost a third of digital payment application users with lower incomes reported one or more problems related to funds being sent to the wrong person or not receiving funds that were sent to them.66 These commenters stated that a lack of regulatory oversight has significantly contributed to those problems. A nonprofit commenter stated that larger participants pose unique risks to consumers related to what the commenter characterized as the lack of consumer protections associated with these applications, as well as the possible systemic risks they may present to the financial markets. The commenter raised specific concerns about the risk of consumer loss of funds from uninsured entities and lack of consumer awareness of such matters. The commenter also stated that CFPB supervision of these nonbank payment applications would, among other things, help to identify and mitigate systemic financial risk and enhance consumer protection. An individual commenter stated that the market had diverse participants but that there are common areas of risk with payment apps linked 65 These commenters also stated supervision of larger participants would allow the CFPB to respond more quickly to emerging problems affecting servicemembers who are especially vulnerable to identity theft and fraud in the market. 66 Consumer Reports P2P Survey at 7 (also indicating that of all respondents who have used a P2P service, 22 percent reported one or more such problems). See also 88 FR 80197 at 80200 n.25 (proposal’s discussion of other data in this report, noted above). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 to a stored value product, including a risk of losing access to funds to pay for food or bills due to a technical glitch. Additional commenters raised various concerns about what they often described as fraud in the market and lack of related consumer protections, and a nonprofit commenter cited complaints submitted to the FTC regarding peer-to-peer payment fraud. At the same time, several industry commenters suggested that certain consumer protections such as EFTA/ Regulation E or GLBA/Regulation P do not apply to some market participants, as described further above, and that consumers often are adequately protected by other parties to the transaction such as banks and credit unions, as described in the discussion of general comments about existing oversight of the market further below. With regard to uses of consumer payments data, a banking association, a payment network, a nonprofit commenter, and several consumer groups stated that the way in which nonbanks can exploit the convergence of payments and commerce poses risk to consumers with respect to this market, such as through aggregation and monetization of consumer financial data. A group of State attorneys general added that supervision of larger participants would help the CFPB to detect and assess emerging risks in the use of consumer financial data as technology continues to evolve. And an individual commenter and several industry comments stated that consumer payments data is often used for purposes beyond initiation of the consumer payment transaction.67 Several consumer groups described the level and use of consumer data collected by large technology firms as unreasonable and potentially dangerous. Several other commenters including individuals noted that the collection of such data also raises data security risks, including what a nonprofit commenter described as novel security risks raised by digital wallets. At the same time, other comments from industry suggested that data security risks to consumers were particularly low given the security and anti-fraud enhancements from market participants’ reliance on features such as tokenization.68 And a nonprofit 67 The Final Rule discusses and responds to these comments in more detail in the section-by-section analysis of the exclusion for certain marketplace activities described further below. 68 In addition, digital assets industry comments described what they viewed as additional security that digital assets provide. As discussed in the section-by-section analysis of the larger-participant PO 00000 Frm 00009 Fmt 4701 Sfmt 4700 99589 commenter stated that government regulators generally are not effective at preventing data breaches as some of the largest have occurred at heavilyregulated institutions. Some commenters disagreed that the goal of detecting and assessing risks including emerging risks warrants the proposed expansion of CFPB’s supervisory authority in this market. For example, two nonprofit commenters stated that the rationale of detecting and assessing emerging risks was not supported by evidence, and instead only by the theoretical possibility of harm in an innovative, successfully-growing and popular market. Another nonprofit commenter stated that the proposal did not examine the nature of the emerging risks, whether by mentioning novel security risks posed by digital wallets or other harms. Another nonprofit commenter stated its belief that market participants’ responses to the CFPB’s previous market-monitoring orders generated adequate information for the CFPB to determine the level of risks posed by this emerging market.69 Two industry associations stated that they agreed in principle that regulation needed to evolve along with new technology, but they stated that the CFPB first must identify harms it perceives in the market before proposing to supervise its larger participants. Another industry association agreed, stating that the Proposed Rule merely described the possibility of ‘‘new risks’’ from ‘‘new product offerings’’ and did not state what the ‘‘new risks’’ might be. It pointed to market reports that, in its view, indicated that nonbanks’ multisided business models in the digital economy provide new benefits to consumers and promote competition.70 A nonprofit commenter characterized the proposal as referring to hypothetical risks that may occur in the future, and described this reference as a mere pretext to support an agenda to target large technology firms. An industry commenter added that the goal of detecting and assessing new and emerging risks is inadequate as a test further below, the Final Rule does not count those transactions toward the larger-participant test. 69 However, this commenter also recommended that the CFPB continue to gather information on the market before expanding its supervisory authority as proposed. 70 Separately, this commenter observed that the financial technology sector that encompasses the proposed market often uses advanced technologies including artificial intelligence, block chain technology, and data mapping to create new financial products and services that are beneficial in various ways. This commenter did not state that such products posed any risk or could pose any emerging or new risks. E:\FR\FM\10DER2.SGM 10DER2 99590 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 foundation for a larger participant rule. In its view, the CFPB can only engage in larger participant rulemakings when it identifies risks that supervision would mitigate. The commenter also asserted that, because the CFPB must consider risks to consumers in exercising its supervisory authority under section 1024(b)(2), the CFPA also requires that the CFPB establish the existence of specific risks to consumers that would be mitigated by supervision when issuing a larger participant rule under section 1024(a)(1)(B) and (2). The industry commenter also claimed that principles of administrative law likewise require the rule to target identified risks.71 More broadly, many of the industry commenters and other commenters stated that the Proposed Rule did not adequately consider whether market activity currently poses risks to consumers and if so how and to what degree. Other commenters similarly stated that the proposal failed to establish that certain provisions of Federal consumer financial law apply to market participants; that the proposal failed to identify potential violations of law or other specific harms that the Proposed Rule would seek to address, or any relevant market failures; and that the CFPB should first issue a report articulating the risks it sees in the proposed market or otherwise identify such risks prior to issuing a final rule.72 Certain commenters also stated that the CFPB should evaluate risk separately with respect to various subcomponents of the market described in the Proposed Rule, and argued for the exclusion of various market participants, as discussed in more detail in the sectionby-section analysis of the corresponding component of the market definition further below.73 Finally, a nonprofit 71 The commenter also stated in a footnote that if the rule does not need to identify meaningful risks to consumers then the CFPA would violate the nondelegation doctrine in constitutional law. The commenter did not explain the basis for that view, and the CFPB disagrees with that view. Through the CFPA, Congress has provided guidance to the CFPB on how to exercise its rulemaking authority under 12 U.S.C. 5514(a)(1)(B) and has imposed limits on that authority, including rules of construction for defining larger participants and policy considerations, which the CFPB has addressed in this Final Rule. 72 A nonprofit commenter stated that the unique data security risks that digital wallets pose should be addressed through public education rather than regulation. As noted above, consumer education is outside the scope of this rule and, for the reasons explained in the response to general comments, education is not a substitute for supervision. 73 Some commenters suggested that CFPB supervision itself would increase risk such as by reducing examinees’ resources available for fraud prevention, or exposing the supervised entity’s data to breaches. For the reasons explained in the VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 commenter stated that the CFPB should provide greater clarity to market participants as to how the CFPB would assess risk in its prioritization process in this market, including what risks it would consider. Comments on Ensuring Consistent Enforcement of Federal Consumer Financial Law Between Banks and Nonbanks Some comments addressed the Proposed Rule’s statement that the rule would further the CFPB’s statutory mandate to ensure consistent enforcement of Federal consumer financial law between nonbanks and banks and credit unions, in order to promote fair competition. Several consumer groups, banking and credit union industry associations, a payment network, some nonprofits, and an industry provider generally agreed that the Proposed Rule would have that benefit. For example, a community banking association stated that community banks have long expressed concerns that financial technology and large technology firms are offering financial products and services traditionally provided by banks, without the same level of regulatory oversight. A banking association stated that consumers are best protected when banks and nonbanks offering similar financial products and services are subject to the same oversight, which mitigates the potential for consumer harm and improves consumer trust and confidence. This commenter and another banking association added that establishing parity in supervision will help to ensure that nonbanks provide the same consumer protections when they provide the same services as banks. A payment network and a nonprofit commenter agreed that the proposal would help to ensure that entities engaged in the same functional activities are subject to the same functional regulation. Some comments described nonbanks as deriving a competitive advantage due to their lesser supervisory oversight, and banks and credit unions as disadvantaged. For example, the credit union industry association commenter stated that the lesser supervisory oversight of nonbank peer-to-peer payment apps increases burdens on credit unions responding to consumer disputes of transactions conducted in those apps due to the app providers’ underinvestment in compliance and customer service and impacts analysis in part VII, the CFPB has not determined the Final Rule will reduce fraud prevention. With regard to the risk of data breaches, the CFPB’s information security system mitigates those risks as further discussed in part VII. PO 00000 Frm 00010 Fmt 4701 Sfmt 4700 consumer preferences for contacting the credit union. The community banking association also stated that this gap in oversight erodes consumer trust. One of the banking industry associations agreed, noting that its 2022 survey found that an overwhelming majority of consumers were concerned about a gap in regulatory oversight between fintech firms (including cryptocurrency firms) and banks, and believed that the CFPB and Congress should do more to protect consumers from harm and abuse in these areas.74 At the same time, some industry and nonprofit commenters challenged the potential for Proposed Rule to promote consistent enforcement of Federal consumer financial law as between nonbanks and depository institutions, and thereby promote fair competition, as well as the appropriateness of that consideration in the rulemaking. For example, some of these commenters described the proposed objective as an illegitimate form of ‘‘mission creep . . . outside of [the CFPB’s] core jurisdiction’’ or further suggested that the Proposed Rule would place the CFPB in the role of market gatekeeper for nonbanks, which would frustrate competition and innovation (which one of these commenters described as the effect that banking regulation already has on banks). Some industry commenters also suggested the objective failed to account for the structure of nonbank market activity vis-à-vis banks and credit unions. For example, an industry association stated that many nonbank market participants either complement banks and credit unions by making it easier for consumers to use payment methods provided by those financial institutions, or partner directly with the banks and credit unions. Some banking associations also expressed concern that the rule would increase indirect burden on banks and may create confusion about differences between banks and nonbanks. As another example, an industry provider stated that banks provide deposit accounts (and associated funds transfer functionalities), not pass-through payment wallets allowing consumers to access payment methods issued by 74 Consumer Bankers Ass’n, Press Release, NEW POLL: Nearly Ninety Percent Of Americans Concerned That Fintech & Crypto Firms Do Not Have Appropriate Level of Federal Regulation (Dec. 12, 2022) (describing 56 percent of respondents that want greater oversight compared to 24 percent who are satisfied with existing oversight), https:// consumerbankers.com/press-release/new-pollnearly-ninety-percent-of-americans-concerned-thatfintech-crypto-firms-do-not-have-appropriate-levelof-federal-regulations/ (last visited Nov. 18, 2024). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Comments on Other Regulators’ Existing Oversight Authority Some commenters suggested the rule would help existing regulatory oversight efforts in the market, while others stated that the Proposed Rule did not adequately consider whether the CFPB supervisory authority was needed in light of existing regulatory oversight mechanisms of other regulators. A group of State attorneys general stated that the Proposed Rule would allow Federal and State authorities to coordinate to prevent and abate unfair, deceptive, and abusive acts and practices in the market. They indicated that violations of Federal law detected through CFPB’s supervisory examinations could assist State enforcement, including in States such as California, New Jersey, and New York, where a commercial practice that violates Federal law is deemed or presumed to violate the State’s consumer protection laws. On the other hand, some other commenters stated that the Proposed Rule did not adequately consider the degree to which the market already is overseen by other regulators, including State oversight of nonbank market participants that are money transmitters, Federal prudential regulators’ oversight with respect to banks and credit unions that provide accounts, hold funds, and process payments facilitated by nonbank market participants, and FTC enforcement of consumer protection laws including competition laws.77 Several industry associations stated that the rulemaking generally must better account for the potential for CFPB supervision to duplicate the oversight by those other regulators, and the unnecessary burdens and diverging regulatory expectations that such duplicative supervision can create.78 One of these commenters stated that the CFPB should clarify the scope and requirements of the rule to prevent these outcomes, and stated that close coordination by the CFPB with other regulators is needed before the CFPB pursues oversight of larger participants. With respect to existing State oversight, an industry association stated that State financial regulators supervise various aspects of the market and the CFPA requires the CFPB to account for oversight by State authority when exercising its supervisory authority. Two other industry associations indicated that in their view the Proposed Rule did not consider how the CFPB would address overlap in scope with State examinations on the same subject matter particularly at money transmitters. A nonprofit commenter suggested that State oversight is sufficient because States are better at enforcing the law because they have a 75 As discussed below in the section-by-section analysis of the definition of ‘‘covered payment functionality,’’ the preamble uses the phrase passthrough payment wallet to describe this type of functionality discussed by commenters. 76 The commenter also stated the Proposed Rule excluded from ‘‘general use’’ bill-payment applications and applications used to purchase financial assets including securities. However, the Proposed Rule specifically acknowledged the existence in the market of ‘‘a general-use billpayment function.’’ 88 FR 80197 at 80206. In addition, the Proposed Rule did not list applications for purchase of securities among the examples of activities that do not have ‘‘general use’’ because it already excluded those transaction from the proposed definition of ‘‘consumer payment transaction’’ as discussed in the sectionby-section analysis of that term further below. 77 A few industry comments also mentioned Federal oversight of money transmitters by FinCEN in the U.S. Treasury. These commenters did not describe any nexus between that oversight and compliance with Federal consumer financial law, or otherwise suggest that supervisory activity by FinCEN and the CFPB would have overlapping subject matter related to compliance with Federal consumer financial law. 78 Some commenters also discussed Federal prudential regulators’ existing oversight of banks and credit unions as relevant due to the inclusion in the market of nonbanks that partner with banks and credit unions, and of pass-through payment wallets that facilitate the use of accounts provided by banks and credit unions. The Final Rule summarizes and responds to those comments in more detail in the section-by-section analysis of ‘‘covered payment functionality’’ below. khammond on DSK9W7S144PROD with RULES2 third-party financial institutions.75 And for that reason, in its view, increased oversight of those activities would not serve the CFPB’s stated purpose. However, another industry association stated that banks have been introducing their own digital wallets, both directly and through affiliates, in an effort to compete with nonbank incumbents that have embedded their digital wallets into merchant checkout processes. Finally, an industry association also suggested that in some ways the Final Rule may not promote consistent enforcement of Federal consumer financial law. It stated that the CFPB should explain why larger participants in the proposed market should be subject to what it viewed as significantly more CFPB supervisory authority than exists over other persons that facilitate consumer payment transactions, such as banks and credit unions providing physical payment cards and providers of payment applications that do not have ‘‘general use’’ as defined in the Proposed Rule such as automobile purchase applications and food delivery applications.76 VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 PO 00000 Frm 00011 Fmt 4701 Sfmt 4700 99591 better understanding of local conditions.79 Comments on CFPB Enforcement and Market-Monitoring Authorities An industry association stated that the Proposed Rule did not explain how supervisory authority would promote additional compliance with Federal consumer financial law beyond compliance the CFPB ensures through its enforcement function and aided by its market-monitoring function. A nonprofit suggested that CFPB enforcement is sufficient to address risks to consumers, and that supervision would only impose unnecessary burden. Comments Raising ‘‘Major Questions’’ Doctrine Another area of comment related to the ‘‘major questions doctrine.’’ Those commenters who addressed the doctrine generally were critical of the Proposed Rule and took an expansive view of the circumstances in which the doctrine applies. First, one nonprofit commenter stated that the major question doctrine precludes the CFPB from defining larger participants in a digital wallet market generally. This commenter stated that, despite the existence of digital wallets at the time of adoption of the CFPA, Congress did not expressly include them within the scope of CFPB supervisory authority and therefore chose to foster innovation free from the CFPB’s supervisory oversight. Further, in its view, the market has vast economic and political significance given both the aggregate dollar value of transactions on digital wallets (nearly $1 trillion) and references by the CFPB to payment systems as ‘‘critical infrastructure’’ and to ‘‘Big Tech’’ companies.80 Second, some commenters stated that the CFPB’s interpretation of the merchant payment processing exclusion in CFPA section 1002(15)(A)(vii)(I) also is impermissible under the major questions doctrine.81 79 This commenter also stated that States generally occupy the field of consumer protection law, that Federal supervisory oversight by the CFPB would ‘‘preempt’’ State law, and that the proposal did not provide compelling evidence for doing so. The CFPB disagrees that a larger participant rule, which establishes CFPB supervisory authority and does not impose substantive consumer protection obligations, preempts such State consumer protection laws. 80 CFPB Press Release (Nov. 7, 2023) (announcing Proposed Rule), https://www.consumerfinance.gov/ about-us/newsroom/cfpb-proposes-new-federaloversight-of-big-tech-companies-and-otherproviders-of-digital-wallets-and-payment-apps/ (last visited Nov. 8, 2024). 81 In addition, some commenters stated that the inclusion of certain digital assets transfers in the proposed definition of consumer payment transactions raised a ‘‘major question.’’ As E:\FR\FM\10DER2.SGM Continued 10DER2 99592 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Third, some commenters stated that the major questions doctrine voids the CFPB’s interpretation of CFPA section 1024(b) as authorizing supervision of all consumer financial products and services provided by a larger participant for compliance with Federal consumer financial law and related risks.82 khammond on DSK9W7S144PROD with RULES2 Comments on Potential Scope of CFPB Examinations of Larger Participants Relatedly, the CFPB received several other comments on the proposal’s statement that the CFPB’s supervisory authority is not limited to the products or services that qualified a person for supervision, but also includes other activities of such a person that involve other consumer financial products or services or are subject to Federal consumer financial law.83 Four commenters (representing the banking industry) expressed agreement with the CFPB’s description of its supervisory authority over larger participants. They stated that the CFPB’s position is consistent with how the CFPB supervises large banks, where every consumer financial activity that the bank engages in is subject to CFPB jurisdiction. Several other commenters (several industry trade groups, an individual company, and a law firm) disagreed with the CFPB’s description of its supervisory authority. These commenters generally interpreted CFPA section 1024 to limit the scope of nonbank supervisory authority over larger participants to specific consumer financial products and services included in the market covered by the corresponding larger participant rule. One of these commenters asserted that the rule could not be used by the CFPB to scrutinize the digital assets business lines of entities, including those already subject to supervision. One commenter also suggested that even if the CFPA’s view of its authority is correct, it would be unreasonable for the CFPB to actually exercise that authority because the costs discussed further below, the CFPB has decided, for purposes of this Final Rule, not to define larger participants in the general-use digital consumer payment applications market by reference to activity involving digital assets. This Final Rule therefore does not address these major questions comments further. 82 As discussed further above in the general comments on how the rule would enable the CFPB through its supervisory activity to detect and assess risks to consumers and markets, a nonbank commenter claimed that the larger participant rule itself must identify meaningful risk, or it would violate the major questions doctrine. For the reasons described below in the response to these general comments above, the CFPB disagrees with both claims. The CFPB also disagrees that this rule implicates the major questions doctrine for reasons discussed below. 83 88 FR 80197 at 80198 n.7 (quoting 77 FR 42874 at 42880). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 of such supervision would exceed the benefits. Another said the exercise of such authority would discourage innovation and competition. Response to General Comments Received After first responding to comments on rulemaking process issues, the Final Rule provides a response below to other general comments. For the reasons described below, the CFPB continues to believe that issuance of this larger participant rule is warranted because: (1) the market has grown dramatically and become increasingly important to the everyday financial lives of consumers; (2) CFPB supervisory authority over its larger participants would help the CFPB to promote compliance with Federal consumer financial law; (3) that authority would help the CPFB to detect and assess risks to consumers and the market, including emerging risks; and (4) that authority would help the CFPB to ensure consistent enforcement of Federal consumer financial law between banks and nonbanks. Rulemaking Process While the CFPB was considering comments on the Proposed Rule, the Supreme Court issued a decision ruling that the CFPB funding mechanism is constitutional under the Appropriations Clause.84 The CFPB disagrees with commenters’ suggestion that it should have forgone larger participant rulemaking activity during such a challenge. The CFPB also disagrees with those commenters suggesting that an extension of the comment period was necessary to allow for meaningful input on the Proposed Rule. The Proposed Rule would have a narrow impact, establishing CFPB supervisory authority over a group of nonbank covered persons who already are subject to CFPB enforcement and market-monitoring authority, and at least some of whom already are subject to CFPB supervisory authority on other grounds. Despite this, the CFPB received timely comments from a wide array of commenters, as described above, and all but one of the commenters described here filed timely comments after requesting more time. The CFPB disagrees that an extension of the comment period is warranted based on the proposal of a market definition that commenters viewed as complex or a larger-participant test with more than one criterion. As discussed below, commenters provided numerous useful 84 CFPB v. Cmty. Fin. Servs. Ass’n of Am., Ltd., 601 U.S. 416 (2024). PO 00000 Frm 00012 Fmt 4701 Sfmt 4700 comments about the proposed market definition and the CFPB is making several adjustments to the market definition in the Final Rule in response including to improve clarity. With regard to the larger-participant test, the CFPB proposed a test that was based on two criteria (consumer payment transaction volume and the entity’s size by reference to SBA size standards) that were explained in the proposal and are not especially complicated. Proposed rules often include small entity exclusions, and many commenters provided substantive comments on the proposed exclusion, as discussed further below.85 Further, it was unnecessary to extend the comment period with an accompanying notice of the risks the CFPB believes market participants pose to consumers because, as explained in the Proposed Rule and discussed below, the CFPB is not required to make findings about relative risks in a market to justify issuing (or proposing) a larger participant rule. Finally, the CFPB notes that the Proposed Rule set a January 8, 2024, deadline for filing of comments, about two months after the rule was issued on November 7, 2023, and 52 calendar days after its November 17, 2023, publication in the Federal Register. Commenters had well over 30 days to prepare comments even accounting for the endof-year holiday season.86 Indeed, several of the requests for an extension cited their own substantive comments on the Proposed Rule as the reasons for requesting an extension. For these reasons, the CFPB also disagrees with the industry comment suggesting that the lack of extension of the comment period supports a conclusion that the CFPB should withdraw the Proposed Rule. 85 With respect to the proposed coverage of digital assets, commenters from the digital asset sector provided extensive and detailed comments, demonstrating that those commenters were able to provide meaningful input on the Proposed Rule during the comment period. In any event, as discussed below, the CFPB has decided, for purposes of this Final Rule, not to define larger participants in the general-use digital consumer payment applications market by reference to activity involving digital assets. 86 The extensive comments in the rulemaking record demonstrate that the presence of Federal holidays (Veteran’s Day after issuance of the proposal and Thanksgiving, Christmas, and New Years after publication in the Federal Register) and a concurrent proposal and ongoing market monitoring in this market did not preclude commenters from offering detailed substantive comments. In any event, the CFPB sent the marketmonitoring inquiries to a limited number of firms and issued the parallel proposal (which, unlike this rulemaking, proposed substantive consumer protections) almost three weeks earlier with a 60day comment period. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Establishing CFPB Supervisory Authority Over the Large and Growing Market As described above, commenters agreed with the findings in the Proposed Rule that the market has grown rapidly to achieve a significant size with high levels of adoption and broad reliance by consumers on general-use digital consumer payment applications. As the proposal explained in detail, the market for general-use digital consumer payment applications has large and increasing significance to the everyday financial lives of consumers, who are growing increasingly reliant on such applications to initiate payments.87 Further growth can be anticipated.88 For example, as the proposal stated, nonbank digital payment applications have rapidly grown in the past few years to become the most popular way to send money to other individuals other than cash, and are used for a higher number of such transactions than cash.89 The proposal also cited various market research publications indicating that most merchants in the United States accept general-use digital consumer payment applications as a means or method of payment. Given the extent of consumer adoption and reliance, the extent of the consumer payment transaction volume (approximately 13.5 billion annually) and value (approximately $1.2 trillion annually), and the breadth of associated consumer data collected, it is important for the CFPB to establish Federal supervisory oversight of larger participants. The CFPB also has considered the industry association commenter’s observation that the market for generaluse digital consumer payment applications as defined in the Proposed Rule may not have reached the maturity stage in the industry lifecycle. The CFPB acknowledges that, compared to the markets covered by previous larger participant rulemakings,90 this market 87 See 88 FR 80197 at 80200–80201. 88 Id. khammond on DSK9W7S144PROD with RULES2 89 Id. 90 Following significant growth in the 1980s, by 1990, personal remittances from the United States had reached over US$10 billion. See World Bank Group, Personal remittances, paid (current US$)— United States, https://data.worldbank.org/ indicator/BM.TRF.PWKR.CD.DT?locations=US (last visited Nov. 5, 2024). Nearly two decades earlier, consumer reporting agencies and consumer debt collection markets had already grown to the point that Congress adopted substantive consumer protection legislation to regulate them. See Public Law 91–508 (Oct. 26, 1970) (title VI adopting Fair Credit Reporting Act); Public Law 95–109 (Sept. 20, 1977) (Title VIII adopting Fair Debt Collection Practices Act). By that time, following adoption of the Higher Education Act of 1965, Public Law 89– 329 (Nov. 8, 1965), student lending and student loan servicing had already been expanding. And VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 has developed more recently, fueled by technological change. In the years after a large nonbank financial technology firm developed the first well-known digital payment app in the late 1990s,91 other large fintech firms including BigTech firms 92 entered and expanded the market by leveraging new digital consumer technologies, such as smartphones that support digital applications (which proliferated starting in the late 2000s) 93 and smartphone near-field communication (NFC) technologies that support in-store payments (which proliferated in the 2010s).94 More recently, well-known market participants have been bundling consumer financial products and services to help consumers to make payments to friends and family and payments to merchants together in the same digital application. Although the market is newer than some other consumer finance markets, consumer adoption for these types of consumer payment transactions already has reached very high levels. As described largescale consumer automobile financing dates back to at least the 1920s. See Buy Now Pay Later: A History of Personal Credit, Harv. Bus. School Library (section titled ‘‘Cards on time’’ noting that ‘‘[i]n the 1920s, auto financing took a giant leap forward when the car manufacturers entered the game’’), https://www.library.hbs.edu/hc/credit/ credit4d.html (last visited Nov. 5, 2024). 91 PayPal Editorial Staff, Alternative and digital payment methods: Shaping the payment industry and preparing for the future (Dec. 18, 2023) (stating that ‘‘[t]he first digital solution in the alternative payment industry was PayPal, developed in 1998 to enable people to make payments via an email address’’), https://www.paypal.com/us/brc/article/ alternative-payment-method-trends (last visited Nov. 5, 2024). 92 Consistent with its use by the Financial Stability Board, the Final Rule uses the term ‘‘BigTech’’ to refer to large technology companies with extensive customer networks. See, e.g., Financial Stability Board Report P091219–1, BigTech in finance—Market developments and potential financial stability implications (Dec. 9, 2019) at 3 (‘‘BigTech firms are large technology companies with extensive established customer networks. Some BigTech firms use their platforms to facilitate provision of financial services. Those that do so can be seen as a subset of FinTech firms—a broader class of technology firms (many of which are smaller than BigTech firms) that offer financial services.’’), https://www.fsb.org/wpcontent/uploads/P091219-1.pdf (last visited Nov. 5, 2024). 93 Apple Press Release, Apple Reinvents the Phone with iPhone (Jan. 9, 2007), https:// www.apple.com/newsroom/2007/01/09AppleReinvents-the-Phone-with-iPhone/ (last visited Nov. 5, 2024); Michael DeGusta, Are Smart Phones Spreading Faster than Any Technology in Human History? MIT Technology Review (May 9, 2012) (citing data that smart phones, which represented only six percent of U.S. mobile phone sales as of 2006, had grown to a two-thirds share as of 2012, with use by nearly 40 percent of the U.S. population), https://www.technologyreview.com/ 2012/05/09/186160/are-smart-phones-spreadingfaster-than-any-technology-in-human-history/ (last visited Nov. 5, 2024). 94 CFPB Contactless Payments Spotlight, supra. PO 00000 Frm 00013 Fmt 4701 Sfmt 4700 99593 in the Proposed Rule and explained above, general-use digital consumer payment applications already play a fundamental role in facilitating the payments that many consumers in the United States make every day. Therefore, the CFPB believes it is an appropriate time for it to issue a rule to establish the authority of the CFPB to supervise larger participants in this market. The CFPB reaches that conclusion in the Final Rule not solely due to the size of the market and its growth, but in conjunction with its goals described below of promoting compliance with Federal consumer financial law, detecting and assessing risks to consumers and markets, and ensuring consistent enforcement of Federal consumer financial law. Promoting Compliance With Federal Consumer Financial Law As described in the proposal, supervision of larger participants in a market for general-use digital consumer payment applications will help ensure those companies are complying with applicable requirements of Federal consumer financial law.95 One of the primary purposes of supervision under CFPA section 1024(b)(1) is ‘‘assessing compliance with the requirements of Federal consumer financial law,’’ and the Final Rule will further the CFPB’s ability to assess compliance by larger participants with the requirements of those laws.96 As identified by several commenters and described further above, the larger participants defined in the Rule engage in activities that are subject to applicable Federal consumer financial law such as the prohibition against unfair, deceptive, and abusive acts and practices set forth in the CFPA; the EFTA and its implementing Regulation E; and the data privacy protections of the GLBA and its implementing Regulation P. The CFPB disagrees with the comments suggesting that certain larger participants would not be subject to any Federal consumer financial laws.97 The larger participants defined by the rule are covered persons under the CFPA and would at a minimum be subject to the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices.98 Assessing 95 88 FR 80197 at 80201, 80212. 12 U.S.C. 5514(b)(1)(A). 97 As discussed further below, the CFPB disagrees with industry commenter suggestions that passthrough payment wallets are excluded from the scope of the CFPA as ‘‘electronic conduit services.’’ 98 See 12 U.S.C. 5481(5) (defining the term ‘‘covered person’’), 5531 (applying prohibition against unfair, deceptive, and abusive acts and 96 See E:\FR\FM\10DER2.SGM Continued 10DER2 99594 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 compliance with the prohibition against unfair, deceptive, and abusive acts and practices is itself important, because such practices can cause significant harm to consumers.99 Many of these commenters also acknowledged that some of the other Federal consumer financial laws would apply to at least a subset of the larger participants defined by the Proposed Rule.100 The CFPB agrees with the commenters that stated that this rule will help the CFPB to ensure compliance with Federal consumer financial laws, and disagrees with those that stated that it would not. The CFPB’s supervisory authority will promote compliance with applicable legal practices to all ‘‘covered persons’’ as well as other persons), 5536 (same). The CFPB also can supervise larger participants for other Federal consumer financial laws that apply, including laws that take effect or for which compliance is mandatory in the future. For example, the CFPB recently finalized a personal financial data rights rule under its CFPA authority that is part of Federal consumer financial law and that generally applies to market participants. CFPB, Final Rule, Required Rulemaking on Personal Financial Data Rights, 89 FR 90838 (Nov. 18, 2024) (CFPB Personal Financial Data Rights Rule). As another example, the CFPB’s nonbank registration regulation imposes requirements on covered nonbanks related to the registration of covered orders including, for covered nonbanks that are supervised registered entities, written-statement requirements. See 12 CFR 1092.201(q), 1092.204. 99 For example, under the CFPA, an unfair act or practice must cause or be likely to cause ‘‘substantial injury’’ to consumers. 12 U.S.C. 5531(c)(1); see also, e.g., Supervisory Highlights Issue 18, Winter 2019 at 13–14 sec. 3.1.2, https:// files.consumerfinance.gov/f/documents/cfpb_ supervisory-highlights_issue-18_032019.pdf (last visited Nov. 13, 2024) (noting that CFPB supervisory activities resulted in or supported the public enforcement action resolved in 2019 by consent order In re: Enova International, Inc., Admin. Proc. File No. 2019–BCFP–0003 (Jan. 25, 2019) ¶¶ 9–33 (describing unfair acts and practices including repeat debiting of consumer accounts without valid authorization), https:// files.consumerfinance.gov/f/documents/cfpb_ enova-international_consent-order_2019-01.pdf (last visited Nov. 13, 2024); Supervisory Highlights Issue 21, Winter 2020 at 16 sec. 4.1 (noting that CFPB supervisory activities resulted in or supported the public enforcement action resolved in 2019 against Maxitransfers Corporation including deceptive acts and practices in statements in terms and conditions regarding company’s responsibility for errors by their agents), https:// files.consumerfinance.gov/f/documents/cfpb_ supervisory-highlights_issue-21_2020-02.pdf (last visited Nov. 13, 2024); Issue 32, Spring 2024, supra, at 14 sec. 4.1 (noting that CFPB supervisory activities resulted in or supported the public enforcement action resolved in 2023 against Toyota Motor Credit Corporation finding several unfair acts and practices). 100 For a discussion of comments suggesting that the market should be confined to entities that receive or hold the funds being transferred in consumer payment transactions, or that the market should cover consumer payment transactions that transfer funds from nonbank accounts but not from bank accounts, see the section-by-section discussion below of Final Rule § 1090.109(a)(2) regarding the term ‘‘consumer payment functionality.’’ VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 requirements in multiple ways. As described in the proposal, under the CFPA, the CFPB shall use its supervisory authority to ‘‘assess[ ] compliance with the requirements’’ of Federal consumer financial laws 101 and to ‘‘obtain[ ] information about the activities and compliance systems of procedures’’ of market participants.102 The CFPB may review the entity’s activities and compliance systems or procedures and issue supervisory findings or criticisms as appropriate.103 Supervision is one of the CFPB’s most important and powerful tools to protect consumers by promoting compliance with Federal consumer financial law. As discussed in the proposal and as a nonprofit commenter emphasized, the prospect of the CFPB exercising supervisory authority over such firms may cause them to allocate additional resources and attention to compliance and to take steps to mitigate any noncompliance.104 In addition, based on the CFPB’s supervisory experience in other markets, the CFPB’s supervisory activities authorized under the Final Rule are likely to help entities to identify issues before they become systemic or cause significant harm. Through its supervisory activity, the CFPB detects and addresses legal violations. In some instances, the CFPB uses enforcement actions to address violations that it originally identified through supervision. The CFPB also uses supervision to help ensure that supervised entities develop and maintain systems and procedures to prevent and remedy violations. CFPB supervisory reviews and related compliance ratings promote the development of compliance risk management practices designed to manage consumer compliance risk, support compliance, and prevent consumer harm.105 Through supervision, CFPB examiners may articulate supervisory expectations to 101 See 12 U.S.C. 5514(b)(1)(A). 12 U.S.C. 5514(b)(1)(B). 103 See also discussion below regarding 12 U.S.C. 5514(b)(1)(C) in connection with the use of CFPB supervisory authority for the purpose of ‘‘detecting and assessing risks to consumers and markets for consumer financial products and services,’’ including the CFPB’s use of its authority under the Final Rule to better understand how the Federal consumer financial laws apply to larger participants defined by the rule and the products and services they offer and to review and mitigate risks related to noncompliance. 104 See 88 FR 80197 at 80211–12. 105 See, e.g., Federal Financial Institutions Examination Council, Uniform Interagency Consumer Compliance Rating System, 81 FR 79473, 79474 (Nov. 14, 2016) (discussing assessment by agency examiners of consumer compliance), https:// www.ffiec.gov/press/pr110716.htm (last visited Nov. 5, 2024). 102 See PO 00000 Frm 00014 Fmt 4701 Sfmt 4700 supervised larger participants in connection with supervisory events.106 The CFPB also notes that, following the issuance of its five prior larger participant rules, it has successfully used its supervisory authority to detect violations and promote compliance in each of the markets covered by those rules, as the CFPB has documented in its periodic publication Supervisory Highlights.107 Thus, the CFPB disagrees with comments criticizing the proposal’s statement that CFPB supervision will help to ensure that larger participants are complying with applicable requirements of Federal consumer financial law.108 Moreover, by authorizing the CFPB to supervise larger participants, the Rule will promote strong compliance risk management practices in this market.109 The CFPB also disagrees with commenters stating that CFPB supervision generally harms 106 See CFPB, Bulletin 2021–01: Changes to Types of Supervisory Communications (Mar. 31, 2021), https://files.consumerfinance.gov/f/documents/ cfpb_bulletin_2021-01_changes-to-types-ofsupervisory-communications_2021-03.pdf (last visited Nov. 5, 2024). 107 The CFPB publishes Supervisory Highlights on its website several times each year at https:// www.consumerfinance.gov/compliance/ supervisory-highlights/ (last visited Nov. 5, 2024). Since its first larger participant rules took effect in late 2012 and early 2013, these publications have highlighted findings of violations of Federal consumer financial law and compliance management weaknesses from examinations in markets subject to its larger participant rules. See, e.g., Issue 4, Spring 2014 at 8–10 (consumer reporting market), at 11–14 (consumer debt collection market); Issue 10, Winter 2016 at 11–14 (international money transfer market). For the most recent examples, see, e.g., Issue 35, Fall 2024 (automobile finance market); Issue 34, Summer 2024 (consumer debt collection market); Issue 32, Spring 2024 at 4–7 (consumer reporting market); Issue 31, Fall 2023 at 13–14 (international money transfer market); Issue 30, Summer 2023 at 4–8 (automobile financing market), at 8–9 (consumer reporting market), at 12–13 (consumer debt collection market), at 29–30 (international money transfer market); Issue 29, Winter 2023 at 14–15 (student loan servicing market); Issue 28, Fall 2022 at 4–7 (automobile financing market), at 7–8 (consumer reporting market), at 16–17 (consumer debt collection market); Issue 27, Fall 2022 at 14– 25 (student loan servicing market); Issue 26, Spring 2022 at 5–11 (consumer reporting market), at 14– 16 (consumer debt collection market), at 22–25 (international money transfer market), at 25–27 (student loan servicing market). 108 See 88 FR 80197 at 80201. Further, the CFPB disagrees that it is required to make findings of noncompliance in the market in order to issue this rule, for generally the same reasons (discussed below) that it is not required to make findings regarding the level of risk in the market or market failure. 109 For example, as discussed in the impacts analysis further below in part VII, entities may improve their compliance management either in response to the possibility of an examination or in response to an examination finding regarding compliance management weaknesses. See also CFPB Supervision and Examination Manual, part II.A (describing how CFPB examinations conduct compliance management reviews). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations consumers by reducing the resources available to those companies. Instead, CFPB supervision as provided under the rule will, as intended by Congress, promote compliance with Federal consumer financial law and otherwise facilitate the CFPB’s statutory objectives. For the reasons discussed above, the CFPB concludes that the rule will help the CFPB to promote compliance with Federal consumer financial law in the market. That, in turn, will reduce risks of harm to consumers, as also discussed in the impacts analysis in part VII below. khammond on DSK9W7S144PROD with RULES2 Detecting and Assessing Risks to Consumers and Markets, Including Emerging Risks The CFPB concludes that this rule will help the CFPB to detect and assess risks to consumers and markets from the provision of general-use digital consumer payment applications. As explained in the Proposed Rule and for the reasons elaborated further below, the CFPB agrees with comments suggesting that CFPB supervision of larger participants in this rapidlygrowing and evolving market will be especially useful to the detection and assessment of emerging risks. As discussed below, the CFPB disagrees with the commenters that stated that the CFPB must first make a risk determination before establishing supervisory authority over larger participants by rule. The CFPB concludes that establishing its supervisory authority over larger participants in this market would help it to detect and assess emerging risks for several reasons. First, the CFPB shares the view of the group of State attorneys general and other commenters that this highlyconcentrated market will continue to grow and evolve rapidly as the technology that has fueled its rapid growth also continues to evolve. As with other markets the CFPB now supervises, it is important for the CFPB to be able to closely assess whether pressure to sustain high growth in this market will drive nonbank firms to develop new and increasingly risky products.110 110 Cf. Financial Crisis Inquiry Commission Report (Feb. 25, 2011) at 104 (‘‘The refinancing boom was over, but originators still needed mortgages to sell to the Street. They needed new products that, as prices kept rising, could make expensive homes more affordable to still-eager borrowers. The solution was risker, more aggressive, mortgage products that brought higher yields for investors but correspondingly greater risks for borrowers.’’), at 414 (also noting that ‘‘high-risk, nontraditional mortgage lending by nonbank lenders flourished in the 2000s and did tremendous damage in an ineffectively regulated VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 In addition, the CFPB agrees with the comments expecting that the market will continue to grow, including by expanding how general-use digital consumer payment applications help consumers to make payments in other ways. As the proposal explained, it is critical for the CFPB to be able to detect and assess emerging risks as new product offerings blur the traditional lines of banking and commerce.111 This blurring was noted by several commenters that described a trend toward ‘‘embedded finance’’ described above and is illustrated in industry comments discussed below describing various ways that nonbanks’ general-use digital payment applications serve as intermediaries between consumers and merchants.112 Such applications also can facilitate payments from many different types of accounts consumers hold across multiple financial institutions. Supervision can detect and assess risks that may arise from a single application establishing connections that can cause payments to be made from many different consumer accounts.113 In addition, as noted in the industry report cited by a consumer group commenter, consumers also can use payment functionalities embedded in digital applications, such as text messages, to make payments, including peer-to-peer payments.114 environment, contributing to the financial crisis’’), https://www.govinfo.gov/content/pkg/GPO-FCIC/ pdf/GPO-FCIC.pdf (last visited Nov. 6, 2024). 111 For example, the proposal noted how in its 2022 market-monitoring report on the convergence of payments and commerce, the CFPB described the potential for consumer financial data and behavioral data to be used together in increasingly novel ways. 88 FR 80197 at 80201 and n.43. 112 See section-by-section analysis of § 1090.109(a)(1) and of ‘‘covered payment functionality’’ in 1090.109(a)(2). See also Google LLC Embedded Finance White Paper at 7 (‘‘Embedded finance also offers a bonus for financial services companies: The data you collect from each transaction can help enhance customer service experience and innovate new products and experiences. The possibilities are endless for these kinds of partnerships, with high revenue and business growth potential. Before embarking on the embedded finance journey, however, you’ll need to prepare’’ by, among other steps, ‘‘[p]lan[ning] to manage and analyze the vast trove of data you’ll be collecting.’’); CFPB Report on Convergence of Payments and Commerce, supra, at sec. 3.3 (‘‘Embedded commerce’’). 113 Today, a general-use digital consumer payment application can initiate payments from multiple credit cards, prepaid accounts, and checking accounts. A general-use digital consumer payment application can facilitate payments from accounts that the provider offers through depository institution partners, or from linked accounts issued by other institutions (sometimes referred to as passthrough payments). 114 Google LLC Embedded Finance White Paper at 3; Apple Cash website (‘‘Send and Receive Money in Messages. With Apple Cash, you can send and receive money with just a text, in Messages. So it’s easy to tip your dog walker, request funds from PO 00000 Frm 00015 Fmt 4701 Sfmt 4700 99595 The CFPB also agrees with the group of State attorneys general that new risks may emerge as the relevant technologies in this market evolve. In this market, by using its supervisory activity as generaluse digital consumer payment applications incorporate new technology, the CFPB can inform its assessment of risks to consumers and to markets.115 Supervision can be effective at detecting and assessing such risks. As a nonprofit commenter noted, supervision allows for rapid exchange of information outside of the adversarial legal process. The supervisory process also generally is confidential, which also facilitates the exchange of information.116 For example, when examiners conduct a compliance management review, they can assess the strength of larger participants’ compliance management as applied to the development and marketing of new products.117 In addition, as illustrated by its work during the COVID–19 pandemic, examiners who are familiar with supervised entities can review activities across a market to identify emerging risks of consumer harm in a time of macroeconomic stress or your roommate, or chip in for a coworker’s gift.’’), https://www.apple.com/apple-cash/ (last visited Nov. 6, 2024). 115 In the CFPB’s experience, for some financial institutions, even the rollout of relatively conventional digital technologies can pose significant risks to consumers, including in the area of digital payments. Cf. CFPB, In re: VyStar Credit Union, Admin Proc. File No. 2024–CFPB–0013 (Oct. 31, 2024), ¶ 20 (describing how outage in the establishment of a new online banking platform of large credit union left consumers unable to engage in certain banking activities, and that ‘‘[s]ome members’ previously scheduled recurring payments were delayed or even deleted.’’), https:// files.consumerfinance.gov/f/documents/cfpb-vystarcredit-union-consent-order_2024-10.pdf (last visited Nov. 16, 2024). 116 The CFPB treats CFPB confidential supervisory information consistent with applicable regulation; see 12 CFR part 1070. As noted above, even when Supervision highlights its findings to the public through Supervisory Highlights, it generally does not identify individual firms (outside of highlighting any associated enforcement actions). 117 See, e.g., CFPB Supervision and Examination Manual, part I.A (page 6 of compliance management review section explaining how examiners’ compliance management review includes a review of the ‘‘processes for development and implementation of new consumer financial products or services and distribution channels or strategies, to determine degree of compliance function participation.’’); see also id. at 4–5 (describing how examiners review product development as a component of the review of board and management oversight of compliance); id. at 9 (review of training of staff responsible for product development); id. at UDAAP Examination Procedures at 2 (review of product development documentation in connection with examiner’s assessment of compliance with the prohibition against unfair, deceptive, and abusive practices). E:\FR\FM\10DER2.SGM 10DER2 99596 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 shock.118 As another example, through its supervisory tool, the CFPB can respond rapidly to reports of any widespread outages at larger participants by gathering information through an established supervisory relationship.119 Supervision of larger participants in this market also can identify new and emerging risks to consumers relating to the applicability of existing requirements of Federal consumer financial law to new products. For example, comments from consumer groups and State attorneys general suggested that non-compliance with EFTA/Regulation E and GLBA/ Regulation P is common in this market, while some industry commenters stated that neither EFTA/Regulation E nor GLBA/Regulation P apply to at least some market participants. Other commenters described how some consumers may be confused about the legal protections afforded through certain payment apps. The CFPB does not define the application of those laws in this rulemaking. Through its supervisory activity, the CFPB can gather information to assess the applicability of those laws to the specific consumer financial products and services that a larger participant provides. Where the law applies and is violated, examiners can address the 118 See, e.g., CFPB, Prioritized Assessment FAQs (July 20, 2020) at 1 (‘‘The Bureau is adapting its supervision program to meet the needs of the current national emergency . . . . Through Prioritized Assessments, the Bureau will expand its supervisory oversight to cover a greater number of institutions than our typical examination schedule allows, gain a greater understanding of industry responses to pandemic-related challenges, and help ensure that entities are attentive to practices that may result in consumer harm.’’), https:// files.consumerfinance.gov/f/documents/cfpb_ prioritized-assessment_frequently-askedquestions.pdf (last visited Nov. 7, 2024); Supervisory Highlights Issue 23, Jan. 2021 (secs. 3.3, 3.5, and 3.6 of COVID–19 special edition describing supervisory observations in prioritized assessments in student loan servicing, consumer reporting, and consumer debt collection markets subject to larger participant rules), https:// files.consumerfinance.gov/f/documents/cfpb_ supervisory-highlights_issue-23_2021-01.pdf (last visited Nov. 7, 2024). 119 See CFPB, What happens if my payment app has an outage and I can’t access my account? (Dec. 21, 2023) (describing consumer complaints as one way the CFPB collects information about outages at payment apps), https://www.consumerfinance.gov/ ask-cfpb/what-happens-if-my-payment-app-has-anoutage-and-i-cant-access-my-account-en-2145/ (last visited Nov. 8, 2024); FEDS Notes, Offline Payments: Implications for Reliability and Resiliency in Digital Payment Systems (Aug. 16, 2024) (describing how ‘‘several recent high-profile outages have highlighted the need for building more reliability and resiliency in digital payment systems’’), https://www.federalreserve.gov/econres/ notes/feds-notes/offline-payments-implications-forreliability-and-resiliency-in-digital-paymentsystems-20240816.html (last visited Nov. 8, 2024). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 situation through supervisory action and where appropriate the CFPB can consider enforcement activity. In addition, such findings can help to inform what the CFPB communicates to the broader market, including through its Supervisory Highlights publication. The CFPB disagrees with certain comments, summarized further above, that suggested that in a larger participant rule the CFPB is required to assess the degree or prevalence of risks to consumers, potential violations of law, or other specific harms occurring in the described market. The relevant provisions of the CFPA do not impose such requirements. While some comments did not identify any legal basis for this alleged obligation, others asserted that the obligation arises from section 1024(b)(2), which concerns the CFPB’s operation of a ‘‘risk-based supervision program.’’ The CFPB believes that these comments misinterpret the scope and purpose of section 1024(b)(2). As the CFPB has previously explained,120 that provision describes the manner in which the CFPB must ‘‘exercise its authority under paragraph [(b)](1)’’ 121 which in turn authorizes the CFPB to supervise ‘‘persons described in subsection (a)(1).’’ The Final Rule does not exercise authority provided by section 1024(b)(1). Rather, it ‘‘describe[s],’’ in part, a set of persons falling within section 1024(a)(1), by defining a category of ‘‘larger participant[s].’’ The CFPB only exercises the authority set forth in section 1024(b)(1) when it actually requires reports or conducts examinations of such persons. In exercising authority under section 1024(b)(1), the CFPB considers (and for larger participants under this Final Rule will consider) the factors set forth in section 1024(b)(2), including risks to consumers, as further described above in part I’s discussion of the CFPB’s prioritization process. However, the CFPA does not mandate consideration of those factors when issuing a rule that defines a category of larger participants under paragraph (a)(1).122 As noted above, one industry comment further argued that general principles of administrative law require the CFPB to identify concrete risks to consumers that will be mitigated by supervision in order to issue this rule. The commenter suggested that the Proposed Rule should have specified in detail what kind of compliance improvements the CFPB envisions, what activities of particular entities are currently non-compliant, why compliance will prevent particular risks to consumers, the likelihood of such risks occurring, the resulting harm to consumers, and how all of these issues compare to related markets. Elsewhere this Final Rule discusses the CFPB’s statutory authority, reasons, and supporting evidence for issuing this Final Rule and explains how this Final Rule will help the CFPB to effectuate the statutory purposes of the CFPA. The CFPB disagrees that it was additionally required to consider in this rulemaking the kinds of detailed information about mitigation of concrete risks contemplated by the commenter. As explained above, there is no indication in the text of the CFPA that the CFPB is required to consider such information in issuing a larger participant rule.123 Because the CFPB’s risk-based prioritization process considers the type of information about risks described in part I above, the CFPB’s supervision of larger participants ultimately may assist the CFPB in detecting and assessing risks to consumers and to markets.124 But sections 1024(a)(1)(B) and (2) do not require the CFPB to reach conclusions regarding such matters before it can even initiate risk-based prioritization for a category of larger participants. To the extent the industry commenter suggests the CFPB should consider such information because it asserts its own type of digital wallet product is ‘‘low risk’’ and should therefore be excluded from the market and ineligible for CFPB supervision, the CFPB does not believe that it is required to categorically exempt allegedly ‘‘low-risk’’ products within a market when issuing a rule to define larger participants of a market.125 120 See 77 FR 42874 at 42883; 77 FR 65775 at 65779. 121 12 U.S.C. 5514(b)(2). 122 This conclusion is reinforced by the immediately following subsection of the CFPA, 1024(a)(1)(C), which expressly references the consideration of risk. Under that provision, the CFPB has the authority to supervise any nonbank covered person that the CFPB ‘‘has reasonable cause to determine, by order, after notice . . . and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.’’ 12 U.S.C. 5514(a)(1)(C) (emphasis added). 123 With respect to cross-market comparisons of risk, as explained in the Proposed Rule and in its previous larger participant rulemakings, ‘‘[t]he Bureau need not conclude before issuing a [larger participant rule] that the market identified in the rule has a higher rate of non-compliance, poses a greater risk to consumers, or is in some other sense more important to supervise than other markets.’’ 88 FR 80197 at 80200 n.24; 77 FR 65775 at 65779. 124 See 12 U.S.C. 5514(b)(1)(C). 125 Nor has the CFPB determined in this rulemaking exercising CFPA section 1024(a)(1)(B) authority that any specific market participant or larger participant poses any particular type or level of risk, low or otherwise, to consumers. Thus, PO 00000 Frm 00016 Fmt 4701 Sfmt 4700 E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 The CFPB likewise disagrees with other commenters who suggested that the CFPB is obligated to undertake a separate risk assessment of various subcomponents or sectors of the described market, or to include only the riskiest subcomponents or sectors within the larger participant definition. CFPA section 1024(a)(1)(B) provides for the issuance of rules defining ‘‘larger participant[s] of a market’’ for consumer financial products or services, and contains no language requiring exemptions for allegedly ‘‘low-risk’’ subcomponents of a market. Consistent with CFPA section 1024(b)(2), the CFPB considers whether products are lower risk, and thus less of a priority for supervisory attention, when choosing particular entities and consumer financial products and services for supervisory examinations as part of its operation of its risk-based supervision program.126 The CFPB’s operation of that risk-based supervision program is designed to prevent CFPB’s supervision program from placing undue burdens on larger participants whose activities are genuinely lower risk. The CFPB also provides below further justification for the scope of the market described in this Final Rule, including regarding the inclusion of pass-through payment wallets in the market.127 The CFPB disagrees with the industry commenter suggesting that the CFPB may issue a rule to define larger participants of a market for consumer products or services only in cases of ‘‘market failure.’’ There is no support for this view in the text or legislative history of the CFPA. Moreover, while concerns about market failure often underlie laws and regulations imposing substantive consumer protection requirements,128 this Final Rule does although this commenter made claims regarding its product having low risk including low risk of violation of the prohibition against unfair, deceptive, and abusive acts and practices, the CFPB does not adjudicate such claims in this legislative rulemaking, for the reasons described above. In any event, the CFPB disagrees that the commenter was prevented from presenting evidence regarding the risks posed by its products. It had notice of the CFPB’s reasons for the proposal and commented on them. 126 As described above, the CFPB Supervision and Examination Manual describes the CFPB’s established process for conducting risk-based prioritization of nonbank covered persons subject to its supervisory authority under CFPA section 1024(a). 127 See section-by-section analysis of § 1090.109(a)(2) (definition of ‘‘wallet functionality’’). 128 See, e.g., 12 U.S.C. 4301(a) (Congressional finding in Truth in Savings Act that ‘‘competition between depository institutions would be improved . . . if there was uniformity in the disclosure of terms and conditions on which interest is paid and fees are assessed in connection with such VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 not impose substantive requirements and instead concerns the scope of the CFPB’s supervisory authority, which is an authority designed to accomplish the statutory purposes established under CFPA section 1024(b)(1)(A)–(C). In that context, there is little reason to read section 1024(a)(1)(B) to impliedly bar the issuance of a larger participant rule in the absence of a demonstrated market failure. Although the CFPB disagrees with the comments suggesting that it must make findings regarding risk to issue this larger participant rule and it does not do so here, as discussed above other commenters described various existing and emerging risks to consumers that may be associated with products and services provided by larger participants. Those comments raise legitimate concerns regarding potential risks to consumers in the market and thus provide further support for the CFPB’s conclusion that this rule will help the CFPB to use its supervisory tool to detect and assess risks to consumers and the market. It is not necessary for this rule to adjudicate the nature, extent, or source of such risks, or for the CFPB to publish market-wide findings about such risks as a predicate for larger participant rulemakings. As discussed above, the CFPB incorporates information available to it about such risks (including from its marketmonitoring function, among others) when prioritizing which nonbank covered persons subject to CFPA section 1024(a) it will examine.129 In response to the nonprofit calling on the CFPB to describe in more detail the risks it would consider in prioritizing larger participants for examination in this market, part I of the Final Rule above explains in further detail the CFPB’s prioritization process and the factors the CFPB considers as part of that process, consistent with the CFPA and as described in its Supervision and Examination Manual. The CFPB also expects that it will continue to periodically publish Supervisory Highlights to communicate key examination findings and risks accounts.’’); 15 U.S.C. 1601(a) (Congressional finding in Truth in Lending Act that ‘‘competition among the various financial institutions and other firms engaged in the extension of consumer credit would be strengthened by the informed use of credit.’’). 129 The CFPB also provides additional responses further below to the comments suggesting it must publish the results of its market monitoring, or establish why its supervisory tool is superior to its market-monitoring tool. In any event, the CFPB has used data from its market-monitoring orders to inform the estimates published in this Final Rule, as discussed in the section-by-section analysis of the larger-participant test further below. PO 00000 Frm 00017 Fmt 4701 Sfmt 4700 99597 identified over time on a market-bymarket basis. Ensuring Consistent Enforcement of Federal Consumer Financial Law With regard to comments on whether the Proposed Rule would further the CFPB’s statutory objective of ensuring that Federal consumer financial law is enforced consistently between nonbanks and depository institutions in order to promote fair competition,130 the CFPB agrees with commenters who stated that the Proposed Rule would further that objective by permitting the CFPB to supervise both banks and nonbanks operating in the general-use digital consumer payment application market and by reducing the competitive advantage nonbanks may derive from being subject to less supervisory oversight. The CFPB disagrees with the commenter that characterized the Proposed Rule as a form of ‘‘mission creep . . . outside [the CFPB’s] core jurisdiction.’’ The commenter did not address the CFPA’s statutory objective of consistent enforcement of Federal consumer financial law without regard to an entity’s status as a depository institution. In addition, the CFPB already has enforcement and rulemaking authority with respect to participants in the market; thus, those entities already fall within the CFPB’s ‘‘jurisdiction’’ in significant ways.131 The CFPB also disagrees with a related comment that described the larger participant rule as placing the CFPB in a market gatekeeper role. That comment appeared to misunderstand the function of larger participant rules, which do not regulate who enters a market but instead identify ‘‘larger participants’’ for purposes of section 1024(a)(1)(B). In addition, the CFPB disagrees with some commenters’ suggestion that the rule should not be issued because of their concerns about the rule potentially making nonbanks less competitive and frustrating their innovation. As discussed below, the Final Rule adopts a significantly higher threshold, resulting in fewer market participants qualifying as larger participants. Even 130 12 U.S.C. 5511(b)(4). CFPB also disagrees with the industry comment suggesting that the Proposed Rule failed to account for the role of the FTC in promoting competition. As the Proposed Rule explained, it is focused on the statutory objective (codified in 12 U.S.C. 5511(b)(4)) of ensuring Federal consumer financial law ‘‘is enforced consistently, without regard to the status of a person as a depository institution, in order to promote fair competition[.]’’ 88 FR 80197 at 80198 n.5. The CFPB can promote consistent enforcement of Federal consumer financial law without impeding the FTC’s mission; the two are compatible, and the CFPB coordinates with the FTC regarding its supervision activities more broadly. 131 The E:\FR\FM\10DER2.SGM 10DER2 99598 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 with respect to larger participants, the CFPB does not have evidence to indicate that the Final Rule is likely to significantly affect innovation. The CFPB also disagrees with those industry comments stating that the Proposed Rule would not promote consistent enforcement of Federal consumer financial law and fair competition because the proposed market definition included pass-through payment wallets that banks do not provide. Banks and credit unions can and do provide payment wallet functionalities. For example, very large depository institutions offer payment wallet functionalities that facilitate consumers’ payments from accounts at the depository institution to make purchases online and in stores.132 In addition, these comments appear to presuppose that the CFPB can only further the statutory objective of consistent enforcement in this rule if banks and nonbanks compete to offer precisely the same products in precisely the same manner to consumers. But the objective of consistent enforcement can also be furthered where the CFPB has the ability to supervise both nonbanks and depository institutions that play complementary roles in payment transactions. For example, when a depository institution subject to the CFPB’s supervisory authority makes its accounts accessible to the consumer through a general-use digital consumer payment application provided by an unaffiliated nonbank, supervision of both the depository institution and the nonbank serves the statutory objective described above. Nonbanks may initiate payments from consumer accounts held at banks and credit unions and engage in a number of related activities that can implicate Federal consumer financial law compliance obligations.133 In 132 For example, an industry association commenter pointed to a new digital wallet called Paze and a click-to-pay product offered by banks. See also, e,g., Early Warning Services, LLC, Press Release, Paze Hits Major Milestone: 125 million Credit and Debit Cardholders Can Check out Online (Oct. 1, 2024) (describing ‘‘Paze, a reimagined digital wallet offered by banks and credit unions,’’ as available for use with 125 million payment card accounts issued by seven very large banks), https:// www.paze.com/paze-hits-major-milestone-125million-credit-and-debit-cardholders-can-checkout-online (last visited Nov. 7, 2024); Click to Pay with American Express (describing how depository institution offers an ecommerce payment wallet), https://network.americanexpress.com/ globalnetwork/v4/products/click-to-pay-withamerican-express (last visited Nov. 7, 2024). See also CFPB Contactless Payments Spotlight, supra (n.59 describing how JPMorgan previously provided the Chase Pay app to facilitate consumer payments for retail purchases). 133 See, e.g., Board of Gov. of Fed. Rsv. System, FDIC, OCC, Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 addition, the CFPB agrees with the credit union association commenter that unaffiliated payment applications can cause burdens on credit unions related to error resolution and customer service. Where the CFPB can supervise both a nonbank pass-through payment wallet and a depository institution involved in payments transactions, it is better positioned to consistently enforce applicable legal obligations with respect to the two entities. Below in the sectionby-section analysis of ‘‘wallet functionality,’’ this Final Rule further discusses the reasons why pass-through payment wallets are appropriately included in the market definition. Finally, the CFPB disagrees with the industry association commenter to the extent it was suggesting that larger participant rules cannot promote fair competition between banks and nonbanks unless they apply antitrust principles to define the market. For the reasons discussed below in the sectionby-section analysis of the market definition in § 1090.109(a)(1), the purpose of antitrust law is different from the purpose of larger participant rules and the CFPB does not apply antitrust law in this rule. Nonetheless, as explained above, banks, credit unions, and their affiliates can offer and provide covered payment functionalities with general use through digital applications. In this rulemaking, the CFPB shares the goals expressed by the banking association and payment network commenters of applying consistent functional oversight to similar functional activities in this market. And as explained below in the section-by-section analysis of the market definition, the activities encompassed by the market definition are similar in how they support, digitally, a common set of payment activities that consumers engage in, such as making everyday payments to friends and family and for purchases. Relatedly, the CFPB disagrees with the industry association commenter to the extent it was suggesting that, by not including Deposit Products and Services (July 25, 2024) at 1 (noting how under certain bank/fintech arrangements, ‘‘banks rely on one or multiple third parties to . . . process payments (sometimes with the ability to directly submit payment instructions to payment networks); perform regulatory compliance functions; provide end-user facing technology applications; service accounts; perform customer service; and perform complaint and dispute resolution functions’’), https:// www.occ.gov/news-issuances/news-releases/2024/ nr-ia-2024-85a.pdf (last visited Nov. 7, 2024). See id. at 1–3 (describing how deployment of new digital payment technologies create a potential for insufficient risk management to meet consumer protection obligations such as requirements under Regulation E to investigate and resolve certain payment disputes within required timeframes). PO 00000 Frm 00018 Fmt 4701 Sfmt 4700 physical payment cards in the market, the Final Rule will not promote consistent enforcement of Federal consumer financial law. For the reasons discussed in the section-by-section analysis further below, the CFPB concludes the ‘‘digital application’’ component of the market definition is appropriate. The CFPB already has broad supervisory oversight of the use of physical payment cards issued by the very large banks and credit unions that it supervises. However, there is a supervisory gap over the significant role that nonbank larger participants play in facilitating the use of payment cards through general-use digital consumer payment applications. As described above, consumer adoption of generaluse digital consumer payment applications is very high, indicating that consumers often prefer them to physical cards. Indeed, in some cases, such as at the time of origination or card replacement, a nonbank’s general-use digital consumer payment application may be the only way for the consumer to use the payment card.134 The Final Rule will fill this gap, which will promote consistent enforcement of Federal consumer financial law.135 Other Regulators’ Existing Oversight Authority With regard to comments on existing oversight of market participants, the CFPB agrees with the comment from the group of State attorneys general that stated that the rule would help existing regulatory oversight efforts in the market and would allow for increased coordination between Federal and State authorities to prevent unlawful conduct. The Bureau agrees that the existing regulatory oversight framework governing general-use digital consumer payment applications is important, but the Bureau believes that establishing its supervisory authority as part of this framework would better promote compliance with and consistent enforcement of Federal consumer 134 PULSE, PULSE Debit Issuer Study (Aug. 8, 2024) at 9–10 (reporting that all surveyed issuers report provisioning debit cards to digital wallets, that 38 percent of debit cards are loaded into digital wallets, and that digital issuance of debit cards directly to such wallets is the top new capability that debit card issuers plan to introduce with 50 percent of issuers planning to add this service), https://content.pulsenetwork.com/2024-debitissuer-study/2024-pulse-debit-issuer-study (last visited Nov. 7, 2024). 135 With respect to what the commenter referred to as food delivery applications and automobile purchase applications, for the reasons discussed in the section-by-section analysis of the exclusion for certain merchant and marketplace payment activities in paragraph (C) of the definition of ‘‘consumer payment transaction,’’ the CFPB believes those are part of a distinct market. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations financial law and help it to detect risks to consumers and the market. The CFPB disagrees with the industry association comment suggesting that the CFPB must determine whether the market covered by the rule is inadequately supervised before issuing a larger participant rule; no such requirement appears in the text of the CFPA.136 The CFPB accounts for existing oversight when evaluating how to exercise its supervisory authority pursuant to CFPA section 1024(b)(2). Specifically, the CFPB takes seriously its inter-governmental coordination obligations, described below, and believes that they will promote coordination and minimize regulatory burden in connection with the CFPB’s exercise of its supervisory authority over larger participants in this market and the existing regulatory oversight structure at the Federal and State levels. For example, as required by the CFPA and explained in the Proposed Rule, the CFPB coordinates its examination activity, including at nonbanks, with State regulators.137 One purpose of this coordination is to prevent duplication and unnecessary regulatory burden. That coordination will address commenter concerns regarding CFPB oversight of larger participants that may engage in market activity that is subject to State money transmitter laws. In addition, industry comments often recognized that providers of passthrough payment wallets that do not hold or receive funds generally are not engaged in money transmission under State laws, and thus are not subject to State-level supervision. The CFPB also disagrees with industry comments suggesting that this rule establishing CFPB authority to supervise larger participants in this market will create CFPB supervisory activities that are unnecessarily duplicative or burdensome vis-à-vis oversight activities by the FTC and prudential regulators. Congress has 136 See, e.g., 12 U.S.C. 5514(a)(1)(B), (a)(2). FR 80197 at 80198 n.12. See also 12 U.S.C. 5514(b)(2)(D) (CFPB shall exercise its supervisory authority under 12 U.S.C. 5514(b)(1) in a manner designed to ensure that such exercise takes into consideration, among other things, the extent to which supervised nonbanks are subject to oversight by State authorities for consumer protection); 12 U.S.C. 5514(b)(3) (CFPB coordination of supervisory activities with States); Int’l Money Transfer Larger Participant Rule, 79 FR 56631 at 56632, 56638, 56643 (explaining how the Bureau will coordinate with appropriate State regulatory authorities and will consider the extent of State supervisory activity when prioritizing individual examinations.); 2013 CFPB-State Supervisory Coordination Framework (May 7, 2013) (describing process for CFPB-State coordination under information-sharing memorandum of understanding), https:// files.consumerfinance.gov/f/201305_cfpb_statesupervisory-coordination-framework.pdf (last visited Nov. 8, 2024). khammond on DSK9W7S144PROD with RULES2 137 88 VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 adopted mechanisms to prevent unnecessarily duplicative or burdensome CFPB supervisory activities in cases where the FTC may exercise enforcement authority or prudential regulators may exercise supervisory authority over larger participants.138 Among other things, the CFPB coordinates across its functions with the FTC, which does not have a supervisory tool.139 In addition, the CFPA provides that the CFPB has exclusive authority with respect to the prudential regulators to supervise larger participants for purposes of assuring compliance with Federal consumer financial law.140 Also, consistent with the requirements of CFPA section 1024(b)(3), the CFPB coordinates with prudential regulators to minimize the duplication and regulatory burden of supervisory activity pursuant to memoranda of understanding, including where appropriate at nonbank larger participants.141 Moreover, as discussed 138 Such supervisory authority may exist, for example, where (as noted by the industry commenter) prudential regulators may examine certain nonbank service providers to banks under authorities such as the Bank Service Company Act. See generally 12 U.S.C. 1861–67. 139 The CFPB coordinates with the FTC consistent with its obligations under the CFPA, including 12 U.S.C. 5514(c)(3) and 5581(b)(5). See CFPB–FTC Memorandum of Understanding (Feb. 25, 2019) (section VII describing how CFPB coordinates its supervision and examination activities with the FTC), https://files.consumerfinance.gov/f/ documents/cfpb_ftc_memo-of-understanding_201902.pdf (last visited Nov. 8, 2024). 140 12 U.S.C. 5514(c), (d) (describing the extent to which CFPB supervisory and enforcement authorities are exclusive with respect to nonbank covered persons described in CFPA section 1024(a)(1)). See also CFPA section 1025(b)(1) (similarly providing that the CFPB has exclusive authority to supervise very large depository institutions and their affiliates for the purposes listed therein, including assessing compliance with the requirements of Federal consumer financial laws). 141 See 12 U.S.C. 5514(b)(3) (‘‘To minimize regulatory burden, the Bureau shall coordinate its supervisory activities with the supervisory activities conducted by prudential regulators . . . including establishing their respective schedules for examining persons described in subsection (a)(1) [of CFPA section 1024] and requirements regarding reports to be submitted by such persons.’’). See, e.g., CFPB, Board of Gov. of Fed. Rsv. System, FDIC, NCUA, and OCC Memorandum of Understanding (MOU) on Supervisory Coordination (May 16, 2012) at 2 (noting how CFPA sections 1024(b)(3)–(4) and 1025(b)(2) require the CFPB to ‘‘coordinate its supervisory activities with the supervisory activities conducted by the Prudential Regulators, including consultation regarding their respective schedules for examining Covered Institutions and requirements regarding reports to be submitted by Covered Institutions.’’), https://files.consumer finance.gov/f/201206_CFPB_MOU_Supervisory_ Coordination.pdf (last visited Nov. 7, 2024); see also id. (listing objectives of the MOU, including ‘‘[a]void[ing] unnecessary duplication of effort’’ and ‘‘[m]inimiz[ing] unnecessary regulatory burden’’); id. at 8 (‘‘The CFPB and Prudential Regulators will coordinate in connection with examinations that PO 00000 Frm 00019 Fmt 4701 Sfmt 4700 99599 above, nonbank larger participants engage in substantial volumes of market activity with interconnection across the U.S. financial system. CFPB supervision of nonbank larger participants can assess compliance with the requirements of Federal consumer financial law across their various market activities, which involve interactions with banks and credit unions overseen by various Federal prudential regulators. Thus, CFPB oversight of larger participants can ensure consistent enforcement of Federal consumer financial law and complement the oversight of the Federal prudential regulators. CFPB’s Existing Enforcement and Market-Monitoring Authorities The CFPB disagrees with those industry commenters suggesting that it cannot use its larger participant rulemaking authority to establish supervisory authority in this market due to the existence of the CFPB’s enforcement and market-monitoring authorities. The CFPA identifies supervision of nonbank covered persons under CFPA section 1024 as a primary function of the CFPB.142 Sections 1024(a)(1)(B) and (2) of the CFPA specifically empower the CFPB to prescribe larger participant rules for the purpose of authorizing CFPB supervision, and those provisions contain no requirement that a larger participant rule consider the adequacy of the CFPB’s other authorities or functions.143 Given the statutory scheme in the CFPA, any larger participant rule will generally apply to nonbank covered persons that also are subject to the CFPB’s market-monitoring and enforcement authorities. These comments thus appear to reflect, in large part, a policy disagreement with Congress’s decision to give the CFPB the ability to supervise nonbank larger participants of markets for consumer financial products and services it defines by rule in addition to its other authorities. Further, as the Proposed Rule noted and as also discussed above, supervision can serve an important function that is distinct from and complementary to enforcement and relate to Covered Supervisory Activities of Covered Institutions’ Service providers’’). 142 See 12 U.S.C. 5511(c)(4) (listing supervision of covered persons, including nonbank covered persons, as one of the CFPB’s ‘‘primary functions’’). 143 By contrast, in allocating its supervisory resources under CFPA section 1024(b)(2) the CFPB considers, among other things, ‘‘the extent to which such institutions are subject to oversight by State authorities for consumer protection.’’ 12 U.S.C. 5514(b)(2)(D). E:\FR\FM\10DER2.SGM 10DER2 99600 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations market monitoring.144 For example, supervision can benefit consumers and providers by detecting compliance problems early, at a point when correcting the problems would be relatively inexpensive and before many (or many more) consumers have been harmed.145 In addition, the CFPB conducts its supervisory activities not only for the purposes of assessing compliance with the requirements of Federal consumer financial law, but also for purposes of obtaining information about the person’s activities and compliance systems or procedures and detecting and assessing risks to consumers and markets. These latter two purposes of its supervisory activities generally are distinct from its enforcement activities, which focus on addressing violations of Federal consumer financial law.146 In addition to promoting compliance in their own right, those activities also help to inform CFPB decisions regarding when to initiate enforcement activity. Similarly, CFPB supervisory and examination activity at individual firms can inform how the CFPB conducts market-wide monitoring. The CFPB’s market monitoring function also can support decisions about when to initiate supervisory activity. For example, under CFPA section 1022(c)(1), the CFPB may use its market monitoring to support its functions, including to inform its prioritization of its nonbank supervision examination activities at larger participants.147 The Final Rule Does Not Implicate the ‘‘Major Questions’’ Doctrine The CFPB disagrees with comments stating that the Rule implicates the ‘‘major questions’’ doctrine, which is reserved for ‘‘extraordinary cases’’ in which the ‘‘history and the breadth of the authority that the agency has asserted’’ and the vast ‘‘economic and political significance’’ of the assertion of authority by the agency ‘‘provide a reason to hesitate before concluding that Congress meant to confer such authority.’’ 148 As noted above, the Final Rule does not impose any new substantive consumer protection 144 88 FR 80197 at 80212–13. also CFPB Supervision Director, What new supervised institutions need to know about working with the CFPB (Jan. 9, 2023) (‘‘Supervisory activities may help entities identify issues before they become systemic or cause significant harm.’’), https://www.consumerfinance.gov/about-us/blog/ what-new-supervised-institutions-need-to-knowabout-working-with-the-cfpb/ (last visited Nov. 7, 2024). 146 12 U.S.C. 5511(c)(4). 147 See 12 U.S.C. 5512(c)(1). 148 W. Virginia v. EPA, 597 U.S. 697, 721 (2022) (cleaned up). khammond on DSK9W7S144PROD with RULES2 145 See VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 requirements on larger participants. Because general-use digital consumer payment applications are consumer financial products and services as defined in the CFPA,149 the CFPB already has enforcement authority, market-monitoring authority, and rulemaking authority with respect to nonbank covered persons participating in the market for general-use digital consumer payment applications. Whether or not the CFPB may exercise one additional form of authority— supervision—over a group of larger participants in that market is not a question of vast economic and political significance in the sense recognized by courts.150 In this regard, the CFPB notes that one nonprofit commenter confuses the overall dollar value of transactions through digital wallets (which the commentator estimates at almost $1 trillion) with the economic impact of this larger participant rulemaking, which is of course vastly smaller.151 CFPB Examinations of Larger Participants With respect to comments on the statement in the Proposed Rule noting that the CFPB’s supervisory authority is not limited to the consumer financial products or services that qualified a person for supervision, the CFPB clarifies it is not relying on that position as a rationale for the Final Rule or as authority for issuing the Final Rule, and that the CFPB would finalize the market definition, market-related definitions, and larger-participant test as currently formulated in this Final Rule irrespective of the existence of that position.152 149 See nn.241–42 infra (noting explanation in Proposed Rule, 88 FR 80197 at 80205 nn.64–65). 150 Cf., e.g., Biden v. Nebraska, 143 S. Ct. 2355, 2373–74 (2023) (citing an estimate that the agency’s action would ‘‘cost taxpayers between ‘$469 billion and $519 billion’ ’’ and that it implicated a ‘‘matter of earnest and profound debate across the country’’). 151 Similarly, the CFPB’s statements in press materials cited by the commenter do not suggest that this rulemaking would have a vast economic impact. The costs and benefits of this rulemaking are further discussed below. The CFPB also disagrees with the commenter that section 1024(a)(1)(B) would need to refer specifically to ‘‘digital wallets’’ to authorize this rulemaking. By that logic, there could be no larger participant rulemakings because section 1024(a)(1)(B) refers to markets for ‘‘other consumer financial products or services’’ without expressly identifying particular consumer financial products and services. 152 Nonetheless, the CFPB notes that it explained the basis for this interpretation in its first larger participant rulemaking, for the consumer reporting market, where it noted that the ‘‘Dodd-Frank Act authorizes the Bureau to supervise ‘covered person[s]’ described in 12 U.S.C. 5514(a)(1)(A) through (E)[ ]’’ and that supervision of certain other activities of such persons ‘‘is consistent with the purposes that the Dodd-Frank Act sets out for the PO 00000 Frm 00020 Fmt 4701 Sfmt 4700 109(a)(1) Market Definition—Providing a General-Use Digital Consumer Payment Application Proposed Rule Proposed § 1090.109(a)(1) would have described the market for consumer financial products or services covered by the Proposed Rule as encompassing ‘‘providing a general-use digital consumer payment application.’’ The term would have been defined as providing a covered payment functionality through a digital application for consumers’ general use in making consumer payment transaction(s). This term incorporated other terms defined in proposed § 1090.109(a)(2): ‘‘consumer payment transaction(s),’’ ‘‘covered payment functionality,’’ ‘‘digital application,’’ and ‘‘general use.’’ The term ‘‘covered payment functionality’’ would have included a ‘‘funds transfer functionality’’ and a ‘‘wallet functionality,’’ terms which proposed § 1090.109(a)(2) also would have defined.153 The Proposed Rule sought comment on all aspects of the proposed market definition, including whether the market definition in proposed § 1090.109(a)(1) or the market-related definitions in proposed § 1090.109(a)(2), discussed in the section-by-section analysis below, should be expanded, narrowed, or otherwise modified. Comments Received Several commenters addressed the proposed market definition overall. The Final Rule summarizes those comments in this section-by-section analysis of the market definition in § 1090.109(a)(1). In addition, some comments addressed certain specific defined terms used in the market definition or called for Bureau’s supervisory activities’’ set forth in 12 U.S.C. 5514(b)(1). See 77 FR 42874 at 42880; see also 12 U.S.C. 5514(a)(1)(B) (providing that ‘‘this section shall apply to any covered person’’ that is a nonbank ‘‘larger participant of a market for other consumer financial products or services’’ as defined by rule); 12 U.S.C. 5514(b)(1) (providing that ‘‘[t]he Bureau shall require reports and conduct examinations on a periodic basis of persons described in [12 U.S.C. 5514(a)(1)] for’’ certain listed purposes). The CFPB disagrees with certain commenters’ suggestion that the reference to ‘‘relevant product markets and geographic markets’’ in the provision describing the operation of the CFPB’s risk-based supervision program (12 U.S.C. 5514(b)(2)) was intended to impliedly limit the scope of the CFPB’s supervisory authority under 12 U.S.C. 5514(a)(1) and (b)(1) to only the consumer financial products and services described in the larger participant rule. The CFPB also disagrees that this interpretation implicates the major questions doctrine for reasons discussed above in the CFPB’s response to other comments about that doctrine. 153 The term ‘‘consumer payment transaction(s)’’ also would have incorporated another term— ‘‘State,’’ which proposed § 1090.109(a)(2) would have defined. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations certain exclusions or additions to the market by modifying those defined terms. The Final Rule summarizes and responds to those comments in the section-by-section analysis of the market-related definitions in § 1090.109(a)(2) below. As discussed above, some commenters expressed support for the Proposed Rule to establish supervisory authority over the market that includes funds transfer apps and wallet functionalities with general use that nonbank covered persons provide to consumers through digital applications. For example, as described above, a group of State attorneys general stated that the CFPB’s supervisory oversight of larger participants in this market would help to promote compliance with Federal consumer financial law and to detect and assess risks posed by this emerging financial market and market participants. Banking and credit union associations, as well as a payment network and nonprofit, also supported CFPB supervisory oversight of larger participants in the proposed market, as described in the summary of general comments above. As also described above, consumer group comments also were supportive of the scope of the market activities defined in the Proposed Rule, while calling for certain scope expansions, as discussed further below. In addition, an industry association expressed general support for the proposal to define a market that allows the CFPB to oversee entities with varied business models. Other commenters disagreed with the approach to market definition in the Proposed Rule. For example, some industry commenters stated that larger participant rules must apply antitrust law market definition principles because, in their view, the statutory provision in CFPA section 1024(a)(1)(B) authorizing CFPB rules to define larger participants of ‘‘a market’’ incorporates those principles. Some of these commenters did not provide a legal basis for this view. Others, such as three industry trade associations, cited Congress’ use of the phrase ‘‘relevant product markets’’ in an adjacent provision, CFPA section 1024(b)(2), and suggested that the term ‘‘market’’ in section 1024(a)(1)(B) is implicitly limited by the phrase ‘‘relevant product market.’’ 154 They further suggested that 154 Section 1024(b)(2) calls for the CFPB to exercise its authority in CFPA section 1024(b)(1) to require reports and examinations of nonbank covered persons described in CFPA section 1024(a)(1) ‘‘in a manner designed to ensure that such exercise . . . is based on the assessment by the Bureau of the risks posed to consumers in the relevant product markets and geographic markets,’’ VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 the terms ‘‘market’’ and ‘‘relevant product market’’ should be understood to incorporate antitrust case law discussing the boundaries of a market for purposes of evaluating the viability of an antitrust claim, including cases holding that a group of products are in the same market under antitrust law if they are reasonably interchangeable by consumers for the same purposes.155 Two of these industry associations also stated that Congress included the requirement in CFPA section 1024(a)(2) that the CFPB consult with the FTC prior to issuing a larger participant rule because of the FTC’s role in enforcing Federal antitrust laws.156 These commenters therefore concluded that a larger participant rule must define ‘‘a market’’ that qualifies as a ‘‘relevant product market’’ within the meaning of antitrust law.157 Those commenters and several other comments from industry, nonprofits, and Members of Congress also disagreed with the proposed market on the grounds that it was overbroad, conflating several markets into one. For example, a comment from Members of Congress stated that in their view, the proposal sought to cover different markets such as peer-to-peer services, stored value accounts, neobanking, merchant payment processing, and payment credential management.158 In addition, some industry associations stated that the proposed market would not qualify as a valid market because it groups together four different types of activities that, in their view, are not economic substitutes. They stated that these activities function in different ways and meet different needs and use cases. They described four of these activities as follows: (1) drawing from a stored balance held by the company; (2) routing funds held in a third-party bank account for transmission to a recipient; (3) charging or offering a payment method for consumer purchases in a manner that is excluded from State and taking into consideration certain factors further specified in CFPA section 1024(b)(2). 155 See, e.g., United States v. E.I. du Pont de Nemours & Co., 351 U.S. 377, 395 (1956). One commenter also cited a European regulation in support of its position. 156 The summary and response to comments regarding the FTC consultation process is included in part IV above. 157 Two of the industry associations also indicated that the Proposed Rule did not do so because antitrust law market definition requires examining the factors that influence consumer choices, and the Proposed Rule did not discuss those factors. 158 However, as discussed above, the market is not based on providing a stored value account. And as discussed below under ‘‘covered payment functionality,’’ the market definition generally does not apply to merchant payment processors. PO 00000 Frm 00021 Fmt 4701 Sfmt 4700 99601 money transmitter regulations; 159 and (4) storing and transmitting payment credentials without participating in the flow of funds from the consumer to the recipient. They also stated that digital applications for person-to-person transfers and digital applications for processing payments for merchants are different and present different risks of consumer harm. Because these activities in their view constitute separate markets, they stated that the Proposed Rule deviated without justification from previous larger participant rules that did not encompass multiple markets.160 More broadly, an industry association also stated that the market includes ‘‘P2P’’ and digital wallet functionalities that, in their view, are not reasonably interchangeable because they provide ‘‘similar’’ but ‘‘differentiated’’ services to consumers. Another industry association stated that consumers rely on funds transfer functionalities and wallet functionalities in different ways, and that these functionalities sometimes, but not always, may be interrelated. They stated that the CFPB should do a ‘‘piecewise analysis’’ of these functionalities, separately analyzing how consumers rely upon them. They stated that wallet functionalities initiate funds transfers but are subject to Regulation E only when they store funds. They suggested that the Proposed Rule did not establish a purpose for including wallet functionalities in the market when they do not store funds. An industry firm and two nonprofits suggested that wallet functionalities that do not store funds instead facilitate consumers’ payments for purchases from merchants by storing and transmitting payment credentials for accounts held at third-party financial institutions the CFPB already supervises. They described that activity as part of a separate market from the other payment functionalities included in the proposed market. They stated that the CFPB’s proposal to include such wallet functionalities in the proposed market does not reflect the sensitivity the CFPB has shown to differences among other consumer financial products and services, such as consumer reporting, consumer debt collection, and student loan servicing, by covering them in separate larger 159 They added that State money transmitter regulation excludes this activity because, in their view, the activity poses low risks. 160 As an example, they cited the international money transfer larger participant rule in which the CFPB declined to include the domestic money transfer market. E:\FR\FM\10DER2.SGM 10DER2 99602 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations participant rulemakings defining separate markets.161 A nonprofit commenter described the proposed market as being composed of multiple sectors, including the first three groups of activities listed by the industry association comments described above, as well as what they described as fully online fintech firms such as ‘‘neobanks’’ and money transmitters. In its view, consumers interact with these products differently and rely on them for different purposes, and each presents different consumer harms. khammond on DSK9W7S144PROD with RULES2 Response to Comments Received As an initial matter, the CFPB disagrees with some industry commenters’ novel suggestion that larger participant rules must define a market that would qualify as a market under antitrust law. In the CFPB’s international money transfer larger participant rulemaking, large providers of international money transfers urged the CFPB to take the opposite position— i.e., to state that larger participant rules do not define ‘‘markets’’ for purposes of antitrust law. In response, the CFPB so clarified.162 Having carefully considered commenters’ arguments, the Final Rule maintains the position announced in the international money transfer larger participant rule for several reasons. As explained below, the market definition in the Final Rule fits within a more general understanding of the term ‘‘market’’ reflected in CFPA section 1024(a), which does not require application of antitrust law. First, commenters have not identified any language in CFPA section 1024, or any 161 This commenter and another industry association suggested this approach was inconsistent with how a previous larger participant rule engaged in ‘‘tailor[ing]’’ of the rule. 78 FR 73383 at 73397. However, the quoted portion of the previous rule addressed the tailoring of the largerparticipant test to the market at hand, which was not the subject of the comments described here. 162 See Comment on proposed international money transfer larger participant rule by Dolex Dollar Express, Inc., MoneyGram Payment Systems, Inc., RIA Financial Services, Sigue Corporation, and Western Union Financial Services, Inc. (April 1, 2014) (2014 Industry Comment Letter) at 5 (‘‘[T]he term ‘market’ for purposes of defining a larger participant should not be used in the absence of cautionary language to make clear that the term is not reflective of a Bureau determination of ‘market’ for antitrust purposes.’’), https:// www.regulations.gov/comment/CFPB-2014-00030014 (last visited Nov. 7, 2024); CFPB, Final International Money Transfer Larger Participant Rule, 79 FR 56631 at 56635 n.43 (stating in response to comment that in its larger participant rulemakings ‘‘[t]he Bureau neither defines markets for purposes of antitrust law, nor intends the market definition in this Final Rule to be used for any purpose other than determining larger-participant status’’). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 legislative history, that expressly refers to antitrust statutes, antitrust caselaw, or antitrust concepts of a market such as substitutability and reasonable interchangeability. Instead, the commenters’ argument depends on an attenuated and unpersuasive argument that (1) reads the term ‘‘market’’ in section 1024(a)(1)(B) as being implicitly limited by the phrase ‘‘relevant product market’’ in a separate provision, section 1024(b)(2); and then (2) further suggests that the phrase ‘‘relevant product market’’ in section 1024(b)(2) was meant to implicitly import antitrust concepts of substitutability and reasonable interchangeability into the CFPB’s larger participant rulemakings under section 1024(a)(1)(B). Second, section 1024(a)(1)(B) gives authority to the CFPB to define by rule a larger participant of ‘‘a market for other consumer financial products or services[.]’’ 163 That phrasing is meaningful because CFPA section 1024(a) enumerates, in paragraphs (A), (D), and (E) three categories of consumer financial products and services over which the CFPB has supervisory authority. Legislative history suggests that Congress understood each to be a separate ‘‘market’’ in a general sense.164 The first category encompasses an array of different services that broadly relate to mortgage loans (the ‘‘origination, brokerage, or servicing of [mortgage] loans’’ and also ‘‘loan modification and foreclosures relief services in connection with such loans’’).165 Another category is ‘‘private education loans,’’ which are generally understood to be part of a broader market for educational financing that also includes Federal student loans.166 The third 163 12 U.S.C. 5514(a)(1)(B). Senate Report to the CFPA describes the ‘‘mortgage market’’ that is the subject of CFPA section 1024(a)(1)(A) as ‘‘consist[ing] of more than 25,000 lenders, servicers, brokers, and loan modification firms that would be subject to Bureau supervision and enforcement.’’ S. Rep. 111–176 (Apr. 30, 2010) at 163. 165 12 U.S.C. 5514(a)(1)(A); see, e.g., CPFB, Final Rule, Mortgage Servicing Rules Under the Real Estate Settlement Procedures Act (Regulation X), 78 FR 10696, 10699 (Feb. 14, 2013) (providing an overview of the ‘‘mortgage servicing market’’ within the context of the ‘‘mortgage market’’ that is ‘‘broader’’). 166 12 U.S.C. 5514(a)(1)(D); see, e.g., CFPB, Final Rule, Defining Larger Participants of the Student Loan Servicing Market, 78 FR 73383, 73385 (Dec. 6, 2013) (‘‘[t]he student loan servicing market is comprised of entities that service Federal and private student loans that have been disbursed to pay for post-secondary education expenses’’); Kelly D. Edmiston, Lara Brooks, and Steven Shepelwich, Fed. Rsv. Bk. of Kansas City Research Working Paper 12–05, ‘‘Student Loans: Overview and Issues (Update)’’ (Aug. 2012 rv. Apr. 2013) at 4 (‘‘The student loan market is made up of federal and ‘private’ student loans. Federal student loans are those that are listed under Title IV of the Higher 164 The PO 00000 Frm 00022 Fmt 4701 Sfmt 4700 category is ‘‘payday loans,’’ which are understood to compete with other types of higher-cost credit such as title loans and installment loans.167 These categories thus do not describe consumer financial products and services that correspond to the strict antitrust conception of a market, which undercuts the suggestion that the term ‘‘market’’ in section 1024(a)(1)(B) should be understood to implicitly incorporate antitrust concepts.168 Third, the purpose of defining a ‘‘relevant product market’’ under antitrust law is to determine whether a firm can exert monopoly power in a market and thereby profit from supra-competitive pricing.169 Market power and the analysis of it generally is the domain of antitrust law, not the Federal consumer financial law over which the CFPB has authority. Commenters have not presented any persuasive reason why Congress would have wanted the terms Education Act. Private student loans are those made by depository and non-depository financial institutions (banks) and non-profit lenders (states).’’), https://www.kansascityfed.org/ documents/5428/rwp12-05edmistonbrooks shepelwich.pdf (last visited Nov. 7, 2024). 167 12 U.S.C. 5514(a)(1)(E); see, e.g., CFPB, Final Rule, Payday, Vehicle Title, and Certain High-Cost Installment Loans, 82 FR 54472, 54475 (Nov. 17, 2017) (referring to payday loans as part of a ‘‘broader set of liquidity loan products that also includes certain higher-cost longer-term installment loans’’ that are sometimes referred to as ‘‘payday installment loans’’); NCUA, Final Rule, Payday Alternative Loans, 84 FR 51942 (Oct. 1, 2019) (authorizing credit unions to originate certain higher-cost installment loans with a term of up to 12 months to compete with payday loans). 168 Similarly, larger participant rulemakings only apply to nonbank covered persons, and not to insured depository institutions, insured credit unions, and certain of their affiliates that may compete with nonbanks (and that may be subject to CFPB supervision under section 1025 or certain CFPB supervisory activities described under section 1026). See 12 U.S.C. 5514(a)(3)(A). If Congress had intended larger participant rulemakings to define a market for antitrust purposes, it presumably would have expressly accounted for how insured depository institutions, insured credit unions, and certain of their affiliates participate in such markets too. 169 See, e.g., Thomas G. Krattenmaker, Robert H. Lande, Steven C. Salop, Monopoly Power and Market Power in Antitrust Law, 76 Geo. L.J. 241, 255 (1987) (noting that ‘‘antitrust law now requires proof of actual or likely market power or monopoly power to establish most types of antitrust violations’’ and ‘‘market power and market definition are closely related, because a relevant market is that group of firms that significantly constrains each other’s pricing and output decisions.’’), https://www.justice.gov/archives/atr/ monopoly-power-and-market-power-antitrust-law (last visited Nov. 7, 2024); Louis Kaplow, On the Relevance of Market Power, 130 Harv. L. Rev. 1303, 1304 n.1 & 1366 (2017) (noting that ‘‘[i]t is familiar that market power is a prerequisite for most types of competition law violations[,]’’ listing different violations that depend on establishing market power, and noting how the ‘‘relevant market’’ is the frame of reference for assessing whether a firm has monopoly power for purposes of a Sherman Act violation). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations ‘‘market’’ and ‘‘relevant product market’’ in section 1024 to be limited by reference to antitrust laws that the CFPB does not enforce and that do not concern the CFPB’s supervisory function. In addition, the CFPB disagrees with comments suggesting that the FTC consultation requirement in section 1024(a)(2) compels the conclusion that the term ‘‘market’’ should be interpreted by reference to antitrust law.170 The commenters cite no legislative history or other evidence supporting their position, and the provision itself does not reference the FTC’s competition mission or its Bureau of Competition. The FTC also has a consumer protection mission 171 and it has certain overlapping authority with the CFPB over nonbanks that provide consumer financial products and services, which generally would include nonbanks that qualify for supervision as a larger participant.172 Given that overlap, the CFPA includes various provisions requiring the CFPB to coordinate or consult with the FTC.173 In that context, there is little reason to interpret the consultation requirement in section 1024(a)(2) as reflecting an unstated Congressional intention that the term ‘‘market’’ be interpreted by reference to antitrust law.174 More generally, the CFPB agrees with the comments that expressed support for the proposed market definition as describing a set of activities that most consumers in the United States regularly rely upon to conduct a significant portion of their everyday payments. These everyday financial transactions involve making payments to multiple unaffiliated persons, as described further below in the section170 See 12 U.S.C. 5514(a)(2). e.g., What the FTC Does, https:// www.ftc.gov/news-events/media-resources/what-ftcdoes (last visited Nov. 7, 2024) (noting ‘‘the Agency’s two primary missions: protecting competition and protecting consumers’’). 172 12 U.S.C. 5581(b)(5)(A) (transferring FTC’s authority to prescribe rules under an enumerated consumer law to the CFPB, but not its enforcement authority). 173 See, e.g., 12 U.S.C. 5514(c)(3) (requiring CFPB and FTC agreement for coordinating on enforcement actions regarding nonbanks subject to its supervisory authority); 12 U.S.C. 5581(b)(5)(D) (requiring coordination between CFPB and FTC in certain rulemakings ‘‘that apply to a covered person or service provider with respect to the offering or provision of consumer financial products and services[.]’’). 174 In addition, it is not necessary to define an antitrust market for the rule to help the CFPB to ensure consistent enforcement of Federal consumer financial law between nonbanks and depository institutions in order to promote fair competition. For the reasons discussed in the response to general comments above, the CFPB concludes the Final Rule would serve that purpose based on the market it defines. khammond on DSK9W7S144PROD with RULES2 171 See, VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 by-section analysis of the revised definition of ‘‘general use’’ adopted in the Final Rule. The universe of potential recipients for consumer payment transactions can vary from one generaluse digital consumer payment application to another. Some peer-topeer payment applications facilitate payments to multiple consumers. Others facilitate payments to multiple unaffiliated merchants. As discussed further below, the general trend in the market is to facilitate payments to some combination of both. That is, many of the well-known market participants bundle together different payment methods for consumers to make payments to friends, family, and merchants. Depending on the market participant and which payment method the consumer selects, the general-use digital consumer payment application provider may hold the funds used to make a payment or they may be held by a thirdparty financial institution. Regardless of who holds the funds used for a payment, market participants share the common activity of facilitating consumer payments transactions by providing payments data processing products and services to consumers through digital applications.175 In light of these considerations, and as further discussed below, the Final Rule reasonably defines a market that comfortably fits within the parameters Congress set for markets in CFPA section 1024(a)(a)(1)(B).176 175 See also discussion under ‘‘covered payment functionality’’ of comments seeking exclusion of nonbanks providing payment services in partnership with banks. Some market activity such as that of P2P payment apps often consists of consumer financial products and services that rely upon both funds transmitting and payments data processing, while other types of market activity, such as pass-through payment wallets, may be more limited to payments data processing. As the CFPB recently explained in another rulemaking, CFPA section 1002(15)(A)(vii) encompasses activity that ‘‘extends beyond payment processing to broadly include other forms of financial data processing, including where the financial data are processed in connection with other financial or non-financial products and services.’’ 88 FR 74796, 74842 (Oct. 31, 2023) (proposed rule); see also 89 FR 90838 at 90955 (same point in final rule). Providing payments data processing in connection with funds transmitting is simply one example of this. See also CFPA section 1002(5)(A) (defining a ‘‘consumer financial product or service’’ as including a financial product or service that is described in ‘‘one or more categories under’’ CFPA section 1002(15)). 176 Contrary to the suggestion of some commenters, grouping activities that are in some ways different into a single market is not a departure from previous larger participant rulemakings. See 77 FR 42874 at 42886 (consumer reporting larger participant rule concluding that ‘‘resellers, national credit repositories, specialty consumer reporting agencies, analyzers, and others engaged in consumer reporting activities as defined PO 00000 Frm 00023 Fmt 4701 Sfmt 4700 99603 The CFPB disagrees with the conclusions by some industry and nonprofit commenters that the proposed market does not describe a valid ‘‘market’’ for purposes of CFPA section 1024(a)(1)(B).177 That includes industry comments suggesting that the CFPB cannot reasonably define a single market that encompasses consumer financial products and services that facilitate digital payments with different purposes, such as payments to friends and family and payments for purchases. Similarly, the CFPB disagrees with comments suggesting that it cannot reasonably define a market that encompasses the facilitation of consumer payments using different payment methods or accounts, such as stored value accounts held with the market participant, third-party banak accounts, and payment cards issued by third party financial institutions such as debit cards and credit cards. These comments appear to rely on an unduly narrow view of the meaning of the term ‘‘market’’ in the CFPA, which as discussed above in response to antitrustrelated comments Congress used in a more general sense. To that end, the Final Rule reasonably defines a market that comports with the range of ‘‘markets’’ in subsections (A), (D), and (E) of section 1024(a)(1) that Congress appears to have referenced in using the term ‘‘other markets’’ in section 1024(a)(1)(B). In addition, these comments ignored or did not adequately account for how often companies provide a single general-use digital payment application with covered payment functionalities that facilitate consumer payment transactions with either purpose (to pay friends and family and to make purchases), often offering multiple payment methods for transactions with either purpose. In the CFPB’s experience and expertise, informed by its market monitoring and other activities, well-known market participants increasingly provide in the final rule are properly included in a single market’’ because ‘‘[t]hese different types of firms all participate in the process of preparing consumer financial information for use in decisions regarding consumer financial products or services’’); 77 FR 9592 at 9598 (Feb. 17, 2012) (discussing difficulty separating business models of third-party debt collectors, debt buyers, and collection attorneys because ‘‘[s]ome third-party debt collectors also buy debt, and debt buyers may utilize in-house or thirdparty collectors. Similarly, collection attorneys and law firms may, in addition to representing debt owners, buy debt and collect on their own behalf.’’). 177 To the extent commenters criticized the proposed market as invalid based on its limitation to payment functionalities provided through ‘‘digital applications’’ with ‘‘general use,’’ the Final Rule discusses those comments in the section-bysection analysis of those defined terms below. E:\FR\FM\10DER2.SGM 10DER2 99604 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 general-use digital consumer payment applications that bundle together options to make payments for these different purposes and payment methods, often in a manner that appears seamless to the consumer as described below. This assessment, focusing on the commonality across market participants’ activities, also is consistent with market research described in the Proposed Rule and discussed further below, and even some industry associations’ own presentation of these activities in other settings.178 Many well-known market participants bundle offerings of both peer-to-peer (P2P) and payments for purchases— sometimes in a formal and explicit manner, other times less so. Comments from several Members of Congress highlighted the degree to which sole proprietors and other small businesses rely on market participants to accept payments. While larger merchants may accept these payments by entering into formal merchant acceptance agreements, small businesses such as sole proprietors may simply enroll their bank account in a P2P payment service to receive funds from consumers.179 As 178 This trend predates 2024. See, e.g., Testimony of Scott Talbott, Sr. Vice President of Government Affairs, Electronic Transactions Association (ETA), House Cmttee. on Fin. Servs, Serial No. 117–82 (Apr. 28, 2022) at 52 (‘‘Digital wallets can be defined broadly to include mobile and other online applications that allow users to process payments, access account information, and pay for services. Digital wallets provide users with access to stored payment credentials, which may include a credit or debit card, bank account, or, less commonly, a prepaid or gift card linked to the phone or app. This technology has gained popularity with consumers as a safe and convenient way to transmit funds in multiple settings, including for online purchases, payments at brick-and-mortar retailers, and personto-business (i.e., bill pay) and P2P transfers. The concept of the digital wallet has been swiftly embraced by the public due to its ease of use. The user just has to download and register a mobile wallet on his or her phone.’’), https:// www.congress.gov/117/chrg/CHRG-117hhrg47649/ CHRG-117hhrg47649.pdf (last visited Nov. 7, 2024). 179 One government report estimated that in tax year 2017, three P2P apps alone filed U.S. tax reports (at a reporting threshold of $20,000) disclosing nearly $200 billion in payments to businesses through those platforms. Treasury Inspector General For Tax Administration, The Internal Revenue Service Faces Challenges in Addressing the Growth of Peer-to-Peer Payment Application Use, Report No. 2021–30–022 (Apr. 22, 2021) at 6 (Figure 3), https://www.tigta.gov/sites/ default/files/reports/2022-07/202130022fr_4.pdf (last visited Nov. 7, 2024). In some contexts, the bundling of the two types of payments has been so seamless that the payment apps themselves have not been able to effectively disentangle personal payments from purchases. See 26 U.S.C. 6050W (‘‘Returns relating to payments made in settlement of payment card and third party network transactions’’); IR–2023–221 (Nov. 21, 2023) (describing phase-in transition years where reporting not required unless payees receive over $20,000 for more than 200 transactions in tax year 2023, and more than $5,000 for tax year 2024), https://www.irs.gov/newsroom/irs-announces- VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 the Proposed Rule noted, by 2022, an industry report found that 82 percent of small business merchants surveyed accepted at least one P2P payment option.180 Research by a major payment network similarly describes how small and medium businesses are paid not only through ‘‘mobile wallets’’ but also through ‘‘mobile payment apps.’’ 181 Moreover, recent market research found that nearly half of U.S. consumers surveyed reported using a P2P app for purposes such as making purchases with payment cards and bill pay functions. The report concluded that ‘‘P2P apps are at an inflection point, transitioning from single-purpose apps to additional, more robust, and oftenbundled product features.’’ 182 delay-in-form-1099-k-reporting-threshold-for-thirdparty-platform-payments-in-2023-plans-for-athreshold-of-5000-for-2024-to-phase-inimplementation (last visited Oct. 24, 2024). 180 TSG: Merchants Offering P2P Payments (reporting results of TSG and Electronic Transactions Association survey of over 500 small businesses merchants), cited in Proposed Rule at n.30. For example, some of these apps began by offering only P2P payments focused on paying friends and family, but then leveraged that feature to gain formal merchant acceptance. See, e.g., eBay, eBay Launches Venmo as a Payment Option, a Continued Push to Expand Ways to Pay and Invest in Digital Natives (June 13, 2024), https:// www.ebayinc.com/stories/news/ebay-launchesvenmo-as-a-payment-option-a-continued-push-toexpand-ways-to-pay-and-invest-in-digital-natives (last visited Nov. 7, 2024); James Pothen, Cash App exec hints at Square integration (June 3, 2024), https://www.paymentsdive.com/news/square-cashapp-pos-p2p-block-jack-dorsey-retail-point-of-salestrategy/717753/ (last visited Nov. 7, 2024). 181 VISA Global Back to Business Study (7th ed. 2023) (describing multinational survey of plans for digital payment option acceptance by small and micro businesses (SMBs) including in the United States indicating 55 percent of SMBs planned to accept ‘‘mobile payment apps’’ in 2023 and 50 percent planned to accept ‘‘mobile wallets’’), https://usa.visa.com/content/dam/VCOM/blogs/ visa-back-to-business-7-one-pager-september2023.pdf (last visited Nov. 7, 2024). A recent Forbes survey similarly described how both ‘‘digital wallet apps’’ and ‘‘[p]eer-to-peer apps’’ are popular ways for consumers to make retail purchases. Amanda Claypool, 53% Of Americans Use Digital Wallets More Than Traditional Payment Methods: Poll (updated Aug. 25, 2023), https://www.forbes.com/ advisor/banking/digital-wallets-payment-apps/ (last visited Nov. 7, 2024). For example, Amazon, which provides Amazon Pay, also had a brief partnership with Venmo. See PYMNTS.COM, Venmo No Longer Accepted on Amazon in January (Dec. 7, 2023), https://www.pymnts.com/amazon-payments/2023/ amazon-will-discontinue-venmo-payments-injanuary/ (last visited Nov. 7, 2024). 182 Marqueta, 2024 State of Payments Report at 39, https://www.marqeta.com/state-of-payments (last visited Aug. 1, 2024). See also Press Release, Venmo Introduces the Ability to Schedule Payment Requests (Oct. 9, 2024) (reporting that ‘‘more than 84% of consumers have used a peer-to-peer service with common payments including monthly rent, utilities, and other regular living expenses[]’’ as found in a 2022 survey by Lending Tree at https:// www.lendingtree.com/personal/peer-to-peerservices-survey/ (last visited Nov. 7, 2024)), https:// newsroom.paypal-corp.com/2024-10-09-VenmoIntroduces-the-Ability-to-Schedule-Payments-andRequests (last visited Nov. 7, 2024). PO 00000 Frm 00024 Fmt 4701 Sfmt 4700 Meanwhile, as suggested by comments from consumer groups, other digital wallets gained market share by offering formal merchant acceptance but then began to promote a P2P payment feature.183 For example, as consumer group commenters pointed out, PayPal, which initially grew as a payment functionality for merchants selling goods and services through an affiliated company’s online marketplace, has long since graduated to offering a broader range of services including peer-to-peer payments.184 In addition, the most recent Federal Government diary and survey on consumer payment choice results continue to illustrate how mobile app/ online payment accounts generally are understood as supporting both ‘‘purchases and person-to-person payments[.]’’ 185 That project groups together nonbank payment apps such as PayPal, Venmo, Apple Pay, Google Pay, Cash App, and Samsung Pay under the 183 Apple, New features come to Apple services this fall (June 11, 2024) (describing new ‘‘Tap to Cash’’ feature that can be used with existing Apple Cash stored value product), https:// www.apple.com/newsroom/2024/06/new-featurescome-to-apple-services-this-fall/ (last visited Nov. 7, 2024); Business Wire, VISA Reinvents the Card, Unveils New Products for Digital Age (May 15, 2024) (provider of Click-to-Pay ecommerce wallet describing new mobile device app-based feature for VISA cards ‘‘Tap to P2P (person-to-person): Allows money to be sent between family and friends’’), https://www.businesswire.com/news/home/ 20240515563838/en/ (last visited Nov. 7, 2024). 184 Compare PayPal, Inc. Form S–1 (Sept. 28, 2001) at 5 (‘‘We depend on online auction transactions for a significant percentage of our payment volume.’’), https://www.sec.gov/Archives/ edgar/data/1103415/000091205701533855/ a2059025zs-1.htm, with eBay Press Release, eBay Inc. Board Approves Completion of eBay and PayPal Separation (June 26, 2015), https:// www.ebayinc.com/stories/news/ebay-inc-boardapproves-completion-of-ebay-and-paypalseparation/ (last visited Nov. 7, 2024) & PayPal, Send money to just about anyone, anywhere (website FAQ describing how consumers can use the PayPal app to ‘‘[s]end money online to friends and family in the US’’), https://www.paypal.com/ us/digital-wallet/send-receive-money/send-money (last visited Nov. 7, 2024). See also PayPal Holdings, Inc. Form 10–K (Feb. 2, 2024) (PayPal 2023 10–K) at 8 (‘‘Our Venmo digital wallet in the U.S. is a leading mobile application used to move money between our customers and to make purchases at select merchants.’’), https:// www.sec.gov/Archives/edgar/data/1633917/ 000163391724000024/pypl-20231231.htm. 185 Berhan Bayeh, Emily Cubides & Shaun O’Brien, Fed. Rsv. Fin. Svcs. FedCash Services, 2024 Findings from the Diary of Consumer Payment Choice (May 2024) (2024 Diary Findings) at 5–6 (Figure 3 grouping together ‘‘purchases and P2P payments’’ and describing growth in proportion made ‘‘online or remotely’’ versus ‘‘in-person’’), https://www.frbservices.org/binaries/content/assets/ crsocms/news/research/2024-diary-of-consumerpayment-choice.pdf (last visited Nov. 7, 2024). The Proposed Rule noted how the Federal Government publishes the results of an annual diary and survey on consumer payment choice. 88 FR 80197 at 80200 n.25 (citing report on 2022 diary and survey by Federal Reserve System staff). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 common heading ‘‘online payment accounts.’’ 186 Other surveys, market research, and even a foreign regulator similarly refer collectively to both uses—payments to other consumers and payments for purchases.187 186 2023 Survey and Diary of Consumer Payment Choice Tables (table 1 reporting survey results indicating that 71.8 percent of U.S. consumers adopted online payment accounts as of 2023), https://www.atlantafed.org/-/media/documents/ banking/consumer-payments/survey-diaryconsumer-payment-choice/2023/tables_ dcpc2023.pdf (last visited Nov. 7, 2024). That survey also reported that ‘‘[s]even in 10 consumers made at least one payment using a phone or tablet in the 12 months ending October 2023.’’ Kevin Foster, Claire Greene & Joanna Stavins, Fed. Rsv. Bk. of Atlanta Research Data Report No. 24–1, 2023 Survey and Diary of Consumer Payment Choice: Summary Results (June 3, 2024) at 16–17 (‘‘On average, 13 mobile payments per consumer were reported’’ for October 2023, of which ‘‘10 were for purchases, two for bills, and one to pay another person’’), https://www.atlantafed.org/-/media/ documents/banking/consumer-payments/surveydiary-consumer-payment-choice/2023/sdcpc_2023_ report.pdf (last visited Nov. 7, 2024). 187 See, e.g., Claire Greene, Fumiko Hayashi, Alicia Lloro, Oz Shy, Joanna Stavins & Ying Lei Toh, Defining Households That Are Underserved in Digital Payment Services, Fed. Rsv. Bk. of Atlanta Research Data Report No. 24–3 (Sept. 9, 2024), sec. 3.1 (describing a ‘‘(sub)component of financial inclusion relating to digital payments (a subset of payments), which we term digital payments inclusion. Digital payments are payments made through a digital device or channel, such as electronic fund transfer (for example, automated clearing house [ACH] and instant payments); debit, prepaid, or credit card; closed-loop online payment services offered by online payment service providers (for example, PayPal and Cash App); and cryptocurrency transfer.’’), table 1 (describing examples of digital payments with wide acceptance by merchants, billers, and individuals), https:// www.atlantafed.org/-/media/documents/banking/ consumer-payments/research-data-reports/2024/ 10/10/03--defining-households-that-areunderserved-in-digital-payment-services.pdf (last visited Nov. 7, 2024); Pengfei Han & Zhu Wang, Technology Adoption and Leapfrogging: Racing for Mobile Payments, Fed. Rsv. Bk. of Richmond Working Paper No. 21–05R (Mar. 2021 rev. May 1, 2024) (Racing for Mobile Payments) at 6 (‘‘Following Crowe et al. (2010), we define a mobile payment to be a money payment made for a product or service through a mobile phone, regardless of whether the phone actually accesses the mobile network to make the payment. Mobile payment technology can also be used to send money from person to person.’’), https://www.richmondfed.org/ -/media/RichmondFedOrg/publications/research/ working_papers/2021/wp21-05r.pdf (last visited Nov. 7, 2024); U.S. Dept. of Treasury, Assessing the Impact of New Entrant Non-bank Firms on Competition in Consumer Finance Markets (Nov. 2022) at 13 (‘‘New entrant non-bank firms offer digital applications to make payments online and through mobile devices that have expanded accessibility for consumers. These payments firms generally provide a front-end digital user interface for consumers to make payments to other parties (other consumers or, increasingly, businesses) on the same platform.’’), https://home.treasury.gov/ system/files/136/Assessing-the-Impact-of-NewEntrant-Nonbank-Firms.pdf (last visited Nov. 7, 2024); Pew Research Center, Who Uses Mobile Payments? (May 26, 2016) at 1 (defining ‘‘[m]obile payment users’’ as ‘‘consumers who have made an online or point-of-sale purchase, paid a bill, or sent or received money using a Web browser, text message, or app on a smartphone’’), https:// VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 In addition, commenters claiming that the rule encompassed multiple markets rather than a single market did not provide evidence regarding consumer understanding to support their claims. By contrast, through its experience and expertise developed through its market monitoring and other activities, the CFPB has seen that several well-known general-use digital consumer payment applications engage in many of the activities industry commenters characterized as distinct markets. For example, when consumers open what some describe as a peer-to-peer payment app, now they often may access a screen to send money to other persons they identify, whether consumers or businesses.188 In addition, market participants often design their generaluse digital consumer payment application so that a single screen can display all available methods for making www.pewtrusts.org/-/media/assets/2016/05/who_ uses_mobile_payments.pdf (last visited Nov. 7, 2024); Pew Research Center, Are Americans Embracing Mobile Payments? (Oct. 3, 2019) at 3 (defining ‘‘mobile payment’’ and ‘‘mobile payment apps’’ in similarly broad manner), https:// www.pewtrusts.org/-/media/assets/2019/10/ mobilepayments_brief_final.pdf (last visited Nov. 7, 2024); U.K. Payment Systems Regulator & Financial Conduct Authority, Call for Information: Big tech and digital wallets, Doc. CP24/9 (July 2024), sec. 2.1–2.3 (‘‘Digital wallets can be defined as apps, software or online services that allow consumers to make payments, quickly and conveniently, using mobile phones or other electronic devices . . . . Some digital wallets facilitate retail transactions, others allow peer-to-peer payments, and others do both . . . . Digital wallets can be either ‘staged’ [by holding funds] or ‘pass-through’ [because they do not hold funds themselves but instead allow users to make payments from a payment card] . . . . While the features and functionality of digital wallets vary, in general terms, they offer consumers a quick and convenient way to make payments.’’), https://psr.org.uk/media/yqinyhhn/cp24-9-cfidigital-wallets-july-2024-v2.pdf (last visited Nov. 7, 2024). 188 See, e.g., Venmo, Show some local love: Pay businesses—like your favorite neighborhood spots— the same easy way you pay friends on Venmo (describing how consumer can use a merchant’s Venmo QR code to identify the merchant as a payment recipient), https://venmo.com/pay/ businesses/ (last visited Nov. 7, 2024); Venmo, Adding & Removing Friends (describing how consumers can use QR codes from other consumers to identify them as recipients), https:// help.venmo.com/hc/en-us/articles/217532217Adding-Removing-Friends (last visited Nov. 7, 2024); Block Investor Day 2022, Cash App at 8 (stating that Cash App ‘‘started with peer-to-peer payments’’) & at 71 (showing screenshot of how a consumer can add a business account to receive payments), https://s29.q4cdn.com/628966176/files/ doc_presentations/2022/05/Cash-App-BlockInvestor-Day-2022.pdf (last visited Nov. 7, 2024). Other payment apps also bundle money transfers to individual consumers and bill pay functionalities. See, e.g., Western Union, Send and Track Money Online (U.S. consumer home page describing how a consumer can use the Western Union app to ‘‘[s]end money, pay bills, check exchange rates, or start a transfer in the app and pay in-store-all on the go.’’), https://www.westernunion.com/us/en/ home.html (last visited Nov. 7, 2024). PO 00000 Frm 00025 Fmt 4701 Sfmt 4700 99605 a given payment, including prepaid accounts, debit cards linked to deposit accounts, and credit cards, whether issued by the digital application provider or by third-party financial institutions.189 The CFPB therefore declines to differentiate the market in ways suggested by industry commenters that do not align with the more seamless, undifferentiated common user experience that well-known market participants themselves create for consumers. Even when firms choose to discontinue offering payments to other consumers,190 or have not yet enabled that capability in the United States,191 their general-use digital payment applications still comprise part of the overall market described in the Final Rule, which includes but is not limited to digitally facilitating consumer payment transactions for purchases. Final Rule For the reasons described in this Final Rule, including the CFPB’s consideration of and responses to the comments on the Proposed Rule, the CFPB concludes that the set of activities covered by the market definition in the Final Rule, all of which digitally facilitate consumer payment transactions to multiple unaffiliated persons, regardless of the payment method, source, or account used to fund the payment, reasonably describes a market for purposes of CFPA section 1024(a)(1)(B). In addition, the Final Rule makes several revisions to marketrelated definitions as described in the section-by-section analysis of § 1090.109(a)(2) below. Because the 189 See, e.g., Apple, Wallet Carry one thing. Everything (consumer-facing website showing screenshot of Apple Wallet displaying payment methods including a Discover credit card, an Apple Cash prepaid account card, and an Apple MasterCard), https://www.apple.com/wallet/ (last visited Nov. 7, 2024); PayPal, Add. Pay. Earn. Smile (consumer-facing website showing screenshot of PayPal payment method screen where consumer can ‘‘[u]se your bank or cards to pay or send money’’), https://www.paypal.com/us/digitalwallet/ways-to-pay/add-payment-method (last visited Nov. 7, 2024). 190 See, e.g., Google, Simplifying our payment apps in the U.S. (Feb. 22, 2024) (announcing that effective June 4, 2024, the U.S. version of the Goole Pay app will no longer be available to send money to other consumers but that consumers can continue to use Google Pay to check out online and to tap-to-pay in stores), https://blog.google/ products/google-pay/payment-apps-update/ ?sjid=232731559998132243-NA (last visited Nov. 7, 2024). 191 See Amazon, Unified Payment Interface (UPI) FAQs (describing how consumers in India can use the Amazon Pay Unified Payment Interface to send money to other consumers), https:// www.amazon.in/gp/help/customer/ display.html?nodeId=202212990 (last visited Nov. 7, 2024). E:\FR\FM\10DER2.SGM 10DER2 99606 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations market definition incorporates those defined terms, those revisions also affect the scope of the market the Final Rule defines. 109(a)(2) Market-Related Definitions Proposed § 1090.109(a)(2) would have defined several terms that are relevant to the proposed market definition described above. Below the CPFB summarizes and responds to comments on each proposed definition and describes changes to these definitions in the Final Rule, which also numbers each definition for clarity. Consumer Payment Transaction(s) khammond on DSK9W7S144PROD with RULES2 Proposed Rule The proposed market definition would have encompassed providing covered payment functionalities through a digital application for a consumer’s general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would have defined the term ‘‘consumer payment transactions’’ to mean the transfer of funds by or on behalf of a consumer physically located in a State to another person primarily for personal, family, or household purposes.192 The proposed definition would have clarified that, except for transactions excluded under paragraphs (A) through (D), the term applies to transfers of consumer funds and transfers made by extending consumer credit. Paragraphs (A) through (D) of the proposed definition would have excluded the following four types of transactions: (A) An international money transfer as defined in § 1090.107(a) of this part; (B) A transfer of funds that is (1) linked to the consumer’s receipt of a different form of funds, such as a transaction for foreign exchange as defined in 12 U.S.C. 5481(16), or (2) that is excluded from the definition of ‘‘electronic fund transfer’’ under § 1005.3(c)(4) of this chapter; (C) A payment transaction conducted by a person for the sale or lease of goods or services that a consumer selected from an online or physical store or marketplace operated prominently in the name or such person or its affiliated company; and (D) An extension of consumer credit that is made using a digital application 192 The Proposed Rule would have defined the term ‘‘consumer payment transaction’’ for purposes of the Proposed Rule. Payment transactions that are excluded from, or otherwise do not meet, the definition of ‘‘consumer payment transaction’’ in the Proposed Rule would not have been covered by the market definition in the Proposed Rule. However, persons facilitating those transactions may still have been subject to other aspects of the CFPB’s authorities besides its larger participant supervisory authority established by the Proposed Rule. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 provided by the person who is extending the credit or that person’s affiliated company.193 The first component of the proposed definition of ‘‘consumer payment transaction’’ was that the payment transaction must result in a transfer of funds by or on behalf of the consumer. This component therefore would have focused on the sending of a payment, and not on the receipt. The proposed definition would have encompassed a consumer’s transfer of their own funds—such as funds held in a linked deposit account or in a stored value account. It also would have encompassed a creditor’s transfer of funds to another person on behalf of the consumer as part of a consumer credit transaction.194 For example, a nonbank’s wallet functionality may hold a credit card account or payment credential that a consumer uses to obtain an extension of credit from an unaffiliated depository institution. If the consumer uses the digital wallet functionality to purchase nonfinancial goods or services using such a credit card, the credit card issuing bank may settle the transaction by transferring funds to the merchant’s bank for further transfer to the merchant, and a charge may appear on the consumer’s credit card account. That transfer of funds may have constituted part of a consumer payment transaction under the Proposed Rule regardless of whether it is an electronic fund transfer subject to Regulation E.195 The CFPA did not include a specific definition for the term ‘‘funds’’ used in the Proposed Rule. As the Proposed Rule explained, that term is used in various provisions of the CFPA, including in section 1002(15)(A)(iv), which defines the term ‘‘financial product or service’’ to include ‘‘engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer.’’ 196 Without fully addressing the scope of that term, the Proposed Rule interpreted the term 193 Subpart A of the CFPB’s existing largerparticipant rule includes a definition of ‘‘affiliated company’’ that would have applied to the use of that term in the Proposed Rule. See 12 CFR 1090.101. 194 In certain circumstances, consumer credit transactions would have been excluded from the proposed definition of ‘‘consumer payment transaction,’’ for example as described in the exclusion in proposed paragraph (D) discussed below. 195 See also generally § 1005.12(a) (describing relationship between Regulation E and other laws including the Truth in Lending Act and its implementing regulation, Regulation Z). 196 12 U.S.C. 5481(15)(A)(iv). PO 00000 Frm 00026 Fmt 4701 Sfmt 4700 ‘‘funds’’ in the CFPA to not be limited to fiat currency or legal tender, and to include digital assets that have monetary value and are readily useable for financial purposes, including as a medium of exchange, such as cryptoassets, which are sometimes referred to as virtual currency.197 The second component of the proposed definition of ‘‘consumer payment transaction’’ was that the consumer must be physically located in a State, a term the proposal would have defined by reference to jurisdictions that are part of the United States as discussed in the section-by-section analysis below. The CFPB requested comment on this limitation. The third component of the proposed definition of ‘‘consumer payment transaction’’ was that the funds transfer must be made to another person besides the consumer. For example, the other person could be another consumer, a business, or some other type of entity. This component would have distinguished the proposed market for general-use digital payment applications that facilitate payments consumers make to other persons from adjacent but distinct markets that include other consumer financial products and services, including the activities of taking deposits; selling, providing, or issuing of stored value; and extending consumer credit by transferring funds directly to the consumer. For example, this component of the proposed definition would have excluded transfers between a consumer’s own deposit accounts, transfers between a consumer deposit account and the same consumer’s stored value account held at another financial institution, such as loading or redemptions, as well as a consumer’s withdrawals from their own deposit account such as by an automated teller machine (ATM). The fourth component of the proposed definition of ‘‘consumer payment transaction’’ is that the funds transfer must be primarily for personal, family, or household purposes.198 As a 197 See generally U.S. Treas. Fin. Stability Oversight Council, Report on Digital Asset Financial Stability Risks and Regulation (Oct. 3, 2022) at 7 (‘‘For this report, the term ‘digital assets’ refers to two categories of products: ‘central bank digital currencies’ (CBDCs) and ‘crypto-assets.’ This report largely focuses on crypto-assets. Cryptoassets are a private sector digital asset that depends primarily on cryptography and distributed ledger or similar technology. For this report, the term cryptoassets encompasses many assets commonly referred to as ‘coins’ or ‘tokens’ by market participants.’’), https://home.treasury.gov/system/files/261/FSOCDigital-Assets-Report-2022.pdf (last visited Oct. 23, 2023). 198 Under a relevant definition of consumer financial products and services in CFPA section 1002(5)(A), a financial product or service is a E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 result, the Proposed Rule would have defined the relevant market activity (providing a general-use digital consumer payments application) by reference to its use with respect to consumer payment transactions. Although a general-use digital consumer payment application also could help individuals to make payments that are not for personal, family, or household purposes, such as purely commercial (or business-to-business) payments, those payments would not have fallen within the proposed definition of ‘‘consumer payment transaction.’’ In addition, the proposed definition of ‘‘consumer payment transaction’’ would have excluded four types of transfers. First, paragraph (A) of the proposed definition would have excluded international money transfers as defined in § 1090.107(a). The CFPB defined larger participants in a market for international money transfers in its 2014 rule.199 In proposing this larger participant rule, the CFPB did not propose to alter the international money transfer larger participant rule. Rather, the CFPB proposed this larger participant rule to define a separate market, focused on the use of digital payment technologies to help consumers make payment transactions that are not international money transfers as defined in the international money transfer larger participant rule. Accordingly, the proposed definition of ‘‘consumer payment transaction’’ would have excluded an international money transfer as defined in § 1090.107(a). As the Proposed Rule explained, to the extent that nonbank international money transfer providers facilitate those transactions, whether through a digital application or otherwise,200 that activity remains part of the international money transfer market, and the CFPB may be able to supervise such a nonbank if it meets the larger-participant test in the international money transfer larger participant rule. Second, for clarity, paragraph (B) of the proposed definition of ‘‘consumer payment transaction’’ would have excluded a transfer of funds by a consumer (1) that is linked to the consumer’s receipt of a different form of funds, such as a transaction for foreign consumer financial product or service when it is offered or provided for use by consumers primarily for personal, family, or household purposes. 12 U.S.C. 5481(5)(A). 199 79 FR 56631. 200 See CFPB, Remittance Rule Assessment Report (Oct. 2018, rv. April 2019) at 143 (describing trends including ‘‘widespread use of mobile phones to transfer remittances and the growth of online-only providers[]’’), https://files.consumerfinance.gov/f/ documents/bcfp_remittance-rule-assessment_ report.pdf (last visited Oct. 25, 2023). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 exchange as defined in 12 U.S.C. 5481(16), or (2) that is excluded from the definition of ‘‘electronic fund transfer’’ under § 1005.3(c)(4) of this chapter. Paragraph (1) of this proposed exclusion would have clarified, for example, that the market as defined in the Proposed Rule does not include transactions consumers conduct for the purpose of exchanging one type of funds for another, such as exchanges of fiat currencies (i.e., the exchange of currency issued by the United States or of a foreign government for the currency of a different government). Paragraph (2) would have clarified that transfers of funds the primary purpose of which is the purchase or sale of a security or commodity in circumstances described in Regulation E section 3(c)(4) and its associated commentary also would not have qualified as consumer payment transactions for purposes of the Proposed Rule.201 Third, proposed paragraph (C) would have excluded a payment transaction conducted by a person for the sale or lease of goods or services that a consumer selected from an online or physical store or marketplace operated prominently in the name of such person or its affiliated company.202 This exclusion would have clarified that, when a consumer selects goods or services in a store or website operated in the merchant’s name and the consumer pays using account or payment credentials stored by the merchant who conducts the payment transaction, such a transfer of funds generally is not a consumer payment transaction included within the market defined by the Proposed Rule. This exclusion also would have clarified that when a consumer selects goods or services in an online marketplace and pays using account or payment credentials stored by the online marketplace operator or its affiliated company,203 such a transfer of 201 12 CFR 1005.3(c)(4). 12 CFR 1090.101 (definition of ‘‘affiliated company’’). 203 The Proposed Rule noted that a common industry definition of an online marketplace operator is an entity that engages in certain activities, including ‘‘[b]ring[ing] together [consumer payment card holders] and retailers on an electronic commerce website or mobile application’’ where ‘‘[i]ts name or brand is: []Displayed prominently on the website or mobile application[; ] Displayed more prominently than the name and brands of retailers using the Marketplace[; and is p]art of the mobile application name or [uniform resource locator.]’’ 88 FR 80197 at 80203 n.59 (citing VISA, Visa Core Rules and Visa Product and Service Rules (Apr. 15, 2023) (‘‘VISA Rules’’), Rule 5.3.4.1 (defining the criteria for an entity to qualify as a ‘‘Marketplace’’ for purposes of the VISA Rules), Oct. 2024 edition last updated Apr. 2023, https://usa.visa.com/dam/ 202 See PO 00000 Frm 00027 Fmt 4701 Sfmt 4700 99607 funds generally is not a consumer payment transaction included within the market defined by the Proposed Rule. For such transactions to qualify for this exclusion, the funds transfer must have been for the sale or lease of a good or service the consumer selected from a digital platform operated prominently in the name (whether entity or trade name) of an online marketplace operator or their affiliated company.204 However, this proposed exclusion would not have applied when a consumer uses a payment or account credential stored by a general-use digital consumer payment application provided by an unaffiliated person to pay for goods or services on the merchant’s website or an online marketplace. For example, when a consumer selects goods or services for purchase or lease on a website of a merchant, and then from within that website chooses an unaffiliated person’s general-use digital consumer payment application as a payment method, then proposed paragraph (C) would not have excluded the resulting consumer payment transaction. The Proposed Rule explained that the CFPB proposed this exclusion to the definition of ‘‘consumer payment transaction’’ to clarify the scope of the proposed market and to clarify which transactions count toward the proposed threshold in the larger-participant test in proposed § 1090.109(b). For example, some online marketplace operators may provide general-use digital consumer payment applications for consumers to use for the purchase or lease of goods or services the consumer selects on websites of unaffiliated merchants. Absent the proposed exclusion in paragraph (C), the providing of such a general-use digital consumer payment application could result in counting all transactions through such an application, including for goods and services the consumer selects from the online marketplace, toward the largerparticipant test threshold in proposed § 1090.109(b). Yet the Proposed Rule noted that the CFPB was not seeking to define a market or determine largerparticipant status in this rulemaking by reference to payment transactions conducted by merchants or online marketplaces through their own payment functionalities for their own sales transactions. The CFPB therefore believed it was appropriate to propose excluding the former type of payment VCOM/download/about-visa/visa-rules-public.pdf (last visited Nov. 7, 2024)). 204 The Proposed Rule noted that this aspect of the example is consistent with what some significant payments industry standards consider to be a digital marketplace. See id. E:\FR\FM\10DER2.SGM 10DER2 99608 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations transactions from the market defined in the Proposed Rule. The Proposed Rule explained how, in this regard, the scope of the proposed term ‘‘consumer payment transaction’’ is narrower than the CFPB’s authority under the CFPA, which can extend to payment transactions conducted by merchants or online marketplaces for sales through their own platforms under certain circumstances. The CFPA defines a consumer financial product or service to include ‘‘providing payments or other financial data processing products or services to a consumer by any technological means, including processing or storing financial or banking data for any payment instrument . . .’’ 205 The Proposed Rule explained that such activities generally are consumer financial products or services under the CFPA unless a narrow exclusion for financial data processing in the context of the direct sale of nonfinancial goods or services applies.206 The Proposed Rule explained that exclusion would not apply if a merchant or online marketplace’s digital consumer application stores, transmits, or otherwise processes payments or financial data for any purpose other than initiating a payments transaction by the consumer to pay the merchant or online marketplace operator for the purchase of a nonfinancial good or service sold directly by that merchant or online marketplace operator. Other purposes beyond payments for direct sales could include using or sharing such data for targeted marketing, data monetization, or research purposes. The Proposed Rule explained that the exclusion also would not apply if an online marketplace operator’s digital consumer application processes payments or other financial data associated with the consumer’s purchase of goods or services at unaffiliated online or physical stores or third-party goods or services on the operator’s online marketplace. Finally, proposed paragraph (D) would have excluded an extension of 205 12 U.S.C. 5481(15)(A)(vii). person shall not be deemed to be a covered person with respect to financial data processing solely because the person . . . is a merchant, retailer, or seller of any nonfinancial good or service who engages in financial data processing by transmitting or storing payments data about a consumer exclusively for purpose of initiating payments instructions by the consumer to pay such person for the purchase of, or to complete a commercial transaction for, such nonfinancial good or service sold directly by such person to the consumer[.]’’ 12 U.S.C. 5481(15)(A)(vii)(I). The Proposed Rule stated that this narrow exclusion is descriptive of the limited role that many merchants play in processing consumer payments or financial data. 88 FR 80197 at 80204 n.62. khammond on DSK9W7S144PROD with RULES2 206 ‘‘[A] VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 consumer credit that is made using a digital application provided by the person who is extending the credit or that person’s affiliated company. As the Proposed Rule explained, the CFPB proposed this exclusion so that the market definition does not encompass consumer lending activities by lenders through their own digital applications. In this rulemaking, the CFPB did not propose to define a market for extending consumer credit, as it did, for example, in the larger participant rule for the automobile financing market.207 As a result of this proposed exclusion, for example, a nonbank would not have been participating in the proposed market simply by providing a digital application through which it lends money to consumers to buy goods or services.208 Comments Received Some commenters addressed certain terms in the proposed definition of ‘‘consumer payment transaction’’ including, in relation to its reference to the ‘‘transfer of funds,’’ how the Proposed Rule stated that the CFPB interprets ‘‘funds’’ to include digital assets in certain circumstances, as described above. A few commenters also commented on how the Proposed Rule sought to define covered transactions based on the location of the consumer in a State. Finally, some commenters addressed certain proposed exclusions from the definition, including specifically paragraphs (C) and (D). Many of the comments on the proposed definition of ‘‘consumer payment transaction’’ related to the proposed inclusion of certain transfers of digital assets in this definition, when they transfer ‘‘funds’’ under the CFPA. Several consumer groups and a nonprofit expressed general support for including digital assets within the market definition. The nonprofit stated that the firms providing cryptocurrency products and services have been marked by a wide assortment of investor and consumer abuses. Consumer groups agreed, noting that reports coming out of 207 12 CFR 1090.108. to the extent consumer credit transactions would have fallen within the proposed definition of consumer payment transactions, this would have been because the relevant market participant engaged in covered payment-related activities beyond extending credit to the consumer. For example, a nonbank may provide a wallet functionality through a digital application that stores payment credentials for a credit card through which an unaffiliated depository institution or credit union extends consumer credit. The CFPB proposed a market definition that would have reached that nonbank covered person’s activities because their role in the transaction is to help the consumer to make a payment, not to themselves extend credit to the consumer. 208 Thus, PO 00000 Frm 00028 Fmt 4701 Sfmt 4700 the late 2022 downturn in the sector illustrated that that consumers would benefit from broader oversight, including CFPB supervision of digital assets activities involved in consumer payment transactions. They stated that such oversight could address risks consumers have faced, such as improper restrictions that distressed digital asset platforms have placed on consumers’ access to hosted digital asset wallets. The consumer groups also stated that consumers increasingly are relying on cryptocurrencies for consumer payment transactions, as industry emphasizes a long-term strategy of promoting such activity. They cited examples of a longtime, well-known market participant introducing a stablecoin expressly to facilitate consumer purchases, and another digital asset firm contracting with merchants for acceptance of crypto assets the firm holds for consumers. A banking industry association also supported the coverage of virtual currency and crypto assets, which it stated consumers use for personal, family, and household purposes, and should be regulated on par with fiat currency consistent with the ‘‘same activity, same risk, same regulation’’ principle. An individual commenter agreed that crypto asset users face significant risks, and called for the Final Rule to clarify how it applies to digital assets. On the other hand, for several reasons described below, several nonprofits, providers of digital asset products and services, and digital asset industry associations, banking industry associations, and other industry associations opposed inclusion of digital assets in the market definition. They called for exclusion of these transactions from the rule and, if warranted, a re-proposal based on addressing the various issues they described; a payment network and nonprofit added that, to facilitate regulatory certainty and transparency and avoid unintended consequences, the Final Rule should only apply to fiat currency and legal tender. They stated that the rule should accomplish that goal by limiting the interpretation of ‘‘funds.’’ 209 First, some industry commenters stated that the CFPB should not adopt this aspect of the Proposed Rule because, in their view, the CFPB has not 209 As discussed at the outset of the section-bysection analysis above, an industry association commenter also stated that if the CFPB excludes digital assets from the Final Rule, then the CFPB precludes its examination of that activity by larger participants under the Final Rule. The CFPB summarizes and responds to that comment separately above. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations conducted adequate market monitoring of digital assets activities and does not in general have data, experience, or expertise in this area sufficient to assess risk to consumers and finalize a regulation covering them. One industry commenter added that the CFPB would have benefited from issuing marketmonitoring orders to larger digital asset firms as the CFPB had done to Big Tech firms offering consumer payment applications that transfer U.S. dollars. One commenter stated that the Proposed Rule did not rely on public blockchain data from industry sources such as Elliptic, Chain Analysis, and TRM, as well as trends data published by Circle, and insufficiently disclosed any data on which it did rely. Second, several comments from industry, nonprofits, and some Members of Congress stated that the Proposed Rule did not consider the impact of covering digital assets. For example, some industry commenters stated that the Proposed Rule underestimated the number of larger participants, citing uncertainty over the rule’s application to digital assets and ineligibility for the proposed small business exclusion by small businesses in the digital assets sector that are based abroad, organized as nonprofits, or dominant in their field. Further, some industry associations, digital assets firms, and a nonprofit stated that it was uncertain which digital assets transactions would be covered because it is uncertain which are for personal, family, or household purposes. In addition, some commenters suggested that the Proposed Rule would impose significant burdens on the digital asset sector, whether due to the proposed interpretation of ‘‘funds’’ in the CFPA as including digital assets which they viewed as a change in substantive consumer protections, or to what they anticipated would be exposure to potentially arbitrary and shifting CFPB interpretations as to whether Regulation E covers digital assets.210 Finally, an industry firm stated that the Proposed Rule did not adequately consider the potential for digital asset firms to pass through costs of this rule to consumers. Some Members of Congress and an industry association added that covering digital assets would discourage competition and innovation in payments. 210 One industry association stated that the Final Rule should clarify that it does not serve as a basis for subjecting virtual currencies or other digital assets to Regulation E. Another trade association called for the CFPB to consult with stakeholders in industry, other agencies, and Congress to understand the potential implications of applying Regulation E in this context. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 In addition, many of these commenters emphasized potential impacts of what they described as the proposal’s apparent coverage of socalled ‘‘unhosted’’ or ‘‘self-hosted’’ digital asset wallets. They stated that providers of these products and services must be excluded from the rule because they are merely providing software with no ongoing customer relationship or intermediary role, no access to information about the existence, nature, or use of any digital asset held in the wallet, and no control over the use of the wallet for any purpose including to make payments.211 They added that unhosted digital asset wallets cannot block transactions, reverse transactions to correct unauthorized transfers, close accounts, or track or monetize consumer data. As such, they stated that they also do not know whether the wallet holds funds at all (even under the CFPB’s interpretation) versus other uses of distributed ledger technology including an estimated 1.8 million types of crypto assets, nonfungible tokens (NFTs), and loyalty points among others. They stated they do not know where the consumer is located for the purposes of the proposed definition of ‘‘consumer payment transaction.’’ They also stated they do not know when a transaction occurs at all much less whether it is a consumer payment transaction. They stated that the lack of provider collection of such data is a critical feature of their product from the perspective of the consumer, and that this feature reduces risk to consumers. Third, some commenters raised legal objections to including digital assets in the rulemaking or certain digital asset products and services. For example, some industry commenters disagreed generally with the proposal’s interpretation of ‘‘funds’’ as including digital assets. These commenters stated that the CFPB did not provide sufficient reasoning or evidence to support what they viewed as a change in its legal position, that the interpretation ran contrary to the statute, Congress’ understanding at the time of its enactment,212 relevant case law, and the 211 One commenter stated that an exclusion for what it called ‘‘unhosted’’ digital asset wallets would be consistent with FinCEN 2019 guidance that they described as excluding software providers of unhosted digital asset wallets from the scope of Federal money transmitter regulation. Another commenter stated that the First Amendment of the U.S. Constitution protects software code writing as speech, and that the proposed small business concern exclusion discriminated between speakers based on the size of their business, constituting speaker and viewpoint discrimination that it did not believe would survive strict constitutional scrutiny. 212 Some commenters noted that very few cryptocurrencies existed as of 2010, and noted that PO 00000 Frm 00029 Fmt 4701 Sfmt 4700 99609 ‘‘major questions’’ doctrine,213 that digital asset products and services are not part of a consumer financial products or services market because they are not provided for use by consumers primarily for personal, family, or household purposes, and that the CFPA precludes CFPB oversight over such activities overseen by the SEC or CFTC.214 Some commenters stated more specifically that the CFPB lacks authority over unhosted digital asset wallets because, for example, they function similarly to a web browser or password manager with a variety of uses beyond payments,215 they have no more power to intervene in a consumer payment transaction than an internet service provider, and these activities are eligible for the ‘‘electronic conduit services’’ exception in CFPA section 1002(15)(C)(ii). With respect to other aspects of the proposed definition of ‘‘consumer payment transaction’’ beyond the context of digital assets, two commenters addressed the part of the proposed definition of ‘‘consumer payment transaction’’ that limited the term to payments by or on behalf of a consumer ‘‘located in a State’’ in the United States as described above. A nonprofit stated that a survey indicated that the majority of its members (59 percent) did not believe that larger participants would be able to determine whether the consumer is located within a State, such as based on the consumer’s internet Protocol address at the time of a transaction. An industry association stated that this part of the proposed definition was overbroad because it extended beyond Federal consumer financial laws that the Proposed Rule identified as applicable in the market. Specifically, the commenter stated that basing market scope on the location of stablecoins were not introduced until several years later. 213 These commenters pointed to the size of digital asset activity, including an estimated $130 billion U.S. stablecoin market, as well as varied uses of digital assets and efforts in Congress to enact a legislative oversight framework. 214 In addition, a nonprofit commenter and other industry commenters stated that the CFPB should not finalize this aspect of the Proposed Rule because, in their view, it reflects inadequate coordination by the CFPB across government as called for under an executive order relating to digital assets and reflects inadequate CFPB consultation with the SEC and CFTC, which have asserted regulatory authority over digital assets. 215 This commenter added that, although the Proposed Rule did not specifically address covering unhosted digital asset wallets and thus such coverage may not have been intended, based on the interpretation of ‘‘funds’’ in the Proposed Rule, its proposed definition of ‘‘covered payment functionality’’ could be viewed as reaching them, which, as noted, would be legally impermissible in its view. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 99610 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations the consumer leads the market to include electronic fund transfers that are not covered by Regulation E, such as payments that foreign firms facilitate for foreign nationals who do not reside in the United States, including while traveling within the United States.216 They suggested that, in order to avoid being subject to a U.S. supervisory regime, foreign providers may abandon support of such foreign national customers when traveling in the United States. They also pointed to foreign providers’ provision of payment accounts located outside the United States as another example that they believed generally falls outside of Regulation E. As a result, they called for narrowing the transactions included in the market. In addition to the proposed limitation requiring that the consumer be located in a State in the United States, in their view, the definition of ‘‘consumer payment transaction’’ also should be limited to U.S. residents making payments from payment cards or stored value accounts issued by U.S. financial institutions. In their view, those additional limitations would better align the scope of the market with the scope of regulations the CFPB proposes to apply in its examination of larger participants, including Regulation E, whose scope with respect to transnational activity is described in its comment 3(a)–3. Commenters presented a range of views on the exclusion in paragraph (C) of the proposed definition of ‘‘consumer payment transaction’’ for payment transactions conducted by merchants or marketplaces for the sale or lease of goods or services the consumer selected from a store or marketplace the merchant or marketplace operates prominently in its name or the name of an affiliated company. Some commenters also addressed the statement in the Proposed Rule describing circumstances in which merchant or marketplace payment processing activities that fall outside the proposed market definition because they are excluded by paragraph (C) nonetheless may qualify as a consumer financial product or service under the CFPA. Consumer group commenters generally opposed the proposed exclusion in paragraph (C). One consumer group noted stated that certain nonbank payments companies sell consumers’ payments data, including information about how much people spend, where, and on what, as described in a 2023 report the 216 They also suggested that Regulation P may not apply to those transactions. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 commenter published and linked to in its comment.217 In their view, to the extent a marketplace collects payments data and uses it for purposes beyond completing the payment transaction, the marketplace should be brought under supervisory authority, including when ‘‘its transactions fall within its own marketplace[.]’’ Meanwhile, other consumer groups stated that marketplace payment functions can comprise a significant portion of the marketplace’s revenues, can expand into or spin off as general-use digital consumer payment apps, and also can engage in practices that the FTC has alleged to violate competition laws. A law firm commenter agreed that the rule should exclude payment transactions conducted by online marketplaces for sales through their own platforms. This commenter stated that consumers seek out online marketplace platforms for their ability to sell goods and services including primarily from third-party retailers hosted on the marketplace. It called for clarifying the definition of marketplace in proposed paragraph (C) to better achieve the CFPB’s stated goal of excluding payment transactions conducted by merchants for their own sales and payment transactions conducted by online marketplaces for sales made through their platform. As noted, the scope of the exclusion in proposed paragraph (C) would apply to marketplaces operated prominently in the name of the person that conducts the payment transaction. This commenter described this aspect of the exclusion as unduly focused on branding. It stated that different online marketplace operators have different levels of branding and name display, suggesting uncertainty about which marketplaces would have qualified under the ‘‘prominently’’ standard. To the extent that a platform did not meet the ‘‘prominently’’ standard in the Proposed Rule, in the view of this commenter, the exclusion would be arbitrary because a platform would be ineligible despite being a marketplace as defined in a Federal law administered by the FTC, despite consumers still plainly understanding it to be a marketplace, and despite the platform presenting different consumer protection concerns as the Proposed Rule recognized was the case for excluded marketplaces. For all of these reasons, it stated that the Final Rule should adopt the definition of ‘‘online 217 R.J. Cross, How Mastercard sells its ‘gold mine’ of transaction data (Sept. 30, 2023, updated June 17, 2024), https://pirg.org/edfund/resources/howmastercard-sells-data (last visited Nov. 7, 2024). PO 00000 Frm 00030 Fmt 4701 Sfmt 4700 marketplace’’ Congress adopted in the Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act (INFORM Act).218 That statute defined a marketplace based on its function, and not its level of name branding. The commenter added that, by incorporating the INFORM Act definition, the exclusion would apply both when the marketplace is paid and when a third-party seller selling through the marketplace is paid. Some industry commenters addressed whether the Rule should include consumer payment transactions consumers initiate through ‘‘buttons’’ on merchant websites. One industry association indicated that it was important for the rule to provide for universal coverage of digital wallets, including those a consumer uses by pressing a payment button a checkout screen on a merchant website. It suggested that broad coverage was important to achieve consistent supervision across providers, which promotes competition. On the other hand, some industry commenters called for adding an exclusion for what they described as express checkout options that nonbanks facilitate for third-party merchant websites and apps, including ‘‘buy buttons.’’ 219 One industry association called for the rule to clarify that payment checkout buttons are excluded from the market because they do not function generally across merchants but instead require individual merchant acceptance agreements.220 Another industry association cited research indicating that many online merchants including small businesses facilitate consumers’ purchases by offering these buttons, and suggested that the Proposed Rule was unnecessarily directing its coverage to merchant payment processing.221 218 15 U.S.C. 45f(f)(4). few industry commenters suggested that the integration of general-use digital consumer payment applications into merchant websites through payment buttons does not pose any risk to consumers, and that this type of activity should not be included in the market definition. The CFPB considers and responds to comments related to risks to consumers separately in the response to general comments above. 220 This commenter cited this fact as supporting its view that such checkout buttons do not have ‘‘general use’’—which the Final Rule discusses in the section-by-section analysis of that term further below. To ensure full consideration of all related comments, the CFPB also describes that comment here in the context of other comments regarding checkout buttons associated with general-use digital consumer payment applications provided by nonbank covered persons. 221 As discussed in the impacts analysis in parts VII and VIII, a comment from certain Members of Congress also stated that providers of general-use digital consumer payment apps could pass the cost of the rule onto merchants, including small 219 A E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 Some industry and nonprofit commenters appeared to have interpreted the statement in the preamble regarding the scope of the CFPB’s authority under CFPA section 1002(15)(A)(vii) as potentially intended to narrow or alter the scope of the exclusion in paragraph (C). For example, several Members of Congress, stated that the scope of the market definition was ambiguous because, on the one hand, the Proposed Rule excluded merchant and marketplace payment functions in circumstances described in paragraph (C), but on the other hand, the preamble of the Proposed Rule stated that the statutory exclusion in CFPA section 1002(15)(A)(vii)(I) does not apply to these functions when they use payments data for purposes beyond processing a payments transaction. Similarly, an industry association commenter suggested that, due to the proposal’s interpretation of 1002(15)(A)(vii)(I), the Proposed Rule would apply to merchants processing payments on their own behalf because retailers widely use financial data for purposes beyond processing transactions. Because it did not understand the CFPB to be seeking to cover merchants’ payment processing in this rule, it called for the CFPB to remove this interpretation from the Final Rule to ensure that its scope is focused on the general-use digital consumer payment applications that create risks to consumers that the CFPB has identified. Another industry association suggested that the interpretation appeared designed to increase CFPB scrutiny of merchants through supervision. In their view, if the CFPB exercises jurisdiction over merchants on the basis described in the interpretation above, that could make it more difficult for merchants to combat fraud, cause merchants to raise prices or reduce discounts, and cause merchants to decrease reliance on newer, competitive forms of payment. Finally, a law firm also indicated it was unclear whether the interpretation of the CFPA was intended to narrow the scope of paragraph (C). In addition to expressing uncertainty regarding its impact on the scope of paragraph (C), some industry commenters disagreed with the merchants, that accept the apps as a payment method. For the reasons explained in the impacts analysis, the CFPB does not have information to indicate that larger participants are likely to pass through a significant portion of these costs to merchants. As the impacts analyses further explain, the costs of the Final Rule are not high and, even if they were passed through, that would be spread across the very high number of merchants that accept one or more of these apps as a method of payment. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 Proposed Rule’s interpretation of the CFPB’s payments processing authority in CFPA section 1002(15)(A)(vii). In particular, they asserted that the proposal’s interpretation of the exclusion in CFPA section 1002(15)(A)(vii)(I) was invalid because it would have the result that many merchants would not satisfy the exclusion. In addition to the comments described above, comments from two industry associations stated that merchants use payments data for a variety of purposes that they described as beneficial to consumers, such as research, fraud prevention, targeted marketing of discounts, and even routing of transactions consistent with Federal Reserve Regulation II to reduce the cost of payment acceptance. Because they viewed those uses as potentially for purposes other than initiating the payment transaction, these commenters believed that merchants would almost never be eligible for the exclusion in 1002(15)(A)(vii)(I) under the CFPB’s interpretation of it. One of these commenters added that that result would contravene general intent of Congress to exclude merchants from the CFPA, including pursuant to CFPA section 1027(a). Relatedly, they stated that the proposed interpretation would harm consumers by disincentivizing merchants from engaging in all of these uses of consumer payments data. On the other hand, a consumer group supported the proposal’s interpretation of the exclusion in CFPA section 1002(15)(A)(vii)(I). This commenter stated that digital wallets collect and monetize high amounts of consumer data, including through transactions that occur on marketplaces, without oversight. Some commenters addressed the inclusion of consumer credit transactions in the proposed definition of ‘‘consumer payment transactions’’ in general, as well as the related exclusion in paragraph (D) for extensions of credit made using a digital application provided by the person extending credit or its affiliated company. With respect to the inclusion of consumer credit transactions generally, several commenters including an industry provider and two nonprofits generally recognized that pass-through payment wallets facilitate both debit card and credit card transactions (among other types of transactions). However, a nonprofit commenter disagreed with the proposal’s inclusion of a creditor’s transfer of funds in the definition of ‘‘consumer payment transaction.’’ In its view, expanding the scope of CFPB supervisory authority beyond electronic funds transfers PO 00000 Frm 00031 Fmt 4701 Sfmt 4700 99611 subject to Regulation E could lead companies to invest less in tokenization and anti-fraud technologies and could disincentivize allocation or use of credit for consumers who prefer general-use digital consumer payment applications. With respect to the proposed exclusion in paragraph (D), an industry association stated that the Final Rule should clarify that this exclusion applies to nonbanks that partner with other financial institutions to offer consumer credit products that fund consumer payment transactions. The commenter stated that in these arrangements, the nonbank may provide a consumer-facing digital application through which the consumer accesses an extension of credit made and issued by a third-party financial institution. It stated that the third-party financial institution extends credit by transferring funds directly to the consumer (which the commenter stated would not qualify as a payment by the consumer to another person). Through its mobile application, the nonbank then may facilitate the consumer’s use of those funds to make a payment. A banking trade association and a payment network stated that it was uncertain whether the proposed market included the extension of credit through what it referred to as buy-now-pay-later (BNPL) applications. It stated that the rule should provide illustrative examples of covered consumer credit products and clarify whether BNPL applications are eligible for the proposed exclusion in paragraph (D) in light of uncertainty as to whether BNPL providers are extending credit. They also stated that it was unclear why the CFPB would exclude BNPL applications, since they function similarly to other activities described in the Proposed Rule and also have grown rapidly as a means for consumers to pay for the purchase of goods and services. They stated that the CFPB should include participants in what they referred to as the BNPL market within the scope of this rule, or in a separate larger participant rulemaking. Finally, several consumer groups called for the rule to clarify whether proposed paragraph (D) applies to funds transfers by earned wage advance products and services, given that some nonbanks that provide those products and services claim not to be extending consumer credit. Response to Comments Received After considering comments on the inclusion of certain digital assets transactions in the proposed definition of ‘‘consumer payment transaction,’’ the CFPB has decided, for purposes of this E:\FR\FM\10DER2.SGM 10DER2 99612 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 Final Rule, to exclude such transactions from coverage under the Rule. The CFPB intends to continue to gather data and information regarding the nature of such transactions and the impact of digital assets transactions on consumers, and to take further action as appropriate. For example, the CFPB has considered comments from industry and others stating that some digital asset products and services, such as so-called unhosted or self-hosted wallets, may not currently be able to collect the data necessary to administer the largerparticipant test that would be applied to establish supervisory authority. Based on the limited data and information these commenters provided in their comments, the CFPB is not prepared in this Final Rule to determine whether and how to distinguish between hosted and unhosted wallets. As further discussed below, the CFPB is implementing this change by updating the larger participant threshold to only consider U.S. dollar transactions (see section-by-section analysis of ‘‘threshold’’ below). In addition, for purposes of defining what qualifies as a ‘‘consumer payment transaction’’ covered by the Final Rule, the CFPB has considered the industry association and nonprofit comments, including the survey described above, which indicate that most market participants may be more familiar with assessing where a consumer resides 222 than where the consumer is located at the time of any given consumer payment transaction (which can change from transaction to transaction, especially when consumers make payments using mobile phones). Thus, to facilitate administration of the largerparticipant test, rather than adopting the proposal to base coverage of consumer payment transactions on whether the consumer is physically located in a State at the time of the transaction, the Final Rule defines ‘‘consumer payment transactions’’ as subject to the rule based on whether the consumer is a U.S. resident, as described further below.223 222 See Reg. E, cmt. 3(a)–3 (stating that regulation E applies to all persons providing EFT services to U.S. residents through U.S.-located accounts). Regulation Z, which governs consumer credit card transactions, also links its scope to residency in a State. See Reg. Z, cmt. 1(c)–1. 223 The CFPB declines the industry association suggestion to further narrow ‘‘consumer payment transactions’’ to those that U.S. residents make (1) from a location in a State (2) using a payment card issued by a U.S. bank or a stored value account provided by a U.S. financial institution. The CFPB believes that limiting ‘‘consumer payment transactions’’ to U.S. residents will address the commenter’s concerns regarding the inadvertent coverage of foreign residents’ transactions using accounts issued by foreign institutions while traveling to the United States. The additional VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 With regard to comments on the proposed exclusion in paragraph (C) of the definition of ‘‘consumer payment transaction,’’ the CFPB agrees with the consumer group comments that online marketplaces can pose risks to consumers when they sell payments data. Nonetheless, as discussed above, the market definition does not include or exclude activities based on the level of risk they pose. In addition, the law firm commenter reasonably notes that consumers seek out marketplace platforms for the goods and services they offer, including from third-party marketplace sellers.224 In that way, consumers seek out a marketplace platform for purposes that differ from the payment-focused purposes for which they seek out a general-use digital consumer payment application. Therefore, the Final Rule treats a merchant or marketplace conducting payment transactions for sales through its own platform as distinct from the activity included in the market defined in this rule.225 The CFPB believes that it is therefore appropriate to exclude such transactions from this Final Rule in paragraph (C). Finally, with regard to the consumer group comment that marketplace operators can grow into general-use consumer payment applications, the Rule accounts for that. If those operators do expand into general-use consumer payment applications and qualify as larger participants under this rule, they will be subject to the CFPB’s supervisory authority. Regarding the definition of ‘‘marketplace’’ in proposed paragraph (C), the CFPB agrees that in some circumstances it may be complex to evaluate the level of prominence of an changes the commenter suggests are not necessary or appropriate in the context of this rule. This rulemaking is not defining a market for payment cards or stored value accounts. The market activity is not providing an ‘‘account’’; rather, it is facilitating consumer payment transactions through a general-use digital consumer payment application. Such activity can facilitate payments from accounts held by third-party financial institutions. Therefore, the nationality of the provider of the underlying account is not necessarily relevant. 224 See also FTC, Buying From an Online Marketplace (Sept. 2022) (‘‘In general, online marketplaces connect buyers and sellers.’’), https:// consumer.ftc.gov/articles/buying-onlinemarketplace (last visited Nov. 7, 2024). 225 Relatedly, the CFPB also disagrees with the law firm commenter to the extent it was suggesting that the proposed exclusion in paragraph (C) would not apply to a payment transaction conducted by an online marketplace on behalf of a third-party seller. Under the terms of the proposed exclusion, when a consumer selects goods or services from an online marketplace and the marketplace operator conducts the consumer payment transaction, that would have been excluded by paragraph (C) even if a third-party seller was involved in the sale. PO 00000 Frm 00032 Fmt 4701 Sfmt 4700 entity’s branding on a marketplace platform. As the proposal noted, major payment network rules include that standard to define a marketplace. However, it is unclear to the CFPB how administrable that standard is in that context. Accordingly, as discussed further below, the Final Rule does not adopt the proposed limitation on the exclusion related to the prominence of branding. The CFPB declines the commenter’s further suggestion that the rule expressly incorporate a definition of ‘‘marketplace’’ in the INFORM Act.226 While the CFPB believes that platforms that qualify as ‘‘online marketplaces’’ under the INFORM Act generally would qualify as marketplaces for purposes of the exclusion in paragraph (C), the INFORM Act definition is limited to online marketplaces for third party sellers of a ‘‘consumer product,’’ defined by reference to certain ‘‘tangible personal property[.]’’ 227 The Proposed Rule referred more broadly to a marketplace for sale of goods or services. And, as noted above, incorporating the INFORM Act is not necessary to ensure exclusion of marketplace platform payments to thirdparty sellers. For these reasons, the CFPB believes the language in the Proposed Rule is more appropriate in this context and expressly incorporating the definition in the INFORM Act is unnecessary. The CFPB agrees with the industry association commenter that stated that the rule should apply to general-use digital consumer payment applications on a consistent basis, including when consumers click on buttons on merchant or online marketplace websites to access general-use digital consumer payment applications provided by third parties. As the commenter suggested, covering these consumer financial products and services serves the CFPB’s statutory objective of ensuring consistent enforcement of Federal consumer financial law to promote fair competition, as discussed further above. However, in response to comments about coverage of consumer payment transactions initiated through online merchant checkout processes that rely on payment buttons, the CFPB seeks to clarify the scope of the market definition. The market consists of providing, through a digital payment application, a general-use covered payment functionality. As discussed above, some market participants have 226 15 U.S.C. 45f(f)(4). U.S.C. 45f(f)(2) (incorporating definition of ‘‘consumer product’’ in 15 U.S.C. 2301(1) and associated implementing regulations). 227 15 E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 pursued a deliberate strategy of ‘‘embedded finance,’’ through which nonbank providers of general-use digital consumer payment applications embed them into nonfinancial digital applications. Given the market reliance upon ‘‘embedded finance’’ as a way of promoting general-use digital consumer payment applications, it is reasonable for the Rule not to exclude that activity merely because it is embedded. However, that does not mean the Rule covers the merchant that embeds a payment button on its ecommerce website. When a merchant displays on its ecommerce website a payment button for an unaffiliated third-party’s general-use digital consumer payment application, the merchant is not itself providing a covered payment functionality as defined in the Rule. The CFPB understands that these buttons operate as application programming interfaces (APIs) or redirects to launch the general-use digital consumer payment application provided by the third party.228 In these circumstances, for purposes of the market definition in this Rule, the third party is providing the general-use digital consumer payment application, not the merchant. For these reasons, the CFPB disagrees with industry commenters’ suggestions that the Rule needs an exclusion for ecommerce checkout processes. Further, the CFPB does not agree that, because merchants individually agree to offer payment buttons linking to digital consumer payment applications provided by unaffiliated nonbanks, this indicates that the third party’s digital consumer payment application does not have general use. Under the Final Rule, as discussed further below, ‘‘general use’’ is based on whether the consumer can use the digital consumer payment application to pay more than one unaffiliated person. For example, the same payment button may appear on the websites of thousands of different merchants, each of which may have its own acceptance agreement with the 228 See, e.g., Lotus Lin, E-commerce APIs Introduction, Medium.com (Mar. 24, 2023) (describing how some providers of general-use digital consumer payment applications provide payment gateway APIs), https://medium.com/@ lotus.lin/e-commerce-apis-introduction29664558a3b0 (last visited Nov. 7, 2024); PYMNTS, Buy Buttons (‘‘Branded buy buttons are usually placed underneath the standard ‘buy’ or ‘pay’ button on the merchant’s checkout page and make it possible for consumers to pay for something without establishing an account with that merchant. Branded buy buttons use payment credentials that consumers have stored with the buy button brands. PayPal is the most widely accepted buy button, with Amazon Pay, Google Pay and Apple Pay also gaining acceptance in apps and online.’’), https:// www.pymnts.com/tag/buy-buttons/ (last visited Nov. 7, 2024). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 provider of the associated general-use digital consumer payment application.229 The app associated with the payment button can have general use for the consumer, who can use it to make online purchases virtually anywhere that payment button appears on an ecommerce site on the internet.230 The CFPB also seeks to clarify that the CFPB’s statement regarding the scope of its authority under CFPA section 1002(15)(A)(vii) was not intended to narrow or otherwise alter the scope of the exclusion in paragraph (C). Paragraph (C) generally excludes transactions in which a merchant or online marketplace conducts payments to itself for sales through its platform. The Proposed Rule discussed the scope of CFPA section 1002(15)(A)(vii) to clarify that the CFPA describes a 229 Merchants often accept consumers’ payments through well-known digital payment applications by agreeing to the terms and conditions imposed by the provider. One-way digital consumer payment applications gain general use is through acceptance across multiple unaffiliated merchants. See, e.g., Apple, Tap to Pay on iPhone (‘‘Before your app can enable Tap to Pay on iPhone and configure a merchant’s device, the merchant must accept the relevant terms and conditions.’’), https:// developer.apple.com/design/human-interfaceguidelines/tap-to-pay-on-iphone (last visited Nov. 7, 2024); Apple Pay Platform Web Merchant Terms at https://developer.apple.com/apple-pay/terms/ apple-pay-web/ (last visited Nov. 7, 2024); Amazon Pay, Getting started for merchants at https:// pay.amazon.com/business/getting-started (last visited Nov. 7, 2024); Google Pay API Terms of Service at https://payments.developers.google.com/ terms/sellertos (last visited Nov. 7, 2024); Meta Pay onboarding contract described at https://developers. facebook.com/docs/meta-pay/overview#onboarding (last visited Nov. 7, 2024); PayPal Developer Agreement (Mar. 21, 2022) (describing how holders of business accounts can use APIs and a PayPal Button) at https://www.paypal.com/us/legalhub/ xdeveloper-full?locale.x=en_US (last visited Nov. 7, 2024); Samsung Pay, Web Payments Integration Guide at https://developer.samsung.com/internet/ android/web-payments-integration-guide.html (last visited Nov. 7, 2024); Venmo Approved Business Account Addendum (effective date Jan. 24, 2019) at https://venmo.com/legal/us-business-addendum/ (last visited Nov. 7, 2024). In addition, a payment processor that online merchants use describes examples of digital wallets that merchants can accept through its software. See Stripe, Wallets: Learn about wallet payments with Stripe (stating that the payment processor has ‘‘created a single integration for all wallets that works across [its] products’’ and identifying numerous such payment methods it enables), https://stripe.com/docs/ payments/wallets (last visited Nov. 7, 2024). 230 With regard to industry comments that payment buttons do not pose risks to consumers, the CFPB considers the comments about risks to consumers from various types of market activity in the response to general comments above. For the reasons discussed above, this rulemaking is not the vehicle in which the CFPB must assess such risks. Rather, the CFPB takes risk into account when prioritizing entities for examination and scoping examinations. As a result, to the extent that any given larger participant’s general-use digital consumer payment application does in fact pose low risks to consumers, then the CFPB supervision program is designed to ensure they are at low risk for examination. PO 00000 Frm 00033 Fmt 4701 Sfmt 4700 99613 broader set of activities including in some circumstances those that may be excluded by paragraph (C). In other words, certain payment transactions may fall within the CFPA’s authority under the CFPA but not qualify as ‘‘consumer payment transactions’’ for purposes of this larger participant rule. In summary, the CFPB proposed the exclusion in paragraph (C) for the purpose of defining the scope of the market and not the scope of its statutory authority under CFPA section 1002(15)(A)(vii). That said, the CFPB does not share the view expressed by some industry commenters that the proposal’s discussion of the exclusion in CFPA section 1002(15)(A)(vii) was contrary to the provision’s language or would lead to results that Congress did not intend. However, the validity of this Final Rule does not depend on the correctness of the proposal’s interpretation of CFPA section 1002(15)(A)(vii) because, as noted above, the market definition does not encompass the full extent of the CFPB’s authority under that provision. Therefore, it is not necessary for the CFPB to further address comments regarding that interpretation in this Final Rule. With regard to the proposed coverage of consumer credit transactions in the definition of ‘‘consumer payment transaction,’’ as several commenters acknowledged, pass-through payment wallets commonly facilitate transactions using both debit cards and credit cards. Because market participants commonly provide digital applications that facilitate consumer payment transactions using both debit card and credit cards (among other payment methods), the Final Rule appropriately includes consumer payment transactions that use both types of payment cards in the market. The CFPB disagrees with the nonprofit commenter to the extent it was suggesting that paragraph (D) should have excluded all consumer credit transactions or that the definition of ‘‘consumer payment transaction’’ should only apply to payments made from a consumer’s asset accounts.231 Excluding all consumer credit transactions from the market would not be consistent with the way nonbanks often provide these consumer 231 Contrary to the commenter’s suggestion, by including consumer credit transactions in the definition of ‘‘consumer payment transactions,’’ the Proposed Rule would not have expanded the scope of substantive consumer protections including Regulation E. This rulemaking does not amend or modify Regulation E. As the Proposed Rule explained, a larger participant rule merely establishes supervisory authority and does not impose any new substantive consumer protection regulation. E:\FR\FM\10DER2.SGM 10DER2 99614 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 financial product and services in the market.232 In addition, the commenter did not provide support for its view that including consumer credit transactions in the definition of ‘‘consumer payment transactions’’ could create economic incentives for firms to reduce credit card lines or fraud protections. For several reasons, the CFPB disagrees with the commenter, to the extent it was suggesting that its general concerns over potential incentives warranted excluding general-use digital consumer payment applications’ facilitation of consumer credit transactions. First, the commenter did not offer a persuasive rationale for the Rule to treat consumer credit transactions that nonbanks facilitate through digital payment applications differently from payments from asset accounts, when general-use digital consumer payment applications facilitate both, as noted above. Second, the commenter did not explain why it believed that the supervisory authority the rule would establish over nonbank larger participants could disincentivize allocation or usage of revolving lines of consumer credit through general-use digital consumer payment application. Such an impact is unlikely, given that the lender’s own app-based lending activity can be excluded by paragraph (D) and the CFPB already supervises much of the lending activity in the credit card market.233 Finally, with regard to market participants’ investments in tokenization and antifraud protections, the commenter did not explain why larger participants would seek to offset the costs of CFPB examination by specifically reducing investment in anti-fraud protections or provide evidence or otherwise show that the rule would create a meaningful disincentive to engage in these activities. The CFPB believes that it is also possible that, after the Final Rule takes effect, larger participants will continue investing in such technologies 232 The Final Rule discusses other comments seeking exclusion of pass-through payment wallets in the discussion of ‘‘covered payment functionality’’ further below. 233 Proposed paragraph (D) already clarified that the market definition is not based on the activity of extending credit. Moreover, the CFPB already supervises very large insured depository institutions and insured credit unions, which issue the bulk of consumer credit cards in the United States, as well as their service providers. CFPB, The Consumer Credit Card Market (Oct. 2023), sec. 2.21 (annual CARD Act report discussing concentration in the credit card issuance market, with the top 30 issuers representing 95 percent of credit card loans in 2022, and 3,800 smaller banks and credit unions accounting for five to six percent of the market). With regard to the potential for larger participants to pass through costs of the Rule to others, the Final Rule discusses this issue in part VII below. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 as part of their efforts to avoid risks to consumers and non-compliance with Federal consumer financial law. As with the commenters’ other concerns, the CFPB does not believe that this general concern regarding potential incentives warrants excluding the facilitation of consumer credit transactions from the Final Rule. However, as the Proposed Rule explained,234 by including consumer credit transactions in the definition of ‘‘consumer payment transaction,’’ the CFPB does not seek to define this payments market in a manner that encompasses ‘‘consumer lending activities by lenders through their own digital applications.’’ In particular, the CFPB is not seeking to define a market for extending consumer credit, such as the market it defined in the larger participant rule for automobile financing originations. The CFPB therefore proposed the exclusion in paragraph (D) to maintain a distinction between payments-focused activity (included in the market) and consumer credit originations (excluded by paragraph (D)). The CFPB declines the suggestion by the industry comment to expand the scope of this market to include what it described as the buynow-pay-later market.235 For the same reason, the CFPB agrees with the industry association commenter that a nonbank should be eligible for the exclusion in paragraph (D) when it provides a digital application to initiate a consumer credit transaction and also engages in a set of activities directed at originating the extension of consumer credit, regardless of who is extending the credit (and even if a third-party financial institution such as a bank or credit union is extending the credit). Accordingly, the CFPB is clarifying paragraph (D) in the Final Rule as described below to describe additional activities integral to consumer credit originations that would be part of the eligibility criteria for the exclusion, including brokering, purchasing, or acquiring the extension of credit.236 If a 234 88 FR 80197 at 80204. 235 See also CFPB, Interpretive Rule, Truth in Lending (Regulation Z); Use of Digital User Accounts to Access Buy Now, Pay Later Loans, 89 FR 47068, 47071 (May 31, 2024) (BNPL Interpretive Rule) (discussing how BNPL providers facilitate extension of consumer credit marketed as BNPL loans). The CFPB also notes that the exclusion in paragraph (D) is not limited to extension of consumer credit by ‘‘creditors’’ as defined in TILA. 236 See, e.g., CFPB section 1002(15)(A)(i) (describing activities associated with consumer credit origination ‘‘including acquiring, purchasing, selling, brokering, or other extensions of credit[]’’); CFPB Automobile Financing Larger Participant Rule, 12 CFR 1090.108(a)(i)(4) (defining automobile financing ‘‘originations’’ as including ‘‘[p]urchases PO 00000 Frm 00034 Fmt 4701 Sfmt 4700 nonbank provides a digital application to initiate consumer credit transactions and engages in those other activities in connection with those consumer credit transactions, then the CFPB believes it generally is engaged in consumer credit origination activity, which is not the focus of this rulemaking. By excluding extensions of consumer credit in the circumstances described in paragraph (D), the Final Rule excludes the transfer of funds resulting from that extension of credit, such as a consumer’s payment to a merchant for goods and services from the funds provided by a credit card issuer. In light of the distinguishing characteristics of loan origination activities and the other reasons set forth above, the Bureau declines to include such loan origination activity in the market for which this Final Rule defines larger participants. As the Bureau has explained, this larger-participant rulemaking is only one in a series. Nothing in this Final Rule precludes the Bureau from considering in future larger-participant rulemakings other markets for consumer financial products or services that might include certain types of consumer credit origination activity. However, as revised, paragraph (D) does not exclude pass-through payment wallet functionalities that facilitate consumer payments from accounts issued by third-party financial institutions that the pass-through payment wallet functionality provider did not originate by engaging in the activities described above (such as extending, brokering, acquiring, or purchasing the extension of credit). As a result, the definition of ‘‘consumer payment transaction’’ adopted in the Final Rule still captures the general activities of pass-through payment wallets, which often facilitate consumer payment transactions, whether through funds they hold, funds they receive, or debit cards or credit cards provided by third-party financial institutions.237 The CFPB also seeks to provide clarification about the scope of or acquisitions’’ of automobile purchase loans, their refinancings, and leases). 237 This approach is consistent with other Federal consumer financial laws and their implementing regulations, which treat that activity as part of a consumer payments market. See e.g., Regulation Z, cmt. 13(a)(3)–2 (describing a ‘‘third-party payment intermediary, such as a person-to-person internet payment service, funded through the use of a consumer’s open-end credit plan[ ]’’). In light of the examples discussed in this paragraph, the CFPB does not believe changes to paragraph (D) or specification of illustrative examples in that paragraph are needed. It also is not the purpose of this Final Rule to define who is extending credit, which will depend on facts and circumstances that are beyond the scope of this rulemaking or the comments received. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations ‘‘consumer payment transactions’’ in light of the consumer groups’ comment noting that some providers of earned wage products do not treat their transactions as extensions of consumer credit, and seeking clarification of whether they qualify as ‘‘consumer payment transactions’’ included in the market. Specifically, the CFPB seeks to clarify how the proposed definition of ‘‘consumer payment transaction’’ applied to a payment by or on behalf of a consumer to another person. As explained above, ‘‘consumer payment transaction’’ for purposes of the proposed market definition did not include ‘‘transfers between a consumer’s own deposit accounts[ or] transfers between a consumer deposit account and the same consumer’s stored value account held at another financial institution, such as loading or redemptions[.]’’ 238 Consistent with that approach, the CFPB also did not intend and does not believe that earned wage products generally would be included in the market because they transfer wages belonging to or advanced on behalf of a consumer to that same consumer.239 Similarly, for clarity and administrability, the CFPB does not interpret the market definition as including payments by or on behalf of a consumer to other accounts the consumer owns or controls in which another person, such as a spouse coowner or minor child, also holds an interest.240 Final Rule For the reasons described above, the CFPB adopts the proposed definition of ‘‘consumer payment transaction’’ with four changes, as described below. First, for the reasons discussed above in the responses to comments, the Final Rule covers consumer payment transactions made by or on behalf of a consumer ‘‘who resides in’’ a State, rather than a consumer ‘‘physically located’’ in a State as stated in the Proposed Rule. As a result, when a nonbank provides a general-use digital consumer payment application to a 238 88 FR 80197 at 80203. e.g., CFPB, Data Spotlight: Developments in the Paycheck Advance Market (July 18, 2024) (‘‘Earned wage products provide workers access, before their payday, to a portion of their earned but unpaid wages or to funds that purport to equal or approximate a portion of their unpaid wages.’’), https://www.consumerfinance.gov/data-research/ research-reports/data-spotlight-developments-inthe-paycheck-advance-market/ (last visited Nov. 7, 2024). 240 For example, a payment functionality usable for an adult to transfer funds to K–12 school lunch accounts for the benefit of two or more minor children would not be included in the market because the adult transferor typically owns or controls the recipient account. khammond on DSK9W7S144PROD with RULES2 239 See, VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 person who does not reside in a State, the transactions it facilitates for that person would not be included in the market. The CFPB believes that this change will make the larger-participant test for this Final Rule more administrable because, unlike a consumer’s physical location, a consumer’s country of residence does not constantly change. Since the comments indicate that some companies may not currently collect data on consumer location at the time of making a payment, this change in the Final Rule also will avoid inadvertently creating a potential incentive for market participants to collect such data to determine larger participant status. Second, for reasons discussed above in the responses to comments, the Final Rule clarifies the exclusion in paragraph (C) for payment transactions conducted by certain merchants and marketplace operators. Specifically, the Final Rule does not adopt the proposed requirement that the marketplace be operated ‘‘prominently in the name of’’ the excluded person or its affiliated company. This change will make the larger-participant test more administrable by avoiding the need to evaluate the form or extent of name branding when evaluating which entities qualify for the exclusion, as discussed above. Third, the Final Rule modifies paragraph (C) to confirm that the Final Rule excludes a payment transaction conducted by a person for a donation to a fundraiser that a consumer selected from the person or its affiliated company’s platform. In the Proposed Rule, the CFPB did not intend to include payment platforms provided solely to facilitate donations to fundraisers. Such donation platforms would not have had ‘‘general use’’ under the proposal and therefore transactions would not have been within the scope of the proposed market. Because the Final Rule revises the definition of ‘‘general use’’ as described below to generally apply to payment functionalities that are usable to facilitate consumer payment transactions to more than one unaffiliated person, a platform that facilitates donations to multiple unaffiliated persons could be part of the market in some circumstances in the absence of another exclusion. Thus, consistent with the scope of the Proposed Rule, the Final Rule modifies the definition of ‘‘consumer payment transaction’’ to clarify that those transactions would not be in the market. Fourth, for the reasons discussed above in responses to comments, the Final Rule clarifies paragraph (D) to PO 00000 Frm 00035 Fmt 4701 Sfmt 4700 99615 exclude extensions of consumer credit initiated through a digital application that is provided by a person who is extending, brokering, acquiring, or purchasing the credit or that person’s affiliated company. As explained above, by referring to digital application-based initiations of consumer credit transactions by persons engaged in these additional activities of brokering, acquiring, or purchasing the extension of credit, the exclusion in paragraph (D) better defines a payments market in this Rule by excluding activities that are distinguishable as being part of a market for consumer credit originations. Covered Payment Functionality Proposed Rule The proposed market definition would have applied to providing covered payment functionalities through a digital application for a consumer’s general use in making payment transactions. Proposed § 1090.109(a)(2) would have defined two types of payment functionalities as covered payment functionalities: a funds transfer functionality and a wallet functionality. Proposed § 1090.109(a)(2) would have defined each of those two functionalities as described below. The CFPB requested common on each proposed definition, and whether it should be modified, and if so, how and why. A nonbank covered person would have been participating in the proposed market if its market activity includes only one of the two functionalities, or both functionalities. Similarly, a particular digital application may provide one or both functionalities. A nonbank’s level of participation in the proposed market would not have been based on which functionality is involved; rather, it would have been based on the annual covered payment transaction volume as defined in proposed § 1090.109(b). The CFPB proposed to treat these two covered payment functionalities as part of a single market for general-use digital consumer payment applications. As the Proposed Rule noted, the technological and commercial processes these two payment functionalities use to facilitate consumer payments may differ in some ways. However, consumers can use both types of covered payment functionalities for the same common purposes, such as to make payments for retail spending and sending money to friends and family. For example, a funds transfer functionality may transfer a consumer’s funds in a linked stored value account to a merchant to pay for goods or services, or to friends or E:\FR\FM\10DER2.SGM 10DER2 99616 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations family. Similarly, a wallet functionality may transmit a stored payment credential to facilitate a consumer’s payment to a merchant or to friends and family. Indeed, the same nonbank covered person may provide a digital application that encompasses both functionalities depending on the payment method a consumer chooses. For example, a nonbank covered person’s digital application may allow the consumer to access a wallet functionality to make a payment using a credit card for which a third party extends credit, or a funds transfer functionality to make a payment from a stored value account the nonbank provides. The role these two functionalities play in a single market therefore was driven by their common uses, not their specific technological and commercial processes. khammond on DSK9W7S144PROD with RULES2 (A) Funds Transfer Functionality The first payment functionality included in the definition in covered payment functionality in proposed § 1090.109(a)(2) was a funds transfer functionality. Paragraph (A) would have defined the term ‘‘funds transfer functionality’’ for the purpose of this rule to mean, in connection with a consumer payment transaction: (1) receiving funds for the purpose of transmitting them; or (2) accepting and transmitting payment instructions.241 These two types of funds transfer functionalities generally described how nonbanks help to transfer a consumer’s funds to other persons, sometimes referred to as P2P transfers. The nonbank either already holds or receives the consumer’s funds for the purpose of transferring them, or it transmits the consumers payment instructions to another person who does so. Paragraph (1), for example, would have applied to a nonbank transferring funds it holds for the consumer, such as in a stored value account, to another person for personal, 241 As stated in the Proposed Rule, 88 FR 80197 at 80205 n.64, such funds transfer services are consumer financial products or services under the CFPA. See 12 U.S.C. 5481(5)(A) (defining ‘‘consumer financial product or service’’ to mean a financial product or service ‘‘offered or provided for use by consumers primarily for personal, family, or household purposes[ ]’’). The CFPA defines a ‘‘financial product or service’’ to include ‘‘engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer[.]’’ 12 U.S.C. 5481(15)(A)(iv); see also 12 U.S.C. 5481(29) (defining ‘‘transmitting or exchanging funds’’). The CFPA also defines a ‘‘financial product or service’’ to include generally ‘‘providing payments or other financial data processing products or services to a consumer by any technological means, including processing or storing financial or banking data for any payment instrument,’’ subject to certain exceptions. 12 U.S.C. 5481(15)(A)(vii). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 family, or household purposes. Even if the nonbank providing the funds transfer functionality does not hold or receive the funds to be transferred, it generally would have qualified under paragraph (2) by transmitting the consumer’s payment instructions to the person that does hold or receive the funds for transfer. Paragraph (2), for example, would have applied to a nonbank that accepts a consumer’s instruction to send money from the consumer’s banking deposit account to another person for personal, family, or household purposes, and then transmits that instruction to other persons to accomplish the fund transfer. As the Proposed Rule noted, a common way a nonbank may engage in such activities is by acting as a third-party intermediary to initiate an electronic fund transfer through the automated clearinghouse (ACH) network. Another common way to do so noted in the Proposed Rule is to transmit the payment instructions to a partner depository institution. However, in some circumstances, a nonbank may be able to execute a consumer’s payment instructions on its own, such as by debiting the consumer’s account and crediting the account of the friend or family member, without transmitting the payment instructions to another person. In those circumstances, the nonbank generally would have been covered by paragraph (1) because, to conduct the transaction in this manner, the nonbank typically would be holding or receiving the funds being transferred. (B) Wallet Functionality The other payment functionality included in the definition in covered payment functionality in proposed § 1090.109(a)(1) was a wallet functionality. Paragraph (B) would have defined the term wallet functionality as a product or service that: (1) stores account or payment credentials, including in encrypted or tokenized form; and (2) transmits, routes, or otherwise processes such stored account or payment credentials to facilitate a consumer payment transaction.242 242 As stated in the Proposed Rule, 88 FR 80197 at 80205 n.65, the wallet functionality as described above is a consumer financial product or service under the CFPA. See 12 U.S.C. 5481(15)(A)(vii) (defining ‘‘financial product or service’’ to include ‘‘providing payments or other financial data processing products or services to a consumer by any technological means, including processing or storing financial or banking data for any payment instrument, or through any payments systems or network used for processing payments data, including payments made through an online banking system or mobile telecommunications network,’’ subject to certain exceptions); see also 12 U.S.C. 5481(5)(A) (defining ‘‘consumer financial product or service’’ to mean a financial product or PO 00000 Frm 00036 Fmt 4701 Sfmt 4700 Through this proposed definition, the proposed market would have included payment functionalities that work together first to store account or payment credentials and second, to process such data to facilitate a consumer payment transaction. As indicated above, paragraph (B)(1) of the proposed definition of ‘‘wallet functionality’’ would have clarified that ‘‘account or payment credentials’’ can take the form of encrypted or tokenized data. Storage of account or payment credentials in these forms would have satisfied the first prong of the ‘‘wallet functionality’’ definition. For example, the first prong would have been satisfied by storing an encrypted version of a payment account number or a token 243 that is specifically derived from or otherwise associated with a consumer’s payment account number. Paragraph (B)(2) of the proposed definition of ‘‘wallet functionality’’ described the types of processing of stored account or payment credentials that would have fallen within this definition. For example, consumers commonly use wallet functionalities provided through digital applications to pay for purchases of goods or services on merchant websites. To facilitate such a consumer payment transaction, a consumer financial product or service may transmit a stored payment credential to a merchant, its payment processor, or its website designed to accept payment credentials provided by the wallet functionality. This type of product or service would have been covered by paragraph (B)(2). service ‘‘offered or provided for use by consumers primarily for personal, family, or household purposes’’). 243 As the Proposed Rule noted, tokens now are often used for wallets to store a variety of payment credentials including network-branded payment cards. See, e.g., Manya Saini, Visa tokens overtake payments giant’s physical cards in circulation, Reuters.com (Aug. 24, 2022) (describing how VISA’s token service ‘‘replaces 16-digital Visa account numbers with a token that only Visa can unlock, protecting the underlying account information.’’), https://www.reuters.com/business/ finance/visa-tokens-overtake-payments-giantsphysical-cards-circulation-2022-08-24/ (last visited Oct. 23, 2023); In re Mastercard Inc., FTC Docket No. C–4795 (Complaint dated May 13, 2023) ¶¶ 24– 32 (describing how payment cards are ‘‘tokenized’’ for use digital wallets by ‘‘replacing the cardholder’s primary account number (‘PAN’) [ ] with a different number to protect the PAN during certain stages of the [ ] transaction.’’), https:// www.ftc.gov/system/files/ftc_gov/pdf/ 2010011C4795MastercardDurbinComplaint.pdf (last visited Oct. 23, 2023); American Express, American Express Tokenization Service, https:// network.americanexpress.com/globalnetwork/ products-and-services/security/tokenizationservice/ (last visited Oct. 23, 2023); Discover Digital Exchange, Powering digital payment experiences, https://www.discoverglobalnetwork.com/solutions/ technology-payment-platforms/discover-digitalexchange-ddx/ (last visited Oct. 23, 2023). E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Comments Received Some commenters supported the inclusion of the range of payment functionalities described in the proposed definition of ‘‘covered payment functionality.’’ For example, one nonprofit stated that its members surveyed generally supported the proposed definitions of ‘‘funds transfer functionality’’ and ‘‘wallet functionality’’ and that the latter adequately described digital wallets in use today. A merchant trade association stated that the market should include digital wallet offerings from nonbanks, including when offered by nonbanks through joint ventures or partnerships with banks or payment networks. In their view, if a nonbank develops and determines how the service operates, then regardless of the involvement by a bank or payment network, the CFPB should supervise the nonbank to ensure fair competition. In addition, as described at the outset of the section-bysection analysis above, other commenters including consumer groups and banking industry associations generally supported the Proposed Rule without raising concerns regarding the proposed definition of ‘‘covered payment functionality.’’ On the other hand, as discussed in the section-by-section analysis of general comments on the proposed market definition in § 1090.109(a)(1) above, several industry and nonprofit commenters stated that the Proposed Rule inappropriately grouped what they described as different markets, including funds transfer functionalities and wallet functionalities, as well as a number of subtypes of each, into a single market. The Final Rule responds to those comments above. In addition, as described below, some commenters stated that the rule should exclude certain activities from the proposed definition of ‘‘covered payment functionality.’’ These comments either sought to remove entire components of the proposed definition of ‘‘covered payment functionality,’’ to limit the scope of the term in the context of nonbank/bank partnerships, or to clarify that the term did not include what they described as business-to-business services. Some comments stated that the market definition should not include what they called payment-method or pass-through wallets captured by the proposed definition of ‘‘wallet functionality.’’ For consistency, the Final Rule refers to these products and services as pass-through payment wallets. A nonbank firm stated that the rule should exclude from the definition VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 of ‘‘wallet functionality’’ the storage and transmission of payment credentials for accounts held at or issued by third-party financial institutions (which it called a ‘‘payment method wallet’’). In its view, payment method wallets do not provide consumers access to their funds because they do not store the funds.244 It stated that supervising the nonbank provider of the payment method wallet would provide no benefit beyond existing supervision by CFPB and other Federal agencies of these third-party financial institutions, which includes supervision for compliance with protections under Regulation Z against billing errors in credit card transactions and Regulation E in debit card transactions. In support of that conclusion, it outlined its position that payment method wallets are not subject to EFTA or Regulation E because they do not issue an asset account used to make the payment and they do not provide an ‘‘access device’’ for an asset account because any stored debit card is the access device for purposes of Regulation E.245 Some industry association commenters also stated that some market participants were not financial institutions under either Regulation E or under Regulation P implementing the GLBA, and that the Proposed Rule therefore did not articulate why CFPB supervision of those firms would be beneficial or overstated its benefits.246 A law firm commenter also stated that the term ‘‘wallet functionality’’ should be removed from the market definition. It stated that, because the proposal defined ‘‘consumer payment transaction’’ as involving a transfer of funds, all such transactions will involve a ‘‘funds transfer functionality’’ that will 244 In its view, they also do not receive funds for purpose of transmitting them on behalf of the consumer because they generally agree to accept payments as an agent of the merchant. 245 Another industry association suggested that the Final Rule clarify whether the CFPB considers a mobile phone to be an access device for purposes of Regulation E. The commenter also stated that entities may face competing obligations or burdens under this larger participant rule and a personal financial data rights rule the CFPB may adopt. It stated that both rules would apply to ‘‘digital wallets’’ but, in its view, define them differently. It called for the CFPB to establish a regulatory safe harbor under which compliance with a personal financial data rights rule does not determine application of the larger participant rule, and viceversa. 246 The nonbank firm mentioned above generally stated that payment method wallets generally posed low if any risk to consumers and stated that the Proposed Rule did not establish that payment method wallets pose any special or heightened risk to consumers’ data related to GLBA/Regulation P compliance compared with other products and services not included within the market definition. In response to general comments further above, the Final Rule responds to comments about the consideration of risk in larger participant rules. PO 00000 Frm 00037 Fmt 4701 Sfmt 4700 99617 always be subject to supervision. It also viewed providers of a ‘‘wallet functionality’’ that does not hold and move funds as excluded from the scope of EFTA and Regulation E. As a result, in its view, supervision of persons providing a ‘‘wallet functionality’’ would be unnecessary, duplicative, and not responsive to the same level of risk to consumers.247 Alternatively, this commenter and another industry trade association stated that the rule should address uncertainty over potential coverage of internet browsers; the Final Rule describes and responds to those comments in more detail in the sectionby-section analysis of ‘‘digital application’’ further below. An industry association stated that the rule should narrow the proposed definition of ‘‘wallet functionality’’ by dropping the reference to storage and transmission of payment credentials that are in ‘‘tokenized form.’’ It noted that consumers’ personal identification information, such as a driver’s license, can be tokenized to create digital ‘‘identity credentials’’ that consumers can use for what it described as nonfinancial purposes such as identity verification and ‘‘commerce purposes.’’ It stated that if the rule does not remove the reference to ‘‘tokenized form’’ form, then it should clarify that term only applies to tokenization of what it called ‘‘existing’’ payment credentials. It stated that the clarification was necessary to ensure that the market definition does not cover non-financial applications of tokenization that the CFPB lacks the authority to regulate. Finally, two industry associations stated that the proposed term ‘‘wallet functionality’’ includes ‘‘pass-through digital wallets’’ that cannot legally be included in the market definition because they qualify as ‘‘electronic conduit services’’ defined in CFPA section 1002(15). They described passthrough payment wallets as holding and passing on payment information, such as card numbers, and as maintaining a record of such information. They stated that ‘‘pass-through digital wallets’’ are electronic conduit services because only data, not funds, flow through the wallet.248 247 Again, as noted above, the Final Rule summarizes and responds to comments regarding the consideration of risk to consumers at the outset of the section-by-section analysis above. 248 One of these commenters noted that certain pass-through payment wallets may participate in the flow of funds when they act as a third-party payment processor, but even in those circumstances, pass-through payment wallets should not be covered either because they, in the commenter’s view, pose low risk as evidenced by their being excluded from money transmitter laws. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 99618 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Other industry comments called for removing part of the definition of ‘‘funds transfer functionality.’’ A few industry trade associations stated that the rule should remove accepting and transmitting payment instructions from the definition of ‘‘funds transfer functionality.’’ They stated that many firms transmit payment instructions, and State money transmitter laws generally exclude this type of payment processing because, in their view, that is a lower-risk activity due the payment processor not holding or receiving funds, which instead are held at Federally-regulated financial institutions. Other industry comments called for excluding activities that do not involve the holding or receipt of funds in certain circumstances, which they generally described as posing lower risk than other market participants. An industry association and a nonbank firm stated that the rule should exclude nonbanks providing payment services in partnership with or as service providers to depository institutions. According to their description, these nonbanks typically develop, market, and provide a digital application to consumers on behalf of as and a service provider to a bank or credit union. They described the nonbank as serving solely as a service provider, regardless of whether the digital application is branded in the name of the nonbank. They stated that the nonbank provides these services solely to establish the consumer as a customer of the bank or credit union and to facilitate consumer payment transactions from accounts held by the bank or credit union either in the name of or ‘‘for benefit of’’ the consumer. They stated that the bank or credit union processes the consumer payment transactions. For example, the nonbank may receive and transmit the consumer’s payment instructions to the partner bank to transmit funds. The nonbank commenter acknowledged that covering nonbank activities that facilitate payments from accounts held by nonbanks would help align supervision of nonbanks and banks. However, in the view of these commenters, facilitating payments of funds held in accounts at partner banks or credit unions is a different activity that should not be included in the market. For example, compared to what they described as ‘‘stand-alone’’ nonbank payment applications, they stated the digital applications that nonbanks provide as partners with banks and credit unions pose lower risk to consumers due to existing Federal prudential regulators’ oversight of the VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 banks and credit unions and their thirdparty relationships.249 These commenters also stated that, in their view, excluding this type of activity from the market definition (or otherwise from the larger-participant test) would prevent duplicative Federal supervision between the CFPB and prudential banking regulators. One of these commenters also stated the exclusion would be consistent with the rule’s goal of defining the market to exclude taking of deposits.250 For example, this commenter stated that this type of activity is subject not only to the prohibition against unfair, deceptive, and abusive practices, but also to consumer protections governing deposit accounts. They also stated that, to meet the expectations of Federal prudential banking regulators, banks have extensive mechanisms for overseeing the third-party nonbanks that provide the consumer-facing or ‘‘front end’’ digital application, and that these mechanisms further reduce risks posed by these activities. Another industry association called for CFPB to make unspecified clarifications to the scope and requirements of the Proposed Rule to ensure close coordination between the CFPB and other regulators to prevent duplicative or diverging regulatory requirements of nonbanks that partner with depository institutions and credit unions. In addition, a few industry associations requested that the rule 249 These commenters also asserted that existing oversight of the depository institutions provides sufficient oversight of this type of activity; the Final Rule addresses comments regarding existing oversight above. One commenter also suggested that establishing oversight in this rulemaking would violate a memorandum of understanding between the CFPB and prudential regulators that called for the CFPB to prevent unnecessary duplication of effort. However, the comment misconstrued that memorandum of understanding. As explained further above in the discussion of comments on existing oversight, that memorandum of understanding does not seek to prevent overlapping authority; instead, where overlapping authority exists, it provides mechanisms for coordinating across agencies to minimize the types of duplication these commenters mentioned. 250 The nonbank firm also suggested that the Proposed Rule appeared to purport to establish supervisory authority over a nonbank that acts as a service provider to a bank with assets of $10 billion or less and not to a substantial number of such banks. In its view, such a service provider is subject to the exclusive supervision of a Federal banking agency, and assertion of CFPB supervisory authority over the service provider would conflict with CFPA section 1026(e), which only establishes authority over service providers to a substantial number of such banks. It stated that the CFPB may not take supervisory or enforcement action directly against such a service provider, and instead may only take certain actions specified in the CFPA related to the service provider, such as accessing the Federal prudential regulators’ reports of examination of the service provider under CFPA section 1022(c)(6)(B). PO 00000 Frm 00038 Fmt 4701 Sfmt 4700 clarify that the market definition does not include activities that they described in four different ways as business-to-business services that nonbanks provide in connection with consumer payment transactions for the purchase of goods and services. First, both commenters stated that the market definition should exclude any portions of the process or lifecycle associated with a consumer payment transaction that involve exclusively business-tobusiness transactions and do not directly involve the consumer. Second, both commenters stated that companies that provide merchant payment processing would fall within the market definition (and, as noted above, disagreed with that result). However, one of the commenters pointed to what it viewed as significant uncertainty over whether the market definition included what it described as traditional thirdparty payment processing by entities that enable merchants to accept payments. Third, both commenters also referred to what they called covered payment functionalities provided by a nonbank that its merchant customer offers to consumers, who use the end product. Although the consumer is an end user, they described such nonbank activities as facilitating application functionalities between businesses that should be excluded from the market definition.251 Fourth, one of these commenters stated that, to avoid what it described as an unintended expansion of the scope of the proposal, the CFPB should clarify that the rule does not include what it described as ‘‘backoffice service providers or other vendors.’’ Response to Comments Received As discussed above in the Final Rule’s response to comments on the market definition in proposed § 1090.109(a)(1), the CFPB disagrees with comments suggesting that the market should be confined to entities that receive or hold the funds being transferred in consumer payment transactions, or that the market should cover consumer payment transactions that transfer funds from nonbank accounts but not from accounts provided by banks or credit unions. As the Proposed Rule explained, the CFPB is seeking to define a market for generaluse digital consumer payment applications that facilitate consumer payment transactions that transfer funds by or on behalf of the consumer, 251 This commenter suggested this exclusion appear in the definition of ‘‘digital application.’’ However, the Final Rule considers the comment more broadly in relation to other comments seeking exclusion of what they described as business-tobusiness offerings. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 regardless of where those funds may be held. As some industry association comments regarding bank/fintech partnerships acknowledged, the CPFB is not seeking to define a market for taking deposits in this rule. Consistent with that purpose, nothing in the proposed definition of ‘‘covered payment functionality’’ referred to engaging in the ‘‘taking of deposits.’’ Relatedly, holding or receiving funds is not a requirement for facilitating consumer payment transactions and participating in the market. Specifically, neither the form of ‘‘funds transfer functionality’’ described in paragraph (2) of the definition of that term nor the proposed ‘‘wallet functionality’’ definition were based on receiving or holding funds.252 Excluding nonbanks that do not hold or receive funds (or that only facilitate payment of funds held at partner depository institutions) would result in an unduly narrow market definition that essentially is limited to money transmission, ignoring the role that other nonbank activities play in initiating other very common consumer payment transactions through generaluse digital consumer payment applications. For example, consumers have significantly increased their use of digital wallets to make payments using network-branded payment cards issued by third-party financial institutions.253 252 In addition, while the first prong of ‘‘funds transfer functionality’’ refers to receiving funds, that prong requires that the funds be received for the purpose of transmitting them. 253 See, e.g., Worldpay, 2024 Global Payments Report, at 6 (describing ‘‘key insight[ ]’’ that ‘‘[c]onsumer attraction to digital wallets isn’t a turn away from cards. In card-dominated markets, card spend is simply shifting to digital wallets like Apple Pay, Google Pay and PayPal. Viewed in total, card transaction values are at an all-time high and continue to rise.’’), at 148 (reporting use of payment cards through digital wallets under the heading ‘‘digital wallets’’ and separately reporting ‘‘direct card use’’ for debit cards and credit cards), https:// worldpay.globalpaymentsreport.com/ (last downloaded Aug. 22, 2024); Worldpay, Press Release, Worldpay Global Payments Report 2024: Digital Wallet Maturity Ushers in a Golden Age of Payments (Mar. 21, 2024) (finding that ‘‘in the U.S., credit and debit cards fund 65 percent of digital wallets in the market.’’), https:// www.businesswire.com/news/home/ 20240321666428/en/Worldpay-Global-PaymentsReport-2024-Digital-Wallet-Maturity-Ushers-in-aGolden-Age-of-Payments (last visited Nov. 7, 2024); How Are Consumers Funding Mobile Wallets? PaymentsJournal (Apr. 1, 2024) (reporting that most consumers use a debit card or credit card to fund a mobile wallet, versus 36 percent who use the balance within the app, based on Christopher Miller, 2023 North American PaymentInsights: U.S.: Financial Services and Emerging Technologies Exhibit, Javelin Research (July 21, 2023)), https:// javelinstrategy.com/research/2023-north-americanpaymentinsights-us-financial-services-andemerging-technologies (last visited Nov. 7, 2024)), https://www.paymentsjournal.com/how-areconsumers-funding-mobile-wallets/ (last visited Nov. 7, 2024); Steve Cocheo, Consumers Have VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 These include consumer credit card transactions in which the lender transfers funds on behalf of the consumer as part of an extension of credit. In these transactions and in debit card transactions, the nonbank may not hold or receive funds but it does initiate the consumer payment transaction at the consumer’s request by receiving and transmitting payment instructions or storing and transmitting payment credentials.254 And in this way, it also facilitates consumers’ access to their funds, contrary to the suggestion by an industry commenter. Excluding these activities from the market would result in a gap in the CFPB’s supervisory oversight at the very start of the chain of activities that lead a consumer payment transaction to occur. Yet consumers naturally may look to the provider of that consumer financial product or service for help resolving problems. And a credit union trade association commenter stated that credit union customers can find it difficult to obtain prompt resolution of errors that involve a nonbank platform. A group of State attorneys general also cited a survey indicating that more 77 percent of consumers encountered difficulty obtaining resolution from the nonbank’s customer service.255 Embraced Digital Wallets. But They Also Want Them to Be Better, The Financial Brand (Mar. 28, 2024) (discussing the ‘‘overlap between digital wallets and cards.’’), https://thefinancialbrand.com/ news/payments-trends/digital-wallets-absorb-creditcards-as-they-boom-worldwide-176418/ (last visited Oct. 24, 2024); J.D. Power, Debit Cards Still Lead in Customer Satisfaction and Utilization, Even as Use of Digital Wallets Grows (May 23, 2024) (survey projecting ‘‘slow deterioration’’ in share of customers using physical version of debit cards as they opt instead to use the debit cards as a payment method stored in digital wallets), https:// www.jdpower.com/business/resources/debit-cardsstill-lead-customer-satisfaction-and-utilizationeven-use-digital (last visited Nov. 7, 2024): Nicole Murgia & Lily Varon, Digital Payments Have Surpassed Traditional Payments In The US, Forrester Research (Feb. 29, 2024) (reporting survey data finding that ‘‘69% of U[.]S[.] online adults said that they had used a digital payment method over the past three months to make a purchase. That’s well ahead of the just over half of online adults who used a credit card or who used cash. That said, it’s important to remember that cards often are the underlying payment instrument in growing digital payment scenarios.’’), https://www.forrester.com/ blogs/digital-payments-have-surpassed-traditionalpayments-in-the-us/ (last visited Nov. 7, 2024); Mastercard, Mastercard reimagines online checkout; commits to reaching 100% e-commerce tokenization by 2030 in Europe (June 11, 2024), https://www.mastercard.com/news/press/2024/ june/mastercard-reimagines-online-checkoutcommits-to-reaching-100-e-commerce-tokenizationby-2030-in-europe/ (last visited Nov. 7, 2024). 254 The Final Rule responds to general comments about the applicability of Regulation E and Regulation P in the section-by-section analysis of the market definition further above. 255 Consumer Reports P2P Survey at 9 (reporting results of questions about services provided by payment apps such as PayPal, Venmo, Apple Pay, PO 00000 Frm 00039 Fmt 4701 Sfmt 4700 99619 As to industry commenter claims that nonbank market participants pose lower risk because the funds consumers use to make payments are held by other regulated and supervised financial institutions such as banks, credit unions, or money transmitters, this rulemaking does not define who is included or excluded in the market based on findings of relative risk. More specifically, the CFPB does not assess in this rulemaking the relative risk of activities to initiate payments from funds held or received by others; rather, as explained further above, the CFPB considers the risks that a market and its larger participants pose to consumers when determining how to exercise its authority to conduct examinations of such persons. The CFPB also disagrees that the market should exclude nonbanks with a service-providing or partnership relationship with the depository institution that holds the funds used to make the payment. As discussed in the response to general comments above, covering these activities furthers the CFPB’s statutory objective of ensuring consistent compliance with Federal consumer financial law without regard to the status of a person as a depository institution to promote fair competition. The CFPB similarly disagrees with the law firm commenter’s claim that, when a consumer initiates a consumer payment transaction in reliance on a general-use wallet functionality a nonbank provides through a digital application, there is no need to include that activity in the market because another supervised institution, such as a depository institution, may be providing a funds transfer functionality. Two institutions, including a depository institution and a nonbank, may work together to provide a covered payment functionality. For example, a depository institution may accept payment instructions from a nonbank general-use digital consumer payment application provider. A supervisory review that only considers how the depository institution processes those instructions would presume that there is no significance to the role of the nonbank in relaying those instructions to the depository institution. Yet by design, the conduct of both institutions can affect the degree to which consumers’ payments data is protected, legitimate transactions proceed without error or delay, and unauthorized transactions do not occur. The nonbank may even assume primary responsibility for providing the consumer interface, such Google Pay, or Zelle). The Proposed Rule, 88 FR 80197 at 80200 n.25, also identified this survey. E:\FR\FM\10DER2.SGM 10DER2 99620 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 as a digital application, and making representation to consumers about the speed, cost, and other aspects of payments it facilitates. As noted, it is not the purpose of this rule to enumerate, quantify, and weigh such risks because the rule does not seek to define a market that includes only highrisk activity. Rather, the purpose of this rule is to establish authority to examine larger participants in this market. Through operation of that program the CFPB can detect, assess, and as needed, address risks to consumers and markets, and otherwise conduct its risk-based supervision program for the purposes established in CFPA section 1024(b)(1). In addition, for the reasons explained above in response to general comments about existing Federal and State oversight of some aspects of market activity, the CFPB does not define the market based on the degree to which another regulator oversees certain persons, such as a partner bank, its nonbank partner, or any other nonbank that facilitates a given consumer payment transaction. The CFPB also does not define the market based on whether market participants also may act as a service provider to another financial institution.256 The CFPB also disagrees with the two industry associations that argued that certain pass-through digital wallets are subject to the CFPA’s exclusion for ‘‘electronic conduit services’’ because they only store and transmit card 256 The CFPB disagrees with the nonbank firm’s comment to the extent it was suggesting that in general a service provider to financial institutions cannot also be a nonbank covered person, or, more specifically that provisions in CFPA sections 1025(d) or 1026(e) describing the CFPB’s supervisory authority over service providers to banks and credit unions displace the CFPB’s authority under section 1024(a) over nonbank covered persons. Under the CFPA, a firm can act both as a service provider and as a provider of a consumer financial product or service. See 12 U.S.C. 5481(26)(C) (‘‘A person that is a service provider shall be deemed to be a covered person to the extent that such person engages in the offering or provision of its own consumer financial product or service.’’). And with respect to the CFPB’s supervisory authority, no provision in CFPA sections 1024, 1025(d), or 1026(e) states that 1024(a) is displaced by 1025(d) or 1026(e). By contrast, CFPA section 1024(a)(3)(A) expressly provides that CFPA section 1024, which includes the larger participant rulemaking authority in CFPA section 1024(a)(1)(B), shall not apply to persons described in section 1025(a) and 1026(a), which refer to insured depository institutions, insured credit unions, and certain of their affiliates. It does not refer to 1025(d) or 1026(e). Accordingly, if a nonbank is a covered person because it provides a consumer financial product or service, then the CFPB may establish supervisory authority over the nonbank covered person via a larger participant rulemaking under section 1024(a)(1)(B) even if in the course of its activity the nonbank also acts as a service provider to a bank or credit union. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 information, and not funds.257 The commenters did not meaningfully analyze the language of the CFPA’s definition of ‘‘electronic conduit services,’’ which undermines their argument in at least two ways.258 First, the definition applies to the ‘‘intermediate or transient storage’’ of electronic data—i.e., to data storage for a limited time.259 However, as the commenters appear to acknowledge, pass-through digital wallets generally store payment credential or account information on a persistent or indefinite basis (so that it can be used to make payments as needed). Because they do so, pass-through digital wallets do not qualify for the exclusion for electronic conduit services. Second, the commenters incorrectly conclude that the electronic conduit service exclusion necessarily applies where a provider only handles data (and not funds). For example, by its terms, that exclusion does not apply to a provider who ‘‘selects . . . the content of the electronic data’’ being stored or transmitted.260 Pass-through digital wallets generally are designed to store and transmit specific data regarding a payment card (the card number, expiration date, and CVV) provided by the consumer. Providers of such wallets 257 The CFPA excludes ‘‘electronic conduit services’’ from the definition of ‘‘financial product or service.’’ 12 U.S.C. 5481(15)(C)(ii). The term ‘‘electronic conduit services’’ ‘‘(A) means the provision, by a person, of electronic data transmission, routing, intermediate or transient storage, or connections to a telecommunications system or network; and (B) does not include a person that provides electronic conduit services if, when providing such services, the person—(i) selects or modifies the content of the electronic data; (ii) transmits, routes, stores, or provides connections for electronic data, including financial data, in a manner that such financial data is differentiated from other types of data of the same form that such person transmits, routes, or stores, or with respect to which, provides connections; or (iii) is a payee, payor, correspondent, or similar party to a payment transaction with a consumer.’’ 12 U.S.C. 5481(11). 258 Because the commenters do not provide any information regarding how the pass-through digital wallets they describe operate on a technological level, there may be additional reasons, beyond those discussed in this Final Rule, why such wallets do not qualify as electronic conduit services. For example, providers of such wallets may transmit financial data ‘‘in a manner that such financial data is differentiated from other types of data of the same form’’ that the providers transmit. 12 U.S.C. 5481(11)(B)(ii). 259 12 U.S.C. 5481(11)(A); cf. Hately v. Watts, 917 F.3d 770, 785 (4th Cir. 2019) (construing similar phrase ‘‘temporary, intermediate storage’’ in Stored Communications Act to refer to electronic communications ‘‘while they are stored ‘for a limited time’ ‘in the middle’ of transmission’’ (quoting In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497, 512 (S.D.N.Y. 2001)). 260 See id. 5481(11)(B)(i). Similarly, the exception for differentiated electronic data in subsection 1002(11)(B)(ii) could apply where a provider only handles data, and not funds. See id. 5481(11)(B)(ii). PO 00000 Frm 00040 Fmt 4701 Sfmt 4700 thus ‘‘select[ ] . . . the content of the electronic data’’ that the wallets store and transmit, and therefore do not qualify for the electronic conduit services exclusion.261 With regard to the industry association commenters that sought exclusion of business-to-business services that nonbanks provide in connection with consumer payment transactions for the purchase of goods and services, the CFPB disagrees that a new exclusion is needed. With regard to ecommerce websites where the consumer can use a payment button, as explained above in the discussion of comments on the definition of ‘‘consumer payment transaction,’’ the market does not include a merchant on the basis of it placing a payment button on its website that launches a generaluse digital consumer payment application provided by an unaffiliated third party (rather, the market simply includes the third-party app that the payment button launches). With regard to other examples that the industry association commenter cited—service providers or other vendors, including those that may act as traditional payment processors and participate in facilitating business-to-business transactions during the lifecycle of a consumer payment transaction—the Final Rule clarifies that the market generally does not cover that activity. For purposes of this Final Rule, the term ‘‘covered payment functionality’’ would not cover a nonbank that operates in a consumer payment transaction process solely as an intermediary between two businesses, such as where the consumer does not ‘‘access’’ a ‘‘digital application’’ to make a payment.262 In addition, when consumers provide their payment credential through the website of a single merchant solely for use at that merchant and its affiliated companies, the merchant payment processor processing that payment credential (whether for a single transaction or by storing the card on file for repeat use) is not providing covered payment functionality that has ‘‘general 261 In addition, as discussed above, some digital wallets ‘‘tokenize’’ payment information, which involves replacing the cardholder’s account number with a different number at certain stages of the transaction, in order to protect the account number. That activity of creating new payment information to facilitate a payment goes beyond the role of a mere conduit, which is limited to providing ‘‘electronic data transmission, routing, intermediate or transient storage, or connections to a telecommunications system or network[.]’’ 12 U.S.C. 5481(11)(A). 262 In any event, the Final Rule also adopts a revised definition of the term ‘‘covered payment functionality’’ that focuses on receiving funds ‘‘from’’ the consumer or storing account or payment credentials ‘‘for’’ a consumer. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations use’’ based on how the Final Rule defines that term as usable for making payments to multiple unaffiliated persons as discussed below.263 In light of these clarifications and changes adopted in the Final Rule, the CFPB disagrees that a broader, general ‘‘business-to-business’’ exclusion is warranted.264 Such an exclusion would not be consistent with the structure of nonbank provider’s market activities, which involve intermediation between consumers and payment recipients. When consumers sign up as a customer for a nonbank’s general-use digital consumer payment application, they do so in order to use the app to make payments to multiple unaffiliated persons. The consumer payment transactions they make by accessing that digital application fall within the market, even though the app provider also may conduct those transactions under the umbrella of a business-tobusiness contract such as a merchant acceptance agreement.265 khammond on DSK9W7S144PROD with RULES2 Final Rule For the reasons described above, the CFPB adopts the proposed definition of ‘‘covered payment functionality’’ with certain minor clarifying changes. First, the Final Rule changes ‘‘wallet functionality’’ to ‘‘payment wallet functionality.’’ As discussed above, some commenters raised questions about whether the Proposed Rule would have applied to digital wallets (or the 263 Similarly, a consumer may use a general-use digital consumer payment application to make a payment in a physical store by ‘‘tapping’’ their mobile phone that contains the app on a gateway payment terminal at the checkout counter. As the proposed Rule explained, a gateway terminal, which is a computing device merchants acquire, is not a ‘‘digital application’’ as defined in the Proposed Rule because it is not a personal computing device of the consumer. 88 FR 80197 at 80206. Thus a merchant payment processor would not be engaged in market activity solely based on operating or accepting payments data through such a terminal. 264 These clarifications relate to the scope of the market. Some entities may be acting as a service provider to a market participant. The Final Rule does not alter the scope of CFPB authority over service providers conferred by the CFPA. As the Proposed Rule explained, CFPA section 1024(e) expressly authorizes the supervision of service providers to nonbank covered persons encompassed by CFPA section 1024(a)(1), which includes larger participants. Adding an express exclusion for service providers in the Final Rule could cause confusion over the CFPB’s authority to supervise such entities. 265 As discussed above, many businesses provide general-use digital consumer payment applications to consumers and facilitate their payments through business-to-business acceptance agreements with merchants. At the same time, as also discussed above, the market definition adopted in the Final Rule does not cover the merchant, even when it provides a payment button that launches the thirdparty’s general-use digital consumer payment application. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 part of their functionalities) that store and transmit data unrelated to consumer payments. Because the terms ‘‘digital wallet’’ and ‘‘wallet’’ have varied uses, this revision provides greater precision and prevents confusion.266 Second, the definition of ‘‘funds transfer functionality’’ is revised to clarify that the funds received or instructions accepted must be ‘‘from a consumer’’ to qualify as market activity. Similarly, the definition of ‘‘payment wallet functionality’’ is revised to clarify that account or payment credentials must be stored ‘‘for a consumer’’ to satisfy the first prong of that that definition. As discussed above, nonbanks are not participating in the market when providing a payment functionality that a consumer does not access through a digital application. Consistent with that approach, these clarifications to the definition of ‘‘covered payment functionality’’ similarly confirm that nonbank firms that do not engage with consumers through digital applications would not be providing a ‘‘covered payment functionality.’’ For example, for purposes of this Final Rule that term would not cover a nonbank that operates in a consumer payment transaction process solely as an intermediary between two businesses. The CFPB does not believe this is a significant change from the Proposed Rule, since the proposed market definition only would have applied to providing a payment functionality ‘‘for consumers’ general use’’ in the first place. But for the avoidance of doubt, 266 The CFPB declines to adopt the industry commenter’s suggestion that the Final Rule include a safe harbor under which compliance with the CFPB’s personal financial data rights rule does not determine application of this larger participant rule, and coverage under the larger participant rule does not determine application of the personal financial data rights rule. The comment did not identify any specific differences between the two proposals’ approach to covering digital wallets that it found to be significant, or explain how application of one rule could affect application of the other. In fact, application of one rule does not determine application of the other. The text of each rule governs its scope. Further, because this Final Rule does not impose substantive consumer protection obligations, it does not modify the scope of the personal financial data rights rule. In any event, as noted above, to the extent an entity is a larger participant under this rule and also is subject to the personal financial data rights rule when compliance is required in the future, CFPB examinations of that entity may review compliance with the personal financial data rights rule. Further, this treatment is consistent with CFPB examinations of depository institutions with more than $10 billion in assets; i.e., the CFPB currently examines these institutions’ compliance with applicable requirements of Federal consumer financial law (e.g., the EFTA and its implementing Regulation E) and may examine their compliance with the personal financial data rights rule after compliance is required. PO 00000 Frm 00041 Fmt 4701 Sfmt 4700 99621 the Final Rule includes this additional clarification on this point. Digital Application Proposed Rule The proposed market definition would have applied to providing covered payment functionalities through a digital application for a consumer’s general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would have defined the term ‘‘digital application’’ as a software program accessible to a consumer through a personal computing device, including but not limited to a mobile phone, smart watch, tablet, laptop computer, or desktop computer.267 The proposed definition would have specified that the term includes a software program, whether downloaded to a personal computing device, accessible from a personal computing device via a website using an internet browser, or activated from a personal computing device using a consumer’s biometric identifier, such as a fingerprint, palmprint, face, eyes, or voice.268 The Proposed Rule explained how market participants may provide covered payment functionalities through digital applications in many ways. For example, a consumer may access a nonbank covered person’s covered payment functionality through a digital application provided by that nonbank covered person. Or, a consumer may access a nonbank covered person’s covered payment functionality through a digital application provided by an unaffiliated third-party such as another nonbank, a bank, or a credit union.269 In either case, 267 The Proposed Rule noted that the definition considers whether the digital application is accessible through a personal computing device, not whether a particular payment is made using a computing device that a consumer personally owns. For example, if a consumer logs into a digital application through a website using a work or library computer and makes a consumer payment transaction, the transfer would be subject to the Proposed Rule if that digital application is one a consumer also may access through a personal computing device. 268 The Proposed Rule noted for example that some nonbanks allow consumers to use interactive voice technology to operate the nonbank’s application that resides on the phone itself. See, e.g., Lory Seraydarian, Voice Payments: The Future of Payment Technology?, PlatAI Blog (Mar. 7, 2022) (software firm analysis reporting that major P2P participants ‘‘allow their customers to use voice commands for peer-to-peer transfers.’’), https:// plat.ai/blog/voice-payments/ (last visited Oct. 23, 2023). 269 As the Proposed Rule noted, if a nonbank covered person provides a covered payment functionality a consumer may access through a digital application provided by a bank or credit union, the Proposed Rule would have only applied E:\FR\FM\10DER2.SGM Continued 10DER2 khammond on DSK9W7S144PROD with RULES2 99622 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations a consumer typically first opens the digital application on a personal computing device and follows instructions for associating their deposit account, stored value account, or other payment account information with the covered payment functionality for use in a future consumer payment transaction. Then, when the consumer is ready to initiate a payment, the consumer may access the digital application again to authorize the payment. The Proposed Rule also explained how consumers have many ways to access covered payment functionalities through digital applications to initiate consumer payment transactions. To make a P2P payment, a consumer may use an internet browser or other app on a mobile phone or computer to access a nonbank covered person’s funds transfer functionality, such as a feature to initiate a payment to friends or family or to access a general-use bill-payment function. The consumer then may direct the nonbank covered person to transmit funds to the recipient or the consumer may provide payment instructions for the nonbank covered person to relay to the person holding the funds to be transferred. Or, in an online retail purchase transaction, a consumer may access a wallet functionality by clicking on or pressing a payment button on a checkout screen on a merchant website. The consumer then may log into the digital application or display a biometric identifier to their personal computing device to authorize the use of a previously-stored payment credential. Or, in an in-person retail purchase transaction, a consumer may activate a covered payment functionality by placing their personal computing device next to a merchant’s retail payment terminal. The digital application then may transmit payment instructions or payment credentials to a merchant payment processor. For example, a mobile phone may transmit such data by using near-field communication (NFC) technology built into the mobile phone,270 by generating a payment-specific quick response (QR) code on the mobile phone screen that the consumer displays to the merchant payment terminal, or by using the internet, a text messaging system, or to the nonbank. Insured depository institutions, insured credit unions, and certain of their affiliates are not subject to the CFPB’s larger participant rules, which rely upon authority in CFPA section 1024 that applies to nonbanks. 12 U.S.C. 5514(a)(3)(A). 270 See generally CFPB Contactless Payments Spotlight, supra. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 other communications network accessible through the mobile phone. Through the proposed definition of digital application, the Proposed Rule would have excluded from the proposed market payment transactions that do not rely upon use of a digital applications. For example, gateway terminals merchants obtain to process the consumer’s personal card information are not personal computing devices of the consumer. Merchants generally select these types of payment processing services, which are provided to consumers at the point of sale to pay for the merchant’s goods or services. Their providers may be participating in a market that is distinct in certain ways from a market for general-use digital consumer payment applications. In addition, the proposed definition of ‘‘digital application’’ would not have covered the consumer’s presentment of a debit card, a prepaid card, or a credit card in plastic, metallic, or similar form at the point of sale. In using physical payment cards at the point of sale, a consumer generally is not relying upon a ‘‘digital application’’ because the consumer is not engaging with software through a personal computing device to complete the transaction. However, when a consumer uses the same payment card account in a wallet functionality provided through a digital application, then those transactions would have fallen within the market definition. The Proposed Rule requested comment on the proposed definition of ‘‘digital application,’’ and whether it should be modified, and if so, how and why. For example, the Proposed Rule requested comment regarding whether defining the term ‘‘digital application’’ by reference to software accessible through a personal computing device is appropriate, and if so, why, and if not, why not and what alternative approach should be used and why. Comments Received A consumer group supported the proposal’s definition of a market based on use of a ‘‘digital application.’’ It cited a 2021 industry white paper observing that most financial transactions happen via mobile apps, websites, email, text messages, and other digital communications.271 In addition, as discussed above, many commenters agreed that the market for general-use digital consumer payment applications has grown rapidly and expressed support for the proposal to supervise larger participants providing general-use 271 Google LLC Embedded Finance White Paper, supra, at 3. PO 00000 Frm 00042 Fmt 4701 Sfmt 4700 digital consumer payment applications. These commenters generally did not take issue with or appeared to agree with the proposal’s defining the market as a digital market. Some consumer group commenters urged the CFPB to expand the market definition beyond payments facilitated through digital applications, to cover inperson domestic money transfers as well as payments consumers make via telephone call to transfer funds to persons while incarcerated and prepaid cards issued to such persons upon their release from incarceration. They indicated this approach would be consistent with the market definition in the international money transfer larger participant rule, which was not limited to app-based payments. They stated that some consumers that send funds to friends and family who are incarcerated have incomes that are too low to afford easy access to digital applications. They also described a risk of abusive practices with release cards due to consumers’ lack of choice among card issuers. They further noted that the proposed market definition would not encompass consumers’ use of release cards outside of digital applications, which they often do because they likely do not have smartphones when they are released and need to use the funds immediately. Meanwhile, an industry association suggested that the ‘‘digital application’’ limitation invalidates the market definition because it does not satisfy principles of antitrust law due to excluding reasonably interchangeable non-products with the same use case, such as network-branded payment cards when used outside of a digital application, whether by swiping a plastic card in-person or inputting the card information manually to make a digital payment. This commenter cited data that in its view indicated that those cards are still preferred by consumers. Thus, in its view, general-use digital consumer payment applications compete with physical payment methods as part of a broader payment industry. In addition, a nonprofit commenter disagreed with the ‘‘digital application’’ limitation because, in its view, it incorrectly ascribes a special status to payments undertaken digitally.272 272 A few industry associations also described the proposed definition of ‘‘digital application’’ as vague. Their comments appeared principally concerned not with what is a digital application, but with who is providing a covered payment functionality through a digital payment application. The Final Rule responds to their comments in the section-by-section analysis of ‘‘covered payment functionality’’ above. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Other consumer groups and a nonprofit commenter called for clarification of the definition of ‘‘digital application’’ including its reference to use of a ‘‘personal computing device.’’ For example, one consumer group suggested that the rule include additional examples of a ‘‘personal computing device’’ because computer chips are versatile and industry can use everyday items to facilitate payments and collect consumers’ payments data. They stated that some automobiles already have ‘‘smart dashboards’’ that consumers may use to make purchases. They added that home appliances, such as televisions and refrigerators, also could be designed to facilitate purchases. They stated that some smart appliances already allow consumers to use a digital wallet provided by a thirdparty that is dominant in the market. They stated that these devices should be included as examples of personal computing devices that may facilitate market activity. On the other hand, a nonprofit commenter stated that some of its members believed the definition of ‘‘personal computing device’’ is vague and the rule needs to expressly exclude public computers from that definition. This commenter also stated some of its members believed that the definition of ‘‘digital application’’ should be clarified to provide additional examples of how a consumer ‘‘may access’’ the underlying software program. They stated that the use of PINs and passwords should be added to the examples in the definition. Finally, two commenters raised questions about the applicability of the Proposed Rule to internet browsers and functionalities they provide. An industry association stated that the rule should clarify whether internet browsers that store credit card information would be considered to facilitate a consumer payment within the meaning of the definition of ‘‘covered payment functionality.’’ In addition, a law firm commenter stated that it did not understand the goal of the Proposed Rule to cover generic web browser activity, but a clarification would be necessary to avoid inadvertent coverage of that activity because of what it described as ‘‘payment-autofill functions’’ provided by online platforms and applications. It cited specific popular internet browsers as examples. It described payment autofill functions as prepopulating a consumer’s stored payment credential information into checkout forms on a merchant website within the platform’s browser.273 273 Although it stated that it did not understand that the goal of the Proposed Rule was to cover VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 Response to Comments Received The CFPB agrees with the consumer group commenter that it is appropriate to define the market at issue in this Final Rule as one involving ‘‘digital applications.’’ As discussed above, such digital applications have grown dramatically and become increasingly important to the everyday financial lives of consumers. With respect to the industry associations’ comments suggesting that the limitation of the market to ‘‘digital application’’ would be inappropriate from the perspective of antitrust law because it excludes consumers’ use of physical network-branded payment cards, as discussed above this Final Rule does not define a market for purposes of antitrust law. As a consequence, CFPA section 1024(a)(1) does not require a larger participant rule to define a market to include all reasonably-interchangeable substitutes for a given consumer financial product or service whether provided by nonbanks or insured banks or credit unions.274 In addition, the CFPB disagrees with the industry association’s comments because general-use digital consumer payment applications often function in ways that are distinct from networkbranded payment cards, making it appropriate for the market defined in this Rule to be limited to such digital applications. For example, as the most recent Federal Reserve annual report on consumer payment preferences indicates, consumers generally cannot or do not use network-branded payment cards for making payments to friends and family outside of the nonbank general-use digital consumer payment applications.275 Similarly, well-known autofill functions of generic web browsers, it stated that the autofill functionality could be viewed as transmitting or otherwise processing a stored payment credential under a broad reading of the proposed definition of ‘‘wallet functionality’’ discussed further above. However, in its view, such a broad reading would be incorrect because transmission of the payment credential for processing does not occur until the consumer clicks the merchant’s payment button and because it is the merchant and their payment service providers that process the payment. 274 In any event, the CFPB notes that loading the card into a third-party app for app-based use may be an indicator that the app is a compliment rather than a substitute for the card. See Racing for Mobile Payments, supra, sec. 2.1.2 (describing ‘‘cardcomplementing mobile payment systems’’ like those provided by Apple, Google, and Samsung in the United States). 275 See 2024 Diary Findings, supra at 16 (indicating that when used by themselves and not through payment apps, ‘‘[d]ebit and credit cards . . . typically are impractical or costly for P2P transactions’’). For example, American Express National Bank has used PayPal and Venmo to facilitate credit card holders’ P2P transactions, as PO 00000 Frm 00043 Fmt 4701 Sfmt 4700 99623 general-use digital consumer payment applications often provide a functionality that physical payment cards generally do not have—the ability to load payment credentials for accounts held at multiple unaffiliated financial institutions.276 This functionality can be a significant one. According to one recent report, the average consumer may have as many as eight network-branded payment cards.277 The CFPB disagrees with the consumer group and nonprofit comments to the extent they were suggesting that the ‘‘digital application’’ component of the proposed market definition would leave a significant gap in the CFPB’s supervisory authority with respect to the use of networkbranded payment cards including prison release cards. CFPA section 1025(a) already grants the CFPB supervisory authority over very large insured depository institutions and insured credit unions that are among the largest issuers of network-branded payment cards. While some insured depository institutions and insured credit unions with assets of $10 billion or less also issue payment cards, including prepaid cards, CFPA section 1024(a)(3)(A) specifically excludes all insured depository institutions and insured credit unions from the scope of a larger participant rule under CFPA section 1024(a)(1)(B). Therefore, the CFPB does not have authority to use this rule to define insured depository institutions or insured credit unions as larger participants in this market. In any event, when a nonbank prepaid card program manager facilitates consumers’ use of these cards through the card’s proprietary digital application, such as to make payments to friends and family, this activity may qualify as a consumer financial product or service of the nonbank that already is included in the described at https://help.venmo.com/hc/en-us/ articles/360058686993-Amex-Send-Split (last visited Nov. 7, 2024). 276 Some banks and credit unions offer an appbased wallet functionality that facilitates payments using cards issued by multiple unaffiliated card issuers. See Paze FAQs (describing how consumers can add participating cards into the wallet from the Paze website or through the bank or credit union’s digital application), https://www.paze.com/faqs (last visited Nov. 17, 2024); see also VISA Blog, One card to rule them all (May 16, 2024) (describing VISA plans to launch a new service in the United States allowing consumers to use their card issuer’s app to ‘‘swap funding sources’’ between different accounts the consumer holds with that same issuer), https://usa.visa.com/visa-everywhere/blog/ bdp/2024/05/14/one-card-to-1715696707658.html (last visited Nov. 7, 2024). 277 Jack Caporal, Credit and Debit Card Market Share by Network and Issuer (Jan. 24, 2024) (citing Nilson Report data for 2022), https://www.fool.com/ the-ascent/research/credit-debit-card-market-sharenetwork-issuer/ (last visited Nov. 7, 2024). E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 99624 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations market definition. And when consumers load these cards into a third-party general-use digital consumer payment applications, the use of the cards through those apps also would be included in the market definition. The CFPB also declines the suggestion by consumer group and nonprofit commenters that the CFPB adopt in this Final Rule a market that includes all domestic money transfers including those facilitated by telephone call and through in-person transfers not mediated by a digital application. As discussed above, a trend in the consumer payments area has been the rapid growth in general-use digital consumer payment applications including their payment wallet functionalities that do not necessarily involve domestic money transmitting. The CFPB adopts this Final Rule in response to that growth in an effort to promote compliance with Federal consumer financial law and detect and assess risks to consumers and the market, including emerging risks, and to ensure consistent enforcement of Federal consumer financial law in this area. When consumers make telephoneor in-person-based domestic payments, the CFPB has other means of assessing risks they may pose to consumers. For example, if a nonbank covered person has significant involvement in that activity through the provision of a consumer financial product or service, the CFPB can evaluate whether that poses a risk to consumers sufficient to warrant a supervisory designation under CFPA section 1024(a)(1)(C). Further, consistent with its approach in the international money transfer larger participant rule,278 the CFPB notes that it does not seek in this rule to define a market that covers the entire universe of consumer payment transactions that fall within the scope of the CFPB’s authority under the CFPA. This larger-participant rulemaking is only one in a series, and nothing in this Final Rule precludes the Bureau from considering in future larger-participant rulemakings other markets for consumer financial products or services that might include non-digital payment activities not included in the market defined by this rule. With regard to comments on specific aspects of the ‘‘digital application’’ definition, the CFPB agrees with the members of the nonprofit commenter that PINs and passwords may be common ways that consumers use to access general-use digital consumer payment applications. Device-specific codes called passkeys also are an 278 79 FR 56631 at 56635–56636. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 increasingly common way for digital applications, including general-use digital consumer payment applications, to authenticate a consumer’s identity.279 The Final Rule therefore accounts for these examples, as described below.280 The CFPB does not agree with the consumer group commenter to the extent it was suggesting that the prospect of future participation in the market by manufacturers of automobiles and smart appliances such as televisions and refrigerators warranted adding those types of devices to the list of example of personal computing devices in the definition of ‘‘digital application.’’ Because the proposed definition did not state that the list of examples of personal computing devices was exhaustive, other devices may qualify as personal computing devices. However, the research described in the Proposed Rule indicates that general-use digital consumer payment applications are predominantly distributed via mobile phones and computers. For that reason, it is not necessary for the regulation text to identify automobiles and smart appliances such as televisions and refrigerators as additional examples of personal computing devices. The proposed definition already was flexible enough to capture this activity if it were to become common in the future. To the extent existing market participants make their general-use digital consumer applications accessible to consumers not only via mobile phones or computers, but also via automobiles or smart home appliances manufactured by others, that activity already would fall within the market definition regardless of whether automobiles or smart home appliances qualify as personal computing devices. As the Proposed Rule noted,281 if a consumer may access a digital application through a personal computing device, then consumers’ use of the application would be included in the market regardless of whether they 279 See, e.g., PayPal, PayPal Introduces More Secure Payments with Passkeys (Oct. 24, 2022), https://newsroom.paypal-corp.com/2022-10-24PayPal-Introduces-More-Secure-Payments-withPasskeys (last visited Nov. 8, 2024); Apple iPhone User Guide iOS 17, Use passkeys to sign in to apps and websites on iPhone, https://support.apple.com/ guide/iphone/use-passkeys-to-sign-in-to-apps-andwebsites-iphf538ea8d0/ios (last visited Nov. 8, 2024); Google, Passkey support on Android and Chrome, https://developers.google.com/identity/ passkeys/supported-environments (last visited Nov. 8, 2024). 280 However, the inclusion of these examples does not necessarily mean that a nonbank is participating in the market by providing a product or service to manage a consumer’s passwords. Whether or not that activity falls within the market definition will depend on whether it is conducted by a nonbank covered person as part of providing a ‘‘covered payment functionality’’ with ‘‘general use.’’ 281 88 FR 80197 at 80206 n.67. PO 00000 Frm 00044 Fmt 4701 Sfmt 4700 access the application through other means, such as a work or library computer. For that reason, the CFPB also disagrees with the members of the nonprofit commenter that suggested the rule needs to further differentiate between a personal and a public computing device. They did not point to any examples that should be classified in one category or the other.282 Finally, with regard to comments seeking clarification or exclusion of internet browser activities including payment autofill functions, the CFPB clarifies that the Proposed Rule was not intended to treat the operation of a web browser itself as a form of market activity.283 As noted above, the proposed definition of ‘‘digital application’’ included several examples of software programs accessed by a personal computing device, including ‘‘a website a consumer accesses by using an internet browser on a personal computing device.’’ As that example indicates, the relevant ‘‘digital application’’ that the consumer accesses using a web browser is the website, and not the web browser itself. Excluding web browsers from the definition of ‘‘digital application’’ is consistent with the CFPB’s goal of covering payment applications in the rule. While some web browsers may store and automatically populate payment forms on merchant websites with consumer payment account information, that activity alone does not convert a web browser into a payments-focused digital application that is participating in this market. Nor is the CFPB aware of market research studies or surveys on consumer payment applications that identify web browsers as competing with larger participants in the market. Final Rule For the reasons described above, the CFPB adopts the proposed definition of ‘‘digital application’’ with certain clarifying changes described below, including changing the term to ‘‘digital payment application.’’ 282 In addition, as explained in the discussion of general comments further above, through supervisory activity at larger participants defined in this Final Rule, the CFPB can detect and assess emerging risks to consumers, including as a result of developments in the software or personal computing devices involved in the delivery of general-use digital consumer payment applications. 283 See, e.g., United States v. Microsoft Corporation, Case No. 98cv1232, D.D.C. (Complaint filed May 18, 1998) ¶ 6 (defining an ‘‘internet browser’’ as ‘‘specialized software programs that allow PC users to locate, access, display, and manipulate content and applications located on the internet’s World Wide Web’’), https:// www.justice.gov/sites/default/files/atr/legacy/2012/ 08/09/1763.pdf (last visited Nov. 8, 2024). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations First, consistent with the Final Rule changing ‘‘wallet functionality’’ to ‘‘payment wallet functionality’’ for the sake of precision and clarity, the Final Rule also adopts the term ‘‘digital payment application’’ instead of the more generic term ‘‘digital application.’’ Based on how the CFPB proposed the market definition for a ‘‘general-use digital consumer payment application,’’ the concept of a ‘‘digital payment application’’ already was incorporated into the market definition itself. This conforming change to the component definition of ‘‘digital application’’ therefore aligns that term more clearly with the general market definition. Relatedly, for the reasons discussed above in the CFPB’s response to comments regarding web browsers, the Final Rule clarifies that operating a web browser is not an example of providing a digital payment application. Second, in response to a nonprofit commenter, the Final Rule adds to the list of examples of how a consumer may access a personal computing device to include other common means, such as using a personal identifier, such as a passkey, password, or PIN. khammond on DSK9W7S144PROD with RULES2 General Use Proposed Rule The proposed market definition would have applied to providing covered payment functionalities through a digital application for a consumer’s general use in making consumer payment transactions. Proposed § 1090.109(a)(2) would have defined the term ‘‘general use’’ as the absence of significant limitations on the purpose of consumer payment transactions facilitated by the covered payment functionality provided through the digital consumer payment application. The Proposed Rule explained that the CFPB sought to confine the market definition to those digital payment applications that consumers can use for a wide range of purposes. The Proposed Rule noted how digital payment applications with general use can serve broad functions for consumers, such as sending funds to friends and family, buying a wide range of goods or services at different stores, or both. As reflected in the nonexhaustive list of examples in the Proposed Rule discussed below, other consumer financial products and services provide payment functionalities for more limited purposes. While those other products and services also serve important functions for consumers, they do not have the same broad use cases for consumers. As a result, in the Proposed VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 Rule, the CFPB viewed those products as participating in a market or markets distinguishable from a market from general-use digital consumer payment applications. The proposed definition of general use would have clarified that a digital consumer payment application that would facilitate person-to-person, or peer-to-peer (P2P), transfers of funds would have qualified as having general use under the Proposed Rule. Even if a payment functionality provided through a digital application is limited to P2P payments, and that constitutes a limitation on the purpose of payments, that limitation would not have been a significant limitation for purposes of the proposed market definition. For example, a P2P application that permits a consumer to send funds to any family member, friend, or other person would have qualified as having general use, even if that P2P application could not be used as a payment method at checkout with merchants, retailers, or other sellers of goods or services. A P2P application also would have qualified as having general use even if it can only transfer funds to recipients who also register with the application provider, or otherwise participate in a certain network (which the Proposed Rule noted some refer to as ‘‘closed loop’’ P2P systems). As the Proposed Rule noted, although the network of potential recipients in such a system may be limited in certain respects, often any potential recipient may have the option of joining such a system (and many consumers already may have joined such systems), so the universe of potential recipients for such payments often is still broad. The Proposed Rule also stated that a digital consumer payment application still may have qualified as having general use even when the universe of potential recipients for a funds transfer is fixed, such as when a consumer can only make a transfer of funds to friends or family located in a prison, jail, or other secure facility.284 284 Such funds may be available to the recipient for a variety of purposes, including to purchase food, toiletries, medical supplies, or phone credits while incarcerated, and, if not used by the recipient while incarcerated, may revert upon release to an unrestricted account. See, e.g., CFPB Report, Justice-Involved Individuals and the Consumer Financial Marketplace (Jan. 2022), sec. 3.1 (n.87 describing uses of these types of funds transfers) and sec. 4.1 (describing how, as observed in a CFPB enforcement action and an investigative report on prison release cards, ‘‘[w]hen released, people exiting jail receive the money they had when arrested, and prisons disburse the balance of a person’s commissary account, including wages from prison jobs, public benefits, and money sent by friends and family.’’), https://files.consumer PO 00000 Frm 00045 Fmt 4701 Sfmt 4700 99625 To provide clarity as to the proposed market definition, the proposed definition of general use would have included examples of limitations that would be significant for purposes of the proposal, such that a covered payment functionality offered through a digital consumer payment application with such limitations would not have had general use.285 The examples would have illustrated some types of digital consumer payment applications that would not have had general use. The list of examples was not exhaustive, and other types of digital consumer payment applications would not have had general use to the extent they cannot be used for a wide range of purposes. In addition, the Proposed Rule noted that some payment functionalities may be provided through two different digital consumer applications. For example, from a merchant’s ecommerce digital application, a consumer may click on a payment button that links to a third-party general-use digital consumer payment application, where the consumer authenticates their identity and provides payment instructions or otherwise authorizes the payment. Even if the merchant’s digital application itself would not have qualified as having general use, the consumer’s use of the third-party general-use digital consumer payment application still would have constituted covered market activity with respect to the third-party provider. The first example of a payment functionality with a significant limitation such that it would not have general use would have been a digital consumer payment application whose payment functionality is used solely to purchase or lease a specific type of services, goods, or property, such as transportation, lodging, food, an automobile, a dwelling or real property, or a consumer financial products and service.286 The Proposed Rule listed this finance.gov/f/documents/cfpb_jic_report_202201.pdf (last visited Oct. 23, 2023). 285 The Proposed Rule includes these examples to illustrate the scope of the term ‘‘general use’’ in the Proposed Rule, and thus the scope of the proposed market definition. The examples are not a statement of the CFPB’s views regarding the scope of its authority over consumer financial products and services under the CFPA. 286 For example, when a consumer uses a payment functionality in a digital application for a consumer financial product or service to pay for that consumer financial product or service, such as by providing payment card information to a creditmonitoring app to pay for credit-monitoring services, this limited purpose for that payment functionality would not have had general use under the Proposed Rule. The term ‘‘consumer financial product or service’’ is defined in CFPA section 1002(5) and includes a range of consumer financial products and services including those in markets E:\FR\FM\10DER2.SGM Continued 10DER2 99626 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 example in paragraph (A) of the proposed definition of general use. Second, as indicated in paragraph (B), accounts that are expressly excluded from the definition of ‘‘prepaid account’’ in paragraphs (A), (C), and (D) of § 1005.2(b)(3)(ii) of Regulation E 287 also would not have had general use for purposes of the Proposed Rule. Those provisions in Regulation E exclude certain tax-advantaged health medical spending accounts, dependent care spending accounts, transit or parking reimbursement arrangements, closedloop accounts for spending at certain military facilities, and many types of gift certificates and gift cards. The Proposed Rule explained that, while these types of accounts may support payments through digital applications with varied purposes to different types of recipients, the accounts remain sufficiently restricted as to the purpose to warrant exclusion from the proposed market. Third, as indicated in proposed paragraph (C), a payment functionality provided through a digital consumer payment application that solely supports payments to pay a specific debt or type of debt or repayment of an extension of consumer credit would not have qualified as having general use. For example, a consumer mortgage lender’s mobile app or website may provide a functionality that allows a consumer to pay a loan. Or a debt collector’s website may provide a means for a consumer to pay a debt. These digital consumer payment applications have a use that is significantly limited, to only pay a specific debt or type of debt. In general, digital applications that solely support payments to specific lenders, loan servicers, and debt collectors would not have fallen within the proposed market definition.288 The Proposed Rule noted that the CFPB considers such digital applications generally to be more part of the markets for consumer lending, loan servicing, and debt collection. The CFPB has issued separate larger participant rules for such markets and CFPA section that the CFPB supervises, described in the Proposed Rule, as well as other consumer financial products and services outside of supervised markets over which the CFPB generally has enforcement and market-monitoring authority. See generally 12 U.S.C. 5481(5) (definition of ‘‘consumer financial product or service’’) and 12 U.S.C. 5481(15) (definition of ‘‘financial product or service’’). 287 12 CFR 1005.2(b)(3)(ii). 288 By contrast, as noted in the section-by-section analysis of the proposed exclusion in paragraph (C) of the definition of a ‘‘consumer payment transaction,’’ if a consumer uses a general-use digital consumer payment application as a method of making a payment to such a payee, that generaluse digital consumer payment application would have been participating in the market for those consumer payment transactions. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 1024(a) also grants the CFPB supervisory authority over participants in certain lending markets, including mortgage lending, private student lending, and payday lending. In addition, other digital applications may only help a consumer to pay certain other types of debts, such as taxes or other amounts owed to the government, including fines. Under this proposed example, those payment functionalities provided through those applications also would not have qualified as having general use. Fourth, as indicated in proposed paragraph (D), a payment functionality provided through a digital application that solely helps consumers to divide up charges and payments for a specific type of goods or services would have been excluded. Some payment applications, for example, may be focused solely on helping consumers to split a restaurant bill. This example is a corollary of the example in paragraph (A). Since a payment functionality limited to paying for food would not have qualified as having general use under paragraph (A), paragraph (D) would have clarified that a payment functionality that enables splitting a bill for food have also would not have qualified as having general use. The CFPB requested comment on the proposed definition of general use and examples of significant limitations that take a payment functionality provided through a digital consumer application out of the general use category. The CFPB also requested comment on whether the examples of significant limitations should be changed or clarified, and whether additional examples of significant limitations should be included, and if so, what examples and why. Comments Received Some commenters stated that the proposed ‘‘general use’’ limitation was excessively ambiguous or uncertain, though they did not agree on how to clarify the definition. For example, two industry associations criticized defining ‘‘general use’’ as the ‘‘absence of significant limitations on the purpose of consumer payment transactions facilitated by the covered payment functionality’’ on the ground that that standard was ambiguous and that the associated examples in the proposed definition did not provide sufficient guidance to ascertain the scope of ‘‘general use.’’ These commenters stated that additional clarification or limitations on the definition were necessary, and that if the Final Rule did not clarify this term, then firms would incur unnecessary costs and confusion as to whether they need to prepare their PO 00000 Frm 00046 Fmt 4701 Sfmt 4700 compliance management systems for CFPB supervision. Similarly, another industry association criticized the definition of ‘‘general use’’ as ambiguous, and suggested that such ambiguity would generate confusion for providers. The commenter suggested clarifying how the definition applies to diverse features and functionalities within payment applications. An individual commenter stated that the proposal did not clearly define ‘‘general use’’ and suggested that the rule instead adopt a bright-line test, providing that general use means use with more than 100 merchants, 10 platforms, or 5 different purposes. A nonprofit commenter stated that while a vast majority of its members approved of the proposed definition of ‘‘general use,’’ a majority also recommended adding examples to the definition. A payments industry firm stated that the rule should clarify the example described in proposed paragraph (B) related to certain gift cards and other products and services that do not have general use.289 Finally, a comment from consumer groups stated that the Rule should clarify that online marketplace payment functions meet the definition of ‘‘general use’’ (and not exclude them from the definition of ‘‘consumer payment transactions’’ included in the market as discussed above). These commenters also stated that the Final Rule should clarify that if a payment app aimed at servicemembers is not eligible for the narrow Regulation E exclusion cited in paragraph (B) of the proposed definition of ‘‘general use,’’ then it would meet the definition of ‘‘general use.’’ 290 In addition, commenters had differing views regarding the appropriateness of the breadth of the proposed definition of ‘‘general use.’’ Some commenters agreed with the breadth of ‘‘general use’’ or suggested it should be expanded. For example, the comment from consumer groups expressed general support for the 289 Specifically, this commenter requested that the CFPB clarify that the definition of ‘‘general use’’ also excludes certain types of cards, codes, and other devices described in Regulation E section 1005.20(b). It stated that the Proposed Rule was unclear on this point because it referred only to an account described in Regulation E section 1005.2(b)(3)(ii)(D). Regulation E section 1005.20(b) describes cards, codes, and other devices that are excluded from Regulation E section 1005.20(a), which defines the accounts identified in 1005.2(b)(3)(ii)(D). As a result, in its view there is uncertainty over whether the CFPB views those cards, codes, and devices has having general use. In its view, section 1005.20(b) refers to certain types of cards, codes, and other devices with limited uses and the CFPB should confirm those types of cards, codes, and other devices to do not have general use. 290 The comment did not provide an example or state whether such consumer financial products or services currently exist. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 definition, which they characterized as appropriately broad. Several consumer group and nonprofit comments expressed support for the definition of ‘‘general use’’ based on how the proposed term reflected what they described as the broad functions of services to transfer funds to people who are incarcerated. Some of these commenters added that some large companies provide app-based money transfers both to people who are incarcerated and to people who are not.291 In addition, without directly addressing the exclusion in paragraph (D) of the definition of ‘‘general use’’ for payment functionalities solely to split a charge for a specific type of goods or services, an industry association stated that consumers use general-use digital consumer payment applications for, among other purposes, paying expenses informally split between consumers. An industry association suggested that at least in certain ways, the proposed definition of ‘‘general use’’ unduly narrowed the market because it excluded digital applications that help consumers to make payment for the same types of purchases, such as food and automobiles, using the same underlying payment methods as applications that meet the proposed definition of ‘‘general use.’’ On the other hand, several industry commenters stated that the proposed definition of ‘‘general use’’ was too broad and that it should be narrowed in various ways. These comments generally stated that the ‘‘general use’’ limitation on the proposed market definition did not adequately limit the scope of the market definition in the context of payments for consumer purchases, in the context of peer-to-peer payments, or both. In the context of digital payments for purchases, two industry associations stated that the rule should exclude from ‘‘general use’’ what it called ‘‘closed291 In addition, they stated that the ‘‘general use’’ of these payment systems is reflected in the significant number of people who are incarcerated (nearly two million at any one time with one estimate that people were incarcerated nearly seven million times in 2021), broad available uses those people have for transferring the funds while they are incarcerated, and the universal acceptance of release cards loaded with funds remaining at the time of release. As discussed in the section-bysection analysis of the comments on the proposed definition of ‘‘digital application,’’ these commenters also called for expansion of the market to include the full range of payment services that support payments to people while incarcerated, payments by people while incarcerated, and payments by people who are recently released from incarceration using payment cards issued upon release. They added that these products and services pose large risks to consumers, due to, among other features, high fees and the lack of competition for such products and services. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 loop transactions’’ which it described as transactions that can only occur at a ‘‘finite’’ group of merchants. These comments stated that the exclusion should be consistent with the CFPB’s understanding of ‘‘closed-loop transactions’’ in the context of its prepaid account rule under Regulation E.292 In the context of digital peer-to-peer payment applications or functionalities, several industry and other commenters stated that the proposal’s approach to defining ‘‘general use’’ was too broad. A nonprofit stated that the Proposed Rule incorrectly treated any peer-to-peer funds transfer functionality as having general use. Another nonprofit stated that peer-to-peer payment applications should not have general use unless also enabled for purchases. In its view, the absence of a purchase functionality constitutes a ‘‘significant limitation’’ within the meaning of the proposed definition of ‘‘general use.’’ Another industry association stated that the Proposed Rule should not have classified a peer-to-peer payment application as having general use when it restricts the universe of payment recipients to other persons who are registered users of the same application. Finally, several industry trade associations stated that the Proposed Rule was internally inconsistent by treating a payment functionality used exclusively by people who are incarcerated to make commissary purchases as having ‘‘general use’’ while simultaneously excluding payment functionalities provided solely for purchase of certain types of goods, services, or other property, such as food.293 Two trade associations also suggested that the Proposed Rule’s assessment that persons who are incarcerated may put funds received to general use in a closed environment is inconsistent with how the CFPB views closed-loop prepaid cards under, Regulation E. Another industry association stated that a payment functionality for people who are incarcerated to pay for goods and 292 While these commenters quoted a description of ‘‘closed-loop prepaid cards’’ they stated came from the CFPB’s rules concerning prepaid accounts, the citation they identified is to a CFPB website that contains consumer education materials regarding general-use prepaid cards, prepaid gift cards, and other prepaid cards at https://www.consumer finance.gov/consumer-tools/prepaid-cards/answers/ key-terms (last visited Nov. 17, 2024). 293 In addition, they stated that the proposal’s different treatment of these examples created confusion about the identity of the estimated 17 larger participants. The CFPB discusses comments on that issue in the section-by-section analysis of the larger-participant test below. PO 00000 Frm 00047 Fmt 4701 Sfmt 4700 99627 services does not have ‘‘general use’’ within its conventional meaning.294 Response to Comments Received With respect to comments that the proposed definition of ‘‘general use’’ was excessively ambiguous or uncertain, the CFPB also shares the commenters’ goal of reducing ambiguity and uncertainty in the definition of ‘‘general use.’’ Accordingly, the CFPB declines to adopt the proposal to define ‘‘general use’’ as the absence of significant limitations on the purposes of a consumer payment transactions facilitated by the covered payment functionality provided through the digital consumer payment application. Instead, as discussed further below, the Final Rule adopts an alternative standard for defining ‘‘general use’’ as usable to transfer funds in a consumer payment transaction to multiple unaffiliated persons, with limited exceptions. With respect to comments on the breadth of the term ‘‘general use,’’ the CFPB believes that the definition of ‘‘general use’’ adopted in this Final Rule is appropriately broad given the characteristics of the market defined in this Final Rule. The term encompasses digital consumer payment applications capable of being used for a range of purposes such as sending funds to friends and family, buying a range of goods or services at different stores, or both. As discussed above in response to comments on the market definition in § 1090.109(a)(1), treating those functions as part of a single market is consistent with the CFPB’s experience and expertise, the views of certain other market observers, and with common consumer user experience. In response to the commenter that raised concerns about the rule including a ‘‘general use’’ limitation at all, the CFPB notes that the ‘‘general use’’ limitation reduces the breadth of the market, which the commenter stated already was overly broad. The CFPB also declines to drop the ‘‘general use’’ limitation based on that industry association’s comments suggesting that this limitation impermissibly excludes economic substitutes. The commenter cited examples of food delivery applications and automobile purchase 294 Some of these commenters further claimed the cost-benefit analysis did not consider potential impacts on money transfer services for incarcerated people, which they considered to be a distinct product market. In the response to general comments above, the CFPB responds to comments calling for the CFPB to divide the proposed market into separate markets for purposes of this rulemaking. The impacts analysis in part VII further explains how it analyzes the impacts in the market adopted in the Final Rule. E:\FR\FM\10DER2.SGM 10DER2 99628 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 applications that facilitating payments that consumers also can make through payment functionalities that have general use.295 The CFPB similarly declines the consumer group comments suggesting that the Final Rule clarify that marketplaces meet the definition of ‘‘general use.’’ Regardless of whether they meet that definition, for the reasons discussed in the section-by-section analysis of ‘‘consumer payment transaction’’ above, the Final Rule adopts the proposed exclusion in paragraph (C) of the definition of that term for marketplace payment functionalities. The CFPB disagrees with the industry and nonprofit comments stating that the CFPB should adopt a narrower definition of ‘‘general use’’ that would exclude some or all peer-to-peer payment applications. Like a payment functionality that can be used to pay two or more unaffiliated merchants, a peer-to-peer payment functionality enables transfers for consumer payment transactions to multiple, unaffiliated individuals. Thus, it is appropriate to for payment functionalities that solely support payments to friends and family to fall within the definition of ‘‘general use’’ in the Final Rule. In addition, the market increasingly bundles both types of payments and many peer-to-peer payment functionalities can be used formally or informally to make payments for purchases. Defining the market based on the status of the recipient as a consumer or a business, as the commenter suggests, would be inconsistent with how the market has evolved, as further discussed above in the response to comments on the market definition in § 1090.109(a)(1). In addition, peer-to-peer digital consumer payment applications often support payments to millions if not tens of millions of other users including in some circumstances that industry describes as a ‘‘closed loop’’ system. For example, even in such a system, often any adult consumer who can pass identity verification can enroll to receive funds.296 The Final Rule 295 For the reasons described at the outset of the section-by-section analysis above, the CFPB disagrees with the industry association comment that concluded that antitrust law governs how the CFPB must define larger participants in a market for consumer financial products or services pursuant to CFPB section 1024(a)(1)(B). In addition, as discussed further above, the CFPB disagrees that it would be appropriate for the market to include merchant and marketplace payment functionalities described by the exclusion in paragraph (C) of the definition of ‘‘consumer payment transaction.’’ 296 CFPB Deposit Insurance Spotlight, supra (‘‘In closed loop systems, transactions are enabled through a single provider. Under this model, both VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 therefore does not treat the need for a recipient to sign up for an account to receive funds as a basis for excluding the corresponding covered payment functionality from the definition of ‘‘general use.’’ This approach also promotes consistent oversight of consumer financial products and services that allow consumers to send funds to other consumers, without regard to whether they operate through depository institutions.297 The CFPB declines to adopt the suggestion by some industry commenters that the Final Rule exclude payment functionalities based on whether they are limited to use at what the industry association commenters described as a ‘‘finite’’ number of merchants. The term ‘‘finite’’ is not a workable standard for this Rule, and the CFPB disagrees with the industry commenters’ further suggestion that if it does not adopt that exclusion (or an exclusion for some other definite number), the rule would have the paradoxical effect of treating the universe of potential recipients in closed-loop payment systems for retail spending as infinite. These comments did not recognize that paragraph (B) of payer and receiver must have an account with the same provider to complete the payment.’’). 297 See also Julian Morris, Peer-to-Peer and Real Time Payments: A Primer, Int’l Ctr. For Law & Econ. (Aug. 21, 2023) (generally describing how ‘‘closed loop’’ is more of an indicator that the platform may operate outside of the banking system), https:// laweconcenter.org/resources/peer-to-peer-and-realtime-payments-a-primer/ (last visited Oct. 24, 2024). The Final Rule also does not define ‘‘general use’’ by reference to peer-to-peer payment systems that may be described as ‘‘closed loop’’ because usage of the term ‘‘closed loop’’ in that context varies and the market is rapidly evolving. See, e.g., CFPB Deposit Insurance Spotlight, supra (describing how ‘‘[c]losed loop payment systems are often connected to traditional open loop systems, so funds can be deposited or withdrawn out of the closed loop system.’’); Getting the U.S. Banking Market Ready for Instant Payments, PaymentsJournal (May 21, 2024) (‘‘In other parts of the world, fintechs have taken the lead by converting their closed-loop stored value wallet propositions and making them interoperable on the back of real-time payment systems. U.S. fintechs have the same opportunity.’’), https:// www.paymentsjournal.com/getting-the-u-s-bankingmarket-ready-for-instant-payments/ (last visited Nov. 8, 2024); VISA, In 2024, payments to get global, open, tailored and interoperable (Dec. 15, 2023) (describing how ‘‘money-moving apps and wallets’’ operating within their own ‘‘siloed ecosystem . . . is beginning to change. With payments players prioritizing interoperability, we will soon see a more seamless future-state of global money movement—one where paying across services is as seamless as using any one service’’), https://usa.visa.com/visa-everywhere/blog/bdp/ 2023/12/14/in-2024-payments-1702577675756.html (last visited Nov. 8, 2024); VISA, Introducing Visa+ (describing new Visa+ product launched in the United States where ‘‘users set up one payname in their preferred wallet, and pay or get paid regardless of the participating app their peers use.’’), https://usa.visa.com/products/visaplus.html. (last visited Nov. 8, 2024). PO 00000 Frm 00048 Fmt 4701 Sfmt 4700 the proposed definition of ‘‘general use’’ already excluded closed-loop gift cards.298 And the comment did not provide a justification for this Rule to adopt a broader exclusion, such as for payment functionalities usable at multiple unaffiliated merchants. The CFPB also disagrees with the individual commenter that the Rule should define ‘‘general use’’ based on the reaching a specific quantity of merchants, platforms, and purposes. The commenter did not provide any justification for the specific numbers of merchants, platforms, and purposes they proposed. In addition, the range of goods and services offered by an individual merchant can vary widely across merchants. As a result, the number of merchants where a consumer can make purchases is not necessarily an indicator of ‘‘general use.’’ However, the CFPB agrees that additional clarification may be helpful as to whether the type of payment account excluded from Regulation E (by virtue of only being usable at a single merchant or its affiliates) also would be excluded from the market definition here based on lacking ‘‘general use.’’ The CFPB provides those clarifications below in the discussion of the revised definition of ‘‘general use’’ adopted in Final Rule.299 Finally, the CFPB does not agree with the industry firm commenter that the Proposed Rule created significant uncertainty as to whether certain cards, codes, or other devices described in Regulation E section 1005.20(b) would have general use for purposes of this rule. No other commenter raised this issue, and the commenter that raised the issue did not explain why it believed that the CFPB would view all of the cards, codes, or other devices described in Regulation E section 1005.20(b) as 298 In describing the exclusion they were seeking, these commenters referred to a description of ‘‘closed-loop prepaid cards’’ without acknowledging that term included gift cards, which the Proposed Rule already proposed to exclude in paragraph (B) of the definition of ‘‘general use.’’ See also CFPB, Final Prepaid Account Rule, 81 FR 83934, 83936 (Nov. 22, 2016) (explaining how ‘‘consumers can only use funds stored on closedloop prepaid products at designated locations (e.g., at a specific merchant or group of merchants in the case of certain gift cards; within a specific transportation system in the case of transit cards)’’) (emphasis added). 299 The Final Rule does not adopt the consumer group suggestion of clarifying that online marketplace payment functionalities have ‘‘general use’’ because, for the reasons discussed in the section-by-section analysis of ‘‘consumer payment transaction’’ above, the Final Rule does not drop the exclusion in paragraph (C) of the definition of that term. The requested clarification would create confusion, suggesting online marketplace payment functionalities excluded by paragraph (C) are covered by the definition of ‘‘general use.’’ E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 having general use, especially in light of the other examples of accounts that would not have general use described in proposed paragraph (B). In any event, the CFPB disagrees that Regulation E section 1005.20(b)(2) describes accounts that would not have general use for purposes of this rule. Section 1005.20(b)(2) describes general-purpose reloadable cards that are not marketed as gift cards or gift certificates. But the absence of gift marketing does not render these cards lacking in general use, and if they are loaded into a general-use digital consumer payment application, then they may fall within the market definition. Final Rule In response to the comments analyzed above, the CFPB includes the proposed term ‘‘general use’’ in the Final Rule but defines it differently than the proposal did. Rather than adopting the proposal to define ‘‘general use’’ using the ‘‘absence of significant limitations on the purpose’’ standard and providing illustrative examples of activities that would or would not meet the standard, the Final Rule adopts an alternative standard that is clearer and more administrable, along with specific, enumerated exceptions. This approach addresses comments as discussed above and described below. For purposes of the Final Rule, ‘‘general use’’ is defined as usable for a consumer to transfer funds in a consumer payment transaction to multiple, unaffiliated persons. The CFPB is adopting this new standard because it is clearer and more administrable, and more closely aligns with the similar concept in Regulation E.300 The definition is subject to specific exceptions as described below. This approach is based upon similar concepts in Regulation E, and therefore improves clarity and reduces uncertainty. For example, Regulation E defines a prepaid card that has ‘‘general use’’ for purchases based on being ‘‘[r]edeemable upon presentation at multiple, unaffiliated merchants for goods and services[.]’’ 301 Similarly, under the Final Rule, a payment functionality that facilitates payments to multiple, unaffiliated merchants for goods and services also would have ‘‘general use,’’ unless an exception applies. Also similar to Regulation E, a 300 The term ‘‘general use’’ in the Final Rule has certain similarities to terms in Regulation E, 12 CFR part 1005, but differs in some substantive respects as specified below. Usage, or omission, of specific language from EFTA or Regulation E in the Final Rule is not an endorsement by the CFPB of any specific interpretation of EFTA or Regulation E. 301 12 CFR 1005.20(a)(3)(ii). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 payment functionality would not meet the definition of ‘‘general use’’ in the Final Rule if the consumer payment transactions it facilitates are solely for a single merchant and its affiliated companies. In addition, consumers use digital consumer payment applications to transfer funds from additional types of payment methods beyond prepaid cards (e.g., other prepaid accounts, bank accounts, and credit cards) and to make payments to additional types of entities beyond merchants. Therefore, the CFPB does not view Regulation E as encompassing the full scope of activity that market participants include within their general-use digital consumer payment applications. For that reason, the Final Rule does not adopt the precise phrase used to define ‘‘general use’’ in the Regulation E definition of prepaid cards, which generally facilitate purchase transactions from merchants. The Final Rule instead adopts the phrase ‘‘multiple, unaffiliated persons’’ to define the universe of potential recipients of transfers of funds that determine whether a payment functionality has ‘‘general use.’’ 302 If a covered payment functionality facilitates consumer payment transactions to multiple unaffiliated entities that are not merchants, it would qualify as having ‘‘general use,’’ unless an exception applies. Further, if a covered payment functionality facilitates consumer payment transactions to multiple individuals such as family or friends not acting as merchants, that covered payment functionality still would qualify as ‘‘general use’’ for purposes of the Final Rule, unless an exception applies.303 Although this approach includes many common peer-to-peer transfer systems in the definition of ‘‘general use,’’ the CFPB disagrees with the industry commenters that this indicates the definition is too broad.304 As discussed 302 See also Regulation E, 12 CFR 1005.2(b)(3)(i)(D)(2) (defining ‘‘prepaid account’’ to include accounts with the ‘‘primary function [ ] to conduct person-to-person transfers’’). 303 The CFPA defines ‘‘affiliate’’ in section 1002(1) on the basis of a control relationship between two persons. Two consumers generally would not qualify as ‘‘affiliates’’ because they generally do not ‘‘control’’ one another for purposes of the CFPA. 304 A number of industry commenters suggested the proposed definition was too broad because the Proposed Rule stated that a covered payment functionality dedicated to transferring funds to incarcerated people may have ‘‘general use’’ based on recipients’ ability to use transferred funds for purchase of a variety of types of goods, even when those uses might not be subject to Regulation E. The Final Rule does not adopt that approach because the definition of ‘‘general use’’ in the Final Rule does not depend on the uses of funds by payment recipients. PO 00000 Frm 00049 Fmt 4701 Sfmt 4700 99629 above, given their mixed use, these covered payment functionalities often facilitate consumer payment transactions to sole proprietors and other small businesses anyway. With regard to the list of examples in proposed paragraphs (A)–(D) that would not have met the proposed definition of ‘‘general use,’’ as described below, some are not adopted in the Final Rule because it already excludes them in other ways, others are maintained with modifications, and two are not adopted because the Final Rule includes the corresponding examples in the market. First, the Final Rule need not adopt proposed paragraph (A) because the CFPB understands that other revisions the Final Rule would make the exclusion in proposed paragraph (A) unnecessary.305 First, the Final Rule need not adopt proposed paragraph (A) because the CFPB understands that other revisions the Final Rule would make the exclusion in proposed paragraph (A) unnecessary. Specifically, if a merchant or marketplace sells or leases only specific types of goods, services, or other property, then a payment functionality that is limited to facilitating payments to that merchant or marketplace already would be excluded from the Final Rule for other reasons. For example, the definition of ‘‘general use’’ in the Final Rule already does not cover a payment functionality that facilities consumer payment transactions solely by facilitating a purchase from a single merchant or its affiliated companies, including a merchant providing any of the types of goods, services, or other property listed in proposed paragraph (A).306 Such activities do not facilitate payments to ‘‘multiple, unaffiliated persons’’ in the definition of ‘‘general use.’’ In addition, to the extent an online marketplace 305 This approach also makes the definition of ‘‘general use’’ more consistent with similar concepts in Regulation E. Under paragraph (A) in the proposed definition of ‘‘general use,’’ a payment functionality that solely supports the purchase or lease of a specific type of services, goods, or other property from multiple, unaffiliated merchants would not have had ‘‘general use.’’ However, the relevant provisions of the definitions of ‘‘prepaid account’’ and ‘‘general-use prepaid card’’ in Regulation E apply to accounts redeemable at multiple unaffiliated merchants, regardless of whether they sell the same specific type of services, goods, or other property. 12 CFR 1005.2(b)(3)(i)(D)(2) & 1005.20(a)(3)(ii). By not including that exception, the definition of ‘‘general use’’ in the Final Rule is more consistent with Regulation E, which contains no such exclusion from the definition of ‘‘general-use prepaid card’’ or ‘‘prepaid account’’ discussed above. 306 The definition of ‘‘general use’’ in the Final Rule also does not include a payment functionality that facilitates consumer payment transactions solely to purchase consumer financial products or services from a single provider and their affiliated companies. E:\FR\FM\10DER2.SGM 10DER2 99630 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 operator’s payment functionality facilitates payments to multiple, unaffiliated persons for the purchase of goods or services a consumer selects from the online marketplace (including a marketplace offering only specific types of goods or services), the online marketplace operator’s conduct of those payment transactions already would be excluded from the definition of ‘‘consumer payment transaction’’ as described above. Second, the Final Rule adopts other examples described in proposed paragraphs (B) and (C) with certain modifications described below for clarity. In paragraph (B) of the proposed definition of ‘‘general use,’’ the CFPB proposed to exclude using certain accounts described in Regulation E section 1005.2(b)(3)(ii)(A), (C), and (D), which Regulation E excludes from the definition of ‘‘prepaid account.’’ The CFPB did not receive any comments agreeing or disagreeing with the exclusions described in proposed paragraph (B).307 Notwithstanding the adoption of a more specific definition of ‘‘general use’’ described above, the CFPB does not view these types of highly-specialized payment functionalities as having ‘‘general use’’ for purposes of this rule. For the reasons explained in the Proposed Rule as described above, the Final Rule therefore maintains these exclusions by listing them as exceptions. In addition, the Final Rule adopts the exception in proposed paragraph (C) to pay a specific debt or type of debt. The Final Rule also clarifies that this exception excludes additional examples beyond loan servicing functionalities that facilitate repayment of extensions of consumer credit. The Final Rule states that this exception excludes payment functionalities provided solely for paying the following two types of debts: (1) Debts owed in connection with origination or repayment of an extension of consumer credit; or (2) Debts in default. Through these 307 As noted above, two industry associations expressed general support for excluding closed-loop transactions in a manner consistent with Regulation E. In addition, while acknowledging the exclusion for using accounts described in 12 CFR 1005.2(b)(3)(ii)(C), some consumer groups suggested that the Final Rule should clarify that other payment apps directed at servicemembers can have ‘‘general use.’’ Subject to the exceptions discussed here, the definition of ‘‘general use’’ in the Final Rule applies when to a covered payment functionality that facilitates payments to multiple, unaffiliated persons, regardless of whether the functionality is directed at servicemembers. In addition, as discussed above, one commenter sought clarification regarding how the CFPB reads the exclusion for using accounts described in 12 CFR 1005.2(b)(3)(ii)(D), which the CFPB discusses above. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 exceptions, the Final Rule separates the market it defines from other distinct markets as described below. It therefore does not include those payment functionalities in the definition of this market. With respect to the type of debts described in paragraph (1), just as the Proposed Rule did not seek to cover loan servicing such as the servicing of mortgage loans (which is part of the mortgage market), it also did not seek to cover payment functionalities that facilitate payments made in connection with origination of a mortgage loan (such as payments through closing or escrow accounts maintained by providers of real estate settlement services described in CFPA section 1002(15)(A)(viii)).308 The revised exception clarifies this. In addition, in paragraph (1), the Final Rule specifies the payment of debts in default as a second type of debt payment functionality that is excluded by paragraph (B). Specifically, consumers may pay debts in default through a debt collector as defined in 15 U.S.C. 1692a(6).309 As noted in part III above, the CFPB already has issued a rule defining larger participants in a market for consumer debt collection, and may supervise service providers to such persons under CFPA section 1024(e). And consumers may repay extensions of credit or debts in default through a debt settlement firm as described in CFPA section 1002(15)(A)(viii)(II).310 The CFPB also views the market for debt relief services as separate from the market for general-use digital consumer payment applications.311 Third, for the reasons described below, the Final Rule does not exclude the example described in proposed paragraph (D) for splitting charges for specific types of goods or services. As the industry association comment described above noted, consumers can use general-use consumer payment applications to make payments for split expenses. For example, a consumer may transfer funds to a friend or family member as reimbursement for food or other expenses. Whether the provider markets its digital application primarily for that use, or for other uses, it can 308 12 U.S.C. 5481(15)(A)(iii). Real estate settlement services generally are part of a distinct market for mortgage lending that is subject to additional applicable Federal consumer financial laws such as the Real Estate Settlement Procedures Act, 12 U.S.C. 2601 et seq. 309 Fair Debt Collection Practices Act, 15 U.S.C. 1692a(6). 310 12 U.S.C. 5481(15)(A)(viii)(II) (one type of ‘‘financial product or service’’). 311 Debt settlement is part of a distinct market that is subject to additional applicable Federal consumer financial laws such as the Telemarketing Sales Rule. 16 CFR part 310. PO 00000 Frm 00050 Fmt 4701 Sfmt 4700 meet the definition of ‘‘general use’’ adopted in this Final Rule. The CFPB does not believe this change significantly affects the market-related estimates discussed in the section-bysection analysis of the larger-participant test below or the impacts analyses in part VII below. For example, online marketplaces may help consumers to split bills and make associated payments in circumstances that already are excluded from the definition of ‘‘consumer payment transaction.’’ 312 In addition, other products and services marketed as ‘‘bill splitting apps’’ may help consumers to calculate the amount each consumer will pay, but either do not help consumers to make the associated payments or refer consumers to a third-party’s general-use digital consumer payment application to make the associated payments. Finally, the CFPB reiterates that each of the exceptions from the definition of ‘‘general use’’ in paragraphs (A) through (C) of the Final Rule is for a payment functionality provided through a digital application solely to support payments of the type listed in the exception. If a nonbank provides a payment functionality through a digital application to support one of the types of payments in paragraphs (A) through (C), but also to support peer-to-peer transfers to other accountholders generally, then it would still have general use, as described above. State Proposed § 1090.109(a) would have defined the term ‘‘State’’ to mean any State, territory, or possession of the United States; the District of Columbia; the Commonwealth of Puerto Rico; or any political subdivision thereof. For consistency, the CFPB proposed to use the same definition of ‘‘State’’ as used in the international money transfer larger participant rule, § 1090.107(a), which drew its definition from Regulation E subpart A.313 The CFPB requested comment on the proposed definition of State. No commenters addressed this aspect of the Proposed Rule, which the Final Rule adopts as proposed. 109(b) Test To Define Larger Participants Proposed § 1090.109(b) would have set forth a test to determine which 312 For example, if a consumer selects food for purchase by placing a restaurant order through an online marketplace platform operator that also conducts transactions to split the bill for that purchase, such activity may qualify for the exclusion in paragraph (C) of the definition of ‘‘consumer payment transaction.’’ 313 See International Money Transfer Larger Participant Final Rule, 79 FR 56631 at 56641. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations nonbank covered persons are larger participants in a market for general-use digital consumer payment applications as described in proposed § 1090.109(a). Under the proposed test, a nonbank covered person would have been a larger participant if it meets each of two criteria set forth in paragraphs (1) and (2) of proposed § 1090.109(b) respectively. First, paragraph (1) specified that the nonbank covered person must provide annual covered consumer payment transaction volume as defined in paragraph (3) of proposed § 1090.109(b) of at least five million transactions. Second, paragraph (2) specified that the nonbank covered person must not be a small business concern based on the applicable SBA size standard listed in 13 CFR part 121 for its primary industry as described in 13 CFR 121.107. The Final Rule summarizes and responds to comments about the test in the section-by-section analysis of this proposed definition below.314 khammond on DSK9W7S144PROD with RULES2 Comments Received Comments from two industry providers, two trade associations, and some Members of Congress commenters stated that the description in the Proposed Rule of the confidential data it relied upon was insufficient to allow for meaningful comment. As described below, these comments generally focused on two types of data the Proposed Rule did not release: confidential data about market participants’ activities that the CFPB used to estimate their larger participant status, and, relatedly, the identities of the individual entities included in the Proposed Rule’s estimate of the number of market participants that would qualify as larger participants. With regard to the proposal’s estimate of 17 larger participants, several Members of Congress criticized the Proposed Rule for not identifying the individual firms included in the estimate. They stated that the Proposed Rule was not specific enough to allow the public to identify larger participants, 314 As the Proposed Rule noted, prior to issuing the Proposed Rule, the CFPB conducted analysis of data sources as described in parts IV, V and VI of the Proposed Rule to identify likely market participants, and, to the extent of available data: (1) to inform its general understanding of the market; and, relatedly, (2) to estimate the level of market activity by market participants, the degree to which market participants would be small entities, and the level of market activity by larger participants. These estimates therefore relied to some degree on preliminary entity-level analysis that is not dispositive of whether the CFPB would ever seek to initiate supervisory activity at a given entity or whether, in the event of a person’s assertion that it is not a larger participant, the person would be found to be a larger participant. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 which they stated was necessary for the public to understand the implications of the proposal and to provide comprehensive feedback on its impact. A group of industry associations also stated that uncertainty in the proposed definition of ‘‘general use’’ left uncertainty about the identities of firms included in the estimate. Meanwhile, a banking industry association suggested that, separate from the rulemaking, the CFPB should publish a list of larger participants that are subject to supervision to help consumers and industry to better evaluate their relationships with these nonbanks. Some of these industry commenters also stated that the CFPB should release information about the confidential transaction data for individual firms that it used to make its estimates concerning the number of larger participants and their share of market participant that the Proposed Rule used in support of the proposed threshold. Two of these comments stated that the CFPB must release the data it relied upon, while the other comment called for releasing what it called a sanitized version of the NMLS data it used. One indicated that it needed such additional information to comment on the Proposed Rule’s estimate of the percentage of the market that larger participants comprised. This commenter also noted the acknowledgment in the Proposed Rule that the NMLS data may be overinclusive or underinclusive, and its acknowledgment about the lack of sufficient data to estimate larger participant status for certain market participants. Some of these commenters added that, in their view, more than 17 companies would qualify as larger participants, due in significant part to the inclusion of pass-through payment wallet functionalities within the market definition. Another industry association stated more generally that the Proposed Rule was not sufficiently transparent and that the rulemaking needs to provide more comprehensive information and justification for the threshold, which it stated should be sector-specific.315 Response to Comments Received The CFPB disagrees with commenters that the Proposed Rule did not provide sufficient information for commenters to offer meaningful comment. As discussed in the proposal and further below, the CFPB provided commenters 315 An industry commenter also noted in a footnote that they believed the CFPB could not rely upon data collected through its 2021 section 1022(c)(4) orders because, in their view, the CFPB did not comply with the Paperwork Reduction Act (PRA). PO 00000 Frm 00051 Fmt 4701 Sfmt 4700 99631 with extensive information about the data and other evidence supporting the rule to enable informed comment, including the sources of data, the CFPB’s methodology for analyzing the data, descriptions of market concentration, and the limitations of the data. While the Proposed Rule did not disclose entity-level transaction volume and revenue data, entities in this market generally keep this information confidential and do not disclose it to the public.316 The Bureau has routinely gathered this information in carrying out its statutory functions with the understanding that such information will be kept confidential consistent with the CFPA and its implementing rules. Congress anticipated that the CFPB would collect and rely on confidential data from a variety of sources to support its rulemaking and other statutory functions, and that it would use that information in a way designed to protect its confidentiality.317 The confidential transaction and revenue data that the CFPB relied on in the Proposed Rule came from two sources that the Bureau had access to: confidential supervisory information regularly shared by the States through NMLS and data obtained via the CFPB’s market monitoring functions.318 As the Proposed Rule indicated, the States collect nonpublic NMLS money services business call report data under explicit assurances of confidentiality.319 The NMLS collects all of this commercial or financial information from the States as part of State supervisory functions, also under assurances of confidentiality. On behalf of the States, the State financial regulator association that operates NMLS authorized the CFPB to use this robust dataset if it complied with the NMLS confidentiality conditions. When this information is shared with the CFPB, the CFPB also treats it as confidential supervisory information, which is generally protected from 316 As noted below, the only exception is wellknown entities in the market that are public companies, which disclose revenue information in public securities filings. 317 See 12 U.S.C. 5512(c)(1), (c)(3)(B), (c)(4), (c)(6), (c)(8); see also 12 CFR part 1070. 318 See 12 U.S.C. 5512(c)(8); 12 CFR part 1070. 319 The Proposed Rule (88 FR 80107 at 80209–10 n.83 & n.90) identified the public NMLS website with detailed information about the type of data collected in NMLS money services business call reports. In those materials, NMLS emphasizes to money services business that ‘‘[a]ll data submitted in the [MSB call] report is confidential[.]’’ NMLS MSB Call Report Overview and Definitions at 6 (‘‘Information Sharing’’), https://mortgage. nationwidelicensingsystem.org/licensees/resources/ LicenseeResources/MSBCR%20Overview%20%20(FINAL).pdf (last visited Nov. 8, 2024). E:\FR\FM\10DER2.SGM 10DER2 99632 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 disclosure by statute and CFPB implementing regulations.320 The Proposed Rule explained that the CFPB also collected certain information pursuant to orders issued pursuant to section 1022(c)(4) of the CFPA. Those orders provided that the CFPB will treat the information received in response to the order in accordance with its confidentiality regulations at 12 CFR 1070.40 through 1070.48.321 Confidential commercial or financial information about specific transaction volume collected through those orders also generally would be protected by FOIA exemption 4,322 and therefore would qualify as confidential information under 12 CFR 1070.2(f).323 In the CFPB’s experience, virtually no market participants publicly disclose their volume of consumer payment transactions as defined in the Proposed Rule, and unless a firm is a public company, it does not disclose its revenues. No commenters suggested that the individual firm-level transaction volume data or the revenue data of companies that are not public companies was not confidential information or generally available to anyone but the individual company itself. As discussed in the impacts analyses, in response to the proposal’s request for data, no commenters provided or pointed to sources of additional relevant data.324 320 CFPA sec. 1022(c)(6), 12 U.S.C. 5512(c)(6); 12 CFR 1070.40–48. The CFPB similarly would be obligated to keep such information confidential had it collected the information directly from the entities, see 12 CFR 1070.40–1070.48, in addition to increasing the burden on industry with duplicative requests, cf. 12 U.S.C. 5514(b)(3). 321 See https://files.consumerfinance.gov/f/ documents/cfpb_section-1022_generic-order_202110.pdf (last visited Nov. 7, 2024) (sample 1022 order on website cited in proposal, 88 FR 80197 at 80210 n.90, where the CFPB explained that ‘‘it obtained transaction and revenue data from six technology platforms offering payment services through a CFPB request pursuant to CFPA section 1022(c)(4)’’). See CFPB Orders Tech Giants to Turn Over Information on their Payment System Plans (Oct. 21, 2021) (CFPB 1022 Orders Press Release), https://www.consumerfinance.gov/about-us/ newsroom/cfpb-orders-tech-giants-to-turn-overinformation-on-their-payment-system-plans/. 322 See Food Mktg. Inst. v. Argus Leader Media, 588 U.S. 427 (2019). 323 The CFPB also disagrees with the comment suggesting that the CFPB’s section 1022(c)(4) orders did not comply with the PRA. These orders, which the CFPB addressed to six entities, were not subject to the PRA requirements. See 5 CFR 1320.3(c)(4) (defining ‘‘collection of information’’ from ‘‘ten or more persons’’ as subject to PRA). 324 88 FR 80197 at 80211. As discussed in the section-by-section analysis above, some commenters stated that the CFPB should use additional data sources to estimate the volume of consumer payment transactions that transfer digital assets such as crypto-assets and stablecoins. However, as discussed below, the Final Rule does not cover those transactions. Therefore, those data sources are not pertinent to the Final Rule. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 The CFPB reasonably relied on this confidential transaction data and revenue data in the Proposed Rule to provide estimates of the number of firms that would qualify as larger participants compared to the overall number of estimated market participants and estimates of larger participants’ market participation share of market activity. To conduct a preliminary entity-level analysis of which market participants may qualify as a larger participant under the Proposed Rule, the CFPB generally needed to use available data about the two criteria for the proposed largerparticipant test—an entity’s consumer payment transaction volume and its revenues (which generally governs small business concern status under applicable size standards). The absence of such information provided by commenters supports the conclusion that the money services business call reports when combined with the CFPB’s section 1022(b) order responses are the most comprehensive sources available for estimating transaction volume at the firm level for purposes of this rule. Both sources collect information about consumer payments facilitated in the United States by market participants. In addition, no commenter indicated that an individual firm itself did not have access to its own transaction volume data or its revenue data with which to assess its own larger participant status under the Proposed Rule. Comments describing potential difficulty individual firms could face in relying on available data to assess larger participant status referred to difficulties in counting of digital assets transactions, which the Final Rule does not include in the larger-participant test, as described below. Courts have held that an agency can rely on confidential information in its rulemaking so long as the agency discloses ‘‘sufficient factual detail and rationale for the rule to permit interested parties to comment meaningfully.’’ 325 Here, the Proposed Rule disclosed, among other information: (1) the sources of the data; (2) meaningful sources of additional public information about the data; 326 (3) the methodologies used to analyze the data; (4) the results of deploying those 325 See Fla. Power & Light Co. v. United States, 846 F.2d 765, 771 (D.C. Cir. 1988); see also Riverkeeper Inc. v. EPA, 475 F.3d 83, 112 (2d Cir. 2007); rev’d on other grounds, 556 U.S. 208 (2009). 326 88 FR 80197 at 80210 n.90 (providing links to NMLS and CFPB public websites where commenters could review descriptions of the type of data identified in the proposed rule and how the data was collected, including sample 1022 order and NMLS Money Services Business Call Report Overview described above). PO 00000 Frm 00052 Fmt 4701 Sfmt 4700 methodologies; (5) that the data indicated that the market was highly concentrated, with a few entities facilitating hundreds of millions or billions of consumer payment transactions annually; 327 (6) that only about one percent of market activity was conducted by an estimated three entities with transaction volume between the five and 10 million transaction thresholds considered in the Proposed Rule; 328 (7) aggregate transaction estimates for the proposal’s estimated 17 larger participants; (8) the extent to which the data sources did not include relevant data; and (9) the potential for uncertainty in its estimates based on the nature of the data. This detailed information enabled commenters to provide meaningful comment on, and criticize, the basis for the proposed test to define ‘‘larger participants’’ in the proposed market, and meaningful comment on whether the Final Rule should adopt a higher, lower, or different threshold for the largerparticipant test. As described further below, the CFPB received extensive, meaningful comment on these very questions (as well as numerous other aspects of the rule). The industry commenters described above also did not explain what additional information could be provided that would address their comments. The CFPB disagrees with the industry comments stating that it was necessary for the Proposed Rule to unmask confidential data, or otherwise provide additional information regarding confidential data, in order to allow for meaningful comment. As discussed above, the CFPB is obligated to maintain the confidentiality of the confidential transaction volume and revenue data described above. The CFPB could not provide a de-identified list of entities linked to their transaction and revenue data without significant risk of unmasking confidential data, nor did commenters provide any suggestions as to how the CFPB could disclose the data in a way that would both preserve confidentiality and improve commenters’ ability to provide 327 88 FR 80197 at 80210. See also, e.g., FIS 2023 Global Payments Report at 16 (‘‘North America’s credit and debit card markets are increasingly intermediated by a handful of major digital wallet brands. These initially consisted of PayPal, Google Pay and Apple Pay, but challengers such as Shop Pay (Shopify’s checkout solution) and Cash App Pay (recently becoming an open loop wallet) have joined the playing field.’’); 2022 Survey and Diary of Consumer Payment Choice: Summary Results, supra, at 1 (noting that two-thirds of consumers reported that they had adopted an online payment account such as PayPal, Venmo, or Zelle). The Proposed Rule cited both of these sources at 88 FR 80197 at 80200 n.25. 328 88 FR 80197 at 80210. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 meaningful comment on the Proposed Rule. The CFPB also declines the request by certain industry commenters to publicly disclose the identities of individual firms that comprised the rule’s estimate of the number of larger participants. That CFPB notes that, in their comments, several commenters specifically identified firms they believed would be larger participants, indicating that many commenters believed that they did not need the CFPB to identify those larger participants in order to provide meaningful comment on the rule. In any event, the CFPB disagrees that the identities of the estimated larger participants were critical facts that commenters needed in order to provide meaningful comment. As disclosed in the proposal, the CFPB relied on a number of considerations to define the market (discussed above) and the larger participant test (discussed below), none of which were the identities of potential larger participants. Based on those considerations, the information in the proposal described above, and the rest of the proposal, many commenters made specific comments on the proposed market definition and proposed threshold, which the CFPB has fully considered and responded to above (on the market definition) and below (on the larger participant test).329 The industry commenters seeking release of the list of 17 firms did not explain how public disclosure of their identities would allow for more meaningful comment. Further, these industry comments did not explain how the CFPB could make the disclosures they requested without disclosing confidential information, such as implications from such disclosure that could reveal confidential entity-level transaction information that the States obtained through their supervisory functions and made available to the CFPB through NMLS or information that an entity may customarily and actually treat as private.330 329 For example, many industry and some nonprofit commenters explained in detail why they believed the proposed market definition was too broad and why the proposed larger participant test would cover more larger participants than the CFPB estimated. However, none of those commenters stated how the methodology and data sources the proposal used and disclosed would have led the CFPB to fail to estimate any particular entity as a larger participant. And, as noted above, no firms provided additional data in response to the CFPB request. 330 For example, disclosing the identities of the 17 estimated larger participants in the Proposed Rule would have revealed that the entities had greater than 5 million consumer payment transactions based on the data available to the CFPB. And disclosing the names of all seven entities estimated VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 Finally, even if the CFPB’s estimates had relied entirely on public data (which they could not), public disclosure of the identities of estimated larger participants also may be misleading and incompatible with the administrative process that CFPB has established to determine which entities are larger participants.331 As the Proposed Rule noted, the market-wide estimates of the rule’s scope and impact are based only on ‘‘preliminary entitylevel analysis that is not dispositive’’ of larger participant status or whether the CFPB would conduct supervisory activity of the entity.332 As a result, publishing the CFPB’s preliminary entity-level analysis could misleadingly suggest that the CFPB already has determined these entities’ larger participant status. However, that is not the purpose of the CFPB’s preliminary entity-level analysis, which instead informs market-wide estimates of the aggregate scope and impact of the rule. By contrast, for markets in which the CFPB has finalized larger participant rules, the CFPB administers a separate process for such evaluation under section 103 of its larger participant regulation at part 1090. Based on noticeand-comment rulemaking, it designed that process to assess which entities qualify as larger participants. As described in the Proposed Rule, to determine if an individual entity qualifies as a larger participant, the CFPB can use that same section 103 process to request confidential supervisory information from the entity and the entity may voluntarily submit such information including to dispute it qualifies as a larger participant.333 The confidential supervisory process established in section 103 of part 1090 is an appropriate means for the CFPB to determine which entities are a larger participants.334 to be larger participants in this Final Rule would then reveal that the 10 entities who are no longer estimated to be larger participants have between 5 and 50 million consumer payment transactions per year. 331 See 12 CFR 1090.103(d) & (a). See also 88 FR 80197 at 80198. 332 88 FR 80197 at 80208 n.77. Even when publishing the highlights of supervisory findings of violations of Federal consumer financial law, the CFPB does not identify individual entities. See CFPB Supervisory Highlights Issue 35, Fall 2024 at 3 (‘‘To maintain the anonymity of the supervised institutions discussed in Supervisory Highlights, references to institutions generally are in the plural and the related findings may pertain to one or more institutions.’’), https://files.consumerfinance.gov/f/ documents/cfpb_supervisory-highlights-special-edauto-finance_2024-10.pdf (last visited Nov. 6, 2024). 333 See 12 CFR 1090.103(d) and (a). See also 88 FR 80197 at 80198. 334 With regard to the banking industry association’s comment seeking publication, outside PO 00000 Frm 00053 Fmt 4701 Sfmt 4700 99633 Final Rule In consideration of the comments described above on data used in the Proposed Rule and comments on the criteria and threshold for the proposed larger-participant test described below, the Final Rule adopts the two proposed criteria—annual covered consumer payment transaction volume and small business concern status. As described below, the Final Rule makes certain adjustments to the calculation of annual covered consumer payment transaction volume (by counting only those transactions denominated in U.S. dollars) and the threshold volume that determines when entities that are not small business concerns qualify as larger participants (adopting a significantly higher volume, of 50 million). Criteria Proposed Rule The Proposed Rule reiterated that the CFPB has discretion in choosing criteria for assessing whether a nonbank covered person is a larger participant of a market.335 It explained how the CFPB selects criteria that provide ‘‘a reasonable indication of a person’s level of market participation and impact on consumers.’’ 336 It noted how previous larger participant rulemakings acknowledged that, for any given market, there may be ‘‘several criteria, used alone or in combination, that could be viewed as reasonable alternatives.’’ 337 Here, the CFPB proposed to combine the two criteria described above: the annual covered consumer payment transaction volume and the size of the entity by reference to SBA size standards. The Proposed Rule’s largerparticipant test would have combined these criteria as follows: a nonbank covered person would have been a larger participant if its annual covered consumer payment transaction volume exceeded the proposed threshold, discussed in the section-by-section of the rulemaking process, of the names of larger participants, the CFPB declines to address that comment because it is beyond the scope of the rulemaking itself. 335 See, e.g., 77 FR 42874 at 42887 (consumer reporting larger participant rule describing such discretion); 77 FR 65775 at 65785 (same, in consumer debt collection larger participant rule). 336 77 FR 42874 at 42887 (consumer reporting larger participant rule); see also 80 FR 34796 at 37513 (automobile financing larger participant rule describing how aggregate annual originations are a ‘‘meaningful measure’’ of such participation and impact); 78 FR 73383 at 73393–94 (same, for account volume criterion in student loan servicing larger participant rule). 337 77 FR 65775 at 65785 (consumer debt collection larger participant rule). E:\FR\FM\10DER2.SGM 10DER2 99634 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 analysis further below, and, during the same time period (i.e., the preceding calendar year), it was not a small business concern. The first criterion would have been based on the number of consumer payment transactions. Specifically, proposed § 1090.109(b)(3) would have defined the term ‘‘annual covered consumer payment transaction volume’’ as the sum of the number of the consumer payment transactions that the nonbank covered person and its affiliated companies facilitated by providing general-use digital consumer payment applications in the preceding calendar year.338 The Proposed Rule explained how the CFPB viewed this to be an appropriate criterion for defining larger participants in a market defined by reference to products that facilitate certain consumer payments. Each transaction counted under this criterion also generally is a payment. In that way, a transaction is essentially a wellunderstood unit of market activity. The Proposed Rule further noted that, as in the CFPB’s international money transfer larger participant rule, here the number of transactions also reflects the extent of interactions between the nonbank covered person providing the in-market consumer financial product or service. Each one-time consumer payment transaction typically results from a single interaction with at least one consumer.339 And, in the case of recurring consumer payment transactions, consumers also have at least one interaction with the covered persons in the market. The number of transactions also is a common indicator of market participation.340 The Proposed Rule stated that the CFPB considered proposing different criteria, such as the dollar value of transactions or the annual receipts from market activity, and explained why it did not propose either of those alternatives. First, digital wallets often are used for consumer retail spending, which can grow in amount through inflation. For the proposed market that included digital wallets, a dollar value criterion may become affected by 338 Under the CFPA, the activities of affiliated companies are to be aggregated for purposes of computing activity levels in larger participant rules. See 12 U.S.C. 5514(a)(1)(B), (3)(B). 339 See, e.g., 79 FR 56631 at 56641 (international money transfer larger participant rule noting that the absolute number of transactions ‘‘reflects the extent of interactions’’ between the provider and the consumer because ‘‘each transfer represents a single interaction with at least one consumer’’). 340 State regulators, for example, require money transmitters to report this metric. See generally NMLS, Money Services Business Call Report, https://mortgage.nationwidelicensingsystem.org/slr/ common/Pages/MoneyServicesBusinesses CallReport.aspx (last visited Oct. 23, 2023). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 inflation or other factors.341 At the same time, as the Proposed Rule noted, in general, a higher number of transactions also may often comprise a higher dollar value of transactions. With respect to annual receipts, the Proposed Rule explained that data was less available, especially for market participants that are not publicly traded or that do not file call reports on money transmission at the State level. In addition, in the context of the market at issue, the Proposed Rule noted that an annual receipts criterion could miss significant market participation and consumer impacts, such as where a provider is subsidizing a product or otherwise not earning significant pertransaction revenues. As noted above, the CFPB proposed a second criterion that also must be satisfied for a nonbank covered person to be a larger participant, in addition to the annual covered payment volume criterion. Under the second criterion, in the previous calendar year, the nonbank must not have been a ‘‘small business concern’’ as that term is defined by section 3(a) of the Small Business Act, 15 U.S.C. 632(a), and implemented by the SBA under 13 CFR part 121, or any successor provisions. Thus, under the Proposed Rule, an entity would have been a small business concern if its size were at or below the SBA standard listed in 13 CFR part 121 for its primary industry as described in 13 CFR 121.107.342 The CFPB proposed this second criterion because it was not seeking to use this rulemaking as a means of expending its limited supervisory resources to examine small business concerns. The consumer digital payments applications market is potentially broad and dynamic, with rapid technological developments and new entrants. But many well-known market participants have large business operations that have an impact on millions of consumers. As explained in 341 In addition, as discussed in the impacts analyses in parts V and VI of the Proposed Rule, some of the data sources the CFPB relied upon in formulating the Proposed Rule may be overinclusive by including certain payments that are not within the market defined in the Proposed Rule, such as certain business-to-business payments. Those payments may have higher dollar values. The Proposed Rule noted how it would have been less affected by those data distortions by proposing number of transactions as a criterion. 342 In addition, under the SBA’s regulations, a concern’s size is measured by aggregating the relevant size metric across affiliates. See 13 CFR 121.103(a)(6) (‘‘In determining the concern’s size, SBA counts the receipts, employees, or other measure of size of the concern whose size is at issue and all of its domestic and foreign affiliates, regardless of whether the affiliates are organized for profit.’’). PO 00000 Frm 00054 Fmt 4701 Sfmt 4700 the Proposed Rule, in light of its resources, the CFPB believes that it would be preferable to focus on larger entities, instead of requiring all entities with an annual covered consumer payment transaction volume over five million to be subject to supervisory review under the Proposed Rule. If a particular nonbank covered person were a small business concern participating in this market in a manner that posed risks to consumers, the CFPB has authority to pursue risk-based supervision of such an entity pursuant to CFPA section 1024(a)(1)(C).343 The CFPB requested comment on its proposed criteria, including whether, instead of basing the annual volume criterion described above on number of consumer payment transactions, it should be based on a different metric, such as the dollar value of consumer payment transactions, and, if so, why. Comments Received A few industry commenters addressed the proposed criteria of volume of consumer payment transactions. Two industry associations and a law firm commenter stated that the amount (value) of a consumer payment transaction more directly correlates with risks to consumers than their frequency (volume).344 In their view, if two entities have the same transaction volume, then the one facilitating the higher dollar amount typically poses greater risk to consumers.345 Thus, in the view of one of these commenters, a test based on transaction value would better facilitate the CFPB’s operation of a risk-based nonbank supervision program as required by CFPA section 1024(b)(2). The second commenter stated that the CFPB should consider either a transaction value threshold alone or in conjunction with transaction volume. In its view, the proposal field to articulate a connection between transaction volume and risks to consumers across the various different types of activity in the market. The third commenter stated that either approach could be done, but recommended the combined approach in order to ensure the rule captures only larger participants. Finally, another industry association stated that to profitably 343 12 U.S.C. 5514(a)(1)(C). See generally 12 CFR part 1091 (regulations implementing CFPA section 1024(a)(1)(C)). 344 The industry association commenters also stated that the risks are different for firms that hold or transmit funds compared to those that transmit payment instructions or act as merchant payment processors. 345 At the same time, the law firm commenter indicated that, in its view, entities with lower consumer payment transaction volumes also generally pose less risk to consumers. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 serve lower-income consumers who conduct transactions with lower values, companies needed to engage in higher volumes of activity; but rather than describing this as a reason to use a different criteria, it described this as a reason to increase the transaction volume threshold, as discussed below. Some comments also addressed the proposed second criteria, an exclusion for entities that qualified as a small business concern in the previous year. Several commenters supported an exclusion for small businesses in general,346 though some stated that the exclusion did not change their views, discussed further below, that the proposed consumer payment transaction volume threshold was much too low. No commenter disagreed with excluding small business concerns from larger participant status with respect to transactions covered by the Final Rule.347 For example, two banking industry associations supported the proposed exclusion for a small business concern. Another industry association stated that it supported the proposed exclusion because it believed small business concerns should be provided more flexibility than its competitors to innovate and grow. This commenter also stated that the rulemaking should provide a fuller explanation of its impact, including whether the CFPB had identified any companies that exceed an annual consumer payment transaction volume threshold but would have qualified as small business concerns. It suggested that to the extent that small business concerns have a volume that exceeds the proposed threshold, this would support their view that the proposed transaction threshold was too low. It stated that consideration would be relevant not only with regard to the proposed threshold of five million annual consumer payment transactions, but also to potential thresholds of 50 million and 500 million annual consumer payment transactions. It also stated that the rule should consider what advantages a small business concern would have as a result of such an exclusion. Another industry association stated that the proposed small business exclusion was inadequate for identifying larger 346 An individual commenter that expressed general support for the Proposed Rule also stated that the CFPB should clarify the methods and data sources the CFPB would use to determine small business concern status. 347 Some commenters focused on the digital asset industry stated that the exclusion would be unfair to entities not eligible for small business status such as foreign businesses or nonprofits or entities that may be small but ineligible for small business concern status because they are dominant in their field. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 participants in this market for several reasons, including that the small business size standard updates every five years are not frequent enough for this market in light of its ongoing growth, the variety of product offerings market participants have means they can exceed the small business threshold even with small volumes of market activity, and, by their estimate, even based only on the market activity alone a small or medium-sized market participant serving approximately 220,000 consumers could exceed the highest potentially-applicable small business concern cutoff by charging a one percent fee on the value of the average consumer activity levels. Finally, another industry association agreed that many small businesses and startups have annual receipts that exceed small business concern size standards, in light of users’ average annual digital payment transaction values (which it stated were $7,610 in 2023). Response to Comments Received With regard to comments calling for the Final Rule to use a criteria other than the volume of consumer payment transactions, none of these commenters addressed the Proposed Rule’s rationale for proposing a volume rather than value-based criterion: the potential for inflation to shrink the coverage of the rule under a value-based criterion, and the potential for greater distortion to the extent data relied upon included business-to-business transactions that would not be in the market.348 For those reasons, the CFPB continues to favor use of a transaction volume criterion. In addition, the CFPB agrees with the industry comment noting that lowerincome consumers have significant adoption levels for general-use digital consumer payment applications. Compared with consumers that have higher incomes, smaller-dollar transactions by lower-income consumers generally would comprise a larger share of their disposable income. Their payment activity therefore may be better captured by a transaction volume criterion. Finally, the CFPB disagrees with the suggestion by a few commenters that the rule adopt an additional criteria, such as combining transaction volume and value. That approach would increase complexity in the administration of the rule and, given the significantly higher consumer payment transaction volume threshold adopted in the Final Rule discussed below, would not be necessary to ensure the rule only identifies bona fide larger 348 88 PO 00000 Fmt 4701 participants. In any event, when the CFPB prioritizes entities for examination based on indicators of risk, the CFPA provides a basis for the CFPB to consider, among other factors, not just the number but also the value of consumer payment transactions facilitated.349 The CFPB agrees with the commenters that a small business concern exclusion is appropriate for this larger participant rule. This exclusion will ensure that the CPFB’s exercise of its larger participant supervisory authority under this rule does not extend to small business concerns. The CFPB disagrees with the industry association commenter to the extent it was suggesting this exclusion is likely to confer undue advantages on small business concerns. As discussed in the below section-by-section analysis of the threshold for the larger-participant test, which the Final Rule sets at 50 million consumer payment transactions annually, available data does not establish that any nonbank market participant that exceeds that threshold would qualify as a small business concern. And even if a small business concern were to exceed the threshold, it would not necessarily avoid CFPB supervision simply due to not qualifying as a larger participant under this rule. For example, if its risk profile warranted prioritization for an exam, then the CFPB also may consider it for supervisory designation under CFPA section 1024(a)(1)(C). Finally, with regard to comments that the exclusion is inadequate to define larger participants (including comments stating that companies with volumes at or slightly above the proposed threshold of five million annual consumer payment transactions are unlikely to qualify as small business concerns under SBA size standards), the CFPB understands those comments to be primarily focused on the threshold for the other proposed criteria for the larger-participant test (the annual covered consumer payment transaction volume threshold). The CFPB further discusses comments on that threshold below. Final Rule As explained further above, the Final Rule adopts the two proposed criteria, and makes certain changes to the threshold and its calculation, as described below. 349 See CFPA section 1024(b)(2)(B), (E). 12 U.S.C. 5514(b)(2)(B), (E). FR 80197 at 80209. Frm 00055 99635 Sfmt 4700 E:\FR\FM\10DER2.SGM 10DER2 99636 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Threshold khammond on DSK9W7S144PROD with RULES2 Proposed Rule Under the Proposed Rule, a nonbank covered person would have been a larger participant in a market for general-use digital consumer payment applications if the nonbank covered person satisfies two criteria. First, it must facilitate an ‘‘annual covered consumer payment transaction volume,’’ as defined in proposed § 1090.109(b)(3), of at least five million transactions. As explained in proposed § 1090.109(b)(3)(i), the volume is aggregated across affiliated companies, as required by CFPA section 1024(a)(3)(B).350 Thus, the proposed threshold included the aggregate annual volume of consumer payment transactions facilitated by all generaluse digital consumer payment applications provided by the nonbank covered person and its affiliated companies in the preceding year.351 Second, under proposed § 1090.109(b)(2) as explained above, the CFPB also proposed to exclude from larger-participant status any entity in the proposed market that was a small business concern in the previous calendar year based on applicable SBA size standards.352 The Proposed Rule 350 12 U.S.C. 5514(a)(3)(B) (providing that, ‘‘[f]or purposes of computing activity levels under [CFPA section 1024(a)(1)] or rules issued thereunder [including larger participant rules issued under CFPA section 1024(a)(1)(B)], activities of affiliated companies (other than insured depository institutions and insured credit unions) shall be aggregated’’). 351 The Proposed Rule noted that the available data do not always conform to the precise market scope of covered consumer payment transactions. For example, the data do not always distinguish between transactions in which a business sent funds, which would not be covered consumer payment transactions, from transactions in which a consumer sent funds. In addition, in some cases the data may include funds a consumer transfers between one deposit or stored value account and another, both of which belong to the consumer. As the Proposed Rule further noted, the analysis in the Proposed Rule included transaction volume broadly defined, and the CFPB cannot distinguish between this overall activity and covered market activity (to the extent they differ). Therefore, the analysis in the Proposed Rule may be an overestimate of covered market activity and larger-participant status of providers of general-use digital consumer payment applications subject to the larger-participant threshold. 352 As discussed above and below, the proposed exclusion would have applied to any nonbank that, together with its affiliated companies, in the previous calendar year was a small business concern based on the applicable SBA size standard listed in 13 CFR part 121 for its primary industry as described in 13 CFR 121.107. The SBA defines size standards using North American Industry Classification System (NAICS) codes. The Proposed Rule noted that the CFPB believed that many—but not all—entities in the proposed market for generaluse digital consumer payment applications are likely classified in NAICS code 522320, ‘‘Financial Transactions Processing, Reserve, and VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 stated that the CFPB viewed this proposed threshold and the proposed small entity exclusion, discussed above, to be a reasonable means of defining larger participants in this market.353 The CFPB estimated in the Proposed Rule that the proposed threshold would have brought within the CFPB’s supervisory authority approximately 17 entities,354 about 9 percent of all known nonbank covered persons in the market for general-use digital consumer payment applications.355 The Proposed Clearinghouse Activities,’’ or NAICS code 522390, ‘‘Other Activities Related to Credit Intermediation.’’ Entities associated with NAICS code 522320 that have $47 million or less in annual receipts are currently defined by the SBA as small business concerns; for NAICS code 522390, the size standard is $28.5 million. However, the Proposed Rule noted that other entities that the CFPB believes to be operating in the proposed market may be classified in other NAICS codes industries that use different standards, including non-revenue-based SBA size standards, such as the number of employees. While the CFPB had data to estimate the SBA size status of some market participants in the Proposed Rule, such as publicly-traded companies, the CFPB lacked data sufficient to estimate the SBA size status of some market participants. See SBA, Table of Small Business Size Standards Matched to North American Industry Classification System Codes, effective March 17, 2023, Sector 52 (Finance and Insurance), https://www.sba.gov/document/ support--table-size-standards (last visited Oct. 26, 2023). 353 The Proposed Rule stated that the CFPB identified approximately 190 entities from available data that provide general-use digital consumer payment applications and may be subject to the Proposed Rule. Of those entities, the CFPB had data on about half sufficient to estimate largerparticipant status, including whether those entities would be subject to the small business exclusion built into the larger-participant test. The estimate that approximately 17 entities would have been larger participants was based on the set of entities for which the CFPB had sufficient information to estimate larger participant status. 354 The Proposed Rule noted that the estimate of 17 entities excluded entities where either (1) available information indicated that the small entity exclusion would have applied or (2) the CFPB lacked sufficient information regarding the entity’s size to assess whether the small entity exclusion would have applied. 355 The Proposed Rule described in detail how the CFPB based its market estimates on data from several sources. The CFPB obtained transaction and revenue data from six technology platforms offering payment services through a CFPB request pursuant to CFPA section 1022(c)(4). See CFPB 1022 Orders Press Release, supra. The CFPB was also able to access nonpublic transaction and revenue data for potential larger participants from the Nationwide Mortgage Licensing System & Registry (NMLS), a centralized licensing database used by many States to manage their license authorities with respect to various consumer financial industries, including money transmitters. Specifically, the CFPB accessed quarterly 2022 and 2023 filings from nonbank money transmitters in the Money Services Businesses (MSB) Call Reports data (for a description of the types of data reported in MSB call reports, see NMLS, Money Services Business Call Report). Additionally, the CFPB compiled a list of likely market participants, as well as transaction and revenue data where available, from several industry sources (including Elliptic Enterprises Limited) and various public sources including the CFPB’s Prepaid Card Agreement Database, https:// PO 00000 Frm 00056 Fmt 4701 Sfmt 4700 Rule noted that this was a rough estimate because the available data on entities operating in the proposed market for general-use digital consumer payment applications was incomplete.356 In the Proposed Rule, the CFPB anticipated that the proposed annual covered consumer payment transaction volume threshold of five million would have allowed the CFPB to supervise market participants that represent a substantial portion of the market for general-use digital consumer payment applications and have a significant impact on consumers. Available data indicated that the market for general-use digital consumer payment applications is highly concentrated, with a few entities that facilitate hundreds of millions or billions of consumer payment transactions annually, and a much larger number of firms facilitating fewer transactions. The Proposed Rule stated that the CFPB believed that a threshold of five million was reasonable, in part, because it would have enabled the CFPB to cover in its nonbank supervision program both the very largest providers of general-use digital consumer payment applications as well as a range of other providers of general-use digital consumer payment applications that play an important role in the marketplace. Further, certain populations of consumers, including more vulnerable consumers, may not transact with the very largest providers and instead may transact with the range of other providers that exceed the five million transaction threshold. According to the CFPB’s estimates in the Proposed Rule, the approximately 17 providers of general-use digital consumer payment applications that meet the proposed threshold collectively facilitated about 12.8 billion transactions in 2021, with a total dollar value of about $1.7 trillion. The CFPB estimated that these nonbanks were responsible for approximately 88 percent of known transactions in the nonbank market for general-use digital www.consumerfinance.gov/data-research/prepaidaccounts/search-agreements (last visited Oct. 23, 2023), company websites, press releases, and annual report filings with the U.S. Securities and Exchange Commission. 356 The Proposed Rule noted that its estimate that approximately 190 entities are participating in the market may have been an underestimate because, for certain entities, the CFPB lacked sufficient information to assess whether they provide a general-use digital consumer payment application. In addition, it noted that for some entities that are among the approximately 190 participants in the market, the CFPB lacked sufficient information to assess whether certain products they offer constitute a general-use digital consumer payment application. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations consumer payment applications.357 At the same time, this threshold likely would have subjected to the CFPB’s supervisory authority only entities that can reasonably be considered larger participants of the market defined in the Proposed Rule. Proposed § 1090.109(b)(3)(i) also would have clarified how the activities of affiliated companies of the nonbank covered person are included in the test when the affiliated companies also participate in the proposed market. It provided that, in aggregating transactions across affiliated companies, an individual consumer payment transaction would only have been counted once even if more than one affiliated company facilitated the transaction. It also provided that the annual covered consumer payment transaction volumes of the nonbank covered person and its affiliated companies would have been aggregated for the entire preceding calendar year, even if the affiliation did not exist for the entire calendar year. The Proposed Rule noted that because the general-use digital consumer payment applications market has evolved rapidly and market participants can grow quickly, the CFPB also was not proposing a test that is based on averaging multiple years of market activity. As a result, if an entity has less than the threshold amount for one or more calendar years but exceeds the threshold amount in the most recent calendar year, it would have been a larger participant. The Proposed Rule stated that this would have ensured that the CFPB can supervise nonbanks that quickly become larger participants, without waiting several years. The Proposed Rule further stated that the CFPB was considering a lower or higher threshold.358 Lowering the threshold therefore would not have substantially increased the number of entities subject to supervision, in part because many entities that exceed a lower threshold would have been excluded as small entities. Thus the Proposed Rule noted that lowering the threshold would have resulted in only a marginal increase in market coverage. The Proposed Rule provided an example of a higher threshold. The Proposed Rule estimated that an annual covered consumer payment transaction volume threshold of 10 million would have allowed the CFPB to supervise approximately 14 entities, representing approximately 87 percent of activity in this market.359 However, at this higher threshold the CFPB would not have been able to supervise as varied a mix of nonbank larger participants that, as discussed above, have a substantial impact on the full spectrum of consumers in the market. The CFPB sought comment, including suggestions of alternatives on the proposed threshold for defining larger participants of the market for generaluse digital consumer payment applications as defined in the Proposed Rule. Comments Received Many of the industry association commenters, a law firm, and some nonprofits stated that the proposed five million consumer payment transaction volume threshold was too low and did not identify bona fide larger participants. A nonprofit stated the threshold appeared designed to maximize oversight rather than define true larger participants. Some of these commenters stated that the proposed threshold was so low that it would treat virtually all market participants as larger participants, including those with very small market shares, exposing small/mid-size companies to supervision when they cannot support the cost of exams, and more generally stifling market entry, innovation, and competition. These commenters generally stated that the proposal did not adequately explain the reasoning and evidence in support of such a threshold.360 One industry association commenter encouraged the CFPB to set the threshold here cautiously, in consideration of the stage of this market’s development. It stated that, unlike in prior larger participant rules, this market is in the growth stage not the maturity stage, where data and settled expectations can be more helpful in the development of larger-participant tests. It viewed the proposed threshold as too low given the market’s current stage and stated that a higher threshold 359 See khammond on DSK9W7S144PROD with RULES2 357 See 88 FR 80197 at 80209–10 nn.86–91. The Proposed Rule noted that the 88 percent estimate was calculated among all of the entities for which the CFPB has transaction information. Id. n.92. 358 The Proposed Rule discussed an example of a lower threshold. An annual covered consumer payment transaction volume threshold of one million might have allowed the CFPB to supervise approximately 19 entities, still representing approximately 88 percent of activity in this market. See id. at 80210. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 id. nonprofit commenter also encouraged the CFPB to consider setting different thresholds in the Final Rule for what it referred to as different sectors within the proposed market. However, it did not state which parts of the market should be differentiated. The CFPB generally considers comments further above on whether to define a single market in this Final Rule. Because it has determined to do so, it is not finalizing a largerparticipant test that works differently for different parts of the market. 99637 as necessary for properly determining the true larger participants in the market as it matures and to allow for proper scalability within the market without impeding competition.361 Another industry association stated that the proposal of a small business exclusion for the first time in a larger participant rule appeared to support its concern that the proposed threshold was too low, and still would discourage firms that are not small businesses from entering the market. It suggested that the rulemaking should specifically consider a volume of 50 million or 500 million annual consumer payment transactions. It also criticized the Proposed Rule for not making clear whether entities who were small business concerns would have otherwise met the transaction volume threshold. It also stated that the rule should consider a threshold more in line with the debt collection larger participant rule, under which larger participants comprised an estimated 63 percent of market activity. Several industry associations offered rough estimates to illustrate how the proposed threshold would treat firms with very small market shares (ranging from, in their estimates, as low as 0.005 percent of overall consumer payment transactions to no more than two percent of app-based transactions) as larger participants, which in their view would not make them ‘‘larger’’ participants under the statute. Several of these commenters added that the proposed threshold would discourage entry into the market and innovation and competition. A nonprofit commenter suggested that the threshold would deter small and midsized businesses from expanding. One of the industry associations stated these effects could limit access to payment products for low-/moderate-income consumers, and urged the CPFB to set the threshold dynamically, at a level that represents a significant share of market activity. The law firm commenter added that the proposal would subject firms with barely five million consumer payment transactions annually to the same supervision as firms with hundreds of millions or billions of such transactions, when the smaller larger participants cannot sustain the costs of exams. 360 One PO 00000 Frm 00057 Fmt 4701 Sfmt 4700 361 This commenter also encouraged the CFPB to conduct periodic reviews of the threshold as the market grows to ensure it continues to capture larger participants. The CFPB notes that it already monitors this market, among others, as part of its statutory functions. See 12 U.S.C. 5512(c). The CFPB will continue to monitor this market and may consider adjustments to the threshold, to the extent necessary or appropriate through future rulemakings. E:\FR\FM\10DER2.SGM 10DER2 99638 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 On the other hand, banking and credit union industry trade associations supported the proposed five million consumer payment transaction volume threshold to define nonbanks that are larger participants. One of them called for periodic CFPB evaluation of this threshold including to see whether entities may be structuring their activities to evade it and publication of the results, while another called for adding criteria to capture large, wellresources, fast-growing organizations with fewer transactions.362 A nonprofit stated that two thirds of its members surveyed supported the proposed threshold, and that some of its members supported lowering the threshold to one million annual consumer payment transactions. Some consumer groups and part of the membership of a nonprofit also stated that the proposed threshold was too high because, among other reasons, some money transfer services for incarcerated people have a dominant position within that area despite facilitating less than five million consumer payment transactions. Other consumer groups estimated that large firms that contract with incarceration facilities to provide money transfer services would qualify as larger participants under the proposed largerparticipant test. They added that the CFPB should ensure that they are subject to the CFPB’s supervisory authority under a Final Rule.363 An industry association stated that the test should be applied over a longer period (at least two years) than the proposal (one year). They stated that short-term fluctuations could create an inaccurate determination of market share. They also noted that, given how the market has been growing, the CFPB should consider a threshold that is dynamic and grows as the market grows, so that if the market grows for example more than ten-fold in the future, the test still would reasonably identify larger participants. In addition, in their view, a one-year period would not provide sufficient time for entities to undertake the compliance improvements the proposal stated larger participants 362 This commenter did not offer a specific criteria for achieving its goal, which may better be achieved through the more flexible supervisory designation process than through a regulatory test. 363 These commenters also stated that the threshold test should include all consumer payment transactions a market participant facilitates, even when they are not facilitated through the digital application that made the entity a market participant. These commenters called for counting in-person, kiosk-based, and telephonic transfers, which they stated would qualify more correctional money-transfer companies as larger participants, and the test may be more efficient to administer because it would not require breaking out which transactions occur through the digital app channel. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 would undertake to prepare for supervision. Another commenter, a nonprofit, stated that an unspecified minority of its membership suggested applying the test over multiple years.364 Several consumer groups supported aggregating activities of affiliates for purposes of the transaction threshold in the proposed larger-participant test. In their view, without aggregation, market participants could avoid larger participant status by structuring different types of consumer payment transactions, such as consumer payment transactions using different types of stored value, through different entities within a corporate family. However, two industry commenters stated that the larger-participant test should not consider activities of affiliates. An industry association stated that aggregation would allow the CFPB to supervise activities of individual entities whose activity levels alone do not qualify them as larger participants, resulting in an internally contradictory result. Another industry association stated that, to avoid covering entities with low market shares, the rule should not count receipts of affiliates not engaged in market activity toward the small business concern test. Response to Comments Received 365 In consideration of comments on the Proposed Rule stating that the proposed threshold of five million annual consumer payment transactions was too low and could capture certain entities with very small market shares, as well as the comment suggesting that the CFPB consider thresholds of 50 million or 500 million annual consumer payment transactions, the Final Rule adopts the significantly higher threshold of 50 million annual consumer payment transactions. As discussed below, this higher threshold encompasses the group of firms that have considerably higher transaction volumes and are in the concentrated part of the market. The CFPB finds the higher threshold to be appropriate, considering the concentrated market structure and how a significant number of market participants that would not qualify as larger participants as discussed below. To the extent any firm has activity levels at or slightly above the threshold, 364 This commenter noted, without further elaboration, a suggestion of at least one member to set a first-year threshold of 10 million and a secondyear threshold at 5 million. 365 As noted in the section-by-section analysis further above, the CFPB is not including transfers of digital assets in the Final Rule. The CFPB considers the above comments on the proposed threshold in light of this update, which the Final Rule implements through a limitation in the threshold described further below. PO 00000 Frm 00058 Fmt 4701 Sfmt 4700 it may have an individual market share of less than one percent. But such a firm still has larger participation than the vast majority of participants.366 The CFPB also declines to adopt the industry association suggestion to make the threshold dynamic because that approach would be unnecessary and difficult to administer.367 For the reasons described above, the CFPB disagrees with the comments that supported the proposed threshold of five million annual consumer payment transactions. Based on available data, the CFPB estimates in the Final Rule suggest that all of those nonbanks with annual covered consumer payment transaction volume between 5 million and 50 million combined facilitate at most a few percent of the market activity. While some consumer groups estimated that a much higher threshold than the CFPB proposed may not capture some firms providing what they described as high-risk money transfer services to people who are incarcerated, those comments also stated that other large corporations provide a broad suite of money transfer services to people who are and are not incarcerated alike. In any event, as discussed above, the CFPB declines to define larger participants based on the goal of targeting activities that may pose specific types of levels of risk to consumers. As discussed in the sectionby-section analysis of the market definition further above, the CFPB accounts for risk when operating its nonbank supervision program. Any nonbank covered person, including firms providing digital services for consumers to transfer funds to incarcerated people, can qualify as a larger participant if it meets or exceeds the threshold in the Final Rule. And through operation of its risk-based larger participant supervision program, the CFPB may determine how to exercise its supervisory authority with respect to such a larger participant. Given the number of consumers those types of firms serve, even the higher threshold 366 See, e.g., Automobile Finance Larger Participant Rule, 80 FR 37496, 37515 (June 30, 2015) (‘‘Each of the [larger participants] provides or engages in hundreds of automobile originations each week and falls in the top 10 percent of nonbank entities in the market according to the Bureau’s estimates. They can reasonably be considered larger participants of the market. Some entities that meet this threshold will have considerably less than 1 percent market share, but that is due in large part to the fragmentation of the market and does not change the fact [that] they are ‘larger’ than the vast majority of participants.’’). 367 As noted above, to the extent necessary or appropriate, the CFPB may adjust the threshold through future rulemakings that may reflect shifts in the market and other data that may be available to the CFPB. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations that the Final Rule adopts is reasonably likely to allow it to conduct some supervisory activities in this area. In addition, given that the Final Rule adopts a higher threshold of 50 million annual consumer payment transactions as discussed below, the CFPB is not persuaded by claims by some commenters that nonbank firms would be discouraged from entry, innovation, or growth due to the potential exposure to CFPB examinations resulting from this rule. The CFPB notes its existing enforcement authority over market participants generally regardless of size, their existing obligations to comply with Federal consumer financial law regardless of size, how this rule imposes no substantive consumer protection obligations, how the CFPB uses a prioritization process to allocate limited supervisory resources toward those nonbanks that pose relatively higher risks to consumers, and that no firm that is a small business concern would incur the cost of examination under this rule. Considering all of these factors, the CFPB does not believe that this rule is likely to shape market participation patterns in the way those commenters describe. With regard to the industry association commenter asking whether any firms would have exceeded the proposed threshold but qualified for the small business concern exclusions, the CFPB notes that it did not include any such firms in its estimate of 17 larger participants because such firms would not have qualified as larger participants under the Proposed Rule. The Final Rule discusses this question further in the explanation below of the threshold adopted in the Final Rule. With regard to comments on the lookback period for applying the proposed larger-participant test, the CFPB disagrees that the rule should apply a longer period such as two years. Fluctuations in market participants’ transaction volumes may occur over time, but if their volumes exceed the threshold in a calendar year, then they would be sufficient, over a long enough time period (12 months), to conclude that the entity’s market activity has been having a significant impact on consumers. As the international money transfer larger participant rule noted in adopting a one-year lookback period, ‘‘[b]ecause the criterion directly measures the number of transfers in the market, it should not be subject to temporary fluctuations that are unrelated to an entity’s market participation.’’ 368 In addition, for this rule, as with the international money 368 79 FR 56631 at 56637. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 transfer larger participant rule, the CFPB ‘‘believes that the single-year approach will make the Final Rule’s definitions easier to apply . . . and alleviate the concern expressed by some commenters about the overall complexity of’’ certain provisions. For example, this is the first larger participant rule that adopts a larger-participant test with two criteria, and the first larger participant rule that adopts an exclusion for small business concerns as one of the criteria. It would significantly increase complexity in the administration of the test to judge two different criteria, which generally are measured over a calendar year (such as small business concern criteria measured by annual receipts) over multiple years.369 Further, to the extent commenters assumed that all entities that exceed the proposed threshold in the prior year for the first time would face immediate examination the following year, that assumption is an incorrect reading of the Proposed Rule. First, if the entity were a small business concern in the previous calendar year, under the proposed larger-participant test, it would not have qualified as a larger participant, even if its volume of consumer payment transactions did exceed the threshold for the first time in that same calendar year. Second, as the Proposed Rule explained, consistent with the CFPA, the CFPB conducts a risk-based supervision program for nonbanks subject to supervisory authority under CFPA section 1024(a). This includes a process for prioritizing entities for examination as described in its public Supervision and Examination Manual cited in the Proposed Rule and discussed in part I above. As part of that process, where appropriate, the CFPB can consider the entity’s volume of consumer payment transactions, including the degree to which it exceeds the transaction threshold and for how long it has exceeded that threshold. With regard to comments on the proposal to aggregate activities of affiliated companies, CFPA section 1024(a)(3)(B) requires aggregation of activity across affiliated companies for purposes of determining activity levels in larger participant rules. To clarify that the purpose of paragraph (b)(3) is to implement that requirement, the Final Rule adds language to the header for paragraph (b)(3) that describes the provision as outlining the ‘‘method’’ for computing aggregate activity levels. With regard to the industry association comment calling for the rule to assess 369 Although the CFPB’s first larger participant rules averaged annual receipts over time, those rules only adopted that single criterion (annual receipts). PO 00000 Frm 00059 Fmt 4701 Sfmt 4700 99639 small business concern status without counting receipts of affiliated companies, the CFPB disagrees. The overall size of the business organization, including affiliates, is a relevant reference point as the CFPB considers which types of entities may incur the estimated cost of examination pursuant to this rule. Final Rule The Final Rule adopts in paragraph (b)(3) a threshold annual covered consumer payment transaction volume of 50 million consumer payment transactions denominated in U.S. dollars as described further below.370 The CFPB estimates that seven nonbanks that are not small business concerns have annual consumer payment transaction volumes that exceed this threshold, that these seven nonbank firms account for approximately eight percent of the 85 market participants for which the CFPB has sufficient data to estimate larger participant status (and an even lower share of the approximately 130 known market participants),371 and that these 370 The Final Rule also makes non-substantive clarifying revisions to paragraph (b), including identifying in paragraph (b) that both criteria in paragraphs (b)(1) and (2) are based on the preceding calendar year and associated revisions. 371 Due to the Final Rule’s adoption of a threshold limited to transfers of funds denominated in U.S. dollars discussed further below, the Final Rule does not include in its estimate of nonbank market participants firms that appear to provide consumer payment transactions solely in the form of digital assets. The Final Rule also does not include in this estimate two firms that public information indicates are not nonbank market participants, as described in n.373 below. In addition, the estimated 130 nonbank market participants includes four additional nonbank financial firms, as follows: (1) Based on its review of the clarified definition of ‘‘general use’’ described above, the Final Rule has identified two nonbank financial firms that provide payment functionalities for family and friends to transfer funds to postsecondary students; (2) The removal of the proposed exclusion for bill splitting in the definition of ‘‘general use’’ described above also results in one estimated additional nonbank market participant; and (3) Through its general activities, the CFPB became aware of one additional nonbank providing a peer-to-peer app-based payment functionality for a deposit account. Nonbank financial institutions providing these services generally do not appear to be licensed as money transmitters and the account agreements do not appear to be filed in the CFPB’s prepaid account agreement database. Further, as noted above and in the Proposed Rule, an entity is included in the estimated number of nonbank market participants if public information indicates it currently offers at least one consumer financial product or service within the market definition; however, for some of these 130 estimated nonbank market participants, the CFPB lacks sufficient information to assess whether certain other products they offer or are developing constitute a general-use digital consumer payment application. As also noted in the Proposed Rule, the CFPB’s estimate of the number of nonbank market E:\FR\FM\10DER2.SGM Continued 10DER2 99640 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 seven nonbank firms facilitated approximately 13.3 billion consumer payment transactions, accounting for approximately 98 percent of the over 13.5 billion consumer payment transactions market participants provide.372 Despite the increase in the threshold, larger participants’ share of market activity also increased largely because the nonbank market size estimate in the Final Rule does not include an entity that the Final Rule estimates, based on further research in response to a comment described above, may not be a nonbank covered person.373 As some commenters noted, the market continues to grow and evolve rapidly and that some new entrants may participants may be an underestimate because, for certain entities, the CFPB lacks sufficient information to assess whether they provide a general-use digital consumer payment application. 372 Due to the threshold’s limitation to transfers of funds denominated in U.S. dollars discussed further below, the Final Rule does not include in the market transactions that the data sources specifically identify as digital assets transactions. In addition, as a result of that limitation on the threshold in the Final Rule, the Final Rule does not use the transaction volume data from the CFPB’s section 1022 order responses for one of the estimated larger participants and instead uses money service business call report data in NMLS. 373 To respond to the industry association comment (described above) asking whether any of the rulemaking’s estimated nonbank market participants would have exceeded the consumer payment transactions volume threshold and also qualified as a small business concern, the CFPB has reviewed public information and makes two updates to the estimates in the Final Rule. First, the CFPB identified one entity that would have exceeded the proposed transaction volume threshold that the proposal did not estimate to be a larger participant because the data sources described in the proposal did not indicate whether the entity was a small business concern. To respond to the comment, the CFPB reviewed public information, which suggested the entity may not be a nonbank covered person, and the Final Rule does not include that entity among the estimated nonbank market participants or its transaction volume in the market size estimate. Second, for another entity that had that level of transaction volume and which the proposal estimated was not a small business concern, the CFPB reviewed public information and found that the firm had previously sold its general-use digital consumer financial application to an unaffiliated entity, for which the CFPB lacks data to estimate its transaction volume data or whether it is a small business concern. Therefore, the Final Rule does not include the selling entity among the estimated market participants or its transaction volume in the market size estimate. As a result of these two updates, the CFPB estimates that all nonbank entities with data indicating over 50 million consumer payment transactions are not small business concerns. As noted, the CFPB still does not have transaction volume data for some market participants; to the extent any of them have over 50 million consumer payment transactions, it is possible they could be a small business concern. But given that the CFPB estimates that none of the seven nonbank firms that available transaction volume data indicates have over 50 million consumer payment transactions are small business concerns, it may be unlikely that if any other firms did have a volume that exceeds the threshold, they would be a small business concern. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 quickly exceed the proposed threshold of five million transactions. For the reasons explained above, the CFPB does not believe the threshold used to define a larger participant in this Final Rule is likely to significantly affect market activity such as new entry, innovation, and growth. But the significantly higher threshold the Final Rule adopts nonetheless would provide new entrants and others with smaller volumes more room to grow before coming under the CFPB umbrella of larger participant supervision in this rulemaking. For example, based on the estimates in the Final Rule at this threshold, eight fewer entities would qualify as larger participants because their volume of consumer payment transactions falls between 5 and 50 million annual consumer payment transactions (and another two are no longer estimated to be nonbank market participants, as noted above). Yet, the remaining entities that the CFPB estimates qualify as larger participants under the higher threshold adopted in the Final Rule still account for approximately 98 percent of the market activity as noted above. In addition, this higher threshold would allow CFPB supervision to focus more consistently on nonbank firms that account for almost all market activity including the part of the market that the Proposed Rule described as ‘‘highly concentrated, with a few entities that facilitate hundreds of millions or billions of consumer payments annually[.]’’ 374 At the same time, based on its estimates, the CPFB finds that the higher threshold still would serve the goal described in the Proposed Rule of covering larger participants that serve a mix of consumer populations including more vulnerable consumers such as justiceinvolved individuals as well as lowerincome consumers and the unbanked or underbanked populations more generally. In any event, because the seven nonbank firms that the CFPB estimates would be larger participants at the threshold of 50 million account for approximately 98 percent of market activity, the CFPB does not believe that adopting a lower threshold that would cover additional market activity would be warranted. The CFPB also does not believe that it would be appropriate to adopt a threshold that would result in substantially less market activity being covered, such as the estimated 63 percent in the consumer debt collection rulemaking that one industry association commenter suggested the CPFB consider here. As that rulemaking noted, the data used to estimate overall market activity included receipts from the collection of medical debt, which were not included in the largerparticipant test.375 As a result, the circumstances surrounding that estimate in that rule were unique to that rule and that test. In addition, due to the highlyconcentrated nature of the market described above, adopting any higher threshold (even 500 million transactions, as one commenter suggested the CFPB consider) would not significantly reduce larger participants’ share of market activity. A threshold of 500 million transactions would result in an estimated four larger participants with an estimated 96 percent share of market activity. The CFPB also does not seek to adopt a threshold at a level that is so high that it only captures the few largest participants, which would have the incongruous effect of treating only the largest participants as ‘‘larger’’ participants, and in any event would not achieve the CFPB’s stated goal of covering a mix of activities described above. In addition to increasing the threshold as described above, the Final Rule limits the definition of ‘‘annual covered consumer payment transaction volume’’ to transactions denominated in U.S. dollars. With this clarification (and a corresponding edit to paragraph (b)(3)(i)), the larger-participant test in this Final Rule excludes transfers of digital assets, including crypto-assets such as Bitcoin and stablecoins. For the reasons discussed in the section-bysection analysis of ‘‘consumer payment transaction’’ above, the Final Rule excludes these transactions from the threshold to ensure the administrability of the larger-participant test while the CPFB continues to monitor developments in the market for consumer payments involving digital assets. VI. Effective Date of Final Rule The Administrative Procedure Act generally requires that rules be published not less than 30 days before their effective dates.376 In the Proposed Rule, the CFPB proposed that, once issued, the Final Rule for this proposal would be effective 30 days after the Final Rule is published in the Federal Register. For the reasons discussed below, in consideration of the comments, the Final Rule adopts that effective date. Comments Received An industry trade association stated that nonbanks would need at least 90 375 77 374 88 PO 00000 FR 80197 at 80210. Frm 00060 Fmt 4701 376 5 Sfmt 4700 E:\FR\FM\10DER2.SGM FR 65775, 65788 n.98. U.S.C. 553(d). 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations days from publication in the Federal Register to prepare for CFPB supervision. This commenter stated that some companies may not have reasonable notice from the Proposed Rule that they are participating in the proposed market. The commenter also pointed to effective date periods of 60 or more days in previous larger participant rules as a precedent. A law firm made similar points in support of its view that a 60-day pre-effective date period is needed. It also noted that the rationale the CFPB adopted in the consumer reporting larger participant rule for a 60-day period—including recognizing the need for entities that have never been examined to conduct training to prepare for the CFPB examination process 377—also applies here.378 Finally, although two trade associations representing depository institutions and a trade association representing credit unions called for the CFPB to use or develop examination procedures for larger participants in a manner consistent with its procedures for examining banks and credit unions, they did not call for extending the effective date period. khammond on DSK9W7S144PROD with RULES2 Response to Comments Received The CFPB disagrees that additional time, beyond the minimum 30-day period prescribed by the APA noted above, is necessary before this Final Rule can take effect. Larger participant rules do not impose substantive consumer protection obligations. Although larger participants might choose to increase their compliance with Federal consumer financial law in response to the possibility of supervision, market participants are already obligated to comply, and should already comply with, applicable Federal consumer financial law, regardless of whether they are subject to supervision. Thus, entities that qualify as larger participants under the Final Rule should not require additional time to come into compliance with Federal consumer financial law. Moreover, the CFPB designs its examination 377 See 77 FR 65775 at 65778–79 & n.30 (consumer debt collection larger participant rule adopting rationale for a 60-day effective date period in the consumer reporting larger participant rule, recognizing that ‘‘companies affected by the Consumer Reporting Rule might not previously have been supervised at the Federal or State level’’). 378 A digital assets payment provider stated that a two-year implementation period would be needed to allow these types of firms and the CFPB time to prepare for supervision. A digital assets industry trade association stated that firms in this area would need more time to assess whether they are larger participants. The Final Rule does not include digital assets in the larger-participant test and therefore those issues are not relevant to setting the effective date. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 procedures and process to allow companies a reasonable amount of time to provide responses to information requests before examiners begin the examination. This is in addition to a 45day period in which the entity may challenge the assertion that it is a larger participant under 12 CFR 1090.103(a). In addition, the CFPB believes that many larger participants have examination experience at the State level, and in some cases with the CFPB.379 As noted in the Proposed Rule, some larger participants may already be subject to CFPB examination authority, including but not limited to as larger participants pursuant to the international money transfer larger participant rule. For all of these reasons, the CFPB disagrees that a later effective date is necessary to allow companies more time to prepare for CFPB supervision.380 VII. Dodd-Frank Act Section 1022(b) Analysis A. Overview In developing this Final Rule, the CFPB has considered the potential benefits, costs, and impacts of the Rule as required by section 1022(b)(2) of the CFPA.381 The Proposed Rule set forth a preliminary analysis of these effects, and the Bureau requested and received comments on the topic. The CFPB is issuing this Rule to establish supervisory authority over larger participants in the defined market for general-use digital consumer 379 The law firm commenter’s claim that many larger participants have not previously been examined was not supported by examples or specifics. It was unclear whether the commenter was considering examination at the State level, which was part of the rationale for the 60-day effective date in the consumer reporting larger participant rule as noted above. As noted above, many industry commenters stated that many market participants are money transmitters subject to examination at the State level. 380 With regard to an individual commenter’s suggestion of a two-phased adoption process, prior rules have not taken that approach and the CFPB believes it is not warranted here since, as noted above, larger participant rules do not impose substantive consumer protection obligations, and the Final Rule does not include digital assets transactions. 381 Specifically, CFPA section 1022(b)(2)(A) calls for the Bureau to consider the potential benefits and costs of a regulation to consumers and covered persons, including the potential reduction of access by consumers to consumer financial products or services; the impact on insured depository institutions and insured credit unions with $10 billion or less in total assets as described in CFPA section 1026; and the impact on consumers in rural areas. The manner and extent to which the provisions of 12 U.S.C. 5512(b)(2) apply to a rulemaking of this kind that does not establish standards of conduct are unclear. Nevertheless, to inform this rulemaking more fully, the CFPB performed the analysis described in those provisions of the CFPA. PO 00000 Frm 00061 Fmt 4701 Sfmt 4700 99641 payment applications. Participation in this market will be measured on the basis of the aggregate number of annual consumer payment transactions denominated in U.S. dollars that a nonbank facilitates through general-use digital consumer payment applications, defined in the Final Rule as ‘‘annual covered consumer payment transaction volume.’’ If a nonbank covered person, together with its affiliated companies, has an annual covered consumer payment transaction volume (measured for the preceding calendar year) of at least 50 million and is not a small business concern, it will be a larger participant in the market for general-use digital consumer payment applications. As prescribed by existing § 1090.102, any nonbank covered person that qualifies as a larger participant will retain larger participant status until two years from the first day of the tax year in which the person last met the largerparticipant test.382 B. Baseline for Analysis and Data Limitations The discussion below relies on information that the CFPB has obtained from industry, other regulatory agencies, and publicly-available sources, as well as on CFPB expertise. These sources form the basis for the CFPB’s consideration of the likely impacts of the Final Rule. The CFPB provides estimates, to the extent possible, of the potential benefits and costs to consumers and covered persons of this Final Rule, against a baseline in which the CFPB takes no action. This baseline includes the current state of the market and existing regulation, including the CFPB’s existing rules defining larger participants in certain markets.383 Many States have supervisory programs relating to money transfers, which may consider aspects of Federal consumer financial law.384 Federal prudential regulators’ supervisory programs for banks also may extend to certain nonbank service providers, and may consider aspects of Federal consumer financial law related to the banking institutions subject to the jurisdiction of 382 12 CFR 1090.102. e.g., 12 CFR 1090.107 (defining larger participants of a market for international money transfers subject to the CFPB’s supervisory authority under 12 U.S.C. 5514(a)(1)(B)). The CFPB has discretion in any rulemaking to choose an appropriate scope of analysis with respect to potential benefits and costs and an appropriate baseline. The CFPB, as a matter of discretion, has chosen to describe a broader range of potential effects to inform the rulemaking more fully. 384 The Financial Crimes Enforcement Network’s (FinCEN) Federal regulation of money transmitters generally does not apply Federal consumer financial law. 383 See, E:\FR\FM\10DER2.SGM 10DER2 99642 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 those regulators. However, the activities of larger participants in this market extend beyond State-regulated money transmitting and acting as service providers to banks. In addition, at present and other than the CFPB’s activities, no program for supervision of nonbanks that participate in the generaluse digital consumer payment applications market is dedicated exclusively to promoting compliance with Federal consumer financial law. To the extent that this rule establishes supervisory authority over entities or their activities that already are subject to State or Federal supervisory oversight, as discussed in parts I and V above, the CFPB coordinates with the applicable State and Federal regulators in the operation of its risk-based nonbank supervision program to prevent unnecessary duplication and burden. To the extent that entities already are subject to the CFPB’s supervisory authority (such as entities subject to supervision as service providers under section 1025(d) or 1026(e) of the CFPA or larger participants under a prior larger participant rulemaking), this rule will establish an additional basis for the CFPB to supervise those entities. The CFPB notes at the outset that limited data are available with which to quantify the potential benefits, costs, and impacts of the Final Rule. As described above, the CFPB has utilized various sources for quantitative information on the number of market participants, their annual revenue, and their number and dollar volume of transactions.385 However, the CFPB lacks detailed information about their rate of compliance with Federal consumer financial law and about the range of, and costs of, compliance mechanisms used by market participants. Further, as noted above in the section-by-section analysis of the threshold for the larger participant test, the CFPB lacks sufficient information on approximately one-third of known market participants necessary to estimate their larger-participant status.386 Compared to the lower threshold test of five million annual transactions that the CFPB proposed in the Proposed Rule, it is less likely that 385 See section-by-section analysis of § 1090.109(b). 386 As stated above, the CFPB estimates that approximately 130 entities operate in the market for providing general-use digital consumer payment applications as defined in the Final Rule. Of those entities, the CFPB has data on roughly two-thirds sufficient to estimate larger-participant status, including whether those entities would be subject to the exclusion for small business concerns. The CFPB estimates that approximately seven of those would be larger participants under the largerparticipant test defined in the Final Rule. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 those entities would be larger participants at the higher threshold test of 50 million annual transactions in the Final Rule. In light of these data limitations, this analysis generally provides a qualitative discussion of the benefits, costs, and impacts of the Final Rule. General economic principles, together with the limited data that are available and the CFPB’s experience operating its supervision program, provided insight into these benefits, costs, and impacts. Where possible, the CFPB has made quantitative estimates based on these principles and data as well as on its experience of undertaking supervision in other markets. C. General Comments Received on the 1022(b) Analysis Several industry commenters and some Members of Congress generally asserted that the cost-benefit analysis for the proposal was inadequate. For example, three industry associations stated that the proposal overlooked various direct and indirect costs associated with supervision and that it underestimated the costs, or that it opportunistically framed the costs and benefits, or that it overstated benefits of supervision with respect to larger participants that are not ‘‘financial institutions’’ under Regulation E implementing the EFTA and Regulation P implementing the GLBA. One industry association commenter referenced the cost to what it referred to as custodial and non-custodial cryptocurrency-asset wallet developers to change their business model in order to collect and verify identity and transaction information. Another industry association commenter stated that the cost of any new regulation, including this Rule, would be incorporated into production costs and passed on to the consumer. Similarly, another industry association commenter claimed the CFPB failed to explain how expanding its supervisory authority would bring about consumer benefits from increased compliance. In addition, a company commenter claimed that the proposal failed to account for all costs, to accurately quantify the benefits and costs, and to find that the benefits would outweigh the costs of the Rule. A law firm commenter stated that the costs of CFPB examinations would outweigh benefits to consumers for firms at or near the proposed threshold of five million transactions.387 387 Some commenters stated that the CFPB should conduct separate cost-benefit analyses for what they characterized as disparate markets. The CFPB responds to comments on the market definition PO 00000 Frm 00062 Fmt 4701 Sfmt 4700 The CFPB disagrees with the general assertion that its consideration of benefits and costs under section 1022(b) of the CFPA in the proposal was inadequate. The CFPB conducted a thorough analysis of the reasonablyavailable data to estimate and quantify benefits and costs to the extent possible. As noted in the proposal as well as above, where data do not support reliable quantitative estimates, the CFPB has qualitatively discussed potential benefits and costs based on general economic principles and its experience engaging in supervisory activities in other markets. The CFPB has provided additional responses to particular comments below, and where appropriate has updated its consideration of the Rule’s benefits and costs in response to comments. For example, some industry commenters provided additional information on wages and salaries as well as predictions of larger participants’ likely future staffing levels for CFPB supervisory examinations in this market and the CFPB has incorporated this information into cost calculations below. The CFPB notes that the general criticism of a lack of quantification generally was not accompanied by submissions of data that would aid in further quantifying potential costs or benefits that were not quantified in the proposal.388 Above and further below, the Rule discusses how expanding the supervisory authority of the CFPB to cover this market will help increase compliance. D. Potential Benefits and Costs to Consumers and Covered Persons The discussion below describes three categories of potential benefits and costs. First, the Final Rule authorizes the CFPB’s supervision of larger participants of a market for general-use digital consumer payment applications. Larger participants of the market may respond to the possibility of CFPB supervision by changing their compliance systems and conduct, and those changes may result in costs, benefits, or other impacts. Second, if the CFPB undertakes supervisory activity of specific larger participant providers of general-use digital consumer payment applications, those entities may incur costs from responding to supervisory activity, and the results of these above, in § 1090.109(a)(1). This section analyzes the costs and benefits of the Rule for the market defined in the Final Rule. 388 The Proposed Rule sought ‘‘submissions of additional data that could inform the CFPB’s analysis of the costs, benefits, and impacts of the Proposed Rule.’’ 88 FR 80197, 80211. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 individual supervisory activities also may produce benefits and costs. Third, the CFPB analyzes the costs that might be associated with entities’ efforts to assess whether they would qualify as larger participants under the Rule. 1. Benefits and Costs of Responses to the Possibility of CFPB Supervision Conducting an Examination or Other Supervisory Activities The Final Rule subjects larger participants of a market for general-use digital consumer payment applications to CFPB supervision. As described in the Proposed Rule, that the CFPB will be authorized to undertake supervisory activities with respect to a nonbank covered person who qualifies as a larger participant would not necessarily mean that the CFPB would in fact undertake such activities regarding that covered person in the near future. Rather, the CFPB generally would examine certain larger participants on a periodic or occasional basis. The CFPB’s decisions about supervision are informed, as applicable, by the factors set forth in CFPA section 1024(b)(2) 389 relating to the size and transaction volume of larger participants, the risks to consumers created by their provision of consumer financial products and services, the extent of State consumer protection oversight, and other factors the CFPB may determine are relevant. Part I of the Final Rule provides additional background on the CFPB’s risk-based prioritization process (including how it considers field market intelligence), which is not the subject of this rulemaking. Each entity that believes it qualifies as a larger participant will know that it is subject to CFPB supervision and might gauge, given its circumstances, the likelihood that the CFPB would initiate an examination or other supervisory activity. The prospect of potential CFPB supervisory activity could create an incentive for larger participants to allocate additional resources and attention to compliance with Federal consumer financial law, potentially leading to an increase in the level of compliance. They might anticipate that by doing so (and thereby decreasing risk to consumers), they could decrease the likelihood of their actually being subject to supervisory activities as the CFPB evaluated the factors outlined above. In addition, an actual examination would be likely to reveal past or present noncompliance, which the CFPB could seek to correct through supervisory activity or, in some cases, enforcement actions. Larger participants therefore 389 12 U.S.C. 5514(b)(2). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 might judge that the prospect of CFPB supervision increases the potential consequences of noncompliance with Federal consumer financial law, and they might seek to decrease that risk by taking steps to identify and cure or mitigate any noncompliance before the CFPB conducts an examination. The CFPB believes it is likely that many larger participants would increase compliance in response to the CFPB’s supervisory activity authorized by the Final Rule. However, because the Final Rule itself would not require any provider of general-use digital consumer payment applications to take such action, any estimate of the amount of increased compliance would require both an estimate of current compliance levels and a prediction of market participants’ behavior in response to a Final Rule. The data that the CFPB currently has do not support a specific quantitative estimate or prediction. But, to the extent that nonbank entities allocate resources to increasing their compliance in response to the Final Rule, that response would result in both benefits and costs.390 Benefits From Increased Compliance Based on Possibility of CFPB Examination Increased compliance with Federal consumer financial laws by larger participants in the market for generaluse digital consumer payment applications would be beneficial to consumers who use general-use digital payment applications. Increasing the rate of compliance with Federal consumer financial laws would benefit consumers and this market by providing more of the protections mandated by those laws. Entities are aware that the CFPB would be examining for compliance with applicable provisions of Federal consumer financial laws, including the EFTA and its implementing Regulation E, as well as the privacy provisions of the GLBA and their implementing Regulation P.391 In addition, the CFPB 390 Another approach to considering the benefits, costs, and impacts of the Proposed Rule would be to focus almost entirely on the supervision-related costs for larger participants and related benefits of any increased compliance resulting from examination activity and omit a broader consideration of the benefits and costs of increased compliance by entities in anticipation of such examination activity. As noted above, the CFPB has, as a matter of discretion, chosen to describe a broader range of potential effects to inform the rulemaking more fully. 391 The CFPB also can supervise larger participants for other Federal consumer financial laws that apply, including rules that have recently taken effect, such as the CFPB’s nonbank registration regulation at 12 CFR part 1092, or for which compliance is mandatory in the future, such as its Personal Financial Data Rights Rule. PO 00000 Frm 00063 Fmt 4701 Sfmt 4700 99643 would be examining for whether larger participants of the market for generaluse digital consumer payment applications engage in unfair, deceptive, or abusive acts or practices.392 Conduct that does not violate an express requirement of another Federal consumer financial law may nonetheless constitute an unfair, deceptive, or abusive act or practice. To the extent that any provider of generaluse digital consumer payment applications is currently engaged in any unfair, deceptive, or abusive acts or practices, the cessation of the unlawful act or practice would benefit consumers. Providers of general-use digital consumer payment applications might improve compliance policies and procedures in response to possible supervision in order to avoid engaging in unfair, deceptive, or abusive acts or practices. The possibility of CFPB supervision also may help to make incentives to comply with Federal consumer financial laws more consistent between the likely larger participants and insured banks and insured credit unions, which are subject to Federal supervision with respect to Federal consumer financial laws. Although some nonbank market participants already are subject to State supervision and also may be supervised by Federal prudential regulators in certain capacities, introducing the possibility of Federal supervision that applies to market activities regardless of the degree to which they are subject to State or Federal prudential regulatory oversight could encourage nonbanks that likely are larger participants to devote additional resources to compliance. It also could help to ensure that the benefits of Federal oversight reach consumers who do not have ready access to bank-provided general-use digital consumer payment applications. Comments Concerning Benefits of Increased Compliance Based on Possibility of CFPB Examination Two industry association commenters expressed doubt about whether there would be benefits to consumers from larger participants increasing compliance with Federal consumer financial laws in anticipation of a possible CFPB supervisory examination due to the data gaps described in the proposal and the lack of an estimate regarding the number of supervisory examinations the CFPB plans to undertake in any given year. These commenters moreover suggested that companies that believe they are larger participants will have to assume they 392 12 E:\FR\FM\10DER2.SGM U.S.C. 5531. 10DER2 99644 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations will be examined such that all potential larger participants would experience the increased anticipation cost associated with being subject to the rule. Response to Comments With respect to data gaps in the analysis of larger participant status, the CFPB notes that larger participants likely possess more information than the CFPB regarding their own transaction volume, revenue and/or employee counts necessary to determine their larger participant status. The CFPB expects the higher threshold of 50 million annual transactions to reduce uncertainty among potential larger participants as to their larger participant status. While the CFPA and CFPB regulations thereunder do not require larger participants to prepare for the examination process before they receive notice of an actual examination, the CFPB believes it is plausible that many larger participants would respond to the incentives described above as part of their risk-management strategy, especially if they expect there to be a reasonable chance of examination in the near future. Commenters did not offer evidence to the contrary. Part V of the Final Rule above provides additional discussion of general comments concerning the Final Rule’s promotion of compliance with Federal consumer financial law. khammond on DSK9W7S144PROD with RULES2 Costs of Increased Compliance Based on Possibility of CFPB Examination To the extent that nonbank larger participants would decide to increase resources dedicated to compliance in response to the possibility of increased supervision, the entities would bear any cost of any changes to their systems, protocols, or personnel. Whether and to what extent entities would increase resources dedicated to compliance and/ or pass those costs on to consumers would depend not only on the entities’ current practices and the changes they decide to make, but also on market conditions. The CFPB lacks detailed information with which to predict the extent to which increased costs would be borne by providers or passed on to consumers, to predict how providers might respond to higher costs, or to predict how consumers might respond to increased prices, and commenters did not provide such detailed information in their comments. The CFPB further considers and responds to related comments about the cost of compliance enhancements below. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 2. Benefits and Costs of Individual Supervisory Activities In addition to the responses of larger participants anticipating supervision, the possible consequences of the Final Rule would include the responses to and effects of individual examinations or other supervisory activity that the CFPB might conduct with respect to larger participants in the market for general-use digital consumer payment applications. Benefits of Supervisory Activities In the CFPB’s experience, supervisory activity generally provides several types of benefits. As discussed above, the CFPB operates a risk-based nonbank supervision program, and prioritizes markets and individual entities for supervisory activity on the basis of a risk assessment that considers the factors listed in CFPA section 1024(b)(2). Due to this risk-based approach, in the CFPB’s experience, the CFPB’s nonbank supervisory activities often uncover compliance deficiencies indicating harm or risks of harm to consumers.393 In its supervision and examination program, the CFPB generally prepares a supervisory letter or report of each examination. The CFPB shares examination findings with the supervised entity because one purpose of supervision is to inform the entity of problems detected by examiners. Thus, for example, an examination may find evidence of widespread noncompliance with Federal consumer financial law, or it may identify specific areas where an entity has inadvertently failed to comply, or it may identify weaknesses in compliance management systems including policies and procedures. These examples are only illustrative of the kinds of information an individual examination may identify. Detecting and informing supervised entities about such problems is generally beneficial to consumers including by identifying issues before they become systemic or cause significant harm. When the CFPB notifies entities about risks or noncompliance associated with aspects of their activities, the entities are expected to adjust their practices to reduce those risks. In the CFPB’s experience, those responses frequently result in increased compliance with Federal consumer financial law, with 393 See, e.g., response to general comments in part V above citing examples of Supervisory Highlights issues that identified compliance deficiencies, violations of Federal consumer financial law, and risks of violations of Federal consumer financial law by nonbank covered persons, including larger participants in other markets. PO 00000 Frm 00064 Fmt 4701 Sfmt 4700 benefits like those described above in connection with the possibility of CFPB examination. However, the benefits in connection with individual supervisory activities may be greater because the CFPB often will identify specific acts or practices that violate Federal consumer financial law and direct specific corrective actions including compliance improvements as well as restitution and remediation. For more than a decade, the CFPB has regularly described these corrective actions, including by larger participants, in its Supervisory Highlights publication.394 Such responses can also avert violations that would have occurred if CFPB supervision did not detect the risk or noncompliance promptly. In some circumstances, the CFPB also informs entities about acts or practices that risk violating Federal consumer financial law. Action to reduce those risks is also a benefit to consumers. Given the obligations providers of general-use digital consumer payment applications have under Federal consumer financial law and the existence of efforts to enforce such laws, including by the CFPB and States,395 and based on the CFPB’s supervisory experience in other markets, the CFPB also expects that the results of CFPB supervision will benefit larger participants under supervision by detecting compliance problems early. When an entity’s noncompliance results in litigation or an enforcement action, the entity must face both the costs of defending its action and the penalties for noncompliance, including potential liability to private plaintiffs. The entity must also adjust its systems to ensure future compliance. Changing practices that have been in place for long periods of time can be expected to be relatively difficult because they may be severe enough to represent a serious failing of an entity’s systems. Supervision may detect flaws at a point when correcting them would be relatively inexpensive. Catching problems early, in some situations, can forestall costly litigation. To the extent early correction limits the amount of consumer harm caused by a violation, it can help limit the cost of redress. In short, supervision is likely to benefit providers of general-use digital consumer payment applications under 394 See, e.g., id.; see also Supervisory Highlights (website compendium of all of these publications), supra, at https://www.consumerfinance.gov/ compliance/supervisory-highlights/ (last visited Oct. 17, 2024). 395 See, e.g., CFPB, Interpretive Rule, Authority of States to Enforce the Consumer Financial Protection Act of 2020, 87 FR 31940 (May 26, 2022) (interpreting CFPA section 1042 and related provisions). E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations supervision by, in the aggregate, reducing the need for other more expensive activities to achieve compliance.396 khammond on DSK9W7S144PROD with RULES2 Comments Regarding Benefits to Compliance The CFPB received differing comments regarding the potential compliance benefits of the Rule. Three nonprofits and one company commented that the proposal lacked support for the claimed benefit to consumers from increased compliance because the CFPB failed to demonstrate a baseline lack of compliance with Federal consumer financial laws. For example, one commenter stated that the proposal did not provide data to show that supervision and compliance positively correlate with consumer welfare. The company commenter criticized that the Bureau did not explain how much compliance there currently is and how much incremental compliance would be achieved by supervision. None of these commenters provided additional information that would aid in quantifying current compliance levels. In contrast, other commenters, including consumer groups, an industry commenter, and a group of State attorneys general, discussed related and additional potential benefits of the Rule without quantifying these specifically, including: ensuring compliance of payment applications and digital wallet providers with EFTA and the error resolution responsibilities of Regulation E; the improved ability of the CFPB to coordinate with State regulators to prevent or address violations of the prohibition against unfair, deceptive, and abusive acts and practices; effective oversight of compliance with the privacy provisions of the GLBA in order to address data privacy issues imposed by digital payment applications; and an improved ability of the CFPB to monitor 396 Further potential benefits to consumers, covered persons, or both might arise from the CFPB’s gathering of information during supervisory activities. The goals of supervision include informing the CFPB about activities of market participants and assessing risks to consumers and to markets for consumer financial products and services. The CFPB may use this information to improve regulation of consumer financial products and services and to improve enforcement of Federal consumer financial law, in order to better serve its mission of ensuring consumers’ access to fair, transparent, and competitive markets for such products and services. Benefits of this type would depend on what the CFPB learns during supervision and how it uses that knowledge. For example, because the CFPB might examine a number of larger participants in the market for general-use digital consumer payment applications, the CFPB would build an understanding of how effective compliance systems and processes function in that market. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 payment fraud, which one consumer advocate commenter described as extremely common. Three industry association commenters claimed that the proposal overstated the benefits of supervision under the Federal consumer financial laws it referenced because, commenters asserted, many market participants are not financial institutions under the EFTA and GLBA and their respective implementing regulations, and the Rule would therefore not have the stated compliance benefits for consumers of the products of those firms. Similarly, another industry association and one company asserted that pass-through wallets or payment method wallets are not subject to Regulation E. Two of the above-mentioned commenters from industry associations further stated that the proposal overstated benefits to consumers of supervision due to already-existing State and Federal oversight that they argued would be duplicative of the additional oversight established by this Rule. In contrast, several State attorneys general submitted a comment letter stating that the Rule would help existing regulatory oversight efforts in the market and would allow Federal and State authorities to coordinate to prevent unlawful conduct. Response to Comments The CFPB agrees with several commenters that this Rule provides potential benefits to consumers that may arise through increased supervision for compliance with Federal consumer financial laws including the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices, EFTA and Regulation E, and Regulation P and the privacy protections of the GLBA. The CFPB disagrees with comments suggesting that the CFPB must estimate or quantify the baseline level of noncompliance in the market in order to conclude that the Rule is likely to increase compliance. Such comments are inconsistent with the CFPB’s supervisory experience. As discussed above, the CFPB’s risk-based supervision program is designed to prioritize supervisory activity among nonbank covered persons on the basis of risk, and thus to focus on those activities where consumers have the greatest potential to be harmed. Further, following the issuance of its five prior larger participant rules, the CFPB has successfully used its supervisory authority to detect violations and promote compliance in each of the markets covered by those rules, as reflected in its Supervisory Highlights PO 00000 Frm 00065 Fmt 4701 Sfmt 4700 99645 publication.397 Above, the CFPB provides additional discussion of comments concerning the Final Rule’s promotion of compliance with Federal consumer financial law, including comments stating that the CFPB should measure the baseline level of noncompliance before issuing this Rule. With respect to comments that some market participants are not financial institutions subject to EFTA and GLBA, as discussed in the section-by-section analysis above, this rulemaking does not prescribe substantive consumer protections or otherwise determine the scope of those laws. Regardless, supervision of those entities that are financial institutions for their compliance with those laws will still benefit consumers. More broadly, the Bureau will examine whether larger participants in the market for general use digital payment applications engage in unfair, deceptive, or abusive acts or practices.398 As covered persons, larger participants are subject to the CFPA’s prohibition against such acts and practices. To the extent that any larger participant or its service provider currently is engaged in any such act or practice, the cessation of the unlawful act or practice will benefit consumers.399 With respect to comments regarding existing oversight, as discussed further above, the CFPB agrees with the group of State attorneys general who stated that the rule would help existing regulatory oversight efforts in the market and would allow Federal and State authorities to coordinate to prevent unlawful conduct. The CFPB disagrees with comments suggesting that the CFPB’s supervision will be duplicative of existing State and other Federal regulatory oversight. As discussed further above, in the response to general comments on this topic in the section-by-section analysis of the Final Rule, and in the background section of the rule in part II, the CFPB coordinates its supervisory activities with Federal prudential regulators, the FTC, and States in order to avoid duplication. Furthermore, there is currently no Federal program for supervision of nonbank covered persons in the market for general-use digital consumer 397 See CFPB, Supervisory Highlights (website compendium of all of these publications), at https:// www.consumerfinance.gov/compliance/ supervisory-highlights/ (last visited Oct. 17, 2024). 398 12 U.S.C. 5531. 399 The CFPB Supervision and Examination Manual provides further guidance to CFPB examiners on how the prohibition against unfair, deceptive, and abusive acts and practices applies to supervised entities. See CFPB Supervision and Examination Manual, part II.C (UDAAP statutorybased procedures). E:\FR\FM\10DER2.SGM 10DER2 99646 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations payment applications with respect to Federal consumer financial law compliance, and this Rule will fill that gap. Costs of Supervisory Activities The potential costs of actual supervisory activities would arise in two categories. The first category would be the cost to individual larger participants of supporting supervisory activity itself. The second category would involve any costs to individual larger participants of increasing compliance in response to the CFPB’s findings during supervisory activity and to supervisory actions. These costs in the second category, discussed further below, would be similar in nature to the possible compliance costs based on the possibility of CFPB examination, described above, that larger participants in general may incur in anticipation of possible supervisory actions. This analysis will not repeat that discussion. As the CFPB Supervision and Examination Manual notes, the reason entities need a sound compliance management system is ‘‘[t]o maintain legal compliance’’ with Federal consumer financial law.400 That is the case regardless of whether the entity is examined by the CFPB. For that reason, if a company already has established a sound compliance management system or improves that system in anticipation of possible CFPB supervisory actions as discussed above, then it is less likely to incur the costs in this second category described further below in response to actual CFPB supervisory activities.401 khammond on DSK9W7S144PROD with RULES2 400 See CFPB Supervision and Examination Manual, part II.A (compliance management review examination procedures). 401 A comment by an industry association stated that the proposal’s estimate of the cost of supporting an examination ‘‘seem[ed] to ignore’’ costs related to establishing compliance programs and systems. However, that comment appears to have misunderstood the scope of that estimate. The CFPB does not consider the costs of establishing a compliance management system to be part of the cost of supporting the supervisory activity itself. Rather, the CFPB considers the costs of establishing or improving a compliance management system, if they are incurred, as either borne in anticipation of its supervisory activity (discussed above) or in response to findings of its supervisory activity (the second category of costs, discussed below). In any event, the Final Rule itself does not impose any requirements related to the establishment of a compliance management system. Firms are expected to have the systems and policies necessary to ensure they comply with existing, applicable substantive legal requirements, such as EFTA, its implementing Regulation E, the privacy provisions of the GLBA, their implementing Regulation P, and the CFPA’s prohibition against unfair, deceptive, or abusive acts or practices. The CFPB’s Supervision and Examination Manual describes aspects of compliance management that examiners review, but does not impose requirements; firms have flexibility in designing those systems and policies. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 With respect to the first category of cost of supervisory activities, those activities may involve requests for information or records, on-site or off-site examinations, or some combination of these activities. For example, in an onsite examination, CFPB examiners generally contact the entity for an initial conference with management. That initial contact often is accompanied by a request for information or records. Based on the discussion with management and an initial review of the information received, examiners determine the scope of the on-site exam. While on-site, examiners spend some time in further conversation with management about the entity’s policies, procedures, and processes. The examiners also review documents, records, and accounts to assess the entity’s compliance and evaluate the entity’s compliance management system. As with the CFPB’s other examinations, examinations of nonbank larger participants in the market for general-use digital consumer payment applications may involve issuing confidential supervisory letters or examination reports and compliance ratings. The CFPB Supervision and Examination Manual describes the supervision process and indicates what materials and information an entity could expect examiners to request and review, both before they arrive and during their time on-site. The primary costs an entity would face in connection with supporting an examination would be the cost of employees’ time to collect and provide the necessary information. The frequency, duration, and scope of examinations of any particular entity would depend on a number of factors, including the size and transaction volume of the entity, the compliance or other risks identified, the extent of State consumer protection oversight, and other relevant factors, such as whether the entity has been examined previously, and the demands on the CFPB’s supervisory resources imposed by other entities and markets. Nevertheless, some rough estimates may provide a sense of the magnitude of potential staff costs that larger participants may incur in supporting the examination of their consumer financial products and services.402 402 In addressing comments in part V above, the Final Rule notes that the market definition, marketrelated definitions, and larger participant test do not depend or rely on the CFPB’s position that the CFPA authorizes supervision and examination of all of the consumer financial products and services provided by nonbank covered persons subject to CFPA section 1024(a). This rule does not determine the extent to which the CFPB would examine other PO 00000 Frm 00066 Fmt 4701 Sfmt 4700 The cost of supporting supervisory activity may be calibrated using prior CFPB experience in supervision. In the proposal, the CFPB outlined that examinations of larger participants in the market for general-use digital consumer payment applications would be anticipated to be approximately eight weeks on average,403 with an additional two weeks of preparation. This estimate assumed that each examination would require two weeks of preparation time by staff of larger participant providers of general-use digital consumer payment applications prior to the examination as well as on-site assistance by staff throughout the duration of the examination. The CFPB has not suggested that counsel or any particular staffing level is required during an examination. However, based on prior estimates, the CFPB assumed in the Proposed Rule that an entity might dedicate the equivalent of one full-time compliance officer and one-tenth of the time of a full-time attorney to assist with an exam. The national average hourly wage of a compliance officer is $39; the national average hourly wage for an attorney is $85.404 These averages accounted for the likelihood that some compliance officers and attorneys will earn below or above the national average. Assuming that wages and salaries account for 70.3 percent of total compensation for private industry workers, the CFPB estimated in the proposal that the total employer cost of labor to comply with an examination would amount to approximately $25,000.405 consumer financial products and services provided by larger participants besides general-use digital consumer payment applications. Nonetheless, the CFPB considers that the cost to a larger participant of supporting a typical eight-week on-site examination should not vary significantly depending on which consumer financial products or services are scoped into the examination. 403 For an estimate of the length of examination, see Board of Gov. of Fed. Res. System Office of Inspector General, The Bureau Can Improve Its Risk Assessment Framework for Prioritizing and Scheduling Examination Activities (Mar. 25, 2019) at 13, at https://oig.federalreserve.gov/reports/ bureau-risk-assessment-framework-mar2019.pdf. (last visited Oct. 31, 2023). 404 For current U.S. Bureau of Labor Statistics (BLS) estimates of mean hourly wages of these occupations, see BLS, Occupational Employment and Wages, May 2023, 13–1041 Compliance Officers, at https://www.bls.gov/oes/current/ oes131041.htm#(1) (last visited Aug. 15, 2024); BLS, Occupational employment and Wages, May 2023, 23–1011 Lawyers, at https://www.bls.gov/oes/ current/oes231011.htm (last visited Aug. 15, 2024). 405 See BLS, Employer Costs for Employee Compensation—March 2024 (table 1 for 2024 Q1 estimates of the share of wages and salaries in total compensation of private sector workers), at https:// www.bls.gov/news.release/pdf/ecec.pdf. (last visited Aug. 15, 2024). This cost is calculated as follows: ((((0.1 × $84.84) + $38.55)/0.703)) × 40 hours × 10 weeks. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations Comments Received The CFPB received comments on the Proposed Rule advocating for higher estimates of the entity’s cost of supporting supervisory activity, including on the wage and or salary level used in the analysis and on the number of employees typically called upon to support a supervisory exam. For example, two industry associations and one commenter stated that the types of staff tasked with supervisory examinations at large technology firms are highly specialized and compensated at rates that are higher than the national average. Two of these commenters provided alternative estimates for wages and salaries based on industry publications or U.S. Bureau of Labor Statistics (BLS) compensation estimates for firms with 500 workers or more. A commenter from a non-profit associated with the cryptocurrency industry stated that companies would devote ‘‘hundreds of thousands of dollars on support services’’ but did not describe the components of these costs or provide evidence to substantiate this claim. A law firm representing an interested party likewise criticized the examination cost estimate of approximately $25,000 as an underestimate and cited a former CFPB Deputy Director stating that the costs would amount to ‘‘at least ten times that’’ estimate, but did not provide a detailed explanation of the estimated cost components. Relatedly, two industry associations stated that companies may hire consultants and outside counsel to support an examination, in addition to attorneys, compliance officers and other staff. Another industry commenter provided a link to an industry study finding that the top 100 U.S. law firms charge clients on average $917 per hour for outside counsel. Neither commenter elaborated on the frequency or magnitude of this practice, including the share of firms that would hire outside counsel or the number of hours they would contract to support company responses to requests for information from CFPB examiners. Several industry commenters suggested larger participants would be likely to dedicate multiple compliance officers and attorneys to the preparation and support of a supervisory examination. For example, one company commenter asserted that both the preparation and the support for an actual examination would require multiple full-time compliance personnel and attorneys. Two other industry association commenters asserted that supporting an examination and meeting VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 the CFPB’s expectations for entities’ compliance management systems would require ‘‘dozens of employees’’ who collaborate across multiple departments in order to respond to information requests. One industry association stated that firms not previously supervised may increase staffing due to the lack of previous experience with CFPB examinations, and also due to what the commenter stated was antagonistic rhetoric by the CFPB toward this industry. The CFPB also received comments regarding the estimated length of a typical supervisory examination that asserted that the true length would be longer than two weeks of preparation and eight weeks of examination engagement. For example, one company stated that it takes a year to prepare for examinations and two industry association commenters stated that the full examination process including responding to follow-up requests spans multiple months and oftentimes over a year. However, none of these commenters provided a detailed accounting of specific duties, time estimates, or other evidence to substantiate these statements. Two further industry association commenters likewise questioned the two- plus eightweek examination timeline, indicating they thought a longer period to be more accurate, although neither provided an alternative length estimate. One industry association criticized that the CFPB declined to state the expected frequency of examinations. Several commenters stated that the cost of supervision could stifle new entry, innovation, competition and consumer access to the covered products, and that the proposal did not adequately account for these costs. For example, one commenter from a non-profit stated that the proposal’s coverage of pass-through wallets could disincentivize offerings such as the tokenization of payments and credit products offered through wallets. Three additional commenters from industry associations asserted that the proposed transaction test of five million covered transactions was so low that it could lead to barriers to market entry, innovation, competition, and consumer access to these products. None of the commenters offered specific estimates or research to help quantify such potential costs, nor did they make suggestions of how to more adequately evaluate them qualitatively. Related to the impact of costs on consumers’ access to covered products, some commenters claimed the proposal inadequately considered potential passthrough costs to consumers and merchants. For example, some Members PO 00000 Frm 00067 Fmt 4701 Sfmt 4700 99647 of Congress expressed concern that supervisory costs could have a negative impact on merchants that use covered products. They cited an industry study that finds that, of the small and medium-sized businesses throughout nine global markets, including the United States, that responded to their survey, 73 percent reported digital payments to be ‘‘fundamental to their growth.’’ 406 A non-profit and an industry association representative called for the CFPB to provide evidence that the Rule will not significantly impact small businesses or consumers. Some of these same commenters as well as a company commenter claimed the proposal did not adequately consider the potential for supervisory costs to be passed through to consumers. For example, the nonprofit commenter noted that supervisory costs could create barriers to entry into the market and increase prices to consumers. The company stated that payment method wallets are free to consumers and that the Rule’s costs could lead to firms charging consumers for the product. An individual consumer questioned whether the Rule would lead firms to charge fees for covered products. One industry association suggested the use of the average dollar amount of transactions to estimate potential pass-through costs to consumers. Finally, an industry association commenter suggested that the Rule could increase the risk of privacy breaches and data leaks by increasing the number of individuals with access to sensitive, private information about customers of larger participants. Response to Comments The CFPB acknowledges the concerns raised by industry comments that, in the context of this market, the cost of supervisory activities may generally be higher than suggested in the Proposed Rule, and the CFPB is revising certain estimates in the discussion that follows in response to those comments. As noted above and discussed further below, the cost of supervisory activities can vary based on a number of factors, and thus the costs of examination activities may differ among larger participants within the market defined in this Rule. Those costs are partly 406 See VISA, Back to Business Global Study: 2022 Small Business Outlook, at https:// usa.visa.com/dam/VCOM/blogs/visa-back-tobusiness-study-2022-outlook-jan22.pdf (last visited Aug. 26, 2024). The nine markets include Brazil, Canada, Germany, Hong Kong, Ireland, Russia, Singapore, UAE and the United States. Percentages in the study are not necessarily representative of small and medium-sized businesses in the United States. E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 99648 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations within the control of larger participants, some of whom may choose to devote more resources to responding to supervisory activities than others (e.g., more staff time or support from outside counsel and consultants). In addition, as a general matter, the costs of supervisory activities are likely to be greater where examiners identify compliance violations or other risks to consumers, which are more likely to generate follow-up information requests and more extensive engagement with an entity as the CFPB attempts to correct the identified violations and address other risks.407 These variations mean that the cost figures provided in this section are necessarily rough estimates, and that individual larger participants’ costs may diverge from these estimates. While none of the commenters provided alternative estimates of examination costs that included specific salaries combined with staffing levels and alternative proposals of the average examination length, the following paragraphs describe how estimates would change under different salary, staffing and length assumptions. For these scenarios, the CFPB draws on comments provided on the proposal. In a first scenario, the alternative estimates below incorporate higher salary levels that some commenters suggested would be more accurate in this market. In a second scenario, the CFPB uses these higher salary estimates in conjunction with higher staffing levels than those discussed in the proposal. A third scenario introduces an example of when the combined preparation and examination time would be longer than the proposed ten weeks. Under this scenario, the CFPB provides alternative estimates for an examination lasting 12 weeks, under the assumption of the higher salaries from scenario one as well as under both the higher salary and higher staffing levels from scenario two. The CFPB does not have complete information pertaining to wages and salaries paid by all entities that may be subject to the Rule, and does not advocate for any particular wage or salary level for staff that support supervisory activities. However, the CFPB acknowledges that the cost to larger participants in this market of complying with a supervisory examination are likely to be higher than that of the average firm, in part because of where larger participants are located. For example, the top-paying metropolitan area for both compliance 407 For the same reason, as a general matter, examinations with more extensive follow-up activities are more likely to provide benefits to consumers. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 officers and lawyers is San JoseSunnyvale-Santa Clara, California, where the mean hourly wage for compliance officers is $56 and for lawyers is $129. Using these wage levels and the staffing assumptions set forth in the Proposed Rule,408 the estimated total employer cost of labor to comply with an examination would increase to approximately $39,000.409 This estimate is roughly $8,000 higher than the equivalent employer cost of labor suggested by one industry commenter on the Proposed Rule.410 Based on its review of comments, and in light of the higher transaction threshold in this Final Rule, the CFPB is providing additional estimates with respect to staffing the preparation and support of a supervisory examination in order to account for the fact that many entities are likely to choose higher staffing levels than those set forth in the proposal. The estimate of one full-time compliance officer and one tenth of one attorney took into account that there could be multiple individuals engaged part-time in an examination and parttime in other non-examination obligations. Although commenters did not provide precise or entirely consistent estimates regarding how larger participants are likely to staff examinations, the CFPB acknowledges that many larger participants in this market may choose to staff examinations with more full-time equivalent attorneys, compliance officers and other staff than is typically the case in previously supervised larger participant markets. The larger participants in this market are larger in terms of revenue compared to larger participants in other established larger participant 408 88 FR 80197, 80213 (describing assumption of one full-time compliance officer and one-tenth of the time of a full-time attorney to assist with the examination for 10 weeks). 409 This cost is calculated as follows: ((((0.1 × $129.12) + $55.83)/0.703)) × 40 hours × 10 weeks. An alternative way to calculate the costs imposed on entities that pay some of the highest national wages for compliance officers and attorneys would be to use, for example, the 90th percentile of wages rather than the mean. However, the BLS top codes (suppresses) wages above $115/hour for lawyers such that the official wage estimates above that threshold would be imprecise. The 90th percentile of national hourly wages for compliance officers was $59/hour. Using these wage estimates would yield a total employer cost of labor of approximately $40,000 to comply with a supervisory exam. 410 One industry commenter, citing three industry publications, asserted that the median rate for a compliance officer with four-six years of experience is $91,500 and the annual base pay for the majority of in-house counsel in large cities is ‘‘at least $200,000.’’ Using these numbers, the total employer cost of an examination would be approximately $31,000 ((0.1 × (($200000 × 10)/52)) + (91500 × 10/ 52))/0.703. PO 00000 Frm 00068 Fmt 4701 Sfmt 4700 markets.411 For illustrative purposes, the CFPB has estimated that an entity that pays salaries at the level of the highest-paying metropolitan area and staffs an examination with three fulltime compliance officers, two full-time attorneys and one outside counsel that spends 30 hours throughout the duration of the two-week preparation and eight-week examination period, would incur costs close to $270,000 per examination.412 Alternatively, at this cost, the entity could staff the examination with more than five inhouse staff if some of them work parttime on the examination and part-time on other duties. For example, some additional personnel may spend some number of hours on data analysis or coding or otherwise preparing materials for presentations to the CFPB, or may attend and provide information at the standard opening and closing meetings 411 For example, the 2012 debt collection rule estimated that 168 of the 175 larger participants had annual receipts between $10 million and $250 million, see 77 FR 65775, 65789. Among larger participants in the market covered by this Rule, average annual revenue was $208 billion in 2023. Higher revenue may indicate more complexity, or firms with higher revenue may decide to devote more resources to a supervisory examination because those costs comprise a small fraction of their operating budget. While it is reasonable to expect that larger participants in this market generally would devote more resources to a supervisory examination compared to many previous larger participants, the CFPB does not have information indicating that would necessarily always be the case. 412 Without stating a specific number, one individual firm commented on the Proposed Rule that firms likely would staff supervisory examinations with multiple full-time compliance officers and multiple full-time attorneys and another industry association commenter asserted that firms would hire outside counsel to support an examination. Two industry trade associations stated that they expect larger participants to devote ‘‘dozens’’ of staff to a supervisory examination, but did not elaborate on the number of hours they would work or otherwise provide more specific numbers or information to substantiate that claim. Based on supervisory experience in other markets, the CFPB assumes in-house compliance officers spend more time on examinations than in-house attorneys. Therefore, in line with the general views of these commenters, the Bureau has assumed for purposes of its estimate that an entity would devote three full-time compliance officers, two full-time attorneys, and one outside counsel. Because outside counsel does not typically engage directly with examiners during the 10-week examination process described above, based on supervisory experience in other markets, the CFPB does not have data on how outside counsel is typically involved during a standard examination, but acknowledges that the larger participants in this specific market may seek outside advice on how to respond to and participate in an examination. The CFPB assumes the number of hours of outside counsel support in this scenario could be approximately 20 hours of preparation and 10 hours of support during the examination and assumes for illustrative purposes an hourly fee of $917 for outside counsel, as provided by one commenter. The cost of $270,000 is calculated as follows: ((((2 × $129.12) + (3 × $55.83))/0.703)) × 40 hours × 10 weeks + (917 × 30). E:\FR\FM\10DER2.SGM 10DER2 khammond on DSK9W7S144PROD with RULES2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations for the examination, or other initial meetings where they provide a brief overview of discrete issues. These meetings typically last only a few hours. The CFPB does not have detailed information to reliably quantify the exact amount of time these additional employees would devote to such supporting activities, but does not expect these limited engagements to materially affect this estimate. With regard to the company comment that claimed that preparation for supervisory examinations of nonbanks is generally ‘‘a year-round affair,’’ this commenter did not explain or support this claim. Nor does it fit with the CFPB’s experience since entities generally do not receive notice a year in advance of a scheduled examination. This assumption also is not in line with the experience of the CFPB from the supervision of other larger-participant markets. Supervision typically involves requiring documents from time to time and conducting occasional in-depth examinations of a company typically over the 10-week engagement period described above. For example, the CFPB may conduct supervisory monitoring activities throughout the year, including ‘‘contacting the appropriate officer of the institution to discuss new products or services, events that may impact compliance management, and any questions raised by information reviewed by the [CFPB’s central point of contact for supervision].’’ 413 However, these engagements generally are brief and often occur in the form of one phone call or videoconference. In contrast, during an in-depth examination of a company, CFPB examiners may ask to see a company’s existing compliance policies and procedures, otherwise review a company’s records and operations including for selected customer accounts, conduct interviews with personnel, and assess how the company complies with applicable Federal consumer financial laws. The scope of an examination will depend on, among other factors, the size and complexity of the firm. With respect to comments regarding post-examination costs, the CFPB acknowledges that entities may face such costs. While the estimated cost for a larger participant in this market to support a supervisory examination described above assumes two weeks of preparation and eight weeks of engagement with the CFPB, some examinations may result in a Potential Action and Request for Response 413 See CFPB Supervision and Examination Manual, part I.A (page 13 of Overview section). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 (PARR) letter, which provides a supervised entity with notice of preliminary findings of conduct that may violate Federal consumer financial laws and advises the entity that the Bureau is considering taking supervisory action against the entity.414 In such an event, the CFPB estimates an additional two weeks of staff time necessary to respond to the PARR. In this third scenario of potentially higher examination costs, an additional two weeks would result in the cost of an examination increasing by approximately $8,000, to approximately $47,000, using the average wages of the top-paying metropolitan area, assuming staffing at the level set forth in the Proposed Rule. Under the higher salary and staffing assumptions described above, including three full-time compliance officers, two full-time attorneys and one outside counsel contracted for 80 additional hours of work on a PARR, an additional two weeks would increase the examination cost by approximately $122,000, to approximately $392,000.415 As stated in the proposal, the overall costs of supervision in the market for general-use digital consumer payment applications would depend on the frequency and extent of CFPB examinations and other supervisory activity. Neither the CFPA nor the Final Rule specifies a particular level or frequency of examinations.416 The frequency of examinations would depend on a number of factors, including the larger participants’ size and volume of transactions; the CFPB’s 414 See CFPB, Request for Information Regarding the Bureau’s Supervision Program, 83 FR 7166, 7168 (Feb. 20, 2018). 415 This scenario assumes that outside counsel become more intensively involved in the event of a PARR and devoted 80 hours to support the larger participant in responding to the PARR, in the event that the larger participant chose to engage outside counsel for $917 hourly. Examination costs of approximately $47,000 and $392,000 in scenarios with a PARR are calculated as (((0.1 × $129.12) + $55.83)/0.703) × 40 hours × 12 weeks and as (((2 × 129.12) + (3 × 55.83))/0.703) × 40 hours × 12 weeks + (917 × 110), respectively. 416 The CFPB declines to predict at this time precisely how many examinations it will undertake at each larger participant of general-use digital consumer payment applications. Based on its experience in examining larger participants in other markets, it does not expect to conduct an examination of each larger participant in this market each year. If the CFPB were to examine each entity estimated to be a larger participant of the market for general-use consumer digital payment applications once every two years, the expected annual labor cost of supervision per larger participant under the higher salary, staffing and examination length assumptions would be approximately $196,000 (the cost of one examination, divided by two), depending on the staffing and remuneration decisions of the larger participant as well as on whether the examination is followed up with a PARR. PO 00000 Frm 00069 Fmt 4701 Sfmt 4700 99649 understanding of the conduct of market participants and the specific risks they pose to consumers; the extent of existing State consumer protection oversight; and other relevant factors, including the responses of larger participants to prior examinations and the demands that other markets make on the CFPB’s supervisory resources. These factors can be expected to change over time, and the CFPB’s understanding of these factors may change as it gathers more information about the market through its supervision and by other means. The CFPB therefore declines to predict, at this point, precisely how many examinations in the market for generaluse digital consumer payment applications it would undertake in a given year. However, the CFPB notes that it is unlikely that all seven potential larger participants would undergo supervisory examinations in the same year. The frequency with which entities undergo supervision will determine the industrywide costs. If each of the seven larger participants underwent examination every other year, the estimated annual direct cost of supervision would be around $137,000 industry-wide using average wages of the top-paying metropolitan area and the examination length and staffing levels set forth in the proposal. Even at the highest range of estimates, where each entity devoted three full-time compliance officers, two full-time attorneys, and contracted 110 hours of outside counsel with one of the largest 100 U.S. law firms, and all received a PARR, and half of the larger participants undergo supervision in any given year, the industry-wide estimated cost using the highest-paying metropolitan area wages would be approximately $1.4 million, or $392,000 × 3.5. With respect to the consideration of pass-through costs to consumers and merchants, the CFPB disagrees that it did not consider such potential impacts. The CFPB recognizes that many merchants provide website pay buttons that link to general-use digital consumer payment applications provided by unaffiliated third parties and that small businesses in particular may rely on those consumer financial products and services for growth. However, the CFPB expects the costs of supervisory examinations to not exceed $1.4 million industry-wide annually even if half of the larger participants were to undergo an extended supervisory examination every year, which is unlikely.417 As 417 As discussed in the section-by-section analysis in part V, the estimates in this Rule do not reflect E:\FR\FM\10DER2.SGM Continued 10DER2 99650 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 stated in the proposal, the CFPB cannot foresee how larger participants may respond to the cost of supervision. One possibility is that larger participants absorb the entire cost of supervision. Another possibility is that they pass through the entire cost of supervision, or some fraction of the cost of supervision, to merchants and consumers. The extent to which larger participants would pass through their costs of supervision to merchants (for products that support payments for purchases) or consumers (for products that support purchases and/or payments to other consumers) will be limited by competitive forces in the market. For example, if one larger participant increases its fees for services, merchants or consumers may switch providers. This potential response to increased prices and competition for merchants’ and consumers’ business could prevent a full pass-through of costs. Moreover, the highest estimate of examination costs described in the scenarios above amounts to approximately $392,000 per larger participant, or 0.0002 percent of the average revenue (approx. $208 billion) of the estimated seven larger participants.418 Because the examination support costs are a small fraction of the total revenue of larger participants, the CFPB believes it is less likely that these costs would cause firms to substantially change their business models. Even in the event that larger participants pass through the entire cost of the higher end of the CFPB examination support cost estimates to merchants that use these products, the cost per merchant likely would be very supervisory conclusions that particular entities are larger participants; once the Final Rule takes effect, the CFPB will make those assessments and will prioritize conducting supervisory activity at specific larger participants in this market based on risk as described in the Supervision and Examination Manual, consistent with CFPA section 1024(b)(2). Therefore, the CFPB cannot predict in this Final Rule how many examinations or other types of supervisory events it will conduct at larger participants of this market in a given year. However, based on its experience with prioritization of supervisory activity at larger participants in five other markets, the CFPB believes it is unlikely that it would conduct eightweek on-site examinations of most or even many larger participants in a single year. 418 Using revenue information from annual report filings with the U.S. Securities and Exchange Commission described above, the CFPB estimates the average total annual revenue of larger participants to be approximately $208 billion in 2023. As an alternative comparison, and in response to one industry commenter, this cost comprises approximately 0.0003 percent of larger participants’ average annual total transaction value in 2021–2023. This number is likely higher in 2024, as the majority of data points for transaction values stem from 2021 and the market continued to expand during this period. In any event, the CFPB views this number as small. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 small. One industry study estimates that there were 13.7 million online stores in 2024.419 If 59 percent of merchants use buy buttons, as indicated by one industry report,420 then roughly 8.1 million online merchants use these products. The CFPB estimates that seven larger participants are responsible for approximately 98 percent of transactions in the market. Therefore, even if larger participants that underwent an examination were to pass through 100 percent of $1.4 million in estimated annual examination costs (under the higher estimate) to approximately eight million merchants, the amount per merchant would likely be low. Measured against the $1.1 trillion in online retail sales in 2023, the Bureau views this cost to be negligible and not large enough to discourage entry, innovation or growth among merchants that use or would like to use these products.421 Likewise, the CFPB views the cost relative to the gains from doing business in this market as too low to disincentivize offering credit products through wallets, in particular as a lender’s own app-based lending activity can be excluded by paragraph (D) of the definition of ‘‘consumer payment transaction’’ as discussed in part V of the rule. With respect to the statement by one commenter that the cost of the Rule could disincentivize investments in the tokenization of payments, as discussed in part V above, the commenter did not commenter did not explain why larger participants would seek to offset the costs of CFPB examination by reducing investment specifically in anti-fraud protections or provide evidence to support its view, and the CPFB notes that the Rule also could incentivize investments. As explained above, the CFPB also does not expect larger participants to pass through the full cost of supervisory examinations to consumers directly. However, even if they passed through $1.4 million annually to the millions of consumers who use these products, the cost per consumer would likely be low.422 419 See Capital One, Total Number of Online Stores (July 24, 2024), at https://capitalone shopping.com/research/number-of-online-stores/ (last visited Aug. 26, 2024). 420 See PYMNTS, 6 in 10 Subscription Merchants Drive Conversion with ‘Buy Buttons,’ at https:// www.pymnts.com/subscriptions/2023/60percentsubscription-merchants-drive-conversion-with-buybuttons/ (last visited Aug. 26, 2024). 421 For e-commerce retail sales, see the Federal Reserve Bank of St. Louis, E-Commerce Retail Sales, at https://fred.stlouisfed.org/series/ECOMSA (last visited Aug. 26, 2024). 422 See U.S. Census Bureau, National Population by Characteristics: 2020–2023, at https:// www.census.gov/data/tables/time-series/demo/ PO 00000 Frm 00070 Fmt 4701 Sfmt 4700 As a result of some examinations, supervised entities may incur costs associated with addressing the CFPB’s supervisory communications and actions, such as by making changes to its compliance systems or procedures. As noted above, the CFPB considers these costs as a separate category of costs from the costs of supporting an exam. Where appropriate, in exercising its supervisory authority, the CFPB conveys its findings, conclusions, expectations, and recommendations to a supervised entity regarding its compliance, and utilizes various forms of supervisory communications and actions to promote compliance and address associated risks.423 The CFPB’s supervisory communications may specify corrective actions such as changes to practices and operations, payment of remediation to consumers,424 and steps to prevent such violations from occurring or recurring, including compliance-managementsystem improvements. In the CFPB’s experience, when an entity adopts preventive measures in response to those types of CFPB supervisory communications and actions, the entity’s actions generally will reduce risk of violation of Federal consumer financial law. As such, these costs may be necessary to maintain compliance with Federal consumer financial law, as described in the CFPB Supervision and Examination Manual. In any event, the CFPB is not able to estimate these costs in advance, as such costs will vary depending on the nature and scope of the CFPB’s supervisory communications and actions and the entity’s response. As discussed above, in many cases CFPB supervision also may benefit providers under supervision by detecting compliance problems early, which can reduce costs in the long run. Regarding the risk of privacy breaches, the CFPB agrees with the commenter that consumer data privacy is important. The CFPB recognizes that data privacy breaches can impose costs on consumers and firms and therefore adheres to the Federal requirements to reduce the risk of data and other privacy breaches. For example, the CFPB complies with requirements provided in the Presidential Executive Orders, Federal Information Security Management Act (FISMA), applicable Office of Management and Budget (OMB) Memoranda, U.S. Department of Homeland Security (DHS) Cybersecurity popest/2020s-national-detail.html (last visited Aug. 26, 2024); see, e.g., Pew 2022 Payment App Article, supra. 423 See, e.g., CFPB Bulletin 2021–01, supra. 424 See id. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations and Infrastructure Security Agency (CISA) Binding Operational Directives, as well as National Institute of Standards and Technology (NIST) Federal Information Processing Standards and Special Publications, and other applicable guidance. Further, CFPB implements improvements from annual information security audits of its data security practices by the Office of Inspector General (OIG), the Government Accountability Office (GAO) and other auditors, as recommended. The CFPB believes that these steps mitigate the risk of privacy breaches. khammond on DSK9W7S144PROD with RULES2 3. Costs of Assessing Larger-Participant Status Providers of general-use digital consumer payment applications might decide to incur costs to assess whether they qualify as larger participants, to respond to CFPB requests for information to assess larger participant status under 12 CFR 1090.103(d), or potentially to dispute their status.425 Larger-participant status would depend on both a nonbank’s aggregate annual covered consumer payment transaction volume and whether the entity is a small business concern based on the applicable SBA size standard. The CFPB expects that many market participants already assemble general data related to the number of transactions that they provide for general-use digital consumer payment applications. Moreover, many providers are required to report certain transaction data to State regulators.426 To the extent that some providers of general-use digital consumer payment applications do not already know whether their transactions exceed the threshold, such nonbanks might, in response to the Final Rule, develop new systems to count their transactions in 425 A nonbank covered person that is subject to certain orders may be required to register pursuant to the CFPB’s nonbank registration regulation, 12 CFR part 1092. If such a registered entity is not already supervised by the CFPB under section 1024(a), and it participates in this market, then it may need to assess its larger participant status to determine whether it must comply with certain additional requirements under that rule that may apply to persons supervised under CFPA section 1024(a), including larger participants. See also response to general comments on promoting compliance with Federal consumer financial law, supra. 426 As noted above, the States have been active in regulation of money transmission by money services businesses. For example, 49 States and the District of Columbia requiring entities to obtain a license to engage in money transmission, as defined by applicable law. Further, many States also actively examine money transmitters, including certain products and services they provide through general-use digital consumer payment applications. See, e.g., CSBS Reengineering Nonbank Supervision MSB Chapter at 4 (discussing how providers of digital wallets hold and transmit monetary value). VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 accordance with the proposed marketrelated definitions of ‘‘consumer payment transactions,’’ ‘‘covered payment functionality,’’ ‘‘general use,’’ and ‘‘digital application’’ discussed above. The data that the CFPB had at the time of the Proposed Rule did not support a detailed estimate of how many providers of general-use digital consumer payment applications would engage in such development or how much they would spend, and commenters did not provide this information. Commenters also did not provide any estimates or data to support estimates. Regardless, providers of general-use digital consumer payment applications would be unlikely to spend significantly more on specialized systems to count transactions than it would cost to be supervised by the CFPB as larger participants. The CFPB notes that larger-participant status also depends on whether an entity is subject to the proposed small business exclusion. In certain circumstances, larger-participant status may depend on determinations of which SBA size standard applies, and by extension, which NAICS code is most applicable. Therefore, providers of general-use digital consumer payment applications may choose to incur some administrative costs to evaluate whether the small business exclusion applies. However, providers would not need to engage in this evaluation if they could establish that their annual covered consumer payment transaction volume was below 50 million. It bears emphasizing that even if a nonbank market participant’s expenditures on a new transaction counting system enabled it to successfully prove that it was not a larger participant (which, again, it would not need to do if it was a small business concern according to SBA standards), it would not necessarily follow that this entity could not be supervised under other supervisory authorities the CFPB has that this rulemaking does not establish. For example, the CFPB can supervise a nonbank entity whose conduct the CFPB determines, pursuant to CFPA section 1024(a)(1)(C) and regulations implementing that provision, poses risks to consumers.427 Thus, a nonbank entity choosing to spend significant amounts on a transaction counting system directed toward the largerparticipant transaction volume test could not be sure it would not be subject to CFPB supervision notwithstanding those expenses. The CFPB therefore believes very few if any 427 See PO 00000 12 U.S.C. 5514(a)(1)(C); 12 CFR part 1091. Frm 00071 Fmt 4701 Sfmt 4700 99651 nonbank entities would be likely to undertake such expenditures. Commenters on the Proposed Rule stated that providers of digital applications to make payments using cryptocurrency-assets may need to change their product design to capture data that would allow them to identify consumer payment transactions that would determine larger participant status under the Proposed Rule. However, because the Final Rule adopts a larger participant test based on the transfer of funds in consumer payment transactions denominated in U.S. dollars, those providers would not face the potential for those types of impacts. An industry association commented that the ambiguity of the proposal could cause firms to incur costs when assessing their larger participant status. The significantly higher threshold test of 50 million annual transactions adopted in the Final Rule should substantially diminish the level of uncertainty compared to the proposal regarding an entity’s larger participant status. Additional clarifications of the market in the Final Rule, including clarifying the definition of ‘‘general use’’ and limiting the definition of ‘‘annual covered consumer payment transaction volume’’ to transactions denominated in U.S. dollars, should further facilitate the determination of whether an entity is a larger participant. E. Potential Specific Impacts of the Final Rule 1. Insured Depository Institutions and Insured Credit Unions With $10 Billion or Less in Total Assets, as Described in Dodd-Frank Act Section 1026 The Rule does not apply to insured depository institutions or insured credit unions of any size. However, as noted in the section-by-section analysis of ‘‘digital application’’ above, it may apply to nonbank covered persons to the extent that they provide covered payment functionalities through a digital application of an insured depository institution or insured credit union. In addition, it might have some competition-related impact on insured depository institutions or insured credit unions that provide general-use digital consumer payment applications. For example, if the relative price of nonbanks’ general-use digital consumer payment applications were to increase due to increased costs related to supervision, then insured depository institutions or insured credit unions of any size might benefit by the relative change in costs. These effects, if any, would likely be small. E:\FR\FM\10DER2.SGM 10DER2 99652 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations 2. Impact of the Provisions on Consumers in Rural Areas Because the Rule would apply uniformly to consumer payment transactions that both rural and nonrural consumers make through generaluse digital consumer payment applications, the Rule should not have a unique impact on rural consumers. The CFPB is not aware of any evidence suggesting that rural consumers have been disproportionately harmed by Federal consumer financial law noncompliance by providers of generaluse digital consumer payment applications. Comments Received The CFPB sought information from commenters related to how digital consumer payments affect rural consumers. A nonprofit associated with decentralized finance commented that rural communities in particular may benefit from digital payment technologies due to limited access to brick-and-mortar financial services and suggested that costs imposed by this Rule could limit rural communities’ access to such technology. That commenter did not offer research to substantiate this assertion. In contrast, a nonprofit commented that 94 percent of their member webinar participants did not believe that digital consumer payments impacted rural consumers differentially. Several State attorneys general advocated for increased oversight in this market in part because they believe it would benefit in particular some consumers who rely on applications covered by this Rule and who do not use traditional banks and their bank-provided digital consumer payment applications. khammond on DSK9W7S144PROD with RULES2 Response to Comments The CFPB believes that both rural and non-rural consumers may benefit from general-use digital consumer payment applications as defined in the Final Rule. As discussed further above, the Bureau does not expect the costs imposed by this Rule to be high enough to impact the availability of this technology to consumers irrespective of whether they reside in rural or non-rural areas. Moreover, the Final Rule does not cover transactions in cryptocurrencies or stablecoins. VIII. Regulatory Flexibility Act Analysis The Regulatory Flexibility Act (RFA), as amended by the Small Business Regulatory Enforcement Fairness Act of 1996, requires each agency to consider the potential impact of its regulations on small entities, including small VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 businesses, small governmental units, and small not-for-profit organizations.428 The RFA defines a ‘‘small business’’ as a business that meets the size standard developed by the SBA pursuant to the Small Business Act.429 The RFA generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) of any Proposed Rule subject to notice-andcomment rulemaking requirements, unless the agency certifies that the Proposed Rule would not have a significant economic impact on a substantial number of small entities.430 The CFPB also is subject to certain additional procedures under the RFA involving the convening of a panel to consult with small entity representatives prior to proposing a rule for which an IRFA is required.431 In the Proposed Rule, the undersigned certified that the proposal would not have a significant impact on a substantial number of small entities (SISNOSE) and that an IRFA was therefore not required. Comments Received The CFPB received comments from several industry associations and some Members of Congress suggesting that the RFA should include potential indirect effects on small merchants that allow consumers to use general-use digital consumer payment applications. Another industry association expressed support for the small business exclusion in the proposal, but objected to certification that the Rule would not result in a significant impact on a 428 5 U.S.C. 601 et seq. The term ‘‘ ‘small organization’ means any not-for-profit enterprise which is independently owned and operated and is not dominant in its field, unless an agency establishes [an alternative definition after notice and comment].’’ 5 U.S.C. 601(4). The term ‘‘ ‘small governmental jurisdiction’ means governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand, unless an agency establishes [an alternative definition after notice and comment].’’ 5 U.S.C. 601(5). The CFPB is not aware of any small governmental units or small notfor-profit organizations to which the Proposed Rule would apply. 429 5 U.S.C. 601(3). The CFPB may establish an alternative definition after consultation with SBA and an opportunity for public comment. As mentioned above, the SBA defines size standards using NAICS codes that align with an entity’s primary line of business. The CFPB believes that many—but not all—entities in the proposed market for general-use digital consumer payment applications are primarily engaged in financial services industries. See, e.g., SBA, Table of Small Business Size Standards Matched to North American Industry Classification System Codes (eff. Mar. 17, 2023), sector 52 (Finance and Insurance), at https://www.sba.gov/document/support--tablesize-standards (last visited Oct. 26, 2023). 430 5 U.S.C. 605(b). 431 5 U.S.C. 609. PO 00000 Frm 00072 Fmt 4701 Sfmt 4700 substantial number of small entities without providing a more comprehensive analysis of entities that would not qualify as larger participants due to the small business exclusion alone.432 Response to Comments The Bureau notes that, in line with statutory requirements, the RFA analysis analyzes the potential impacts on small entities to which the Rule applies. Therefore, the CFPB declines the request by some commenters that the analysis of potential indirect effects be incorporated into the RFA analysis. However, the CFPB considered these potential impacts of pass-through costs on merchants that may be small business concerns in the cost-benefit analysis, as described in the 1022(b) analysis above. Compared to the proposal, the Final Rule adopts in paragraph (b)(3) a significantly higher threshold of 50 million annual consumer payment transactions denominated in U.S. dollars. At this threshold, no entity for which the CFPB has complete transaction information indicating transaction volumes of at least 50 million annually would be excluded from larger participant status based on the small business concern exclusion.433 The Final Rule defines a class of providers of general-use digital consumer payment applications as larger participants of a market for general-use digital consumer payment applications and thereby authorizes the CFPB to undertake supervisory activities with respect to those nonbank covered persons. The Rule establishes a two-pronged test for determining largerparticipant status. First, the Rule adopts a threshold for larger-participant status of at least 50 million in annual covered consumer payment transactions denominated in U.S. dollars in the previous calendar year. Second, the larger-participant test incorporates a small entity exclusion. As a result, larger-participant status only applies to a nonbank covered person that, together with its affiliated companies, both meets the 50 million transaction threshold and 432 It added that in its view, notwithstanding the assessment in the Proposed Rule that it would not have a significant impact on a substantial number of small entities, the Small Business Regulatory Enforcement Fairness Act (SBREFA) review process still provides an informative tool to consider these types of issues. For the reasons discussed in part VII and this part VIII, the CFPB does not believe that discretionary application of the SBREFA review process is warranted here. 433 See section-by-section analysis of threshold adopted in final rule, supra. The CFPB has complete transaction information for roughly twothirds of known market participants. E:\FR\FM\10DER2.SGM 10DER2 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations is not a small business concern based on the applicable SBA size standard. Because of that exclusion, the number of directly affected small business entities participating in the market that would experience a significant economic impact due to the Rule is, by definition, zero.434 Finally, CFPA section 1024(e) authorizes the CFPB to supervise service providers to nonbank covered persons encompassed by CFPA section 1024(a)(1), which includes larger participants.435 Because the Rule does not address service providers, effects on service providers need not be discussed for purposes of this RFA analysis. Even if such effects were relevant, based on the frequency with which the CFPB typically examines service providers of nonbank larger participants, the CFPB believes that it would be very unlikely that any supervisory activities with respect to the service providers to the approximately seven larger participants of the nonbank market for general-use digital consumer payment applications would result in a significant economic impact on a substantial number of small entities.436 The Final Rule adopts the Proposed Rule, with some modifications that do not lead to a different conclusion. Therefore, a final regulatory flexibility analysis is not required. IX. Paperwork Reduction Act khammond on DSK9W7S144PROD with RULES2 The CFPB has determined that the Final Rule does not impose any new recordkeeping, reporting, or disclosure requirements that would constitute collections of information requiring approval under the Paperwork Reduction Act, 44 U.S.C. 3501, et seq. 434 In addition, the CFPB is not aware of any nonprofit entities that would be larger participants under the Final Rule. 435 12 U.S.C. 5514(e); 12 U.S.C. 5514(a)(1). 436 Particularly in light of complexity in the applicable market, including how larger participants generally serve a variety of consumer populations across many States and facilitate very substantial volumes of consumer payment transactions for multiple types of recipients using multiple different payment methods, these firms typically would rely upon numerous service providers. However, as explained in its prior larger participant rules and as noted above with respect to the larger participants themselves, the frequency and duration of examinations that would be conducted at any particular service provider would depend on a variety of factors. Based on its experience conducting service provider examinations, the CFPB concludes that it is implausible that in any given year a substantial number of service providers that are small business concerns are subject to CFPB examinations. In any event, the impact of any supervisory activities at any small firm service providers can be expected to be less than at the larger participants themselves given the CFPB’s exercise of discretion in supervision. VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 X. Congressional Review Act Pursuant to the Congressional Review Act,437 the CFPB will submit a report containing this rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States prior to the rule taking effect. The Office of Information and Regulatory Affairs has designated this rule as not a ‘‘major rule’’ as defined by 5 U.S.C. 804(2). List of Subjects in 12 CFR Part 1090 Consumer protection, Credit. Authority and Issuance For the reasons set forth in the preamble, the CFPB amends 12 CFR part 1090 as set forth below: PART 1090—DEFINING LARGER PARTICIPANTS OF CERTAIN CONSUMER FINANCIAL PRODUCT AND SERVICE MARKETS 1. The authority citation for part 1090 continues to read as follows: ■ Authority: 12 U.S.C. 5514(a)(1)(B); 12 U.S.C. 5514(a)(2); 12 U.S.C. 5514(b)(7)(A); and 12 U.S.C. 5512(b)(1). 2. Add § 1090.109 to subpart B to read as follows: ■ § 1090.109 General-use digital consumer payment applications market. (a)(1) Market definition. Providing a general-use digital consumer payment application means providing a covered payment functionality through a digital payment application for consumers’ general use in making consumer payment transaction(s) as defined in this subpart. (2) Market-related definitions. As used in this section: (i) Consumer payment transaction(s) means, except for transactions excluded under paragraphs (a)(2)(i)(A) through (D) of this section, the transfer of funds by or on behalf of a consumer who resides in a State to another person primarily for personal, family, or household purposes. The term applies to transfers of consumer funds and transfers made by extending consumer credit, except for the following transactions: (A) An international money transfer as defined in § 1090.107(a); (B) A transfer of funds by a consumer: (1) That is linked to the consumer’s receipt of a different form of funds, such as a transaction for foreign exchange as defined in 12 U.S.C. 5481(16); or 437 5 PO 00000 U.S.C. 801 et seq. Frm 00073 Fmt 4701 Sfmt 4700 99653 (2) That is excluded from the definition of ‘‘electronic fund transfer’’ under § 1005.3(c)(4) of this chapter; (C) A payment transaction conducted by a person for the sale or lease of goods or services that a consumer selected from that person or its affiliated company’s online or physical store or marketplace, or for a donation to a fundraiser that a consumer selected from that person or its affiliated company’s platform; and (D) An extension of consumer credit initiated through a digital application that is provided by a person who is extending, brokering, acquiring, or purchasing the credit or that person’s affiliated company. (ii) Covered payment functionality means a funds transfer functionality as defined in paragraph (a)(2)(ii)(A) of this section, a wallet functionality as defined in paragraph (a)(2)(ii)(B) of this section, or both. (A) Funds transfer functionality means, in connection with a consumer payment transaction: (1) Receiving funds from a consumer for the purpose of transmitting them; or (2) Accepting from a consumer and transmitting payment instructions. (B) Payment wallet functionality means a product or service that: (1) Stores for a consumer account or payment credentials, including in encrypted or tokenized form; and (2) Transmits, routes, or otherwise processes such stored account or payment credentials to facilitate a consumer payment transaction. (iii) Digital payment application, for purposes of this subpart, means a software program a consumer may access through a personal computing device, including but not limited to a mobile phone, smart watch, tablet, laptop computer, or desktop computer. Examples of digital payment applications covered by this definition include an application a consumer downloads to a personal computing device, a website a consumer accesses by using an internet browser on a personal computing device, or a program the consumer activates from a personal computing device using a personal identifier such as a passkey, password, PIN, or consumer’s biometric identifier, such as a fingerprint, palmprint, face, eyes, or voice. Operating a web browser is not an example of providing a digital payment application. (iv) General use, for purposes of this subpart, means usable for a consumer to transfer funds in a consumer payment transaction to multiple, unaffiliated persons, subject to an exception for a payment functionality provided through E:\FR\FM\10DER2.SGM 10DER2 99654 Federal Register / Vol. 89, No. 237 / Tuesday, December 10, 2024 / Rules and Regulations khammond on DSK9W7S144PROD with RULES2 a digital consumer payment application solely for the following: (A) Using accounts described in § 1005.2(b)(3)(ii)(A), (C) or (D) of this chapter; or (B) To pay a specific debt or type of debt including: (1) Debts owed in connection with origination or repayment of an extension of consumer credit; or (2) Debts in default. (v) State means any State, territory, or possession of the United States; the District of Columbia; the Commonwealth of Puerto Rico; or any political subdivision thereof. (b) Test to define larger participants. A nonbank covered person is a larger participant of the general-use digital consumer payment applications market if the nonbank covered person met both of the following criteria during the preceding calendar year: (1) It provided annual covered consumer payment transaction volume as defined in paragraph (b)(3) of this section of at least 50 million consumer payment transactions; and VerDate Sep<11>2014 17:41 Dec 09, 2024 Jkt 265001 (2) It was not a ‘‘small business concern’’ as that term is defined by section 3(a) of the Small Business Act, 15 U.S.C. 632(a) and implemented by the Small Business Administration under 13 CFR part 121, or any successor provisions. (3) Annual covered consumer payment transaction volume means the sum of the number of consumer payment transactions denominated in U.S. dollars that the nonbank covered person and its affiliated companies facilitated in the preceding calendar year by providing general-use digital consumer payment applications. (i) Method of aggregating the annual covered consumer payment transaction volume of affiliated companies. The annual covered consumer payment transaction volume of each affiliated company of a nonbank covered person is first calculated separately, treating the affiliated company as if it were an independent nonbank covered person for purposes of the calculation. The annual covered consumer payment transaction volume of a nonbank PO 00000 Frm 00074 Fmt 4701 Sfmt 9990 covered person then must be aggregated with the separately-calculated annual covered consumer payment transaction volume of each person that was an affiliated company of the nonbank covered person at any time in the preceding calendar year. However, if any two or more of these companies facilitated a single consumer payment transaction denominated in U.S. dollars, that consumer payment transaction shall only be counted one time in the aggregated annual covered consumer payment volume calculation. The annual covered consumer payment transaction volumes of the nonbank covered person and its affiliated companies are aggregated for the entire preceding calendar year, even if the affiliation did not exist for the entire calendar year. Rohit Chopra, Director, Consumer Financial Protection Bureau. [FR Doc. 2024–27836 Filed 12–9–24; 8:45 am] BILLING CODE 4810–AM–P E:\FR\FM\10DER2.SGM 10DER2

Agencies

  • CONSUMER FINANCIAL PROTECTION BUREAU
[Federal Register Volume 89, Number 237 (Tuesday, December 10, 2024)]
[Rules and Regulations]
[Pages 99582-99654]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-27836]



[[Page 99581]]

Vol. 89

Tuesday,

No. 237

December 10, 2024

Part III





Consumer Financial Protection Bureau





-----------------------------------------------------------------------





12 CFR Part 1090





Defining Larger Participants of a Market for General-Use Digital 
Consumer Payment Applications; Final Rule

Federal Register / Vol. 89 , No. 237 / Tuesday, December 10, 2024 / 
Rules and Regulations

[[Page 99582]]


-----------------------------------------------------------------------

CONSUMER FINANCIAL PROTECTION BUREAU

12 CFR Part 1090

[Docket No. CFPB-2023-0053]
RIN 3170-AB17


Defining Larger Participants of a Market for General-Use Digital 
Consumer Payment Applications

AGENCY: Consumer Financial Protection Bureau.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Consumer Financial Protection Bureau (CFPB) issues this 
rule to define larger participants of a market for general-use digital 
consumer payment applications. Larger participants of this market will 
be subject to the CFPB's supervisory authority under the Consumer 
Financial Protection Act (CFPA). A nonbank covered person qualifies as 
a larger participant if it facilitates an annual covered consumer 
payment transaction volume of at least 50 million transactions as 
defined in the rule, and it is not a small business concern.

DATES: This rule is effective January 9, 2025.

FOR FURTHER INFORMATION CONTACT: George Karithanom, Regulatory 
Implementation and Guidance Program Analyst, Office of Regulations, at 
202-435-770. If you require this document in an alternative electronic 
format, please contact [email protected].

SUPPLEMENTARY INFORMATION:

I. Overview

    Section 1024 of the CFPA,\1\ codified at 12 U.S.C. 5514, gives the 
CFPB supervisory authority over all nonbank covered persons \2\ 
offering or providing three enumerated types of consumer financial 
products or services: (1) Origination, brokerage, or servicing of 
consumer loans secured by real estate and related mortgage loan 
modification or foreclosure relief services; (2) private education 
loans; and (3) payday loans.\3\ The CFPB also has supervisory authority 
over ``larger participant[s] of a market for other consumer financial 
products or services, as defined by rule[s]'' the CFPB issues.\4\ In 
addition, the CFPB has the authority to supervise any nonbank covered 
person that it ``has reasonable cause to determine by order, after 
notice to the covered person and a reasonable opportunity . . . to 
respond . . . is engaging, or has engaged, in conduct that poses risks 
to consumers with regard to the offering or provision of consumer 
financial products or services.'' \5\
---------------------------------------------------------------------------

    \1\ Consumer Financial Protection Act of 2010, title X of the 
Dodd-Frank Wall Street Reform and Consumer Protection Act, Public 
Law 111-203, 124 Stat. 1376, 1955 (2010) (hereinafter, ``CFPA'').
    \2\ The provisions of 12 U.S.C. 5514 apply to certain categories 
of covered persons, described in section (a)(1), and expressly 
excludes from coverage persons described in 12 U.S.C. 5515(a) (very 
large insured depository institutions and credit unions and their 
affiliates) or 5516(a) (other insured depository institutions and 
credit unions). The term ``covered person'' means ``(A) any person 
that engages in offering or providing a consumer financial product 
or service; and (B) any affiliate of a person described [in (A)] if 
such affiliate acts as a service provider to such person.'' 12 
U.S.C. 5481(6).
    \3\ 12 U.S.C. 5514(a)(1)(A), (D), (E).
    \4\ 12 U.S.C. 5514(a)(1)(B), (a)(2); see also 12 U.S.C. 5481(5) 
(defining ``consumer financial product or service'').
    \5\ 12 U.S.C. 5514(a)(1)(C); see also 12 CFR part 1091 
(prescribing procedures for making determinations under 12 U.S.C. 
5514(a)(1)(C)). In addition, the CFPB has supervisory authority over 
very large depository institutions and credit unions and their 
affiliates. 12 U.S.C. 5515(a). Furthermore, the CFPB has certain 
authorities relating to the supervision of other depository 
institutions and credit unions. 12 U.S.C. 5516(c)(1). One of the 
CFPB's objectives under the CFPA is to ensure that ``Federal 
consumer financial law is enforced consistently, without regard to 
the status of a person as a depository institution, in order to 
promote fair competition[.]'' 12 U.S.C. 5511(b)(4).
---------------------------------------------------------------------------

    This rule (the Final Rule) is the sixth in a series of CFPB 
rulemakings to define larger participants of markets for consumer 
financial products and services for purposes of CFPA section 
1024(a)(1)(B).\6\ The Final Rule establishes the CFPB's supervisory 
authority over nonbank covered persons that are larger participants in 
a market for ``general-use digital consumer payment applications.'' In 
establishing the CFPB's supervisory authority over such persons, the 
Final Rule does not impose new substantive consumer protection 
requirements. In addition, some nonbank covered persons that would be 
subject to the CFPB's supervisory authority under the Final Rule also 
may be subject to other CFPB supervisory authorities, including for 
example under CFPA section 1024 as a larger participant in another 
market defined by a previous CFPB larger participant rule. Finally, 
regardless of whether they are subject to the CFPB's supervisory 
authority, nonbank covered persons generally are subject to the CFPB's 
regulatory and enforcement authority and to applicable Federal consumer 
financial law.
---------------------------------------------------------------------------

    \6\ The first five rules defined larger participants of markets 
for consumer reporting, 77 FR 42874 (July 20, 2012) (Consumer 
Reporting Rule), consumer debt collection, 77 FR 65775 (Oct. 31, 
2012) (Consumer Debt Collection Rule), student loan servicing, 78 FR 
73383 (Dec. 6, 2013) (Student Loan Servicing Rule), international 
money transfers, 79 FR 56631 (Sept. 23, 2014) (International Money 
Transfer Rule), and automobile financing, 80 FR 37496 (June 30, 
2015) (Automobile Financing Rule).
---------------------------------------------------------------------------

    The market described in the Final Rule includes providers of funds 
transfer and payment wallet functionalities through digital payment 
applications for consumers' general use in making payments to other 
persons for personal, family, or household purposes. Examples include 
consumer financial products and services that are commonly described as 
``digital wallets,'' ``payment apps,'' ``funds transfer apps,'' ``peer-
to-peer payment apps,'' ``person-to-person payment apps,'' ``P2P 
apps,'' and the like. Providers of consumer financial products and 
services delivered through these digital applications help consumers to 
make a wide variety of consumer payment transactions, including 
payments to friends and family and payments for purchases of 
nonfinancial goods and services.
    The CFPB is authorized to supervise nonbank covered persons that 
are subject to CFPA section 1024(a) for purposes of (1) assessing 
compliance with Federal consumer financial law; (2) obtaining 
information about such persons' activities and compliance systems or 
procedures; and (3) detecting and assessing risks to consumers and 
consumer financial markets.\7\ The CFPB conducts examinations of 
various scopes of supervised entities. In addition, the CFPB may, as 
appropriate, request information from supervised entities prior to or 
without conducting examinations.\8\ Section 1090.103(d) of the CFPB's 
existing larger participant regulations also provides that the CFPB may 
require submission of certain records, documents, and other information 
for purposes of assessing whether a person qualifies as a larger 
participant of a market as defined by a CFPB larger participant 
rule.\9\
---------------------------------------------------------------------------

    \7\ 12 U.S.C. 5514(b)(1). The CFPB's supervisory authority also 
extends to service providers of those covered persons that are 
subject to supervision under 12 U.S.C. 5514(a)(1). 12 U.S.C. 
5514(e); see also 12 U.S.C. 5481(26) (defining ``service 
provider'').
    \8\ See, e.g., 12 U.S.C. 5514(b)(1) (authorizing the CFPB both 
to ``require reports and conduct examinations on a periodic basis'' 
of nonbank covered persons subject to supervision).
    \9\ 12 CFR 1090.103(d).
---------------------------------------------------------------------------

    Consistent with CFPA section 1024(b)(2), the CFPB has established 
and implemented a risk-based supervisory program that is designed to 
prioritize supervisory activity among nonbank covered persons subject 
to CFPA section 1024(a) on the basis of risk.\10\ The CFPB's 
prioritization process

[[Page 99583]]

takes into account, among other factors, the size of each entity, the 
volume of its transactions involving consumer financial products or 
services, the size and risk presented by the market in which it is a 
participant, the extent of relevant State oversight, and any field and 
market information that the CFPB has on the entity. Specifically, as 
the CFPB Supervision and Examination Manual explains in greater detail, 
the CFPB evaluates risks to consumers at market-wide and the 
institution product line levels. At the market-wide level, the CFPB 
considers and compares risks to consumers across different types of 
products (e.g., mortgage loans or debt collectors) along with the 
relative product market size in the overall consumer finance 
marketplace. At the institution product line level, the CFPB evaluates 
and compares risks across entities that, regardless of status as a 
nonbank or an insured depository institution or credit union, offer the 
same or similar products (e.g., providers of mortgage loans). When 
evaluating risks across entities in an institution product line, the 
CFPB considers which entities have business models and market shares 
that pose greater risk of harm to consumers. The CFPB also places 
significant weight on ``field and market intelligence,'' which includes 
findings from prior examinations and other information about the 
strength of compliance management systems, metrics gathered from public 
reports, and the number and severity of consumer complaints the CFPB 
receives.\11\ Taken together, this approach of assessing risks at the 
market-wide level and at the institutional level allows the CFPB to 
focus on areas where consumers have the greatest potential to be 
harmed, specifically, on relatively higher-risk institution product 
lines within relatively higher-risk markets. Finally, as described in 
CFPA section 1024(b)(3), the CFPB also coordinates its supervisory 
activities at nonbank covered persons with the supervisory activities 
conducted by Federal prudential regulators and State regulatory 
authorities.\12\
---------------------------------------------------------------------------

    \10\ 12 U.S.C. 5514(b)(2). The CFPB notes that its 
prioritization process is not the subject of this rulemaking.
    \11\ See id. For further description of the CFPB's supervisory 
prioritization process, see CFPB Supervision and Examination Manual 
(updated Sept. 2023), part I.A (pages 11-12 of Overview section), 
https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_2023-09.pdf (last visited Nov. 10, 2024).
    \12\ 12 U.S.C. 5514(b)(3). The Final Rule further describes this 
coordination in response to general comments about existing 
oversight of the market below. As discussed there, the CFPB also 
coordinates its supervisory activity with the Federal Trade 
Commission. The CFPB notes that its coordination process is not the 
subject of this rulemaking.
---------------------------------------------------------------------------

    The specifics of how an examination takes place vary by market and 
entity. However, the examination process generally proceeds as 
follows.\13\ CFPB examiners contact the entity for an initial 
conference with management and often request records and other 
information. CFPB examiners may review the components of the supervised 
entity's compliance management system. Based on these discussions and a 
preliminary review of the information received, examiners determine the 
scope of an on-site or remote examination and coordinate with the 
entity to initiate this portion of the examination. While on-site or 
working remotely, examiners discuss with management the entity's 
compliance policies, processes, and procedures; review documents and 
records; test transactions and accounts for compliance; and evaluate 
the entity's compliance management system. At the conclusion of that 
stage of an examination, examiners may review preliminary examination 
findings at a closing meeting. After the closing meeting, if examiners 
have identified potential violations of Federal consumer financial law, 
they also may provide the entity an opportunity to respond in writing 
to those potential findings.\14\ Finally, examinations may involve 
issuing confidential examination reports, supervisory letters, and 
compliance ratings. In addition to the process described above, the 
CFPB also may conduct other supervisory activities, such as periodic 
monitoring.\15\
---------------------------------------------------------------------------

    \13\ For further description of the CFPB's examination process, 
see CFPB Supervision and Examination Manual, part I.A.
    \14\ See, e.g., CFPB, Supervisory Highlights Issue 8, Summer 
2015, sec. 3.1.3 (describing supervision process of sending a 
Potential Action and Request for Response (PARR) letter to a 
supervised entity), https://files.consumerfinance.gov/f/201506_cfpb_supervisory-highlights.pdf (last visited Nov. 5, 2024).
    \15\ CFPB Supervision and Examination Manual, part I.A (page 12 
of Overview section describing supervisory monitoring).
---------------------------------------------------------------------------

II. Background

    On November 17, 2023, the CFPB published a notice of proposed 
rulemaking to define larger participants of a market for general-use 
digital consumer payment applications (Proposed Rule).\16\ As described 
in part V below, the Proposed Rule would have defined a larger 
participant as any nonbank covered person that, in the previous 
calendar year, both facilitated at least five million consumer payment 
transactions by providing general-use digital consumer payment 
applications and was not a small business concern as defined in the 
Proposed Rule. The CFPB requested comment on the Proposed Rule. The 
CFPB received 59 comments from consumer advocate organizations 
(consumer groups), nonprofits, companies, industry associations, State 
attorneys general, Members of Congress, and other individuals. The 
comments are discussed in more detail below.
---------------------------------------------------------------------------

    \16\ 88 FR 80197 (Nov. 17, 2023).
---------------------------------------------------------------------------

III. Summary of the Final Rule

    The CFPB is authorized to issue rules to define larger participants 
in markets for consumer financial products or services. Subpart A of 
the CFPB's existing larger-participant regulation, 12 CFR part 1090, 
prescribed procedures, definitions, standards, and protocols that apply 
to the CFPB's supervision of larger participants.\17\ Those generally-
applicable provisions will apply to the CFPB's supervision of larger 
participants in the general-use digital consumer payment application 
market described by the Final Rule. The definitions in Sec.  1090.101 
should be used to interpret terms in the Final Rule unless otherwise 
specified.
---------------------------------------------------------------------------

    \17\ 12 CFR 1090.100 through 103.
---------------------------------------------------------------------------

    The CFPB includes relevant market descriptions and associated 
larger-participant tests, as it develops them, in subpart B.\18\ 
Accordingly, the Final Rule defining larger participants of a market 
for general-use digital consumer payment applications is codified in 
Sec.  1090.109 in subpart B.
---------------------------------------------------------------------------

    \18\ 12 CFR 1090.104 (consumer reporting market); 12 CFR 
1090.105 (consumer debt collection market); 12 CFR 1090.106 (student 
loan servicing market); 12 CFR 1090.107 (international money 
transfer market); 12 CFR 1090.108 (automobile financing market).
---------------------------------------------------------------------------

    The CFPB is finalizing the Proposed Rule largely as proposed, with 
certain changes described below, including changes to increase the 
transaction threshold that the CFPB will use as part of the test to 
assess when a nonbank covered person is a larger participant of a 
market for general-use digital consumer payment applications.
    The Final Rule defines larger participants of a market for general-
use digital consumer payment applications. That market encompasses 
specific activities. The market definition generally includes nonbank 
covered persons that provide funds transfer or payment wallet 
functionalities through a digital payment application for consumers' 
general use in making consumer payments transactions as defined in the 
Final Rule. The Final Rule defines ``consumer payment transactions'' to 
include payments to

[[Page 99584]]

other persons for personal, household, or family purposes, excluding 
certain transactions as described in more detail in the section-by-
section analysis in part V below. The Final Rule also identifies a 
limited set of digital payment applications that do not fall within the 
proposed market definition because they do not have general use for 
purposes of the Final Rule.
    The Final Rule sets forth a test to determine whether a nonbank 
covered person is a larger participant of the general-use digital 
consumer payment applications market. As further explained below, a 
nonbank covered person is a larger participant if it satisfies two 
criteria. First, the nonbank covered person (together with its 
affiliated companies) must provide general-use digital consumer payment 
applications with an annual volume of at least 50 million consumer 
payment transactions denominated in U.S. dollars. Second, the nonbank 
covered person must not be a small business concern based on the 
applicable Small Business Administration (SBA) size standard. As 
prescribed by subpart A of the CFPB's general larger participant 
regulation, any nonbank covered person that qualifies as a larger 
participant would remain a larger participant until two years from the 
first day of the tax year in which the person last met the larger-
participant test.\19\
---------------------------------------------------------------------------

    \19\ 12 CFR 1090.102.
---------------------------------------------------------------------------

    As noted above, Sec.  1090.103(d) of the CFPB's existing larger 
participant regulation provides that the CFPB may require submission of 
certain records, documents, and other information for purposes of 
assessing whether a person is a larger participant of a market as 
defined by a CFPB larger participant rule.\20\ As with the CFPB's other 
larger participant rules codified in subpart B, this authority will be 
available to facilitate the CFPB's identification of larger 
participants of the general-use digital consumer payment applications 
market. In addition, pursuant to existing Sec.  1090.103(a), a person 
will be able to dispute whether it qualifies as a larger participant in 
the general-use digital payment applications market. The CFPB will 
notify an entity when the CFPB intends to undertake supervisory 
activity; if the entity claims not to be a larger participant, it will 
then have an opportunity to submit documentary evidence and written 
arguments in support of its claim.\21\
---------------------------------------------------------------------------

    \20\ 12 CFR 1090.103(d).
    \21\ 12 CFR 1090.103(a).
---------------------------------------------------------------------------

IV. Legal Authority and Procedural Matters

A. Rulemaking Authority

    The CFPB is issuing the Final Rule pursuant to its authority under 
the CFPA, as follows: (1) sections 1024(a)(1)(B) and (a)(2), which 
authorize the CFPB to supervise nonbanks that are larger participants 
of markets for consumers financial products or services, as the CFPB 
defines by rule; \22\ (2) section 1024(b)(7), which, among other 
things, authorizes the CFPB to prescribe rules to facilitate the 
supervision of covered persons under section 1024; \23\ and (3) section 
1022(b)(1), which grants the CFPB the authority to prescribe rules as 
may be necessary or appropriate to enable the CFPB to administer and 
carry out the purposes and objectives of Federal consumer financial 
law, and to prevent evasions of such law.\24\
---------------------------------------------------------------------------

    \22\ 12 U.S.C. 5514(a)(1)(B), (a)(2).
    \23\ 12 U.S.C. 5514(b)(7).
    \24\ 12 U.S.C. 5512(b)(1).
---------------------------------------------------------------------------

B. Consultation With Other Agencies

    In developing the Final Rule and the Proposed Rule, the CFPB 
consulted with the Federal Trade Commission (FTC), as well as with the 
Board of Governors of the Federal Reserve System, the Commodity Futures 
Trading Commission (CFTC), the Federal Deposit Insurance Corporation 
(FDIC), the Financial Crimes Enforcement Network, the National Credit 
Union Administration (NCUA), the Office of the Comptroller of the 
Currency (OCC), and the Securities and Exchange Commission (SEC), on, 
among other things, consistency with any prudential, market, or 
systemic objectives administered by such agencies.\25\
---------------------------------------------------------------------------

    \25\ Specifically, 12 U.S.C. 5514(a)(2) directs that the CFPB 
consult with the FTC prior to issuing a final rule to define larger 
participants of a market pursuant to CFPA section 1024(a)(1)(B). In 
addition, 12 U.S.C. 5512(b)(2)(B) directs the CFPB to consult, 
before and during the rulemaking, with appropriate prudential 
regulators or other Federal agencies, regarding consistency with 
objectives those agencies administer. The manner and extent to which 
provisions of 12 U.S.C. 5512(b)(2) apply to a rulemaking of this 
kind that does not establish standards of conduct are unclear. 
Nevertheless, to inform this rulemaking more fully, the CFPB 
performed the consultations described in that provision of the CFPA.
    Some commenters questioned whether the CFPB met its consultation 
obligations based on the statement in the proposal that it 
``consulted with or provided an opportunity for consultation and 
input to'' the FTC and certain other agencies. 88 FR 80197 at 80199. 
The CFPB clarifies that it did meet during the rulemaking process 
with the FTC and other agencies listed above to consult about the 
rule. Some commenters also suggested that the CFPB is specifically 
required to consult with the FTC's Bureau of Competition, in line 
with those commenters' view that the CFPB must apply antitrust 
principles when defining a market for a larger participant rule. 
However, the relevant statutory provision, 12 U.S.C. 5514(a)(2), by 
its terms requires the CFPB to consult with the FTC, and not with 
specific divisions of the FTC. The CFPB addresses comments regarding 
the applicability of antitrust principles in discussion of general 
comments in part V further below.
---------------------------------------------------------------------------

V. Section-by-Section Analysis

Part 1090

Subpart B--Markets

Section 1090.109 General-Use Digital Consumer Payment Applications 
Market

Proposed Rule
    As described further below, the CFPB proposed to establish CFPB 
authority to supervise nonbank covered persons that are larger 
participants in this market because: (1) the market has grown 
dramatically and become increasingly important to the everyday 
financial lives of consumers; (2) CFPB supervisory authority over its 
larger participants would help the CFPB to promote compliance with 
Federal consumer financial law; (3) that authority would help the CPFB 
to detect and assess risks to consumers and the market, including 
emerging risks; and (4) that authority would help the CFPB to ensure 
consistent enforcement of Federal consumer financial law between 
nonbanks and insured banks and credit unions.
    To accomplish these goals, the Proposed Rule would have added to 
existing subpart B of part 1090 of the CFPB's rules a new Sec.  
1090.109 establishing CFPB supervisory authority over nonbank covered 
persons who are larger participants in a market for general-use digital 
consumer payment applications.\26\
---------------------------------------------------------------------------

    \26\ As explained in the Proposed Rule and discussed further 
below, the general-use digital payment applications described in 
this Final Rule are ``financial products or services'' under the 
CFPA. 12 U.S.C. 5481(15)(A)(iv), (vii). Nonbanks that offer or 
provide such financial products or services to consumers primarily 
for personal, family, or household purposes are ``covered persons'' 
under the CFPA. 12 U.S.C. 5481(5)(A), (6).
---------------------------------------------------------------------------

    As the Proposed Rule explained, many nonbanks provide consumer 
financial products and services that allow consumers to use digital 
applications accessible through personal computing devices, such as 
mobile phones, tablets, smart watches, or computers, to transfer funds 
to other persons. Some nonbanks also provide consumer financial 
products and services that allow consumers to use digital applications 
on their personal computing devices to store payment credentials they 
can then use to purchase goods or services at a variety of stores, 
whether by communicating with a checkout register or a self-

[[Page 99585]]

checkout machine, or by selecting the payment credential through a 
checkout process at ecommerce websites. Subject to the definitions, 
exclusions, limitations, and clarifications discussed in the Proposed 
Rule, the proposed market definition generally would have covered these 
consumer financial products and services.
    The Proposed Rule explained that the CFPB proposed to establish 
supervisory authority over nonbank covered persons who are larger 
participants in this market because this market has large and 
increasing significance to the everyday financial lives of 
consumers.\27\ Consumers are growing increasingly reliant on general-
use digital consumer payment applications to initiate payments.\28\ 
Recent market research indicates that 76 percent of Americans have used 
at least one of four well-known P2P payment apps, representing 
substantial growth since the first of the four was established in 
1998.\29\ Even among consumers with annual incomes lower than $30,000 
who have more limited access to digital technology,\30\ 61 percent 
reported using P2P payment apps.\31\ And higher rates of use by U.S. 
adults in lower age brackets may drive further growth well into the 
future.\32\ Across the United States, merchant acceptance of general-
use digital consumer payment applications also has rapidly expanded as 
businesses seek to make it as easy as possible for consumers to make 
purchases through whatever is their preferred payment method.\33\
---------------------------------------------------------------------------

    \27\ The Proposed Rule explained that, in proposing a larger 
participant rule for this market, the CFPB was not proposing to 
determine the relative risk posed by this market as compared to 
other markets. It noted that, as explained in its previous larger 
participant rulemakings, ``[t]he Bureau need not conclude before 
issuing a [larger participant rule] that the market identified in 
the rule has a higher rate of non-compliance, poses a greater risk 
to consumers, or is in some other sense more important to supervise 
than other markets.'' 88 FR 80197 at 80200 (citing Consumer Debt 
Collection Larger Participant Rule, 77 FR 65775 at 65779).
    \28\ See CFPB, Issue Spotlight: Analysis of Deposit Insurance 
Coverage Through Payment Apps (June 1, 2023) (CFPB Deposit Insurance 
Spotlight), https://www.consumerfinance.gov/data-research/research-reports/issue-spotlight-analysis-of-deposit-insurance-coverage-on-funds-stored-through-payment-apps/full-report/ (last visited Oct. 
23, 2023); see also McKinsey & Company, Consumer digital payments: 
Already mainstream, increasingly embedded, still evolving (Oct. 20, 
2023) (describing results of consulting firm's annual survey 
reporting that for the first time, more than 90 percent of U.S. 
consumers surveyed in August 2023 reported using some form of 
digital payment over the course of a year), https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/consumer-digital-payments-already-mainstream-increasingly-embedded-still-evolving (last visited Oct. 30, 2023); J.D. Power, 
Banking and Payments Intelligence Report (Jan. 2023) (reporting 
results of a survey of Americans that found that from the first 
quarter of 2021 to the third quarter of 2022, the number of 
respondents who had used a mobile wallet in the past three months 
rose from 38 percent to 49 percent), https://www.jdpower.com/business/resources/mobile-wallets-gain-popularity-growing-number-americans-still-prefer-convenience (last visited Oct. 23, 2023); 
PULSE, PULSE Study Finds Debit Issuers Focused on Digital Payments, 
Mobile Self-Service, Fraud Mitigation (Aug. 17, 2023) (reporting 
that nearly 80 percent of debit card issuers reported increases in 
consumers' use of mobile wallets in 2022), https://www.pulsenetwork.com/public/insights-and-news/news-release-2023-debit-issuer-study/ (last visited Oct. 30, 2023); FIS, The Global 
Payments Report (2023) (FIS 2023 Global Payments Report) at 175 
(industry study reporting that in 2022 digital wallets became the 
leading payment preference of U.S. consumers shopping online), 
https://www.fisglobal.com/-/media/fisglobal/files/campaigns/global-payments%20report/FIS_TheGlobalPaymentsReport_2023.pdf (last visited 
Nov. 5, 2024); Digital Payment Industry in 2023: Payment methods, 
trends, and tech processing payments electronically, eMarketer 
(formerly known as Insider Intelligence) (Jan. 9, 2023) (projecting 
2023 transaction volume by U.S. P2P mobile payment app providers to 
reach over $1.1 trillion), https://www.emarketer.com/insights/digital-payment-services/ (last visited Nov. 5, 2024); Consumer 
Reports Survey Group, Peer-to-Peer Payment Services (Jan. 10, 2023) 
(Consumer Reports P2P Survey) at 1 (reporting results from a survey 
finding that four in ten Americans use P2P services at least once a 
month), https://advocacy.consumerreports.org/wp-content/uploads/2023/01/P2P-Report-4-Surveys-2022.pdf (last visited Oct. 23, 2023); 
Kevin Foster, Claire Greene, and Joanna Stavins, 2022 Survey and 
Diary of Consumer Payment Choice: Summary Results (Sept. 17, 2022) 
at 8 (reporting results of survey conducted by Federal Reserve 
System staff finding that, as of 2022, two thirds of consumers 
reported adopting one or more online payment accounts in the 
previous 12 months--a share that was nearly 20 percent higher than 
five years earlier), https://www.atlantafed.org/-/media/documents/banking/consumer-payments/survey-diary-consumer-payment-choice/2022/sdcpc_2022_report.pdf (last visited Oct. 30, 2023); FDIC, FDIC 
National Survey of Unbanked and Underbanked Households (2021) at 33 
(Table 6.4 reporting finding that nearly half of all households 
(46.4 percent) used a nonbank app in 2021), https://www.fdic.gov/analysis/household-survey/2021report.pdf (last visited Oct. 23, 
2023).
    \29\ See, e.g., Monica Anderson, Pew Research Center, Payment 
apps like Venmo and Cash App bring convenience--and security 
concerns--to some users (Sept. 8, 2022) (Pew 2022 Payment App 
Article), https://www.pewresearch.org/short-reads/2022/09/08/payment-apps-like-venmo-and-cash-app-bring-convenience-and-security-concerns-to-some-users/ (last visited Oct. 23, 2023).
    \30\ Emily A. Vogels, Pew Research Center, Digital divide 
persists even as Americans with lower incomes make gains in tech 
adoption (June 22, 2021) (reporting results of early 2021 survey by 
Pew Research Center, finding 76 percent of adults with annual 
household incomes less than $30,000 have a smartphone and 59 percent 
have a desktop or laptop computer, compared with 87 percent and 84 
percent respectively of adults with household incomes between 
$30,000 and $99,999, and 97 percent and 92 percent respectively of 
adults with household incomes of $100,000 or more), https://www.pewresearch.org/short-reads/2021/06/22/digital-divide-persists-even-as-americans-with-lower-incomes-make-gains-in-tech-adoption/ 
(last visited Oct. 23, 2023).
    \31\ Consumer Reports P2P Survey at 2 (55 percent reported 
ongoing use and six percent stated they used to use this kind of 
service).
    \32\ See id. (85 percent of surveyed consumers aged 18 to 29 and 
85 percent of surveyed consumers aged 30 to 44 reported using a 
digital payment application, compared with 67 percent of consumers 
aged 45 to 59 and 46 percent of consumers aged 60 and over); see 
also Ariana-Michele Moore, The U.S. P2P Payments Market: Surprising 
Data Reveals Banks are Missing the Mark (AiteNovarica 2023 Impact 
Report) at 6, 24 (Figure 13 reporting 94 percent and 86 percent 
adoption of P2P accounts and digital wallets among the youngest 
adult cohort born between 1996 and 2002, compared with 57 percent 
and 40 percent among the oldest cohort born before 1995), https://aite-novarica.com/report/us-p2p-payments-market-surprising-data-reveals-banks-are-missing-mark (last visited Oct. 23, 2023) and 
https://datos-insights.com/reports/us-p2p-payments-market-surprising-data-reveals-banks-are-missing-mark/ (last visited Nov. 
5, 2024).
    \33\ See Geoff Williams, Retailers are embracing alternative 
payment methods, though cards are still king (Dec. 1, 2022) 
(National Retail Federation article citing its 2022 report 
describing a Forrester survey indicating that 80 percent of 
merchants accept Apple Pay or plan to do so in the next 18 months, 
65 percent of merchants accept Google Pay or plan to do so in the 
next 18 months, and, online, 74 percent accept PayPal or plan to do 
so), https://nrf.com/blog/retailers-are-embracing-alternative-payment-methods-though-cards-are-still-king (last visited Oct. 23, 
2023); see also The Strawhecker Group (TSG), Merchants respond to 
Consumer Demand by Offering P2P Payments (June 8, 2022) (TSG: 
Merchants Offering P2P Payments) (reporting results of TSG and 
Electronic Transactions Association survey of over 500 small 
businesses merchants finding that 82 percent accept payment through 
at least one digital P2P option), https://thestrawgroup.com/merchants-respond-to-consumer-demand-by-offering-p2p-payments/ (last 
visited Oct. 23, 2023).
---------------------------------------------------------------------------

    The Proposed Rule described how consumers rely on general-use 
digital consumer payment applications for many aspects of their 
everyday lives. In general, consumers make payments to other 
individuals for a variety of reasons, including sending gifts or making 
informal loans to friends and family and purchasing goods and services, 
among many others.\34\ Consumers can use digital applications to make 
payments to individuals for these purposes, as well as to make payments 
to businesses, charities, and other organizations. According to one 
recent market report, nonbank digital payment apps have rapidly grown 
in the past few years to become the most popular way to send money to 
other individuals other than cash,\35\ and are

[[Page 99586]]

used for a higher number of such transactions than cash.\36\ For many 
consumers, general-use digital consumer payment applications offer an 
alternative, technological replacement for non-digital payment 
methods.\37\ Consumers increasingly have adopted general-use digital 
consumer payment applications \38\ as part of a broader movement toward 
noncash payments.\39\ Amid growing merchant acceptance of general-use 
digital consumer payment applications, consumers with middle and lower 
incomes use digital consumer payment applications for a share of their 
overall retail spending that rivals or exceeds their use of cash.\40\ 
Such applications now have a share of ecommerce payments volume that is 
similar to or greater than other traditional payment methods such as 
credit cards and debit cards used outside of such applications.\41\ 
Such applications also have been gaining an increasing share of in-
person retail spending.\42\
---------------------------------------------------------------------------

    \34\ AiteNovarica 2023 Impact Report at 8-9 (Figure 1 reporting 
66 percent of 5,895 consumers surveyed reported making at least one 
domestic P2P payment in 2022 whether via digital means or not, and 
Figure 2 reporting that, of consumers who made P2P payments in 2022, 
among other purposes, 70 percent did so for birthday gifts, 64 
percent for holiday gifts, 49 percent for other gift occasions, 46 
percent to lend money, 41 percent to make a charitable contribution, 
39 percent paid for services, 39 percent purchased items, 31 percent 
provided funds in an emergency situation, and 18 percent provided 
financial support).
    \35\ Id. at 25 (Figure 14 reporting that, among other payment 
methods or sources, 74 percent of consumers made P2P payments in 
cash, 69 percent used alternative digital P2P payment services, 
defined as services offered by nonbank providers via mobile app, web 
service, or digital wallet, and 27 percent used Zelle through a 
bank's mobile application).
    \36\ Id. at 27-28 (Figure 15 reporting that, compared with 20 
percent of P2P transactions made in cash, 37 percent of P2P 
transactions made through alternative P2P payment services).
    \37\ See Marqueta, 2022 State of Consumer Money Movement Report 
(May 26, 2022) at 1 (summary of report describing results of 
industry survey finding that 56 percent of US consumers felt 
comfortable leaving their non-digital wallet at home and taking 
their phone with them to make payments), https://www.marqeta.com/resources/2022-state-of-consumer-money-movement (last visited Oct. 
23, 2023).
    \38\ AiteNovarica 2023 Impact Report at 24 (Figure 13 reporting 
81 percent of U.S. adults surveyed held one or more P2P accounts and 
69 percent had one or more digital wallets).
    \39\ The Federal Reserve Payments Study: 2022 Triennial Initial 
Data Release (indicating a rapid increase in core non-cash payments 
between 2018 and 2021 and a rapid decline in ATM cash withdrawals 
during the same period), https://www.federalreserve.gov/paymentsystems/fr-payments-study.htm (last visited Nov. 19, 2024).
    \40\ PYMNTS, Digital Economy Payments: The Ascent of Digital 
Wallets (Feb. 2023) at 16-17 (December 2022 survey finding 6.1 
percent of overall consumer spending by consumers with lower incomes 
made using digital consumer payment applications, compared with 9.9 
percent of consumer spending by consumers with middle-level 
incomes), https://www.pymnts.com/study/digital-economy-payments-ecommerce-shopping-retail-consumer-spending/ (last visited Oct. 23, 
2023).
    \41\ See FIS 2023 Global Payments Report at 176 (reporting 32 
percent share of ecommerce transactions, by value, made using a 
digital wallet, compared with 30 percent by credit card and 20 
percent by debit card).
    \42\ See, e.g., 2023 Pulse Debit Issuer Study (Aug. 17, 2023) at 
11 (reporting that mobile wallet use at point of sale nearly doubled 
in 2022, representing nearly 10 percent of total debit card purchase 
transactions in 2022), https://content.pulsenetwork.com/2023-debit-issuer-study/2023-pulse-debit-issuer-study-white-paper (last visited 
Nov. 5, 2024); Digital Economy Payments: The Ascent of Digital 
Wallets at 12 (December 2022 survey finding 7.5 percent of in-person 
consumer purchase volume made with a digital consumer payment 
application). See also CFPB Issue Spotlight, Big Tech's Role in 
Contactless Payments: Analysis of Mobile Devices Operating Systems 
and Tap-to-Pay Practices (Sept. 7, 2023) (CFPB Contactless Payments 
Spotlight) (describing market report by Juniper Research forecasting 
that the value of digital wallet tap-to-pay transactions will grow 
by over 150 percent by 2028), https://www.consumerfinance.gov/data-research/research-reports/big-techs-role-in-contactless-payments-analysis-of-mobile-device-operating-systems-and-tap-to-pay-practices/full-report/ (last visited Oct. 23, 2023).
---------------------------------------------------------------------------

    The Proposed Rule would have brought nonbanks that qualified as 
larger participants in a market for general-use digital consumer 
payment applications under the CFPB's supervisory jurisdiction.\43\ The 
Proposed Rule explained that supervision of larger participants, who 
engage in a substantial portion of the overall activity in this market, 
would help to ensure that they are complying with applicable 
requirements of Federal consumer financial law, such as the CFPA's 
prohibition against unfair, deceptive, and abusive acts and practices, 
the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and its 
implementing Regulation P,\44\ and the Electronic Fund Transfer Act 
(EFTA) and its implementing Regulation E.\45\ The Proposed Rule also 
explained that, as firms increasingly offer funds transfer and wallet 
functionalities through general-use digital consumer payment 
applications, the rule would enable the CFPB to detect and assess new 
risks to both consumers and the market.\46\ As stated in the Proposed 
Rule, the CFPB's ability to detect and assess emerging risks is 
critical as new product offerings blur the traditional lines of banking 
and commerce.\47\
---------------------------------------------------------------------------

    \43\ 12 U.S.C. 5514(a)(1)(B).
    \44\ See generally 12 CFR part 1016--Privacy of Consumer 
Financial Information (CFPB's Regulation P implementing 15 U.S.C. 
6804).
    \45\ 15 U.S.C. 1693 et seq., implemented by Regulation E, 12 CFR 
part 1005. See, e.g., 12 CFR 1005.11 (Procedures for financial 
institutions to resolve errors).
    \46\ 88 FR 80197 at 80201 & n.43 (citing CFPB, The Convergence 
of Payments and Commerce: Implications for Consumers (Aug. 2022) 
(CFPB Report on Convergence of Payments and Commerce) at sec. 4.1 
(highlighting the potential that consumer financial data and 
behavioral data are used together in increasingly novel ways), 
https://files.consumerfinance.gov/f/documents/cfpb_convergence-payments-commerce-implications-consumers_report_2022-08.pdf (last 
visited Oct. 27, 2023)).
    \47\ See generally id.
---------------------------------------------------------------------------

    The Proposed Rule explained that the CFPB regularly supervises 
depository institutions that provide general-use digital consumer 
payment applications.\48\ As the Proposed Rule noted, greater 
supervision of nonbanks in this market therefore would further the 
CFPB's statutory objective of ensuring that Federal consumer financial 
law is enforced consistently between nonbanks and depository 
institutions in order to promote fair competition.\49\
---------------------------------------------------------------------------

    \48\ For example, as the Proposed Rule noted, some depository 
institutions and credit unions provide general bill-payment services 
and other types of electronic fund transfers through digital 
applications for consumer deposit accounts. Id. at n.45.
    \49\ 12 U.S.C. 5511(b)(4).
---------------------------------------------------------------------------

    The Proposed Rule also recognized that States have been active in 
regulation of money transmission by money services businesses and that 
many States actively examine money transmitters.\50\ The Proposed Rule 
stated that the CFPB would coordinate with appropriate State regulatory 
authorities in examining larger participants.
---------------------------------------------------------------------------

    \50\ 88 FR 80197 at 80198 n.12, 80214 n.108 (citing CSBS, 
Reengineering Nonbank Supervision, Ch. 4: Overview of Money Services 
Businesses (Oct. 2019) (CSBS Reengineering Nonbank Supervision MSB 
Chapter), https://www.csbs.org/sites/default/files/other-files/Chapter%204%20-%20MSB%20Final%20FINAL_updated_0.pdf (last visited 
Nov. 5, 2024)).
---------------------------------------------------------------------------

General Comments Received \51\
---------------------------------------------------------------------------

    \51\ Some commenters provided additional recommendations that 
are outside the scope of this rulemaking, such as increasing 
education of consumers who use general-use digital consumer payment 
applications, promulgating new consumer protections for these 
consumers, or imposing information collection requirements such as 
collecting the legal entity identifier (LEI) of larger participants. 
The Final Rule does not address these comments, which are outside 
the scope of a rulemaking under CFPA section 1024(a)(1)(B) to define 
and establish supervisory authority over larger participants in a 
market for consumer financial products and services. In addition, a 
consumer group suggested that the CFPB the CFPB expressly clarify 
that meeting the definition of a larger participant does not 
automatically cause application of exclusions in State privacy laws 
for GLBA compliance and that the CFPB coordinate with States to 
avoid risk of preempting State privacy laws when the CFPB supervises 
for compliance with the GLBA and its implementing Regulation P. This 
rulemaking does not establish or interpret substantive consumer 
protection requirements and thus does not interpret Regulation P 
(including its provision describing its relationship with State laws 
in 12 CFR 1016.17); it also does not itself govern State 
coordination, which occurs separately when the CFPB carries out 
nonbank supervision.
---------------------------------------------------------------------------

    In this part of the section-by-section analysis, the Final Rule 
summarizes and responds to comments about general aspects of the 
proposal, including the rulemaking process, the CFPB's general reasons 
for issuing the proposal, and certain other general topics.
Comments on Rulemaking Process
    Some comments addressed the rulemaking process. First, some 
commenters suggested that the CFPB should not have issued, and should 
not finalize, the Proposed Rule during the

[[Page 99587]]

pendency of a Supreme Court case concerning the constitutionality of 
the CFPB's funding structure under the Appropriations Clause.\52\ 
Second, some industry commenters, a nonprofit commenter, an individual 
commenter, and some Members of Congress asked the CFPB to extend the 
comment period, such as by an additional 30 or 45 days. These 
commenters cited various reasons for their request, including the 
number of holidays during the comment period, the complexity of the 
proposed market including coverage of digital assets, the complexity of 
the proposed larger-participant test that included multiple steps, a 
need for more specifics regarding which products and services were 
encompassed in the market and the risks the CPFB believed they pose 
that justify the need for the Proposed Rule, and overlap between the 
comment period for the Proposed Rule, the comment period for the CFPB's 
proposal regarding personal financial data rights, and the CFPB's new 
market-monitoring orders covering some of the same entities. One 
industry commenter added that the decision not to extend the comment 
period formed part of the basis for their view that the CFPB should 
withdraw the Proposed Rule.
---------------------------------------------------------------------------

    \52\ See CFPB v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 
416 (2024) (U.S. argued Oct. 3, 2023).
---------------------------------------------------------------------------

Comments on the Large and Growing Market
    Commenters agreed that the market for general-use digital consumer 
payment applications has grown substantially in recent years. For 
example, consumer groups, several nonprofits, a payment network, an 
industry association, two banking industry associations, and a credit 
union association agreed (and an industry provider acknowledged \53\) 
that there has been rapid growth and widespread consumer adoption of 
general-use digital consumer payment applications. In support of their 
view, these commenters cited data in the Proposed Rule as well as other 
public information. An industry association stated that digital 
consumer payment applications have helped millions of U.S. consumers to 
send money to friends and family and make retail payments more 
efficient. A group of State attorneys general noted that a significant 
portion of consumers with lower incomes frequently rely upon general-
use digital consumer payment applications. Two nonprofit commenters 
also agreed that adoption by younger individuals may drive further 
growth.\54\ An industry association observed that the proposed market 
has experienced rapid increases in consumer adoption that likely will 
continue. As a consequence, this commenter described this market as 
still in what industry lifecycle literature describes as a stage of 
market growth as opposed to market maturity.
---------------------------------------------------------------------------

    \53\ As discussed further below, this commenter stated that 
growth alone was insufficient to justify the Proposed Rule, and that 
the CFPB must make certain specific findings regarding market risk. 
The Final Rule responds to those comments further below in the 
discussion of general comments about the relevance of risks to 
consumers to the rulemaking.
    \54\ While not disputing the rapid growth in the market, some 
other industry commenters suggested that the broader consumer 
payments sector should be considered, including when defining the 
market and setting the threshold for the larger-participant test, as 
discussed in the section-by-section analysis of those provisions 
further below.
---------------------------------------------------------------------------

    Several of these commenters stated that these general-use digital 
consumer payment applications increasingly are accepted by retailers 
and embedded into in-person and online commerce, which is itself 
growing. They pointed to this as one trend driving existing growth and 
future growth in the market. A comment from several consumer groups 
stated that as merchants seek to avoid interchange fees, they will 
increasingly rely upon digital payment applications as a payment method 
at the point of sale. A banking association and consumer group stated 
that they also expected the lines between banking, commerce, and 
technology to further converge and blur.\55\ A comment from several 
consumer groups stated that nonbank providers of consumer financial 
products and services have greater latitude under U.S. law to integrate 
those products into commercial platforms, and that large technology 
firms' business models depend on data collection.\56\
---------------------------------------------------------------------------

    \55\ One of these commenters pointed to an industry white paper 
describing a trend in the market toward ``embedding financial 
services into nonfinancial apps and other digital experiences.'' 
Google LLC White Paper, Embedded finance: The new gold rush in 
financial services (2021) (Google LLC Embedded Finance White Paper) 
at 4 (``These embedded experiences will soon permeate all aspects of 
our lives that involve money--and they'll feel so frictionless that 
users won't be aware of the underlying work financial institutions 
are doing to support these transactions.''), at 6 (``Embedded 
finance means, simply, embedding your financial services in the non-
financial products, services or technologies consumers already use 
and love. Since they spend much of their time in non-financial 
applications in their everyday lives--but only a fractional amount 
of time in financial applications--the growth opportunity for 
financial services companies is considerable.''), https://cloud.google.com/resources/financial-services-embedded-finance-whitepaper (last visited Nov. 5, 2024).
    \56\ One consumer group commenter added that in its view, Big 
Tech firms have a business model that seeks to maximize data 
collection based on different goals from publicly-chartered and 
regulated financial institutions.
---------------------------------------------------------------------------

    Another nonprofit commenter suggested in general terms that CFPB 
supervision of larger participants in the general-use digital consumer 
payment applications market could help the CFPB to detect and assess 
risks to the U.S. financial system. It stated that the market may 
present such risk, given how general-use digital consumer payment 
applications facilitate a high volume of transactions, including flows 
of funds through stored value accounts that are not FDIC-insured.
    However, some industry and nonprofit commenters stated that the 
rapid growth in the market and widespread consumer adoption merely 
indicates that the market is successful and popular among consumers. In 
their view, as discussed further below, the fact that the market is 
large and growing market is not an adequate basis for subjecting its 
larger participants to supervision, absent findings of risks to 
consumers or markets or market failures.\57\
---------------------------------------------------------------------------

    \57\ The Final Rule further summarizes and responds to those 
comments in the discussion below of general comments on detecting 
and assessing risks (including emerging risks) to consumers and 
markets.
---------------------------------------------------------------------------

Comments on Promoting Compliance With Federal Consumer Financial Law
    The Proposed Rule stated that CFPB supervision of larger 
participants would promote compliance with applicable requirements of 
Federal consumer financial law. A group of State attorneys general, 
consumer groups, some nonprofit and individual commenters, a banking 
association, and a comment from a payment network and an industry 
association generally agreed that the proposal would serve this 
purpose, as described below. However, as described further below, some 
industry and nonprofit and other commenters disagreed or stated that 
the proposal did not provide sufficient support for the claim that it 
would serve this purpose.\58\
---------------------------------------------------------------------------

    \58\ Some commenters also suggested that existing State and 
Federal oversight of some market activities, including for 
compliance with Federal consumer financial law, was adequate. The 
Final Rule separately addresses comments on those general topics 
further below.
---------------------------------------------------------------------------

    Several commenters expressed concern that larger participants may 
be violating or inadequately incentivized to comply with one or more of 
the Federal consumer financial laws cited in the Proposed Rule. A joint 
comment from consumer groups stated that consumers are exposed to 
unfair, deceptive and abusive practices in the payments area, and 
stated that oversight of this market is needed to ensure market 
participants comply with the prohibition against

[[Page 99588]]

unfair, deceptive, and abusive acts and practices.\59\ This comment 
assessed the risk of abusive practices as high due to what the comment 
described as lack of competition and consumer choice with respect to 
the larger participants defined in the Proposed Rule. A comment from a 
group of State attorneys general stated that the Proposed Rule, coupled 
with existing State consumer protection statutes, would allow the 
Federal and State governments to work together to prevent and abate 
unfair, deceptive, and abusive acts and practices in the market. A 
consumer group and a nonprofit commenter stated that the Proposed Rule 
would be especially useful in promoting compliance with the prohibition 
against unfair, deceptive, and abusive acts and practices by companies 
that provide financial services to incarcerated and recently 
incarcerated persons. And a consumer group and nonprofit commenter 
stated that it was common sense that unfair, deceptive, and abusive 
acts and practices protections be applied to new entrants and 
technologies like those described in the Proposed Rule.
---------------------------------------------------------------------------

    \59\ See 12 U.S.C. 5531, 5536 (prohibiting unfair, deceptive, 
and abusive acts and practices in connection with the offering or 
provision of consumer financial products and services).
---------------------------------------------------------------------------

    As an example of how supervision of larger participants would 
promote compliance, a banking association noted that the CFPB's 
publication Supervisory Highlights \60\ communicates CFPB expectations 
of compliance to the overall market and encouraged its use in this 
market, and stated that the proposal should enable the CFPB to publish 
Supervisory Highlights identifying problematic conduct in this market. 
A comment from several consumer groups pointed to findings in 
Supervisory Highlights related to violations of Regulation E and other 
provisions of Federal consumer financial law violations at banks. The 
comment stated that the CFPB also should supervise larger nonbank 
companies handling consumer payments, including payment apps, because 
such violations at nonbanks are just as likely if not more so.
---------------------------------------------------------------------------

    \60\ The CFPB periodically publishes Supervisory Highlights to 
share key examination findings in order to help industry limit risks 
to consumers and comply with Federal consumer financial law. Each 
Supervisory Highlights publication shares recent examination 
findings, including information about recent enforcement actions 
that resulted, at least in part, from the CFPB's supervisory 
activities. These reports also communicate operational changes to 
the CFPB's supervision program and provide a convenient and easily-
accessible resource for information on the CFPB's recent guidance 
documents. Supervisory Highlights does not refer to any specific 
institution in order to maintain the confidentiality of supervised 
entities. See https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited Nov. 5, 2024).
---------------------------------------------------------------------------

    Regarding EFTA and Regulation E, a comment from consumer groups 
stated that oversight is needed to ensure payment app and digital 
wallet providers comply with the EFTA's consumer protections for 
electronic fund transfers, highlighted payment fraud as a significant 
risk, and stated that violations of the EFTA related to digital 
payments are extremely common, even among banks that are closely 
supervised by regulators. The commenter cited to several findings of 
EFTA violations from CFPB examinations in this area that the CFPB has 
published in Supervisory Highlights. A credit union association 
commenter stated that nonbanks that offer consumer payment services 
have error resolution responsibilities under Regulation E which the 
CFPB cannot effectively assess without exercising supervisory 
authority.
    Commenters also addressed risks posed to consumers associated with 
potential violations of the GLBA and Regulation P.\61\ A comment from a 
group of State attorneys general supported the Proposed Rule in part 
because it would allow the CFPB to examine digital payment applications 
for compliance with the privacy provisions of the GLBA. The comment 
stated the Proposed Rule would permit the CFPB to address the critical 
data privacy issues posed by digital payment applications by allowing 
the CFPB to assess how applications are storing, using, and sharing 
their collections of sensitive consumer data as well as changes to 
larger participants' privacy policies. A consumer group commenter 
stated that its review had identified multiple risks associated with 
peer-to-peer payment application companies. The commenter stated that 
more than 25,000 consumers had signed a petition urging the CFPB to 
take action with respect to various risks posed by payments 
applications, including risks associated with fraud and collection and 
storage of consumer information.\62\
---------------------------------------------------------------------------

    \61\ Title V, subtitle A of the GLBA and its implementing 
regulation, Regulation P, govern the treatment of nonpublic personal 
information about consumers by financial institutions.
    \62\ Similarly, other commenters emphasized potential risks with 
respect to use of consumer data and risks to consumer privacy that 
may be associated with payment application and digital wallet 
providers, including the risk of losing money through fraud or 
mistakes or having personal data collected and shared.
---------------------------------------------------------------------------

    Other commenters such as a company, nonprofits, and an industry 
association stated that the Proposed Rule did not adequately assess the 
degree of existing compliance or otherwise explain how it would promote 
compliance. For example, one commenter criticized the statement in the 
proposal that CFPB supervision would incentivize compliance as 
circular, given what it viewed as inadequate discussion in the Proposed 
Rule of the level of existing non-compliance or risks of non-
compliance.\63\ In addition, several industry comments suggested that 
EFTA/Regulation E, GLBA/Regulation P, or both do not apply to certain 
market participants, which they viewed as undermining the notion that 
the Proposed Rule would promote compliance with Federal consumer 
financial law. A company commenter added that the proposal did not 
explain how the prohibition against unfair, deceptive, or abusive acts 
or practices applied to market participants, or why supervision is the 
appropriate mechanism to identify and prevent any anticipated 
violations of Federal consumer financial law more broadly. Further, an 
industry commenter stated that State supervision by itself is more 
effective and better at enforcing the law than CFPB supervision.
---------------------------------------------------------------------------

    \63\ Further below, the Final Rule summarizes and responds to 
comments more broadly addressing the general topic of risks to 
consumers in the market.
---------------------------------------------------------------------------

Comments on Detecting and Assessing Risks to Consumers and Markets, 
Including Emerging Risks
    Comments from a group of State attorneys general, a payment 
network, a banking association, consumer groups, and nonprofits agreed 
that CFPB supervision of larger participants in this market would help 
the CFPB to detect and assess risks to consumers and markets, including 
emerging risks, in this rapidly growing and evolving market. For 
example, an industry association generally described the potential for 
CFPB supervision to promote maturity in the market, which it described 
as immature and rapidly evolving.\64\ In addition, these comments 
pointed to several reasons why the CFPB supervision and examination 
process is well suited to this goal. A consumer group stated that 
supervisory authority is one of the most basic tools regulators have to 
identify new risks in the market as early as possible, before market 
failures with wide-ranging implications occur. Several consumer groups 
added that CFPB should not rely only on third-party sources of

[[Page 99589]]

information to assess market activity, which would lead to delayed 
responses to problems, compared with supervision.\65\ A nonprofit 
commenter stated that because supervision occurs outside of the 
adversarial legal process, it is an especially effective tool for 
rapidly gathering information that can prevent dubious practices before 
they develop.
---------------------------------------------------------------------------

    \64\ In its view, the Proposed Rule may result in development of 
a robust, consumer-protected market, given how previous larger 
participant rules had helped to ensure consumer protection remains a 
prominent concern among participants in those markets.
    \65\ These commenters also stated supervision of larger 
participants would allow the CFPB to respond more quickly to 
emerging problems affecting servicemembers who are especially 
vulnerable to identity theft and fraud in the market.
---------------------------------------------------------------------------

    Several comments also identified various existing and emerging 
risks in the market that the commenters believed the CFPB would be able 
to effectively detect and assess though supervision, including risks 
with respect to consumers' loss of funds and loss and misuse or abuse 
of data. The Final Rule summarizes these comments below. In addition, a 
group of State attorneys general stated that the rule will allow the 
CFPB to detect and assess risks that emerge not only from the existing 
products and services, but also as a result of future technological 
advancements in the market.
    With respect to the potential for consumers to lose funds or access 
to funds, a group of State attorneys general noted that research cited 
in the proposal indicated that almost a third of digital payment 
application users with lower incomes reported one or more problems 
related to funds being sent to the wrong person or not receiving funds 
that were sent to them.\66\ These commenters stated that a lack of 
regulatory oversight has significantly contributed to those problems. A 
nonprofit commenter stated that larger participants pose unique risks 
to consumers related to what the commenter characterized as the lack of 
consumer protections associated with these applications, as well as the 
possible systemic risks they may present to the financial markets. The 
commenter raised specific concerns about the risk of consumer loss of 
funds from uninsured entities and lack of consumer awareness of such 
matters. The commenter also stated that CFPB supervision of these 
nonbank payment applications would, among other things, help to 
identify and mitigate systemic financial risk and enhance consumer 
protection. An individual commenter stated that the market had diverse 
participants but that there are common areas of risk with payment apps 
linked to a stored value product, including a risk of losing access to 
funds to pay for food or bills due to a technical glitch. Additional 
commenters raised various concerns about what they often described as 
fraud in the market and lack of related consumer protections, and a 
nonprofit commenter cited complaints submitted to the FTC regarding 
peer-to-peer payment fraud. At the same time, several industry 
commenters suggested that certain consumer protections such as EFTA/
Regulation E or GLBA/Regulation P do not apply to some market 
participants, as described further above, and that consumers often are 
adequately protected by other parties to the transaction such as banks 
and credit unions, as described in the discussion of general comments 
about existing oversight of the market further below.
---------------------------------------------------------------------------

    \66\ Consumer Reports P2P Survey at 7 (also indicating that of 
all respondents who have used a P2P service, 22 percent reported one 
or more such problems). See also 88 FR 80197 at 80200 n.25 
(proposal's discussion of other data in this report, noted above).
---------------------------------------------------------------------------

    With regard to uses of consumer payments data, a banking 
association, a payment network, a nonprofit commenter, and several 
consumer groups stated that the way in which nonbanks can exploit the 
convergence of payments and commerce poses risk to consumers with 
respect to this market, such as through aggregation and monetization of 
consumer financial data. A group of State attorneys general added that 
supervision of larger participants would help the CFPB to detect and 
assess emerging risks in the use of consumer financial data as 
technology continues to evolve. And an individual commenter and several 
industry comments stated that consumer payments data is often used for 
purposes beyond initiation of the consumer payment transaction.\67\ 
Several consumer groups described the level and use of consumer data 
collected by large technology firms as unreasonable and potentially 
dangerous. Several other commenters including individuals noted that 
the collection of such data also raises data security risks, including 
what a nonprofit commenter described as novel security risks raised by 
digital wallets. At the same time, other comments from industry 
suggested that data security risks to consumers were particularly low 
given the security and anti-fraud enhancements from market 
participants' reliance on features such as tokenization.\68\ And a 
nonprofit commenter stated that government regulators generally are not 
effective at preventing data breaches as some of the largest have 
occurred at heavily-regulated institutions.
---------------------------------------------------------------------------

    \67\ The Final Rule discusses and responds to these comments in 
more detail in the section-by-section analysis of the exclusion for 
certain marketplace activities described further below.
    \68\ In addition, digital assets industry comments described 
what they viewed as additional security that digital assets provide. 
As discussed in the section-by-section analysis of the larger-
participant test further below, the Final Rule does not count those 
transactions toward the larger-participant test.
---------------------------------------------------------------------------

    Some commenters disagreed that the goal of detecting and assessing 
risks including emerging risks warrants the proposed expansion of 
CFPB's supervisory authority in this market. For example, two nonprofit 
commenters stated that the rationale of detecting and assessing 
emerging risks was not supported by evidence, and instead only by the 
theoretical possibility of harm in an innovative, successfully-growing 
and popular market. Another nonprofit commenter stated that the 
proposal did not examine the nature of the emerging risks, whether by 
mentioning novel security risks posed by digital wallets or other 
harms. Another nonprofit commenter stated its belief that market 
participants' responses to the CFPB's previous market-monitoring orders 
generated adequate information for the CFPB to determine the level of 
risks posed by this emerging market.\69\ Two industry associations 
stated that they agreed in principle that regulation needed to evolve 
along with new technology, but they stated that the CFPB first must 
identify harms it perceives in the market before proposing to supervise 
its larger participants. Another industry association agreed, stating 
that the Proposed Rule merely described the possibility of ``new 
risks'' from ``new product offerings'' and did not state what the ``new 
risks'' might be. It pointed to market reports that, in its view, 
indicated that nonbanks' multi-sided business models in the digital 
economy provide new benefits to consumers and promote competition.\70\ 
A nonprofit commenter characterized the proposal as referring to 
hypothetical risks that may occur in the future, and described this 
reference as a mere pretext to support an agenda to target large 
technology firms. An industry commenter added that the goal of 
detecting and assessing new and emerging risks is inadequate as a

[[Page 99590]]

foundation for a larger participant rule. In its view, the CFPB can 
only engage in larger participant rulemakings when it identifies risks 
that supervision would mitigate. The commenter also asserted that, 
because the CFPB must consider risks to consumers in exercising its 
supervisory authority under section 1024(b)(2), the CFPA also requires 
that the CFPB establish the existence of specific risks to consumers 
that would be mitigated by supervision when issuing a larger 
participant rule under section 1024(a)(1)(B) and (2). The industry 
commenter also claimed that principles of administrative law likewise 
require the rule to target identified risks.\71\
---------------------------------------------------------------------------

    \69\ However, this commenter also recommended that the CFPB 
continue to gather information on the market before expanding its 
supervisory authority as proposed.
    \70\ Separately, this commenter observed that the financial 
technology sector that encompasses the proposed market often uses 
advanced technologies including artificial intelligence, block chain 
technology, and data mapping to create new financial products and 
services that are beneficial in various ways. This commenter did not 
state that such products posed any risk or could pose any emerging 
or new risks.
    \71\ The commenter also stated in a footnote that if the rule 
does not need to identify meaningful risks to consumers then the 
CFPA would violate the non-delegation doctrine in constitutional 
law. The commenter did not explain the basis for that view, and the 
CFPB disagrees with that view. Through the CFPA, Congress has 
provided guidance to the CFPB on how to exercise its rulemaking 
authority under 12 U.S.C. 5514(a)(1)(B) and has imposed limits on 
that authority, including rules of construction for defining larger 
participants and policy considerations, which the CFPB has addressed 
in this Final Rule.
---------------------------------------------------------------------------

    More broadly, many of the industry commenters and other commenters 
stated that the Proposed Rule did not adequately consider whether 
market activity currently poses risks to consumers and if so how and to 
what degree. Other commenters similarly stated that the proposal failed 
to establish that certain provisions of Federal consumer financial law 
apply to market participants; that the proposal failed to identify 
potential violations of law or other specific harms that the Proposed 
Rule would seek to address, or any relevant market failures; and that 
the CFPB should first issue a report articulating the risks it sees in 
the proposed market or otherwise identify such risks prior to issuing a 
final rule.\72\ Certain commenters also stated that the CFPB should 
evaluate risk separately with respect to various subcomponents of the 
market described in the Proposed Rule, and argued for the exclusion of 
various market participants, as discussed in more detail in the 
section-by-section analysis of the corresponding component of the 
market definition further below.\73\ Finally, a nonprofit commenter 
stated that the CFPB should provide greater clarity to market 
participants as to how the CFPB would assess risk in its prioritization 
process in this market, including what risks it would consider.
---------------------------------------------------------------------------

    \72\ A nonprofit commenter stated that the unique data security 
risks that digital wallets pose should be addressed through public 
education rather than regulation. As noted above, consumer education 
is outside the scope of this rule and, for the reasons explained in 
the response to general comments, education is not a substitute for 
supervision.
    \73\ Some commenters suggested that CFPB supervision itself 
would increase risk such as by reducing examinees' resources 
available for fraud prevention, or exposing the supervised entity's 
data to breaches. For the reasons explained in the impacts analysis 
in part VII, the CFPB has not determined the Final Rule will reduce 
fraud prevention. With regard to the risk of data breaches, the 
CFPB's information security system mitigates those risks as further 
discussed in part VII.
---------------------------------------------------------------------------

Comments on Ensuring Consistent Enforcement of Federal Consumer 
Financial Law Between Banks and Nonbanks
    Some comments addressed the Proposed Rule's statement that the rule 
would further the CFPB's statutory mandate to ensure consistent 
enforcement of Federal consumer financial law between nonbanks and 
banks and credit unions, in order to promote fair competition. Several 
consumer groups, banking and credit union industry associations, a 
payment network, some nonprofits, and an industry provider generally 
agreed that the Proposed Rule would have that benefit. For example, a 
community banking association stated that community banks have long 
expressed concerns that financial technology and large technology firms 
are offering financial products and services traditionally provided by 
banks, without the same level of regulatory oversight. A banking 
association stated that consumers are best protected when banks and 
nonbanks offering similar financial products and services are subject 
to the same oversight, which mitigates the potential for consumer harm 
and improves consumer trust and confidence. This commenter and another 
banking association added that establishing parity in supervision will 
help to ensure that nonbanks provide the same consumer protections when 
they provide the same services as banks. A payment network and a 
nonprofit commenter agreed that the proposal would help to ensure that 
entities engaged in the same functional activities are subject to the 
same functional regulation. Some comments described nonbanks as 
deriving a competitive advantage due to their lesser supervisory 
oversight, and banks and credit unions as disadvantaged. For example, 
the credit union industry association commenter stated that the lesser 
supervisory oversight of nonbank peer-to-peer payment apps increases 
burdens on credit unions responding to consumer disputes of 
transactions conducted in those apps due to the app providers' 
underinvestment in compliance and customer service and consumer 
preferences for contacting the credit union. The community banking 
association also stated that this gap in oversight erodes consumer 
trust. One of the banking industry associations agreed, noting that its 
2022 survey found that an overwhelming majority of consumers were 
concerned about a gap in regulatory oversight between fintech firms 
(including cryptocurrency firms) and banks, and believed that the CFPB 
and Congress should do more to protect consumers from harm and abuse in 
these areas.\74\
---------------------------------------------------------------------------

    \74\ Consumer Bankers Ass'n, Press Release, NEW POLL: Nearly 
Ninety Percent Of Americans Concerned That Fintech & Crypto Firms Do 
Not Have Appropriate Level of Federal Regulation (Dec. 12, 2022) 
(describing 56 percent of respondents that want greater oversight 
compared to 24 percent who are satisfied with existing oversight), 
https://consumerbankers.com/press-release/new-poll-nearly-ninety-percent-of-americans-concerned-that-fintech-crypto-firms-do-not-have-appropriate-level-of-federal-regulations/ (last visited Nov. 
18, 2024).
---------------------------------------------------------------------------

    At the same time, some industry and nonprofit commenters challenged 
the potential for Proposed Rule to promote consistent enforcement of 
Federal consumer financial law as between nonbanks and depository 
institutions, and thereby promote fair competition, as well as the 
appropriateness of that consideration in the rulemaking. For example, 
some of these commenters described the proposed objective as an 
illegitimate form of ``mission creep . . . outside of [the CFPB's] core 
jurisdiction'' or further suggested that the Proposed Rule would place 
the CFPB in the role of market gatekeeper for nonbanks, which would 
frustrate competition and innovation (which one of these commenters 
described as the effect that banking regulation already has on banks). 
Some industry commenters also suggested the objective failed to account 
for the structure of nonbank market activity vis-[agrave]-vis banks and 
credit unions. For example, an industry association stated that many 
nonbank market participants either complement banks and credit unions 
by making it easier for consumers to use payment methods provided by 
those financial institutions, or partner directly with the banks and 
credit unions. Some banking associations also expressed concern that 
the rule would increase indirect burden on banks and may create 
confusion about differences between banks and nonbanks. As another 
example, an industry provider stated that banks provide deposit 
accounts (and associated funds transfer functionalities), not pass-
through payment wallets allowing consumers to access payment methods 
issued by

[[Page 99591]]

third-party financial institutions.\75\ And for that reason, in its 
view, increased oversight of those activities would not serve the 
CFPB's stated purpose. However, another industry association stated 
that banks have been introducing their own digital wallets, both 
directly and through affiliates, in an effort to compete with nonbank 
incumbents that have embedded their digital wallets into merchant 
checkout processes.
---------------------------------------------------------------------------

    \75\ As discussed below in the section-by-section analysis of 
the definition of ``covered payment functionality,'' the preamble 
uses the phrase pass-through payment wallet to describe this type of 
functionality discussed by commenters.
---------------------------------------------------------------------------

    Finally, an industry association also suggested that in some ways 
the Final Rule may not promote consistent enforcement of Federal 
consumer financial law. It stated that the CFPB should explain why 
larger participants in the proposed market should be subject to what it 
viewed as significantly more CFPB supervisory authority than exists 
over other persons that facilitate consumer payment transactions, such 
as banks and credit unions providing physical payment cards and 
providers of payment applications that do not have ``general use'' as 
defined in the Proposed Rule such as automobile purchase applications 
and food delivery applications.\76\
---------------------------------------------------------------------------

    \76\ The commenter also stated the Proposed Rule excluded from 
``general use'' bill-payment applications and applications used to 
purchase financial assets including securities. However, the 
Proposed Rule specifically acknowledged the existence in the market 
of ``a general-use bill-payment function.'' 88 FR 80197 at 80206. In 
addition, the Proposed Rule did not list applications for purchase 
of securities among the examples of activities that do not have 
``general use'' because it already excluded those transaction from 
the proposed definition of ``consumer payment transaction'' as 
discussed in the section-by-section analysis of that term further 
below.
---------------------------------------------------------------------------

Comments on Other Regulators' Existing Oversight Authority
    Some commenters suggested the rule would help existing regulatory 
oversight efforts in the market, while others stated that the Proposed 
Rule did not adequately consider whether the CFPB supervisory authority 
was needed in light of existing regulatory oversight mechanisms of 
other regulators.
    A group of State attorneys general stated that the Proposed Rule 
would allow Federal and State authorities to coordinate to prevent and 
abate unfair, deceptive, and abusive acts and practices in the market. 
They indicated that violations of Federal law detected through CFPB's 
supervisory examinations could assist State enforcement, including in 
States such as California, New Jersey, and New York, where a commercial 
practice that violates Federal law is deemed or presumed to violate the 
State's consumer protection laws.
    On the other hand, some other commenters stated that the Proposed 
Rule did not adequately consider the degree to which the market already 
is overseen by other regulators, including State oversight of nonbank 
market participants that are money transmitters, Federal prudential 
regulators' oversight with respect to banks and credit unions that 
provide accounts, hold funds, and process payments facilitated by 
nonbank market participants, and FTC enforcement of consumer protection 
laws including competition laws.\77\ Several industry associations 
stated that the rulemaking generally must better account for the 
potential for CFPB supervision to duplicate the oversight by those 
other regulators, and the unnecessary burdens and diverging regulatory 
expectations that such duplicative supervision can create.\78\ One of 
these commenters stated that the CFPB should clarify the scope and 
requirements of the rule to prevent these outcomes, and stated that 
close coordination by the CFPB with other regulators is needed before 
the CFPB pursues oversight of larger participants.
---------------------------------------------------------------------------

    \77\ A few industry comments also mentioned Federal oversight of 
money transmitters by FinCEN in the U.S. Treasury. These commenters 
did not describe any nexus between that oversight and compliance 
with Federal consumer financial law, or otherwise suggest that 
supervisory activity by FinCEN and the CFPB would have overlapping 
subject matter related to compliance with Federal consumer financial 
law.
    \78\ Some commenters also discussed Federal prudential 
regulators' existing oversight of banks and credit unions as 
relevant due to the inclusion in the market of nonbanks that partner 
with banks and credit unions, and of pass-through payment wallets 
that facilitate the use of accounts provided by banks and credit 
unions. The Final Rule summarizes and responds to those comments in 
more detail in the section-by-section analysis of ``covered payment 
functionality'' below.
---------------------------------------------------------------------------

    With respect to existing State oversight, an industry association 
stated that State financial regulators supervise various aspects of the 
market and the CFPA requires the CFPB to account for oversight by State 
authority when exercising its supervisory authority. Two other industry 
associations indicated that in their view the Proposed Rule did not 
consider how the CFPB would address overlap in scope with State 
examinations on the same subject matter particularly at money 
transmitters. A nonprofit commenter suggested that State oversight is 
sufficient because States are better at enforcing the law because they 
have a better understanding of local conditions.\79\
---------------------------------------------------------------------------

    \79\ This commenter also stated that States generally occupy the 
field of consumer protection law, that Federal supervisory oversight 
by the CFPB would ``preempt'' State law, and that the proposal did 
not provide compelling evidence for doing so. The CFPB disagrees 
that a larger participant rule, which establishes CFPB supervisory 
authority and does not impose substantive consumer protection 
obligations, preempts such State consumer protection laws.
---------------------------------------------------------------------------

Comments on CFPB Enforcement and Market-Monitoring Authorities
    An industry association stated that the Proposed Rule did not 
explain how supervisory authority would promote additional compliance 
with Federal consumer financial law beyond compliance the CFPB ensures 
through its enforcement function and aided by its market-monitoring 
function. A nonprofit suggested that CFPB enforcement is sufficient to 
address risks to consumers, and that supervision would only impose 
unnecessary burden.
Comments Raising ``Major Questions'' Doctrine
    Another area of comment related to the ``major questions 
doctrine.'' Those commenters who addressed the doctrine generally were 
critical of the Proposed Rule and took an expansive view of the 
circumstances in which the doctrine applies. First, one nonprofit 
commenter stated that the major question doctrine precludes the CFPB 
from defining larger participants in a digital wallet market generally. 
This commenter stated that, despite the existence of digital wallets at 
the time of adoption of the CFPA, Congress did not expressly include 
them within the scope of CFPB supervisory authority and therefore chose 
to foster innovation free from the CFPB's supervisory oversight. 
Further, in its view, the market has vast economic and political 
significance given both the aggregate dollar value of transactions on 
digital wallets (nearly $1 trillion) and references by the CFPB to 
payment systems as ``critical infrastructure'' and to ``Big Tech'' 
companies.\80\ Second, some commenters stated that the CFPB's 
interpretation of the merchant payment processing exclusion in CFPA 
section 1002(15)(A)(vii)(I) also is impermissible under the major 
questions doctrine.\81\

[[Page 99592]]

Third, some commenters stated that the major questions doctrine voids 
the CFPB's interpretation of CFPA section 1024(b) as authorizing 
supervision of all consumer financial products and services provided by 
a larger participant for compliance with Federal consumer financial law 
and related risks.\82\
---------------------------------------------------------------------------

    \80\ CFPB Press Release (Nov. 7, 2023) (announcing Proposed 
Rule), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps/ (last visited Nov. 8, 
2024).
    \81\ In addition, some commenters stated that the inclusion of 
certain digital assets transfers in the proposed definition of 
consumer payment transactions raised a ``major question.'' As 
discussed further below, the CFPB has decided, for purposes of this 
Final Rule, not to define larger participants in the general-use 
digital consumer payment applications market by reference to 
activity involving digital assets. This Final Rule therefore does 
not address these major questions comments further.
    \82\ As discussed further above in the general comments on how 
the rule would enable the CFPB through its supervisory activity to 
detect and assess risks to consumers and markets, a nonbank 
commenter claimed that the larger participant rule itself must 
identify meaningful risk, or it would violate the major questions 
doctrine. For the reasons described below in the response to these 
general comments above, the CFPB disagrees with both claims. The 
CFPB also disagrees that this rule implicates the major questions 
doctrine for reasons discussed below.
---------------------------------------------------------------------------

Comments on Potential Scope of CFPB Examinations of Larger Participants
    Relatedly, the CFPB received several other comments on the 
proposal's statement that the CFPB's supervisory authority is not 
limited to the products or services that qualified a person for 
supervision, but also includes other activities of such a person that 
involve other consumer financial products or services or are subject to 
Federal consumer financial law.\83\ Four commenters (representing the 
banking industry) expressed agreement with the CFPB's description of 
its supervisory authority over larger participants. They stated that 
the CFPB's position is consistent with how the CFPB supervises large 
banks, where every consumer financial activity that the bank engages in 
is subject to CFPB jurisdiction. Several other commenters (several 
industry trade groups, an individual company, and a law firm) disagreed 
with the CFPB's description of its supervisory authority. These 
commenters generally interpreted CFPA section 1024 to limit the scope 
of nonbank supervisory authority over larger participants to specific 
consumer financial products and services included in the market covered 
by the corresponding larger participant rule. One of these commenters 
asserted that the rule could not be used by the CFPB to scrutinize the 
digital assets business lines of entities, including those already 
subject to supervision. One commenter also suggested that even if the 
CFPA's view of its authority is correct, it would be unreasonable for 
the CFPB to actually exercise that authority because the costs of such 
supervision would exceed the benefits. Another said the exercise of 
such authority would discourage innovation and competition.
---------------------------------------------------------------------------

    \83\ 88 FR 80197 at 80198 n.7 (quoting 77 FR 42874 at 42880).
---------------------------------------------------------------------------

Response to General Comments Received
    After first responding to comments on rulemaking process issues, 
the Final Rule provides a response below to other general comments. For 
the reasons described below, the CFPB continues to believe that 
issuance of this larger participant rule is warranted because: (1) the 
market has grown dramatically and become increasingly important to the 
everyday financial lives of consumers; (2) CFPB supervisory authority 
over its larger participants would help the CFPB to promote compliance 
with Federal consumer financial law; (3) that authority would help the 
CPFB to detect and assess risks to consumers and the market, including 
emerging risks; and (4) that authority would help the CFPB to ensure 
consistent enforcement of Federal consumer financial law between banks 
and nonbanks.
Rulemaking Process
    While the CFPB was considering comments on the Proposed Rule, the 
Supreme Court issued a decision ruling that the CFPB funding mechanism 
is constitutional under the Appropriations Clause.\84\ The CFPB 
disagrees with commenters' suggestion that it should have forgone 
larger participant rulemaking activity during such a challenge.
---------------------------------------------------------------------------

    \84\ CFPB v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 416 
(2024).
---------------------------------------------------------------------------

    The CFPB also disagrees with those commenters suggesting that an 
extension of the comment period was necessary to allow for meaningful 
input on the Proposed Rule. The Proposed Rule would have a narrow 
impact, establishing CFPB supervisory authority over a group of nonbank 
covered persons who already are subject to CFPB enforcement and market-
monitoring authority, and at least some of whom already are subject to 
CFPB supervisory authority on other grounds. Despite this, the CFPB 
received timely comments from a wide array of commenters, as described 
above, and all but one of the commenters described here filed timely 
comments after requesting more time. The CFPB disagrees that an 
extension of the comment period is warranted based on the proposal of a 
market definition that commenters viewed as complex or a larger-
participant test with more than one criterion. As discussed below, 
commenters provided numerous useful comments about the proposed market 
definition and the CFPB is making several adjustments to the market 
definition in the Final Rule in response including to improve clarity. 
With regard to the larger-participant test, the CFPB proposed a test 
that was based on two criteria (consumer payment transaction volume and 
the entity's size by reference to SBA size standards) that were 
explained in the proposal and are not especially complicated. Proposed 
rules often include small entity exclusions, and many commenters 
provided substantive comments on the proposed exclusion, as discussed 
further below.\85\ Further, it was unnecessary to extend the comment 
period with an accompanying notice of the risks the CFPB believes 
market participants pose to consumers because, as explained in the 
Proposed Rule and discussed below, the CFPB is not required to make 
findings about relative risks in a market to justify issuing (or 
proposing) a larger participant rule. Finally, the CFPB notes that the 
Proposed Rule set a January 8, 2024, deadline for filing of comments, 
about two months after the rule was issued on November 7, 2023, and 52 
calendar days after its November 17, 2023, publication in the Federal 
Register. Commenters had well over 30 days to prepare comments even 
accounting for the end-of-year holiday season.\86\ Indeed, several of 
the requests for an extension cited their own substantive comments on 
the Proposed Rule as the reasons for requesting an extension. For these 
reasons, the CFPB also disagrees with the industry comment suggesting 
that the lack of extension of the comment period supports a conclusion 
that the CFPB should withdraw the Proposed Rule.
---------------------------------------------------------------------------

    \85\ With respect to the proposed coverage of digital assets, 
commenters from the digital asset sector provided extensive and 
detailed comments, demonstrating that those commenters were able to 
provide meaningful input on the Proposed Rule during the comment 
period. In any event, as discussed below, the CFPB has decided, for 
purposes of this Final Rule, not to define larger participants in 
the general-use digital consumer payment applications market by 
reference to activity involving digital assets.
    \86\ The extensive comments in the rulemaking record demonstrate 
that the presence of Federal holidays (Veteran's Day after issuance 
of the proposal and Thanksgiving, Christmas, and New Years after 
publication in the Federal Register) and a concurrent proposal and 
ongoing market monitoring in this market did not preclude commenters 
from offering detailed substantive comments. In any event, the CFPB 
sent the market-monitoring inquiries to a limited number of firms 
and issued the parallel proposal (which, unlike this rulemaking, 
proposed substantive consumer protections) almost three weeks 
earlier with a 60-day comment period.

---------------------------------------------------------------------------

[[Page 99593]]

Establishing CFPB Supervisory Authority Over the Large and Growing 
Market
    As described above, commenters agreed with the findings in the 
Proposed Rule that the market has grown rapidly to achieve a 
significant size with high levels of adoption and broad reliance by 
consumers on general-use digital consumer payment applications. As the 
proposal explained in detail, the market for general-use digital 
consumer payment applications has large and increasing significance to 
the everyday financial lives of consumers, who are growing increasingly 
reliant on such applications to initiate payments.\87\ Further growth 
can be anticipated.\88\ For example, as the proposal stated, nonbank 
digital payment applications have rapidly grown in the past few years 
to become the most popular way to send money to other individuals other 
than cash, and are used for a higher number of such transactions than 
cash.\89\ The proposal also cited various market research publications 
indicating that most merchants in the United States accept general-use 
digital consumer payment applications as a means or method of payment. 
Given the extent of consumer adoption and reliance, the extent of the 
consumer payment transaction volume (approximately 13.5 billion 
annually) and value (approximately $1.2 trillion annually), and the 
breadth of associated consumer data collected, it is important for the 
CFPB to establish Federal supervisory oversight of larger participants.
---------------------------------------------------------------------------

    \87\ See 88 FR 80197 at 80200-80201.
    \88\ Id.
    \89\ Id.
---------------------------------------------------------------------------

    The CFPB also has considered the industry association commenter's 
observation that the market for general-use digital consumer payment 
applications as defined in the Proposed Rule may not have reached the 
maturity stage in the industry lifecycle. The CFPB acknowledges that, 
compared to the markets covered by previous larger participant 
rulemakings,\90\ this market has developed more recently, fueled by 
technological change. In the years after a large nonbank financial 
technology firm developed the first well-known digital payment app in 
the late 1990s,\91\ other large fintech firms including BigTech firms 
\92\ entered and expanded the market by leveraging new digital consumer 
technologies, such as smartphones that support digital applications 
(which proliferated starting in the late 2000s) \93\ and smartphone 
near-field communication (NFC) technologies that support in-store 
payments (which proliferated in the 2010s).\94\ More recently, well-
known market participants have been bundling consumer financial 
products and services to help consumers to make payments to friends and 
family and payments to merchants together in the same digital 
application. Although the market is newer than some other consumer 
finance markets, consumer adoption for these types of consumer payment 
transactions already has reached very high levels. As described in the 
Proposed Rule and explained above, general-use digital consumer payment 
applications already play a fundamental role in facilitating the 
payments that many consumers in the United States make every day. 
Therefore, the CFPB believes it is an appropriate time for it to issue 
a rule to establish the authority of the CFPB to supervise larger 
participants in this market. The CFPB reaches that conclusion in the 
Final Rule not solely due to the size of the market and its growth, but 
in conjunction with its goals described below of promoting compliance 
with Federal consumer financial law, detecting and assessing risks to 
consumers and markets, and ensuring consistent enforcement of Federal 
consumer financial law.
---------------------------------------------------------------------------

    \90\ Following significant growth in the 1980s, by 1990, 
personal remittances from the United States had reached over US$10 
billion. See World Bank Group, Personal remittances, paid (current 
US$)--United States, https://data.worldbank.org/indicator/BM.TRF.PWKR.CD.DT?locations=US (last visited Nov. 5, 2024). Nearly 
two decades earlier, consumer reporting agencies and consumer debt 
collection markets had already grown to the point that Congress 
adopted substantive consumer protection legislation to regulate 
them. See Public Law 91-508 (Oct. 26, 1970) (title VI adopting Fair 
Credit Reporting Act); Public Law 95-109 (Sept. 20, 1977) (Title 
VIII adopting Fair Debt Collection Practices Act). By that time, 
following adoption of the Higher Education Act of 1965, Public Law 
89-329 (Nov. 8, 1965), student lending and student loan servicing 
had already been expanding. And largescale consumer automobile 
financing dates back to at least the 1920s. See Buy Now Pay Later: A 
History of Personal Credit, Harv. Bus. School Library (section 
titled ``Cards on time'' noting that ``[i]n the 1920s, auto 
financing took a giant leap forward when the car manufacturers 
entered the game''), https://www.library.hbs.edu/hc/credit/credit4d.html (last visited Nov. 5, 2024).
    \91\ PayPal Editorial Staff, Alternative and digital payment 
methods: Shaping the payment industry and preparing for the future 
(Dec. 18, 2023) (stating that ``[t]he first digital solution in the 
alternative payment industry was PayPal, developed in 1998 to enable 
people to make payments via an email address''), https://www.paypal.com/us/brc/article/alternative-payment-method-trends 
(last visited Nov. 5, 2024).
    \92\ Consistent with its use by the Financial Stability Board, 
the Final Rule uses the term ``BigTech'' to refer to large 
technology companies with extensive customer networks. See, e.g., 
Financial Stability Board Report P091219-1, BigTech in finance--
Market developments and potential financial stability implications 
(Dec. 9, 2019) at 3 (``BigTech firms are large technology companies 
with extensive established customer networks. Some BigTech firms use 
their platforms to facilitate provision of financial services. Those 
that do so can be seen as a subset of FinTech firms--a broader class 
of technology firms (many of which are smaller than BigTech firms) 
that offer financial services.''), https://www.fsb.org/wp-content/uploads/P091219-1.pdf (last visited Nov. 5, 2024).
    \93\ Apple Press Release, Apple Reinvents the Phone with iPhone 
(Jan. 9, 2007), https://www.apple.com/newsroom/2007/01/09Apple-Reinvents-the-Phone-with-iPhone/ (last visited Nov. 5, 2024); 
Michael DeGusta, Are Smart Phones Spreading Faster than Any 
Technology in Human History? MIT Technology Review (May 9, 2012) 
(citing data that smart phones, which represented only six percent 
of U.S. mobile phone sales as of 2006, had grown to a two-thirds 
share as of 2012, with use by nearly 40 percent of the U.S. 
population), https://www.technologyreview.com/2012/05/09/186160/are-smart-phones-spreading-faster-than-any-technology-in-human-history/ 
(last visited Nov. 5, 2024).
    \94\ CFPB Contactless Payments Spotlight, supra.
---------------------------------------------------------------------------

Promoting Compliance With Federal Consumer Financial Law
    As described in the proposal, supervision of larger participants in 
a market for general-use digital consumer payment applications will 
help ensure those companies are complying with applicable requirements 
of Federal consumer financial law.\95\ One of the primary purposes of 
supervision under CFPA section 1024(b)(1) is ``assessing compliance 
with the requirements of Federal consumer financial law,'' and the 
Final Rule will further the CFPB's ability to assess compliance by 
larger participants with the requirements of those laws.\96\
---------------------------------------------------------------------------

    \95\ 88 FR 80197 at 80201, 80212.
    \96\ See 12 U.S.C. 5514(b)(1)(A).
---------------------------------------------------------------------------

    As identified by several commenters and described further above, 
the larger participants defined in the Rule engage in activities that 
are subject to applicable Federal consumer financial law such as the 
prohibition against unfair, deceptive, and abusive acts and practices 
set forth in the CFPA; the EFTA and its implementing Regulation E; and 
the data privacy protections of the GLBA and its implementing 
Regulation P. The CFPB disagrees with the comments suggesting that 
certain larger participants would not be subject to any Federal 
consumer financial laws.\97\ The larger participants defined by the 
rule are covered persons under the CFPA and would at a minimum be 
subject to the CFPA's prohibition against unfair, deceptive, and 
abusive acts and practices.\98\ Assessing

[[Page 99594]]

compliance with the prohibition against unfair, deceptive, and abusive 
acts and practices is itself important, because such practices can 
cause significant harm to consumers.\99\ Many of these commenters also 
acknowledged that some of the other Federal consumer financial laws 
would apply to at least a subset of the larger participants defined by 
the Proposed Rule.\100\
---------------------------------------------------------------------------

    \97\ As discussed further below, the CFPB disagrees with 
industry commenter suggestions that pass-through payment wallets are 
excluded from the scope of the CFPA as ``electronic conduit 
services.''
    \98\ See 12 U.S.C. 5481(5) (defining the term ``covered 
person''), 5531 (applying prohibition against unfair, deceptive, and 
abusive acts and practices to all ``covered persons'' as well as 
other persons), 5536 (same). The CFPB also can supervise larger 
participants for other Federal consumer financial laws that apply, 
including laws that take effect or for which compliance is mandatory 
in the future. For example, the CFPB recently finalized a personal 
financial data rights rule under its CFPA authority that is part of 
Federal consumer financial law and that generally applies to market 
participants. CFPB, Final Rule, Required Rulemaking on Personal 
Financial Data Rights, 89 FR 90838 (Nov. 18, 2024) (CFPB Personal 
Financial Data Rights Rule). As another example, the CFPB's nonbank 
registration regulation imposes requirements on covered nonbanks 
related to the registration of covered orders including, for covered 
nonbanks that are supervised registered entities, written-statement 
requirements. See 12 CFR 1092.201(q), 1092.204.
    \99\ For example, under the CFPA, an unfair act or practice must 
cause or be likely to cause ``substantial injury'' to consumers. 12 
U.S.C. 5531(c)(1); see also, e.g., Supervisory Highlights Issue 18, 
Winter 2019 at 13-14 sec. 3.1.2, https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-18_032019.pdf (last 
visited Nov. 13, 2024) (noting that CFPB supervisory activities 
resulted in or supported the public enforcement action resolved in 
2019 by consent order In re: Enova International, Inc., Admin. Proc. 
File No. 2019-BCFP-0003 (Jan. 25, 2019) ]] 9-33 (describing unfair 
acts and practices including repeat debiting of consumer accounts 
without valid authorization), https://files.consumerfinance.gov/f/documents/cfpb_enova-international_consent-order_2019-01.pdf (last 
visited Nov. 13, 2024); Supervisory Highlights Issue 21, Winter 2020 
at 16 sec. 4.1 (noting that CFPB supervisory activities resulted in 
or supported the public enforcement action resolved in 2019 against 
Maxitransfers Corporation including deceptive acts and practices in 
statements in terms and conditions regarding company's 
responsibility for errors by their agents), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-21_2020-02.pdf (last visited Nov. 13, 2024); Issue 
32, Spring 2024, supra, at 14 sec. 4.1 (noting that CFPB supervisory 
activities resulted in or supported the public enforcement action 
resolved in 2023 against Toyota Motor Credit Corporation finding 
several unfair acts and practices).
    \100\ For a discussion of comments suggesting that the market 
should be confined to entities that receive or hold the funds being 
transferred in consumer payment transactions, or that the market 
should cover consumer payment transactions that transfer funds from 
nonbank accounts but not from bank accounts, see the section-by-
section discussion below of Final Rule Sec.  1090.109(a)(2) 
regarding the term ``consumer payment functionality.''
---------------------------------------------------------------------------

    The CFPB agrees with the commenters that stated that this rule will 
help the CFPB to ensure compliance with Federal consumer financial 
laws, and disagrees with those that stated that it would not. The 
CFPB's supervisory authority will promote compliance with applicable 
legal requirements in multiple ways. As described in the proposal, 
under the CFPA, the CFPB shall use its supervisory authority to 
``assess[ ] compliance with the requirements'' of Federal consumer 
financial laws \101\ and to ``obtain[ ] information about the 
activities and compliance systems of procedures'' of market 
participants.\102\ The CFPB may review the entity's activities and 
compliance systems or procedures and issue supervisory findings or 
criticisms as appropriate.\103\
---------------------------------------------------------------------------

    \101\ See 12 U.S.C. 5514(b)(1)(A).
    \102\ See 12 U.S.C. 5514(b)(1)(B).
    \103\ See also discussion below regarding 12 U.S.C. 
5514(b)(1)(C) in connection with the use of CFPB supervisory 
authority for the purpose of ``detecting and assessing risks to 
consumers and markets for consumer financial products and 
services,'' including the CFPB's use of its authority under the 
Final Rule to better understand how the Federal consumer financial 
laws apply to larger participants defined by the rule and the 
products and services they offer and to review and mitigate risks 
related to noncompliance.
---------------------------------------------------------------------------

    Supervision is one of the CFPB's most important and powerful tools 
to protect consumers by promoting compliance with Federal consumer 
financial law. As discussed in the proposal and as a nonprofit 
commenter emphasized, the prospect of the CFPB exercising supervisory 
authority over such firms may cause them to allocate additional 
resources and attention to compliance and to take steps to mitigate any 
noncompliance.\104\ In addition, based on the CFPB's supervisory 
experience in other markets, the CFPB's supervisory activities 
authorized under the Final Rule are likely to help entities to identify 
issues before they become systemic or cause significant harm. Through 
its supervisory activity, the CFPB detects and addresses legal 
violations. In some instances, the CFPB uses enforcement actions to 
address violations that it originally identified through supervision. 
The CFPB also uses supervision to help ensure that supervised entities 
develop and maintain systems and procedures to prevent and remedy 
violations. CFPB supervisory reviews and related compliance ratings 
promote the development of compliance risk management practices 
designed to manage consumer compliance risk, support compliance, and 
prevent consumer harm.\105\ Through supervision, CFPB examiners may 
articulate supervisory expectations to supervised larger participants 
in connection with supervisory events.\106\ The CFPB also notes that, 
following the issuance of its five prior larger participant rules, it 
has successfully used its supervisory authority to detect violations 
and promote compliance in each of the markets covered by those rules, 
as the CFPB has documented in its periodic publication Supervisory 
Highlights.\107\ Thus, the CFPB disagrees with comments criticizing the 
proposal's statement that CFPB supervision will help to ensure that 
larger participants are complying with applicable requirements of 
Federal consumer financial law.\108\ Moreover, by authorizing the CFPB 
to supervise larger participants, the Rule will promote strong 
compliance risk management practices in this market.\109\ The CFPB also 
disagrees with commenters stating that CFPB supervision generally harms

[[Page 99595]]

consumers by reducing the resources available to those companies. 
Instead, CFPB supervision as provided under the rule will, as intended 
by Congress, promote compliance with Federal consumer financial law and 
otherwise facilitate the CFPB's statutory objectives. For the reasons 
discussed above, the CFPB concludes that the rule will help the CFPB to 
promote compliance with Federal consumer financial law in the market. 
That, in turn, will reduce risks of harm to consumers, as also 
discussed in the impacts analysis in part VII below.
---------------------------------------------------------------------------

    \104\ See 88 FR 80197 at 80211-12.
    \105\ See, e.g., Federal Financial Institutions Examination 
Council, Uniform Interagency Consumer Compliance Rating System, 81 
FR 79473, 79474 (Nov. 14, 2016) (discussing assessment by agency 
examiners of consumer compliance), https://www.ffiec.gov/press/pr110716.htm (last visited Nov. 5, 2024).
    \106\ See CFPB, Bulletin 2021-01: Changes to Types of 
Supervisory Communications (Mar. 31, 2021), https://files.consumerfinance.gov/f/documents/cfpb_bulletin_2021-01_changes-to-types-of-supervisory-communications_2021-03.pdf (last visited 
Nov. 5, 2024).
    \107\ The CFPB publishes Supervisory Highlights on its website 
several times each year at https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited Nov. 5, 2024). 
Since its first larger participant rules took effect in late 2012 
and early 2013, these publications have highlighted findings of 
violations of Federal consumer financial law and compliance 
management weaknesses from examinations in markets subject to its 
larger participant rules. See, e.g., Issue 4, Spring 2014 at 8-10 
(consumer reporting market), at 11-14 (consumer debt collection 
market); Issue 10, Winter 2016 at 11-14 (international money 
transfer market). For the most recent examples, see, e.g., Issue 35, 
Fall 2024 (automobile finance market); Issue 34, Summer 2024 
(consumer debt collection market); Issue 32, Spring 2024 at 4-7 
(consumer reporting market); Issue 31, Fall 2023 at 13-14 
(international money transfer market); Issue 30, Summer 2023 at 4-8 
(automobile financing market), at 8-9 (consumer reporting market), 
at 12-13 (consumer debt collection market), at 29-30 (international 
money transfer market); Issue 29, Winter 2023 at 14-15 (student loan 
servicing market); Issue 28, Fall 2022 at 4-7 (automobile financing 
market), at 7-8 (consumer reporting market), at 16-17 (consumer debt 
collection market); Issue 27, Fall 2022 at 14-25 (student loan 
servicing market); Issue 26, Spring 2022 at 5-11 (consumer reporting 
market), at 14-16 (consumer debt collection market), at 22-25 
(international money transfer market), at 25-27 (student loan 
servicing market).
    \108\ See 88 FR 80197 at 80201. Further, the CFPB disagrees that 
it is required to make findings of noncompliance in the market in 
order to issue this rule, for generally the same reasons (discussed 
below) that it is not required to make findings regarding the level 
of risk in the market or market failure.
    \109\ For example, as discussed in the impacts analysis further 
below in part VII, entities may improve their compliance management 
either in response to the possibility of an examination or in 
response to an examination finding regarding compliance management 
weaknesses. See also CFPB Supervision and Examination Manual, part 
II.A (describing how CFPB examinations conduct compliance management 
reviews).
---------------------------------------------------------------------------

Detecting and Assessing Risks to Consumers and Markets, Including 
Emerging Risks
    The CFPB concludes that this rule will help the CFPB to detect and 
assess risks to consumers and markets from the provision of general-use 
digital consumer payment applications. As explained in the Proposed 
Rule and for the reasons elaborated further below, the CFPB agrees with 
comments suggesting that CFPB supervision of larger participants in 
this rapidly-growing and evolving market will be especially useful to 
the detection and assessment of emerging risks. As discussed below, the 
CFPB disagrees with the commenters that stated that the CFPB must first 
make a risk determination before establishing supervisory authority 
over larger participants by rule.
    The CFPB concludes that establishing its supervisory authority over 
larger participants in this market would help it to detect and assess 
emerging risks for several reasons.
    First, the CFPB shares the view of the group of State attorneys 
general and other commenters that this highly-concentrated market will 
continue to grow and evolve rapidly as the technology that has fueled 
its rapid growth also continues to evolve. As with other markets the 
CFPB now supervises, it is important for the CFPB to be able to closely 
assess whether pressure to sustain high growth in this market will 
drive nonbank firms to develop new and increasingly risky 
products.\110\
---------------------------------------------------------------------------

    \110\ Cf. Financial Crisis Inquiry Commission Report (Feb. 25, 
2011) at 104 (``The refinancing boom was over, but originators still 
needed mortgages to sell to the Street. They needed new products 
that, as prices kept rising, could make expensive homes more 
affordable to still-eager borrowers. The solution was risker, more 
aggressive, mortgage products that brought higher yields for 
investors but correspondingly greater risks for borrowers.''), at 
414 (also noting that ``high-risk, nontraditional mortgage lending 
by nonbank lenders flourished in the 2000s and did tremendous damage 
in an ineffectively regulated environment, contributing to the 
financial crisis''), https://www.govinfo.gov/content/pkg/GPO-FCIC/pdf/GPO-FCIC.pdf (last visited Nov. 6, 2024).
---------------------------------------------------------------------------

    In addition, the CFPB agrees with the comments expecting that the 
market will continue to grow, including by expanding how general-use 
digital consumer payment applications help consumers to make payments 
in other ways. As the proposal explained, it is critical for the CFPB 
to be able to detect and assess emerging risks as new product offerings 
blur the traditional lines of banking and commerce.\111\ This blurring 
was noted by several commenters that described a trend toward 
``embedded finance'' described above and is illustrated in industry 
comments discussed below describing various ways that nonbanks' 
general-use digital payment applications serve as intermediaries 
between consumers and merchants.\112\ Such applications also can 
facilitate payments from many different types of accounts consumers 
hold across multiple financial institutions. Supervision can detect and 
assess risks that may arise from a single application establishing 
connections that can cause payments to be made from many different 
consumer accounts.\113\ In addition, as noted in the industry report 
cited by a consumer group commenter, consumers also can use payment 
functionalities embedded in digital applications, such as text 
messages, to make payments, including peer-to-peer payments.\114\
---------------------------------------------------------------------------

    \111\ For example, the proposal noted how in its 2022 market-
monitoring report on the convergence of payments and commerce, the 
CFPB described the potential for consumer financial data and 
behavioral data to be used together in increasingly novel ways. 88 
FR 80197 at 80201 and n.43.
    \112\ See section-by-section analysis of Sec.  1090.109(a)(1) 
and of ``covered payment functionality'' in 1090.109(a)(2). See also 
Google LLC Embedded Finance White Paper at 7 (``Embedded finance 
also offers a bonus for financial services companies: The data you 
collect from each transaction can help enhance customer service 
experience and innovate new products and experiences. The 
possibilities are endless for these kinds of partnerships, with high 
revenue and business growth potential. Before embarking on the 
embedded finance journey, however, you'll need to prepare'' by, 
among other steps, ``[p]lan[ning] to manage and analyze the vast 
trove of data you'll be collecting.''); CFPB Report on Convergence 
of Payments and Commerce, supra, at sec. 3.3 (``Embedded 
commerce'').
    \113\ Today, a general-use digital consumer payment application 
can initiate payments from multiple credit cards, prepaid accounts, 
and checking accounts. A general-use digital consumer payment 
application can facilitate payments from accounts that the provider 
offers through depository institution partners, or from linked 
accounts issued by other institutions (sometimes referred to as 
pass-through payments).
    \114\ Google LLC Embedded Finance White Paper at 3; Apple Cash 
website (``Send and Receive Money in Messages. With Apple Cash, you 
can send and receive money with just a text, in Messages. So it's 
easy to tip your dog walker, request funds from your roommate, or 
chip in for a coworker's gift.''), https://www.apple.com/apple-cash/ 
(last visited Nov. 6, 2024).
---------------------------------------------------------------------------

    The CFPB also agrees with the group of State attorneys general that 
new risks may emerge as the relevant technologies in this market 
evolve. In this market, by using its supervisory activity as general-
use digital consumer payment applications incorporate new technology, 
the CFPB can inform its assessment of risks to consumers and to 
markets.\115\
---------------------------------------------------------------------------

    \115\ In the CFPB's experience, for some financial institutions, 
even the rollout of relatively conventional digital technologies can 
pose significant risks to consumers, including in the area of 
digital payments. Cf. CFPB, In re: VyStar Credit Union, Admin Proc. 
File No. 2024-CFPB-0013 (Oct. 31, 2024), ] 20 (describing how outage 
in the establishment of a new online banking platform of large 
credit union left consumers unable to engage in certain banking 
activities, and that ``[s]ome members' previously scheduled 
recurring payments were delayed or even deleted.''), https://files.consumerfinance.gov/f/documents/cfpb-vystar-credit-union-consent-order_2024-10.pdf (last visited Nov. 16, 2024).
---------------------------------------------------------------------------

    Supervision can be effective at detecting and assessing such risks. 
As a nonprofit commenter noted, supervision allows for rapid exchange 
of information outside of the adversarial legal process. The 
supervisory process also generally is confidential, which also 
facilitates the exchange of information.\116\ For example, when 
examiners conduct a compliance management review, they can assess the 
strength of larger participants' compliance management as applied to 
the development and marketing of new products.\117\ In addition, as 
illustrated by its work during the COVID-19 pandemic, examiners who are 
familiar with supervised entities can review activities across a market 
to identify emerging risks of consumer harm in a time of macroeconomic 
stress or

[[Page 99596]]

shock.\118\ As another example, through its supervisory tool, the CFPB 
can respond rapidly to reports of any widespread outages at larger 
participants by gathering information through an established 
supervisory relationship.\119\
---------------------------------------------------------------------------

    \116\ The CFPB treats CFPB confidential supervisory information 
consistent with applicable regulation; see 12 CFR part 1070. As 
noted above, even when Supervision highlights its findings to the 
public through Supervisory Highlights, it generally does not 
identify individual firms (outside of highlighting any associated 
enforcement actions).
    \117\ See, e.g., CFPB Supervision and Examination Manual, part 
I.A (page 6 of compliance management review section explaining how 
examiners' compliance management review includes a review of the 
``processes for development and implementation of new consumer 
financial products or services and distribution channels or 
strategies, to determine degree of compliance function 
participation.''); see also id. at 4-5 (describing how examiners 
review product development as a component of the review of board and 
management oversight of compliance); id. at 9 (review of training of 
staff responsible for product development); id. at UDAAP Examination 
Procedures at 2 (review of product development documentation in 
connection with examiner's assessment of compliance with the 
prohibition against unfair, deceptive, and abusive practices).
    \118\ See, e.g., CFPB, Prioritized Assessment FAQs (July 20, 
2020) at 1 (``The Bureau is adapting its supervision program to meet 
the needs of the current national emergency . . . . Through 
Prioritized Assessments, the Bureau will expand its supervisory 
oversight to cover a greater number of institutions than our typical 
examination schedule allows, gain a greater understanding of 
industry responses to pandemic-related challenges, and help ensure 
that entities are attentive to practices that may result in consumer 
harm.''), https://files.consumerfinance.gov/f/documents/cfpb_prioritized-assessment_frequently-asked-questions.pdf (last 
visited Nov. 7, 2024); Supervisory Highlights Issue 23, Jan. 2021 
(secs. 3.3, 3.5, and 3.6 of COVID-19 special edition describing 
supervisory observations in prioritized assessments in student loan 
servicing, consumer reporting, and consumer debt collection markets 
subject to larger participant rules), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-23_2021-01.pdf (last visited Nov. 7, 2024).
    \119\ See CFPB, What happens if my payment app has an outage and 
I can't access my account? (Dec. 21, 2023) (describing consumer 
complaints as one way the CFPB collects information about outages at 
payment apps), https://www.consumerfinance.gov/ask-cfpb/what-happens-if-my-payment-app-has-an-outage-and-i-cant-access-my-account-en-2145/ (last visited Nov. 8, 2024); FEDS Notes, Offline 
Payments: Implications for Reliability and Resiliency in Digital 
Payment Systems (Aug. 16, 2024) (describing how ``several recent 
high-profile outages have highlighted the need for building more 
reliability and resiliency in digital payment systems''), https://www.federalreserve.gov/econres/notes/feds-notes/offline-payments-implications-for-reliability-and-resiliency-in-digital-payment-systems-20240816.html (last visited Nov. 8, 2024).
---------------------------------------------------------------------------

    Supervision of larger participants in this market also can identify 
new and emerging risks to consumers relating to the applicability of 
existing requirements of Federal consumer financial law to new 
products. For example, comments from consumer groups and State 
attorneys general suggested that non-compliance with EFTA/Regulation E 
and GLBA/Regulation P is common in this market, while some industry 
commenters stated that neither EFTA/Regulation E nor GLBA/Regulation P 
apply to at least some market participants. Other commenters described 
how some consumers may be confused about the legal protections afforded 
through certain payment apps. The CFPB does not define the application 
of those laws in this rulemaking. Through its supervisory activity, the 
CFPB can gather information to assess the applicability of those laws 
to the specific consumer financial products and services that a larger 
participant provides. Where the law applies and is violated, examiners 
can address the situation through supervisory action and where 
appropriate the CFPB can consider enforcement activity. In addition, 
such findings can help to inform what the CFPB communicates to the 
broader market, including through its Supervisory Highlights 
publication.
    The CFPB disagrees with certain comments, summarized further above, 
that suggested that in a larger participant rule the CFPB is required 
to assess the degree or prevalence of risks to consumers, potential 
violations of law, or other specific harms occurring in the described 
market. The relevant provisions of the CFPA do not impose such 
requirements. While some comments did not identify any legal basis for 
this alleged obligation, others asserted that the obligation arises 
from section 1024(b)(2), which concerns the CFPB's operation of a 
``risk-based supervision program.'' The CFPB believes that these 
comments misinterpret the scope and purpose of section 1024(b)(2). As 
the CFPB has previously explained,\120\ that provision describes the 
manner in which the CFPB must ``exercise its authority under paragraph 
[(b)](1)'' \121\ which in turn authorizes the CFPB to supervise 
``persons described in subsection (a)(1).'' The Final Rule does not 
exercise authority provided by section 1024(b)(1). Rather, it 
``describe[s],'' in part, a set of persons falling within section 
1024(a)(1), by defining a category of ``larger participant[s].'' The 
CFPB only exercises the authority set forth in section 1024(b)(1) when 
it actually requires reports or conducts examinations of such persons. 
In exercising authority under section 1024(b)(1), the CFPB considers 
(and for larger participants under this Final Rule will consider) the 
factors set forth in section 1024(b)(2), including risks to consumers, 
as further described above in part I's discussion of the CFPB's 
prioritization process. However, the CFPA does not mandate 
consideration of those factors when issuing a rule that defines a 
category of larger participants under paragraph (a)(1).\122\
---------------------------------------------------------------------------

    \120\ See 77 FR 42874 at 42883; 77 FR 65775 at 65779.
    \121\ 12 U.S.C. 5514(b)(2).
    \122\ This conclusion is reinforced by the immediately following 
subsection of the CFPA, 1024(a)(1)(C), which expressly references 
the consideration of risk. Under that provision, the CFPB has the 
authority to supervise any nonbank covered person that the CFPB 
``has reasonable cause to determine, by order, after notice . . . 
and a reasonable opportunity . . . to respond . . . is engaging, or 
has engaged, in conduct that poses risks to consumers with regard to 
the offering or provision of consumer financial products or 
services.'' 12 U.S.C. 5514(a)(1)(C) (emphasis added).
---------------------------------------------------------------------------

    As noted above, one industry comment further argued that general 
principles of administrative law require the CFPB to identify concrete 
risks to consumers that will be mitigated by supervision in order to 
issue this rule. The commenter suggested that the Proposed Rule should 
have specified in detail what kind of compliance improvements the CFPB 
envisions, what activities of particular entities are currently non-
compliant, why compliance will prevent particular risks to consumers, 
the likelihood of such risks occurring, the resulting harm to 
consumers, and how all of these issues compare to related markets. 
Elsewhere this Final Rule discusses the CFPB's statutory authority, 
reasons, and supporting evidence for issuing this Final Rule and 
explains how this Final Rule will help the CFPB to effectuate the 
statutory purposes of the CFPA. The CFPB disagrees that it was 
additionally required to consider in this rulemaking the kinds of 
detailed information about mitigation of concrete risks contemplated by 
the commenter. As explained above, there is no indication in the text 
of the CFPA that the CFPB is required to consider such information in 
issuing a larger participant rule.\123\ Because the CFPB's risk-based 
prioritization process considers the type of information about risks 
described in part I above, the CFPB's supervision of larger 
participants ultimately may assist the CFPB in detecting and assessing 
risks to consumers and to markets.\124\ But sections 1024(a)(1)(B) and 
(2) do not require the CFPB to reach conclusions regarding such matters 
before it can even initiate risk-based prioritization for a category of 
larger participants.
---------------------------------------------------------------------------

    \123\ With respect to cross-market comparisons of risk, as 
explained in the Proposed Rule and in its previous larger 
participant rulemakings, ``[t]he Bureau need not conclude before 
issuing a [larger participant rule] that the market identified in 
the rule has a higher rate of non-compliance, poses a greater risk 
to consumers, or is in some other sense more important to supervise 
than other markets.'' 88 FR 80197 at 80200 n.24; 77 FR 65775 at 
65779.
    \124\ See 12 U.S.C. 5514(b)(1)(C).
---------------------------------------------------------------------------

    To the extent the industry commenter suggests the CFPB should 
consider such information because it asserts its own type of digital 
wallet product is ``low risk'' and should therefore be excluded from 
the market and ineligible for CFPB supervision, the CFPB does not 
believe that it is required to categorically exempt allegedly ``low-
risk'' products within a market when issuing a rule to define larger 
participants of a market.\125\

[[Page 99597]]

The CFPB likewise disagrees with other commenters who suggested that 
the CFPB is obligated to undertake a separate risk assessment of 
various subcomponents or sectors of the described market, or to include 
only the riskiest subcomponents or sectors within the larger 
participant definition. CFPA section 1024(a)(1)(B) provides for the 
issuance of rules defining ``larger participant[s] of a market'' for 
consumer financial products or services, and contains no language 
requiring exemptions for allegedly ``low-risk'' subcomponents of a 
market. Consistent with CFPA section 1024(b)(2), the CFPB considers 
whether products are lower risk, and thus less of a priority for 
supervisory attention, when choosing particular entities and consumer 
financial products and services for supervisory examinations as part of 
its operation of its risk-based supervision program.\126\ The CFPB's 
operation of that risk-based supervision program is designed to prevent 
CFPB's supervision program from placing undue burdens on larger 
participants whose activities are genuinely lower risk. The CFPB also 
provides below further justification for the scope of the market 
described in this Final Rule, including regarding the inclusion of 
pass-through payment wallets in the market.\127\
---------------------------------------------------------------------------

    \125\ Nor has the CFPB determined in this rulemaking exercising 
CFPA section 1024(a)(1)(B) authority that any specific market 
participant or larger participant poses any particular type or level 
of risk, low or otherwise, to consumers. Thus, although this 
commenter made claims regarding its product having low risk 
including low risk of violation of the prohibition against unfair, 
deceptive, and abusive acts and practices, the CFPB does not 
adjudicate such claims in this legislative rulemaking, for the 
reasons described above. In any event, the CFPB disagrees that the 
commenter was prevented from presenting evidence regarding the risks 
posed by its products. It had notice of the CFPB's reasons for the 
proposal and commented on them.
    \126\ As described above, the CFPB Supervision and Examination 
Manual describes the CFPB's established process for conducting risk-
based prioritization of nonbank covered persons subject to its 
supervisory authority under CFPA section 1024(a).
    \127\ See section-by-section analysis of Sec.  1090.109(a)(2) 
(definition of ``wallet functionality'').
---------------------------------------------------------------------------

    The CFPB disagrees with the industry commenter suggesting that the 
CFPB may issue a rule to define larger participants of a market for 
consumer products or services only in cases of ``market failure.'' 
There is no support for this view in the text or legislative history of 
the CFPA. Moreover, while concerns about market failure often underlie 
laws and regulations imposing substantive consumer protection 
requirements,\128\ this Final Rule does not impose substantive 
requirements and instead concerns the scope of the CFPB's supervisory 
authority, which is an authority designed to accomplish the statutory 
purposes established under CFPA section 1024(b)(1)(A)-(C). In that 
context, there is little reason to read section 1024(a)(1)(B) to 
impliedly bar the issuance of a larger participant rule in the absence 
of a demonstrated market failure.
---------------------------------------------------------------------------

    \128\ See, e.g., 12 U.S.C. 4301(a) (Congressional finding in 
Truth in Savings Act that ``competition between depository 
institutions would be improved . . . if there was uniformity in the 
disclosure of terms and conditions on which interest is paid and 
fees are assessed in connection with such accounts.''); 15 U.S.C. 
1601(a) (Congressional finding in Truth in Lending Act that 
``competition among the various financial institutions and other 
firms engaged in the extension of consumer credit would be 
strengthened by the informed use of credit.'').
---------------------------------------------------------------------------

    Although the CFPB disagrees with the comments suggesting that it 
must make findings regarding risk to issue this larger participant rule 
and it does not do so here, as discussed above other commenters 
described various existing and emerging risks to consumers that may be 
associated with products and services provided by larger participants. 
Those comments raise legitimate concerns regarding potential risks to 
consumers in the market and thus provide further support for the CFPB's 
conclusion that this rule will help the CFPB to use its supervisory 
tool to detect and assess risks to consumers and the market. It is not 
necessary for this rule to adjudicate the nature, extent, or source of 
such risks, or for the CFPB to publish market-wide findings about such 
risks as a predicate for larger participant rulemakings. As discussed 
above, the CFPB incorporates information available to it about such 
risks (including from its market-monitoring function, among others) 
when prioritizing which nonbank covered persons subject to CFPA section 
1024(a) it will examine.\129\ In response to the nonprofit calling on 
the CFPB to describe in more detail the risks it would consider in 
prioritizing larger participants for examination in this market, part I 
of the Final Rule above explains in further detail the CFPB's 
prioritization process and the factors the CFPB considers as part of 
that process, consistent with the CFPA and as described in its 
Supervision and Examination Manual. The CFPB also expects that it will 
continue to periodically publish Supervisory Highlights to communicate 
key examination findings and risks identified over time on a market-by-
market basis.
---------------------------------------------------------------------------

    \129\ The CFPB also provides additional responses further below 
to the comments suggesting it must publish the results of its market 
monitoring, or establish why its supervisory tool is superior to its 
market-monitoring tool. In any event, the CFPB has used data from 
its market-monitoring orders to inform the estimates published in 
this Final Rule, as discussed in the section-by-section analysis of 
the larger-participant test further below.
---------------------------------------------------------------------------

Ensuring Consistent Enforcement of Federal Consumer Financial Law
    With regard to comments on whether the Proposed Rule would further 
the CFPB's statutory objective of ensuring that Federal consumer 
financial law is enforced consistently between nonbanks and depository 
institutions in order to promote fair competition,\130\ the CFPB agrees 
with commenters who stated that the Proposed Rule would further that 
objective by permitting the CFPB to supervise both banks and nonbanks 
operating in the general-use digital consumer payment application 
market and by reducing the competitive advantage nonbanks may derive 
from being subject to less supervisory oversight. The CFPB disagrees 
with the commenter that characterized the Proposed Rule as a form of 
``mission creep . . . outside [the CFPB's] core jurisdiction.'' The 
commenter did not address the CFPA's statutory objective of consistent 
enforcement of Federal consumer financial law without regard to an 
entity's status as a depository institution. In addition, the CFPB 
already has enforcement and rulemaking authority with respect to 
participants in the market; thus, those entities already fall within 
the CFPB's ``jurisdiction'' in significant ways.\131\ The CFPB also 
disagrees with a related comment that described the larger participant 
rule as placing the CFPB in a market gatekeeper role. That comment 
appeared to misunderstand the function of larger participant rules, 
which do not regulate who enters a market but instead identify ``larger 
participants'' for purposes of section 1024(a)(1)(B). In addition, the 
CFPB disagrees with some commenters' suggestion that the rule should 
not be issued because of their concerns about the rule potentially 
making nonbanks less competitive and frustrating their innovation. As 
discussed below, the Final Rule adopts a significantly higher 
threshold, resulting in fewer market participants qualifying as larger 
participants. Even

[[Page 99598]]

with respect to larger participants, the CFPB does not have evidence to 
indicate that the Final Rule is likely to significantly affect 
innovation.
---------------------------------------------------------------------------

    \130\ 12 U.S.C. 5511(b)(4).
    \131\ The CFPB also disagrees with the industry comment 
suggesting that the Proposed Rule failed to account for the role of 
the FTC in promoting competition. As the Proposed Rule explained, it 
is focused on the statutory objective (codified in 12 U.S.C. 
5511(b)(4)) of ensuring Federal consumer financial law ``is enforced 
consistently, without regard to the status of a person as a 
depository institution, in order to promote fair competition[.]'' 88 
FR 80197 at 80198 n.5. The CFPB can promote consistent enforcement 
of Federal consumer financial law without impeding the FTC's 
mission; the two are compatible, and the CFPB coordinates with the 
FTC regarding its supervision activities more broadly.
---------------------------------------------------------------------------

    The CFPB also disagrees with those industry comments stating that 
the Proposed Rule would not promote consistent enforcement of Federal 
consumer financial law and fair competition because the proposed market 
definition included pass-through payment wallets that banks do not 
provide. Banks and credit unions can and do provide payment wallet 
functionalities. For example, very large depository institutions offer 
payment wallet functionalities that facilitate consumers' payments from 
accounts at the depository institution to make purchases online and in 
stores.\132\ In addition, these comments appear to presuppose that the 
CFPB can only further the statutory objective of consistent enforcement 
in this rule if banks and nonbanks compete to offer precisely the same 
products in precisely the same manner to consumers. But the objective 
of consistent enforcement can also be furthered where the CFPB has the 
ability to supervise both nonbanks and depository institutions that 
play complementary roles in payment transactions. For example, when a 
depository institution subject to the CFPB's supervisory authority 
makes its accounts accessible to the consumer through a general-use 
digital consumer payment application provided by an unaffiliated 
nonbank, supervision of both the depository institution and the nonbank 
serves the statutory objective described above. Nonbanks may initiate 
payments from consumer accounts held at banks and credit unions and 
engage in a number of related activities that can implicate Federal 
consumer financial law compliance obligations.\133\ In addition, the 
CFPB agrees with the credit union association commenter that 
unaffiliated payment applications can cause burdens on credit unions 
related to error resolution and customer service. Where the CFPB can 
supervise both a nonbank pass-through payment wallet and a depository 
institution involved in payments transactions, it is better positioned 
to consistently enforce applicable legal obligations with respect to 
the two entities. Below in the section-by-section analysis of ``wallet 
functionality,'' this Final Rule further discusses the reasons why 
pass-through payment wallets are appropriately included in the market 
definition.
---------------------------------------------------------------------------

    \132\ For example, an industry association commenter pointed to 
a new digital wallet called Paze and a click-to-pay product offered 
by banks. See also, e,g., Early Warning Services, LLC, Press 
Release, Paze Hits Major Milestone: 125 million Credit and Debit 
Cardholders Can Check out Online (Oct. 1, 2024) (describing ``Paze, 
a reimagined digital wallet offered by banks and credit unions,'' as 
available for use with 125 million payment card accounts issued by 
seven very large banks), https://www.paze.com/paze-hits-major-milestone-125-million-credit-and-debit-cardholders-can-check-out-online (last visited Nov. 7, 2024); Click to Pay with American 
Express (describing how depository institution offers an ecommerce 
payment wallet), https://network.americanexpress.com/globalnetwork/v4/products/click-to-pay-with-american-express (last visited Nov. 7, 
2024). See also CFPB Contactless Payments Spotlight, supra (n.59 
describing how JPMorgan previously provided the Chase Pay app to 
facilitate consumer payments for retail purchases).
    \133\ See, e.g., Board of Gov. of Fed. Rsv. System, FDIC, OCC, 
Joint Statement on Banks' Arrangements with Third Parties to Deliver 
Bank Deposit Products and Services (July 25, 2024) at 1 (noting how 
under certain bank/fintech arrangements, ``banks rely on one or 
multiple third parties to . . . process payments (sometimes with the 
ability to directly submit payment instructions to payment 
networks); perform regulatory compliance functions; provide end-user 
facing technology applications; service accounts; perform customer 
service; and perform complaint and dispute resolution functions''), 
https://www.occ.gov/news-issuances/news-releases/2024/nr-ia-2024-85a.pdf (last visited Nov. 7, 2024). See id. at 1-3 (describing how 
deployment of new digital payment technologies create a potential 
for insufficient risk management to meet consumer protection 
obligations such as requirements under Regulation E to investigate 
and resolve certain payment disputes within required timeframes).
---------------------------------------------------------------------------

    Finally, the CFPB disagrees with the industry association commenter 
to the extent it was suggesting that larger participant rules cannot 
promote fair competition between banks and nonbanks unless they apply 
antitrust principles to define the market. For the reasons discussed 
below in the section-by-section analysis of the market definition in 
Sec.  1090.109(a)(1), the purpose of antitrust law is different from 
the purpose of larger participant rules and the CFPB does not apply 
antitrust law in this rule. Nonetheless, as explained above, banks, 
credit unions, and their affiliates can offer and provide covered 
payment functionalities with general use through digital applications. 
In this rulemaking, the CFPB shares the goals expressed by the banking 
association and payment network commenters of applying consistent 
functional oversight to similar functional activities in this market. 
And as explained below in the section-by-section analysis of the market 
definition, the activities encompassed by the market definition are 
similar in how they support, digitally, a common set of payment 
activities that consumers engage in, such as making everyday payments 
to friends and family and for purchases. Relatedly, the CFPB disagrees 
with the industry association commenter to the extent it was suggesting 
that, by not including physical payment cards in the market, the Final 
Rule will not promote consistent enforcement of Federal consumer 
financial law. For the reasons discussed in the section-by-section 
analysis further below, the CFPB concludes the ``digital application'' 
component of the market definition is appropriate. The CFPB already has 
broad supervisory oversight of the use of physical payment cards issued 
by the very large banks and credit unions that it supervises. However, 
there is a supervisory gap over the significant role that nonbank 
larger participants play in facilitating the use of payment cards 
through general-use digital consumer payment applications. As described 
above, consumer adoption of general-use digital consumer payment 
applications is very high, indicating that consumers often prefer them 
to physical cards. Indeed, in some cases, such as at the time of 
origination or card replacement, a nonbank's general-use digital 
consumer payment application may be the only way for the consumer to 
use the payment card.\134\ The Final Rule will fill this gap, which 
will promote consistent enforcement of Federal consumer financial 
law.\135\
---------------------------------------------------------------------------

    \134\ PULSE, PULSE Debit Issuer Study (Aug. 8, 2024) at 9-10 
(reporting that all surveyed issuers report provisioning debit cards 
to digital wallets, that 38 percent of debit cards are loaded into 
digital wallets, and that digital issuance of debit cards directly 
to such wallets is the top new capability that debit card issuers 
plan to introduce with 50 percent of issuers planning to add this 
service), https://content.pulsenetwork.com/2024-debit-issuer-study/2024-pulse-debit-issuer-study (last visited Nov. 7, 2024).
    \135\ With respect to what the commenter referred to as food 
delivery applications and automobile purchase applications, for the 
reasons discussed in the section-by-section analysis of the 
exclusion for certain merchant and marketplace payment activities in 
paragraph (C) of the definition of ``consumer payment transaction,'' 
the CFPB believes those are part of a distinct market.
---------------------------------------------------------------------------

Other Regulators' Existing Oversight Authority
    With regard to comments on existing oversight of market 
participants, the CFPB agrees with the comment from the group of State 
attorneys general that stated that the rule would help existing 
regulatory oversight efforts in the market and would allow for 
increased coordination between Federal and State authorities to prevent 
unlawful conduct. The Bureau agrees that the existing regulatory 
oversight framework governing general-use digital consumer payment 
applications is important, but the Bureau believes that establishing 
its supervisory authority as part of this framework would better 
promote compliance with and consistent enforcement of Federal consumer

[[Page 99599]]

financial law and help it to detect risks to consumers and the market. 
The CFPB disagrees with the industry association comment suggesting 
that the CFPB must determine whether the market covered by the rule is 
inadequately supervised before issuing a larger participant rule; no 
such requirement appears in the text of the CFPA.\136\ The CFPB 
accounts for existing oversight when evaluating how to exercise its 
supervisory authority pursuant to CFPA section 1024(b)(2). 
Specifically, the CFPB takes seriously its inter-governmental 
coordination obligations, described below, and believes that they will 
promote coordination and minimize regulatory burden in connection with 
the CFPB's exercise of its supervisory authority over larger 
participants in this market and the existing regulatory oversight 
structure at the Federal and State levels.
---------------------------------------------------------------------------

    \136\ See, e.g., 12 U.S.C. 5514(a)(1)(B), (a)(2).
---------------------------------------------------------------------------

    For example, as required by the CFPA and explained in the Proposed 
Rule, the CFPB coordinates its examination activity, including at 
nonbanks, with State regulators.\137\ One purpose of this coordination 
is to prevent duplication and unnecessary regulatory burden. That 
coordination will address commenter concerns regarding CFPB oversight 
of larger participants that may engage in market activity that is 
subject to State money transmitter laws. In addition, industry comments 
often recognized that providers of pass-through payment wallets that do 
not hold or receive funds generally are not engaged in money 
transmission under State laws, and thus are not subject to State-level 
supervision.
---------------------------------------------------------------------------

    \137\ 88 FR 80197 at 80198 n.12. See also 12 U.S.C. 
5514(b)(2)(D) (CFPB shall exercise its supervisory authority under 
12 U.S.C. 5514(b)(1) in a manner designed to ensure that such 
exercise takes into consideration, among other things, the extent to 
which supervised nonbanks are subject to oversight by State 
authorities for consumer protection); 12 U.S.C. 5514(b)(3) (CFPB 
coordination of supervisory activities with States); Int'l Money 
Transfer Larger Participant Rule, 79 FR 56631 at 56632, 56638, 56643 
(explaining how the Bureau will coordinate with appropriate State 
regulatory authorities and will consider the extent of State 
supervisory activity when prioritizing individual examinations.); 
2013 CFPB-State Supervisory Coordination Framework (May 7, 2013) 
(describing process for CFPB-State coordination under information-
sharing memorandum of understanding), https://files.consumerfinance.gov/f/201305_cfpb_state-supervisory-coordination-framework.pdf (last visited Nov. 8, 2024).
---------------------------------------------------------------------------

    The CFPB also disagrees with industry comments suggesting that this 
rule establishing CFPB authority to supervise larger participants in 
this market will create CFPB supervisory activities that are 
unnecessarily duplicative or burdensome vis-[agrave]-vis oversight 
activities by the FTC and prudential regulators. Congress has adopted 
mechanisms to prevent unnecessarily duplicative or burdensome CFPB 
supervisory activities in cases where the FTC may exercise enforcement 
authority or prudential regulators may exercise supervisory authority 
over larger participants.\138\ Among other things, the CFPB coordinates 
across its functions with the FTC, which does not have a supervisory 
tool.\139\ In addition, the CFPA provides that the CFPB has exclusive 
authority with respect to the prudential regulators to supervise larger 
participants for purposes of assuring compliance with Federal consumer 
financial law.\140\ Also, consistent with the requirements of CFPA 
section 1024(b)(3), the CFPB coordinates with prudential regulators to 
minimize the duplication and regulatory burden of supervisory activity 
pursuant to memoranda of understanding, including where appropriate at 
nonbank larger participants.\141\ Moreover, as discussed above, nonbank 
larger participants engage in substantial volumes of market activity 
with interconnection across the U.S. financial system. CFPB supervision 
of nonbank larger participants can assess compliance with the 
requirements of Federal consumer financial law across their various 
market activities, which involve interactions with banks and credit 
unions overseen by various Federal prudential regulators. Thus, CFPB 
oversight of larger participants can ensure consistent enforcement of 
Federal consumer financial law and complement the oversight of the 
Federal prudential regulators.
---------------------------------------------------------------------------

    \138\ Such supervisory authority may exist, for example, where 
(as noted by the industry commenter) prudential regulators may 
examine certain nonbank service providers to banks under authorities 
such as the Bank Service Company Act. See generally 12 U.S.C. 1861-
67.
    \139\ The CFPB coordinates with the FTC consistent with its 
obligations under the CFPA, including 12 U.S.C. 5514(c)(3) and 
5581(b)(5). See CFPB-FTC Memorandum of Understanding (Feb. 25, 2019) 
(section VII describing how CFPB coordinates its supervision and 
examination activities with the FTC), https://files.consumerfinance.gov/f/documents/cfpb_ftc_memo-of-understanding_2019-02.pdf (last visited Nov. 8, 2024).
    \140\ 12 U.S.C. 5514(c), (d) (describing the extent to which 
CFPB supervisory and enforcement authorities are exclusive with 
respect to nonbank covered persons described in CFPA section 
1024(a)(1)). See also CFPA section 1025(b)(1) (similarly providing 
that the CFPB has exclusive authority to supervise very large 
depository institutions and their affiliates for the purposes listed 
therein, including assessing compliance with the requirements of 
Federal consumer financial laws).
    \141\ See 12 U.S.C. 5514(b)(3) (``To minimize regulatory burden, 
the Bureau shall coordinate its supervisory activities with the 
supervisory activities conducted by prudential regulators . . . 
including establishing their respective schedules for examining 
persons described in subsection (a)(1) [of CFPA section 1024] and 
requirements regarding reports to be submitted by such persons.''). 
See, e.g., CFPB, Board of Gov. of Fed. Rsv. System, FDIC, NCUA, and 
OCC Memorandum of Understanding (MOU) on Supervisory Coordination 
(May 16, 2012) at 2 (noting how CFPA sections 1024(b)(3)-(4) and 
1025(b)(2) require the CFPB to ``coordinate its supervisory 
activities with the supervisory activities conducted by the 
Prudential Regulators, including consultation regarding their 
respective schedules for examining Covered Institutions and 
requirements regarding reports to be submitted by Covered 
Institutions.''), https://files.consumerfinance.gov/f/201206_CFPB_MOU_Supervisory_Coordination.pdf (last visited Nov. 7, 
2024); see also id. (listing objectives of the MOU, including 
``[a]void[ing] unnecessary duplication of effort'' and 
``[m]inimiz[ing] unnecessary regulatory burden''); id. at 8 (``The 
CFPB and Prudential Regulators will coordinate in connection with 
examinations that relate to Covered Supervisory Activities of 
Covered Institutions' Service providers'').
---------------------------------------------------------------------------

CFPB's Existing Enforcement and Market-Monitoring Authorities
    The CFPB disagrees with those industry commenters suggesting that 
it cannot use its larger participant rulemaking authority to establish 
supervisory authority in this market due to the existence of the CFPB's 
enforcement and market-monitoring authorities. The CFPA identifies 
supervision of nonbank covered persons under CFPA section 1024 as a 
primary function of the CFPB.\142\ Sections 1024(a)(1)(B) and (2) of 
the CFPA specifically empower the CFPB to prescribe larger participant 
rules for the purpose of authorizing CFPB supervision, and those 
provisions contain no requirement that a larger participant rule 
consider the adequacy of the CFPB's other authorities or 
functions.\143\ Given the statutory scheme in the CFPA, any larger 
participant rule will generally apply to nonbank covered persons that 
also are subject to the CFPB's market-monitoring and enforcement 
authorities. These comments thus appear to reflect, in large part, a 
policy disagreement with Congress's decision to give the CFPB the 
ability to supervise nonbank larger participants of markets for 
consumer financial products and services it defines by rule in addition 
to its other authorities.
---------------------------------------------------------------------------

    \142\ See 12 U.S.C. 5511(c)(4) (listing supervision of covered 
persons, including nonbank covered persons, as one of the CFPB's 
``primary functions'').
    \143\ By contrast, in allocating its supervisory resources under 
CFPA section 1024(b)(2) the CFPB considers, among other things, 
``the extent to which such institutions are subject to oversight by 
State authorities for consumer protection.'' 12 U.S.C. 
5514(b)(2)(D).
---------------------------------------------------------------------------

    Further, as the Proposed Rule noted and as also discussed above, 
supervision can serve an important function that is distinct from and 
complementary to enforcement and

[[Page 99600]]

market monitoring.\144\ For example, supervision can benefit consumers 
and providers by detecting compliance problems early, at a point when 
correcting the problems would be relatively inexpensive and before many 
(or many more) consumers have been harmed.\145\ In addition, the CFPB 
conducts its supervisory activities not only for the purposes of 
assessing compliance with the requirements of Federal consumer 
financial law, but also for purposes of obtaining information about the 
person's activities and compliance systems or procedures and detecting 
and assessing risks to consumers and markets. These latter two purposes 
of its supervisory activities generally are distinct from its 
enforcement activities, which focus on addressing violations of Federal 
consumer financial law.\146\ In addition to promoting compliance in 
their own right, those activities also help to inform CFPB decisions 
regarding when to initiate enforcement activity. Similarly, CFPB 
supervisory and examination activity at individual firms can inform how 
the CFPB conducts market-wide monitoring. The CFPB's market monitoring 
function also can support decisions about when to initiate supervisory 
activity. For example, under CFPA section 1022(c)(1), the CFPB may use 
its market monitoring to support its functions, including to inform its 
prioritization of its nonbank supervision examination activities at 
larger participants.\147\
---------------------------------------------------------------------------

    \144\ 88 FR 80197 at 80212-13.
    \145\ See also CFPB Supervision Director, What new supervised 
institutions need to know about working with the CFPB (Jan. 9, 2023) 
(``Supervisory activities may help entities identify issues before 
they become systemic or cause significant harm.''), https://www.consumerfinance.gov/about-us/blog/what-new-supervised-institutions-need-to-know-about-working-with-the-cfpb/ (last visited 
Nov. 7, 2024).
    \146\ 12 U.S.C. 5511(c)(4).
    \147\ See 12 U.S.C. 5512(c)(1).
---------------------------------------------------------------------------

The Final Rule Does Not Implicate the ``Major Questions'' Doctrine
    The CFPB disagrees with comments stating that the Rule implicates 
the ``major questions'' doctrine, which is reserved for ``extraordinary 
cases'' in which the ``history and the breadth of the authority that 
the agency has asserted'' and the vast ``economic and political 
significance'' of the assertion of authority by the agency ``provide a 
reason to hesitate before concluding that Congress meant to confer such 
authority.'' \148\ As noted above, the Final Rule does not impose any 
new substantive consumer protection requirements on larger 
participants. Because general-use digital consumer payment applications 
are consumer financial products and services as defined in the 
CFPA,\149\ the CFPB already has enforcement authority, market-
monitoring authority, and rulemaking authority with respect to nonbank 
covered persons participating in the market for general-use digital 
consumer payment applications. Whether or not the CFPB may exercise one 
additional form of authority--supervision--over a group of larger 
participants in that market is not a question of vast economic and 
political significance in the sense recognized by courts.\150\ In this 
regard, the CFPB notes that one nonprofit commenter confuses the 
overall dollar value of transactions through digital wallets (which the 
commentator estimates at almost $1 trillion) with the economic impact 
of this larger participant rulemaking, which is of course vastly 
smaller.\151\
---------------------------------------------------------------------------

    \148\ W. Virginia v. EPA, 597 U.S. 697, 721 (2022) (cleaned up).
    \149\ See nn.241-42 infra (noting explanation in Proposed Rule, 
88 FR 80197 at 80205 nn.64-65).
    \150\ Cf., e.g., Biden v. Nebraska, 143 S. Ct. 2355, 2373-74 
(2023) (citing an estimate that the agency's action would ``cost 
taxpayers between `$469 billion and $519 billion' '' and that it 
implicated a ``matter of earnest and profound debate across the 
country'').
    \151\ Similarly, the CFPB's statements in press materials cited 
by the commenter do not suggest that this rulemaking would have a 
vast economic impact. The costs and benefits of this rulemaking are 
further discussed below. The CFPB also disagrees with the commenter 
that section 1024(a)(1)(B) would need to refer specifically to 
``digital wallets'' to authorize this rulemaking. By that logic, 
there could be no larger participant rulemakings because section 
1024(a)(1)(B) refers to markets for ``other consumer financial 
products or services'' without expressly identifying particular 
consumer financial products and services.
---------------------------------------------------------------------------

CFPB Examinations of Larger Participants
    With respect to comments on the statement in the Proposed Rule 
noting that the CFPB's supervisory authority is not limited to the 
consumer financial products or services that qualified a person for 
supervision, the CFPB clarifies it is not relying on that position as a 
rationale for the Final Rule or as authority for issuing the Final 
Rule, and that the CFPB would finalize the market definition, market-
related definitions, and larger-participant test as currently 
formulated in this Final Rule irrespective of the existence of that 
position.\152\
---------------------------------------------------------------------------

    \152\ Nonetheless, the CFPB notes that it explained the basis 
for this interpretation in its first larger participant rulemaking, 
for the consumer reporting market, where it noted that the ``Dodd-
Frank Act authorizes the Bureau to supervise `covered person[s]' 
described in 12 U.S.C. 5514(a)(1)(A) through (E)[ ]'' and that 
supervision of certain other activities of such persons ``is 
consistent with the purposes that the Dodd-Frank Act sets out for 
the Bureau's supervisory activities'' set forth in 12 U.S.C. 
5514(b)(1). See 77 FR 42874 at 42880; see also 12 U.S.C. 
5514(a)(1)(B) (providing that ``this section shall apply to any 
covered person'' that is a nonbank ``larger participant of a market 
for other consumer financial products or services'' as defined by 
rule); 12 U.S.C. 5514(b)(1) (providing that ``[t]he Bureau shall 
require reports and conduct examinations on a periodic basis of 
persons described in [12 U.S.C. 5514(a)(1)] for'' certain listed 
purposes). The CFPB disagrees with certain commenters' suggestion 
that the reference to ``relevant product markets and geographic 
markets'' in the provision describing the operation of the CFPB's 
risk-based supervision program (12 U.S.C. 5514(b)(2)) was intended 
to impliedly limit the scope of the CFPB's supervisory authority 
under 12 U.S.C. 5514(a)(1) and (b)(1) to only the consumer financial 
products and services described in the larger participant rule. The 
CFPB also disagrees that this interpretation implicates the major 
questions doctrine for reasons discussed above in the CFPB's 
response to other comments about that doctrine.
---------------------------------------------------------------------------

109(a)(1) Market Definition--Providing a General-Use Digital Consumer 
Payment Application

Proposed Rule
    Proposed Sec.  1090.109(a)(1) would have described the market for 
consumer financial products or services covered by the Proposed Rule as 
encompassing ``providing a general-use digital consumer payment 
application.'' The term would have been defined as providing a covered 
payment functionality through a digital application for consumers' 
general use in making consumer payment transaction(s). This term 
incorporated other terms defined in proposed Sec.  1090.109(a)(2): 
``consumer payment transaction(s),'' ``covered payment functionality,'' 
``digital application,'' and ``general use.'' The term ``covered 
payment functionality'' would have included a ``funds transfer 
functionality'' and a ``wallet functionality,'' terms which proposed 
Sec.  1090.109(a)(2) also would have defined.\153\ The Proposed Rule 
sought comment on all aspects of the proposed market definition, 
including whether the market definition in proposed Sec.  
1090.109(a)(1) or the market-related definitions in proposed Sec.  
1090.109(a)(2), discussed in the section-by-section analysis below, 
should be expanded, narrowed, or otherwise modified.
---------------------------------------------------------------------------

    \153\ The term ``consumer payment transaction(s)'' also would 
have incorporated another term--``State,'' which proposed Sec.  
1090.109(a)(2) would have defined.
---------------------------------------------------------------------------

Comments Received
    Several commenters addressed the proposed market definition 
overall. The Final Rule summarizes those comments in this section-by-
section analysis of the market definition in Sec.  1090.109(a)(1). In 
addition, some comments addressed certain specific defined terms used 
in the market definition or called for

[[Page 99601]]

certain exclusions or additions to the market by modifying those 
defined terms. The Final Rule summarizes and responds to those comments 
in the section-by-section analysis of the market-related definitions in 
Sec.  1090.109(a)(2) below.
    As discussed above, some commenters expressed support for the 
Proposed Rule to establish supervisory authority over the market that 
includes funds transfer apps and wallet functionalities with general 
use that nonbank covered persons provide to consumers through digital 
applications. For example, as described above, a group of State 
attorneys general stated that the CFPB's supervisory oversight of 
larger participants in this market would help to promote compliance 
with Federal consumer financial law and to detect and assess risks 
posed by this emerging financial market and market participants. 
Banking and credit union associations, as well as a payment network and 
nonprofit, also supported CFPB supervisory oversight of larger 
participants in the proposed market, as described in the summary of 
general comments above. As also described above, consumer group 
comments also were supportive of the scope of the market activities 
defined in the Proposed Rule, while calling for certain scope 
expansions, as discussed further below. In addition, an industry 
association expressed general support for the proposal to define a 
market that allows the CFPB to oversee entities with varied business 
models.
    Other commenters disagreed with the approach to market definition 
in the Proposed Rule. For example, some industry commenters stated that 
larger participant rules must apply antitrust law market definition 
principles because, in their view, the statutory provision in CFPA 
section 1024(a)(1)(B) authorizing CFPB rules to define larger 
participants of ``a market'' incorporates those principles. Some of 
these commenters did not provide a legal basis for this view. Others, 
such as three industry trade associations, cited Congress' use of the 
phrase ``relevant product markets'' in an adjacent provision, CFPA 
section 1024(b)(2), and suggested that the term ``market'' in section 
1024(a)(1)(B) is implicitly limited by the phrase ``relevant product 
market.'' \154\ They further suggested that the terms ``market'' and 
``relevant product market'' should be understood to incorporate 
antitrust case law discussing the boundaries of a market for purposes 
of evaluating the viability of an antitrust claim, including cases 
holding that a group of products are in the same market under antitrust 
law if they are reasonably interchangeable by consumers for the same 
purposes.\155\ Two of these industry associations also stated that 
Congress included the requirement in CFPA section 1024(a)(2) that the 
CFPB consult with the FTC prior to issuing a larger participant rule 
because of the FTC's role in enforcing Federal antitrust laws.\156\ 
These commenters therefore concluded that a larger participant rule 
must define ``a market'' that qualifies as a ``relevant product 
market'' within the meaning of antitrust law.\157\
---------------------------------------------------------------------------

    \154\ Section 1024(b)(2) calls for the CFPB to exercise its 
authority in CFPA section 1024(b)(1) to require reports and 
examinations of nonbank covered persons described in CFPA section 
1024(a)(1) ``in a manner designed to ensure that such exercise . . . 
is based on the assessment by the Bureau of the risks posed to 
consumers in the relevant product markets and geographic markets,'' 
and taking into consideration certain factors further specified in 
CFPA section 1024(b)(2).
    \155\ See, e.g., United States v. E.I. du Pont de Nemours & Co., 
351 U.S. 377, 395 (1956). One commenter also cited a European 
regulation in support of its position.
    \156\ The summary and response to comments regarding the FTC 
consultation process is included in part IV above.
    \157\ Two of the industry associations also indicated that the 
Proposed Rule did not do so because antitrust law market definition 
requires examining the factors that influence consumer choices, and 
the Proposed Rule did not discuss those factors.
---------------------------------------------------------------------------

    Those commenters and several other comments from industry, 
nonprofits, and Members of Congress also disagreed with the proposed 
market on the grounds that it was overbroad, conflating several markets 
into one. For example, a comment from Members of Congress stated that 
in their view, the proposal sought to cover different markets such as 
peer-to-peer services, stored value accounts, neobanking, merchant 
payment processing, and payment credential management.\158\ In 
addition, some industry associations stated that the proposed market 
would not qualify as a valid market because it groups together four 
different types of activities that, in their view, are not economic 
substitutes. They stated that these activities function in different 
ways and meet different needs and use cases. They described four of 
these activities as follows: (1) drawing from a stored balance held by 
the company; (2) routing funds held in a third-party bank account for 
transmission to a recipient; (3) charging or offering a payment method 
for consumer purchases in a manner that is excluded from State money 
transmitter regulations; \159\ and (4) storing and transmitting payment 
credentials without participating in the flow of funds from the 
consumer to the recipient. They also stated that digital applications 
for person-to-person transfers and digital applications for processing 
payments for merchants are different and present different risks of 
consumer harm. Because these activities in their view constitute 
separate markets, they stated that the Proposed Rule deviated without 
justification from previous larger participant rules that did not 
encompass multiple markets.\160\
---------------------------------------------------------------------------

    \158\ However, as discussed above, the market is not based on 
providing a stored value account. And as discussed below under 
``covered payment functionality,'' the market definition generally 
does not apply to merchant payment processors.
    \159\ They added that State money transmitter regulation 
excludes this activity because, in their view, the activity poses 
low risks.
    \160\ As an example, they cited the international money transfer 
larger participant rule in which the CFPB declined to include the 
domestic money transfer market.
---------------------------------------------------------------------------

    More broadly, an industry association also stated that the market 
includes ``P2P'' and digital wallet functionalities that, in their 
view, are not reasonably interchangeable because they provide 
``similar'' but ``differentiated'' services to consumers. Another 
industry association stated that consumers rely on funds transfer 
functionalities and wallet functionalities in different ways, and that 
these functionalities sometimes, but not always, may be interrelated. 
They stated that the CFPB should do a ``piecewise analysis'' of these 
functionalities, separately analyzing how consumers rely upon them. 
They stated that wallet functionalities initiate funds transfers but 
are subject to Regulation E only when they store funds. They suggested 
that the Proposed Rule did not establish a purpose for including wallet 
functionalities in the market when they do not store funds. An industry 
firm and two nonprofits suggested that wallet functionalities that do 
not store funds instead facilitate consumers' payments for purchases 
from merchants by storing and transmitting payment credentials for 
accounts held at third-party financial institutions the CFPB already 
supervises. They described that activity as part of a separate market 
from the other payment functionalities included in the proposed market. 
They stated that the CFPB's proposal to include such wallet 
functionalities in the proposed market does not reflect the sensitivity 
the CFPB has shown to differences among other consumer financial 
products and services, such as consumer reporting, consumer debt 
collection, and student loan servicing, by covering them in separate 
larger

[[Page 99602]]

participant rulemakings defining separate markets.\161\
---------------------------------------------------------------------------

    \161\ This commenter and another industry association suggested 
this approach was inconsistent with how a previous larger 
participant rule engaged in ``tailor[ing]'' of the rule. 78 FR 73383 
at 73397. However, the quoted portion of the previous rule addressed 
the tailoring of the larger-participant test to the market at hand, 
which was not the subject of the comments described here.
---------------------------------------------------------------------------

    A nonprofit commenter described the proposed market as being 
composed of multiple sectors, including the first three groups of 
activities listed by the industry association comments described above, 
as well as what they described as fully online fintech firms such as 
``neobanks'' and money transmitters. In its view, consumers interact 
with these products differently and rely on them for different 
purposes, and each presents different consumer harms.
Response to Comments Received
    As an initial matter, the CFPB disagrees with some industry 
commenters' novel suggestion that larger participant rules must define 
a market that would qualify as a market under antitrust law. In the 
CFPB's international money transfer larger participant rulemaking, 
large providers of international money transfers urged the CFPB to take 
the opposite position--i.e., to state that larger participant rules do 
not define ``markets'' for purposes of antitrust law. In response, the 
CFPB so clarified.\162\
---------------------------------------------------------------------------

    \162\ See Comment on proposed international money transfer 
larger participant rule by Dolex Dollar Express, Inc., MoneyGram 
Payment Systems, Inc., RIA Financial Services, Sigue Corporation, 
and Western Union Financial Services, Inc. (April 1, 2014) (2014 
Industry Comment Letter) at 5 (``[T]he term `market' for purposes of 
defining a larger participant should not be used in the absence of 
cautionary language to make clear that the term is not reflective of 
a Bureau determination of `market' for antitrust purposes.''), 
https://www.regulations.gov/comment/CFPB-2014-0003-0014 (last 
visited Nov. 7, 2024); CFPB, Final International Money Transfer 
Larger Participant Rule, 79 FR 56631 at 56635 n.43 (stating in 
response to comment that in its larger participant rulemakings 
``[t]he Bureau neither defines markets for purposes of antitrust 
law, nor intends the market definition in this Final Rule to be used 
for any purpose other than determining larger-participant status'').
---------------------------------------------------------------------------

    Having carefully considered commenters' arguments, the Final Rule 
maintains the position announced in the international money transfer 
larger participant rule for several reasons. As explained below, the 
market definition in the Final Rule fits within a more general 
understanding of the term ``market'' reflected in CFPA section 1024(a), 
which does not require application of antitrust law. First, commenters 
have not identified any language in CFPA section 1024, or any 
legislative history, that expressly refers to antitrust statutes, 
antitrust caselaw, or antitrust concepts of a market such as 
substitutability and reasonable interchangeability. Instead, the 
commenters' argument depends on an attenuated and unpersuasive argument 
that (1) reads the term ``market'' in section 1024(a)(1)(B) as being 
implicitly limited by the phrase ``relevant product market'' in a 
separate provision, section 1024(b)(2); and then (2) further suggests 
that the phrase ``relevant product market'' in section 1024(b)(2) was 
meant to implicitly import antitrust concepts of substitutability and 
reasonable interchangeability into the CFPB's larger participant 
rulemakings under section 1024(a)(1)(B). Second, section 1024(a)(1)(B) 
gives authority to the CFPB to define by rule a larger participant of 
``a market for other consumer financial products or services[.]'' \163\ 
That phrasing is meaningful because CFPA section 1024(a) enumerates, in 
paragraphs (A), (D), and (E) three categories of consumer financial 
products and services over which the CFPB has supervisory authority. 
Legislative history suggests that Congress understood each to be a 
separate ``market'' in a general sense.\164\ The first category 
encompasses an array of different services that broadly relate to 
mortgage loans (the ``origination, brokerage, or servicing of 
[mortgage] loans'' and also ``loan modification and foreclosures relief 
services in connection with such loans'').\165\ Another category is 
``private education loans,'' which are generally understood to be part 
of a broader market for educational financing that also includes 
Federal student loans.\166\ The third category is ``payday loans,'' 
which are understood to compete with other types of higher-cost credit 
such as title loans and installment loans.\167\ These categories thus 
do not describe consumer financial products and services that 
correspond to the strict antitrust conception of a market, which 
undercuts the suggestion that the term ``market'' in section 
1024(a)(1)(B) should be understood to implicitly incorporate antitrust 
concepts.\168\ Third, the purpose of defining a ``relevant product 
market'' under antitrust law is to determine whether a firm can exert 
monopoly power in a market and thereby profit from supra-competitive 
pricing.\169\ Market power and the analysis of it generally is the 
domain of antitrust law, not the Federal consumer financial law over 
which the CFPB has authority. Commenters have not presented any 
persuasive reason why Congress would have wanted the terms

[[Page 99603]]

``market'' and ``relevant product market'' in section 1024 to be 
limited by reference to antitrust laws that the CFPB does not enforce 
and that do not concern the CFPB's supervisory function.
---------------------------------------------------------------------------

    \163\ 12 U.S.C. 5514(a)(1)(B).
    \164\ The Senate Report to the CFPA describes the ``mortgage 
market'' that is the subject of CFPA section 1024(a)(1)(A) as 
``consist[ing] of more than 25,000 lenders, servicers, brokers, and 
loan modification firms that would be subject to Bureau supervision 
and enforcement.'' S. Rep. 111-176 (Apr. 30, 2010) at 163.
    \165\ 12 U.S.C. 5514(a)(1)(A); see, e.g., CPFB, Final Rule, 
Mortgage Servicing Rules Under the Real Estate Settlement Procedures 
Act (Regulation X), 78 FR 10696, 10699 (Feb. 14, 2013) (providing an 
overview of the ``mortgage servicing market'' within the context of 
the ``mortgage market'' that is ``broader'').
    \166\ 12 U.S.C. 5514(a)(1)(D); see, e.g., CFPB, Final Rule, 
Defining Larger Participants of the Student Loan Servicing Market, 
78 FR 73383, 73385 (Dec. 6, 2013) (``[t]he student loan servicing 
market is comprised of entities that service Federal and private 
student loans that have been disbursed to pay for post-secondary 
education expenses''); Kelly D. Edmiston, Lara Brooks, and Steven 
Shepelwich, Fed. Rsv. Bk. of Kansas City Research Working Paper 12-
05, ``Student Loans: Overview and Issues (Update)'' (Aug. 2012 rv. 
Apr. 2013) at 4 (``The student loan market is made up of federal and 
`private' student loans. Federal student loans are those that are 
listed under Title IV of the Higher Education Act. Private student 
loans are those made by depository and non-depository financial 
institutions (banks) and non-profit lenders (states).''), https://www.kansascityfed.org/documents/5428/rwp12-05edmistonbrooksshepelwich.pdf (last visited Nov. 7, 2024).
    \167\ 12 U.S.C. 5514(a)(1)(E); see, e.g., CFPB, Final Rule, 
Payday, Vehicle Title, and Certain High-Cost Installment Loans, 82 
FR 54472, 54475 (Nov. 17, 2017) (referring to payday loans as part 
of a ``broader set of liquidity loan products that also includes 
certain higher-cost longer-term installment loans'' that are 
sometimes referred to as ``payday installment loans''); NCUA, Final 
Rule, Payday Alternative Loans, 84 FR 51942 (Oct. 1, 2019) 
(authorizing credit unions to originate certain higher-cost 
installment loans with a term of up to 12 months to compete with 
payday loans).
    \168\ Similarly, larger participant rulemakings only apply to 
nonbank covered persons, and not to insured depository institutions, 
insured credit unions, and certain of their affiliates that may 
compete with nonbanks (and that may be subject to CFPB supervision 
under section 1025 or certain CFPB supervisory activities described 
under section 1026). See 12 U.S.C. 5514(a)(3)(A). If Congress had 
intended larger participant rulemakings to define a market for 
antitrust purposes, it presumably would have expressly accounted for 
how insured depository institutions, insured credit unions, and 
certain of their affiliates participate in such markets too.
    \169\ See, e.g., Thomas G. Krattenmaker, Robert H. Lande, Steven 
C. Salop, Monopoly Power and Market Power in Antitrust Law, 76 Geo. 
L.J. 241, 255 (1987) (noting that ``antitrust law now requires proof 
of actual or likely market power or monopoly power to establish most 
types of antitrust violations'' and ``market power and market 
definition are closely related, because a relevant market is that 
group of firms that significantly constrains each other's pricing 
and output decisions.''), https://www.justice.gov/archives/atr/monopoly-power-and-market-power-antitrust-law (last visited Nov. 7, 
2024); Louis Kaplow, On the Relevance of Market Power, 130 Harv. L. 
Rev. 1303, 1304 n.1 & 1366 (2017) (noting that ``[i]t is familiar 
that market power is a prerequisite for most types of competition 
law violations[,]'' listing different violations that depend on 
establishing market power, and noting how the ``relevant market'' is 
the frame of reference for assessing whether a firm has monopoly 
power for purposes of a Sherman Act violation).
---------------------------------------------------------------------------

    In addition, the CFPB disagrees with comments suggesting that the 
FTC consultation requirement in section 1024(a)(2) compels the 
conclusion that the term ``market'' should be interpreted by reference 
to antitrust law.\170\ The commenters cite no legislative history or 
other evidence supporting their position, and the provision itself does 
not reference the FTC's competition mission or its Bureau of 
Competition. The FTC also has a consumer protection mission \171\ and 
it has certain overlapping authority with the CFPB over nonbanks that 
provide consumer financial products and services, which generally would 
include nonbanks that qualify for supervision as a larger 
participant.\172\ Given that overlap, the CFPA includes various 
provisions requiring the CFPB to coordinate or consult with the 
FTC.\173\ In that context, there is little reason to interpret the 
consultation requirement in section 1024(a)(2) as reflecting an 
unstated Congressional intention that the term ``market'' be 
interpreted by reference to antitrust law.\174\
---------------------------------------------------------------------------

    \170\ See 12 U.S.C. 5514(a)(2).
    \171\ See, e.g., What the FTC Does, https://www.ftc.gov/news-events/media-resources/what-ftc-does (last visited Nov. 7, 2024) 
(noting ``the Agency's two primary missions: protecting competition 
and protecting consumers'').
    \172\ 12 U.S.C. 5581(b)(5)(A) (transferring FTC's authority to 
prescribe rules under an enumerated consumer law to the CFPB, but 
not its enforcement authority).
    \173\ See, e.g., 12 U.S.C. 5514(c)(3) (requiring CFPB and FTC 
agreement for coordinating on enforcement actions regarding nonbanks 
subject to its supervisory authority); 12 U.S.C. 5581(b)(5)(D) 
(requiring coordination between CFPB and FTC in certain rulemakings 
``that apply to a covered person or service provider with respect to 
the offering or provision of consumer financial products and 
services[.]'').
    \174\ In addition, it is not necessary to define an antitrust 
market for the rule to help the CFPB to ensure consistent 
enforcement of Federal consumer financial law between nonbanks and 
depository institutions in order to promote fair competition. For 
the reasons discussed in the response to general comments above, the 
CFPB concludes the Final Rule would serve that purpose based on the 
market it defines.
---------------------------------------------------------------------------

    More generally, the CFPB agrees with the comments that expressed 
support for the proposed market definition as describing a set of 
activities that most consumers in the United States regularly rely upon 
to conduct a significant portion of their everyday payments. These 
everyday financial transactions involve making payments to multiple 
unaffiliated persons, as described further below in the section-by-
section analysis of the revised definition of ``general use'' adopted 
in the Final Rule. The universe of potential recipients for consumer 
payment transactions can vary from one general-use digital consumer 
payment application to another. Some peer-to-peer payment applications 
facilitate payments to multiple consumers. Others facilitate payments 
to multiple unaffiliated merchants. As discussed further below, the 
general trend in the market is to facilitate payments to some 
combination of both. That is, many of the well-known market 
participants bundle together different payment methods for consumers to 
make payments to friends, family, and merchants.
    Depending on the market participant and which payment method the 
consumer selects, the general-use digital consumer payment application 
provider may hold the funds used to make a payment or they may be held 
by a third-party financial institution. Regardless of who holds the 
funds used for a payment, market participants share the common activity 
of facilitating consumer payments transactions by providing payments 
data processing products and services to consumers through digital 
applications.\175\ In light of these considerations, and as further 
discussed below, the Final Rule reasonably defines a market that 
comfortably fits within the parameters Congress set for markets in CFPA 
section 1024(a)(a)(1)(B).\176\
---------------------------------------------------------------------------

    \175\ See also discussion under ``covered payment 
functionality'' of comments seeking exclusion of nonbanks providing 
payment services in partnership with banks. Some market activity 
such as that of P2P payment apps often consists of consumer 
financial products and services that rely upon both funds 
transmitting and payments data processing, while other types of 
market activity, such as pass-through payment wallets, may be more 
limited to payments data processing. As the CFPB recently explained 
in another rulemaking, CFPA section 1002(15)(A)(vii) encompasses 
activity that ``extends beyond payment processing to broadly include 
other forms of financial data processing, including where the 
financial data are processed in connection with other financial or 
non-financial products and services.'' 88 FR 74796, 74842 (Oct. 31, 
2023) (proposed rule); see also 89 FR 90838 at 90955 (same point in 
final rule). Providing payments data processing in connection with 
funds transmitting is simply one example of this. See also CFPA 
section 1002(5)(A) (defining a ``consumer financial product or 
service'' as including a financial product or service that is 
described in ``one or more categories under'' CFPA section 
1002(15)).
    \176\ Contrary to the suggestion of some commenters, grouping 
activities that are in some ways different into a single market is 
not a departure from previous larger participant rulemakings. See 77 
FR 42874 at 42886 (consumer reporting larger participant rule 
concluding that ``resellers, national credit repositories, specialty 
consumer reporting agencies, analyzers, and others engaged in 
consumer reporting activities as defined in the final rule are 
properly included in a single market'' because ``[t]hese different 
types of firms all participate in the process of preparing consumer 
financial information for use in decisions regarding consumer 
financial products or services''); 77 FR 9592 at 9598 (Feb. 17, 
2012) (discussing difficulty separating business models of third-
party debt collectors, debt buyers, and collection attorneys because 
``[s]ome third-party debt collectors also buy debt, and debt buyers 
may utilize in-house or third-party collectors. Similarly, 
collection attorneys and law firms may, in addition to representing 
debt owners, buy debt and collect on their own behalf.'').
---------------------------------------------------------------------------

    The CFPB disagrees with the conclusions by some industry and 
nonprofit commenters that the proposed market does not describe a valid 
``market'' for purposes of CFPA section 1024(a)(1)(B).\177\ That 
includes industry comments suggesting that the CFPB cannot reasonably 
define a single market that encompasses consumer financial products and 
services that facilitate digital payments with different purposes, such 
as payments to friends and family and payments for purchases. 
Similarly, the CFPB disagrees with comments suggesting that it cannot 
reasonably define a market that encompasses the facilitation of 
consumer payments using different payment methods or accounts, such as 
stored value accounts held with the market participant, third-party 
banak accounts, and payment cards issued by third party financial 
institutions such as debit cards and credit cards. These comments 
appear to rely on an unduly narrow view of the meaning of the term 
``market'' in the CFPA, which as discussed above in response to 
antitrust-related comments Congress used in a more general sense. To 
that end, the Final Rule reasonably defines a market that comports with 
the range of ``markets'' in subsections (A), (D), and (E) of section 
1024(a)(1) that Congress appears to have referenced in using the term 
``other markets'' in section 1024(a)(1)(B).
---------------------------------------------------------------------------

    \177\ To the extent commenters criticized the proposed market as 
invalid based on its limitation to payment functionalities provided 
through ``digital applications'' with ``general use,'' the Final 
Rule discusses those comments in the section-by-section analysis of 
those defined terms below.
---------------------------------------------------------------------------

    In addition, these comments ignored or did not adequately account 
for how often companies provide a single general-use digital payment 
application with covered payment functionalities that facilitate 
consumer payment transactions with either purpose (to pay friends and 
family and to make purchases), often offering multiple payment methods 
for transactions with either purpose. In the CFPB's experience and 
expertise, informed by its market monitoring and other activities, 
well-known market participants increasingly provide

[[Page 99604]]

general-use digital consumer payment applications that bundle together 
options to make payments for these different purposes and payment 
methods, often in a manner that appears seamless to the consumer as 
described below. This assessment, focusing on the commonality across 
market participants' activities, also is consistent with market 
research described in the Proposed Rule and discussed further below, 
and even some industry associations' own presentation of these 
activities in other settings.\178\
---------------------------------------------------------------------------

    \178\ This trend predates 2024. See, e.g., Testimony of Scott 
Talbott, Sr. Vice President of Government Affairs, Electronic 
Transactions Association (ETA), House Cmttee. on Fin. Servs, Serial 
No. 117-82 (Apr. 28, 2022) at 52 (``Digital wallets can be defined 
broadly to include mobile and other online applications that allow 
users to process payments, access account information, and pay for 
services. Digital wallets provide users with access to stored 
payment credentials, which may include a credit or debit card, bank 
account, or, less commonly, a prepaid or gift card linked to the 
phone or app. This technology has gained popularity with consumers 
as a safe and convenient way to transmit funds in multiple settings, 
including for online purchases, payments at brick-and-mortar 
retailers, and person-to-business (i.e., bill pay) and P2P 
transfers. The concept of the digital wallet has been swiftly 
embraced by the public due to its ease of use. The user just has to 
download and register a mobile wallet on his or her phone.''), 
https://www.congress.gov/117/chrg/CHRG-117hhrg47649/CHRG-117hhrg47649.pdf (last visited Nov. 7, 2024).
---------------------------------------------------------------------------

    Many well-known market participants bundle offerings of both peer-
to-peer (P2P) and payments for purchases--sometimes in a formal and 
explicit manner, other times less so. Comments from several Members of 
Congress highlighted the degree to which sole proprietors and other 
small businesses rely on market participants to accept payments. While 
larger merchants may accept these payments by entering into formal 
merchant acceptance agreements, small businesses such as sole 
proprietors may simply enroll their bank account in a P2P payment 
service to receive funds from consumers.\179\ As the Proposed Rule 
noted, by 2022, an industry report found that 82 percent of small 
business merchants surveyed accepted at least one P2P payment 
option.\180\ Research by a major payment network similarly describes 
how small and medium businesses are paid not only through ``mobile 
wallets'' but also through ``mobile payment apps.'' \181\ Moreover, 
recent market research found that nearly half of U.S. consumers 
surveyed reported using a P2P app for purposes such as making purchases 
with payment cards and bill pay functions. The report concluded that 
``P2P apps are at an inflection point, transitioning from single-
purpose apps to additional, more robust, and often-bundled product 
features.'' \182\
---------------------------------------------------------------------------

    \179\ One government report estimated that in tax year 2017, 
three P2P apps alone filed U.S. tax reports (at a reporting 
threshold of $20,000) disclosing nearly $200 billion in payments to 
businesses through those platforms. Treasury Inspector General For 
Tax Administration, The Internal Revenue Service Faces Challenges in 
Addressing the Growth of Peer-to-Peer Payment Application Use, 
Report No. 2021-30-022 (Apr. 22, 2021) at 6 (Figure 3), https://www.tigta.gov/sites/default/files/reports/2022-07/202130022fr_4.pdf 
(last visited Nov. 7, 2024). In some contexts, the bundling of the 
two types of payments has been so seamless that the payment apps 
themselves have not been able to effectively disentangle personal 
payments from purchases. See 26 U.S.C. 6050W (``Returns relating to 
payments made in settlement of payment card and third party network 
transactions''); IR-2023-221 (Nov. 21, 2023) (describing phase-in 
transition years where reporting not required unless payees receive 
over $20,000 for more than 200 transactions in tax year 2023, and 
more than $5,000 for tax year 2024), https://www.irs.gov/newsroom/irs-announces-delay-in-form-1099-k-reporting-threshold-for-third-party-platform-payments-in-2023-plans-for-a-threshold-of-5000-for-2024-to-phase-in-implementation (last visited Oct. 24, 2024).
    \180\ TSG: Merchants Offering P2P Payments (reporting results of 
TSG and Electronic Transactions Association survey of over 500 small 
businesses merchants), cited in Proposed Rule at n.30. For example, 
some of these apps began by offering only P2P payments focused on 
paying friends and family, but then leveraged that feature to gain 
formal merchant acceptance. See, e.g., eBay, eBay Launches Venmo as 
a Payment Option, a Continued Push to Expand Ways to Pay and Invest 
in Digital Natives (June 13, 2024), https://www.ebayinc.com/stories/news/ebay-launches-venmo-as-a-payment-option-a-continued-push-to-expand-ways-to-pay-and-invest-in-digital-natives (last visited Nov. 
7, 2024); James Pothen, Cash App exec hints at Square integration 
(June 3, 2024), https://www.paymentsdive.com/news/square-cash-app-pos-p2p-block-jack-dorsey-retail-point-of-sale-strategy/717753/ 
(last visited Nov. 7, 2024).
    \181\ VISA Global Back to Business Study (7th ed. 2023) 
(describing multinational survey of plans for digital payment option 
acceptance by small and micro businesses (SMBs) including in the 
United States indicating 55 percent of SMBs planned to accept 
``mobile payment apps'' in 2023 and 50 percent planned to accept 
``mobile wallets''), https://usa.visa.com/content/dam/VCOM/blogs/visa-back-to-business-7-one-pager-september-2023.pdf (last visited 
Nov. 7, 2024). A recent Forbes survey similarly described how both 
``digital wallet apps'' and ``[p]eer-to-peer apps'' are popular ways 
for consumers to make retail purchases. Amanda Claypool, 53% Of 
Americans Use Digital Wallets More Than Traditional Payment Methods: 
Poll (updated Aug. 25, 2023), https://www.forbes.com/advisor/banking/digital-wallets-payment-apps/ (last visited Nov. 7, 2024). 
For example, Amazon, which provides Amazon Pay, also had a brief 
partnership with Venmo. See PYMNTS.COM, Venmo No Longer Accepted on 
Amazon in January (Dec. 7, 2023), https://www.pymnts.com/amazon-payments/2023/amazon-will-discontinue-venmo-payments-in-january/ 
(last visited Nov. 7, 2024).
    \182\ Marqueta, 2024 State of Payments Report at 39, https://www.marqeta.com/state-of-payments (last visited Aug. 1, 2024). See 
also Press Release, Venmo Introduces the Ability to Schedule Payment 
Requests (Oct. 9, 2024) (reporting that ``more than 84% of consumers 
have used a peer-to-peer service with common payments including 
monthly rent, utilities, and other regular living expenses[]'' as 
found in a 2022 survey by Lending Tree at https://www.lendingtree.com/personal/peer-to-peer-services-survey/ (last 
visited Nov. 7, 2024)), https://newsroom.paypal-corp.com/2024-10-09-Venmo-Introduces-the-Ability-to-Schedule-Payments-and-Requests (last 
visited Nov. 7, 2024).
---------------------------------------------------------------------------

    Meanwhile, as suggested by comments from consumer groups, other 
digital wallets gained market share by offering formal merchant 
acceptance but then began to promote a P2P payment feature.\183\ For 
example, as consumer group commenters pointed out, PayPal, which 
initially grew as a payment functionality for merchants selling goods 
and services through an affiliated company's online marketplace, has 
long since graduated to offering a broader range of services including 
peer-to-peer payments.\184\
---------------------------------------------------------------------------

    \183\ Apple, New features come to Apple services this fall (June 
11, 2024) (describing new ``Tap to Cash'' feature that can be used 
with existing Apple Cash stored value product), https://www.apple.com/newsroom/2024/06/new-features-come-to-apple-services-this-fall/ (last visited Nov. 7, 2024); Business Wire, VISA 
Reinvents the Card, Unveils New Products for Digital Age (May 15, 
2024) (provider of Click-to-Pay ecommerce wallet describing new 
mobile device app-based feature for VISA cards ``Tap to P2P (person-
to-person): Allows money to be sent between family and friends''), 
https://www.businesswire.com/news/home/20240515563838/en/ (last 
visited Nov. 7, 2024).
    \184\ Compare PayPal, Inc. Form S-1 (Sept. 28, 2001) at 5 (``We 
depend on online auction transactions for a significant percentage 
of our payment volume.''), https://www.sec.gov/Archives/edgar/data/1103415/000091205701533855/a2059025zs-1.htm, with eBay Press 
Release, eBay Inc. Board Approves Completion of eBay and PayPal 
Separation (June 26, 2015), https://www.ebayinc.com/stories/news/ebay-inc-board-approves-completion-of-ebay-and-paypal-separation/ 
(last visited Nov. 7, 2024) & PayPal, Send money to just about 
anyone, anywhere (website FAQ describing how consumers can use the 
PayPal app to ``[s]end money online to friends and family in the 
US''), https://www.paypal.com/us/digital-wallet/send-receive-money/send-money (last visited Nov. 7, 2024). See also PayPal Holdings, 
Inc. Form 10-K (Feb. 2, 2024) (PayPal 2023 10-K) at 8 (``Our Venmo 
digital wallet in the U.S. is a leading mobile application used to 
move money between our customers and to make purchases at select 
merchants.''), https://www.sec.gov/Archives/edgar/data/1633917/000163391724000024/pypl-20231231.htm.
---------------------------------------------------------------------------

    In addition, the most recent Federal Government diary and survey on 
consumer payment choice results continue to illustrate how mobile app/
online payment accounts generally are understood as supporting both 
``purchases and person-to-person payments[.]'' \185\ That project 
groups together nonbank payment apps such as PayPal, Venmo, Apple Pay, 
Google Pay, Cash App, and Samsung Pay under the

[[Page 99605]]

common heading ``online payment accounts.'' \186\ Other surveys, market 
research, and even a foreign regulator similarly refer collectively to 
both uses--payments to other consumers and payments for purchases.\187\
---------------------------------------------------------------------------

    \185\ Berhan Bayeh, Emily Cubides & Shaun O'Brien, Fed. Rsv. 
Fin. Svcs. FedCash Services, 2024 Findings from the Diary of 
Consumer Payment Choice (May 2024) (2024 Diary Findings) at 5-6 
(Figure 3 grouping together ``purchases and P2P payments'' and 
describing growth in proportion made ``online or remotely'' versus 
``in-person''), https://www.frbservices.org/binaries/content/assets/crsocms/news/research/2024-diary-of-consumer-payment-choice.pdf 
(last visited Nov. 7, 2024). The Proposed Rule noted how the Federal 
Government publishes the results of an annual diary and survey on 
consumer payment choice. 88 FR 80197 at 80200 n.25 (citing report on 
2022 diary and survey by Federal Reserve System staff).
    \186\ 2023 Survey and Diary of Consumer Payment Choice Tables 
(table 1 reporting survey results indicating that 71.8 percent of 
U.S. consumers adopted online payment accounts as of 2023), https://www.atlantafed.org/-/media/documents/banking/consumer-payments/survey-diary-consumer-payment-choice/2023/tables_dcpc2023.pdf (last 
visited Nov. 7, 2024). That survey also reported that ``[s]even in 
10 consumers made at least one payment using a phone or tablet in 
the 12 months ending October 2023.'' Kevin Foster, Claire Greene & 
Joanna Stavins, Fed. Rsv. Bk. of Atlanta Research Data Report No. 
24-1, 2023 Survey and Diary of Consumer Payment Choice: Summary 
Results (June 3, 2024) at 16-17 (``On average, 13 mobile payments 
per consumer were reported'' for October 2023, of which ``10 were 
for purchases, two for bills, and one to pay another person''), 
https://www.atlantafed.org/-/media/documents/banking/consumer-payments/survey-diary-consumer-payment-choice/2023/sdcpc_2023_report.pdf (last visited Nov. 7, 2024).
    \187\ See, e.g., Claire Greene, Fumiko Hayashi, Alicia Lloro, Oz 
Shy, Joanna Stavins & Ying Lei Toh, Defining Households That Are 
Underserved in Digital Payment Services, Fed. Rsv. Bk. of Atlanta 
Research Data Report No. 24-3 (Sept. 9, 2024), sec. 3.1 (describing 
a ``(sub)component of financial inclusion relating to digital 
payments (a subset of payments), which we term digital payments 
inclusion. Digital payments are payments made through a digital 
device or channel, such as electronic fund transfer (for example, 
automated clearing house [ACH] and instant payments); debit, 
prepaid, or credit card; closed-loop online payment services offered 
by online payment service providers (for example, PayPal and Cash 
App); and cryptocurrency transfer.''), table 1 (describing examples 
of digital payments with wide acceptance by merchants, billers, and 
individuals), https://www.atlantafed.org/-/media/documents/banking/
consumer-payments/research-data-reports/2024/10/10/03_defining-
households-that-are-underserved-in-digital-payment-services.pdf 
(last visited Nov. 7, 2024); Pengfei Han & Zhu Wang, Technology 
Adoption and Leapfrogging: Racing for Mobile Payments, Fed. Rsv. Bk. 
of Richmond Working Paper No. 21-05R (Mar. 2021 rev. May 1, 2024) 
(Racing for Mobile Payments) at 6 (``Following Crowe et al. (2010), 
we define a mobile payment to be a money payment made for a product 
or service through a mobile phone, regardless of whether the phone 
actually accesses the mobile network to make the payment. Mobile 
payment technology can also be used to send money from person to 
person.''), https://www.richmondfed.org/-/media/RichmondFedOrg/publications/research/working_papers/2021/wp21-05r.pdf (last visited 
Nov. 7, 2024); U.S. Dept. of Treasury, Assessing the Impact of New 
Entrant Non-bank Firms on Competition in Consumer Finance Markets 
(Nov. 2022) at 13 (``New entrant non-bank firms offer digital 
applications to make payments online and through mobile devices that 
have expanded accessibility for consumers. These payments firms 
generally provide a front-end digital user interface for consumers 
to make payments to other parties (other consumers or, increasingly, 
businesses) on the same platform.''), https://home.treasury.gov/system/files/136/Assessing-the-Impact-of-New-Entrant-Nonbank-Firms.pdf (last visited Nov. 7, 2024); Pew Research Center, Who Uses 
Mobile Payments? (May 26, 2016) at 1 (defining ``[m]obile payment 
users'' as ``consumers who have made an online or point-of-sale 
purchase, paid a bill, or sent or received money using a Web 
browser, text message, or app on a smartphone''), https://www.pewtrusts.org/-/media/assets/2016/05/who_uses_mobile_payments.pdf (last visited Nov. 7, 2024); Pew 
Research Center, Are Americans Embracing Mobile Payments? (Oct. 3, 
2019) at 3 (defining ``mobile payment'' and ``mobile payment apps'' 
in similarly broad manner), https://www.pewtrusts.org/-/media/assets/2019/10/mobilepayments_brief_final.pdf (last visited Nov. 7, 
2024); U.K. Payment Systems Regulator & Financial Conduct Authority, 
Call for Information: Big tech and digital wallets, Doc. CP24/9 
(July 2024), sec. 2.1-2.3 (``Digital wallets can be defined as apps, 
software or online services that allow consumers to make payments, 
quickly and conveniently, using mobile phones or other electronic 
devices . . . . Some digital wallets facilitate retail transactions, 
others allow peer-to-peer payments, and others do both . . . . 
Digital wallets can be either `staged' [by holding funds] or `pass-
through' [because they do not hold funds themselves but instead 
allow users to make payments from a payment card] . . . . While the 
features and functionality of digital wallets vary, in general 
terms, they offer consumers a quick and convenient way to make 
payments.''), https://psr.org.uk/media/yqinyhhn/cp24-9-cfi-digital-wallets-july-2024-v2.pdf (last visited Nov. 7, 2024).
---------------------------------------------------------------------------

    In addition, commenters claiming that the rule encompassed multiple 
markets rather than a single market did not provide evidence regarding 
consumer understanding to support their claims. By contrast, through 
its experience and expertise developed through its market monitoring 
and other activities, the CFPB has seen that several well-known 
general-use digital consumer payment applications engage in many of the 
activities industry commenters characterized as distinct markets. For 
example, when consumers open what some describe as a peer-to-peer 
payment app, now they often may access a screen to send money to other 
persons they identify, whether consumers or businesses.\188\ In 
addition, market participants often design their general-use digital 
consumer payment application so that a single screen can display all 
available methods for making a given payment, including prepaid 
accounts, debit cards linked to deposit accounts, and credit cards, 
whether issued by the digital application provider or by third-party 
financial institutions.\189\ The CFPB therefore declines to 
differentiate the market in ways suggested by industry commenters that 
do not align with the more seamless, undifferentiated common user 
experience that well-known market participants themselves create for 
consumers.
---------------------------------------------------------------------------

    \188\ See, e.g., Venmo, Show some local love: Pay businesses--
like your favorite neighborhood spots--the same easy way you pay 
friends on Venmo (describing how consumer can use a merchant's Venmo 
QR code to identify the merchant as a payment recipient), https://venmo.com/pay/businesses/ (last visited Nov. 7, 2024); Venmo, Adding 
& Removing Friends (describing how consumers can use QR codes from 
other consumers to identify them as recipients), https://help.venmo.com/hc/en-us/articles/217532217-Adding-Removing-Friends 
(last visited Nov. 7, 2024); Block Investor Day 2022, Cash App at 8 
(stating that Cash App ``started with peer-to-peer payments'') & at 
71 (showing screenshot of how a consumer can add a business account 
to receive payments), https://s29.q4cdn.com/628966176/files/doc_presentations/2022/05/Cash-App-Block-Investor-Day-2022.pdf (last 
visited Nov. 7, 2024). Other payment apps also bundle money 
transfers to individual consumers and bill pay functionalities. See, 
e.g., Western Union, Send and Track Money Online (U.S. consumer home 
page describing how a consumer can use the Western Union app to 
``[s]end money, pay bills, check exchange rates, or start a transfer 
in the app and pay in-store-all on the go.''), https://www.westernunion.com/us/en/home.html (last visited Nov. 7, 2024).
    \189\ See, e.g., Apple, Wallet Carry one thing. Everything 
(consumer-facing website showing screenshot of Apple Wallet 
displaying payment methods including a Discover credit card, an 
Apple Cash prepaid account card, and an Apple MasterCard), https://www.apple.com/wallet/ (last visited Nov. 7, 2024); PayPal, Add. Pay. 
Earn. Smile (consumer-facing website showing screenshot of PayPal 
payment method screen where consumer can ``[u]se your bank or cards 
to pay or send money''), https://www.paypal.com/us/digital-wallet/ways-to-pay/add-payment-method (last visited Nov. 7, 2024).
---------------------------------------------------------------------------

    Even when firms choose to discontinue offering payments to other 
consumers,\190\ or have not yet enabled that capability in the United 
States,\191\ their general-use digital payment applications still 
comprise part of the overall market described in the Final Rule, which 
includes but is not limited to digitally facilitating consumer payment 
transactions for purchases.
---------------------------------------------------------------------------

    \190\ See, e.g., Google, Simplifying our payment apps in the 
U.S. (Feb. 22, 2024) (announcing that effective June 4, 2024, the 
U.S. version of the Goole Pay app will no longer be available to 
send money to other consumers but that consumers can continue to use 
Google Pay to check out online and to tap-to-pay in stores), https://blog.google/products/google-pay/payment-apps-update/?sjid=232731559998132243-NA (last visited Nov. 7, 2024).
    \191\ See Amazon, Unified Payment Interface (UPI) FAQs 
(describing how consumers in India can use the Amazon Pay Unified 
Payment Interface to send money to other consumers), https://www.amazon.in/gp/help/customer/display.html?nodeId=202212990 (last 
visited Nov. 7, 2024).
---------------------------------------------------------------------------

Final Rule
    For the reasons described in this Final Rule, including the CFPB's 
consideration of and responses to the comments on the Proposed Rule, 
the CFPB concludes that the set of activities covered by the market 
definition in the Final Rule, all of which digitally facilitate 
consumer payment transactions to multiple unaffiliated persons, 
regardless of the payment method, source, or account used to fund the 
payment, reasonably describes a market for purposes of CFPA section 
1024(a)(1)(B). In addition, the Final Rule makes several revisions to 
market-related definitions as described in the section-by-section 
analysis of Sec.  1090.109(a)(2) below. Because the

[[Page 99606]]

market definition incorporates those defined terms, those revisions 
also affect the scope of the market the Final Rule defines.

109(a)(2) Market-Related Definitions

    Proposed Sec.  1090.109(a)(2) would have defined several terms that 
are relevant to the proposed market definition described above. Below 
the CPFB summarizes and responds to comments on each proposed 
definition and describes changes to these definitions in the Final 
Rule, which also numbers each definition for clarity.
Consumer Payment Transaction(s)
Proposed Rule
    The proposed market definition would have encompassed providing 
covered payment functionalities through a digital application for a 
consumer's general use in making consumer payment transactions. 
Proposed Sec.  1090.109(a)(2) would have defined the term ``consumer 
payment transactions'' to mean the transfer of funds by or on behalf of 
a consumer physically located in a State to another person primarily 
for personal, family, or household purposes.\192\ The proposed 
definition would have clarified that, except for transactions excluded 
under paragraphs (A) through (D), the term applies to transfers of 
consumer funds and transfers made by extending consumer credit. 
Paragraphs (A) through (D) of the proposed definition would have 
excluded the following four types of transactions: (A) An international 
money transfer as defined in Sec.  1090.107(a) of this part; (B) A 
transfer of funds that is (1) linked to the consumer's receipt of a 
different form of funds, such as a transaction for foreign exchange as 
defined in 12 U.S.C. 5481(16), or (2) that is excluded from the 
definition of ``electronic fund transfer'' under Sec.  1005.3(c)(4) of 
this chapter; (C) A payment transaction conducted by a person for the 
sale or lease of goods or services that a consumer selected from an 
online or physical store or marketplace operated prominently in the 
name or such person or its affiliated company; and (D) An extension of 
consumer credit that is made using a digital application provided by 
the person who is extending the credit or that person's affiliated 
company.\193\
---------------------------------------------------------------------------

    \192\ The Proposed Rule would have defined the term ``consumer 
payment transaction'' for purposes of the Proposed Rule. Payment 
transactions that are excluded from, or otherwise do not meet, the 
definition of ``consumer payment transaction'' in the Proposed Rule 
would not have been covered by the market definition in the Proposed 
Rule. However, persons facilitating those transactions may still 
have been subject to other aspects of the CFPB's authorities besides 
its larger participant supervisory authority established by the 
Proposed Rule.
    \193\ Subpart A of the CFPB's existing larger-participant rule 
includes a definition of ``affiliated company'' that would have 
applied to the use of that term in the Proposed Rule. See 12 CFR 
1090.101.
---------------------------------------------------------------------------

    The first component of the proposed definition of ``consumer 
payment transaction'' was that the payment transaction must result in a 
transfer of funds by or on behalf of the consumer. This component 
therefore would have focused on the sending of a payment, and not on 
the receipt. The proposed definition would have encompassed a 
consumer's transfer of their own funds--such as funds held in a linked 
deposit account or in a stored value account. It also would have 
encompassed a creditor's transfer of funds to another person on behalf 
of the consumer as part of a consumer credit transaction.\194\ For 
example, a nonbank's wallet functionality may hold a credit card 
account or payment credential that a consumer uses to obtain an 
extension of credit from an unaffiliated depository institution. If the 
consumer uses the digital wallet functionality to purchase nonfinancial 
goods or services using such a credit card, the credit card issuing 
bank may settle the transaction by transferring funds to the merchant's 
bank for further transfer to the merchant, and a charge may appear on 
the consumer's credit card account. That transfer of funds may have 
constituted part of a consumer payment transaction under the Proposed 
Rule regardless of whether it is an electronic fund transfer subject to 
Regulation E.\195\
---------------------------------------------------------------------------

    \194\ In certain circumstances, consumer credit transactions 
would have been excluded from the proposed definition of ``consumer 
payment transaction,'' for example as described in the exclusion in 
proposed paragraph (D) discussed below.
    \195\ See also generally Sec.  1005.12(a) (describing 
relationship between Regulation E and other laws including the Truth 
in Lending Act and its implementing regulation, Regulation Z).
---------------------------------------------------------------------------

    The CFPA did not include a specific definition for the term 
``funds'' used in the Proposed Rule. As the Proposed Rule explained, 
that term is used in various provisions of the CFPA, including in 
section 1002(15)(A)(iv), which defines the term ``financial product or 
service'' to include ``engaging in deposit-taking activities, 
transmitting or exchanging funds, or otherwise acting as a custodian of 
funds or any financial instrument for use by or on behalf of a 
consumer.'' \196\ Without fully addressing the scope of that term, the 
Proposed Rule interpreted the term ``funds'' in the CFPA to not be 
limited to fiat currency or legal tender, and to include digital assets 
that have monetary value and are readily useable for financial 
purposes, including as a medium of exchange, such as crypto-assets, 
which are sometimes referred to as virtual currency.\197\
---------------------------------------------------------------------------

    \196\ 12 U.S.C. 5481(15)(A)(iv).
    \197\ See generally U.S. Treas. Fin. Stability Oversight 
Council, Report on Digital Asset Financial Stability Risks and 
Regulation (Oct. 3, 2022) at 7 (``For this report, the term `digital 
assets' refers to two categories of products: `central bank digital 
currencies' (CBDCs) and `crypto-assets.' This report largely focuses 
on crypto-assets. Crypto-assets are a private sector digital asset 
that depends primarily on cryptography and distributed ledger or 
similar technology. For this report, the term crypto-assets 
encompasses many assets commonly referred to as `coins' or `tokens' 
by market participants.''), https://home.treasury.gov/system/files/261/FSOC-Digital-Assets-Report-2022.pdf (last visited Oct. 23, 
2023).
---------------------------------------------------------------------------

    The second component of the proposed definition of ``consumer 
payment transaction'' was that the consumer must be physically located 
in a State, a term the proposal would have defined by reference to 
jurisdictions that are part of the United States as discussed in the 
section-by-section analysis below. The CFPB requested comment on this 
limitation.
    The third component of the proposed definition of ``consumer 
payment transaction'' was that the funds transfer must be made to 
another person besides the consumer. For example, the other person 
could be another consumer, a business, or some other type of entity. 
This component would have distinguished the proposed market for 
general-use digital payment applications that facilitate payments 
consumers make to other persons from adjacent but distinct markets that 
include other consumer financial products and services, including the 
activities of taking deposits; selling, providing, or issuing of stored 
value; and extending consumer credit by transferring funds directly to 
the consumer. For example, this component of the proposed definition 
would have excluded transfers between a consumer's own deposit 
accounts, transfers between a consumer deposit account and the same 
consumer's stored value account held at another financial institution, 
such as loading or redemptions, as well as a consumer's withdrawals 
from their own deposit account such as by an automated teller machine 
(ATM).
    The fourth component of the proposed definition of ``consumer 
payment transaction'' is that the funds transfer must be primarily for 
personal, family, or household purposes.\198\ As a

[[Page 99607]]

result, the Proposed Rule would have defined the relevant market 
activity (providing a general-use digital consumer payments 
application) by reference to its use with respect to consumer payment 
transactions. Although a general-use digital consumer payment 
application also could help individuals to make payments that are not 
for personal, family, or household purposes, such as purely commercial 
(or business-to-business) payments, those payments would not have 
fallen within the proposed definition of ``consumer payment 
transaction.''
---------------------------------------------------------------------------

    \198\ Under a relevant definition of consumer financial products 
and services in CFPA section 1002(5)(A), a financial product or 
service is a consumer financial product or service when it is 
offered or provided for use by consumers primarily for personal, 
family, or household purposes. 12 U.S.C. 5481(5)(A).
---------------------------------------------------------------------------

    In addition, the proposed definition of ``consumer payment 
transaction'' would have excluded four types of transfers. First, 
paragraph (A) of the proposed definition would have excluded 
international money transfers as defined in Sec.  1090.107(a). The CFPB 
defined larger participants in a market for international money 
transfers in its 2014 rule.\199\ In proposing this larger participant 
rule, the CFPB did not propose to alter the international money 
transfer larger participant rule. Rather, the CFPB proposed this larger 
participant rule to define a separate market, focused on the use of 
digital payment technologies to help consumers make payment 
transactions that are not international money transfers as defined in 
the international money transfer larger participant rule. Accordingly, 
the proposed definition of ``consumer payment transaction'' would have 
excluded an international money transfer as defined in Sec.  
1090.107(a). As the Proposed Rule explained, to the extent that nonbank 
international money transfer providers facilitate those transactions, 
whether through a digital application or otherwise,\200\ that activity 
remains part of the international money transfer market, and the CFPB 
may be able to supervise such a nonbank if it meets the larger-
participant test in the international money transfer larger participant 
rule.
---------------------------------------------------------------------------

    \199\ 79 FR 56631.
    \200\ See CFPB, Remittance Rule Assessment Report (Oct. 2018, 
rv. April 2019) at 143 (describing trends including ``widespread use 
of mobile phones to transfer remittances and the growth of online-
only providers[]''), https://files.consumerfinance.gov/f/documents/bcfp_remittance-rule-assessment_report.pdf (last visited Oct. 25, 
2023).
---------------------------------------------------------------------------

    Second, for clarity, paragraph (B) of the proposed definition of 
``consumer payment transaction'' would have excluded a transfer of 
funds by a consumer (1) that is linked to the consumer's receipt of a 
different form of funds, such as a transaction for foreign exchange as 
defined in 12 U.S.C. 5481(16), or (2) that is excluded from the 
definition of ``electronic fund transfer'' under Sec.  1005.3(c)(4) of 
this chapter. Paragraph (1) of this proposed exclusion would have 
clarified, for example, that the market as defined in the Proposed Rule 
does not include transactions consumers conduct for the purpose of 
exchanging one type of funds for another, such as exchanges of fiat 
currencies (i.e., the exchange of currency issued by the United States 
or of a foreign government for the currency of a different government). 
Paragraph (2) would have clarified that transfers of funds the primary 
purpose of which is the purchase or sale of a security or commodity in 
circumstances described in Regulation E section 3(c)(4) and its 
associated commentary also would not have qualified as consumer payment 
transactions for purposes of the Proposed Rule.\201\
---------------------------------------------------------------------------

    \201\ 12 CFR 1005.3(c)(4).
---------------------------------------------------------------------------

    Third, proposed paragraph (C) would have excluded a payment 
transaction conducted by a person for the sale or lease of goods or 
services that a consumer selected from an online or physical store or 
marketplace operated prominently in the name of such person or its 
affiliated company.\202\ This exclusion would have clarified that, when 
a consumer selects goods or services in a store or website operated in 
the merchant's name and the consumer pays using account or payment 
credentials stored by the merchant who conducts the payment 
transaction, such a transfer of funds generally is not a consumer 
payment transaction included within the market defined by the Proposed 
Rule.
---------------------------------------------------------------------------

    \202\ See 12 CFR 1090.101 (definition of ``affiliated 
company'').
---------------------------------------------------------------------------

    This exclusion also would have clarified that when a consumer 
selects goods or services in an online marketplace and pays using 
account or payment credentials stored by the online marketplace 
operator or its affiliated company,\203\ such a transfer of funds 
generally is not a consumer payment transaction included within the 
market defined by the Proposed Rule. For such transactions to qualify 
for this exclusion, the funds transfer must have been for the sale or 
lease of a good or service the consumer selected from a digital 
platform operated prominently in the name (whether entity or trade 
name) of an online marketplace operator or their affiliated 
company.\204\ However, this proposed exclusion would not have applied 
when a consumer uses a payment or account credential stored by a 
general-use digital consumer payment application provided by an 
unaffiliated person to pay for goods or services on the merchant's 
website or an online marketplace. For example, when a consumer selects 
goods or services for purchase or lease on a website of a merchant, and 
then from within that website chooses an unaffiliated person's general-
use digital consumer payment application as a payment method, then 
proposed paragraph (C) would not have excluded the resulting consumer 
payment transaction.
---------------------------------------------------------------------------

    \203\ The Proposed Rule noted that a common industry definition 
of an online marketplace operator is an entity that engages in 
certain activities, including ``[b]ring[ing] together [consumer 
payment card holders] and retailers on an electronic commerce 
website or mobile application'' where ``[i]ts name or brand is: 
[]Displayed prominently on the website or mobile application[; ] 
Displayed more prominently than the name and brands of retailers 
using the Marketplace[; and is p]art of the mobile application name 
or [uniform resource locator.]'' 88 FR 80197 at 80203 n.59 (citing 
VISA, Visa Core Rules and Visa Product and Service Rules (Apr. 15, 
2023) (``VISA Rules''), Rule 5.3.4.1 (defining the criteria for an 
entity to qualify as a ``Marketplace'' for purposes of the VISA 
Rules), Oct. 2024 edition last updated Apr. 2023, https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf 
(last visited Nov. 7, 2024)).
    \204\ The Proposed Rule noted that this aspect of the example is 
consistent with what some significant payments industry standards 
consider to be a digital marketplace. See id.
---------------------------------------------------------------------------

    The Proposed Rule explained that the CFPB proposed this exclusion 
to the definition of ``consumer payment transaction'' to clarify the 
scope of the proposed market and to clarify which transactions count 
toward the proposed threshold in the larger-participant test in 
proposed Sec.  1090.109(b). For example, some online marketplace 
operators may provide general-use digital consumer payment applications 
for consumers to use for the purchase or lease of goods or services the 
consumer selects on websites of unaffiliated merchants. Absent the 
proposed exclusion in paragraph (C), the providing of such a general-
use digital consumer payment application could result in counting all 
transactions through such an application, including for goods and 
services the consumer selects from the online marketplace, toward the 
larger-participant test threshold in proposed Sec.  1090.109(b). Yet 
the Proposed Rule noted that the CFPB was not seeking to define a 
market or determine larger-participant status in this rulemaking by 
reference to payment transactions conducted by merchants or online 
marketplaces through their own payment functionalities for their own 
sales transactions. The CFPB therefore believed it was appropriate to 
propose excluding the former type of payment

[[Page 99608]]

transactions from the market defined in the Proposed Rule.
    The Proposed Rule explained how, in this regard, the scope of the 
proposed term ``consumer payment transaction'' is narrower than the 
CFPB's authority under the CFPA, which can extend to payment 
transactions conducted by merchants or online marketplaces for sales 
through their own platforms under certain circumstances. The CFPA 
defines a consumer financial product or service to include ``providing 
payments or other financial data processing products or services to a 
consumer by any technological means, including processing or storing 
financial or banking data for any payment instrument . . .'' \205\ The 
Proposed Rule explained that such activities generally are consumer 
financial products or services under the CFPA unless a narrow exclusion 
for financial data processing in the context of the direct sale of 
nonfinancial goods or services applies.\206\ The Proposed Rule 
explained that exclusion would not apply if a merchant or online 
marketplace's digital consumer application stores, transmits, or 
otherwise processes payments or financial data for any purpose other 
than initiating a payments transaction by the consumer to pay the 
merchant or online marketplace operator for the purchase of a 
nonfinancial good or service sold directly by that merchant or online 
marketplace operator. Other purposes beyond payments for direct sales 
could include using or sharing such data for targeted marketing, data 
monetization, or research purposes. The Proposed Rule explained that 
the exclusion also would not apply if an online marketplace operator's 
digital consumer application processes payments or other financial data 
associated with the consumer's purchase of goods or services at 
unaffiliated online or physical stores or third-party goods or services 
on the operator's online marketplace.
---------------------------------------------------------------------------

    \205\ 12 U.S.C. 5481(15)(A)(vii).
    \206\ ``[A] person shall not be deemed to be a covered person 
with respect to financial data processing solely because the person 
. . . is a merchant, retailer, or seller of any nonfinancial good or 
service who engages in financial data processing by transmitting or 
storing payments data about a consumer exclusively for purpose of 
initiating payments instructions by the consumer to pay such person 
for the purchase of, or to complete a commercial transaction for, 
such nonfinancial good or service sold directly by such person to 
the consumer[.]'' 12 U.S.C. 5481(15)(A)(vii)(I). The Proposed Rule 
stated that this narrow exclusion is descriptive of the limited role 
that many merchants play in processing consumer payments or 
financial data. 88 FR 80197 at 80204 n.62.
---------------------------------------------------------------------------

    Finally, proposed paragraph (D) would have excluded an extension of 
consumer credit that is made using a digital application provided by 
the person who is extending the credit or that person's affiliated 
company. As the Proposed Rule explained, the CFPB proposed this 
exclusion so that the market definition does not encompass consumer 
lending activities by lenders through their own digital applications. 
In this rulemaking, the CFPB did not propose to define a market for 
extending consumer credit, as it did, for example, in the larger 
participant rule for the automobile financing market.\207\ As a result 
of this proposed exclusion, for example, a nonbank would not have been 
participating in the proposed market simply by providing a digital 
application through which it lends money to consumers to buy goods or 
services.\208\
---------------------------------------------------------------------------

    \207\ 12 CFR 1090.108.
    \208\ Thus, to the extent consumer credit transactions would 
have fallen within the proposed definition of consumer payment 
transactions, this would have been because the relevant market 
participant engaged in covered payment-related activities beyond 
extending credit to the consumer. For example, a nonbank may provide 
a wallet functionality through a digital application that stores 
payment credentials for a credit card through which an unaffiliated 
depository institution or credit union extends consumer credit. The 
CFPB proposed a market definition that would have reached that 
nonbank covered person's activities because their role in the 
transaction is to help the consumer to make a payment, not to 
themselves extend credit to the consumer.
---------------------------------------------------------------------------

Comments Received
    Some commenters addressed certain terms in the proposed definition 
of ``consumer payment transaction'' including, in relation to its 
reference to the ``transfer of funds,'' how the Proposed Rule stated 
that the CFPB interprets ``funds'' to include digital assets in certain 
circumstances, as described above. A few commenters also commented on 
how the Proposed Rule sought to define covered transactions based on 
the location of the consumer in a State. Finally, some commenters 
addressed certain proposed exclusions from the definition, including 
specifically paragraphs (C) and (D).
    Many of the comments on the proposed definition of ``consumer 
payment transaction'' related to the proposed inclusion of certain 
transfers of digital assets in this definition, when they transfer 
``funds'' under the CFPA. Several consumer groups and a nonprofit 
expressed general support for including digital assets within the 
market definition. The nonprofit stated that the firms providing 
cryptocurrency products and services have been marked by a wide 
assortment of investor and consumer abuses. Consumer groups agreed, 
noting that reports coming out of the late 2022 downturn in the sector 
illustrated that that consumers would benefit from broader oversight, 
including CFPB supervision of digital assets activities involved in 
consumer payment transactions. They stated that such oversight could 
address risks consumers have faced, such as improper restrictions that 
distressed digital asset platforms have placed on consumers' access to 
hosted digital asset wallets. The consumer groups also stated that 
consumers increasingly are relying on cryptocurrencies for consumer 
payment transactions, as industry emphasizes a long-term strategy of 
promoting such activity. They cited examples of a long-time, well-known 
market participant introducing a stablecoin expressly to facilitate 
consumer purchases, and another digital asset firm contracting with 
merchants for acceptance of crypto assets the firm holds for consumers. 
A banking industry association also supported the coverage of virtual 
currency and crypto assets, which it stated consumers use for personal, 
family, and household purposes, and should be regulated on par with 
fiat currency consistent with the ``same activity, same risk, same 
regulation'' principle. An individual commenter agreed that crypto 
asset users face significant risks, and called for the Final Rule to 
clarify how it applies to digital assets.
    On the other hand, for several reasons described below, several 
nonprofits, providers of digital asset products and services, and 
digital asset industry associations, banking industry associations, and 
other industry associations opposed inclusion of digital assets in the 
market definition. They called for exclusion of these transactions from 
the rule and, if warranted, a re-proposal based on addressing the 
various issues they described; a payment network and nonprofit added 
that, to facilitate regulatory certainty and transparency and avoid 
unintended consequences, the Final Rule should only apply to fiat 
currency and legal tender. They stated that the rule should accomplish 
that goal by limiting the interpretation of ``funds.'' \209\
---------------------------------------------------------------------------

    \209\ As discussed at the outset of the section-by-section 
analysis above, an industry association commenter also stated that 
if the CFPB excludes digital assets from the Final Rule, then the 
CFPB precludes its examination of that activity by larger 
participants under the Final Rule. The CFPB summarizes and responds 
to that comment separately above.
---------------------------------------------------------------------------

    First, some industry commenters stated that the CFPB should not 
adopt this aspect of the Proposed Rule because, in their view, the CFPB 
has not

[[Page 99609]]

conducted adequate market monitoring of digital assets activities and 
does not in general have data, experience, or expertise in this area 
sufficient to assess risk to consumers and finalize a regulation 
covering them. One industry commenter added that the CFPB would have 
benefited from issuing market-monitoring orders to larger digital asset 
firms as the CFPB had done to Big Tech firms offering consumer payment 
applications that transfer U.S. dollars. One commenter stated that the 
Proposed Rule did not rely on public blockchain data from industry 
sources such as Elliptic, Chain Analysis, and TRM, as well as trends 
data published by Circle, and insufficiently disclosed any data on 
which it did rely.
    Second, several comments from industry, nonprofits, and some 
Members of Congress stated that the Proposed Rule did not consider the 
impact of covering digital assets. For example, some industry 
commenters stated that the Proposed Rule underestimated the number of 
larger participants, citing uncertainty over the rule's application to 
digital assets and ineligibility for the proposed small business 
exclusion by small businesses in the digital assets sector that are 
based abroad, organized as nonprofits, or dominant in their field. 
Further, some industry associations, digital assets firms, and a 
nonprofit stated that it was uncertain which digital assets 
transactions would be covered because it is uncertain which are for 
personal, family, or household purposes. In addition, some commenters 
suggested that the Proposed Rule would impose significant burdens on 
the digital asset sector, whether due to the proposed interpretation of 
``funds'' in the CFPA as including digital assets which they viewed as 
a change in substantive consumer protections, or to what they 
anticipated would be exposure to potentially arbitrary and shifting 
CFPB interpretations as to whether Regulation E covers digital 
assets.\210\ Finally, an industry firm stated that the Proposed Rule 
did not adequately consider the potential for digital asset firms to 
pass through costs of this rule to consumers. Some Members of Congress 
and an industry association added that covering digital assets would 
discourage competition and innovation in payments.
---------------------------------------------------------------------------

    \210\ One industry association stated that the Final Rule should 
clarify that it does not serve as a basis for subjecting virtual 
currencies or other digital assets to Regulation E. Another trade 
association called for the CFPB to consult with stakeholders in 
industry, other agencies, and Congress to understand the potential 
implications of applying Regulation E in this context.
---------------------------------------------------------------------------

    In addition, many of these commenters emphasized potential impacts 
of what they described as the proposal's apparent coverage of so-called 
``unhosted'' or ``self-hosted'' digital asset wallets. They stated that 
providers of these products and services must be excluded from the rule 
because they are merely providing software with no ongoing customer 
relationship or intermediary role, no access to information about the 
existence, nature, or use of any digital asset held in the wallet, and 
no control over the use of the wallet for any purpose including to make 
payments.\211\ They added that unhosted digital asset wallets cannot 
block transactions, reverse transactions to correct unauthorized 
transfers, close accounts, or track or monetize consumer data. As such, 
they stated that they also do not know whether the wallet holds funds 
at all (even under the CFPB's interpretation) versus other uses of 
distributed ledger technology including an estimated 1.8 million types 
of crypto assets, nonfungible tokens (NFTs), and loyalty points among 
others. They stated they do not know where the consumer is located for 
the purposes of the proposed definition of ``consumer payment 
transaction.'' They also stated they do not know when a transaction 
occurs at all much less whether it is a consumer payment transaction. 
They stated that the lack of provider collection of such data is a 
critical feature of their product from the perspective of the consumer, 
and that this feature reduces risk to consumers.
---------------------------------------------------------------------------

    \211\ One commenter stated that an exclusion for what it called 
``unhosted'' digital asset wallets would be consistent with FinCEN 
2019 guidance that they described as excluding software providers of 
unhosted digital asset wallets from the scope of Federal money 
transmitter regulation. Another commenter stated that the First 
Amendment of the U.S. Constitution protects software code writing as 
speech, and that the proposed small business concern exclusion 
discriminated between speakers based on the size of their business, 
constituting speaker and viewpoint discrimination that it did not 
believe would survive strict constitutional scrutiny.
---------------------------------------------------------------------------

    Third, some commenters raised legal objections to including digital 
assets in the rulemaking or certain digital asset products and 
services. For example, some industry commenters disagreed generally 
with the proposal's interpretation of ``funds'' as including digital 
assets. These commenters stated that the CFPB did not provide 
sufficient reasoning or evidence to support what they viewed as a 
change in its legal position, that the interpretation ran contrary to 
the statute, Congress' understanding at the time of its enactment,\212\ 
relevant case law, and the ``major questions'' doctrine,\213\ that 
digital asset products and services are not part of a consumer 
financial products or services market because they are not provided for 
use by consumers primarily for personal, family, or household purposes, 
and that the CFPA precludes CFPB oversight over such activities 
overseen by the SEC or CFTC.\214\ Some commenters stated more 
specifically that the CFPB lacks authority over unhosted digital asset 
wallets because, for example, they function similarly to a web browser 
or password manager with a variety of uses beyond payments,\215\ they 
have no more power to intervene in a consumer payment transaction than 
an internet service provider, and these activities are eligible for the 
``electronic conduit services'' exception in CFPA section 
1002(15)(C)(ii).
---------------------------------------------------------------------------

    \212\ Some commenters noted that very few cryptocurrencies 
existed as of 2010, and noted that stablecoins were not introduced 
until several years later.
    \213\ These commenters pointed to the size of digital asset 
activity, including an estimated $130 billion U.S. stablecoin 
market, as well as varied uses of digital assets and efforts in 
Congress to enact a legislative oversight framework.
    \214\ In addition, a nonprofit commenter and other industry 
commenters stated that the CFPB should not finalize this aspect of 
the Proposed Rule because, in their view, it reflects inadequate 
coordination by the CFPB across government as called for under an 
executive order relating to digital assets and reflects inadequate 
CFPB consultation with the SEC and CFTC, which have asserted 
regulatory authority over digital assets.
    \215\ This commenter added that, although the Proposed Rule did 
not specifically address covering unhosted digital asset wallets and 
thus such coverage may not have been intended, based on the 
interpretation of ``funds'' in the Proposed Rule, its proposed 
definition of ``covered payment functionality'' could be viewed as 
reaching them, which, as noted, would be legally impermissible in 
its view.
---------------------------------------------------------------------------

    With respect to other aspects of the proposed definition of 
``consumer payment transaction'' beyond the context of digital assets, 
two commenters addressed the part of the proposed definition of 
``consumer payment transaction'' that limited the term to payments by 
or on behalf of a consumer ``located in a State'' in the United States 
as described above. A nonprofit stated that a survey indicated that the 
majority of its members (59 percent) did not believe that larger 
participants would be able to determine whether the consumer is located 
within a State, such as based on the consumer's internet Protocol 
address at the time of a transaction. An industry association stated 
that this part of the proposed definition was overbroad because it 
extended beyond Federal consumer financial laws that the Proposed Rule 
identified as applicable in the market. Specifically, the commenter 
stated that basing market scope on the location of

[[Page 99610]]

the consumer leads the market to include electronic fund transfers that 
are not covered by Regulation E, such as payments that foreign firms 
facilitate for foreign nationals who do not reside in the United 
States, including while traveling within the United States.\216\ They 
suggested that, in order to avoid being subject to a U.S. supervisory 
regime, foreign providers may abandon support of such foreign national 
customers when traveling in the United States. They also pointed to 
foreign providers' provision of payment accounts located outside the 
United States as another example that they believed generally falls 
outside of Regulation E. As a result, they called for narrowing the 
transactions included in the market. In addition to the proposed 
limitation requiring that the consumer be located in a State in the 
United States, in their view, the definition of ``consumer payment 
transaction'' also should be limited to U.S. residents making payments 
from payment cards or stored value accounts issued by U.S. financial 
institutions. In their view, those additional limitations would better 
align the scope of the market with the scope of regulations the CFPB 
proposes to apply in its examination of larger participants, including 
Regulation E, whose scope with respect to transnational activity is 
described in its comment 3(a)-3.
---------------------------------------------------------------------------

    \216\ They also suggested that Regulation P may not apply to 
those transactions.
---------------------------------------------------------------------------

    Commenters presented a range of views on the exclusion in paragraph 
(C) of the proposed definition of ``consumer payment transaction'' for 
payment transactions conducted by merchants or marketplaces for the 
sale or lease of goods or services the consumer selected from a store 
or marketplace the merchant or marketplace operates prominently in its 
name or the name of an affiliated company. Some commenters also 
addressed the statement in the Proposed Rule describing circumstances 
in which merchant or marketplace payment processing activities that 
fall outside the proposed market definition because they are excluded 
by paragraph (C) nonetheless may qualify as a consumer financial 
product or service under the CFPA.
    Consumer group commenters generally opposed the proposed exclusion 
in paragraph (C). One consumer group noted stated that certain nonbank 
payments companies sell consumers' payments data, including information 
about how much people spend, where, and on what, as described in a 2023 
report the commenter published and linked to in its comment.\217\ In 
their view, to the extent a marketplace collects payments data and uses 
it for purposes beyond completing the payment transaction, the 
marketplace should be brought under supervisory authority, including 
when ``its transactions fall within its own marketplace[.]'' Meanwhile, 
other consumer groups stated that marketplace payment functions can 
comprise a significant portion of the marketplace's revenues, can 
expand into or spin off as general-use digital consumer payment apps, 
and also can engage in practices that the FTC has alleged to violate 
competition laws.
---------------------------------------------------------------------------

    \217\ R.J. Cross, How Mastercard sells its `gold mine' of 
transaction data (Sept. 30, 2023, updated June 17, 2024), https://pirg.org/edfund/resources/how-mastercard-sells-data (last visited 
Nov. 7, 2024).
---------------------------------------------------------------------------

    A law firm commenter agreed that the rule should exclude payment 
transactions conducted by online marketplaces for sales through their 
own platforms. This commenter stated that consumers seek out online 
marketplace platforms for their ability to sell goods and services 
including primarily from third-party retailers hosted on the 
marketplace. It called for clarifying the definition of marketplace in 
proposed paragraph (C) to better achieve the CFPB's stated goal of 
excluding payment transactions conducted by merchants for their own 
sales and payment transactions conducted by online marketplaces for 
sales made through their platform. As noted, the scope of the exclusion 
in proposed paragraph (C) would apply to marketplaces operated 
prominently in the name of the person that conducts the payment 
transaction. This commenter described this aspect of the exclusion as 
unduly focused on branding. It stated that different online marketplace 
operators have different levels of branding and name display, 
suggesting uncertainty about which marketplaces would have qualified 
under the ``prominently'' standard. To the extent that a platform did 
not meet the ``prominently'' standard in the Proposed Rule, in the view 
of this commenter, the exclusion would be arbitrary because a platform 
would be ineligible despite being a marketplace as defined in a Federal 
law administered by the FTC, despite consumers still plainly 
understanding it to be a marketplace, and despite the platform 
presenting different consumer protection concerns as the Proposed Rule 
recognized was the case for excluded marketplaces. For all of these 
reasons, it stated that the Final Rule should adopt the definition of 
``online marketplace'' Congress adopted in the Integrity, Notification, 
and Fairness in Online Retail Marketplaces for Consumers Act (INFORM 
Act).\218\ That statute defined a marketplace based on its function, 
and not its level of name branding. The commenter added that, by 
incorporating the INFORM Act definition, the exclusion would apply both 
when the marketplace is paid and when a third-party seller selling 
through the marketplace is paid.
---------------------------------------------------------------------------

    \218\ 15 U.S.C. 45f(f)(4).
---------------------------------------------------------------------------

    Some industry commenters addressed whether the Rule should include 
consumer payment transactions consumers initiate through ``buttons'' on 
merchant websites. One industry association indicated that it was 
important for the rule to provide for universal coverage of digital 
wallets, including those a consumer uses by pressing a payment button a 
checkout screen on a merchant website. It suggested that broad coverage 
was important to achieve consistent supervision across providers, which 
promotes competition. On the other hand, some industry commenters 
called for adding an exclusion for what they described as express 
checkout options that nonbanks facilitate for third-party merchant 
websites and apps, including ``buy buttons.'' \219\ One industry 
association called for the rule to clarify that payment checkout 
buttons are excluded from the market because they do not function 
generally across merchants but instead require individual merchant 
acceptance agreements.\220\ Another industry association cited research 
indicating that many online merchants including small businesses 
facilitate consumers' purchases by offering these buttons, and 
suggested that the Proposed Rule was unnecessarily directing its 
coverage to merchant payment processing.\221\
---------------------------------------------------------------------------

    \219\ A few industry commenters suggested that the integration 
of general-use digital consumer payment applications into merchant 
websites through payment buttons does not pose any risk to 
consumers, and that this type of activity should not be included in 
the market definition. The CFPB considers and responds to comments 
related to risks to consumers separately in the response to general 
comments above.
    \220\ This commenter cited this fact as supporting its view that 
such checkout buttons do not have ``general use''--which the Final 
Rule discusses in the section-by-section analysis of that term 
further below. To ensure full consideration of all related comments, 
the CFPB also describes that comment here in the context of other 
comments regarding checkout buttons associated with general-use 
digital consumer payment applications provided by nonbank covered 
persons.
    \221\ As discussed in the impacts analysis in parts VII and 
VIII, a comment from certain Members of Congress also stated that 
providers of general-use digital consumer payment apps could pass 
the cost of the rule onto merchants, including small merchants, that 
accept the apps as a payment method. For the reasons explained in 
the impacts analysis, the CFPB does not have information to indicate 
that larger participants are likely to pass through a significant 
portion of these costs to merchants. As the impacts analyses further 
explain, the costs of the Final Rule are not high and, even if they 
were passed through, that would be spread across the very high 
number of merchants that accept one or more of these apps as a 
method of payment.

---------------------------------------------------------------------------

[[Page 99611]]

    Some industry and nonprofit commenters appeared to have interpreted 
the statement in the preamble regarding the scope of the CFPB's 
authority under CFPA section 1002(15)(A)(vii) as potentially intended 
to narrow or alter the scope of the exclusion in paragraph (C). For 
example, several Members of Congress, stated that the scope of the 
market definition was ambiguous because, on the one hand, the Proposed 
Rule excluded merchant and marketplace payment functions in 
circumstances described in paragraph (C), but on the other hand, the 
preamble of the Proposed Rule stated that the statutory exclusion in 
CFPA section 1002(15)(A)(vii)(I) does not apply to these functions when 
they use payments data for purposes beyond processing a payments 
transaction. Similarly, an industry association commenter suggested 
that, due to the proposal's interpretation of 1002(15)(A)(vii)(I), the 
Proposed Rule would apply to merchants processing payments on their own 
behalf because retailers widely use financial data for purposes beyond 
processing transactions. Because it did not understand the CFPB to be 
seeking to cover merchants' payment processing in this rule, it called 
for the CFPB to remove this interpretation from the Final Rule to 
ensure that its scope is focused on the general-use digital consumer 
payment applications that create risks to consumers that the CFPB has 
identified. Another industry association suggested that the 
interpretation appeared designed to increase CFPB scrutiny of merchants 
through supervision. In their view, if the CFPB exercises jurisdiction 
over merchants on the basis described in the interpretation above, that 
could make it more difficult for merchants to combat fraud, cause 
merchants to raise prices or reduce discounts, and cause merchants to 
decrease reliance on newer, competitive forms of payment. Finally, a 
law firm also indicated it was unclear whether the interpretation of 
the CFPA was intended to narrow the scope of paragraph (C).
    In addition to expressing uncertainty regarding its impact on the 
scope of paragraph (C), some industry commenters disagreed with the 
Proposed Rule's interpretation of the CFPB's payments processing 
authority in CFPA section 1002(15)(A)(vii). In particular, they 
asserted that the proposal's interpretation of the exclusion in CFPA 
section 1002(15)(A)(vii)(I) was invalid because it would have the 
result that many merchants would not satisfy the exclusion. In addition 
to the comments described above, comments from two industry 
associations stated that merchants use payments data for a variety of 
purposes that they described as beneficial to consumers, such as 
research, fraud prevention, targeted marketing of discounts, and even 
routing of transactions consistent with Federal Reserve Regulation II 
to reduce the cost of payment acceptance. Because they viewed those 
uses as potentially for purposes other than initiating the payment 
transaction, these commenters believed that merchants would almost 
never be eligible for the exclusion in 1002(15)(A)(vii)(I) under the 
CFPB's interpretation of it. One of these commenters added that that 
result would contravene general intent of Congress to exclude merchants 
from the CFPA, including pursuant to CFPA section 1027(a). Relatedly, 
they stated that the proposed interpretation would harm consumers by 
disincentivizing merchants from engaging in all of these uses of 
consumer payments data. On the other hand, a consumer group supported 
the proposal's interpretation of the exclusion in CFPA section 
1002(15)(A)(vii)(I). This commenter stated that digital wallets collect 
and monetize high amounts of consumer data, including through 
transactions that occur on marketplaces, without oversight.
    Some commenters addressed the inclusion of consumer credit 
transactions in the proposed definition of ``consumer payment 
transactions'' in general, as well as the related exclusion in 
paragraph (D) for extensions of credit made using a digital application 
provided by the person extending credit or its affiliated company.
    With respect to the inclusion of consumer credit transactions 
generally, several commenters including an industry provider and two 
nonprofits generally recognized that pass-through payment wallets 
facilitate both debit card and credit card transactions (among other 
types of transactions). However, a nonprofit commenter disagreed with 
the proposal's inclusion of a creditor's transfer of funds in the 
definition of ``consumer payment transaction.'' In its view, expanding 
the scope of CFPB supervisory authority beyond electronic funds 
transfers subject to Regulation E could lead companies to invest less 
in tokenization and anti-fraud technologies and could disincentivize 
allocation or use of credit for consumers who prefer general-use 
digital consumer payment applications.
    With respect to the proposed exclusion in paragraph (D), an 
industry association stated that the Final Rule should clarify that 
this exclusion applies to nonbanks that partner with other financial 
institutions to offer consumer credit products that fund consumer 
payment transactions. The commenter stated that in these arrangements, 
the nonbank may provide a consumer-facing digital application through 
which the consumer accesses an extension of credit made and issued by a 
third-party financial institution. It stated that the third-party 
financial institution extends credit by transferring funds directly to 
the consumer (which the commenter stated would not qualify as a payment 
by the consumer to another person). Through its mobile application, the 
nonbank then may facilitate the consumer's use of those funds to make a 
payment.
    A banking trade association and a payment network stated that it 
was uncertain whether the proposed market included the extension of 
credit through what it referred to as buy-now-pay-later (BNPL) 
applications. It stated that the rule should provide illustrative 
examples of covered consumer credit products and clarify whether BNPL 
applications are eligible for the proposed exclusion in paragraph (D) 
in light of uncertainty as to whether BNPL providers are extending 
credit. They also stated that it was unclear why the CFPB would exclude 
BNPL applications, since they function similarly to other activities 
described in the Proposed Rule and also have grown rapidly as a means 
for consumers to pay for the purchase of goods and services. They 
stated that the CFPB should include participants in what they referred 
to as the BNPL market within the scope of this rule, or in a separate 
larger participant rulemaking.
    Finally, several consumer groups called for the rule to clarify 
whether proposed paragraph (D) applies to funds transfers by earned 
wage advance products and services, given that some nonbanks that 
provide those products and services claim not to be extending consumer 
credit.
Response to Comments Received
    After considering comments on the inclusion of certain digital 
assets transactions in the proposed definition of ``consumer payment 
transaction,'' the CFPB has decided, for purposes of this

[[Page 99612]]

Final Rule, to exclude such transactions from coverage under the Rule. 
The CFPB intends to continue to gather data and information regarding 
the nature of such transactions and the impact of digital assets 
transactions on consumers, and to take further action as appropriate. 
For example, the CFPB has considered comments from industry and others 
stating that some digital asset products and services, such as so-
called unhosted or self-hosted wallets, may not currently be able to 
collect the data necessary to administer the larger-participant test 
that would be applied to establish supervisory authority. Based on the 
limited data and information these commenters provided in their 
comments, the CFPB is not prepared in this Final Rule to determine 
whether and how to distinguish between hosted and unhosted wallets. As 
further discussed below, the CFPB is implementing this change by 
updating the larger participant threshold to only consider U.S. dollar 
transactions (see section-by-section analysis of ``threshold'' below).
    In addition, for purposes of defining what qualifies as a 
``consumer payment transaction'' covered by the Final Rule, the CFPB 
has considered the industry association and nonprofit comments, 
including the survey described above, which indicate that most market 
participants may be more familiar with assessing where a consumer 
resides \222\ than where the consumer is located at the time of any 
given consumer payment transaction (which can change from transaction 
to transaction, especially when consumers make payments using mobile 
phones). Thus, to facilitate administration of the larger-participant 
test, rather than adopting the proposal to base coverage of consumer 
payment transactions on whether the consumer is physically located in a 
State at the time of the transaction, the Final Rule defines ``consumer 
payment transactions'' as subject to the rule based on whether the 
consumer is a U.S. resident, as described further below.\223\
---------------------------------------------------------------------------

    \222\ See Reg. E, cmt. 3(a)-3 (stating that regulation E applies 
to all persons providing EFT services to U.S. residents through 
U.S.-located accounts). Regulation Z, which governs consumer credit 
card transactions, also links its scope to residency in a State. See 
Reg. Z, cmt. 1(c)-1.
    \223\ The CFPB declines the industry association suggestion to 
further narrow ``consumer payment transactions'' to those that U.S. 
residents make (1) from a location in a State (2) using a payment 
card issued by a U.S. bank or a stored value account provided by a 
U.S. financial institution. The CFPB believes that limiting 
``consumer payment transactions'' to U.S. residents will address the 
commenter's concerns regarding the inadvertent coverage of foreign 
residents' transactions using accounts issued by foreign 
institutions while traveling to the United States. The additional 
changes the commenter suggests are not necessary or appropriate in 
the context of this rule. This rulemaking is not defining a market 
for payment cards or stored value accounts. The market activity is 
not providing an ``account''; rather, it is facilitating consumer 
payment transactions through a general-use digital consumer payment 
application. Such activity can facilitate payments from accounts 
held by third-party financial institutions. Therefore, the 
nationality of the provider of the underlying account is not 
necessarily relevant.
---------------------------------------------------------------------------

    With regard to comments on the proposed exclusion in paragraph (C) 
of the definition of ``consumer payment transaction,'' the CFPB agrees 
with the consumer group comments that online marketplaces can pose 
risks to consumers when they sell payments data. Nonetheless, as 
discussed above, the market definition does not include or exclude 
activities based on the level of risk they pose. In addition, the law 
firm commenter reasonably notes that consumers seek out marketplace 
platforms for the goods and services they offer, including from third-
party marketplace sellers.\224\ In that way, consumers seek out a 
marketplace platform for purposes that differ from the payment-focused 
purposes for which they seek out a general-use digital consumer payment 
application. Therefore, the Final Rule treats a merchant or marketplace 
conducting payment transactions for sales through its own platform as 
distinct from the activity included in the market defined in this 
rule.\225\ The CFPB believes that it is therefore appropriate to 
exclude such transactions from this Final Rule in paragraph (C). 
Finally, with regard to the consumer group comment that marketplace 
operators can grow into general-use consumer payment applications, the 
Rule accounts for that. If those operators do expand into general-use 
consumer payment applications and qualify as larger participants under 
this rule, they will be subject to the CFPB's supervisory authority.
---------------------------------------------------------------------------

    \224\ See also FTC, Buying From an Online Marketplace (Sept. 
2022) (``In general, online marketplaces connect buyers and 
sellers.''), https://consumer.ftc.gov/articles/buying-online-marketplace (last visited Nov. 7, 2024).
    \225\ Relatedly, the CFPB also disagrees with the law firm 
commenter to the extent it was suggesting that the proposed 
exclusion in paragraph (C) would not apply to a payment transaction 
conducted by an online marketplace on behalf of a third-party 
seller. Under the terms of the proposed exclusion, when a consumer 
selects goods or services from an online marketplace and the 
marketplace operator conducts the consumer payment transaction, that 
would have been excluded by paragraph (C) even if a third-party 
seller was involved in the sale.
---------------------------------------------------------------------------

    Regarding the definition of ``marketplace'' in proposed paragraph 
(C), the CFPB agrees that in some circumstances it may be complex to 
evaluate the level of prominence of an entity's branding on a 
marketplace platform. As the proposal noted, major payment network 
rules include that standard to define a marketplace. However, it is 
unclear to the CFPB how administrable that standard is in that context. 
Accordingly, as discussed further below, the Final Rule does not adopt 
the proposed limitation on the exclusion related to the prominence of 
branding.
    The CFPB declines the commenter's further suggestion that the rule 
expressly incorporate a definition of ``marketplace'' in the INFORM 
Act.\226\ While the CFPB believes that platforms that qualify as 
``online marketplaces'' under the INFORM Act generally would qualify as 
marketplaces for purposes of the exclusion in paragraph (C), the INFORM 
Act definition is limited to online marketplaces for third party 
sellers of a ``consumer product,'' defined by reference to certain 
``tangible personal property[.]'' \227\ The Proposed Rule referred more 
broadly to a marketplace for sale of goods or services. And, as noted 
above, incorporating the INFORM Act is not necessary to ensure 
exclusion of marketplace platform payments to third-party sellers. For 
these reasons, the CFPB believes the language in the Proposed Rule is 
more appropriate in this context and expressly incorporating the 
definition in the INFORM Act is unnecessary.
---------------------------------------------------------------------------

    \226\ 15 U.S.C. 45f(f)(4).
    \227\ 15 U.S.C. 45f(f)(2) (incorporating definition of 
``consumer product'' in 15 U.S.C. 2301(1) and associated 
implementing regulations).
---------------------------------------------------------------------------

    The CFPB agrees with the industry association commenter that stated 
that the rule should apply to general-use digital consumer payment 
applications on a consistent basis, including when consumers click on 
buttons on merchant or online marketplace websites to access general-
use digital consumer payment applications provided by third parties. As 
the commenter suggested, covering these consumer financial products and 
services serves the CFPB's statutory objective of ensuring consistent 
enforcement of Federal consumer financial law to promote fair 
competition, as discussed further above. However, in response to 
comments about coverage of consumer payment transactions initiated 
through online merchant checkout processes that rely on payment 
buttons, the CFPB seeks to clarify the scope of the market definition. 
The market consists of providing, through a digital payment 
application, a general-use covered payment functionality. As discussed 
above, some market participants have

[[Page 99613]]

pursued a deliberate strategy of ``embedded finance,'' through which 
nonbank providers of general-use digital consumer payment applications 
embed them into nonfinancial digital applications. Given the market 
reliance upon ``embedded finance'' as a way of promoting general-use 
digital consumer payment applications, it is reasonable for the Rule 
not to exclude that activity merely because it is embedded. However, 
that does not mean the Rule covers the merchant that embeds a payment 
button on its ecommerce website. When a merchant displays on its 
ecommerce website a payment button for an unaffiliated third-party's 
general-use digital consumer payment application, the merchant is not 
itself providing a covered payment functionality as defined in the 
Rule. The CFPB understands that these buttons operate as application 
programming interfaces (APIs) or redirects to launch the general-use 
digital consumer payment application provided by the third party.\228\ 
In these circumstances, for purposes of the market definition in this 
Rule, the third party is providing the general-use digital consumer 
payment application, not the merchant. For these reasons, the CFPB 
disagrees with industry commenters' suggestions that the Rule needs an 
exclusion for ecommerce checkout processes. Further, the CFPB does not 
agree that, because merchants individually agree to offer payment 
buttons linking to digital consumer payment applications provided by 
unaffiliated nonbanks, this indicates that the third party's digital 
consumer payment application does not have general use. Under the Final 
Rule, as discussed further below, ``general use'' is based on whether 
the consumer can use the digital consumer payment application to pay 
more than one unaffiliated person. For example, the same payment button 
may appear on the websites of thousands of different merchants, each of 
which may have its own acceptance agreement with the provider of the 
associated general-use digital consumer payment application.\229\ The 
app associated with the payment button can have general use for the 
consumer, who can use it to make online purchases virtually anywhere 
that payment button appears on an ecommerce site on the internet.\230\
---------------------------------------------------------------------------

    \228\ See, e.g., Lotus Lin, E-commerce APIs Introduction, 
Medium.com (Mar. 24, 2023) (describing how some providers of 
general-use digital consumer payment applications provide payment 
gateway APIs), https://medium.com/@lotus.lin/e-commerce-apis-
introduction-29664558a3b0 (last visited Nov. 7, 2024); PYMNTS, Buy 
Buttons (``Branded buy buttons are usually placed underneath the 
standard `buy' or `pay' button on the merchant's checkout page and 
make it possible for consumers to pay for something without 
establishing an account with that merchant. Branded buy buttons use 
payment credentials that consumers have stored with the buy button 
brands. PayPal is the most widely accepted buy button, with Amazon 
Pay, Google Pay and Apple Pay also gaining acceptance in apps and 
online.''), https://www.pymnts.com/tag/buy-buttons/ (last visited 
Nov. 7, 2024).
    \229\ Merchants often accept consumers' payments through well-
known digital payment applications by agreeing to the terms and 
conditions imposed by the provider. One-way digital consumer payment 
applications gain general use is through acceptance across multiple 
unaffiliated merchants. See, e.g., Apple, Tap to Pay on iPhone 
(``Before your app can enable Tap to Pay on iPhone and configure a 
merchant's device, the merchant must accept the relevant terms and 
conditions.''), https://developer.apple.com/design/human-interface-guidelines/tap-to-pay-on-iphone (last visited Nov. 7, 2024); Apple 
Pay Platform Web Merchant Terms at https://developer.apple.com/apple-pay/terms/apple-pay-web/ (last visited Nov. 7, 2024); Amazon 
Pay, Getting started for merchants at https://pay.amazon.com/business/getting-started (last visited Nov. 7, 2024); Google Pay API 
Terms of Service at https://payments.developers.google.com/terms/sellertos (last visited Nov. 7, 2024); Meta Pay onboarding contract 
described at https://developers.facebook.com/docs/meta-pay/overview#onboarding (last visited Nov. 7, 2024); PayPal Developer 
Agreement (Mar. 21, 2022) (describing how holders of business 
accounts can use APIs and a PayPal Button) at https://www.paypal.com/us/legalhub/xdeveloper-full?locale.x=en_US (last 
visited Nov. 7, 2024); Samsung Pay, Web Payments Integration Guide 
at https://developer.samsung.com/internet/android/web-payments-integration-guide.html (last visited Nov. 7, 2024); Venmo Approved 
Business Account Addendum (effective date Jan. 24, 2019) at https://venmo.com/legal/us-business-addendum/ (last visited Nov. 7, 2024). 
In addition, a payment processor that online merchants use describes 
examples of digital wallets that merchants can accept through its 
software. See Stripe, Wallets: Learn about wallet payments with 
Stripe (stating that the payment processor has ``created a single 
integration for all wallets that works across [its] products'' and 
identifying numerous such payment methods it enables), https://stripe.com/docs/payments/wallets (last visited Nov. 7, 2024).
    \230\ With regard to industry comments that payment buttons do 
not pose risks to consumers, the CFPB considers the comments about 
risks to consumers from various types of market activity in the 
response to general comments above. For the reasons discussed above, 
this rulemaking is not the vehicle in which the CFPB must assess 
such risks. Rather, the CFPB takes risk into account when 
prioritizing entities for examination and scoping examinations. As a 
result, to the extent that any given larger participant's general-
use digital consumer payment application does in fact pose low risks 
to consumers, then the CFPB supervision program is designed to 
ensure they are at low risk for examination.
---------------------------------------------------------------------------

    The CFPB also seeks to clarify that the CFPB's statement regarding 
the scope of its authority under CFPA section 1002(15)(A)(vii) was not 
intended to narrow or otherwise alter the scope of the exclusion in 
paragraph (C). Paragraph (C) generally excludes transactions in which a 
merchant or online marketplace conducts payments to itself for sales 
through its platform. The Proposed Rule discussed the scope of CFPA 
section 1002(15)(A)(vii) to clarify that the CFPA describes a broader 
set of activities including in some circumstances those that may be 
excluded by paragraph (C). In other words, certain payment transactions 
may fall within the CFPA's authority under the CFPA but not qualify as 
``consumer payment transactions'' for purposes of this larger 
participant rule. In summary, the CFPB proposed the exclusion in 
paragraph (C) for the purpose of defining the scope of the market and 
not the scope of its statutory authority under CFPA section 
1002(15)(A)(vii). That said, the CFPB does not share the view expressed 
by some industry commenters that the proposal's discussion of the 
exclusion in CFPA section 1002(15)(A)(vii) was contrary to the 
provision's language or would lead to results that Congress did not 
intend. However, the validity of this Final Rule does not depend on the 
correctness of the proposal's interpretation of CFPA section 
1002(15)(A)(vii) because, as noted above, the market definition does 
not encompass the full extent of the CFPB's authority under that 
provision. Therefore, it is not necessary for the CFPB to further 
address comments regarding that interpretation in this Final Rule.
    With regard to the proposed coverage of consumer credit 
transactions in the definition of ``consumer payment transaction,'' as 
several commenters acknowledged, pass-through payment wallets commonly 
facilitate transactions using both debit cards and credit cards. 
Because market participants commonly provide digital applications that 
facilitate consumer payment transactions using both debit card and 
credit cards (among other payment methods), the Final Rule 
appropriately includes consumer payment transactions that use both 
types of payment cards in the market. The CFPB disagrees with the 
nonprofit commenter to the extent it was suggesting that paragraph (D) 
should have excluded all consumer credit transactions or that the 
definition of ``consumer payment transaction'' should only apply to 
payments made from a consumer's asset accounts.\231\ Excluding all 
consumer credit transactions from the market would not be consistent 
with the way nonbanks often provide these consumer

[[Page 99614]]

financial product and services in the market.\232\
---------------------------------------------------------------------------

    \231\ Contrary to the commenter's suggestion, by including 
consumer credit transactions in the definition of ``consumer payment 
transactions,'' the Proposed Rule would not have expanded the scope 
of substantive consumer protections including Regulation E. This 
rulemaking does not amend or modify Regulation E. As the Proposed 
Rule explained, a larger participant rule merely establishes 
supervisory authority and does not impose any new substantive 
consumer protection regulation.
    \232\ The Final Rule discusses other comments seeking exclusion 
of pass-through payment wallets in the discussion of ``covered 
payment functionality'' further below.
---------------------------------------------------------------------------

    In addition, the commenter did not provide support for its view 
that including consumer credit transactions in the definition of 
``consumer payment transactions'' could create economic incentives for 
firms to reduce credit card lines or fraud protections. For several 
reasons, the CFPB disagrees with the commenter, to the extent it was 
suggesting that its general concerns over potential incentives 
warranted excluding general-use digital consumer payment applications' 
facilitation of consumer credit transactions. First, the commenter did 
not offer a persuasive rationale for the Rule to treat consumer credit 
transactions that nonbanks facilitate through digital payment 
applications differently from payments from asset accounts, when 
general-use digital consumer payment applications facilitate both, as 
noted above. Second, the commenter did not explain why it believed that 
the supervisory authority the rule would establish over nonbank larger 
participants could disincentivize allocation or usage of revolving 
lines of consumer credit through general-use digital consumer payment 
application. Such an impact is unlikely, given that the lender's own 
app-based lending activity can be excluded by paragraph (D) and the 
CFPB already supervises much of the lending activity in the credit card 
market.\233\ Finally, with regard to market participants' investments 
in tokenization and anti-fraud protections, the commenter did not 
explain why larger participants would seek to offset the costs of CFPB 
examination by specifically reducing investment in anti-fraud 
protections or provide evidence or otherwise show that the rule would 
create a meaningful disincentive to engage in these activities. The 
CFPB believes that it is also possible that, after the Final Rule takes 
effect, larger participants will continue investing in such 
technologies as part of their efforts to avoid risks to consumers and 
non-compliance with Federal consumer financial law. As with the 
commenters' other concerns, the CFPB does not believe that this general 
concern regarding potential incentives warrants excluding the 
facilitation of consumer credit transactions from the Final Rule.
---------------------------------------------------------------------------

    \233\ Proposed paragraph (D) already clarified that the market 
definition is not based on the activity of extending credit. 
Moreover, the CFPB already supervises very large insured depository 
institutions and insured credit unions, which issue the bulk of 
consumer credit cards in the United States, as well as their service 
providers. CFPB, The Consumer Credit Card Market (Oct. 2023), sec. 
2.21 (annual CARD Act report discussing concentration in the credit 
card issuance market, with the top 30 issuers representing 95 
percent of credit card loans in 2022, and 3,800 smaller banks and 
credit unions accounting for five to six percent of the market). 
With regard to the potential for larger participants to pass through 
costs of the Rule to others, the Final Rule discusses this issue in 
part VII below.
---------------------------------------------------------------------------

    However, as the Proposed Rule explained,\234\ by including consumer 
credit transactions in the definition of ``consumer payment 
transaction,'' the CFPB does not seek to define this payments market in 
a manner that encompasses ``consumer lending activities by lenders 
through their own digital applications.'' In particular, the CFPB is 
not seeking to define a market for extending consumer credit, such as 
the market it defined in the larger participant rule for automobile 
financing originations. The CFPB therefore proposed the exclusion in 
paragraph (D) to maintain a distinction between payments-focused 
activity (included in the market) and consumer credit originations 
(excluded by paragraph (D)). The CFPB declines the suggestion by the 
industry comment to expand the scope of this market to include what it 
described as the buy-now-pay-later market.\235\ For the same reason, 
the CFPB agrees with the industry association commenter that a nonbank 
should be eligible for the exclusion in paragraph (D) when it provides 
a digital application to initiate a consumer credit transaction and 
also engages in a set of activities directed at originating the 
extension of consumer credit, regardless of who is extending the credit 
(and even if a third-party financial institution such as a bank or 
credit union is extending the credit). Accordingly, the CFPB is 
clarifying paragraph (D) in the Final Rule as described below to 
describe additional activities integral to consumer credit originations 
that would be part of the eligibility criteria for the exclusion, 
including brokering, purchasing, or acquiring the extension of 
credit.\236\ If a nonbank provides a digital application to initiate 
consumer credit transactions and engages in those other activities in 
connection with those consumer credit transactions, then the CFPB 
believes it generally is engaged in consumer credit origination 
activity, which is not the focus of this rulemaking. By excluding 
extensions of consumer credit in the circumstances described in 
paragraph (D), the Final Rule excludes the transfer of funds resulting 
from that extension of credit, such as a consumer's payment to a 
merchant for goods and services from the funds provided by a credit 
card issuer. In light of the distinguishing characteristics of loan 
origination activities and the other reasons set forth above, the 
Bureau declines to include such loan origination activity in the market 
for which this Final Rule defines larger participants. As the Bureau 
has explained, this larger-participant rulemaking is only one in a 
series. Nothing in this Final Rule precludes the Bureau from 
considering in future larger-participant rulemakings other markets for 
consumer financial products or services that might include certain 
types of consumer credit origination activity.
---------------------------------------------------------------------------

    \234\ 88 FR 80197 at 80204.
    \235\ See also CFPB, Interpretive Rule, Truth in Lending 
(Regulation Z); Use of Digital User Accounts to Access Buy Now, Pay 
Later Loans, 89 FR 47068, 47071 (May 31, 2024) (BNPL Interpretive 
Rule) (discussing how BNPL providers facilitate extension of 
consumer credit marketed as BNPL loans). The CFPB also notes that 
the exclusion in paragraph (D) is not limited to extension of 
consumer credit by ``creditors'' as defined in TILA.
    \236\ See, e.g., CFPB section 1002(15)(A)(i) (describing 
activities associated with consumer credit origination ``including 
acquiring, purchasing, selling, brokering, or other extensions of 
credit[]''); CFPB Automobile Financing Larger Participant Rule, 12 
CFR 1090.108(a)(i)(4) (defining automobile financing 
``originations'' as including ``[p]urchases or acquisitions'' of 
automobile purchase loans, their refinancings, and leases).
---------------------------------------------------------------------------

    However, as revised, paragraph (D) does not exclude pass-through 
payment wallet functionalities that facilitate consumer payments from 
accounts issued by third-party financial institutions that the pass-
through payment wallet functionality provider did not originate by 
engaging in the activities described above (such as extending, 
brokering, acquiring, or purchasing the extension of credit). As a 
result, the definition of ``consumer payment transaction'' adopted in 
the Final Rule still captures the general activities of pass-through 
payment wallets, which often facilitate consumer payment transactions, 
whether through funds they hold, funds they receive, or debit cards or 
credit cards provided by third-party financial institutions.\237\
---------------------------------------------------------------------------

    \237\ This approach is consistent with other Federal consumer 
financial laws and their implementing regulations, which treat that 
activity as part of a consumer payments market. See e.g., Regulation 
Z, cmt. 13(a)(3)-2 (describing a ``third-party payment intermediary, 
such as a person-to-person internet payment service, funded through 
the use of a consumer's open-end credit plan[ ]''). In light of the 
examples discussed in this paragraph, the CFPB does not believe 
changes to paragraph (D) or specification of illustrative examples 
in that paragraph are needed. It also is not the purpose of this 
Final Rule to define who is extending credit, which will depend on 
facts and circumstances that are beyond the scope of this rulemaking 
or the comments received.
---------------------------------------------------------------------------

    The CFPB also seeks to provide clarification about the scope of

[[Page 99615]]

``consumer payment transactions'' in light of the consumer groups' 
comment noting that some providers of earned wage products do not treat 
their transactions as extensions of consumer credit, and seeking 
clarification of whether they qualify as ``consumer payment 
transactions'' included in the market. Specifically, the CFPB seeks to 
clarify how the proposed definition of ``consumer payment transaction'' 
applied to a payment by or on behalf of a consumer to another person. 
As explained above, ``consumer payment transaction'' for purposes of 
the proposed market definition did not include ``transfers between a 
consumer's own deposit accounts[ or] transfers between a consumer 
deposit account and the same consumer's stored value account held at 
another financial institution, such as loading or redemptions[.]'' 
\238\ Consistent with that approach, the CFPB also did not intend and 
does not believe that earned wage products generally would be included 
in the market because they transfer wages belonging to or advanced on 
behalf of a consumer to that same consumer.\239\ Similarly, for clarity 
and administrability, the CFPB does not interpret the market definition 
as including payments by or on behalf of a consumer to other accounts 
the consumer owns or controls in which another person, such as a spouse 
co-owner or minor child, also holds an interest.\240\
---------------------------------------------------------------------------

    \238\ 88 FR 80197 at 80203.
    \239\ See, e.g., CFPB, Data Spotlight: Developments in the 
Paycheck Advance Market (July 18, 2024) (``Earned wage products 
provide workers access, before their payday, to a portion of their 
earned but unpaid wages or to funds that purport to equal or 
approximate a portion of their unpaid wages.''), https://www.consumerfinance.gov/data-research/research-reports/data-spotlight-developments-in-the-paycheck-advance-market/ (last visited 
Nov. 7, 2024).
    \240\ For example, a payment functionality usable for an adult 
to transfer funds to K-12 school lunch accounts for the benefit of 
two or more minor children would not be included in the market 
because the adult transferor typically owns or controls the 
recipient account.
---------------------------------------------------------------------------

Final Rule
    For the reasons described above, the CFPB adopts the proposed 
definition of ``consumer payment transaction'' with four changes, as 
described below.
    First, for the reasons discussed above in the responses to 
comments, the Final Rule covers consumer payment transactions made by 
or on behalf of a consumer ``who resides in'' a State, rather than a 
consumer ``physically located'' in a State as stated in the Proposed 
Rule. As a result, when a nonbank provides a general-use digital 
consumer payment application to a person who does not reside in a 
State, the transactions it facilitates for that person would not be 
included in the market. The CFPB believes that this change will make 
the larger-participant test for this Final Rule more administrable 
because, unlike a consumer's physical location, a consumer's country of 
residence does not constantly change. Since the comments indicate that 
some companies may not currently collect data on consumer location at 
the time of making a payment, this change in the Final Rule also will 
avoid inadvertently creating a potential incentive for market 
participants to collect such data to determine larger participant 
status.
    Second, for reasons discussed above in the responses to comments, 
the Final Rule clarifies the exclusion in paragraph (C) for payment 
transactions conducted by certain merchants and marketplace operators. 
Specifically, the Final Rule does not adopt the proposed requirement 
that the marketplace be operated ``prominently in the name of'' the 
excluded person or its affiliated company. This change will make the 
larger-participant test more administrable by avoiding the need to 
evaluate the form or extent of name branding when evaluating which 
entities qualify for the exclusion, as discussed above.
    Third, the Final Rule modifies paragraph (C) to confirm that the 
Final Rule excludes a payment transaction conducted by a person for a 
donation to a fundraiser that a consumer selected from the person or 
its affiliated company's platform. In the Proposed Rule, the CFPB did 
not intend to include payment platforms provided solely to facilitate 
donations to fundraisers. Such donation platforms would not have had 
``general use'' under the proposal and therefore transactions would not 
have been within the scope of the proposed market. Because the Final 
Rule revises the definition of ``general use'' as described below to 
generally apply to payment functionalities that are usable to 
facilitate consumer payment transactions to more than one unaffiliated 
person, a platform that facilitates donations to multiple unaffiliated 
persons could be part of the market in some circumstances in the 
absence of another exclusion. Thus, consistent with the scope of the 
Proposed Rule, the Final Rule modifies the definition of ``consumer 
payment transaction'' to clarify that those transactions would not be 
in the market.
    Fourth, for the reasons discussed above in responses to comments, 
the Final Rule clarifies paragraph (D) to exclude extensions of 
consumer credit initiated through a digital application that is 
provided by a person who is extending, brokering, acquiring, or 
purchasing the credit or that person's affiliated company. As explained 
above, by referring to digital application-based initiations of 
consumer credit transactions by persons engaged in these additional 
activities of brokering, acquiring, or purchasing the extension of 
credit, the exclusion in paragraph (D) better defines a payments market 
in this Rule by excluding activities that are distinguishable as being 
part of a market for consumer credit originations.
Covered Payment Functionality
Proposed Rule
    The proposed market definition would have applied to providing 
covered payment functionalities through a digital application for a 
consumer's general use in making payment transactions. Proposed Sec.  
1090.109(a)(2) would have defined two types of payment functionalities 
as covered payment functionalities: a funds transfer functionality and 
a wallet functionality. Proposed Sec.  1090.109(a)(2) would have 
defined each of those two functionalities as described below. The CFPB 
requested common on each proposed definition, and whether it should be 
modified, and if so, how and why.
    A nonbank covered person would have been participating in the 
proposed market if its market activity includes only one of the two 
functionalities, or both functionalities. Similarly, a particular 
digital application may provide one or both functionalities. A 
nonbank's level of participation in the proposed market would not have 
been based on which functionality is involved; rather, it would have 
been based on the annual covered payment transaction volume as defined 
in proposed Sec.  1090.109(b).
    The CFPB proposed to treat these two covered payment 
functionalities as part of a single market for general-use digital 
consumer payment applications. As the Proposed Rule noted, the 
technological and commercial processes these two payment 
functionalities use to facilitate consumer payments may differ in some 
ways. However, consumers can use both types of covered payment 
functionalities for the same common purposes, such as to make payments 
for retail spending and sending money to friends and family. For 
example, a funds transfer functionality may transfer a consumer's funds 
in a linked stored value account to a merchant to pay for goods or 
services, or to friends or

[[Page 99616]]

family. Similarly, a wallet functionality may transmit a stored payment 
credential to facilitate a consumer's payment to a merchant or to 
friends and family. Indeed, the same nonbank covered person may provide 
a digital application that encompasses both functionalities depending 
on the payment method a consumer chooses. For example, a nonbank 
covered person's digital application may allow the consumer to access a 
wallet functionality to make a payment using a credit card for which a 
third party extends credit, or a funds transfer functionality to make a 
payment from a stored value account the nonbank provides. The role 
these two functionalities play in a single market therefore was driven 
by their common uses, not their specific technological and commercial 
processes.
(A) Funds Transfer Functionality
    The first payment functionality included in the definition in 
covered payment functionality in proposed Sec.  1090.109(a)(2) was a 
funds transfer functionality. Paragraph (A) would have defined the term 
``funds transfer functionality'' for the purpose of this rule to mean, 
in connection with a consumer payment transaction: (1) receiving funds 
for the purpose of transmitting them; or (2) accepting and transmitting 
payment instructions.\241\ These two types of funds transfer 
functionalities generally described how nonbanks help to transfer a 
consumer's funds to other persons, sometimes referred to as P2P 
transfers. The nonbank either already holds or receives the consumer's 
funds for the purpose of transferring them, or it transmits the 
consumers payment instructions to another person who does so. Paragraph 
(1), for example, would have applied to a nonbank transferring funds it 
holds for the consumer, such as in a stored value account, to another 
person for personal, family, or household purposes. Even if the nonbank 
providing the funds transfer functionality does not hold or receive the 
funds to be transferred, it generally would have qualified under 
paragraph (2) by transmitting the consumer's payment instructions to 
the person that does hold or receive the funds for transfer. Paragraph 
(2), for example, would have applied to a nonbank that accepts a 
consumer's instruction to send money from the consumer's banking 
deposit account to another person for personal, family, or household 
purposes, and then transmits that instruction to other persons to 
accomplish the fund transfer. As the Proposed Rule noted, a common way 
a nonbank may engage in such activities is by acting as a third-party 
intermediary to initiate an electronic fund transfer through the 
automated clearinghouse (ACH) network. Another common way to do so 
noted in the Proposed Rule is to transmit the payment instructions to a 
partner depository institution. However, in some circumstances, a 
nonbank may be able to execute a consumer's payment instructions on its 
own, such as by debiting the consumer's account and crediting the 
account of the friend or family member, without transmitting the 
payment instructions to another person. In those circumstances, the 
nonbank generally would have been covered by paragraph (1) because, to 
conduct the transaction in this manner, the nonbank typically would be 
holding or receiving the funds being transferred.
---------------------------------------------------------------------------

    \241\ As stated in the Proposed Rule, 88 FR 80197 at 80205 n.64, 
such funds transfer services are consumer financial products or 
services under the CFPA. See 12 U.S.C. 5481(5)(A) (defining 
``consumer financial product or service'' to mean a financial 
product or service ``offered or provided for use by consumers 
primarily for personal, family, or household purposes[ ]''). The 
CFPA defines a ``financial product or service'' to include 
``engaging in deposit-taking activities, transmitting or exchanging 
funds, or otherwise acting as a custodian of funds or any financial 
instrument for use by or on behalf of a consumer[.]'' 12 U.S.C. 
5481(15)(A)(iv); see also 12 U.S.C. 5481(29) (defining 
``transmitting or exchanging funds''). The CFPA also defines a 
``financial product or service'' to include generally ``providing 
payments or other financial data processing products or services to 
a consumer by any technological means, including processing or 
storing financial or banking data for any payment instrument,'' 
subject to certain exceptions. 12 U.S.C. 5481(15)(A)(vii).
---------------------------------------------------------------------------

(B) Wallet Functionality
    The other payment functionality included in the definition in 
covered payment functionality in proposed Sec.  1090.109(a)(1) was a 
wallet functionality. Paragraph (B) would have defined the term wallet 
functionality as a product or service that: (1) stores account or 
payment credentials, including in encrypted or tokenized form; and (2) 
transmits, routes, or otherwise processes such stored account or 
payment credentials to facilitate a consumer payment transaction.\242\ 
Through this proposed definition, the proposed market would have 
included payment functionalities that work together first to store 
account or payment credentials and second, to process such data to 
facilitate a consumer payment transaction.
---------------------------------------------------------------------------

    \242\ As stated in the Proposed Rule, 88 FR 80197 at 80205 n.65, 
the wallet functionality as described above is a consumer financial 
product or service under the CFPA. See 12 U.S.C. 5481(15)(A)(vii) 
(defining ``financial product or service'' to include ``providing 
payments or other financial data processing products or services to 
a consumer by any technological means, including processing or 
storing financial or banking data for any payment instrument, or 
through any payments systems or network used for processing payments 
data, including payments made through an online banking system or 
mobile telecommunications network,'' subject to certain exceptions); 
see also 12 U.S.C. 5481(5)(A) (defining ``consumer financial product 
or service'' to mean a financial product or service ``offered or 
provided for use by consumers primarily for personal, family, or 
household purposes'').
---------------------------------------------------------------------------

    As indicated above, paragraph (B)(1) of the proposed definition of 
``wallet functionality'' would have clarified that ``account or payment 
credentials'' can take the form of encrypted or tokenized data. Storage 
of account or payment credentials in these forms would have satisfied 
the first prong of the ``wallet functionality'' definition. For 
example, the first prong would have been satisfied by storing an 
encrypted version of a payment account number or a token \243\ that is 
specifically derived from or otherwise associated with a consumer's 
payment account number.
---------------------------------------------------------------------------

    \243\ As the Proposed Rule noted, tokens now are often used for 
wallets to store a variety of payment credentials including network-
branded payment cards. See, e.g., Manya Saini, Visa tokens overtake 
payments giant's physical cards in circulation, Reuters.com (Aug. 
24, 2022) (describing how VISA's token service ``replaces 16-digital 
Visa account numbers with a token that only Visa can unlock, 
protecting the underlying account information.''), https://www.reuters.com/business/finance/visa-tokens-overtake-payments-giants-physical-cards-circulation-2022-08-24/ (last visited Oct. 23, 
2023); In re Mastercard Inc., FTC Docket No. C-4795 (Complaint dated 
May 13, 2023) ]] 24-32 (describing how payment cards are 
``tokenized'' for use digital wallets by ``replacing the 
cardholder's primary account number (`PAN') [ ] with a different 
number to protect the PAN during certain stages of the [ ] 
transaction.''), https://www.ftc.gov/system/files/ftc_gov/pdf/2010011C4795MastercardDurbinComplaint.pdf (last visited Oct. 23, 
2023); American Express, American Express Tokenization Service, 
https://network.americanexpress.com/globalnetwork/products-and-services/security/tokenization-service/ (last visited Oct. 23, 
2023); Discover Digital Exchange, Powering digital payment 
experiences, https://www.discoverglobalnetwork.com/solutions/technology-payment-platforms/discover-digital-exchange-ddx/ (last 
visited Oct. 23, 2023).
---------------------------------------------------------------------------

    Paragraph (B)(2) of the proposed definition of ``wallet 
functionality'' described the types of processing of stored account or 
payment credentials that would have fallen within this definition. For 
example, consumers commonly use wallet functionalities provided through 
digital applications to pay for purchases of goods or services on 
merchant websites. To facilitate such a consumer payment transaction, a 
consumer financial product or service may transmit a stored payment 
credential to a merchant, its payment processor, or its website 
designed to accept payment credentials provided by the wallet 
functionality. This type of product or service would have been covered 
by paragraph (B)(2).

[[Page 99617]]

Comments Received
    Some commenters supported the inclusion of the range of payment 
functionalities described in the proposed definition of ``covered 
payment functionality.'' For example, one nonprofit stated that its 
members surveyed generally supported the proposed definitions of 
``funds transfer functionality'' and ``wallet functionality'' and that 
the latter adequately described digital wallets in use today. A 
merchant trade association stated that the market should include 
digital wallet offerings from nonbanks, including when offered by 
nonbanks through joint ventures or partnerships with banks or payment 
networks. In their view, if a nonbank develops and determines how the 
service operates, then regardless of the involvement by a bank or 
payment network, the CFPB should supervise the nonbank to ensure fair 
competition. In addition, as described at the outset of the section-by-
section analysis above, other commenters including consumer groups and 
banking industry associations generally supported the Proposed Rule 
without raising concerns regarding the proposed definition of ``covered 
payment functionality.''
    On the other hand, as discussed in the section-by-section analysis 
of general comments on the proposed market definition in Sec.  
1090.109(a)(1) above, several industry and nonprofit commenters stated 
that the Proposed Rule inappropriately grouped what they described as 
different markets, including funds transfer functionalities and wallet 
functionalities, as well as a number of subtypes of each, into a single 
market. The Final Rule responds to those comments above. In addition, 
as described below, some commenters stated that the rule should exclude 
certain activities from the proposed definition of ``covered payment 
functionality.'' These comments either sought to remove entire 
components of the proposed definition of ``covered payment 
functionality,'' to limit the scope of the term in the context of 
nonbank/bank partnerships, or to clarify that the term did not include 
what they described as business-to-business services.
    Some comments stated that the market definition should not include 
what they called payment-method or pass-through wallets captured by the 
proposed definition of ``wallet functionality.'' For consistency, the 
Final Rule refers to these products and services as pass-through 
payment wallets. A nonbank firm stated that the rule should exclude 
from the definition of ``wallet functionality'' the storage and 
transmission of payment credentials for accounts held at or issued by 
third-party financial institutions (which it called a ``payment method 
wallet''). In its view, payment method wallets do not provide consumers 
access to their funds because they do not store the funds.\244\ It 
stated that supervising the nonbank provider of the payment method 
wallet would provide no benefit beyond existing supervision by CFPB and 
other Federal agencies of these third-party financial institutions, 
which includes supervision for compliance with protections under 
Regulation Z against billing errors in credit card transactions and 
Regulation E in debit card transactions. In support of that conclusion, 
it outlined its position that payment method wallets are not subject to 
EFTA or Regulation E because they do not issue an asset account used to 
make the payment and they do not provide an ``access device'' for an 
asset account because any stored debit card is the access device for 
purposes of Regulation E.\245\ Some industry association commenters 
also stated that some market participants were not financial 
institutions under either Regulation E or under Regulation P 
implementing the GLBA, and that the Proposed Rule therefore did not 
articulate why CFPB supervision of those firms would be beneficial or 
overstated its benefits.\246\
---------------------------------------------------------------------------

    \244\ In its view, they also do not receive funds for purpose of 
transmitting them on behalf of the consumer because they generally 
agree to accept payments as an agent of the merchant.
    \245\ Another industry association suggested that the Final Rule 
clarify whether the CFPB considers a mobile phone to be an access 
device for purposes of Regulation E. The commenter also stated that 
entities may face competing obligations or burdens under this larger 
participant rule and a personal financial data rights rule the CFPB 
may adopt. It stated that both rules would apply to ``digital 
wallets'' but, in its view, define them differently. It called for 
the CFPB to establish a regulatory safe harbor under which 
compliance with a personal financial data rights rule does not 
determine application of the larger participant rule, and vice-
versa.
    \246\ The nonbank firm mentioned above generally stated that 
payment method wallets generally posed low if any risk to consumers 
and stated that the Proposed Rule did not establish that payment 
method wallets pose any special or heightened risk to consumers' 
data related to GLBA/Regulation P compliance compared with other 
products and services not included within the market definition. In 
response to general comments further above, the Final Rule responds 
to comments about the consideration of risk in larger participant 
rules.
---------------------------------------------------------------------------

    A law firm commenter also stated that the term ``wallet 
functionality'' should be removed from the market definition. It stated 
that, because the proposal defined ``consumer payment transaction'' as 
involving a transfer of funds, all such transactions will involve a 
``funds transfer functionality'' that will always be subject to 
supervision. It also viewed providers of a ``wallet functionality'' 
that does not hold and move funds as excluded from the scope of EFTA 
and Regulation E. As a result, in its view, supervision of persons 
providing a ``wallet functionality'' would be unnecessary, duplicative, 
and not responsive to the same level of risk to consumers.\247\ 
Alternatively, this commenter and another industry trade association 
stated that the rule should address uncertainty over potential coverage 
of internet browsers; the Final Rule describes and responds to those 
comments in more detail in the section-by-section analysis of ``digital 
application'' further below.
---------------------------------------------------------------------------

    \247\ Again, as noted above, the Final Rule summarizes and 
responds to comments regarding the consideration of risk to 
consumers at the outset of the section-by-section analysis above.
---------------------------------------------------------------------------

    An industry association stated that the rule should narrow the 
proposed definition of ``wallet functionality'' by dropping the 
reference to storage and transmission of payment credentials that are 
in ``tokenized form.'' It noted that consumers' personal identification 
information, such as a driver's license, can be tokenized to create 
digital ``identity credentials'' that consumers can use for what it 
described as non-financial purposes such as identity verification and 
``commerce purposes.'' It stated that if the rule does not remove the 
reference to ``tokenized form'' form, then it should clarify that term 
only applies to tokenization of what it called ``existing'' payment 
credentials. It stated that the clarification was necessary to ensure 
that the market definition does not cover non-financial applications of 
tokenization that the CFPB lacks the authority to regulate.
    Finally, two industry associations stated that the proposed term 
``wallet functionality'' includes ``pass-through digital wallets'' that 
cannot legally be included in the market definition because they 
qualify as ``electronic conduit services'' defined in CFPA section 
1002(15). They described pass-through payment wallets as holding and 
passing on payment information, such as card numbers, and as 
maintaining a record of such information. They stated that ``pass-
through digital wallets'' are electronic conduit services because only 
data, not funds, flow through the wallet.\248\
---------------------------------------------------------------------------

    \248\ One of these commenters noted that certain pass-through 
payment wallets may participate in the flow of funds when they act 
as a third-party payment processor, but even in those circumstances, 
pass-through payment wallets should not be covered either because 
they, in the commenter's view, pose low risk as evidenced by their 
being excluded from money transmitter laws.

---------------------------------------------------------------------------

[[Page 99618]]

    Other industry comments called for removing part of the definition 
of ``funds transfer functionality.'' A few industry trade associations 
stated that the rule should remove accepting and transmitting payment 
instructions from the definition of ``funds transfer functionality.'' 
They stated that many firms transmit payment instructions, and State 
money transmitter laws generally exclude this type of payment 
processing because, in their view, that is a lower-risk activity due 
the payment processor not holding or receiving funds, which instead are 
held at Federally-regulated financial institutions.
    Other industry comments called for excluding activities that do not 
involve the holding or receipt of funds in certain circumstances, which 
they generally described as posing lower risk than other market 
participants. An industry association and a nonbank firm stated that 
the rule should exclude nonbanks providing payment services in 
partnership with or as service providers to depository institutions. 
According to their description, these nonbanks typically develop, 
market, and provide a digital application to consumers on behalf of as 
and a service provider to a bank or credit union. They described the 
nonbank as serving solely as a service provider, regardless of whether 
the digital application is branded in the name of the nonbank. They 
stated that the nonbank provides these services solely to establish the 
consumer as a customer of the bank or credit union and to facilitate 
consumer payment transactions from accounts held by the bank or credit 
union either in the name of or ``for benefit of'' the consumer. They 
stated that the bank or credit union processes the consumer payment 
transactions. For example, the nonbank may receive and transmit the 
consumer's payment instructions to the partner bank to transmit funds. 
The nonbank commenter acknowledged that covering nonbank activities 
that facilitate payments from accounts held by nonbanks would help 
align supervision of nonbanks and banks. However, in the view of these 
commenters, facilitating payments of funds held in accounts at partner 
banks or credit unions is a different activity that should not be 
included in the market. For example, compared to what they described as 
``stand-alone'' nonbank payment applications, they stated the digital 
applications that nonbanks provide as partners with banks and credit 
unions pose lower risk to consumers due to existing Federal prudential 
regulators' oversight of the banks and credit unions and their third-
party relationships.\249\ These commenters also stated that, in their 
view, excluding this type of activity from the market definition (or 
otherwise from the larger-participant test) would prevent duplicative 
Federal supervision between the CFPB and prudential banking regulators. 
One of these commenters also stated the exclusion would be consistent 
with the rule's goal of defining the market to exclude taking of 
deposits.\250\ For example, this commenter stated that this type of 
activity is subject not only to the prohibition against unfair, 
deceptive, and abusive practices, but also to consumer protections 
governing deposit accounts. They also stated that, to meet the 
expectations of Federal prudential banking regulators, banks have 
extensive mechanisms for overseeing the third-party nonbanks that 
provide the consumer-facing or ``front end'' digital application, and 
that these mechanisms further reduce risks posed by these activities. 
Another industry association called for CFPB to make unspecified 
clarifications to the scope and requirements of the Proposed Rule to 
ensure close coordination between the CFPB and other regulators to 
prevent duplicative or diverging regulatory requirements of nonbanks 
that partner with depository institutions and credit unions.
---------------------------------------------------------------------------

    \249\ These commenters also asserted that existing oversight of 
the depository institutions provides sufficient oversight of this 
type of activity; the Final Rule addresses comments regarding 
existing oversight above. One commenter also suggested that 
establishing oversight in this rulemaking would violate a memorandum 
of understanding between the CFPB and prudential regulators that 
called for the CFPB to prevent unnecessary duplication of effort. 
However, the comment misconstrued that memorandum of understanding. 
As explained further above in the discussion of comments on existing 
oversight, that memorandum of understanding does not seek to prevent 
overlapping authority; instead, where overlapping authority exists, 
it provides mechanisms for coordinating across agencies to minimize 
the types of duplication these commenters mentioned.
    \250\ The nonbank firm also suggested that the Proposed Rule 
appeared to purport to establish supervisory authority over a 
nonbank that acts as a service provider to a bank with assets of $10 
billion or less and not to a substantial number of such banks. In 
its view, such a service provider is subject to the exclusive 
supervision of a Federal banking agency, and assertion of CFPB 
supervisory authority over the service provider would conflict with 
CFPA section 1026(e), which only establishes authority over service 
providers to a substantial number of such banks. It stated that the 
CFPB may not take supervisory or enforcement action directly against 
such a service provider, and instead may only take certain actions 
specified in the CFPA related to the service provider, such as 
accessing the Federal prudential regulators' reports of examination 
of the service provider under CFPA section 1022(c)(6)(B).
---------------------------------------------------------------------------

    In addition, a few industry associations requested that the rule 
clarify that the market definition does not include activities that 
they described in four different ways as business-to-business services 
that nonbanks provide in connection with consumer payment transactions 
for the purchase of goods and services. First, both commenters stated 
that the market definition should exclude any portions of the process 
or lifecycle associated with a consumer payment transaction that 
involve exclusively business-to-business transactions and do not 
directly involve the consumer. Second, both commenters stated that 
companies that provide merchant payment processing would fall within 
the market definition (and, as noted above, disagreed with that 
result). However, one of the commenters pointed to what it viewed as 
significant uncertainty over whether the market definition included 
what it described as traditional third-party payment processing by 
entities that enable merchants to accept payments. Third, both 
commenters also referred to what they called covered payment 
functionalities provided by a nonbank that its merchant customer offers 
to consumers, who use the end product. Although the consumer is an end 
user, they described such nonbank activities as facilitating 
application functionalities between businesses that should be excluded 
from the market definition.\251\ Fourth, one of these commenters stated 
that, to avoid what it described as an unintended expansion of the 
scope of the proposal, the CFPB should clarify that the rule does not 
include what it described as ``back-office service providers or other 
vendors.''
---------------------------------------------------------------------------

    \251\ This commenter suggested this exclusion appear in the 
definition of ``digital application.'' However, the Final Rule 
considers the comment more broadly in relation to other comments 
seeking exclusion of what they described as business-to-business 
offerings.
---------------------------------------------------------------------------

Response to Comments Received
    As discussed above in the Final Rule's response to comments on the 
market definition in proposed Sec.  1090.109(a)(1), the CFPB disagrees 
with comments suggesting that the market should be confined to entities 
that receive or hold the funds being transferred in consumer payment 
transactions, or that the market should cover consumer payment 
transactions that transfer funds from nonbank accounts but not from 
accounts provided by banks or credit unions. As the Proposed Rule 
explained, the CFPB is seeking to define a market for general-use 
digital consumer payment applications that facilitate consumer payment 
transactions that transfer funds by or on behalf of the consumer,

[[Page 99619]]

regardless of where those funds may be held. As some industry 
association comments regarding bank/fintech partnerships acknowledged, 
the CPFB is not seeking to define a market for taking deposits in this 
rule. Consistent with that purpose, nothing in the proposed definition 
of ``covered payment functionality'' referred to engaging in the 
``taking of deposits.'' Relatedly, holding or receiving funds is not a 
requirement for facilitating consumer payment transactions and 
participating in the market. Specifically, neither the form of ``funds 
transfer functionality'' described in paragraph (2) of the definition 
of that term nor the proposed ``wallet functionality'' definition were 
based on receiving or holding funds.\252\ Excluding nonbanks that do 
not hold or receive funds (or that only facilitate payment of funds 
held at partner depository institutions) would result in an unduly 
narrow market definition that essentially is limited to money 
transmission, ignoring the role that other nonbank activities play in 
initiating other very common consumer payment transactions through 
general-use digital consumer payment applications. For example, 
consumers have significantly increased their use of digital wallets to 
make payments using network-branded payment cards issued by third-party 
financial institutions.\253\ These include consumer credit card 
transactions in which the lender transfers funds on behalf of the 
consumer as part of an extension of credit. In these transactions and 
in debit card transactions, the nonbank may not hold or receive funds 
but it does initiate the consumer payment transaction at the consumer's 
request by receiving and transmitting payment instructions or storing 
and transmitting payment credentials.\254\ And in this way, it also 
facilitates consumers' access to their funds, contrary to the 
suggestion by an industry commenter.
---------------------------------------------------------------------------

    \252\ In addition, while the first prong of ``funds transfer 
functionality'' refers to receiving funds, that prong requires that 
the funds be received for the purpose of transmitting them.
    \253\ See, e.g., Worldpay, 2024 Global Payments Report, at 6 
(describing ``key insight[ ]'' that ``[c]onsumer attraction to 
digital wallets isn't a turn away from cards. In card-dominated 
markets, card spend is simply shifting to digital wallets like Apple 
Pay, Google Pay and PayPal. Viewed in total, card transaction values 
are at an all-time high and continue to rise.''), at 148 (reporting 
use of payment cards through digital wallets under the heading 
``digital wallets'' and separately reporting ``direct card use'' for 
debit cards and credit cards), https://worldpay.globalpaymentsreport.com/ (last downloaded Aug. 22, 2024); 
Worldpay, Press Release, Worldpay Global Payments Report 2024: 
Digital Wallet Maturity Ushers in a Golden Age of Payments (Mar. 21, 
2024) (finding that ``in the U.S., credit and debit cards fund 65 
percent of digital wallets in the market.''), https://www.businesswire.com/news/home/20240321666428/en/Worldpay-Global-Payments-Report-2024-Digital-Wallet-Maturity-Ushers-in-a-Golden-Age-of-Payments (last visited Nov. 7, 2024); How Are Consumers Funding 
Mobile Wallets? PaymentsJournal (Apr. 1, 2024) (reporting that most 
consumers use a debit card or credit card to fund a mobile wallet, 
versus 36 percent who use the balance within the app, based on 
Christopher Miller, 2023 North American PaymentInsights: U.S.: 
Financial Services and Emerging Technologies Exhibit, Javelin 
Research (July 21, 2023)), https://javelinstrategy.com/research/2023-north-american-paymentinsights-us-financial-services-and-emerging-technologies (last visited Nov. 7, 2024)), https://www.paymentsjournal.com/how-are-consumers-funding-mobile-wallets/ 
(last visited Nov. 7, 2024); Steve Cocheo, Consumers Have Embraced 
Digital Wallets. But They Also Want Them to Be Better, The Financial 
Brand (Mar. 28, 2024) (discussing the ``overlap between digital 
wallets and cards.''), https://thefinancialbrand.com/news/payments-trends/digital-wallets-absorb-credit-cards-as-they-boom-worldwide-176418/ (last visited Oct. 24, 2024); J.D. Power, Debit Cards Still 
Lead in Customer Satisfaction and Utilization, Even as Use of 
Digital Wallets Grows (May 23, 2024) (survey projecting ``slow 
deterioration'' in share of customers using physical version of 
debit cards as they opt instead to use the debit cards as a payment 
method stored in digital wallets), https://www.jdpower.com/business/resources/debit-cards-still-lead-customer-satisfaction-and-utilization-even-use-digital (last visited Nov. 7, 2024): Nicole 
Murgia & Lily Varon, Digital Payments Have Surpassed Traditional 
Payments In The US, Forrester Research (Feb. 29, 2024) (reporting 
survey data finding that ``69% of U[.]S[.] online adults said that 
they had used a digital payment method over the past three months to 
make a purchase. That's well ahead of the just over half of online 
adults who used a credit card or who used cash. That said, it's 
important to remember that cards often are the underlying payment 
instrument in growing digital payment scenarios.''), https://www.forrester.com/blogs/digital-payments-have-surpassed-traditional-payments-in-the-us/ (last visited Nov. 7, 2024); Mastercard, 
Mastercard reimagines online checkout; commits to reaching 100% e-
commerce tokenization by 2030 in Europe (June 11, 2024), https://www.mastercard.com/news/press/2024/june/mastercard-reimagines-online-checkout-commits-to-reaching-100-e-commerce-tokenization-by-2030-in-europe/ (last visited Nov. 7, 2024).
    \254\ The Final Rule responds to general comments about the 
applicability of Regulation E and Regulation P in the section-by-
section analysis of the market definition further above.
---------------------------------------------------------------------------

    Excluding these activities from the market would result in a gap in 
the CFPB's supervisory oversight at the very start of the chain of 
activities that lead a consumer payment transaction to occur. Yet 
consumers naturally may look to the provider of that consumer financial 
product or service for help resolving problems. And a credit union 
trade association commenter stated that credit union customers can find 
it difficult to obtain prompt resolution of errors that involve a 
nonbank platform. A group of State attorneys general also cited a 
survey indicating that more 77 percent of consumers encountered 
difficulty obtaining resolution from the nonbank's customer 
service.\255\
---------------------------------------------------------------------------

    \255\ Consumer Reports P2P Survey at 9 (reporting results of 
questions about services provided by payment apps such as PayPal, 
Venmo, Apple Pay, Google Pay, or Zelle). The Proposed Rule, 88 FR 
80197 at 80200 n.25, also identified this survey.
---------------------------------------------------------------------------

    As to industry commenter claims that nonbank market participants 
pose lower risk because the funds consumers use to make payments are 
held by other regulated and supervised financial institutions such as 
banks, credit unions, or money transmitters, this rulemaking does not 
define who is included or excluded in the market based on findings of 
relative risk. More specifically, the CFPB does not assess in this 
rulemaking the relative risk of activities to initiate payments from 
funds held or received by others; rather, as explained further above, 
the CFPB considers the risks that a market and its larger participants 
pose to consumers when determining how to exercise its authority to 
conduct examinations of such persons.
    The CFPB also disagrees that the market should exclude nonbanks 
with a service-providing or partnership relationship with the 
depository institution that holds the funds used to make the payment. 
As discussed in the response to general comments above, covering these 
activities furthers the CFPB's statutory objective of ensuring 
consistent compliance with Federal consumer financial law without 
regard to the status of a person as a depository institution to promote 
fair competition. The CFPB similarly disagrees with the law firm 
commenter's claim that, when a consumer initiates a consumer payment 
transaction in reliance on a general-use wallet functionality a nonbank 
provides through a digital application, there is no need to include 
that activity in the market because another supervised institution, 
such as a depository institution, may be providing a funds transfer 
functionality. Two institutions, including a depository institution and 
a nonbank, may work together to provide a covered payment 
functionality. For example, a depository institution may accept payment 
instructions from a nonbank general-use digital consumer payment 
application provider. A supervisory review that only considers how the 
depository institution processes those instructions would presume that 
there is no significance to the role of the nonbank in relaying those 
instructions to the depository institution. Yet by design, the conduct 
of both institutions can affect the degree to which consumers' payments 
data is protected, legitimate transactions proceed without error or 
delay, and unauthorized transactions do not occur. The nonbank may even 
assume primary responsibility for providing the consumer interface, 
such

[[Page 99620]]

as a digital application, and making representation to consumers about 
the speed, cost, and other aspects of payments it facilitates. As 
noted, it is not the purpose of this rule to enumerate, quantify, and 
weigh such risks because the rule does not seek to define a market that 
includes only high-risk activity. Rather, the purpose of this rule is 
to establish authority to examine larger participants in this market. 
Through operation of that program the CFPB can detect, assess, and as 
needed, address risks to consumers and markets, and otherwise conduct 
its risk-based supervision program for the purposes established in CFPA 
section 1024(b)(1).
    In addition, for the reasons explained above in response to general 
comments about existing Federal and State oversight of some aspects of 
market activity, the CFPB does not define the market based on the 
degree to which another regulator oversees certain persons, such as a 
partner bank, its nonbank partner, or any other nonbank that 
facilitates a given consumer payment transaction. The CFPB also does 
not define the market based on whether market participants also may act 
as a service provider to another financial institution.\256\
---------------------------------------------------------------------------

    \256\ The CFPB disagrees with the nonbank firm's comment to the 
extent it was suggesting that in general a service provider to 
financial institutions cannot also be a nonbank covered person, or, 
more specifically that provisions in CFPA sections 1025(d) or 
1026(e) describing the CFPB's supervisory authority over service 
providers to banks and credit unions displace the CFPB's authority 
under section 1024(a) over nonbank covered persons. Under the CFPA, 
a firm can act both as a service provider and as a provider of a 
consumer financial product or service. See 12 U.S.C. 5481(26)(C) 
(``A person that is a service provider shall be deemed to be a 
covered person to the extent that such person engages in the 
offering or provision of its own consumer financial product or 
service.''). And with respect to the CFPB's supervisory authority, 
no provision in CFPA sections 1024, 1025(d), or 1026(e) states that 
1024(a) is displaced by 1025(d) or 1026(e). By contrast, CFPA 
section 1024(a)(3)(A) expressly provides that CFPA section 1024, 
which includes the larger participant rulemaking authority in CFPA 
section 1024(a)(1)(B), shall not apply to persons described in 
section 1025(a) and 1026(a), which refer to insured depository 
institutions, insured credit unions, and certain of their 
affiliates. It does not refer to 1025(d) or 1026(e). Accordingly, if 
a nonbank is a covered person because it provides a consumer 
financial product or service, then the CFPB may establish 
supervisory authority over the nonbank covered person via a larger 
participant rulemaking under section 1024(a)(1)(B) even if in the 
course of its activity the nonbank also acts as a service provider 
to a bank or credit union.
---------------------------------------------------------------------------

    The CFPB also disagrees with the two industry associations that 
argued that certain pass-through digital wallets are subject to the 
CFPA's exclusion for ``electronic conduit services'' because they only 
store and transmit card information, and not funds.\257\ The commenters 
did not meaningfully analyze the language of the CFPA's definition of 
``electronic conduit services,'' which undermines their argument in at 
least two ways.\258\ First, the definition applies to the 
``intermediate or transient storage'' of electronic data--i.e., to data 
storage for a limited time.\259\ However, as the commenters appear to 
acknowledge, pass-through digital wallets generally store payment 
credential or account information on a persistent or indefinite basis 
(so that it can be used to make payments as needed). Because they do 
so, pass-through digital wallets do not qualify for the exclusion for 
electronic conduit services. Second, the commenters incorrectly 
conclude that the electronic conduit service exclusion necessarily 
applies where a provider only handles data (and not funds). For 
example, by its terms, that exclusion does not apply to a provider who 
``selects . . . the content of the electronic data'' being stored or 
transmitted.\260\ Pass-through digital wallets generally are designed 
to store and transmit specific data regarding a payment card (the card 
number, expiration date, and CVV) provided by the consumer. Providers 
of such wallets thus ``select[ ] . . . the content of the electronic 
data'' that the wallets store and transmit, and therefore do not 
qualify for the electronic conduit services exclusion.\261\
---------------------------------------------------------------------------

    \257\ The CFPA excludes ``electronic conduit services'' from the 
definition of ``financial product or service.'' 12 U.S.C. 
5481(15)(C)(ii). The term ``electronic conduit services'' ``(A) 
means the provision, by a person, of electronic data transmission, 
routing, intermediate or transient storage, or connections to a 
telecommunications system or network; and (B) does not include a 
person that provides electronic conduit services if, when providing 
such services, the person--(i) selects or modifies the content of 
the electronic data; (ii) transmits, routes, stores, or provides 
connections for electronic data, including financial data, in a 
manner that such financial data is differentiated from other types 
of data of the same form that such person transmits, routes, or 
stores, or with respect to which, provides connections; or (iii) is 
a payee, payor, correspondent, or similar party to a payment 
transaction with a consumer.'' 12 U.S.C. 5481(11).
    \258\ Because the commenters do not provide any information 
regarding how the pass-through digital wallets they describe operate 
on a technological level, there may be additional reasons, beyond 
those discussed in this Final Rule, why such wallets do not qualify 
as electronic conduit services. For example, providers of such 
wallets may transmit financial data ``in a manner that such 
financial data is differentiated from other types of data of the 
same form'' that the providers transmit. 12 U.S.C. 5481(11)(B)(ii).
    \259\ 12 U.S.C. 5481(11)(A); cf. Hately v. Watts, 917 F.3d 770, 
785 (4th Cir. 2019) (construing similar phrase ``temporary, 
intermediate storage'' in Stored Communications Act to refer to 
electronic communications ``while they are stored `for a limited 
time' `in the middle' of transmission'' (quoting In re DoubleClick 
Inc. Privacy Litig., 154 F. Supp. 2d 497, 512 (S.D.N.Y. 2001)).
    \260\ See id. 5481(11)(B)(i). Similarly, the exception for 
differentiated electronic data in subsection 1002(11)(B)(ii) could 
apply where a provider only handles data, and not funds. See id. 
5481(11)(B)(ii).
    \261\ In addition, as discussed above, some digital wallets 
``tokenize'' payment information, which involves replacing the 
cardholder's account number with a different number at certain 
stages of the transaction, in order to protect the account number. 
That activity of creating new payment information to facilitate a 
payment goes beyond the role of a mere conduit, which is limited to 
providing ``electronic data transmission, routing, intermediate or 
transient storage, or connections to a telecommunications system or 
network[.]'' 12 U.S.C. 5481(11)(A).
---------------------------------------------------------------------------

    With regard to the industry association commenters that sought 
exclusion of business-to-business services that nonbanks provide in 
connection with consumer payment transactions for the purchase of goods 
and services, the CFPB disagrees that a new exclusion is needed. With 
regard to ecommerce websites where the consumer can use a payment 
button, as explained above in the discussion of comments on the 
definition of ``consumer payment transaction,'' the market does not 
include a merchant on the basis of it placing a payment button on its 
website that launches a general-use digital consumer payment 
application provided by an unaffiliated third party (rather, the market 
simply includes the third-party app that the payment button launches). 
With regard to other examples that the industry association commenter 
cited--service providers or other vendors, including those that may act 
as traditional payment processors and participate in facilitating 
business-to-business transactions during the lifecycle of a consumer 
payment transaction--the Final Rule clarifies that the market generally 
does not cover that activity. For purposes of this Final Rule, the term 
``covered payment functionality'' would not cover a nonbank that 
operates in a consumer payment transaction process solely as an 
intermediary between two businesses, such as where the consumer does 
not ``access'' a ``digital application'' to make a payment.\262\ In 
addition, when consumers provide their payment credential through the 
website of a single merchant solely for use at that merchant and its 
affiliated companies, the merchant payment processor processing that 
payment credential (whether for a single transaction or by storing the 
card on file for repeat use) is not providing covered payment 
functionality that has ``general

[[Page 99621]]

use'' based on how the Final Rule defines that term as usable for 
making payments to multiple unaffiliated persons as discussed 
below.\263\
---------------------------------------------------------------------------

    \262\ In any event, the Final Rule also adopts a revised 
definition of the term ``covered payment functionality'' that 
focuses on receiving funds ``from'' the consumer or storing account 
or payment credentials ``for'' a consumer.
    \263\ Similarly, a consumer may use a general-use digital 
consumer payment application to make a payment in a physical store 
by ``tapping'' their mobile phone that contains the app on a gateway 
payment terminal at the checkout counter. As the proposed Rule 
explained, a gateway terminal, which is a computing device merchants 
acquire, is not a ``digital application'' as defined in the Proposed 
Rule because it is not a personal computing device of the consumer. 
88 FR 80197 at 80206. Thus a merchant payment processor would not be 
engaged in market activity solely based on operating or accepting 
payments data through such a terminal.
---------------------------------------------------------------------------

    In light of these clarifications and changes adopted in the Final 
Rule, the CFPB disagrees that a broader, general ``business-to-
business'' exclusion is warranted.\264\ Such an exclusion would not be 
consistent with the structure of nonbank provider's market activities, 
which involve intermediation between consumers and payment recipients. 
When consumers sign up as a customer for a nonbank's general-use 
digital consumer payment application, they do so in order to use the 
app to make payments to multiple unaffiliated persons. The consumer 
payment transactions they make by accessing that digital application 
fall within the market, even though the app provider also may conduct 
those transactions under the umbrella of a business-to-business 
contract such as a merchant acceptance agreement.\265\
---------------------------------------------------------------------------

    \264\ These clarifications relate to the scope of the market. 
Some entities may be acting as a service provider to a market 
participant. The Final Rule does not alter the scope of CFPB 
authority over service providers conferred by the CFPA. As the 
Proposed Rule explained, CFPA section 1024(e) expressly authorizes 
the supervision of service providers to nonbank covered persons 
encompassed by CFPA section 1024(a)(1), which includes larger 
participants. Adding an express exclusion for service providers in 
the Final Rule could cause confusion over the CFPB's authority to 
supervise such entities.
    \265\ As discussed above, many businesses provide general-use 
digital consumer payment applications to consumers and facilitate 
their payments through business-to-business acceptance agreements 
with merchants. At the same time, as also discussed above, the 
market definition adopted in the Final Rule does not cover the 
merchant, even when it provides a payment button that launches the 
third-party's general-use digital consumer payment application.
---------------------------------------------------------------------------

Final Rule
    For the reasons described above, the CFPB adopts the proposed 
definition of ``covered payment functionality'' with certain minor 
clarifying changes.
    First, the Final Rule changes ``wallet functionality'' to ``payment 
wallet functionality.'' As discussed above, some commenters raised 
questions about whether the Proposed Rule would have applied to digital 
wallets (or the part of their functionalities) that store and transmit 
data unrelated to consumer payments. Because the terms ``digital 
wallet'' and ``wallet'' have varied uses, this revision provides 
greater precision and prevents confusion.\266\
---------------------------------------------------------------------------

    \266\ The CFPB declines to adopt the industry commenter's 
suggestion that the Final Rule include a safe harbor under which 
compliance with the CFPB's personal financial data rights rule does 
not determine application of this larger participant rule, and 
coverage under the larger participant rule does not determine 
application of the personal financial data rights rule. The comment 
did not identify any specific differences between the two proposals' 
approach to covering digital wallets that it found to be 
significant, or explain how application of one rule could affect 
application of the other. In fact, application of one rule does not 
determine application of the other. The text of each rule governs 
its scope. Further, because this Final Rule does not impose 
substantive consumer protection obligations, it does not modify the 
scope of the personal financial data rights rule. In any event, as 
noted above, to the extent an entity is a larger participant under 
this rule and also is subject to the personal financial data rights 
rule when compliance is required in the future, CFPB examinations of 
that entity may review compliance with the personal financial data 
rights rule. Further, this treatment is consistent with CFPB 
examinations of depository institutions with more than $10 billion 
in assets; i.e., the CFPB currently examines these institutions' 
compliance with applicable requirements of Federal consumer 
financial law (e.g., the EFTA and its implementing Regulation E) and 
may examine their compliance with the personal financial data rights 
rule after compliance is required.
---------------------------------------------------------------------------

    Second, the definition of ``funds transfer functionality'' is 
revised to clarify that the funds received or instructions accepted 
must be ``from a consumer'' to qualify as market activity. Similarly, 
the definition of ``payment wallet functionality'' is revised to 
clarify that account or payment credentials must be stored ``for a 
consumer'' to satisfy the first prong of that that definition. As 
discussed above, nonbanks are not participating in the market when 
providing a payment functionality that a consumer does not access 
through a digital application. Consistent with that approach, these 
clarifications to the definition of ``covered payment functionality'' 
similarly confirm that nonbank firms that do not engage with consumers 
through digital applications would not be providing a ``covered payment 
functionality.'' For example, for purposes of this Final Rule that term 
would not cover a nonbank that operates in a consumer payment 
transaction process solely as an intermediary between two businesses. 
The CFPB does not believe this is a significant change from the 
Proposed Rule, since the proposed market definition only would have 
applied to providing a payment functionality ``for consumers' general 
use'' in the first place. But for the avoidance of doubt, the Final 
Rule includes this additional clarification on this point.
Digital Application
Proposed Rule
    The proposed market definition would have applied to providing 
covered payment functionalities through a digital application for a 
consumer's general use in making consumer payment transactions. 
Proposed Sec.  1090.109(a)(2) would have defined the term ``digital 
application'' as a software program accessible to a consumer through a 
personal computing device, including but not limited to a mobile phone, 
smart watch, tablet, laptop computer, or desktop computer.\267\ The 
proposed definition would have specified that the term includes a 
software program, whether downloaded to a personal computing device, 
accessible from a personal computing device via a website using an 
internet browser, or activated from a personal computing device using a 
consumer's biometric identifier, such as a fingerprint, palmprint, 
face, eyes, or voice.\268\
---------------------------------------------------------------------------

    \267\ The Proposed Rule noted that the definition considers 
whether the digital application is accessible through a personal 
computing device, not whether a particular payment is made using a 
computing device that a consumer personally owns. For example, if a 
consumer logs into a digital application through a website using a 
work or library computer and makes a consumer payment transaction, 
the transfer would be subject to the Proposed Rule if that digital 
application is one a consumer also may access through a personal 
computing device.
    \268\ The Proposed Rule noted for example that some nonbanks 
allow consumers to use interactive voice technology to operate the 
nonbank's application that resides on the phone itself. See, e.g., 
Lory Seraydarian, Voice Payments: The Future of Payment Technology?, 
PlatAI Blog (Mar. 7, 2022) (software firm analysis reporting that 
major P2P participants ``allow their customers to use voice commands 
for peer-to-peer transfers.''), https://plat.ai/blog/voice-payments/ 
(last visited Oct. 23, 2023).
---------------------------------------------------------------------------

    The Proposed Rule explained how market participants may provide 
covered payment functionalities through digital applications in many 
ways. For example, a consumer may access a nonbank covered person's 
covered payment functionality through a digital application provided by 
that nonbank covered person. Or, a consumer may access a nonbank 
covered person's covered payment functionality through a digital 
application provided by an unaffiliated third-party such as another 
nonbank, a bank, or a credit union.\269\ In either case,

[[Page 99622]]

a consumer typically first opens the digital application on a personal 
computing device and follows instructions for associating their deposit 
account, stored value account, or other payment account information 
with the covered payment functionality for use in a future consumer 
payment transaction. Then, when the consumer is ready to initiate a 
payment, the consumer may access the digital application again to 
authorize the payment.
---------------------------------------------------------------------------

    \269\ As the Proposed Rule noted, if a nonbank covered person 
provides a covered payment functionality a consumer may access 
through a digital application provided by a bank or credit union, 
the Proposed Rule would have only applied to the nonbank. Insured 
depository institutions, insured credit unions, and certain of their 
affiliates are not subject to the CFPB's larger participant rules, 
which rely upon authority in CFPA section 1024 that applies to 
nonbanks. 12 U.S.C. 5514(a)(3)(A).
---------------------------------------------------------------------------

    The Proposed Rule also explained how consumers have many ways to 
access covered payment functionalities through digital applications to 
initiate consumer payment transactions. To make a P2P payment, a 
consumer may use an internet browser or other app on a mobile phone or 
computer to access a nonbank covered person's funds transfer 
functionality, such as a feature to initiate a payment to friends or 
family or to access a general-use bill-payment function. The consumer 
then may direct the nonbank covered person to transmit funds to the 
recipient or the consumer may provide payment instructions for the 
nonbank covered person to relay to the person holding the funds to be 
transferred. Or, in an online retail purchase transaction, a consumer 
may access a wallet functionality by clicking on or pressing a payment 
button on a checkout screen on a merchant website. The consumer then 
may log into the digital application or display a biometric identifier 
to their personal computing device to authorize the use of a 
previously-stored payment credential. Or, in an in-person retail 
purchase transaction, a consumer may activate a covered payment 
functionality by placing their personal computing device next to a 
merchant's retail payment terminal. The digital application then may 
transmit payment instructions or payment credentials to a merchant 
payment processor. For example, a mobile phone may transmit such data 
by using near-field communication (NFC) technology built into the 
mobile phone,\270\ by generating a payment-specific quick response (QR) 
code on the mobile phone screen that the consumer displays to the 
merchant payment terminal, or by using the internet, a text messaging 
system, or other communications network accessible through the mobile 
phone.
---------------------------------------------------------------------------

    \270\ See generally CFPB Contactless Payments Spotlight, supra.
---------------------------------------------------------------------------

    Through the proposed definition of digital application, the 
Proposed Rule would have excluded from the proposed market payment 
transactions that do not rely upon use of a digital applications. For 
example, gateway terminals merchants obtain to process the consumer's 
personal card information are not personal computing devices of the 
consumer. Merchants generally select these types of payment processing 
services, which are provided to consumers at the point of sale to pay 
for the merchant's goods or services. Their providers may be 
participating in a market that is distinct in certain ways from a 
market for general-use digital consumer payment applications. In 
addition, the proposed definition of ``digital application'' would not 
have covered the consumer's presentment of a debit card, a prepaid 
card, or a credit card in plastic, metallic, or similar form at the 
point of sale. In using physical payment cards at the point of sale, a 
consumer generally is not relying upon a ``digital application'' 
because the consumer is not engaging with software through a personal 
computing device to complete the transaction. However, when a consumer 
uses the same payment card account in a wallet functionality provided 
through a digital application, then those transactions would have 
fallen within the market definition.
    The Proposed Rule requested comment on the proposed definition of 
``digital application,'' and whether it should be modified, and if so, 
how and why. For example, the Proposed Rule requested comment regarding 
whether defining the term ``digital application'' by reference to 
software accessible through a personal computing device is appropriate, 
and if so, why, and if not, why not and what alternative approach 
should be used and why.
Comments Received
    A consumer group supported the proposal's definition of a market 
based on use of a ``digital application.'' It cited a 2021 industry 
white paper observing that most financial transactions happen via 
mobile apps, websites, email, text messages, and other digital 
communications.\271\ In addition, as discussed above, many commenters 
agreed that the market for general-use digital consumer payment 
applications has grown rapidly and expressed support for the proposal 
to supervise larger participants providing general-use digital consumer 
payment applications. These commenters generally did not take issue 
with or appeared to agree with the proposal's defining the market as a 
digital market.
---------------------------------------------------------------------------

    \271\ Google LLC Embedded Finance White Paper, supra, at 3.
---------------------------------------------------------------------------

    Some consumer group commenters urged the CFPB to expand the market 
definition beyond payments facilitated through digital applications, to 
cover in-person domestic money transfers as well as payments consumers 
make via telephone call to transfer funds to persons while incarcerated 
and prepaid cards issued to such persons upon their release from 
incarceration. They indicated this approach would be consistent with 
the market definition in the international money transfer larger 
participant rule, which was not limited to app-based payments. They 
stated that some consumers that send funds to friends and family who 
are incarcerated have incomes that are too low to afford easy access to 
digital applications. They also described a risk of abusive practices 
with release cards due to consumers' lack of choice among card issuers. 
They further noted that the proposed market definition would not 
encompass consumers' use of release cards outside of digital 
applications, which they often do because they likely do not have 
smartphones when they are released and need to use the funds 
immediately.
    Meanwhile, an industry association suggested that the ``digital 
application'' limitation invalidates the market definition because it 
does not satisfy principles of antitrust law due to excluding 
reasonably interchangeable non-products with the same use case, such as 
network-branded payment cards when used outside of a digital 
application, whether by swiping a plastic card in-person or inputting 
the card information manually to make a digital payment. This commenter 
cited data that in its view indicated that those cards are still 
preferred by consumers. Thus, in its view, general-use digital consumer 
payment applications compete with physical payment methods as part of a 
broader payment industry. In addition, a nonprofit commenter disagreed 
with the ``digital application'' limitation because, in its view, it 
incorrectly ascribes a special status to payments undertaken 
digitally.\272\
---------------------------------------------------------------------------

    \272\ A few industry associations also described the proposed 
definition of ``digital application'' as vague. Their comments 
appeared principally concerned not with what is a digital 
application, but with who is providing a covered payment 
functionality through a digital payment application. The Final Rule 
responds to their comments in the section-by-section analysis of 
``covered payment functionality'' above.

---------------------------------------------------------------------------

[[Page 99623]]

    Other consumer groups and a nonprofit commenter called for 
clarification of the definition of ``digital application'' including 
its reference to use of a ``personal computing device.'' For example, 
one consumer group suggested that the rule include additional examples 
of a ``personal computing device'' because computer chips are versatile 
and industry can use everyday items to facilitate payments and collect 
consumers' payments data. They stated that some automobiles already 
have ``smart dashboards'' that consumers may use to make purchases. 
They added that home appliances, such as televisions and refrigerators, 
also could be designed to facilitate purchases. They stated that some 
smart appliances already allow consumers to use a digital wallet 
provided by a third-party that is dominant in the market. They stated 
that these devices should be included as examples of personal computing 
devices that may facilitate market activity. On the other hand, a 
nonprofit commenter stated that some of its members believed the 
definition of ``personal computing device'' is vague and the rule needs 
to expressly exclude public computers from that definition. This 
commenter also stated some of its members believed that the definition 
of ``digital application'' should be clarified to provide additional 
examples of how a consumer ``may access'' the underlying software 
program. They stated that the use of PINs and passwords should be added 
to the examples in the definition.
    Finally, two commenters raised questions about the applicability of 
the Proposed Rule to internet browsers and functionalities they 
provide. An industry association stated that the rule should clarify 
whether internet browsers that store credit card information would be 
considered to facilitate a consumer payment within the meaning of the 
definition of ``covered payment functionality.'' In addition, a law 
firm commenter stated that it did not understand the goal of the 
Proposed Rule to cover generic web browser activity, but a 
clarification would be necessary to avoid inadvertent coverage of that 
activity because of what it described as ``payment-autofill functions'' 
provided by online platforms and applications. It cited specific 
popular internet browsers as examples. It described payment autofill 
functions as prepopulating a consumer's stored payment credential 
information into checkout forms on a merchant website within the 
platform's browser.\273\
---------------------------------------------------------------------------

    \273\ Although it stated that it did not understand that the 
goal of the Proposed Rule was to cover autofill functions of generic 
web browsers, it stated that the autofill functionality could be 
viewed as transmitting or otherwise processing a stored payment 
credential under a broad reading of the proposed definition of 
``wallet functionality'' discussed further above. However, in its 
view, such a broad reading would be incorrect because transmission 
of the payment credential for processing does not occur until the 
consumer clicks the merchant's payment button and because it is the 
merchant and their payment service providers that process the 
payment.
---------------------------------------------------------------------------

Response to Comments Received
    The CFPB agrees with the consumer group commenter that it is 
appropriate to define the market at issue in this Final Rule as one 
involving ``digital applications.'' As discussed above, such digital 
applications have grown dramatically and become increasingly important 
to the everyday financial lives of consumers.
    With respect to the industry associations' comments suggesting that 
the limitation of the market to ``digital application'' would be 
inappropriate from the perspective of antitrust law because it excludes 
consumers' use of physical network-branded payment cards, as discussed 
above this Final Rule does not define a market for purposes of 
antitrust law. As a consequence, CFPA section 1024(a)(1) does not 
require a larger participant rule to define a market to include all 
reasonably-interchangeable substitutes for a given consumer financial 
product or service whether provided by nonbanks or insured banks or 
credit unions.\274\
---------------------------------------------------------------------------

    \274\ In any event, the CFPB notes that loading the card into a 
third-party app for app-based use may be an indicator that the app 
is a compliment rather than a substitute for the card. See Racing 
for Mobile Payments, supra, sec. 2.1.2 (describing ``card-
complementing mobile payment systems'' like those provided by Apple, 
Google, and Samsung in the United States).
---------------------------------------------------------------------------

    In addition, the CFPB disagrees with the industry association's 
comments because general-use digital consumer payment applications 
often function in ways that are distinct from network-branded payment 
cards, making it appropriate for the market defined in this Rule to be 
limited to such digital applications. For example, as the most recent 
Federal Reserve annual report on consumer payment preferences 
indicates, consumers generally cannot or do not use network-branded 
payment cards for making payments to friends and family outside of the 
nonbank general-use digital consumer payment applications.\275\ 
Similarly, well-known general-use digital consumer payment applications 
often provide a functionality that physical payment cards generally do 
not have--the ability to load payment credentials for accounts held at 
multiple unaffiliated financial institutions.\276\ This functionality 
can be a significant one. According to one recent report, the average 
consumer may have as many as eight network-branded payment cards.\277\
---------------------------------------------------------------------------

    \275\ See 2024 Diary Findings, supra at 16 (indicating that when 
used by themselves and not through payment apps, ``[d]ebit and 
credit cards . . . typically are impractical or costly for P2P 
transactions''). For example, American Express National Bank has 
used PayPal and Venmo to facilitate credit card holders' P2P 
transactions, as described at https://help.venmo.com/hc/en-us/articles/360058686993-Amex-Send-Split (last visited Nov. 7, 2024).
    \276\ Some banks and credit unions offer an app-based wallet 
functionality that facilitates payments using cards issued by 
multiple unaffiliated card issuers. See Paze FAQs (describing how 
consumers can add participating cards into the wallet from the Paze 
website or through the bank or credit union's digital application), 
https://www.paze.com/faqs (last visited Nov. 17, 2024); see also 
VISA Blog, One card to rule them all (May 16, 2024) (describing VISA 
plans to launch a new service in the United States allowing 
consumers to use their card issuer's app to ``swap funding sources'' 
between different accounts the consumer holds with that same 
issuer), https://usa.visa.com/visa-everywhere/blog/bdp/2024/05/14/one-card-to-1715696707658.html (last visited Nov. 7, 2024).
    \277\ Jack Caporal, Credit and Debit Card Market Share by 
Network and Issuer (Jan. 24, 2024) (citing Nilson Report data for 
2022), https://www.fool.com/the-ascent/research/credit-debit-card-market-share-network-issuer/ (last visited Nov. 7, 2024).
---------------------------------------------------------------------------

    The CFPB disagrees with the consumer group and nonprofit comments 
to the extent they were suggesting that the ``digital application'' 
component of the proposed market definition would leave a significant 
gap in the CFPB's supervisory authority with respect to the use of 
network-branded payment cards including prison release cards. CFPA 
section 1025(a) already grants the CFPB supervisory authority over very 
large insured depository institutions and insured credit unions that 
are among the largest issuers of network-branded payment cards. While 
some insured depository institutions and insured credit unions with 
assets of $10 billion or less also issue payment cards, including 
prepaid cards, CFPA section 1024(a)(3)(A) specifically excludes all 
insured depository institutions and insured credit unions from the 
scope of a larger participant rule under CFPA section 1024(a)(1)(B). 
Therefore, the CFPB does not have authority to use this rule to define 
insured depository institutions or insured credit unions as larger 
participants in this market. In any event, when a nonbank prepaid card 
program manager facilitates consumers' use of these cards through the 
card's proprietary digital application, such as to make payments to 
friends and family, this activity may qualify as a consumer financial 
product or service of the nonbank that already is included in the

[[Page 99624]]

market definition. And when consumers load these cards into a third-
party general-use digital consumer payment applications, the use of the 
cards through those apps also would be included in the market 
definition.
    The CFPB also declines the suggestion by consumer group and 
nonprofit commenters that the CFPB adopt in this Final Rule a market 
that includes all domestic money transfers including those facilitated 
by telephone call and through in-person transfers not mediated by a 
digital application. As discussed above, a trend in the consumer 
payments area has been the rapid growth in general-use digital consumer 
payment applications including their payment wallet functionalities 
that do not necessarily involve domestic money transmitting. The CFPB 
adopts this Final Rule in response to that growth in an effort to 
promote compliance with Federal consumer financial law and detect and 
assess risks to consumers and the market, including emerging risks, and 
to ensure consistent enforcement of Federal consumer financial law in 
this area. When consumers make telephone- or in-person-based domestic 
payments, the CFPB has other means of assessing risks they may pose to 
consumers. For example, if a nonbank covered person has significant 
involvement in that activity through the provision of a consumer 
financial product or service, the CFPB can evaluate whether that poses 
a risk to consumers sufficient to warrant a supervisory designation 
under CFPA section 1024(a)(1)(C).
    Further, consistent with its approach in the international money 
transfer larger participant rule,\278\ the CFPB notes that it does not 
seek in this rule to define a market that covers the entire universe of 
consumer payment transactions that fall within the scope of the CFPB's 
authority under the CFPA. This larger-participant rulemaking is only 
one in a series, and nothing in this Final Rule precludes the Bureau 
from considering in future larger-participant rulemakings other markets 
for consumer financial products or services that might include non-
digital payment activities not included in the market defined by this 
rule.
---------------------------------------------------------------------------

    \278\ 79 FR 56631 at 56635-56636.
---------------------------------------------------------------------------

    With regard to comments on specific aspects of the ``digital 
application'' definition, the CFPB agrees with the members of the 
nonprofit commenter that PINs and passwords may be common ways that 
consumers use to access general-use digital consumer payment 
applications. Device-specific codes called passkeys also are an 
increasingly common way for digital applications, including general-use 
digital consumer payment applications, to authenticate a consumer's 
identity.\279\ The Final Rule therefore accounts for these examples, as 
described below.\280\ The CFPB does not agree with the consumer group 
commenter to the extent it was suggesting that the prospect of future 
participation in the market by manufacturers of automobiles and smart 
appliances such as televisions and refrigerators warranted adding those 
types of devices to the list of example of personal computing devices 
in the definition of ``digital application.'' Because the proposed 
definition did not state that the list of examples of personal 
computing devices was exhaustive, other devices may qualify as personal 
computing devices. However, the research described in the Proposed Rule 
indicates that general-use digital consumer payment applications are 
predominantly distributed via mobile phones and computers. For that 
reason, it is not necessary for the regulation text to identify 
automobiles and smart appliances such as televisions and refrigerators 
as additional examples of personal computing devices. The proposed 
definition already was flexible enough to capture this activity if it 
were to become common in the future. To the extent existing market 
participants make their general-use digital consumer applications 
accessible to consumers not only via mobile phones or computers, but 
also via automobiles or smart home appliances manufactured by others, 
that activity already would fall within the market definition 
regardless of whether automobiles or smart home appliances qualify as 
personal computing devices. As the Proposed Rule noted,\281\ if a 
consumer may access a digital application through a personal computing 
device, then consumers' use of the application would be included in the 
market regardless of whether they access the application through other 
means, such as a work or library computer. For that reason, the CFPB 
also disagrees with the members of the nonprofit commenter that 
suggested the rule needs to further differentiate between a personal 
and a public computing device. They did not point to any examples that 
should be classified in one category or the other.\282\
---------------------------------------------------------------------------

    \279\ See, e.g., PayPal, PayPal Introduces More Secure Payments 
with Passkeys (Oct. 24, 2022), https://newsroom.paypal-corp.com/2022-10-24-PayPal-Introduces-More-Secure-Payments-with-Passkeys 
(last visited Nov. 8, 2024); Apple iPhone User Guide iOS 17, Use 
passkeys to sign in to apps and websites on iPhone, https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-and-websites-iphf538ea8d0/ios (last visited Nov. 8, 2024); Google, 
Passkey support on Android and Chrome, https://developers.google.com/identity/passkeys/supported-environments (last 
visited Nov. 8, 2024).
    \280\ However, the inclusion of these examples does not 
necessarily mean that a nonbank is participating in the market by 
providing a product or service to manage a consumer's passwords. 
Whether or not that activity falls within the market definition will 
depend on whether it is conducted by a nonbank covered person as 
part of providing a ``covered payment functionality'' with ``general 
use.''
    \281\ 88 FR 80197 at 80206 n.67.
    \282\ In addition, as explained in the discussion of general 
comments further above, through supervisory activity at larger 
participants defined in this Final Rule, the CFPB can detect and 
assess emerging risks to consumers, including as a result of 
developments in the software or personal computing devices involved 
in the delivery of general-use digital consumer payment 
applications.
---------------------------------------------------------------------------

    Finally, with regard to comments seeking clarification or exclusion 
of internet browser activities including payment autofill functions, 
the CFPB clarifies that the Proposed Rule was not intended to treat the 
operation of a web browser itself as a form of market activity.\283\ As 
noted above, the proposed definition of ``digital application'' 
included several examples of software programs accessed by a personal 
computing device, including ``a website a consumer accesses by using an 
internet browser on a personal computing device.'' As that example 
indicates, the relevant ``digital application'' that the consumer 
accesses using a web browser is the website, and not the web browser 
itself. Excluding web browsers from the definition of ``digital 
application'' is consistent with the CFPB's goal of covering payment 
applications in the rule. While some web browsers may store and 
automatically populate payment forms on merchant websites with consumer 
payment account information, that activity alone does not convert a web 
browser into a payments-focused digital application that is 
participating in this market. Nor is the CFPB aware of market research 
studies or surveys on consumer payment applications that identify web 
browsers as competing with larger participants in the market.
---------------------------------------------------------------------------

    \283\ See, e.g., United States v. Microsoft Corporation, Case 
No. 98cv1232, D.D.C. (Complaint filed May 18, 1998) ] 6 (defining an 
``internet browser'' as ``specialized software programs that allow 
PC users to locate, access, display, and manipulate content and 
applications located on the internet's World Wide Web''), https://www.justice.gov/sites/default/files/atr/legacy/2012/08/09/1763.pdf 
(last visited Nov. 8, 2024).
---------------------------------------------------------------------------

Final Rule
    For the reasons described above, the CFPB adopts the proposed 
definition of ``digital application'' with certain clarifying changes 
described below, including changing the term to ``digital payment 
application.''

[[Page 99625]]

    First, consistent with the Final Rule changing ``wallet 
functionality'' to ``payment wallet functionality'' for the sake of 
precision and clarity, the Final Rule also adopts the term ``digital 
payment application'' instead of the more generic term ``digital 
application.'' Based on how the CFPB proposed the market definition for 
a ``general-use digital consumer payment application,'' the concept of 
a ``digital payment application'' already was incorporated into the 
market definition itself. This conforming change to the component 
definition of ``digital application'' therefore aligns that term more 
clearly with the general market definition. Relatedly, for the reasons 
discussed above in the CFPB's response to comments regarding web 
browsers, the Final Rule clarifies that operating a web browser is not 
an example of providing a digital payment application.
    Second, in response to a nonprofit commenter, the Final Rule adds 
to the list of examples of how a consumer may access a personal 
computing device to include other common means, such as using a 
personal identifier, such as a passkey, password, or PIN.
General Use
Proposed Rule
    The proposed market definition would have applied to providing 
covered payment functionalities through a digital application for a 
consumer's general use in making consumer payment transactions. 
Proposed Sec.  1090.109(a)(2) would have defined the term ``general 
use'' as the absence of significant limitations on the purpose of 
consumer payment transactions facilitated by the covered payment 
functionality provided through the digital consumer payment 
application. The Proposed Rule explained that the CFPB sought to 
confine the market definition to those digital payment applications 
that consumers can use for a wide range of purposes. The Proposed Rule 
noted how digital payment applications with general use can serve broad 
functions for consumers, such as sending funds to friends and family, 
buying a wide range of goods or services at different stores, or both. 
As reflected in the non-exhaustive list of examples in the Proposed 
Rule discussed below, other consumer financial products and services 
provide payment functionalities for more limited purposes. While those 
other products and services also serve important functions for 
consumers, they do not have the same broad use cases for consumers. As 
a result, in the Proposed Rule, the CFPB viewed those products as 
participating in a market or markets distinguishable from a market from 
general-use digital consumer payment applications.
    The proposed definition of general use would have clarified that a 
digital consumer payment application that would facilitate person-to-
person, or peer-to-peer (P2P), transfers of funds would have qualified 
as having general use under the Proposed Rule. Even if a payment 
functionality provided through a digital application is limited to P2P 
payments, and that constitutes a limitation on the purpose of payments, 
that limitation would not have been a significant limitation for 
purposes of the proposed market definition. For example, a P2P 
application that permits a consumer to send funds to any family member, 
friend, or other person would have qualified as having general use, 
even if that P2P application could not be used as a payment method at 
checkout with merchants, retailers, or other sellers of goods or 
services. A P2P application also would have qualified as having general 
use even if it can only transfer funds to recipients who also register 
with the application provider, or otherwise participate in a certain 
network (which the Proposed Rule noted some refer to as ``closed loop'' 
P2P systems). As the Proposed Rule noted, although the network of 
potential recipients in such a system may be limited in certain 
respects, often any potential recipient may have the option of joining 
such a system (and many consumers already may have joined such 
systems), so the universe of potential recipients for such payments 
often is still broad. The Proposed Rule also stated that a digital 
consumer payment application still may have qualified as having general 
use even when the universe of potential recipients for a funds transfer 
is fixed, such as when a consumer can only make a transfer of funds to 
friends or family located in a prison, jail, or other secure 
facility.\284\
---------------------------------------------------------------------------

    \284\ Such funds may be available to the recipient for a variety 
of purposes, including to purchase food, toiletries, medical 
supplies, or phone credits while incarcerated, and, if not used by 
the recipient while incarcerated, may revert upon release to an 
unrestricted account. See, e.g., CFPB Report, Justice-Involved 
Individuals and the Consumer Financial Marketplace (Jan. 2022), sec. 
3.1 (n.87 describing uses of these types of funds transfers) and 
sec. 4.1 (describing how, as observed in a CFPB enforcement action 
and an investigative report on prison release cards, ``[w]hen 
released, people exiting jail receive the money they had when 
arrested, and prisons disburse the balance of a person's commissary 
account, including wages from prison jobs, public benefits, and 
money sent by friends and family.''), https://files.consumerfinance.gov/f/documents/cfpb_jic_report_2022-01.pdf 
(last visited Oct. 23, 2023).
---------------------------------------------------------------------------

    To provide clarity as to the proposed market definition, the 
proposed definition of general use would have included examples of 
limitations that would be significant for purposes of the proposal, 
such that a covered payment functionality offered through a digital 
consumer payment application with such limitations would not have had 
general use.\285\ The examples would have illustrated some types of 
digital consumer payment applications that would not have had general 
use. The list of examples was not exhaustive, and other types of 
digital consumer payment applications would not have had general use to 
the extent they cannot be used for a wide range of purposes.
---------------------------------------------------------------------------

    \285\ The Proposed Rule includes these examples to illustrate 
the scope of the term ``general use'' in the Proposed Rule, and thus 
the scope of the proposed market definition. The examples are not a 
statement of the CFPB's views regarding the scope of its authority 
over consumer financial products and services under the CFPA.
---------------------------------------------------------------------------

    In addition, the Proposed Rule noted that some payment 
functionalities may be provided through two different digital consumer 
applications. For example, from a merchant's ecommerce digital 
application, a consumer may click on a payment button that links to a 
third-party general-use digital consumer payment application, where the 
consumer authenticates their identity and provides payment instructions 
or otherwise authorizes the payment. Even if the merchant's digital 
application itself would not have qualified as having general use, the 
consumer's use of the third-party general-use digital consumer payment 
application still would have constituted covered market activity with 
respect to the third-party provider.
    The first example of a payment functionality with a significant 
limitation such that it would not have general use would have been a 
digital consumer payment application whose payment functionality is 
used solely to purchase or lease a specific type of services, goods, or 
property, such as transportation, lodging, food, an automobile, a 
dwelling or real property, or a consumer financial products and 
service.\286\ The Proposed Rule listed this

[[Page 99626]]

example in paragraph (A) of the proposed definition of general use.
---------------------------------------------------------------------------

    \286\ For example, when a consumer uses a payment functionality 
in a digital application for a consumer financial product or service 
to pay for that consumer financial product or service, such as by 
providing payment card information to a credit-monitoring app to pay 
for credit-monitoring services, this limited purpose for that 
payment functionality would not have had general use under the 
Proposed Rule. The term ``consumer financial product or service'' is 
defined in CFPA section 1002(5) and includes a range of consumer 
financial products and services including those in markets that the 
CFPB supervises, described in the Proposed Rule, as well as other 
consumer financial products and services outside of supervised 
markets over which the CFPB generally has enforcement and market-
monitoring authority. See generally 12 U.S.C. 5481(5) (definition of 
``consumer financial product or service'') and 12 U.S.C. 5481(15) 
(definition of ``financial product or service'').
---------------------------------------------------------------------------

    Second, as indicated in paragraph (B), accounts that are expressly 
excluded from the definition of ``prepaid account'' in paragraphs (A), 
(C), and (D) of Sec.  1005.2(b)(3)(ii) of Regulation E \287\ also would 
not have had general use for purposes of the Proposed Rule. Those 
provisions in Regulation E exclude certain tax-advantaged health 
medical spending accounts, dependent care spending accounts, transit or 
parking reimbursement arrangements, closed-loop accounts for spending 
at certain military facilities, and many types of gift certificates and 
gift cards. The Proposed Rule explained that, while these types of 
accounts may support payments through digital applications with varied 
purposes to different types of recipients, the accounts remain 
sufficiently restricted as to the purpose to warrant exclusion from the 
proposed market.
---------------------------------------------------------------------------

    \287\ 12 CFR 1005.2(b)(3)(ii).
---------------------------------------------------------------------------

    Third, as indicated in proposed paragraph (C), a payment 
functionality provided through a digital consumer payment application 
that solely supports payments to pay a specific debt or type of debt or 
repayment of an extension of consumer credit would not have qualified 
as having general use. For example, a consumer mortgage lender's mobile 
app or website may provide a functionality that allows a consumer to 
pay a loan. Or a debt collector's website may provide a means for a 
consumer to pay a debt. These digital consumer payment applications 
have a use that is significantly limited, to only pay a specific debt 
or type of debt. In general, digital applications that solely support 
payments to specific lenders, loan servicers, and debt collectors would 
not have fallen within the proposed market definition.\288\ The 
Proposed Rule noted that the CFPB considers such digital applications 
generally to be more part of the markets for consumer lending, loan 
servicing, and debt collection. The CFPB has issued separate larger 
participant rules for such markets and CFPA section 1024(a) also grants 
the CFPB supervisory authority over participants in certain lending 
markets, including mortgage lending, private student lending, and 
payday lending. In addition, other digital applications may only help a 
consumer to pay certain other types of debts, such as taxes or other 
amounts owed to the government, including fines. Under this proposed 
example, those payment functionalities provided through those 
applications also would not have qualified as having general use.
---------------------------------------------------------------------------

    \288\ By contrast, as noted in the section-by-section analysis 
of the proposed exclusion in paragraph (C) of the definition of a 
``consumer payment transaction,'' if a consumer uses a general-use 
digital consumer payment application as a method of making a payment 
to such a payee, that general-use digital consumer payment 
application would have been participating in the market for those 
consumer payment transactions.
---------------------------------------------------------------------------

    Fourth, as indicated in proposed paragraph (D), a payment 
functionality provided through a digital application that solely helps 
consumers to divide up charges and payments for a specific type of 
goods or services would have been excluded. Some payment applications, 
for example, may be focused solely on helping consumers to split a 
restaurant bill. This example is a corollary of the example in 
paragraph (A). Since a payment functionality limited to paying for food 
would not have qualified as having general use under paragraph (A), 
paragraph (D) would have clarified that a payment functionality that 
enables splitting a bill for food have also would not have qualified as 
having general use.
    The CFPB requested comment on the proposed definition of general 
use and examples of significant limitations that take a payment 
functionality provided through a digital consumer application out of 
the general use category. The CFPB also requested comment on whether 
the examples of significant limitations should be changed or clarified, 
and whether additional examples of significant limitations should be 
included, and if so, what examples and why.
Comments Received
    Some commenters stated that the proposed ``general use'' limitation 
was excessively ambiguous or uncertain, though they did not agree on 
how to clarify the definition. For example, two industry associations 
criticized defining ``general use'' as the ``absence of significant 
limitations on the purpose of consumer payment transactions facilitated 
by the covered payment functionality'' on the ground that that standard 
was ambiguous and that the associated examples in the proposed 
definition did not provide sufficient guidance to ascertain the scope 
of ``general use.'' These commenters stated that additional 
clarification or limitations on the definition were necessary, and that 
if the Final Rule did not clarify this term, then firms would incur 
unnecessary costs and confusion as to whether they need to prepare 
their compliance management systems for CFPB supervision. Similarly, 
another industry association criticized the definition of ``general 
use'' as ambiguous, and suggested that such ambiguity would generate 
confusion for providers. The commenter suggested clarifying how the 
definition applies to diverse features and functionalities within 
payment applications. An individual commenter stated that the proposal 
did not clearly define ``general use'' and suggested that the rule 
instead adopt a bright-line test, providing that general use means use 
with more than 100 merchants, 10 platforms, or 5 different purposes. A 
nonprofit commenter stated that while a vast majority of its members 
approved of the proposed definition of ``general use,'' a majority also 
recommended adding examples to the definition. A payments industry firm 
stated that the rule should clarify the example described in proposed 
paragraph (B) related to certain gift cards and other products and 
services that do not have general use.\289\ Finally, a comment from 
consumer groups stated that the Rule should clarify that online 
marketplace payment functions meet the definition of ``general use'' 
(and not exclude them from the definition of ``consumer payment 
transactions'' included in the market as discussed above). These 
commenters also stated that the Final Rule should clarify that if a 
payment app aimed at servicemembers is not eligible for the narrow 
Regulation E exclusion cited in paragraph (B) of the proposed 
definition of ``general use,'' then it would meet the definition of 
``general use.'' \290\
---------------------------------------------------------------------------

    \289\ Specifically, this commenter requested that the CFPB 
clarify that the definition of ``general use'' also excludes certain 
types of cards, codes, and other devices described in Regulation E 
section 1005.20(b). It stated that the Proposed Rule was unclear on 
this point because it referred only to an account described in 
Regulation E section 1005.2(b)(3)(ii)(D). Regulation E section 
1005.20(b) describes cards, codes, and other devices that are 
excluded from Regulation E section 1005.20(a), which defines the 
accounts identified in 1005.2(b)(3)(ii)(D). As a result, in its view 
there is uncertainty over whether the CFPB views those cards, codes, 
and devices has having general use. In its view, section 1005.20(b) 
refers to certain types of cards, codes, and other devices with 
limited uses and the CFPB should confirm those types of cards, 
codes, and other devices to do not have general use.
    \290\ The comment did not provide an example or state whether 
such consumer financial products or services currently exist.
---------------------------------------------------------------------------

    In addition, commenters had differing views regarding the 
appropriateness of the breadth of the proposed definition of ``general 
use.'' Some commenters agreed with the breadth of ``general use'' or 
suggested it should be expanded. For example, the comment from consumer 
groups expressed general support for the

[[Page 99627]]

definition, which they characterized as appropriately broad. Several 
consumer group and nonprofit comments expressed support for the 
definition of ``general use'' based on how the proposed term reflected 
what they described as the broad functions of services to transfer 
funds to people who are incarcerated. Some of these commenters added 
that some large companies provide app-based money transfers both to 
people who are incarcerated and to people who are not.\291\ In 
addition, without directly addressing the exclusion in paragraph (D) of 
the definition of ``general use'' for payment functionalities solely to 
split a charge for a specific type of goods or services, an industry 
association stated that consumers use general-use digital consumer 
payment applications for, among other purposes, paying expenses 
informally split between consumers. An industry association suggested 
that at least in certain ways, the proposed definition of ``general 
use'' unduly narrowed the market because it excluded digital 
applications that help consumers to make payment for the same types of 
purchases, such as food and automobiles, using the same underlying 
payment methods as applications that meet the proposed definition of 
``general use.''
---------------------------------------------------------------------------

    \291\ In addition, they stated that the ``general use'' of these 
payment systems is reflected in the significant number of people who 
are incarcerated (nearly two million at any one time with one 
estimate that people were incarcerated nearly seven million times in 
2021), broad available uses those people have for transferring the 
funds while they are incarcerated, and the universal acceptance of 
release cards loaded with funds remaining at the time of release. As 
discussed in the section-by-section analysis of the comments on the 
proposed definition of ``digital application,'' these commenters 
also called for expansion of the market to include the full range of 
payment services that support payments to people while incarcerated, 
payments by people while incarcerated, and payments by people who 
are recently released from incarceration using payment cards issued 
upon release. They added that these products and services pose large 
risks to consumers, due to, among other features, high fees and the 
lack of competition for such products and services.
---------------------------------------------------------------------------

    On the other hand, several industry commenters stated that the 
proposed definition of ``general use'' was too broad and that it should 
be narrowed in various ways. These comments generally stated that the 
``general use'' limitation on the proposed market definition did not 
adequately limit the scope of the market definition in the context of 
payments for consumer purchases, in the context of peer-to-peer 
payments, or both.
    In the context of digital payments for purchases, two industry 
associations stated that the rule should exclude from ``general use'' 
what it called ``closed-loop transactions'' which it described as 
transactions that can only occur at a ``finite'' group of merchants. 
These comments stated that the exclusion should be consistent with the 
CFPB's understanding of ``closed-loop transactions'' in the context of 
its prepaid account rule under Regulation E.\292\
---------------------------------------------------------------------------

    \292\ While these commenters quoted a description of ``closed-
loop prepaid cards'' they stated came from the CFPB's rules 
concerning prepaid accounts, the citation they identified is to a 
CFPB website that contains consumer education materials regarding 
general-use prepaid cards, prepaid gift cards, and other prepaid 
cards at https://www.consumerfinance.gov/consumer-tools/prepaid-cards/answers/key-terms (last visited Nov. 17, 2024).
---------------------------------------------------------------------------

    In the context of digital peer-to-peer payment applications or 
functionalities, several industry and other commenters stated that the 
proposal's approach to defining ``general use'' was too broad. A 
nonprofit stated that the Proposed Rule incorrectly treated any peer-
to-peer funds transfer functionality as having general use. Another 
nonprofit stated that peer-to-peer payment applications should not have 
general use unless also enabled for purchases. In its view, the absence 
of a purchase functionality constitutes a ``significant limitation'' 
within the meaning of the proposed definition of ``general use.'' 
Another industry association stated that the Proposed Rule should not 
have classified a peer-to-peer payment application as having general 
use when it restricts the universe of payment recipients to other 
persons who are registered users of the same application. Finally, 
several industry trade associations stated that the Proposed Rule was 
internally inconsistent by treating a payment functionality used 
exclusively by people who are incarcerated to make commissary purchases 
as having ``general use'' while simultaneously excluding payment 
functionalities provided solely for purchase of certain types of goods, 
services, or other property, such as food.\293\ Two trade associations 
also suggested that the Proposed Rule's assessment that persons who are 
incarcerated may put funds received to general use in a closed 
environment is inconsistent with how the CFPB views closed-loop prepaid 
cards under, Regulation E. Another industry association stated that a 
payment functionality for people who are incarcerated to pay for goods 
and services does not have ``general use'' within its conventional 
meaning.\294\
---------------------------------------------------------------------------

    \293\ In addition, they stated that the proposal's different 
treatment of these examples created confusion about the identity of 
the estimated 17 larger participants. The CFPB discusses comments on 
that issue in the section-by-section analysis of the larger-
participant test below.
    \294\ Some of these commenters further claimed the cost-benefit 
analysis did not consider potential impacts on money transfer 
services for incarcerated people, which they considered to be a 
distinct product market. In the response to general comments above, 
the CFPB responds to comments calling for the CFPB to divide the 
proposed market into separate markets for purposes of this 
rulemaking. The impacts analysis in part VII further explains how it 
analyzes the impacts in the market adopted in the Final Rule.
---------------------------------------------------------------------------

Response to Comments Received
    With respect to comments that the proposed definition of ``general 
use'' was excessively ambiguous or uncertain, the CFPB also shares the 
commenters' goal of reducing ambiguity and uncertainty in the 
definition of ``general use.'' Accordingly, the CFPB declines to adopt 
the proposal to define ``general use'' as the absence of significant 
limitations on the purposes of a consumer payment transactions 
facilitated by the covered payment functionality provided through the 
digital consumer payment application. Instead, as discussed further 
below, the Final Rule adopts an alternative standard for defining 
``general use'' as usable to transfer funds in a consumer payment 
transaction to multiple unaffiliated persons, with limited exceptions.
    With respect to comments on the breadth of the term ``general 
use,'' the CFPB believes that the definition of ``general use'' adopted 
in this Final Rule is appropriately broad given the characteristics of 
the market defined in this Final Rule. The term encompasses digital 
consumer payment applications capable of being used for a range of 
purposes such as sending funds to friends and family, buying a range of 
goods or services at different stores, or both. As discussed above in 
response to comments on the market definition in Sec.  1090.109(a)(1), 
treating those functions as part of a single market is consistent with 
the CFPB's experience and expertise, the views of certain other market 
observers, and with common consumer user experience.
    In response to the commenter that raised concerns about the rule 
including a ``general use'' limitation at all, the CFPB notes that the 
``general use'' limitation reduces the breadth of the market, which the 
commenter stated already was overly broad. The CFPB also declines to 
drop the ``general use'' limitation based on that industry 
association's comments suggesting that this limitation impermissibly 
excludes economic substitutes. The commenter cited examples of food 
delivery applications and automobile purchase

[[Page 99628]]

applications that facilitating payments that consumers also can make 
through payment functionalities that have general use.\295\
---------------------------------------------------------------------------

    \295\ For the reasons described at the outset of the section-by-
section analysis above, the CFPB disagrees with the industry 
association comment that concluded that antitrust law governs how 
the CFPB must define larger participants in a market for consumer 
financial products or services pursuant to CFPB section 
1024(a)(1)(B). In addition, as discussed further above, the CFPB 
disagrees that it would be appropriate for the market to include 
merchant and marketplace payment functionalities described by the 
exclusion in paragraph (C) of the definition of ``consumer payment 
transaction.''
---------------------------------------------------------------------------

    The CFPB similarly declines the consumer group comments suggesting 
that the Final Rule clarify that marketplaces meet the definition of 
``general use.'' Regardless of whether they meet that definition, for 
the reasons discussed in the section-by-section analysis of ``consumer 
payment transaction'' above, the Final Rule adopts the proposed 
exclusion in paragraph (C) of the definition of that term for 
marketplace payment functionalities.
    The CFPB disagrees with the industry and nonprofit comments stating 
that the CFPB should adopt a narrower definition of ``general use'' 
that would exclude some or all peer-to-peer payment applications. Like 
a payment functionality that can be used to pay two or more 
unaffiliated merchants, a peer-to-peer payment functionality enables 
transfers for consumer payment transactions to multiple, unaffiliated 
individuals. Thus, it is appropriate to for payment functionalities 
that solely support payments to friends and family to fall within the 
definition of ``general use'' in the Final Rule. In addition, the 
market increasingly bundles both types of payments and many peer-to-
peer payment functionalities can be used formally or informally to make 
payments for purchases. Defining the market based on the status of the 
recipient as a consumer or a business, as the commenter suggests, would 
be inconsistent with how the market has evolved, as further discussed 
above in the response to comments on the market definition in Sec.  
1090.109(a)(1).
    In addition, peer-to-peer digital consumer payment applications 
often support payments to millions if not tens of millions of other 
users including in some circumstances that industry describes as a 
``closed loop'' system. For example, even in such a system, often any 
adult consumer who can pass identity verification can enroll to receive 
funds.\296\ The Final Rule therefore does not treat the need for a 
recipient to sign up for an account to receive funds as a basis for 
excluding the corresponding covered payment functionality from the 
definition of ``general use.'' This approach also promotes consistent 
oversight of consumer financial products and services that allow 
consumers to send funds to other consumers, without regard to whether 
they operate through depository institutions.\297\
---------------------------------------------------------------------------

    \296\ CFPB Deposit Insurance Spotlight, supra (``In closed loop 
systems, transactions are enabled through a single provider. Under 
this model, both payer and receiver must have an account with the 
same provider to complete the payment.'').
    \297\ See also Julian Morris, Peer-to-Peer and Real Time 
Payments: A Primer, Int'l Ctr. For Law & Econ. (Aug. 21, 2023) 
(generally describing how ``closed loop'' is more of an indicator 
that the platform may operate outside of the banking system), 
https://laweconcenter.org/resources/peer-to-peer-and-real-time-payments-a-primer/ (last visited Oct. 24, 2024). The Final Rule also 
does not define ``general use'' by reference to peer-to-peer payment 
systems that may be described as ``closed loop'' because usage of 
the term ``closed loop'' in that context varies and the market is 
rapidly evolving. See, e.g., CFPB Deposit Insurance Spotlight, supra 
(describing how ``[c]losed loop payment systems are often connected 
to traditional open loop systems, so funds can be deposited or 
withdrawn out of the closed loop system.''); Getting the U.S. 
Banking Market Ready for Instant Payments, PaymentsJournal (May 21, 
2024) (``In other parts of the world, fintechs have taken the lead 
by converting their closed-loop stored value wallet propositions and 
making them interoperable on the back of real-time payment systems. 
U.S. fintechs have the same opportunity.''), https://www.paymentsjournal.com/getting-the-u-s-banking-market-ready-for-instant-payments/ (last visited Nov. 8, 2024); VISA, In 2024, 
payments to get global, open, tailored and interoperable (Dec. 15, 
2023) (describing how ``money-moving apps and wallets'' operating 
within their own ``siloed ecosystem . . . is beginning to change. 
With payments players prioritizing interoperability, we will soon 
see a more seamless future-state of global money movement--one where 
paying across services is as seamless as using any one service''), 
https://usa.visa.com/visa-everywhere/blog/bdp/2023/12/14/in-2024-payments-1702577675756.html (last visited Nov. 8, 2024); VISA, 
Introducing Visa+ (describing new Visa+ product launched in the 
United States where ``users set up one payname in their preferred 
wallet, and pay or get paid regardless of the participating app 
their peers use.''), https://usa.visa.com/products/visa-plus.html. 
(last visited Nov. 8, 2024).
---------------------------------------------------------------------------

    The CFPB declines to adopt the suggestion by some industry 
commenters that the Final Rule exclude payment functionalities based on 
whether they are limited to use at what the industry association 
commenters described as a ``finite'' number of merchants. The term 
``finite'' is not a workable standard for this Rule, and the CFPB 
disagrees with the industry commenters' further suggestion that if it 
does not adopt that exclusion (or an exclusion for some other definite 
number), the rule would have the paradoxical effect of treating the 
universe of potential recipients in closed-loop payment systems for 
retail spending as infinite. These comments did not recognize that 
paragraph (B) of the proposed definition of ``general use'' already 
excluded closed-loop gift cards.\298\ And the comment did not provide a 
justification for this Rule to adopt a broader exclusion, such as for 
payment functionalities usable at multiple unaffiliated merchants. The 
CFPB also disagrees with the individual commenter that the Rule should 
define ``general use'' based on the reaching a specific quantity of 
merchants, platforms, and purposes. The commenter did not provide any 
justification for the specific numbers of merchants, platforms, and 
purposes they proposed. In addition, the range of goods and services 
offered by an individual merchant can vary widely across merchants. As 
a result, the number of merchants where a consumer can make purchases 
is not necessarily an indicator of ``general use.'' However, the CFPB 
agrees that additional clarification may be helpful as to whether the 
type of payment account excluded from Regulation E (by virtue of only 
being usable at a single merchant or its affiliates) also would be 
excluded from the market definition here based on lacking ``general 
use.'' The CFPB provides those clarifications below in the discussion 
of the revised definition of ``general use'' adopted in Final 
Rule.\299\
---------------------------------------------------------------------------

    \298\ In describing the exclusion they were seeking, these 
commenters referred to a description of ``closed-loop prepaid 
cards'' without acknowledging that term included gift cards, which 
the Proposed Rule already proposed to exclude in paragraph (B) of 
the definition of ``general use.'' See also CFPB, Final Prepaid 
Account Rule, 81 FR 83934, 83936 (Nov. 22, 2016) (explaining how 
``consumers can only use funds stored on closed-loop prepaid 
products at designated locations (e.g., at a specific merchant or 
group of merchants in the case of certain gift cards; within a 
specific transportation system in the case of transit cards)'') 
(emphasis added).
    \299\ The Final Rule does not adopt the consumer group 
suggestion of clarifying that online marketplace payment 
functionalities have ``general use'' because, for the reasons 
discussed in the section-by-section analysis of ``consumer payment 
transaction'' above, the Final Rule does not drop the exclusion in 
paragraph (C) of the definition of that term. The requested 
clarification would create confusion, suggesting online marketplace 
payment functionalities excluded by paragraph (C) are covered by the 
definition of ``general use.''
---------------------------------------------------------------------------

    Finally, the CFPB does not agree with the industry firm commenter 
that the Proposed Rule created significant uncertainty as to whether 
certain cards, codes, or other devices described in Regulation E 
section 1005.20(b) would have general use for purposes of this rule. No 
other commenter raised this issue, and the commenter that raised the 
issue did not explain why it believed that the CFPB would view all of 
the cards, codes, or other devices described in Regulation E section 
1005.20(b) as

[[Page 99629]]

having general use, especially in light of the other examples of 
accounts that would not have general use described in proposed 
paragraph (B). In any event, the CFPB disagrees that Regulation E 
section 1005.20(b)(2) describes accounts that would not have general 
use for purposes of this rule. Section 1005.20(b)(2) describes general-
purpose reloadable cards that are not marketed as gift cards or gift 
certificates. But the absence of gift marketing does not render these 
cards lacking in general use, and if they are loaded into a general-use 
digital consumer payment application, then they may fall within the 
market definition.
Final Rule
    In response to the comments analyzed above, the CFPB includes the 
proposed term ``general use'' in the Final Rule but defines it 
differently than the proposal did. Rather than adopting the proposal to 
define ``general use'' using the ``absence of significant limitations 
on the purpose'' standard and providing illustrative examples of 
activities that would or would not meet the standard, the Final Rule 
adopts an alternative standard that is clearer and more administrable, 
along with specific, enumerated exceptions. This approach addresses 
comments as discussed above and described below.
    For purposes of the Final Rule, ``general use'' is defined as 
usable for a consumer to transfer funds in a consumer payment 
transaction to multiple, unaffiliated persons. The CFPB is adopting 
this new standard because it is clearer and more administrable, and 
more closely aligns with the similar concept in Regulation E.\300\ The 
definition is subject to specific exceptions as described below.
---------------------------------------------------------------------------

    \300\ The term ``general use'' in the Final Rule has certain 
similarities to terms in Regulation E, 12 CFR part 1005, but differs 
in some substantive respects as specified below. Usage, or omission, 
of specific language from EFTA or Regulation E in the Final Rule is 
not an endorsement by the CFPB of any specific interpretation of 
EFTA or Regulation E.
---------------------------------------------------------------------------

    This approach is based upon similar concepts in Regulation E, and 
therefore improves clarity and reduces uncertainty. For example, 
Regulation E defines a prepaid card that has ``general use'' for 
purchases based on being ``[r]edeemable upon presentation at multiple, 
unaffiliated merchants for goods and services[.]'' \301\ Similarly, 
under the Final Rule, a payment functionality that facilitates payments 
to multiple, unaffiliated merchants for goods and services also would 
have ``general use,'' unless an exception applies. Also similar to 
Regulation E, a payment functionality would not meet the definition of 
``general use'' in the Final Rule if the consumer payment transactions 
it facilitates are solely for a single merchant and its affiliated 
companies.
---------------------------------------------------------------------------

    \301\ 12 CFR 1005.20(a)(3)(ii).
---------------------------------------------------------------------------

    In addition, consumers use digital consumer payment applications to 
transfer funds from additional types of payment methods beyond prepaid 
cards (e.g., other prepaid accounts, bank accounts, and credit cards) 
and to make payments to additional types of entities beyond merchants. 
Therefore, the CFPB does not view Regulation E as encompassing the full 
scope of activity that market participants include within their 
general-use digital consumer payment applications. For that reason, the 
Final Rule does not adopt the precise phrase used to define ``general 
use'' in the Regulation E definition of prepaid cards, which generally 
facilitate purchase transactions from merchants. The Final Rule instead 
adopts the phrase ``multiple, unaffiliated persons'' to define the 
universe of potential recipients of transfers of funds that determine 
whether a payment functionality has ``general use.'' \302\ If a covered 
payment functionality facilitates consumer payment transactions to 
multiple unaffiliated entities that are not merchants, it would qualify 
as having ``general use,'' unless an exception applies. Further, if a 
covered payment functionality facilitates consumer payment transactions 
to multiple individuals such as family or friends not acting as 
merchants, that covered payment functionality still would qualify as 
``general use'' for purposes of the Final Rule, unless an exception 
applies.\303\ Although this approach includes many common peer-to-peer 
transfer systems in the definition of ``general use,'' the CFPB 
disagrees with the industry commenters that this indicates the 
definition is too broad.\304\ As discussed above, given their mixed 
use, these covered payment functionalities often facilitate consumer 
payment transactions to sole proprietors and other small businesses 
anyway.
---------------------------------------------------------------------------

    \302\ See also Regulation E, 12 CFR 1005.2(b)(3)(i)(D)(2) 
(defining ``prepaid account'' to include accounts with the ``primary 
function [ ] to conduct person-to-person transfers'').
    \303\ The CFPA defines ``affiliate'' in section 1002(1) on the 
basis of a control relationship between two persons. Two consumers 
generally would not qualify as ``affiliates'' because they generally 
do not ``control'' one another for purposes of the CFPA.
    \304\ A number of industry commenters suggested the proposed 
definition was too broad because the Proposed Rule stated that a 
covered payment functionality dedicated to transferring funds to 
incarcerated people may have ``general use'' based on recipients' 
ability to use transferred funds for purchase of a variety of types 
of goods, even when those uses might not be subject to Regulation E. 
The Final Rule does not adopt that approach because the definition 
of ``general use'' in the Final Rule does not depend on the uses of 
funds by payment recipients.
---------------------------------------------------------------------------

    With regard to the list of examples in proposed paragraphs (A)-(D) 
that would not have met the proposed definition of ``general use,'' as 
described below, some are not adopted in the Final Rule because it 
already excludes them in other ways, others are maintained with 
modifications, and two are not adopted because the Final Rule includes 
the corresponding examples in the market.
    First, the Final Rule need not adopt proposed paragraph (A) because 
the CFPB understands that other revisions the Final Rule would make the 
exclusion in proposed paragraph (A) unnecessary.\305\ First, the Final 
Rule need not adopt proposed paragraph (A) because the CFPB understands 
that other revisions the Final Rule would make the exclusion in 
proposed paragraph (A) unnecessary. Specifically, if a merchant or 
marketplace sells or leases only specific types of goods, services, or 
other property, then a payment functionality that is limited to 
facilitating payments to that merchant or marketplace already would be 
excluded from the Final Rule for other reasons. For example, the 
definition of ``general use'' in the Final Rule already does not cover 
a payment functionality that facilities consumer payment transactions 
solely by facilitating a purchase from a single merchant or its 
affiliated companies, including a merchant providing any of the types 
of goods, services, or other property listed in proposed paragraph 
(A).\306\ Such activities do not facilitate payments to ``multiple, 
unaffiliated persons'' in the definition of ``general use.'' In 
addition, to the extent an online marketplace

[[Page 99630]]

operator's payment functionality facilitates payments to multiple, 
unaffiliated persons for the purchase of goods or services a consumer 
selects from the online marketplace (including a marketplace offering 
only specific types of goods or services), the online marketplace 
operator's conduct of those payment transactions already would be 
excluded from the definition of ``consumer payment transaction'' as 
described above.
---------------------------------------------------------------------------

    \305\ This approach also makes the definition of ``general use'' 
more consistent with similar concepts in Regulation E. Under 
paragraph (A) in the proposed definition of ``general use,'' a 
payment functionality that solely supports the purchase or lease of 
a specific type of services, goods, or other property from multiple, 
unaffiliated merchants would not have had ``general use.'' However, 
the relevant provisions of the definitions of ``prepaid account'' 
and ``general-use prepaid card'' in Regulation E apply to accounts 
redeemable at multiple unaffiliated merchants, regardless of whether 
they sell the same specific type of services, goods, or other 
property. 12 CFR 1005.2(b)(3)(i)(D)(2) & 1005.20(a)(3)(ii). By not 
including that exception, the definition of ``general use'' in the 
Final Rule is more consistent with Regulation E, which contains no 
such exclusion from the definition of ``general-use prepaid card'' 
or ``prepaid account'' discussed above.
    \306\ The definition of ``general use'' in the Final Rule also 
does not include a payment functionality that facilitates consumer 
payment transactions solely to purchase consumer financial products 
or services from a single provider and their affiliated companies.
---------------------------------------------------------------------------

    Second, the Final Rule adopts other examples described in proposed 
paragraphs (B) and (C) with certain modifications described below for 
clarity. In paragraph (B) of the proposed definition of ``general 
use,'' the CFPB proposed to exclude using certain accounts described in 
Regulation E section 1005.2(b)(3)(ii)(A), (C), and (D), which 
Regulation E excludes from the definition of ``prepaid account.'' The 
CFPB did not receive any comments agreeing or disagreeing with the 
exclusions described in proposed paragraph (B).\307\ Notwithstanding 
the adoption of a more specific definition of ``general use'' described 
above, the CFPB does not view these types of highly-specialized payment 
functionalities as having ``general use'' for purposes of this rule. 
For the reasons explained in the Proposed Rule as described above, the 
Final Rule therefore maintains these exclusions by listing them as 
exceptions.
---------------------------------------------------------------------------

    \307\ As noted above, two industry associations expressed 
general support for excluding closed-loop transactions in a manner 
consistent with Regulation E. In addition, while acknowledging the 
exclusion for using accounts described in 12 CFR 
1005.2(b)(3)(ii)(C), some consumer groups suggested that the Final 
Rule should clarify that other payment apps directed at 
servicemembers can have ``general use.'' Subject to the exceptions 
discussed here, the definition of ``general use'' in the Final Rule 
applies when to a covered payment functionality that facilitates 
payments to multiple, unaffiliated persons, regardless of whether 
the functionality is directed at servicemembers. In addition, as 
discussed above, one commenter sought clarification regarding how 
the CFPB reads the exclusion for using accounts described in 12 CFR 
1005.2(b)(3)(ii)(D), which the CFPB discusses above.
---------------------------------------------------------------------------

    In addition, the Final Rule adopts the exception in proposed 
paragraph (C) to pay a specific debt or type of debt. The Final Rule 
also clarifies that this exception excludes additional examples beyond 
loan servicing functionalities that facilitate repayment of extensions 
of consumer credit. The Final Rule states that this exception excludes 
payment functionalities provided solely for paying the following two 
types of debts: (1) Debts owed in connection with origination or 
repayment of an extension of consumer credit; or (2) Debts in default. 
Through these exceptions, the Final Rule separates the market it 
defines from other distinct markets as described below. It therefore 
does not include those payment functionalities in the definition of 
this market. With respect to the type of debts described in paragraph 
(1), just as the Proposed Rule did not seek to cover loan servicing 
such as the servicing of mortgage loans (which is part of the mortgage 
market), it also did not seek to cover payment functionalities that 
facilitate payments made in connection with origination of a mortgage 
loan (such as payments through closing or escrow accounts maintained by 
providers of real estate settlement services described in CFPA section 
1002(15)(A)(viii)).\308\ The revised exception clarifies this. In 
addition, in paragraph (1), the Final Rule specifies the payment of 
debts in default as a second type of debt payment functionality that is 
excluded by paragraph (B). Specifically, consumers may pay debts in 
default through a debt collector as defined in 15 U.S.C. 1692a(6).\309\ 
As noted in part III above, the CFPB already has issued a rule defining 
larger participants in a market for consumer debt collection, and may 
supervise service providers to such persons under CFPA section 1024(e). 
And consumers may repay extensions of credit or debts in default 
through a debt settlement firm as described in CFPA section 
1002(15)(A)(viii)(II).\310\ The CFPB also views the market for debt 
relief services as separate from the market for general-use digital 
consumer payment applications.\311\
---------------------------------------------------------------------------

    \308\ 12 U.S.C. 5481(15)(A)(iii). Real estate settlement 
services generally are part of a distinct market for mortgage 
lending that is subject to additional applicable Federal consumer 
financial laws such as the Real Estate Settlement Procedures Act, 12 
U.S.C. 2601 et seq.
    \309\ Fair Debt Collection Practices Act, 15 U.S.C. 1692a(6).
    \310\ 12 U.S.C. 5481(15)(A)(viii)(II) (one type of ``financial 
product or service'').
    \311\ Debt settlement is part of a distinct market that is 
subject to additional applicable Federal consumer financial laws 
such as the Telemarketing Sales Rule. 16 CFR part 310.
---------------------------------------------------------------------------

    Third, for the reasons described below, the Final Rule does not 
exclude the example described in proposed paragraph (D) for splitting 
charges for specific types of goods or services. As the industry 
association comment described above noted, consumers can use general-
use consumer payment applications to make payments for split expenses. 
For example, a consumer may transfer funds to a friend or family member 
as reimbursement for food or other expenses. Whether the provider 
markets its digital application primarily for that use, or for other 
uses, it can meet the definition of ``general use'' adopted in this 
Final Rule. The CFPB does not believe this change significantly affects 
the market-related estimates discussed in the section-by-section 
analysis of the larger-participant test below or the impacts analyses 
in part VII below. For example, online marketplaces may help consumers 
to split bills and make associated payments in circumstances that 
already are excluded from the definition of ``consumer payment 
transaction.'' \312\ In addition, other products and services marketed 
as ``bill splitting apps'' may help consumers to calculate the amount 
each consumer will pay, but either do not help consumers to make the 
associated payments or refer consumers to a third-party's general-use 
digital consumer payment application to make the associated payments.
---------------------------------------------------------------------------

    \312\ For example, if a consumer selects food for purchase by 
placing a restaurant order through an online marketplace platform 
operator that also conducts transactions to split the bill for that 
purchase, such activity may qualify for the exclusion in paragraph 
(C) of the definition of ``consumer payment transaction.''
---------------------------------------------------------------------------

    Finally, the CFPB reiterates that each of the exceptions from the 
definition of ``general use'' in paragraphs (A) through (C) of the 
Final Rule is for a payment functionality provided through a digital 
application solely to support payments of the type listed in the 
exception. If a nonbank provides a payment functionality through a 
digital application to support one of the types of payments in 
paragraphs (A) through (C), but also to support peer-to-peer transfers 
to other accountholders generally, then it would still have general 
use, as described above.
State
    Proposed Sec.  1090.109(a) would have defined the term ``State'' to 
mean any State, territory, or possession of the United States; the 
District of Columbia; the Commonwealth of Puerto Rico; or any political 
subdivision thereof. For consistency, the CFPB proposed to use the same 
definition of ``State'' as used in the international money transfer 
larger participant rule, Sec.  1090.107(a), which drew its definition 
from Regulation E subpart A.\313\ The CFPB requested comment on the 
proposed definition of State. No commenters addressed this aspect of 
the Proposed Rule, which the Final Rule adopts as proposed.
---------------------------------------------------------------------------

    \313\ See International Money Transfer Larger Participant Final 
Rule, 79 FR 56631 at 56641.
---------------------------------------------------------------------------

109(b) Test To Define Larger Participants

    Proposed Sec.  1090.109(b) would have set forth a test to determine 
which

[[Page 99631]]

nonbank covered persons are larger participants in a market for 
general-use digital consumer payment applications as described in 
proposed Sec.  1090.109(a). Under the proposed test, a nonbank covered 
person would have been a larger participant if it meets each of two 
criteria set forth in paragraphs (1) and (2) of proposed Sec.  
1090.109(b) respectively. First, paragraph (1) specified that the 
nonbank covered person must provide annual covered consumer payment 
transaction volume as defined in paragraph (3) of proposed Sec.  
1090.109(b) of at least five million transactions. Second, paragraph 
(2) specified that the nonbank covered person must not be a small 
business concern based on the applicable SBA size standard listed in 13 
CFR part 121 for its primary industry as described in 13 CFR 121.107. 
The Final Rule summarizes and responds to comments about the test in 
the section-by-section analysis of this proposed definition below.\314\
---------------------------------------------------------------------------

    \314\ As the Proposed Rule noted, prior to issuing the Proposed 
Rule, the CFPB conducted analysis of data sources as described in 
parts IV, V and VI of the Proposed Rule to identify likely market 
participants, and, to the extent of available data: (1) to inform 
its general understanding of the market; and, relatedly, (2) to 
estimate the level of market activity by market participants, the 
degree to which market participants would be small entities, and the 
level of market activity by larger participants. These estimates 
therefore relied to some degree on preliminary entity-level analysis 
that is not dispositive of whether the CFPB would ever seek to 
initiate supervisory activity at a given entity or whether, in the 
event of a person's assertion that it is not a larger participant, 
the person would be found to be a larger participant.
---------------------------------------------------------------------------

Comments Received
    Comments from two industry providers, two trade associations, and 
some Members of Congress commenters stated that the description in the 
Proposed Rule of the confidential data it relied upon was insufficient 
to allow for meaningful comment. As described below, these comments 
generally focused on two types of data the Proposed Rule did not 
release: confidential data about market participants' activities that 
the CFPB used to estimate their larger participant status, and, 
relatedly, the identities of the individual entities included in the 
Proposed Rule's estimate of the number of market participants that 
would qualify as larger participants.
    With regard to the proposal's estimate of 17 larger participants, 
several Members of Congress criticized the Proposed Rule for not 
identifying the individual firms included in the estimate. They stated 
that the Proposed Rule was not specific enough to allow the public to 
identify larger participants, which they stated was necessary for the 
public to understand the implications of the proposal and to provide 
comprehensive feedback on its impact. A group of industry associations 
also stated that uncertainty in the proposed definition of ``general 
use'' left uncertainty about the identities of firms included in the 
estimate. Meanwhile, a banking industry association suggested that, 
separate from the rulemaking, the CFPB should publish a list of larger 
participants that are subject to supervision to help consumers and 
industry to better evaluate their relationships with these nonbanks.
    Some of these industry commenters also stated that the CFPB should 
release information about the confidential transaction data for 
individual firms that it used to make its estimates concerning the 
number of larger participants and their share of market participant 
that the Proposed Rule used in support of the proposed threshold. Two 
of these comments stated that the CFPB must release the data it relied 
upon, while the other comment called for releasing what it called a 
sanitized version of the NMLS data it used. One indicated that it 
needed such additional information to comment on the Proposed Rule's 
estimate of the percentage of the market that larger participants 
comprised. This commenter also noted the acknowledgment in the Proposed 
Rule that the NMLS data may be overinclusive or underinclusive, and its 
acknowledgment about the lack of sufficient data to estimate larger 
participant status for certain market participants. Some of these 
commenters added that, in their view, more than 17 companies would 
qualify as larger participants, due in significant part to the 
inclusion of pass-through payment wallet functionalities within the 
market definition.
    Another industry association stated more generally that the 
Proposed Rule was not sufficiently transparent and that the rulemaking 
needs to provide more comprehensive information and justification for 
the threshold, which it stated should be sector-specific.\315\
---------------------------------------------------------------------------

    \315\ An industry commenter also noted in a footnote that they 
believed the CFPB could not rely upon data collected through its 
2021 section 1022(c)(4) orders because, in their view, the CFPB did 
not comply with the Paperwork Reduction Act (PRA).
---------------------------------------------------------------------------

Response to Comments Received
    The CFPB disagrees with commenters that the Proposed Rule did not 
provide sufficient information for commenters to offer meaningful 
comment. As discussed in the proposal and further below, the CFPB 
provided commenters with extensive information about the data and other 
evidence supporting the rule to enable informed comment, including the 
sources of data, the CFPB's methodology for analyzing the data, 
descriptions of market concentration, and the limitations of the data. 
While the Proposed Rule did not disclose entity-level transaction 
volume and revenue data, entities in this market generally keep this 
information confidential and do not disclose it to the public.\316\ The 
Bureau has routinely gathered this information in carrying out its 
statutory functions with the understanding that such information will 
be kept confidential consistent with the CFPA and its implementing 
rules.
---------------------------------------------------------------------------

    \316\ As noted below, the only exception is well-known entities 
in the market that are public companies, which disclose revenue 
information in public securities filings.
---------------------------------------------------------------------------

    Congress anticipated that the CFPB would collect and rely on 
confidential data from a variety of sources to support its rulemaking 
and other statutory functions, and that it would use that information 
in a way designed to protect its confidentiality.\317\ The confidential 
transaction and revenue data that the CFPB relied on in the Proposed 
Rule came from two sources that the Bureau had access to: confidential 
supervisory information regularly shared by the States through NMLS and 
data obtained via the CFPB's market monitoring functions.\318\
---------------------------------------------------------------------------

    \317\ See 12 U.S.C. 5512(c)(1), (c)(3)(B), (c)(4), (c)(6), 
(c)(8); see also 12 CFR part 1070.
    \318\ See 12 U.S.C. 5512(c)(8); 12 CFR part 1070.
---------------------------------------------------------------------------

    As the Proposed Rule indicated, the States collect nonpublic NMLS 
money services business call report data under explicit assurances of 
confidentiality.\319\ The NMLS collects all of this commercial or 
financial information from the States as part of State supervisory 
functions, also under assurances of confidentiality. On behalf of the 
States, the State financial regulator association that operates NMLS 
authorized the CFPB to use this robust dataset if it complied with the 
NMLS confidentiality conditions. When this information is shared with 
the CFPB, the CFPB also treats it as confidential supervisory 
information, which is generally protected from

[[Page 99632]]

disclosure by statute and CFPB implementing regulations.\320\
---------------------------------------------------------------------------

    \319\ The Proposed Rule (88 FR 80107 at 80209-10 n.83 & n.90) 
identified the public NMLS website with detailed information about 
the type of data collected in NMLS money services business call 
reports. In those materials, NMLS emphasizes to money services 
business that ``[a]ll data submitted in the [MSB call] report is 
confidential[.]'' NMLS MSB Call Report Overview and Definitions at 6 
(``Information Sharing''), https://mortgage.nationwidelicensingsystem.org/licensees/resources/LicenseeResources/MSBCR%20Overview%20-%20(FINAL).pdf (last visited 
Nov. 8, 2024).
    \320\ CFPA sec. 1022(c)(6), 12 U.S.C. 5512(c)(6); 12 CFR 
1070.40-48. The CFPB similarly would be obligated to keep such 
information confidential had it collected the information directly 
from the entities, see 12 CFR 1070.40-1070.48, in addition to 
increasing the burden on industry with duplicative requests, cf. 12 
U.S.C. 5514(b)(3).
---------------------------------------------------------------------------

    The Proposed Rule explained that the CFPB also collected certain 
information pursuant to orders issued pursuant to section 1022(c)(4) of 
the CFPA. Those orders provided that the CFPB will treat the 
information received in response to the order in accordance with its 
confidentiality regulations at 12 CFR 1070.40 through 1070.48.\321\ 
Confidential commercial or financial information about specific 
transaction volume collected through those orders also generally would 
be protected by FOIA exemption 4,\322\ and therefore would qualify as 
confidential information under 12 CFR 1070.2(f).\323\
---------------------------------------------------------------------------

    \321\ See https://files.consumerfinance.gov/f/documents/cfpb_section-1022_generic-order_2021-10.pdf (last visited Nov. 7, 
2024) (sample 1022 order on website cited in proposal, 88 FR 80197 
at 80210 n.90, where the CFPB explained that ``it obtained 
transaction and revenue data from six technology platforms offering 
payment services through a CFPB request pursuant to CFPA section 
1022(c)(4)''). See CFPB Orders Tech Giants to Turn Over Information 
on their Payment System Plans (Oct. 21, 2021) (CFPB 1022 Orders 
Press Release), https://www.consumerfinance.gov/about-us/newsroom/cfpb-orders-tech-giants-to-turn-over-information-on-their-payment-system-plans/.
    \322\ See Food Mktg. Inst. v. Argus Leader Media, 588 U.S. 427 
(2019).
    \323\ The CFPB also disagrees with the comment suggesting that 
the CFPB's section 1022(c)(4) orders did not comply with the PRA. 
These orders, which the CFPB addressed to six entities, were not 
subject to the PRA requirements. See 5 CFR 1320.3(c)(4) (defining 
``collection of information'' from ``ten or more persons'' as 
subject to PRA).
---------------------------------------------------------------------------

    In the CFPB's experience, virtually no market participants publicly 
disclose their volume of consumer payment transactions as defined in 
the Proposed Rule, and unless a firm is a public company, it does not 
disclose its revenues. No commenters suggested that the individual 
firm-level transaction volume data or the revenue data of companies 
that are not public companies was not confidential information or 
generally available to anyone but the individual company itself. As 
discussed in the impacts analyses, in response to the proposal's 
request for data, no commenters provided or pointed to sources of 
additional relevant data.\324\
---------------------------------------------------------------------------

    \324\ 88 FR 80197 at 80211. As discussed in the section-by-
section analysis above, some commenters stated that the CFPB should 
use additional data sources to estimate the volume of consumer 
payment transactions that transfer digital assets such as crypto-
assets and stablecoins. However, as discussed below, the Final Rule 
does not cover those transactions. Therefore, those data sources are 
not pertinent to the Final Rule.
---------------------------------------------------------------------------

    The CFPB reasonably relied on this confidential transaction data 
and revenue data in the Proposed Rule to provide estimates of the 
number of firms that would qualify as larger participants compared to 
the overall number of estimated market participants and estimates of 
larger participants' market participation share of market activity. To 
conduct a preliminary entity-level analysis of which market 
participants may qualify as a larger participant under the Proposed 
Rule, the CFPB generally needed to use available data about the two 
criteria for the proposed larger-participant test--an entity's consumer 
payment transaction volume and its revenues (which generally governs 
small business concern status under applicable size standards).
    The absence of such information provided by commenters supports the 
conclusion that the money services business call reports when combined 
with the CFPB's section 1022(b) order responses are the most 
comprehensive sources available for estimating transaction volume at 
the firm level for purposes of this rule. Both sources collect 
information about consumer payments facilitated in the United States by 
market participants. In addition, no commenter indicated that an 
individual firm itself did not have access to its own transaction 
volume data or its revenue data with which to assess its own larger 
participant status under the Proposed Rule. Comments describing 
potential difficulty individual firms could face in relying on 
available data to assess larger participant status referred to 
difficulties in counting of digital assets transactions, which the 
Final Rule does not include in the larger-participant test, as 
described below.
    Courts have held that an agency can rely on confidential 
information in its rulemaking so long as the agency discloses 
``sufficient factual detail and rationale for the rule to permit 
interested parties to comment meaningfully.'' \325\ Here, the Proposed 
Rule disclosed, among other information: (1) the sources of the data; 
(2) meaningful sources of additional public information about the data; 
\326\ (3) the methodologies used to analyze the data; (4) the results 
of deploying those methodologies; (5) that the data indicated that the 
market was highly concentrated, with a few entities facilitating 
hundreds of millions or billions of consumer payment transactions 
annually; \327\ (6) that only about one percent of market activity was 
conducted by an estimated three entities with transaction volume 
between the five and 10 million transaction thresholds considered in 
the Proposed Rule; \328\ (7) aggregate transaction estimates for the 
proposal's estimated 17 larger participants; (8) the extent to which 
the data sources did not include relevant data; and (9) the potential 
for uncertainty in its estimates based on the nature of the data. This 
detailed information enabled commenters to provide meaningful comment 
on, and criticize, the basis for the proposed test to define ``larger 
participants'' in the proposed market, and meaningful comment on 
whether the Final Rule should adopt a higher, lower, or different 
threshold for the larger-participant test. As described further below, 
the CFPB received extensive, meaningful comment on these very questions 
(as well as numerous other aspects of the rule). The industry 
commenters described above also did not explain what additional 
information could be provided that would address their comments.
---------------------------------------------------------------------------

    \325\ See Fla. Power & Light Co. v. United States, 846 F.2d 765, 
771 (D.C. Cir. 1988); see also Riverkeeper Inc. v. EPA, 475 F.3d 83, 
112 (2d Cir. 2007); rev'd on other grounds, 556 U.S. 208 (2009).
    \326\ 88 FR 80197 at 80210 n.90 (providing links to NMLS and 
CFPB public websites where commenters could review descriptions of 
the type of data identified in the proposed rule and how the data 
was collected, including sample 1022 order and NMLS Money Services 
Business Call Report Overview described above).
    \327\ 88 FR 80197 at 80210. See also, e.g., FIS 2023 Global 
Payments Report at 16 (``North America's credit and debit card 
markets are increasingly intermediated by a handful of major digital 
wallet brands. These initially consisted of PayPal, Google Pay and 
Apple Pay, but challengers such as Shop Pay (Shopify's checkout 
solution) and Cash App Pay (recently becoming an open loop wallet) 
have joined the playing field.''); 2022 Survey and Diary of Consumer 
Payment Choice: Summary Results, supra, at 1 (noting that two-thirds 
of consumers reported that they had adopted an online payment 
account such as PayPal, Venmo, or Zelle). The Proposed Rule cited 
both of these sources at 88 FR 80197 at 80200 n.25.
    \328\ 88 FR 80197 at 80210.
---------------------------------------------------------------------------

    The CFPB disagrees with the industry comments stating that it was 
necessary for the Proposed Rule to unmask confidential data, or 
otherwise provide additional information regarding confidential data, 
in order to allow for meaningful comment. As discussed above, the CFPB 
is obligated to maintain the confidentiality of the confidential 
transaction volume and revenue data described above. The CFPB could not 
provide a de-identified list of entities linked to their transaction 
and revenue data without significant risk of unmasking confidential 
data, nor did commenters provide any suggestions as to how the CFPB 
could disclose the data in a way that would both preserve 
confidentiality and improve commenters' ability to provide

[[Page 99633]]

meaningful comment on the Proposed Rule.
    The CFPB also declines the request by certain industry commenters 
to publicly disclose the identities of individual firms that comprised 
the rule's estimate of the number of larger participants. That CFPB 
notes that, in their comments, several commenters specifically 
identified firms they believed would be larger participants, indicating 
that many commenters believed that they did not need the CFPB to 
identify those larger participants in order to provide meaningful 
comment on the rule. In any event, the CFPB disagrees that the 
identities of the estimated larger participants were critical facts 
that commenters needed in order to provide meaningful comment. As 
disclosed in the proposal, the CFPB relied on a number of 
considerations to define the market (discussed above) and the larger 
participant test (discussed below), none of which were the identities 
of potential larger participants. Based on those considerations, the 
information in the proposal described above, and the rest of the 
proposal, many commenters made specific comments on the proposed market 
definition and proposed threshold, which the CFPB has fully considered 
and responded to above (on the market definition) and below (on the 
larger participant test).\329\ The industry commenters seeking release 
of the list of 17 firms did not explain how public disclosure of their 
identities would allow for more meaningful comment. Further, these 
industry comments did not explain how the CFPB could make the 
disclosures they requested without disclosing confidential information, 
such as implications from such disclosure that could reveal 
confidential entity-level transaction information that the States 
obtained through their supervisory functions and made available to the 
CFPB through NMLS or information that an entity may customarily and 
actually treat as private.\330\
---------------------------------------------------------------------------

    \329\ For example, many industry and some nonprofit commenters 
explained in detail why they believed the proposed market definition 
was too broad and why the proposed larger participant test would 
cover more larger participants than the CFPB estimated. However, 
none of those commenters stated how the methodology and data sources 
the proposal used and disclosed would have led the CFPB to fail to 
estimate any particular entity as a larger participant. And, as 
noted above, no firms provided additional data in response to the 
CFPB request.
    \330\ For example, disclosing the identities of the 17 estimated 
larger participants in the Proposed Rule would have revealed that 
the entities had greater than 5 million consumer payment 
transactions based on the data available to the CFPB. And disclosing 
the names of all seven entities estimated to be larger participants 
in this Final Rule would then reveal that the 10 entities who are no 
longer estimated to be larger participants have between 5 and 50 
million consumer payment transactions per year.
---------------------------------------------------------------------------

    Finally, even if the CFPB's estimates had relied entirely on public 
data (which they could not), public disclosure of the identities of 
estimated larger participants also may be misleading and incompatible 
with the administrative process that CFPB has established to determine 
which entities are larger participants.\331\ As the Proposed Rule 
noted, the market-wide estimates of the rule's scope and impact are 
based only on ``preliminary entity-level analysis that is not 
dispositive'' of larger participant status or whether the CFPB would 
conduct supervisory activity of the entity.\332\ As a result, 
publishing the CFPB's preliminary entity-level analysis could 
misleadingly suggest that the CFPB already has determined these 
entities' larger participant status. However, that is not the purpose 
of the CFPB's preliminary entity-level analysis, which instead informs 
market-wide estimates of the aggregate scope and impact of the rule. By 
contrast, for markets in which the CFPB has finalized larger 
participant rules, the CFPB administers a separate process for such 
evaluation under section 103 of its larger participant regulation at 
part 1090. Based on notice-and-comment rulemaking, it designed that 
process to assess which entities qualify as larger participants. As 
described in the Proposed Rule, to determine if an individual entity 
qualifies as a larger participant, the CFPB can use that same section 
103 process to request confidential supervisory information from the 
entity and the entity may voluntarily submit such information including 
to dispute it qualifies as a larger participant.\333\ The confidential 
supervisory process established in section 103 of part 1090 is an 
appropriate means for the CFPB to determine which entities are a larger 
participants.\334\
---------------------------------------------------------------------------

    \331\ See 12 CFR 1090.103(d) & (a). See also 88 FR 80197 at 
80198.
    \332\ 88 FR 80197 at 80208 n.77. Even when publishing the 
highlights of supervisory findings of violations of Federal consumer 
financial law, the CFPB does not identify individual entities. See 
CFPB Supervisory Highlights Issue 35, Fall 2024 at 3 (``To maintain 
the anonymity of the supervised institutions discussed in 
Supervisory Highlights, references to institutions generally are in 
the plural and the related findings may pertain to one or more 
institutions.''), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights-special-ed-auto-finance_2024-10.pdf 
(last visited Nov. 6, 2024).
    \333\ See 12 CFR 1090.103(d) and (a). See also 88 FR 80197 at 
80198.
    \334\ With regard to the banking industry association's comment 
seeking publication, outside of the rulemaking process, of the names 
of larger participants, the CFPB declines to address that comment 
because it is beyond the scope of the rulemaking itself.
---------------------------------------------------------------------------

Final Rule
    In consideration of the comments described above on data used in 
the Proposed Rule and comments on the criteria and threshold for the 
proposed larger-participant test described below, the Final Rule adopts 
the two proposed criteria--annual covered consumer payment transaction 
volume and small business concern status. As described below, the Final 
Rule makes certain adjustments to the calculation of annual covered 
consumer payment transaction volume (by counting only those 
transactions denominated in U.S. dollars) and the threshold volume that 
determines when entities that are not small business concerns qualify 
as larger participants (adopting a significantly higher volume, of 50 
million).
Criteria
Proposed Rule
    The Proposed Rule reiterated that the CFPB has discretion in 
choosing criteria for assessing whether a nonbank covered person is a 
larger participant of a market.\335\ It explained how the CFPB selects 
criteria that provide ``a reasonable indication of a person's level of 
market participation and impact on consumers.'' \336\ It noted how 
previous larger participant rulemakings acknowledged that, for any 
given market, there may be ``several criteria, used alone or in 
combination, that could be viewed as reasonable alternatives.'' \337\
---------------------------------------------------------------------------

    \335\ See, e.g., 77 FR 42874 at 42887 (consumer reporting larger 
participant rule describing such discretion); 77 FR 65775 at 65785 
(same, in consumer debt collection larger participant rule).
    \336\ 77 FR 42874 at 42887 (consumer reporting larger 
participant rule); see also 80 FR 34796 at 37513 (automobile 
financing larger participant rule describing how aggregate annual 
originations are a ``meaningful measure'' of such participation and 
impact); 78 FR 73383 at 73393-94 (same, for account volume criterion 
in student loan servicing larger participant rule).
    \337\ 77 FR 65775 at 65785 (consumer debt collection larger 
participant rule).
---------------------------------------------------------------------------

    Here, the CFPB proposed to combine the two criteria described 
above: the annual covered consumer payment transaction volume and the 
size of the entity by reference to SBA size standards. The Proposed 
Rule's larger-participant test would have combined these criteria as 
follows: a nonbank covered person would have been a larger participant 
if its annual covered consumer payment transaction volume exceeded the 
proposed threshold, discussed in the section-by-section

[[Page 99634]]

analysis further below, and, during the same time period (i.e., the 
preceding calendar year), it was not a small business concern.
    The first criterion would have been based on the number of consumer 
payment transactions. Specifically, proposed Sec.  1090.109(b)(3) would 
have defined the term ``annual covered consumer payment transaction 
volume'' as the sum of the number of the consumer payment transactions 
that the nonbank covered person and its affiliated companies 
facilitated by providing general-use digital consumer payment 
applications in the preceding calendar year.\338\ The Proposed Rule 
explained how the CFPB viewed this to be an appropriate criterion for 
defining larger participants in a market defined by reference to 
products that facilitate certain consumer payments. Each transaction 
counted under this criterion also generally is a payment. In that way, 
a transaction is essentially a well-understood unit of market activity.
---------------------------------------------------------------------------

    \338\ Under the CFPA, the activities of affiliated companies are 
to be aggregated for purposes of computing activity levels in larger 
participant rules. See 12 U.S.C. 5514(a)(1)(B), (3)(B).
---------------------------------------------------------------------------

    The Proposed Rule further noted that, as in the CFPB's 
international money transfer larger participant rule, here the number 
of transactions also reflects the extent of interactions between the 
nonbank covered person providing the in-market consumer financial 
product or service. Each one-time consumer payment transaction 
typically results from a single interaction with at least one 
consumer.\339\ And, in the case of recurring consumer payment 
transactions, consumers also have at least one interaction with the 
covered persons in the market. The number of transactions also is a 
common indicator of market participation.\340\
---------------------------------------------------------------------------

    \339\ See, e.g., 79 FR 56631 at 56641 (international money 
transfer larger participant rule noting that the absolute number of 
transactions ``reflects the extent of interactions'' between the 
provider and the consumer because ``each transfer represents a 
single interaction with at least one consumer'').
    \340\ State regulators, for example, require money transmitters 
to report this metric. See generally NMLS, Money Services Business 
Call Report, https://mortgage.nationwidelicensingsystem.org/slr/common/Pages/MoneyServicesBusinessesCallReport.aspx (last visited 
Oct. 23, 2023).
---------------------------------------------------------------------------

    The Proposed Rule stated that the CFPB considered proposing 
different criteria, such as the dollar value of transactions or the 
annual receipts from market activity, and explained why it did not 
propose either of those alternatives. First, digital wallets often are 
used for consumer retail spending, which can grow in amount through 
inflation. For the proposed market that included digital wallets, a 
dollar value criterion may become affected by inflation or other 
factors.\341\ At the same time, as the Proposed Rule noted, in general, 
a higher number of transactions also may often comprise a higher dollar 
value of transactions.
---------------------------------------------------------------------------

    \341\ In addition, as discussed in the impacts analyses in parts 
V and VI of the Proposed Rule, some of the data sources the CFPB 
relied upon in formulating the Proposed Rule may be overinclusive by 
including certain payments that are not within the market defined in 
the Proposed Rule, such as certain business-to-business payments. 
Those payments may have higher dollar values. The Proposed Rule 
noted how it would have been less affected by those data distortions 
by proposing number of transactions as a criterion.
---------------------------------------------------------------------------

    With respect to annual receipts, the Proposed Rule explained that 
data was less available, especially for market participants that are 
not publicly traded or that do not file call reports on money 
transmission at the State level. In addition, in the context of the 
market at issue, the Proposed Rule noted that an annual receipts 
criterion could miss significant market participation and consumer 
impacts, such as where a provider is subsidizing a product or otherwise 
not earning significant per-transaction revenues.
    As noted above, the CFPB proposed a second criterion that also must 
be satisfied for a nonbank covered person to be a larger participant, 
in addition to the annual covered payment volume criterion. Under the 
second criterion, in the previous calendar year, the nonbank must not 
have been a ``small business concern'' as that term is defined by 
section 3(a) of the Small Business Act, 15 U.S.C. 632(a), and 
implemented by the SBA under 13 CFR part 121, or any successor 
provisions. Thus, under the Proposed Rule, an entity would have been a 
small business concern if its size were at or below the SBA standard 
listed in 13 CFR part 121 for its primary industry as described in 13 
CFR 121.107.\342\
---------------------------------------------------------------------------

    \342\ In addition, under the SBA's regulations, a concern's size 
is measured by aggregating the relevant size metric across 
affiliates. See 13 CFR 121.103(a)(6) (``In determining the concern's 
size, SBA counts the receipts, employees, or other measure of size 
of the concern whose size is at issue and all of its domestic and 
foreign affiliates, regardless of whether the affiliates are 
organized for profit.'').
---------------------------------------------------------------------------

    The CFPB proposed this second criterion because it was not seeking 
to use this rulemaking as a means of expending its limited supervisory 
resources to examine small business concerns. The consumer digital 
payments applications market is potentially broad and dynamic, with 
rapid technological developments and new entrants. But many well-known 
market participants have large business operations that have an impact 
on millions of consumers. As explained in the Proposed Rule, in light 
of its resources, the CFPB believes that it would be preferable to 
focus on larger entities, instead of requiring all entities with an 
annual covered consumer payment transaction volume over five million to 
be subject to supervisory review under the Proposed Rule. If a 
particular nonbank covered person were a small business concern 
participating in this market in a manner that posed risks to consumers, 
the CFPB has authority to pursue risk-based supervision of such an 
entity pursuant to CFPA section 1024(a)(1)(C).\343\
---------------------------------------------------------------------------

    \343\ 12 U.S.C. 5514(a)(1)(C). See generally 12 CFR part 1091 
(regulations implementing CFPA section 1024(a)(1)(C)).
---------------------------------------------------------------------------

    The CFPB requested comment on its proposed criteria, including 
whether, instead of basing the annual volume criterion described above 
on number of consumer payment transactions, it should be based on a 
different metric, such as the dollar value of consumer payment 
transactions, and, if so, why.
Comments Received
    A few industry commenters addressed the proposed criteria of volume 
of consumer payment transactions. Two industry associations and a law 
firm commenter stated that the amount (value) of a consumer payment 
transaction more directly correlates with risks to consumers than their 
frequency (volume).\344\ In their view, if two entities have the same 
transaction volume, then the one facilitating the higher dollar amount 
typically poses greater risk to consumers.\345\ Thus, in the view of 
one of these commenters, a test based on transaction value would better 
facilitate the CFPB's operation of a risk-based nonbank supervision 
program as required by CFPA section 1024(b)(2). The second commenter 
stated that the CFPB should consider either a transaction value 
threshold alone or in conjunction with transaction volume. In its view, 
the proposal field to articulate a connection between transaction 
volume and risks to consumers across the various different types of 
activity in the market. The third commenter stated that either approach 
could be done, but recommended the combined approach in order to ensure 
the rule captures only larger participants. Finally, another industry 
association stated that to profitably

[[Page 99635]]

serve lower-income consumers who conduct transactions with lower 
values, companies needed to engage in higher volumes of activity; but 
rather than describing this as a reason to use a different criteria, it 
described this as a reason to increase the transaction volume 
threshold, as discussed below.
---------------------------------------------------------------------------

    \344\ The industry association commenters also stated that the 
risks are different for firms that hold or transmit funds compared 
to those that transmit payment instructions or act as merchant 
payment processors.
    \345\ At the same time, the law firm commenter indicated that, 
in its view, entities with lower consumer payment transaction 
volumes also generally pose less risk to consumers.
---------------------------------------------------------------------------

    Some comments also addressed the proposed second criteria, an 
exclusion for entities that qualified as a small business concern in 
the previous year. Several commenters supported an exclusion for small 
businesses in general,\346\ though some stated that the exclusion did 
not change their views, discussed further below, that the proposed 
consumer payment transaction volume threshold was much too low. No 
commenter disagreed with excluding small business concerns from larger 
participant status with respect to transactions covered by the Final 
Rule.\347\ For example, two banking industry associations supported the 
proposed exclusion for a small business concern. Another industry 
association stated that it supported the proposed exclusion because it 
believed small business concerns should be provided more flexibility 
than its competitors to innovate and grow. This commenter also stated 
that the rulemaking should provide a fuller explanation of its impact, 
including whether the CFPB had identified any companies that exceed an 
annual consumer payment transaction volume threshold but would have 
qualified as small business concerns. It suggested that to the extent 
that small business concerns have a volume that exceeds the proposed 
threshold, this would support their view that the proposed transaction 
threshold was too low. It stated that consideration would be relevant 
not only with regard to the proposed threshold of five million annual 
consumer payment transactions, but also to potential thresholds of 50 
million and 500 million annual consumer payment transactions. It also 
stated that the rule should consider what advantages a small business 
concern would have as a result of such an exclusion. Another industry 
association stated that the proposed small business exclusion was 
inadequate for identifying larger participants in this market for 
several reasons, including that the small business size standard 
updates every five years are not frequent enough for this market in 
light of its ongoing growth, the variety of product offerings market 
participants have means they can exceed the small business threshold 
even with small volumes of market activity, and, by their estimate, 
even based only on the market activity alone a small or medium-sized 
market participant serving approximately 220,000 consumers could exceed 
the highest potentially-applicable small business concern cutoff by 
charging a one percent fee on the value of the average consumer 
activity levels. Finally, another industry association agreed that many 
small businesses and startups have annual receipts that exceed small 
business concern size standards, in light of users' average annual 
digital payment transaction values (which it stated were $7,610 in 
2023).
---------------------------------------------------------------------------

    \346\ An individual commenter that expressed general support for 
the Proposed Rule also stated that the CFPB should clarify the 
methods and data sources the CFPB would use to determine small 
business concern status.
    \347\ Some commenters focused on the digital asset industry 
stated that the exclusion would be unfair to entities not eligible 
for small business status such as foreign businesses or nonprofits 
or entities that may be small but ineligible for small business 
concern status because they are dominant in their field.
---------------------------------------------------------------------------

Response to Comments Received
    With regard to comments calling for the Final Rule to use a 
criteria other than the volume of consumer payment transactions, none 
of these commenters addressed the Proposed Rule's rationale for 
proposing a volume rather than value-based criterion: the potential for 
inflation to shrink the coverage of the rule under a value-based 
criterion, and the potential for greater distortion to the extent data 
relied upon included business-to-business transactions that would not 
be in the market.\348\ For those reasons, the CFPB continues to favor 
use of a transaction volume criterion. In addition, the CFPB agrees 
with the industry comment noting that lower-income consumers have 
significant adoption levels for general-use digital consumer payment 
applications. Compared with consumers that have higher incomes, 
smaller-dollar transactions by lower-income consumers generally would 
comprise a larger share of their disposable income. Their payment 
activity therefore may be better captured by a transaction volume 
criterion. Finally, the CFPB disagrees with the suggestion by a few 
commenters that the rule adopt an additional criteria, such as 
combining transaction volume and value. That approach would increase 
complexity in the administration of the rule and, given the 
significantly higher consumer payment transaction volume threshold 
adopted in the Final Rule discussed below, would not be necessary to 
ensure the rule only identifies bona fide larger participants. In any 
event, when the CFPB prioritizes entities for examination based on 
indicators of risk, the CFPA provides a basis for the CFPB to consider, 
among other factors, not just the number but also the value of consumer 
payment transactions facilitated.\349\
---------------------------------------------------------------------------

    \348\ 88 FR 80197 at 80209.
    \349\ See CFPA section 1024(b)(2)(B), (E). 12 U.S.C. 
5514(b)(2)(B), (E).
---------------------------------------------------------------------------

    The CFPB agrees with the commenters that a small business concern 
exclusion is appropriate for this larger participant rule. This 
exclusion will ensure that the CPFB's exercise of its larger 
participant supervisory authority under this rule does not extend to 
small business concerns. The CFPB disagrees with the industry 
association commenter to the extent it was suggesting this exclusion is 
likely to confer undue advantages on small business concerns. As 
discussed in the below section-by-section analysis of the threshold for 
the larger-participant test, which the Final Rule sets at 50 million 
consumer payment transactions annually, available data does not 
establish that any nonbank market participant that exceeds that 
threshold would qualify as a small business concern. And even if a 
small business concern were to exceed the threshold, it would not 
necessarily avoid CFPB supervision simply due to not qualifying as a 
larger participant under this rule. For example, if its risk profile 
warranted prioritization for an exam, then the CFPB also may consider 
it for supervisory designation under CFPA section 1024(a)(1)(C). 
Finally, with regard to comments that the exclusion is inadequate to 
define larger participants (including comments stating that companies 
with volumes at or slightly above the proposed threshold of five 
million annual consumer payment transactions are unlikely to qualify as 
small business concerns under SBA size standards), the CFPB understands 
those comments to be primarily focused on the threshold for the other 
proposed criteria for the larger-participant test (the annual covered 
consumer payment transaction volume threshold). The CFPB further 
discusses comments on that threshold below.
Final Rule
    As explained further above, the Final Rule adopts the two proposed 
criteria, and makes certain changes to the threshold and its 
calculation, as described below.

[[Page 99636]]

Threshold
Proposed Rule
    Under the Proposed Rule, a nonbank covered person would have been a 
larger participant in a market for general-use digital consumer payment 
applications if the nonbank covered person satisfies two criteria. 
First, it must facilitate an ``annual covered consumer payment 
transaction volume,'' as defined in proposed Sec.  1090.109(b)(3), of 
at least five million transactions. As explained in proposed Sec.  
1090.109(b)(3)(i), the volume is aggregated across affiliated 
companies, as required by CFPA section 1024(a)(3)(B).\350\ Thus, the 
proposed threshold included the aggregate annual volume of consumer 
payment transactions facilitated by all general-use digital consumer 
payment applications provided by the nonbank covered person and its 
affiliated companies in the preceding year.\351\ Second, under proposed 
Sec.  1090.109(b)(2) as explained above, the CFPB also proposed to 
exclude from larger-participant status any entity in the proposed 
market that was a small business concern in the previous calendar year 
based on applicable SBA size standards.\352\ The Proposed Rule stated 
that the CFPB viewed this proposed threshold and the proposed small 
entity exclusion, discussed above, to be a reasonable means of defining 
larger participants in this market.\353\
---------------------------------------------------------------------------

    \350\ 12 U.S.C. 5514(a)(3)(B) (providing that, ``[f]or purposes 
of computing activity levels under [CFPA section 1024(a)(1)] or 
rules issued thereunder [including larger participant rules issued 
under CFPA section 1024(a)(1)(B)], activities of affiliated 
companies (other than insured depository institutions and insured 
credit unions) shall be aggregated'').
    \351\ The Proposed Rule noted that the available data do not 
always conform to the precise market scope of covered consumer 
payment transactions. For example, the data do not always 
distinguish between transactions in which a business sent funds, 
which would not be covered consumer payment transactions, from 
transactions in which a consumer sent funds. In addition, in some 
cases the data may include funds a consumer transfers between one 
deposit or stored value account and another, both of which belong to 
the consumer. As the Proposed Rule further noted, the analysis in 
the Proposed Rule included transaction volume broadly defined, and 
the CFPB cannot distinguish between this overall activity and 
covered market activity (to the extent they differ). Therefore, the 
analysis in the Proposed Rule may be an overestimate of covered 
market activity and larger-participant status of providers of 
general-use digital consumer payment applications subject to the 
larger-participant threshold.
    \352\ As discussed above and below, the proposed exclusion would 
have applied to any nonbank that, together with its affiliated 
companies, in the previous calendar year was a small business 
concern based on the applicable SBA size standard listed in 13 CFR 
part 121 for its primary industry as described in 13 CFR 121.107. 
The SBA defines size standards using North American Industry 
Classification System (NAICS) codes. The Proposed Rule noted that 
the CFPB believed that many--but not all--entities in the proposed 
market for general-use digital consumer payment applications are 
likely classified in NAICS code 522320, ``Financial Transactions 
Processing, Reserve, and Clearinghouse Activities,'' or NAICS code 
522390, ``Other Activities Related to Credit Intermediation.'' 
Entities associated with NAICS code 522320 that have $47 million or 
less in annual receipts are currently defined by the SBA as small 
business concerns; for NAICS code 522390, the size standard is $28.5 
million. However, the Proposed Rule noted that other entities that 
the CFPB believes to be operating in the proposed market may be 
classified in other NAICS codes industries that use different 
standards, including non-revenue-based SBA size standards, such as 
the number of employees. While the CFPB had data to estimate the SBA 
size status of some market participants in the Proposed Rule, such 
as publicly-traded companies, the CFPB lacked data sufficient to 
estimate the SBA size status of some market participants. See SBA, 
Table of Small Business Size Standards Matched to North American 
Industry Classification System Codes, effective March 17, 2023, 
Sector 52 (Finance and Insurance), https://www.sba.gov/document/support--table-size-standards (last visited Oct. 26, 2023).
    \353\ The Proposed Rule stated that the CFPB identified 
approximately 190 entities from available data that provide general-
use digital consumer payment applications and may be subject to the 
Proposed Rule. Of those entities, the CFPB had data on about half 
sufficient to estimate larger-participant status, including whether 
those entities would be subject to the small business exclusion 
built into the larger-participant test. The estimate that 
approximately 17 entities would have been larger participants was 
based on the set of entities for which the CFPB had sufficient 
information to estimate larger participant status.
---------------------------------------------------------------------------

    The CFPB estimated in the Proposed Rule that the proposed threshold 
would have brought within the CFPB's supervisory authority 
approximately 17 entities,\354\ about 9 percent of all known nonbank 
covered persons in the market for general-use digital consumer payment 
applications.\355\ The Proposed Rule noted that this was a rough 
estimate because the available data on entities operating in the 
proposed market for general-use digital consumer payment applications 
was incomplete.\356\
---------------------------------------------------------------------------

    \354\ The Proposed Rule noted that the estimate of 17 entities 
excluded entities where either (1) available information indicated 
that the small entity exclusion would have applied or (2) the CFPB 
lacked sufficient information regarding the entity's size to assess 
whether the small entity exclusion would have applied.
    \355\ The Proposed Rule described in detail how the CFPB based 
its market estimates on data from several sources. The CFPB obtained 
transaction and revenue data from six technology platforms offering 
payment services through a CFPB request pursuant to CFPA section 
1022(c)(4). See CFPB 1022 Orders Press Release, supra. The CFPB was 
also able to access nonpublic transaction and revenue data for 
potential larger participants from the Nationwide Mortgage Licensing 
System & Registry (NMLS), a centralized licensing database used by 
many States to manage their license authorities with respect to 
various consumer financial industries, including money transmitters. 
Specifically, the CFPB accessed quarterly 2022 and 2023 filings from 
nonbank money transmitters in the Money Services Businesses (MSB) 
Call Reports data (for a description of the types of data reported 
in MSB call reports, see NMLS, Money Services Business Call Report). 
Additionally, the CFPB compiled a list of likely market 
participants, as well as transaction and revenue data where 
available, from several industry sources (including Elliptic 
Enterprises Limited) and various public sources including the CFPB's 
Prepaid Card Agreement Database, https://www.consumerfinance.gov/data-research/prepaid-accounts/search-agreements (last visited Oct. 
23, 2023), company websites, press releases, and annual report 
filings with the U.S. Securities and Exchange Commission.
    \356\ The Proposed Rule noted that its estimate that 
approximately 190 entities are participating in the market may have 
been an underestimate because, for certain entities, the CFPB lacked 
sufficient information to assess whether they provide a general-use 
digital consumer payment application. In addition, it noted that for 
some entities that are among the approximately 190 participants in 
the market, the CFPB lacked sufficient information to assess whether 
certain products they offer constitute a general-use digital 
consumer payment application.
---------------------------------------------------------------------------

    In the Proposed Rule, the CFPB anticipated that the proposed annual 
covered consumer payment transaction volume threshold of five million 
would have allowed the CFPB to supervise market participants that 
represent a substantial portion of the market for general-use digital 
consumer payment applications and have a significant impact on 
consumers. Available data indicated that the market for general-use 
digital consumer payment applications is highly concentrated, with a 
few entities that facilitate hundreds of millions or billions of 
consumer payment transactions annually, and a much larger number of 
firms facilitating fewer transactions. The Proposed Rule stated that 
the CFPB believed that a threshold of five million was reasonable, in 
part, because it would have enabled the CFPB to cover in its nonbank 
supervision program both the very largest providers of general-use 
digital consumer payment applications as well as a range of other 
providers of general-use digital consumer payment applications that 
play an important role in the marketplace. Further, certain populations 
of consumers, including more vulnerable consumers, may not transact 
with the very largest providers and instead may transact with the range 
of other providers that exceed the five million transaction threshold.
    According to the CFPB's estimates in the Proposed Rule, the 
approximately 17 providers of general-use digital consumer payment 
applications that meet the proposed threshold collectively facilitated 
about 12.8 billion transactions in 2021, with a total dollar value of 
about $1.7 trillion. The CFPB estimated that these nonbanks were 
responsible for approximately 88 percent of known transactions in the 
nonbank market for general-use digital

[[Page 99637]]

consumer payment applications.\357\ At the same time, this threshold 
likely would have subjected to the CFPB's supervisory authority only 
entities that can reasonably be considered larger participants of the 
market defined in the Proposed Rule.
---------------------------------------------------------------------------

    \357\ See 88 FR 80197 at 80209-10 nn.86-91. The Proposed Rule 
noted that the 88 percent estimate was calculated among all of the 
entities for which the CFPB has transaction information. Id. n.92.
---------------------------------------------------------------------------

    Proposed Sec.  1090.109(b)(3)(i) also would have clarified how the 
activities of affiliated companies of the nonbank covered person are 
included in the test when the affiliated companies also participate in 
the proposed market. It provided that, in aggregating transactions 
across affiliated companies, an individual consumer payment transaction 
would only have been counted once even if more than one affiliated 
company facilitated the transaction. It also provided that the annual 
covered consumer payment transaction volumes of the nonbank covered 
person and its affiliated companies would have been aggregated for the 
entire preceding calendar year, even if the affiliation did not exist 
for the entire calendar year.
    The Proposed Rule noted that because the general-use digital 
consumer payment applications market has evolved rapidly and market 
participants can grow quickly, the CFPB also was not proposing a test 
that is based on averaging multiple years of market activity. As a 
result, if an entity has less than the threshold amount for one or more 
calendar years but exceeds the threshold amount in the most recent 
calendar year, it would have been a larger participant. The Proposed 
Rule stated that this would have ensured that the CFPB can supervise 
nonbanks that quickly become larger participants, without waiting 
several years.
    The Proposed Rule further stated that the CFPB was considering a 
lower or higher threshold.\358\ Lowering the threshold therefore would 
not have substantially increased the number of entities subject to 
supervision, in part because many entities that exceed a lower 
threshold would have been excluded as small entities. Thus the Proposed 
Rule noted that lowering the threshold would have resulted in only a 
marginal increase in market coverage. The Proposed Rule provided an 
example of a higher threshold. The Proposed Rule estimated that an 
annual covered consumer payment transaction volume threshold of 10 
million would have allowed the CFPB to supervise approximately 14 
entities, representing approximately 87 percent of activity in this 
market.\359\ However, at this higher threshold the CFPB would not have 
been able to supervise as varied a mix of nonbank larger participants 
that, as discussed above, have a substantial impact on the full 
spectrum of consumers in the market.
---------------------------------------------------------------------------

    \358\ The Proposed Rule discussed an example of a lower 
threshold. An annual covered consumer payment transaction volume 
threshold of one million might have allowed the CFPB to supervise 
approximately 19 entities, still representing approximately 88 
percent of activity in this market. See id. at 80210.
    \359\ See id.
---------------------------------------------------------------------------

    The CFPB sought comment, including suggestions of alternatives on 
the proposed threshold for defining larger participants of the market 
for general-use digital consumer payment applications as defined in the 
Proposed Rule.
Comments Received
    Many of the industry association commenters, a law firm, and some 
nonprofits stated that the proposed five million consumer payment 
transaction volume threshold was too low and did not identify bona fide 
larger participants. A nonprofit stated the threshold appeared designed 
to maximize oversight rather than define true larger participants. Some 
of these commenters stated that the proposed threshold was so low that 
it would treat virtually all market participants as larger 
participants, including those with very small market shares, exposing 
small/mid-size companies to supervision when they cannot support the 
cost of exams, and more generally stifling market entry, innovation, 
and competition. These commenters generally stated that the proposal 
did not adequately explain the reasoning and evidence in support of 
such a threshold.\360\
---------------------------------------------------------------------------

    \360\ One nonprofit commenter also encouraged the CFPB to 
consider setting different thresholds in the Final Rule for what it 
referred to as different sectors within the proposed market. 
However, it did not state which parts of the market should be 
differentiated. The CFPB generally considers comments further above 
on whether to define a single market in this Final Rule. Because it 
has determined to do so, it is not finalizing a larger-participant 
test that works differently for different parts of the market.
---------------------------------------------------------------------------

    One industry association commenter encouraged the CFPB to set the 
threshold here cautiously, in consideration of the stage of this 
market's development. It stated that, unlike in prior larger 
participant rules, this market is in the growth stage not the maturity 
stage, where data and settled expectations can be more helpful in the 
development of larger-participant tests. It viewed the proposed 
threshold as too low given the market's current stage and stated that a 
higher threshold as necessary for properly determining the true larger 
participants in the market as it matures and to allow for proper 
scalability within the market without impeding competition.\361\
---------------------------------------------------------------------------

    \361\ This commenter also encouraged the CFPB to conduct 
periodic reviews of the threshold as the market grows to ensure it 
continues to capture larger participants. The CFPB notes that it 
already monitors this market, among others, as part of its statutory 
functions. See 12 U.S.C. 5512(c). The CFPB will continue to monitor 
this market and may consider adjustments to the threshold, to the 
extent necessary or appropriate through future rulemakings.
---------------------------------------------------------------------------

    Another industry association stated that the proposal of a small 
business exclusion for the first time in a larger participant rule 
appeared to support its concern that the proposed threshold was too 
low, and still would discourage firms that are not small businesses 
from entering the market. It suggested that the rulemaking should 
specifically consider a volume of 50 million or 500 million annual 
consumer payment transactions. It also criticized the Proposed Rule for 
not making clear whether entities who were small business concerns 
would have otherwise met the transaction volume threshold. It also 
stated that the rule should consider a threshold more in line with the 
debt collection larger participant rule, under which larger 
participants comprised an estimated 63 percent of market activity.
    Several industry associations offered rough estimates to illustrate 
how the proposed threshold would treat firms with very small market 
shares (ranging from, in their estimates, as low as 0.005 percent of 
overall consumer payment transactions to no more than two percent of 
app-based transactions) as larger participants, which in their view 
would not make them ``larger'' participants under the statute.
    Several of these commenters added that the proposed threshold would 
discourage entry into the market and innovation and competition. A 
nonprofit commenter suggested that the threshold would deter small and 
mid-sized businesses from expanding. One of the industry associations 
stated these effects could limit access to payment products for low-/
moderate-income consumers, and urged the CPFB to set the threshold 
dynamically, at a level that represents a significant share of market 
activity.
    The law firm commenter added that the proposal would subject firms 
with barely five million consumer payment transactions annually to the 
same supervision as firms with hundreds of millions or billions of such 
transactions, when the smaller larger participants cannot sustain the 
costs of exams.

[[Page 99638]]

    On the other hand, banking and credit union industry trade 
associations supported the proposed five million consumer payment 
transaction volume threshold to define nonbanks that are larger 
participants. One of them called for periodic CFPB evaluation of this 
threshold including to see whether entities may be structuring their 
activities to evade it and publication of the results, while another 
called for adding criteria to capture large, well-resources, fast-
growing organizations with fewer transactions.\362\ A nonprofit stated 
that two thirds of its members surveyed supported the proposed 
threshold, and that some of its members supported lowering the 
threshold to one million annual consumer payment transactions. Some 
consumer groups and part of the membership of a nonprofit also stated 
that the proposed threshold was too high because, among other reasons, 
some money transfer services for incarcerated people have a dominant 
position within that area despite facilitating less than five million 
consumer payment transactions. Other consumer groups estimated that 
large firms that contract with incarceration facilities to provide 
money transfer services would qualify as larger participants under the 
proposed larger-participant test. They added that the CFPB should 
ensure that they are subject to the CFPB's supervisory authority under 
a Final Rule.\363\
---------------------------------------------------------------------------

    \362\ This commenter did not offer a specific criteria for 
achieving its goal, which may better be achieved through the more 
flexible supervisory designation process than through a regulatory 
test.
    \363\ These commenters also stated that the threshold test 
should include all consumer payment transactions a market 
participant facilitates, even when they are not facilitated through 
the digital application that made the entity a market participant. 
These commenters called for counting in-person, kiosk-based, and 
telephonic transfers, which they stated would qualify more 
correctional money-transfer companies as larger participants, and 
the test may be more efficient to administer because it would not 
require breaking out which transactions occur through the digital 
app channel.
---------------------------------------------------------------------------

    An industry association stated that the test should be applied over 
a longer period (at least two years) than the proposal (one year). They 
stated that short-term fluctuations could create an inaccurate 
determination of market share. They also noted that, given how the 
market has been growing, the CFPB should consider a threshold that is 
dynamic and grows as the market grows, so that if the market grows for 
example more than ten-fold in the future, the test still would 
reasonably identify larger participants. In addition, in their view, a 
one-year period would not provide sufficient time for entities to 
undertake the compliance improvements the proposal stated larger 
participants would undertake to prepare for supervision. Another 
commenter, a nonprofit, stated that an unspecified minority of its 
membership suggested applying the test over multiple years.\364\
---------------------------------------------------------------------------

    \364\ This commenter noted, without further elaboration, a 
suggestion of at least one member to set a first-year threshold of 
10 million and a second-year threshold at 5 million.
---------------------------------------------------------------------------

    Several consumer groups supported aggregating activities of 
affiliates for purposes of the transaction threshold in the proposed 
larger-participant test. In their view, without aggregation, market 
participants could avoid larger participant status by structuring 
different types of consumer payment transactions, such as consumer 
payment transactions using different types of stored value, through 
different entities within a corporate family. However, two industry 
commenters stated that the larger-participant test should not consider 
activities of affiliates. An industry association stated that 
aggregation would allow the CFPB to supervise activities of individual 
entities whose activity levels alone do not qualify them as larger 
participants, resulting in an internally contradictory result. Another 
industry association stated that, to avoid covering entities with low 
market shares, the rule should not count receipts of affiliates not 
engaged in market activity toward the small business concern test.
Response to Comments Received \365\
---------------------------------------------------------------------------

    \365\ As noted in the section-by-section analysis further above, 
the CFPB is not including transfers of digital assets in the Final 
Rule. The CFPB considers the above comments on the proposed 
threshold in light of this update, which the Final Rule implements 
through a limitation in the threshold described further below.
---------------------------------------------------------------------------

    In consideration of comments on the Proposed Rule stating that the 
proposed threshold of five million annual consumer payment transactions 
was too low and could capture certain entities with very small market 
shares, as well as the comment suggesting that the CFPB consider 
thresholds of 50 million or 500 million annual consumer payment 
transactions, the Final Rule adopts the significantly higher threshold 
of 50 million annual consumer payment transactions. As discussed below, 
this higher threshold encompasses the group of firms that have 
considerably higher transaction volumes and are in the concentrated 
part of the market. The CFPB finds the higher threshold to be 
appropriate, considering the concentrated market structure and how a 
significant number of market participants that would not qualify as 
larger participants as discussed below. To the extent any firm has 
activity levels at or slightly above the threshold, it may have an 
individual market share of less than one percent. But such a firm still 
has larger participation than the vast majority of participants.\366\ 
The CFPB also declines to adopt the industry association suggestion to 
make the threshold dynamic because that approach would be unnecessary 
and difficult to administer.\367\
---------------------------------------------------------------------------

    \366\ See, e.g., Automobile Finance Larger Participant Rule, 80 
FR 37496, 37515 (June 30, 2015) (``Each of the [larger participants] 
provides or engages in hundreds of automobile originations each week 
and falls in the top 10 percent of nonbank entities in the market 
according to the Bureau's estimates. They can reasonably be 
considered larger participants of the market. Some entities that 
meet this threshold will have considerably less than 1 percent 
market share, but that is due in large part to the fragmentation of 
the market and does not change the fact [that] they are `larger' 
than the vast majority of participants.'').
    \367\ As noted above, to the extent necessary or appropriate, 
the CFPB may adjust the threshold through future rulemakings that 
may reflect shifts in the market and other data that may be 
available to the CFPB.
---------------------------------------------------------------------------

    For the reasons described above, the CFPB disagrees with the 
comments that supported the proposed threshold of five million annual 
consumer payment transactions. Based on available data, the CFPB 
estimates in the Final Rule suggest that all of those nonbanks with 
annual covered consumer payment transaction volume between 5 million 
and 50 million combined facilitate at most a few percent of the market 
activity. While some consumer groups estimated that a much higher 
threshold than the CFPB proposed may not capture some firms providing 
what they described as high-risk money transfer services to people who 
are incarcerated, those comments also stated that other large 
corporations provide a broad suite of money transfer services to people 
who are and are not incarcerated alike. In any event, as discussed 
above, the CFPB declines to define larger participants based on the 
goal of targeting activities that may pose specific types of levels of 
risk to consumers. As discussed in the section-by-section analysis of 
the market definition further above, the CFPB accounts for risk when 
operating its nonbank supervision program. Any nonbank covered person, 
including firms providing digital services for consumers to transfer 
funds to incarcerated people, can qualify as a larger participant if it 
meets or exceeds the threshold in the Final Rule. And through operation 
of its risk-based larger participant supervision program, the CFPB may 
determine how to exercise its supervisory authority with respect to 
such a larger participant. Given the number of consumers those types of 
firms serve, even the higher threshold

[[Page 99639]]

that the Final Rule adopts is reasonably likely to allow it to conduct 
some supervisory activities in this area.
    In addition, given that the Final Rule adopts a higher threshold of 
50 million annual consumer payment transactions as discussed below, the 
CFPB is not persuaded by claims by some commenters that nonbank firms 
would be discouraged from entry, innovation, or growth due to the 
potential exposure to CFPB examinations resulting from this rule. The 
CFPB notes its existing enforcement authority over market participants 
generally regardless of size, their existing obligations to comply with 
Federal consumer financial law regardless of size, how this rule 
imposes no substantive consumer protection obligations, how the CFPB 
uses a prioritization process to allocate limited supervisory resources 
toward those nonbanks that pose relatively higher risks to consumers, 
and that no firm that is a small business concern would incur the cost 
of examination under this rule. Considering all of these factors, the 
CFPB does not believe that this rule is likely to shape market 
participation patterns in the way those commenters describe.
    With regard to the industry association commenter asking whether 
any firms would have exceeded the proposed threshold but qualified for 
the small business concern exclusions, the CFPB notes that it did not 
include any such firms in its estimate of 17 larger participants 
because such firms would not have qualified as larger participants 
under the Proposed Rule. The Final Rule discusses this question further 
in the explanation below of the threshold adopted in the Final Rule.
    With regard to comments on the look-back period for applying the 
proposed larger-participant test, the CFPB disagrees that the rule 
should apply a longer period such as two years. Fluctuations in market 
participants' transaction volumes may occur over time, but if their 
volumes exceed the threshold in a calendar year, then they would be 
sufficient, over a long enough time period (12 months), to conclude 
that the entity's market activity has been having a significant impact 
on consumers. As the international money transfer larger participant 
rule noted in adopting a one-year lookback period, ``[b]ecause the 
criterion directly measures the number of transfers in the market, it 
should not be subject to temporary fluctuations that are unrelated to 
an entity's market participation.'' \368\ In addition, for this rule, 
as with the international money transfer larger participant rule, the 
CFPB ``believes that the single-year approach will make the Final 
Rule's definitions easier to apply . . . and alleviate the concern 
expressed by some commenters about the overall complexity of'' certain 
provisions. For example, this is the first larger participant rule that 
adopts a larger-participant test with two criteria, and the first 
larger participant rule that adopts an exclusion for small business 
concerns as one of the criteria. It would significantly increase 
complexity in the administration of the test to judge two different 
criteria, which generally are measured over a calendar year (such as 
small business concern criteria measured by annual receipts) over 
multiple years.\369\ Further, to the extent commenters assumed that all 
entities that exceed the proposed threshold in the prior year for the 
first time would face immediate examination the following year, that 
assumption is an incorrect reading of the Proposed Rule. First, if the 
entity were a small business concern in the previous calendar year, 
under the proposed larger-participant test, it would not have qualified 
as a larger participant, even if its volume of consumer payment 
transactions did exceed the threshold for the first time in that same 
calendar year. Second, as the Proposed Rule explained, consistent with 
the CFPA, the CFPB conducts a risk-based supervision program for 
nonbanks subject to supervisory authority under CFPA section 1024(a). 
This includes a process for prioritizing entities for examination as 
described in its public Supervision and Examination Manual cited in the 
Proposed Rule and discussed in part I above. As part of that process, 
where appropriate, the CFPB can consider the entity's volume of 
consumer payment transactions, including the degree to which it exceeds 
the transaction threshold and for how long it has exceeded that 
threshold.
---------------------------------------------------------------------------

    \368\ 79 FR 56631 at 56637.
    \369\ Although the CFPB's first larger participant rules 
averaged annual receipts over time, those rules only adopted that 
single criterion (annual receipts).
---------------------------------------------------------------------------

    With regard to comments on the proposal to aggregate activities of 
affiliated companies, CFPA section 1024(a)(3)(B) requires aggregation 
of activity across affiliated companies for purposes of determining 
activity levels in larger participant rules. To clarify that the 
purpose of paragraph (b)(3) is to implement that requirement, the Final 
Rule adds language to the header for paragraph (b)(3) that describes 
the provision as outlining the ``method'' for computing aggregate 
activity levels. With regard to the industry association comment 
calling for the rule to assess small business concern status without 
counting receipts of affiliated companies, the CFPB disagrees. The 
overall size of the business organization, including affiliates, is a 
relevant reference point as the CFPB considers which types of entities 
may incur the estimated cost of examination pursuant to this rule.
Final Rule
    The Final Rule adopts in paragraph (b)(3) a threshold annual 
covered consumer payment transaction volume of 50 million consumer 
payment transactions denominated in U.S. dollars as described further 
below.\370\
---------------------------------------------------------------------------

    \370\ The Final Rule also makes non-substantive clarifying 
revisions to paragraph (b), including identifying in paragraph (b) 
that both criteria in paragraphs (b)(1) and (2) are based on the 
preceding calendar year and associated revisions.
---------------------------------------------------------------------------

    The CFPB estimates that seven nonbanks that are not small business 
concerns have annual consumer payment transaction volumes that exceed 
this threshold, that these seven nonbank firms account for 
approximately eight percent of the 85 market participants for which the 
CFPB has sufficient data to estimate larger participant status (and an 
even lower share of the approximately 130 known market 
participants),\371\ and that these

[[Page 99640]]

seven nonbank firms facilitated approximately 13.3 billion consumer 
payment transactions, accounting for approximately 98 percent of the 
over 13.5 billion consumer payment transactions market participants 
provide.\372\ Despite the increase in the threshold, larger 
participants' share of market activity also increased largely because 
the nonbank market size estimate in the Final Rule does not include an 
entity that the Final Rule estimates, based on further research in 
response to a comment described above, may not be a nonbank covered 
person.\373\
---------------------------------------------------------------------------

    \371\ Due to the Final Rule's adoption of a threshold limited to 
transfers of funds denominated in U.S. dollars discussed further 
below, the Final Rule does not include in its estimate of nonbank 
market participants firms that appear to provide consumer payment 
transactions solely in the form of digital assets. The Final Rule 
also does not include in this estimate two firms that public 
information indicates are not nonbank market participants, as 
described in n.373 below.
    In addition, the estimated 130 nonbank market participants 
includes four additional nonbank financial firms, as follows: (1) 
Based on its review of the clarified definition of ``general use'' 
described above, the Final Rule has identified two nonbank financial 
firms that provide payment functionalities for family and friends to 
transfer funds to postsecondary students; (2) The removal of the 
proposed exclusion for bill splitting in the definition of ``general 
use'' described above also results in one estimated additional 
nonbank market participant; and (3) Through its general activities, 
the CFPB became aware of one additional nonbank providing a peer-to-
peer app-based payment functionality for a deposit account. Nonbank 
financial institutions providing these services generally do not 
appear to be licensed as money transmitters and the account 
agreements do not appear to be filed in the CFPB's prepaid account 
agreement database.
    Further, as noted above and in the Proposed Rule, an entity is 
included in the estimated number of nonbank market participants if 
public information indicates it currently offers at least one 
consumer financial product or service within the market definition; 
however, for some of these 130 estimated nonbank market 
participants, the CFPB lacks sufficient information to assess 
whether certain other products they offer or are developing 
constitute a general-use digital consumer payment application. As 
also noted in the Proposed Rule, the CFPB's estimate of the number 
of nonbank market participants may be an underestimate because, for 
certain entities, the CFPB lacks sufficient information to assess 
whether they provide a general-use digital consumer payment 
application.
    \372\ Due to the threshold's limitation to transfers of funds 
denominated in U.S. dollars discussed further below, the Final Rule 
does not include in the market transactions that the data sources 
specifically identify as digital assets transactions. In addition, 
as a result of that limitation on the threshold in the Final Rule, 
the Final Rule does not use the transaction volume data from the 
CFPB's section 1022 order responses for one of the estimated larger 
participants and instead uses money service business call report 
data in NMLS.
    \373\ To respond to the industry association comment (described 
above) asking whether any of the rulemaking's estimated nonbank 
market participants would have exceeded the consumer payment 
transactions volume threshold and also qualified as a small business 
concern, the CFPB has reviewed public information and makes two 
updates to the estimates in the Final Rule. First, the CFPB 
identified one entity that would have exceeded the proposed 
transaction volume threshold that the proposal did not estimate to 
be a larger participant because the data sources described in the 
proposal did not indicate whether the entity was a small business 
concern. To respond to the comment, the CFPB reviewed public 
information, which suggested the entity may not be a nonbank covered 
person, and the Final Rule does not include that entity among the 
estimated nonbank market participants or its transaction volume in 
the market size estimate. Second, for another entity that had that 
level of transaction volume and which the proposal estimated was not 
a small business concern, the CFPB reviewed public information and 
found that the firm had previously sold its general-use digital 
consumer financial application to an unaffiliated entity, for which 
the CFPB lacks data to estimate its transaction volume data or 
whether it is a small business concern. Therefore, the Final Rule 
does not include the selling entity among the estimated market 
participants or its transaction volume in the market size estimate. 
As a result of these two updates, the CFPB estimates that all 
nonbank entities with data indicating over 50 million consumer 
payment transactions are not small business concerns. As noted, the 
CFPB still does not have transaction volume data for some market 
participants; to the extent any of them have over 50 million 
consumer payment transactions, it is possible they could be a small 
business concern. But given that the CFPB estimates that none of the 
seven nonbank firms that available transaction volume data indicates 
have over 50 million consumer payment transactions are small 
business concerns, it may be unlikely that if any other firms did 
have a volume that exceeds the threshold, they would be a small 
business concern.
---------------------------------------------------------------------------

    As some commenters noted, the market continues to grow and evolve 
rapidly and that some new entrants may quickly exceed the proposed 
threshold of five million transactions. For the reasons explained 
above, the CFPB does not believe the threshold used to define a larger 
participant in this Final Rule is likely to significantly affect market 
activity such as new entry, innovation, and growth. But the 
significantly higher threshold the Final Rule adopts nonetheless would 
provide new entrants and others with smaller volumes more room to grow 
before coming under the CFPB umbrella of larger participant supervision 
in this rulemaking. For example, based on the estimates in the Final 
Rule at this threshold, eight fewer entities would qualify as larger 
participants because their volume of consumer payment transactions 
falls between 5 and 50 million annual consumer payment transactions 
(and another two are no longer estimated to be nonbank market 
participants, as noted above). Yet, the remaining entities that the 
CFPB estimates qualify as larger participants under the higher 
threshold adopted in the Final Rule still account for approximately 98 
percent of the market activity as noted above. In addition, this higher 
threshold would allow CFPB supervision to focus more consistently on 
nonbank firms that account for almost all market activity including the 
part of the market that the Proposed Rule described as ``highly 
concentrated, with a few entities that facilitate hundreds of millions 
or billions of consumer payments annually[.]'' \374\ At the same time, 
based on its estimates, the CPFB finds that the higher threshold still 
would serve the goal described in the Proposed Rule of covering larger 
participants that serve a mix of consumer populations including more 
vulnerable consumers such as justice-involved individuals as well as 
lower-income consumers and the unbanked or underbanked populations more 
generally. In any event, because the seven nonbank firms that the CFPB 
estimates would be larger participants at the threshold of 50 million 
account for approximately 98 percent of market activity, the CFPB does 
not believe that adopting a lower threshold that would cover additional 
market activity would be warranted. The CFPB also does not believe that 
it would be appropriate to adopt a threshold that would result in 
substantially less market activity being covered, such as the estimated 
63 percent in the consumer debt collection rulemaking that one industry 
association commenter suggested the CPFB consider here. As that 
rulemaking noted, the data used to estimate overall market activity 
included receipts from the collection of medical debt, which were not 
included in the larger-participant test.\375\ As a result, the 
circumstances surrounding that estimate in that rule were unique to 
that rule and that test. In addition, due to the highly-concentrated 
nature of the market described above, adopting any higher threshold 
(even 500 million transactions, as one commenter suggested the CFPB 
consider) would not significantly reduce larger participants' share of 
market activity. A threshold of 500 million transactions would result 
in an estimated four larger participants with an estimated 96 percent 
share of market activity. The CFPB also does not seek to adopt a 
threshold at a level that is so high that it only captures the few 
largest participants, which would have the incongruous effect of 
treating only the largest participants as ``larger'' participants, and 
in any event would not achieve the CFPB's stated goal of covering a mix 
of activities described above.
---------------------------------------------------------------------------

    \374\ 88 FR 80197 at 80210.
    \375\ 77 FR 65775, 65788 n.98.
---------------------------------------------------------------------------

    In addition to increasing the threshold as described above, the 
Final Rule limits the definition of ``annual covered consumer payment 
transaction volume'' to transactions denominated in U.S. dollars. With 
this clarification (and a corresponding edit to paragraph (b)(3)(i)), 
the larger-participant test in this Final Rule excludes transfers of 
digital assets, including crypto-assets such as Bitcoin and 
stablecoins. For the reasons discussed in the section-by-section 
analysis of ``consumer payment transaction'' above, the Final Rule 
excludes these transactions from the threshold to ensure the 
administrability of the larger-participant test while the CPFB 
continues to monitor developments in the market for consumer payments 
involving digital assets.

VI. Effective Date of Final Rule

    The Administrative Procedure Act generally requires that rules be 
published not less than 30 days before their effective dates.\376\ In 
the Proposed Rule, the CFPB proposed that, once issued, the Final Rule 
for this proposal would be effective 30 days after the Final Rule is 
published in the Federal Register. For the reasons discussed below, in 
consideration of the comments, the Final Rule adopts that effective 
date.
---------------------------------------------------------------------------

    \376\ 5 U.S.C. 553(d).
---------------------------------------------------------------------------

Comments Received

    An industry trade association stated that nonbanks would need at 
least 90

[[Page 99641]]

days from publication in the Federal Register to prepare for CFPB 
supervision. This commenter stated that some companies may not have 
reasonable notice from the Proposed Rule that they are participating in 
the proposed market. The commenter also pointed to effective date 
periods of 60 or more days in previous larger participant rules as a 
precedent. A law firm made similar points in support of its view that a 
60-day pre-effective date period is needed. It also noted that the 
rationale the CFPB adopted in the consumer reporting larger participant 
rule for a 60-day period--including recognizing the need for entities 
that have never been examined to conduct training to prepare for the 
CFPB examination process \377\--also applies here.\378\ Finally, 
although two trade associations representing depository institutions 
and a trade association representing credit unions called for the CFPB 
to use or develop examination procedures for larger participants in a 
manner consistent with its procedures for examining banks and credit 
unions, they did not call for extending the effective date period.
---------------------------------------------------------------------------

    \377\ See 77 FR 65775 at 65778-79 & n.30 (consumer debt 
collection larger participant rule adopting rationale for a 60-day 
effective date period in the consumer reporting larger participant 
rule, recognizing that ``companies affected by the Consumer 
Reporting Rule might not previously have been supervised at the 
Federal or State level'').
    \378\ A digital assets payment provider stated that a two-year 
implementation period would be needed to allow these types of firms 
and the CFPB time to prepare for supervision. A digital assets 
industry trade association stated that firms in this area would need 
more time to assess whether they are larger participants. The Final 
Rule does not include digital assets in the larger-participant test 
and therefore those issues are not relevant to setting the effective 
date.
---------------------------------------------------------------------------

Response to Comments Received

    The CFPB disagrees that additional time, beyond the minimum 30-day 
period prescribed by the APA noted above, is necessary before this 
Final Rule can take effect. Larger participant rules do not impose 
substantive consumer protection obligations. Although larger 
participants might choose to increase their compliance with Federal 
consumer financial law in response to the possibility of supervision, 
market participants are already obligated to comply, and should already 
comply with, applicable Federal consumer financial law, regardless of 
whether they are subject to supervision. Thus, entities that qualify as 
larger participants under the Final Rule should not require additional 
time to come into compliance with Federal consumer financial law. 
Moreover, the CFPB designs its examination procedures and process to 
allow companies a reasonable amount of time to provide responses to 
information requests before examiners begin the examination. This is in 
addition to a 45-day period in which the entity may challenge the 
assertion that it is a larger participant under 12 CFR 1090.103(a). In 
addition, the CFPB believes that many larger participants have 
examination experience at the State level, and in some cases with the 
CFPB.\379\ As noted in the Proposed Rule, some larger participants may 
already be subject to CFPB examination authority, including but not 
limited to as larger participants pursuant to the international money 
transfer larger participant rule. For all of these reasons, the CFPB 
disagrees that a later effective date is necessary to allow companies 
more time to prepare for CFPB supervision.\380\
---------------------------------------------------------------------------

    \379\ The law firm commenter's claim that many larger 
participants have not previously been examined was not supported by 
examples or specifics. It was unclear whether the commenter was 
considering examination at the State level, which was part of the 
rationale for the 60-day effective date in the consumer reporting 
larger participant rule as noted above. As noted above, many 
industry commenters stated that many market participants are money 
transmitters subject to examination at the State level.
    \380\ With regard to an individual commenter's suggestion of a 
two-phased adoption process, prior rules have not taken that 
approach and the CFPB believes it is not warranted here since, as 
noted above, larger participant rules do not impose substantive 
consumer protection obligations, and the Final Rule does not include 
digital assets transactions.
---------------------------------------------------------------------------

VII. Dodd-Frank Act Section 1022(b) Analysis

A. Overview

    In developing this Final Rule, the CFPB has considered the 
potential benefits, costs, and impacts of the Rule as required by 
section 1022(b)(2) of the CFPA.\381\ The Proposed Rule set forth a 
preliminary analysis of these effects, and the Bureau requested and 
received comments on the topic.
---------------------------------------------------------------------------

    \381\ Specifically, CFPA section 1022(b)(2)(A) calls for the 
Bureau to consider the potential benefits and costs of a regulation 
to consumers and covered persons, including the potential reduction 
of access by consumers to consumer financial products or services; 
the impact on insured depository institutions and insured credit 
unions with $10 billion or less in total assets as described in CFPA 
section 1026; and the impact on consumers in rural areas. The manner 
and extent to which the provisions of 12 U.S.C. 5512(b)(2) apply to 
a rulemaking of this kind that does not establish standards of 
conduct are unclear. Nevertheless, to inform this rulemaking more 
fully, the CFPB performed the analysis described in those provisions 
of the CFPA.
---------------------------------------------------------------------------

    The CFPB is issuing this Rule to establish supervisory authority 
over larger participants in the defined market for general-use digital 
consumer payment applications. Participation in this market will be 
measured on the basis of the aggregate number of annual consumer 
payment transactions denominated in U.S. dollars that a nonbank 
facilitates through general-use digital consumer payment applications, 
defined in the Final Rule as ``annual covered consumer payment 
transaction volume.'' If a nonbank covered person, together with its 
affiliated companies, has an annual covered consumer payment 
transaction volume (measured for the preceding calendar year) of at 
least 50 million and is not a small business concern, it will be a 
larger participant in the market for general-use digital consumer 
payment applications. As prescribed by existing Sec.  1090.102, any 
nonbank covered person that qualifies as a larger participant will 
retain larger participant status until two years from the first day of 
the tax year in which the person last met the larger-participant 
test.\382\
---------------------------------------------------------------------------

    \382\ 12 CFR 1090.102.
---------------------------------------------------------------------------

B. Baseline for Analysis and Data Limitations

    The discussion below relies on information that the CFPB has 
obtained from industry, other regulatory agencies, and publicly-
available sources, as well as on CFPB expertise. These sources form the 
basis for the CFPB's consideration of the likely impacts of the Final 
Rule. The CFPB provides estimates, to the extent possible, of the 
potential benefits and costs to consumers and covered persons of this 
Final Rule, against a baseline in which the CFPB takes no action. This 
baseline includes the current state of the market and existing 
regulation, including the CFPB's existing rules defining larger 
participants in certain markets.\383\ Many States have supervisory 
programs relating to money transfers, which may consider aspects of 
Federal consumer financial law.\384\ Federal prudential regulators' 
supervisory programs for banks also may extend to certain nonbank 
service providers, and may consider aspects of Federal consumer 
financial law related to the banking institutions subject to the 
jurisdiction of

[[Page 99642]]

those regulators. However, the activities of larger participants in 
this market extend beyond State-regulated money transmitting and acting 
as service providers to banks. In addition, at present and other than 
the CFPB's activities, no program for supervision of nonbanks that 
participate in the general-use digital consumer payment applications 
market is dedicated exclusively to promoting compliance with Federal 
consumer financial law.
---------------------------------------------------------------------------

    \383\ See, e.g., 12 CFR 1090.107 (defining larger participants 
of a market for international money transfers subject to the CFPB's 
supervisory authority under 12 U.S.C. 5514(a)(1)(B)). The CFPB has 
discretion in any rulemaking to choose an appropriate scope of 
analysis with respect to potential benefits and costs and an 
appropriate baseline. The CFPB, as a matter of discretion, has 
chosen to describe a broader range of potential effects to inform 
the rulemaking more fully.
    \384\ The Financial Crimes Enforcement Network's (FinCEN) 
Federal regulation of money transmitters generally does not apply 
Federal consumer financial law.
---------------------------------------------------------------------------

    To the extent that this rule establishes supervisory authority over 
entities or their activities that already are subject to State or 
Federal supervisory oversight, as discussed in parts I and V above, the 
CFPB coordinates with the applicable State and Federal regulators in 
the operation of its risk-based nonbank supervision program to prevent 
unnecessary duplication and burden. To the extent that entities already 
are subject to the CFPB's supervisory authority (such as entities 
subject to supervision as service providers under section 1025(d) or 
1026(e) of the CFPA or larger participants under a prior larger 
participant rulemaking), this rule will establish an additional basis 
for the CFPB to supervise those entities.
    The CFPB notes at the outset that limited data are available with 
which to quantify the potential benefits, costs, and impacts of the 
Final Rule. As described above, the CFPB has utilized various sources 
for quantitative information on the number of market participants, 
their annual revenue, and their number and dollar volume of 
transactions.\385\ However, the CFPB lacks detailed information about 
their rate of compliance with Federal consumer financial law and about 
the range of, and costs of, compliance mechanisms used by market 
participants. Further, as noted above in the section-by-section 
analysis of the threshold for the larger participant test, the CFPB 
lacks sufficient information on approximately one-third of known market 
participants necessary to estimate their larger-participant 
status.\386\ Compared to the lower threshold test of five million 
annual transactions that the CFPB proposed in the Proposed Rule, it is 
less likely that those entities would be larger participants at the 
higher threshold test of 50 million annual transactions in the Final 
Rule.
---------------------------------------------------------------------------

    \385\ See section-by-section analysis of Sec.  1090.109(b).
    \386\ As stated above, the CFPB estimates that approximately 130 
entities operate in the market for providing general-use digital 
consumer payment applications as defined in the Final Rule. Of those 
entities, the CFPB has data on roughly two-thirds sufficient to 
estimate larger-participant status, including whether those entities 
would be subject to the exclusion for small business concerns. The 
CFPB estimates that approximately seven of those would be larger 
participants under the larger-participant test defined in the Final 
Rule.
---------------------------------------------------------------------------

    In light of these data limitations, this analysis generally 
provides a qualitative discussion of the benefits, costs, and impacts 
of the Final Rule. General economic principles, together with the 
limited data that are available and the CFPB's experience operating its 
supervision program, provided insight into these benefits, costs, and 
impacts. Where possible, the CFPB has made quantitative estimates based 
on these principles and data as well as on its experience of 
undertaking supervision in other markets.

C. General Comments Received on the 1022(b) Analysis

    Several industry commenters and some Members of Congress generally 
asserted that the cost-benefit analysis for the proposal was 
inadequate. For example, three industry associations stated that the 
proposal overlooked various direct and indirect costs associated with 
supervision and that it underestimated the costs, or that it 
opportunistically framed the costs and benefits, or that it overstated 
benefits of supervision with respect to larger participants that are 
not ``financial institutions'' under Regulation E implementing the EFTA 
and Regulation P implementing the GLBA. One industry association 
commenter referenced the cost to what it referred to as custodial and 
non-custodial cryptocurrency-asset wallet developers to change their 
business model in order to collect and verify identity and transaction 
information. Another industry association commenter stated that the 
cost of any new regulation, including this Rule, would be incorporated 
into production costs and passed on to the consumer. Similarly, another 
industry association commenter claimed the CFPB failed to explain how 
expanding its supervisory authority would bring about consumer benefits 
from increased compliance. In addition, a company commenter claimed 
that the proposal failed to account for all costs, to accurately 
quantify the benefits and costs, and to find that the benefits would 
outweigh the costs of the Rule. A law firm commenter stated that the 
costs of CFPB examinations would outweigh benefits to consumers for 
firms at or near the proposed threshold of five million 
transactions.\387\
---------------------------------------------------------------------------

    \387\ Some commenters stated that the CFPB should conduct 
separate cost-benefit analyses for what they characterized as 
disparate markets. The CFPB responds to comments on the market 
definition above, in Sec.  1090.109(a)(1). This section analyzes the 
costs and benefits of the Rule for the market defined in the Final 
Rule.
---------------------------------------------------------------------------

    The CFPB disagrees with the general assertion that its 
consideration of benefits and costs under section 1022(b) of the CFPA 
in the proposal was inadequate. The CFPB conducted a thorough analysis 
of the reasonably-available data to estimate and quantify benefits and 
costs to the extent possible. As noted in the proposal as well as 
above, where data do not support reliable quantitative estimates, the 
CFPB has qualitatively discussed potential benefits and costs based on 
general economic principles and its experience engaging in supervisory 
activities in other markets. The CFPB has provided additional responses 
to particular comments below, and where appropriate has updated its 
consideration of the Rule's benefits and costs in response to comments. 
For example, some industry commenters provided additional information 
on wages and salaries as well as predictions of larger participants' 
likely future staffing levels for CFPB supervisory examinations in this 
market and the CFPB has incorporated this information into cost 
calculations below. The CFPB notes that the general criticism of a lack 
of quantification generally was not accompanied by submissions of data 
that would aid in further quantifying potential costs or benefits that 
were not quantified in the proposal.\388\
---------------------------------------------------------------------------

    \388\ The Proposed Rule sought ``submissions of additional data 
that could inform the CFPB's analysis of the costs, benefits, and 
impacts of the Proposed Rule.'' 88 FR 80197, 80211.
---------------------------------------------------------------------------

    Above and further below, the Rule discusses how expanding the 
supervisory authority of the CFPB to cover this market will help 
increase compliance.

D. Potential Benefits and Costs to Consumers and Covered Persons

    The discussion below describes three categories of potential 
benefits and costs. First, the Final Rule authorizes the CFPB's 
supervision of larger participants of a market for general-use digital 
consumer payment applications. Larger participants of the market may 
respond to the possibility of CFPB supervision by changing their 
compliance systems and conduct, and those changes may result in costs, 
benefits, or other impacts. Second, if the CFPB undertakes supervisory 
activity of specific larger participant providers of general-use 
digital consumer payment applications, those entities may incur costs 
from responding to supervisory activity, and the results of these

[[Page 99643]]

individual supervisory activities also may produce benefits and costs. 
Third, the CFPB analyzes the costs that might be associated with 
entities' efforts to assess whether they would qualify as larger 
participants under the Rule.
1. Benefits and Costs of Responses to the Possibility of CFPB 
Supervision Conducting an Examination or Other Supervisory Activities
    The Final Rule subjects larger participants of a market for 
general-use digital consumer payment applications to CFPB supervision. 
As described in the Proposed Rule, that the CFPB will be authorized to 
undertake supervisory activities with respect to a nonbank covered 
person who qualifies as a larger participant would not necessarily mean 
that the CFPB would in fact undertake such activities regarding that 
covered person in the near future. Rather, the CFPB generally would 
examine certain larger participants on a periodic or occasional basis. 
The CFPB's decisions about supervision are informed, as applicable, by 
the factors set forth in CFPA section 1024(b)(2) \389\ relating to the 
size and transaction volume of larger participants, the risks to 
consumers created by their provision of consumer financial products and 
services, the extent of State consumer protection oversight, and other 
factors the CFPB may determine are relevant. Part I of the Final Rule 
provides additional background on the CFPB's risk-based prioritization 
process (including how it considers field market intelligence), which 
is not the subject of this rulemaking. Each entity that believes it 
qualifies as a larger participant will know that it is subject to CFPB 
supervision and might gauge, given its circumstances, the likelihood 
that the CFPB would initiate an examination or other supervisory 
activity.
---------------------------------------------------------------------------

    \389\ 12 U.S.C. 5514(b)(2).
---------------------------------------------------------------------------

    The prospect of potential CFPB supervisory activity could create an 
incentive for larger participants to allocate additional resources and 
attention to compliance with Federal consumer financial law, 
potentially leading to an increase in the level of compliance. They 
might anticipate that by doing so (and thereby decreasing risk to 
consumers), they could decrease the likelihood of their actually being 
subject to supervisory activities as the CFPB evaluated the factors 
outlined above. In addition, an actual examination would be likely to 
reveal past or present noncompliance, which the CFPB could seek to 
correct through supervisory activity or, in some cases, enforcement 
actions. Larger participants therefore might judge that the prospect of 
CFPB supervision increases the potential consequences of noncompliance 
with Federal consumer financial law, and they might seek to decrease 
that risk by taking steps to identify and cure or mitigate any 
noncompliance before the CFPB conducts an examination.
    The CFPB believes it is likely that many larger participants would 
increase compliance in response to the CFPB's supervisory activity 
authorized by the Final Rule. However, because the Final Rule itself 
would not require any provider of general-use digital consumer payment 
applications to take such action, any estimate of the amount of 
increased compliance would require both an estimate of current 
compliance levels and a prediction of market participants' behavior in 
response to a Final Rule. The data that the CFPB currently has do not 
support a specific quantitative estimate or prediction. But, to the 
extent that nonbank entities allocate resources to increasing their 
compliance in response to the Final Rule, that response would result in 
both benefits and costs.\390\
---------------------------------------------------------------------------

    \390\ Another approach to considering the benefits, costs, and 
impacts of the Proposed Rule would be to focus almost entirely on 
the supervision-related costs for larger participants and related 
benefits of any increased compliance resulting from examination 
activity and omit a broader consideration of the benefits and costs 
of increased compliance by entities in anticipation of such 
examination activity. As noted above, the CFPB has, as a matter of 
discretion, chosen to describe a broader range of potential effects 
to inform the rulemaking more fully.
---------------------------------------------------------------------------

Benefits From Increased Compliance Based on Possibility of CFPB 
Examination
    Increased compliance with Federal consumer financial laws by larger 
participants in the market for general-use digital consumer payment 
applications would be beneficial to consumers who use general-use 
digital payment applications. Increasing the rate of compliance with 
Federal consumer financial laws would benefit consumers and this market 
by providing more of the protections mandated by those laws.
    Entities are aware that the CFPB would be examining for compliance 
with applicable provisions of Federal consumer financial laws, 
including the EFTA and its implementing Regulation E, as well as the 
privacy provisions of the GLBA and their implementing Regulation 
P.\391\ In addition, the CFPB would be examining for whether larger 
participants of the market for general-use digital consumer payment 
applications engage in unfair, deceptive, or abusive acts or 
practices.\392\ Conduct that does not violate an express requirement of 
another Federal consumer financial law may nonetheless constitute an 
unfair, deceptive, or abusive act or practice. To the extent that any 
provider of general-use digital consumer payment applications is 
currently engaged in any unfair, deceptive, or abusive acts or 
practices, the cessation of the unlawful act or practice would benefit 
consumers. Providers of general-use digital consumer payment 
applications might improve compliance policies and procedures in 
response to possible supervision in order to avoid engaging in unfair, 
deceptive, or abusive acts or practices.
---------------------------------------------------------------------------

    \391\ The CFPB also can supervise larger participants for other 
Federal consumer financial laws that apply, including rules that 
have recently taken effect, such as the CFPB's nonbank registration 
regulation at 12 CFR part 1092, or for which compliance is mandatory 
in the future, such as its Personal Financial Data Rights Rule.
    \392\ 12 U.S.C. 5531.
---------------------------------------------------------------------------

    The possibility of CFPB supervision also may help to make 
incentives to comply with Federal consumer financial laws more 
consistent between the likely larger participants and insured banks and 
insured credit unions, which are subject to Federal supervision with 
respect to Federal consumer financial laws. Although some nonbank 
market participants already are subject to State supervision and also 
may be supervised by Federal prudential regulators in certain 
capacities, introducing the possibility of Federal supervision that 
applies to market activities regardless of the degree to which they are 
subject to State or Federal prudential regulatory oversight could 
encourage nonbanks that likely are larger participants to devote 
additional resources to compliance. It also could help to ensure that 
the benefits of Federal oversight reach consumers who do not have ready 
access to bank-provided general-use digital consumer payment 
applications.
Comments Concerning Benefits of Increased Compliance Based on 
Possibility of CFPB Examination
    Two industry association commenters expressed doubt about whether 
there would be benefits to consumers from larger participants 
increasing compliance with Federal consumer financial laws in 
anticipation of a possible CFPB supervisory examination due to the data 
gaps described in the proposal and the lack of an estimate regarding 
the number of supervisory examinations the CFPB plans to undertake in 
any given year. These commenters moreover suggested that companies that 
believe they are larger participants will have to assume they

[[Page 99644]]

will be examined such that all potential larger participants would 
experience the increased anticipation cost associated with being 
subject to the rule.
Response to Comments
    With respect to data gaps in the analysis of larger participant 
status, the CFPB notes that larger participants likely possess more 
information than the CFPB regarding their own transaction volume, 
revenue and/or employee counts necessary to determine their larger 
participant status. The CFPB expects the higher threshold of 50 million 
annual transactions to reduce uncertainty among potential larger 
participants as to their larger participant status. While the CFPA and 
CFPB regulations thereunder do not require larger participants to 
prepare for the examination process before they receive notice of an 
actual examination, the CFPB believes it is plausible that many larger 
participants would respond to the incentives described above as part of 
their risk-management strategy, especially if they expect there to be a 
reasonable chance of examination in the near future. Commenters did not 
offer evidence to the contrary. Part V of the Final Rule above provides 
additional discussion of general comments concerning the Final Rule's 
promotion of compliance with Federal consumer financial law.
Costs of Increased Compliance Based on Possibility of CFPB Examination
    To the extent that nonbank larger participants would decide to 
increase resources dedicated to compliance in response to the 
possibility of increased supervision, the entities would bear any cost 
of any changes to their systems, protocols, or personnel. Whether and 
to what extent entities would increase resources dedicated to 
compliance and/or pass those costs on to consumers would depend not 
only on the entities' current practices and the changes they decide to 
make, but also on market conditions. The CFPB lacks detailed 
information with which to predict the extent to which increased costs 
would be borne by providers or passed on to consumers, to predict how 
providers might respond to higher costs, or to predict how consumers 
might respond to increased prices, and commenters did not provide such 
detailed information in their comments. The CFPB further considers and 
responds to related comments about the cost of compliance enhancements 
below.
2. Benefits and Costs of Individual Supervisory Activities
    In addition to the responses of larger participants anticipating 
supervision, the possible consequences of the Final Rule would include 
the responses to and effects of individual examinations or other 
supervisory activity that the CFPB might conduct with respect to larger 
participants in the market for general-use digital consumer payment 
applications.
Benefits of Supervisory Activities
    In the CFPB's experience, supervisory activity generally provides 
several types of benefits. As discussed above, the CFPB operates a 
risk-based nonbank supervision program, and prioritizes markets and 
individual entities for supervisory activity on the basis of a risk 
assessment that considers the factors listed in CFPA section 
1024(b)(2). Due to this risk-based approach, in the CFPB's experience, 
the CFPB's nonbank supervisory activities often uncover compliance 
deficiencies indicating harm or risks of harm to consumers.\393\ In its 
supervision and examination program, the CFPB generally prepares a 
supervisory letter or report of each examination. The CFPB shares 
examination findings with the supervised entity because one purpose of 
supervision is to inform the entity of problems detected by examiners. 
Thus, for example, an examination may find evidence of widespread 
noncompliance with Federal consumer financial law, or it may identify 
specific areas where an entity has inadvertently failed to comply, or 
it may identify weaknesses in compliance management systems including 
policies and procedures. These examples are only illustrative of the 
kinds of information an individual examination may identify.
---------------------------------------------------------------------------

    \393\ See, e.g., response to general comments in part V above 
citing examples of Supervisory Highlights issues that identified 
compliance deficiencies, violations of Federal consumer financial 
law, and risks of violations of Federal consumer financial law by 
nonbank covered persons, including larger participants in other 
markets.
---------------------------------------------------------------------------

    Detecting and informing supervised entities about such problems is 
generally beneficial to consumers including by identifying issues 
before they become systemic or cause significant harm. When the CFPB 
notifies entities about risks or noncompliance associated with aspects 
of their activities, the entities are expected to adjust their 
practices to reduce those risks. In the CFPB's experience, those 
responses frequently result in increased compliance with Federal 
consumer financial law, with benefits like those described above in 
connection with the possibility of CFPB examination. However, the 
benefits in connection with individual supervisory activities may be 
greater because the CFPB often will identify specific acts or practices 
that violate Federal consumer financial law and direct specific 
corrective actions including compliance improvements as well as 
restitution and remediation. For more than a decade, the CFPB has 
regularly described these corrective actions, including by larger 
participants, in its Supervisory Highlights publication.\394\ Such 
responses can also avert violations that would have occurred if CFPB 
supervision did not detect the risk or noncompliance promptly. In some 
circumstances, the CFPB also informs entities about acts or practices 
that risk violating Federal consumer financial law. Action to reduce 
those risks is also a benefit to consumers.
---------------------------------------------------------------------------

    \394\ See, e.g., id.; see also Supervisory Highlights (website 
compendium of all of these publications), supra, at https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last 
visited Oct. 17, 2024).
---------------------------------------------------------------------------

    Given the obligations providers of general-use digital consumer 
payment applications have under Federal consumer financial law and the 
existence of efforts to enforce such laws, including by the CFPB and 
States,\395\ and based on the CFPB's supervisory experience in other 
markets, the CFPB also expects that the results of CFPB supervision 
will benefit larger participants under supervision by detecting 
compliance problems early. When an entity's noncompliance results in 
litigation or an enforcement action, the entity must face both the 
costs of defending its action and the penalties for noncompliance, 
including potential liability to private plaintiffs. The entity must 
also adjust its systems to ensure future compliance. Changing practices 
that have been in place for long periods of time can be expected to be 
relatively difficult because they may be severe enough to represent a 
serious failing of an entity's systems. Supervision may detect flaws at 
a point when correcting them would be relatively inexpensive. Catching 
problems early, in some situations, can forestall costly litigation. To 
the extent early correction limits the amount of consumer harm caused 
by a violation, it can help limit the cost of redress. In short, 
supervision is likely to benefit providers of general-use digital 
consumer payment applications under

[[Page 99645]]

supervision by, in the aggregate, reducing the need for other more 
expensive activities to achieve compliance.\396\
---------------------------------------------------------------------------

    \395\ See, e.g., CFPB, Interpretive Rule, Authority of States to 
Enforce the Consumer Financial Protection Act of 2020, 87 FR 31940 
(May 26, 2022) (interpreting CFPA section 1042 and related 
provisions).
    \396\ Further potential benefits to consumers, covered persons, 
or both might arise from the CFPB's gathering of information during 
supervisory activities. The goals of supervision include informing 
the CFPB about activities of market participants and assessing risks 
to consumers and to markets for consumer financial products and 
services. The CFPB may use this information to improve regulation of 
consumer financial products and services and to improve enforcement 
of Federal consumer financial law, in order to better serve its 
mission of ensuring consumers' access to fair, transparent, and 
competitive markets for such products and services. Benefits of this 
type would depend on what the CFPB learns during supervision and how 
it uses that knowledge. For example, because the CFPB might examine 
a number of larger participants in the market for general-use 
digital consumer payment applications, the CFPB would build an 
understanding of how effective compliance systems and processes 
function in that market.
---------------------------------------------------------------------------

Comments Regarding Benefits to Compliance
    The CFPB received differing comments regarding the potential 
compliance benefits of the Rule. Three nonprofits and one company 
commented that the proposal lacked support for the claimed benefit to 
consumers from increased compliance because the CFPB failed to 
demonstrate a baseline lack of compliance with Federal consumer 
financial laws. For example, one commenter stated that the proposal did 
not provide data to show that supervision and compliance positively 
correlate with consumer welfare. The company commenter criticized that 
the Bureau did not explain how much compliance there currently is and 
how much incremental compliance would be achieved by supervision. None 
of these commenters provided additional information that would aid in 
quantifying current compliance levels. In contrast, other commenters, 
including consumer groups, an industry commenter, and a group of State 
attorneys general, discussed related and additional potential benefits 
of the Rule without quantifying these specifically, including: ensuring 
compliance of payment applications and digital wallet providers with 
EFTA and the error resolution responsibilities of Regulation E; the 
improved ability of the CFPB to coordinate with State regulators to 
prevent or address violations of the prohibition against unfair, 
deceptive, and abusive acts and practices; effective oversight of 
compliance with the privacy provisions of the GLBA in order to address 
data privacy issues imposed by digital payment applications; and an 
improved ability of the CFPB to monitor payment fraud, which one 
consumer advocate commenter described as extremely common.
    Three industry association commenters claimed that the proposal 
overstated the benefits of supervision under the Federal consumer 
financial laws it referenced because, commenters asserted, many market 
participants are not financial institutions under the EFTA and GLBA and 
their respective implementing regulations, and the Rule would therefore 
not have the stated compliance benefits for consumers of the products 
of those firms. Similarly, another industry association and one company 
asserted that pass-through wallets or payment method wallets are not 
subject to Regulation E.
    Two of the above-mentioned commenters from industry associations 
further stated that the proposal overstated benefits to consumers of 
supervision due to already-existing State and Federal oversight that 
they argued would be duplicative of the additional oversight 
established by this Rule. In contrast, several State attorneys general 
submitted a comment letter stating that the Rule would help existing 
regulatory oversight efforts in the market and would allow Federal and 
State authorities to coordinate to prevent unlawful conduct.
Response to Comments
    The CFPB agrees with several commenters that this Rule provides 
potential benefits to consumers that may arise through increased 
supervision for compliance with Federal consumer financial laws 
including the CFPA's prohibition against unfair, deceptive, and abusive 
acts and practices, EFTA and Regulation E, and Regulation P and the 
privacy protections of the GLBA.
    The CFPB disagrees with comments suggesting that the CFPB must 
estimate or quantify the baseline level of non-compliance in the market 
in order to conclude that the Rule is likely to increase compliance. 
Such comments are inconsistent with the CFPB's supervisory experience. 
As discussed above, the CFPB's risk-based supervision program is 
designed to prioritize supervisory activity among nonbank covered 
persons on the basis of risk, and thus to focus on those activities 
where consumers have the greatest potential to be harmed. Further, 
following the issuance of its five prior larger participant rules, the 
CFPB has successfully used its supervisory authority to detect 
violations and promote compliance in each of the markets covered by 
those rules, as reflected in its Supervisory Highlights 
publication.\397\ Above, the CFPB provides additional discussion of 
comments concerning the Final Rule's promotion of compliance with 
Federal consumer financial law, including comments stating that the 
CFPB should measure the baseline level of non-compliance before issuing 
this Rule.
---------------------------------------------------------------------------

    \397\ See CFPB, Supervisory Highlights (website compendium of 
all of these publications), at https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited Oct. 17, 2024).
---------------------------------------------------------------------------

    With respect to comments that some market participants are not 
financial institutions subject to EFTA and GLBA, as discussed in the 
section-by-section analysis above, this rulemaking does not prescribe 
substantive consumer protections or otherwise determine the scope of 
those laws. Regardless, supervision of those entities that are 
financial institutions for their compliance with those laws will still 
benefit consumers. More broadly, the Bureau will examine whether larger 
participants in the market for general use digital payment applications 
engage in unfair, deceptive, or abusive acts or practices.\398\ As 
covered persons, larger participants are subject to the CFPA's 
prohibition against such acts and practices. To the extent that any 
larger participant or its service provider currently is engaged in any 
such act or practice, the cessation of the unlawful act or practice 
will benefit consumers.\399\
---------------------------------------------------------------------------

    \398\ 12 U.S.C. 5531.
    \399\ The CFPB Supervision and Examination Manual provides 
further guidance to CFPB examiners on how the prohibition against 
unfair, deceptive, and abusive acts and practices applies to 
supervised entities. See CFPB Supervision and Examination Manual, 
part II.C (UDAAP statutory-based procedures).
---------------------------------------------------------------------------

    With respect to comments regarding existing oversight, as discussed 
further above, the CFPB agrees with the group of State attorneys 
general who stated that the rule would help existing regulatory 
oversight efforts in the market and would allow Federal and State 
authorities to coordinate to prevent unlawful conduct. The CFPB 
disagrees with comments suggesting that the CFPB's supervision will be 
duplicative of existing State and other Federal regulatory oversight. 
As discussed further above, in the response to general comments on this 
topic in the section-by-section analysis of the Final Rule, and in the 
background section of the rule in part II, the CFPB coordinates its 
supervisory activities with Federal prudential regulators, the FTC, and 
States in order to avoid duplication. Furthermore, there is currently 
no Federal program for supervision of nonbank covered persons in the 
market for general-use digital consumer

[[Page 99646]]

payment applications with respect to Federal consumer financial law 
compliance, and this Rule will fill that gap.
Costs of Supervisory Activities
    The potential costs of actual supervisory activities would arise in 
two categories. The first category would be the cost to individual 
larger participants of supporting supervisory activity itself. The 
second category would involve any costs to individual larger 
participants of increasing compliance in response to the CFPB's 
findings during supervisory activity and to supervisory actions. These 
costs in the second category, discussed further below, would be similar 
in nature to the possible compliance costs based on the possibility of 
CFPB examination, described above, that larger participants in general 
may incur in anticipation of possible supervisory actions. This 
analysis will not repeat that discussion. As the CFPB Supervision and 
Examination Manual notes, the reason entities need a sound compliance 
management system is ``[t]o maintain legal compliance'' with Federal 
consumer financial law.\400\ That is the case regardless of whether the 
entity is examined by the CFPB. For that reason, if a company already 
has established a sound compliance management system or improves that 
system in anticipation of possible CFPB supervisory actions as 
discussed above, then it is less likely to incur the costs in this 
second category described further below in response to actual CFPB 
supervisory activities.\401\
---------------------------------------------------------------------------

    \400\ See CFPB Supervision and Examination Manual, part II.A 
(compliance management review examination procedures).
    \401\ A comment by an industry association stated that the 
proposal's estimate of the cost of supporting an examination 
``seem[ed] to ignore'' costs related to establishing compliance 
programs and systems. However, that comment appears to have 
misunderstood the scope of that estimate. The CFPB does not consider 
the costs of establishing a compliance management system to be part 
of the cost of supporting the supervisory activity itself. Rather, 
the CFPB considers the costs of establishing or improving a 
compliance management system, if they are incurred, as either borne 
in anticipation of its supervisory activity (discussed above) or in 
response to findings of its supervisory activity (the second 
category of costs, discussed below). In any event, the Final Rule 
itself does not impose any requirements related to the establishment 
of a compliance management system. Firms are expected to have the 
systems and policies necessary to ensure they comply with existing, 
applicable substantive legal requirements, such as EFTA, its 
implementing Regulation E, the privacy provisions of the GLBA, their 
implementing Regulation P, and the CFPA's prohibition against 
unfair, deceptive, or abusive acts or practices. The CFPB's 
Supervision and Examination Manual describes aspects of compliance 
management that examiners review, but does not impose requirements; 
firms have flexibility in designing those systems and policies.
---------------------------------------------------------------------------

    With respect to the first category of cost of supervisory 
activities, those activities may involve requests for information or 
records, on-site or off-site examinations, or some combination of these 
activities. For example, in an on-site examination, CFPB examiners 
generally contact the entity for an initial conference with management. 
That initial contact often is accompanied by a request for information 
or records. Based on the discussion with management and an initial 
review of the information received, examiners determine the scope of 
the on-site exam. While on-site, examiners spend some time in further 
conversation with management about the entity's policies, procedures, 
and processes. The examiners also review documents, records, and 
accounts to assess the entity's compliance and evaluate the entity's 
compliance management system. As with the CFPB's other examinations, 
examinations of nonbank larger participants in the market for general-
use digital consumer payment applications may involve issuing 
confidential supervisory letters or examination reports and compliance 
ratings. The CFPB Supervision and Examination Manual describes the 
supervision process and indicates what materials and information an 
entity could expect examiners to request and review, both before they 
arrive and during their time on-site.
    The primary costs an entity would face in connection with 
supporting an examination would be the cost of employees' time to 
collect and provide the necessary information. The frequency, duration, 
and scope of examinations of any particular entity would depend on a 
number of factors, including the size and transaction volume of the 
entity, the compliance or other risks identified, the extent of State 
consumer protection oversight, and other relevant factors, such as 
whether the entity has been examined previously, and the demands on the 
CFPB's supervisory resources imposed by other entities and markets. 
Nevertheless, some rough estimates may provide a sense of the magnitude 
of potential staff costs that larger participants may incur in 
supporting the examination of their consumer financial products and 
services.\402\
---------------------------------------------------------------------------

    \402\ In addressing comments in part V above, the Final Rule 
notes that the market definition, market-related definitions, and 
larger participant test do not depend or rely on the CFPB's position 
that the CFPA authorizes supervision and examination of all of the 
consumer financial products and services provided by nonbank covered 
persons subject to CFPA section 1024(a). This rule does not 
determine the extent to which the CFPB would examine other consumer 
financial products and services provided by larger participants 
besides general-use digital consumer payment applications. 
Nonetheless, the CFPB considers that the cost to a larger 
participant of supporting a typical eight-week on-site examination 
should not vary significantly depending on which consumer financial 
products or services are scoped into the examination.
---------------------------------------------------------------------------

    The cost of supporting supervisory activity may be calibrated using 
prior CFPB experience in supervision. In the proposal, the CFPB 
outlined that examinations of larger participants in the market for 
general-use digital consumer payment applications would be anticipated 
to be approximately eight weeks on average,\403\ with an additional two 
weeks of preparation. This estimate assumed that each examination would 
require two weeks of preparation time by staff of larger participant 
providers of general-use digital consumer payment applications prior to 
the examination as well as on-site assistance by staff throughout the 
duration of the examination. The CFPB has not suggested that counsel or 
any particular staffing level is required during an examination. 
However, based on prior estimates, the CFPB assumed in the Proposed 
Rule that an entity might dedicate the equivalent of one full-time 
compliance officer and one-tenth of the time of a full-time attorney to 
assist with an exam. The national average hourly wage of a compliance 
officer is $39; the national average hourly wage for an attorney is 
$85.\404\ These averages accounted for the likelihood that some 
compliance officers and attorneys will earn below or above the national 
average. Assuming that wages and salaries account for 70.3 percent of 
total compensation for private industry workers, the CFPB estimated in 
the proposal that the total employer cost of labor to comply with an 
examination would amount to approximately $25,000.\405\
---------------------------------------------------------------------------

    \403\ For an estimate of the length of examination, see Board of 
Gov. of Fed. Res. System Office of Inspector General, The Bureau Can 
Improve Its Risk Assessment Framework for Prioritizing and 
Scheduling Examination Activities (Mar. 25, 2019) at 13, at https://oig.federalreserve.gov/reports/bureau-risk-assessment-framework-mar2019.pdf. (last visited Oct. 31, 2023).
    \404\ For current U.S. Bureau of Labor Statistics (BLS) 
estimates of mean hourly wages of these occupations, see BLS, 
Occupational Employment and Wages, May 2023, 13-1041 Compliance 
Officers, at https://www.bls.gov/oes/current/oes131041.htm#(1) (last 
visited Aug. 15, 2024); BLS, Occupational employment and Wages, May 
2023, 23-1011 Lawyers, at https://www.bls.gov/oes/current/oes231011.htm (last visited Aug. 15, 2024).
    \405\ See BLS, Employer Costs for Employee Compensation--March 
2024 (table 1 for 2024 Q1 estimates of the share of wages and 
salaries in total compensation of private sector workers), at 
https://www.bls.gov/news.release/pdf/ecec.pdf. (last visited Aug. 
15, 2024). This cost is calculated as follows: ((((0.1 x $84.84) + 
$38.55)/0.703)) x 40 hours x 10 weeks.

---------------------------------------------------------------------------

[[Page 99647]]

Comments Received
    The CFPB received comments on the Proposed Rule advocating for 
higher estimates of the entity's cost of supporting supervisory 
activity, including on the wage and or salary level used in the 
analysis and on the number of employees typically called upon to 
support a supervisory exam. For example, two industry associations and 
one commenter stated that the types of staff tasked with supervisory 
examinations at large technology firms are highly specialized and 
compensated at rates that are higher than the national average. Two of 
these commenters provided alternative estimates for wages and salaries 
based on industry publications or U.S. Bureau of Labor Statistics (BLS) 
compensation estimates for firms with 500 workers or more. A commenter 
from a non-profit associated with the cryptocurrency industry stated 
that companies would devote ``hundreds of thousands of dollars on 
support services'' but did not describe the components of these costs 
or provide evidence to substantiate this claim. A law firm representing 
an interested party likewise criticized the examination cost estimate 
of approximately $25,000 as an underestimate and cited a former CFPB 
Deputy Director stating that the costs would amount to ``at least ten 
times that'' estimate, but did not provide a detailed explanation of 
the estimated cost components.
    Relatedly, two industry associations stated that companies may hire 
consultants and outside counsel to support an examination, in addition 
to attorneys, compliance officers and other staff. Another industry 
commenter provided a link to an industry study finding that the top 100 
U.S. law firms charge clients on average $917 per hour for outside 
counsel. Neither commenter elaborated on the frequency or magnitude of 
this practice, including the share of firms that would hire outside 
counsel or the number of hours they would contract to support company 
responses to requests for information from CFPB examiners.
    Several industry commenters suggested larger participants would be 
likely to dedicate multiple compliance officers and attorneys to the 
preparation and support of a supervisory examination. For example, one 
company commenter asserted that both the preparation and the support 
for an actual examination would require multiple full-time compliance 
personnel and attorneys. Two other industry association commenters 
asserted that supporting an examination and meeting the CFPB's 
expectations for entities' compliance management systems would require 
``dozens of employees'' who collaborate across multiple departments in 
order to respond to information requests. One industry association 
stated that firms not previously supervised may increase staffing due 
to the lack of previous experience with CFPB examinations, and also due 
to what the commenter stated was antagonistic rhetoric by the CFPB 
toward this industry.
    The CFPB also received comments regarding the estimated length of a 
typical supervisory examination that asserted that the true length 
would be longer than two weeks of preparation and eight weeks of 
examination engagement. For example, one company stated that it takes a 
year to prepare for examinations and two industry association 
commenters stated that the full examination process including 
responding to follow-up requests spans multiple months and oftentimes 
over a year. However, none of these commenters provided a detailed 
accounting of specific duties, time estimates, or other evidence to 
substantiate these statements. Two further industry association 
commenters likewise questioned the two- plus eight-week examination 
timeline, indicating they thought a longer period to be more accurate, 
although neither provided an alternative length estimate.
    One industry association criticized that the CFPB declined to state 
the expected frequency of examinations. Several commenters stated that 
the cost of supervision could stifle new entry, innovation, competition 
and consumer access to the covered products, and that the proposal did 
not adequately account for these costs. For example, one commenter from 
a non-profit stated that the proposal's coverage of pass-through 
wallets could disincentivize offerings such as the tokenization of 
payments and credit products offered through wallets. Three additional 
commenters from industry associations asserted that the proposed 
transaction test of five million covered transactions was so low that 
it could lead to barriers to market entry, innovation, competition, and 
consumer access to these products. None of the commenters offered 
specific estimates or research to help quantify such potential costs, 
nor did they make suggestions of how to more adequately evaluate them 
qualitatively.
    Related to the impact of costs on consumers' access to covered 
products, some commenters claimed the proposal inadequately considered 
potential pass-through costs to consumers and merchants. For example, 
some Members of Congress expressed concern that supervisory costs could 
have a negative impact on merchants that use covered products. They 
cited an industry study that finds that, of the small and medium-sized 
businesses throughout nine global markets, including the United States, 
that responded to their survey, 73 percent reported digital payments to 
be ``fundamental to their growth.'' \406\ A non-profit and an industry 
association representative called for the CFPB to provide evidence that 
the Rule will not significantly impact small businesses or consumers.
---------------------------------------------------------------------------

    \406\ See VISA, Back to Business Global Study: 2022 Small 
Business Outlook, at https://usa.visa.com/dam/VCOM/blogs/visa-back-to-business-study-2022-outlook-jan22.pdf (last visited Aug. 26, 
2024). The nine markets include Brazil, Canada, Germany, Hong Kong, 
Ireland, Russia, Singapore, UAE and the United States. Percentages 
in the study are not necessarily representative of small and medium-
sized businesses in the United States.
---------------------------------------------------------------------------

    Some of these same commenters as well as a company commenter 
claimed the proposal did not adequately consider the potential for 
supervisory costs to be passed through to consumers. For example, the 
nonprofit commenter noted that supervisory costs could create barriers 
to entry into the market and increase prices to consumers. The company 
stated that payment method wallets are free to consumers and that the 
Rule's costs could lead to firms charging consumers for the product. An 
individual consumer questioned whether the Rule would lead firms to 
charge fees for covered products. One industry association suggested 
the use of the average dollar amount of transactions to estimate 
potential pass-through costs to consumers.
    Finally, an industry association commenter suggested that the Rule 
could increase the risk of privacy breaches and data leaks by 
increasing the number of individuals with access to sensitive, private 
information about customers of larger participants.
Response to Comments
    The CFPB acknowledges the concerns raised by industry comments 
that, in the context of this market, the cost of supervisory activities 
may generally be higher than suggested in the Proposed Rule, and the 
CFPB is revising certain estimates in the discussion that follows in 
response to those comments. As noted above and discussed further below, 
the cost of supervisory activities can vary based on a number of 
factors, and thus the costs of examination activities may differ among 
larger participants within the market defined in this Rule. Those costs 
are partly

[[Page 99648]]

within the control of larger participants, some of whom may choose to 
devote more resources to responding to supervisory activities than 
others (e.g., more staff time or support from outside counsel and 
consultants). In addition, as a general matter, the costs of 
supervisory activities are likely to be greater where examiners 
identify compliance violations or other risks to consumers, which are 
more likely to generate follow-up information requests and more 
extensive engagement with an entity as the CFPB attempts to correct the 
identified violations and address other risks.\407\ These variations 
mean that the cost figures provided in this section are necessarily 
rough estimates, and that individual larger participants' costs may 
diverge from these estimates.
---------------------------------------------------------------------------

    \407\ For the same reason, as a general matter, examinations 
with more extensive follow-up activities are more likely to provide 
benefits to consumers.
---------------------------------------------------------------------------

    While none of the commenters provided alternative estimates of 
examination costs that included specific salaries combined with 
staffing levels and alternative proposals of the average examination 
length, the following paragraphs describe how estimates would change 
under different salary, staffing and length assumptions. For these 
scenarios, the CFPB draws on comments provided on the proposal. In a 
first scenario, the alternative estimates below incorporate higher 
salary levels that some commenters suggested would be more accurate in 
this market. In a second scenario, the CFPB uses these higher salary 
estimates in conjunction with higher staffing levels than those 
discussed in the proposal. A third scenario introduces an example of 
when the combined preparation and examination time would be longer than 
the proposed ten weeks. Under this scenario, the CFPB provides 
alternative estimates for an examination lasting 12 weeks, under the 
assumption of the higher salaries from scenario one as well as under 
both the higher salary and higher staffing levels from scenario two.
    The CFPB does not have complete information pertaining to wages and 
salaries paid by all entities that may be subject to the Rule, and does 
not advocate for any particular wage or salary level for staff that 
support supervisory activities. However, the CFPB acknowledges that the 
cost to larger participants in this market of complying with a 
supervisory examination are likely to be higher than that of the 
average firm, in part because of where larger participants are located. 
For example, the top-paying metropolitan area for both compliance 
officers and lawyers is San Jose-Sunnyvale-Santa Clara, California, 
where the mean hourly wage for compliance officers is $56 and for 
lawyers is $129. Using these wage levels and the staffing assumptions 
set forth in the Proposed Rule,\408\ the estimated total employer cost 
of labor to comply with an examination would increase to approximately 
$39,000.\409\ This estimate is roughly $8,000 higher than the 
equivalent employer cost of labor suggested by one industry commenter 
on the Proposed Rule.\410\
---------------------------------------------------------------------------

    \408\ 88 FR 80197, 80213 (describing assumption of one full-time 
compliance officer and one-tenth of the time of a full-time attorney 
to assist with the examination for 10 weeks).
    \409\ This cost is calculated as follows: ((((0.1 x $129.12) + 
$55.83)/0.703)) x 40 hours x 10 weeks. An alternative way to 
calculate the costs imposed on entities that pay some of the highest 
national wages for compliance officers and attorneys would be to 
use, for example, the 90th percentile of wages rather than the mean. 
However, the BLS top codes (suppresses) wages above $115/hour for 
lawyers such that the official wage estimates above that threshold 
would be imprecise. The 90th percentile of national hourly wages for 
compliance officers was $59/hour. Using these wage estimates would 
yield a total employer cost of labor of approximately $40,000 to 
comply with a supervisory exam.
    \410\ One industry commenter, citing three industry 
publications, asserted that the median rate for a compliance officer 
with four-six years of experience is $91,500 and the annual base pay 
for the majority of in-house counsel in large cities is ``at least 
$200,000.'' Using these numbers, the total employer cost of an 
examination would be approximately $31,000 ((0.1 x (($200000 x 10)/
52)) + (91500 x 10/52))/0.703.
---------------------------------------------------------------------------

    Based on its review of comments, and in light of the higher 
transaction threshold in this Final Rule, the CFPB is providing 
additional estimates with respect to staffing the preparation and 
support of a supervisory examination in order to account for the fact 
that many entities are likely to choose higher staffing levels than 
those set forth in the proposal. The estimate of one full-time 
compliance officer and one tenth of one attorney took into account that 
there could be multiple individuals engaged part-time in an examination 
and part-time in other non-examination obligations. Although commenters 
did not provide precise or entirely consistent estimates regarding how 
larger participants are likely to staff examinations, the CFPB 
acknowledges that many larger participants in this market may choose to 
staff examinations with more full-time equivalent attorneys, compliance 
officers and other staff than is typically the case in previously 
supervised larger participant markets. The larger participants in this 
market are larger in terms of revenue compared to larger participants 
in other established larger participant markets.\411\ For illustrative 
purposes, the CFPB has estimated that an entity that pays salaries at 
the level of the highest-paying metropolitan area and staffs an 
examination with three full-time compliance officers, two full-time 
attorneys and one outside counsel that spends 30 hours throughout the 
duration of the two-week preparation and eight-week examination period, 
would incur costs close to $270,000 per examination.\412\ 
Alternatively, at this cost, the entity could staff the examination 
with more than five in-house staff if some of them work part-time on 
the examination and part-time on other duties. For example, some 
additional personnel may spend some number of hours on data analysis or 
coding or otherwise preparing materials for presentations to the CFPB, 
or may attend and provide information at the standard opening and 
closing meetings

[[Page 99649]]

for the examination, or other initial meetings where they provide a 
brief overview of discrete issues. These meetings typically last only a 
few hours. The CFPB does not have detailed information to reliably 
quantify the exact amount of time these additional employees would 
devote to such supporting activities, but does not expect these limited 
engagements to materially affect this estimate.
---------------------------------------------------------------------------

    \411\ For example, the 2012 debt collection rule estimated that 
168 of the 175 larger participants had annual receipts between $10 
million and $250 million, see 77 FR 65775, 65789. Among larger 
participants in the market covered by this Rule, average annual 
revenue was $208 billion in 2023. Higher revenue may indicate more 
complexity, or firms with higher revenue may decide to devote more 
resources to a supervisory examination because those costs comprise 
a small fraction of their operating budget. While it is reasonable 
to expect that larger participants in this market generally would 
devote more resources to a supervisory examination compared to many 
previous larger participants, the CFPB does not have information 
indicating that would necessarily always be the case.
    \412\ Without stating a specific number, one individual firm 
commented on the Proposed Rule that firms likely would staff 
supervisory examinations with multiple full-time compliance officers 
and multiple full-time attorneys and another industry association 
commenter asserted that firms would hire outside counsel to support 
an examination. Two industry trade associations stated that they 
expect larger participants to devote ``dozens'' of staff to a 
supervisory examination, but did not elaborate on the number of 
hours they would work or otherwise provide more specific numbers or 
information to substantiate that claim. Based on supervisory 
experience in other markets, the CFPB assumes in-house compliance 
officers spend more time on examinations than in-house attorneys. 
Therefore, in line with the general views of these commenters, the 
Bureau has assumed for purposes of its estimate that an entity would 
devote three full-time compliance officers, two full-time attorneys, 
and one outside counsel. Because outside counsel does not typically 
engage directly with examiners during the 10-week examination 
process described above, based on supervisory experience in other 
markets, the CFPB does not have data on how outside counsel is 
typically involved during a standard examination, but acknowledges 
that the larger participants in this specific market may seek 
outside advice on how to respond to and participate in an 
examination. The CFPB assumes the number of hours of outside counsel 
support in this scenario could be approximately 20 hours of 
preparation and 10 hours of support during the examination and 
assumes for illustrative purposes an hourly fee of $917 for outside 
counsel, as provided by one commenter. The cost of $270,000 is 
calculated as follows: ((((2 x $129.12) + (3 x $55.83))/0.703)) x 40 
hours x 10 weeks + (917 x 30).
---------------------------------------------------------------------------

    With regard to the company comment that claimed that preparation 
for supervisory examinations of nonbanks is generally ``a year-round 
affair,'' this commenter did not explain or support this claim. Nor 
does it fit with the CFPB's experience since entities generally do not 
receive notice a year in advance of a scheduled examination. This 
assumption also is not in line with the experience of the CFPB from the 
supervision of other larger-participant markets. Supervision typically 
involves requiring documents from time to time and conducting 
occasional in-depth examinations of a company typically over the 10-
week engagement period described above. For example, the CFPB may 
conduct supervisory monitoring activities throughout the year, 
including ``contacting the appropriate officer of the institution to 
discuss new products or services, events that may impact compliance 
management, and any questions raised by information reviewed by the 
[CFPB's central point of contact for supervision].'' \413\ However, 
these engagements generally are brief and often occur in the form of 
one phone call or videoconference. In contrast, during an in-depth 
examination of a company, CFPB examiners may ask to see a company's 
existing compliance policies and procedures, otherwise review a 
company's records and operations including for selected customer 
accounts, conduct interviews with personnel, and assess how the company 
complies with applicable Federal consumer financial laws. The scope of 
an examination will depend on, among other factors, the size and 
complexity of the firm.
---------------------------------------------------------------------------

    \413\ See CFPB Supervision and Examination Manual, part I.A 
(page 13 of Overview section).
---------------------------------------------------------------------------

    With respect to comments regarding post-examination costs, the CFPB 
acknowledges that entities may face such costs. While the estimated 
cost for a larger participant in this market to support a supervisory 
examination described above assumes two weeks of preparation and eight 
weeks of engagement with the CFPB, some examinations may result in a 
Potential Action and Request for Response (PARR) letter, which provides 
a supervised entity with notice of preliminary findings of conduct that 
may violate Federal consumer financial laws and advises the entity that 
the Bureau is considering taking supervisory action against the 
entity.\414\ In such an event, the CFPB estimates an additional two 
weeks of staff time necessary to respond to the PARR. In this third 
scenario of potentially higher examination costs, an additional two 
weeks would result in the cost of an examination increasing by 
approximately $8,000, to approximately $47,000, using the average wages 
of the top-paying metropolitan area, assuming staffing at the level set 
forth in the Proposed Rule. Under the higher salary and staffing 
assumptions described above, including three full-time compliance 
officers, two full-time attorneys and one outside counsel contracted 
for 80 additional hours of work on a PARR, an additional two weeks 
would increase the examination cost by approximately $122,000, to 
approximately $392,000.\415\
---------------------------------------------------------------------------

    \414\ See CFPB, Request for Information Regarding the Bureau's 
Supervision Program, 83 FR 7166, 7168 (Feb. 20, 2018).
    \415\ This scenario assumes that outside counsel become more 
intensively involved in the event of a PARR and devoted 80 hours to 
support the larger participant in responding to the PARR, in the 
event that the larger participant chose to engage outside counsel 
for $917 hourly. Examination costs of approximately $47,000 and 
$392,000 in scenarios with a PARR are calculated as (((0.1 x 
$129.12) + $55.83)/0.703) x 40 hours x 12 weeks and as (((2 x 
129.12) + (3 x 55.83))/0.703) x 40 hours x 12 weeks + (917 x 110), 
respectively.
---------------------------------------------------------------------------

    As stated in the proposal, the overall costs of supervision in the 
market for general-use digital consumer payment applications would 
depend on the frequency and extent of CFPB examinations and other 
supervisory activity. Neither the CFPA nor the Final Rule specifies a 
particular level or frequency of examinations.\416\ The frequency of 
examinations would depend on a number of factors, including the larger 
participants' size and volume of transactions; the CFPB's understanding 
of the conduct of market participants and the specific risks they pose 
to consumers; the extent of existing State consumer protection 
oversight; and other relevant factors, including the responses of 
larger participants to prior examinations and the demands that other 
markets make on the CFPB's supervisory resources. These factors can be 
expected to change over time, and the CFPB's understanding of these 
factors may change as it gathers more information about the market 
through its supervision and by other means. The CFPB therefore declines 
to predict, at this point, precisely how many examinations in the 
market for general-use digital consumer payment applications it would 
undertake in a given year.
---------------------------------------------------------------------------

    \416\ The CFPB declines to predict at this time precisely how 
many examinations it will undertake at each larger participant of 
general-use digital consumer payment applications. Based on its 
experience in examining larger participants in other markets, it 
does not expect to conduct an examination of each larger participant 
in this market each year. If the CFPB were to examine each entity 
estimated to be a larger participant of the market for general-use 
consumer digital payment applications once every two years, the 
expected annual labor cost of supervision per larger participant 
under the higher salary, staffing and examination length assumptions 
would be approximately $196,000 (the cost of one examination, 
divided by two), depending on the staffing and remuneration 
decisions of the larger participant as well as on whether the 
examination is followed up with a PARR.
---------------------------------------------------------------------------

    However, the CFPB notes that it is unlikely that all seven 
potential larger participants would undergo supervisory examinations in 
the same year. The frequency with which entities undergo supervision 
will determine the industry-wide costs. If each of the seven larger 
participants underwent examination every other year, the estimated 
annual direct cost of supervision would be around $137,000 industry-
wide using average wages of the top-paying metropolitan area and the 
examination length and staffing levels set forth in the proposal. Even 
at the highest range of estimates, where each entity devoted three 
full-time compliance officers, two full-time attorneys, and contracted 
110 hours of outside counsel with one of the largest 100 U.S. law 
firms, and all received a PARR, and half of the larger participants 
undergo supervision in any given year, the industry-wide estimated cost 
using the highest-paying metropolitan area wages would be approximately 
$1.4 million, or $392,000 x 3.5.
    With respect to the consideration of pass-through costs to 
consumers and merchants, the CFPB disagrees that it did not consider 
such potential impacts. The CFPB recognizes that many merchants provide 
website pay buttons that link to general-use digital consumer payment 
applications provided by unaffiliated third parties and that small 
businesses in particular may rely on those consumer financial products 
and services for growth. However, the CFPB expects the costs of 
supervisory examinations to not exceed $1.4 million industry-wide 
annually even if half of the larger participants were to undergo an 
extended supervisory examination every year, which is unlikely.\417\ As

[[Page 99650]]

stated in the proposal, the CFPB cannot foresee how larger participants 
may respond to the cost of supervision. One possibility is that larger 
participants absorb the entire cost of supervision. Another possibility 
is that they pass through the entire cost of supervision, or some 
fraction of the cost of supervision, to merchants and consumers. The 
extent to which larger participants would pass through their costs of 
supervision to merchants (for products that support payments for 
purchases) or consumers (for products that support purchases and/or 
payments to other consumers) will be limited by competitive forces in 
the market. For example, if one larger participant increases its fees 
for services, merchants or consumers may switch providers. This 
potential response to increased prices and competition for merchants' 
and consumers' business could prevent a full pass-through of costs. 
Moreover, the highest estimate of examination costs described in the 
scenarios above amounts to approximately $392,000 per larger 
participant, or 0.0002 percent of the average revenue (approx. $208 
billion) of the estimated seven larger participants.\418\ Because the 
examination support costs are a small fraction of the total revenue of 
larger participants, the CFPB believes it is less likely that these 
costs would cause firms to substantially change their business models.
---------------------------------------------------------------------------

    \417\ As discussed in the section-by-section analysis in part V, 
the estimates in this Rule do not reflect supervisory conclusions 
that particular entities are larger participants; once the Final 
Rule takes effect, the CFPB will make those assessments and will 
prioritize conducting supervisory activity at specific larger 
participants in this market based on risk as described in the 
Supervision and Examination Manual, consistent with CFPA section 
1024(b)(2). Therefore, the CFPB cannot predict in this Final Rule 
how many examinations or other types of supervisory events it will 
conduct at larger participants of this market in a given year. 
However, based on its experience with prioritization of supervisory 
activity at larger participants in five other markets, the CFPB 
believes it is unlikely that it would conduct eight-week on-site 
examinations of most or even many larger participants in a single 
year.
    \418\ Using revenue information from annual report filings with 
the U.S. Securities and Exchange Commission described above, the 
CFPB estimates the average total annual revenue of larger 
participants to be approximately $208 billion in 2023. As an 
alternative comparison, and in response to one industry commenter, 
this cost comprises approximately 0.0003 percent of larger 
participants' average annual total transaction value in 2021-2023. 
This number is likely higher in 2024, as the majority of data points 
for transaction values stem from 2021 and the market continued to 
expand during this period. In any event, the CFPB views this number 
as small.
---------------------------------------------------------------------------

    Even in the event that larger participants pass through the entire 
cost of the higher end of the CFPB examination support cost estimates 
to merchants that use these products, the cost per merchant likely 
would be very small. One industry study estimates that there were 13.7 
million online stores in 2024.\419\ If 59 percent of merchants use buy 
buttons, as indicated by one industry report,\420\ then roughly 8.1 
million online merchants use these products. The CFPB estimates that 
seven larger participants are responsible for approximately 98 percent 
of transactions in the market. Therefore, even if larger participants 
that underwent an examination were to pass through 100 percent of $1.4 
million in estimated annual examination costs (under the higher 
estimate) to approximately eight million merchants, the amount per 
merchant would likely be low. Measured against the $1.1 trillion in 
online retail sales in 2023, the Bureau views this cost to be 
negligible and not large enough to discourage entry, innovation or 
growth among merchants that use or would like to use these 
products.\421\ Likewise, the CFPB views the cost relative to the gains 
from doing business in this market as too low to disincentivize 
offering credit products through wallets, in particular as a lender's 
own app-based lending activity can be excluded by paragraph (D) of the 
definition of ``consumer payment transaction'' as discussed in part V 
of the rule. With respect to the statement by one commenter that the 
cost of the Rule could disincentivize investments in the tokenization 
of payments, as discussed in part V above, the commenter did not 
commenter did not explain why larger participants would seek to offset 
the costs of CFPB examination by reducing investment specifically in 
anti-fraud protections or provide evidence to support its view, and the 
CPFB notes that the Rule also could incentivize investments.
---------------------------------------------------------------------------

    \419\ See Capital One, Total Number of Online Stores (July 24, 
2024), at https://capitaloneshopping.com/research/number-of-online-stores/ (last visited Aug. 26, 2024).
    \420\ See PYMNTS, 6 in 10 Subscription Merchants Drive 
Conversion with `Buy Buttons,' at https://www.pymnts.com/subscriptions/2023/60percent-subscription-merchants-drive-conversion-with-buy-buttons/ (last visited Aug. 26, 2024).
    \421\ For e-commerce retail sales, see the Federal Reserve Bank 
of St. Louis, E-Commerce Retail Sales, at https://fred.stlouisfed.org/series/ECOMSA (last visited Aug. 26, 2024).
---------------------------------------------------------------------------

    As explained above, the CFPB also does not expect larger 
participants to pass through the full cost of supervisory examinations 
to consumers directly. However, even if they passed through $1.4 
million annually to the millions of consumers who use these products, 
the cost per consumer would likely be low.\422\
---------------------------------------------------------------------------

    \422\ See U.S. Census Bureau, National Population by 
Characteristics: 2020-2023, at https://www.census.gov/data/tables/time-series/demo/popest/2020s-national-detail.html (last visited 
Aug. 26, 2024); see, e.g., Pew 2022 Payment App Article, supra.
---------------------------------------------------------------------------

    As a result of some examinations, supervised entities may incur 
costs associated with addressing the CFPB's supervisory communications 
and actions, such as by making changes to its compliance systems or 
procedures. As noted above, the CFPB considers these costs as a 
separate category of costs from the costs of supporting an exam. Where 
appropriate, in exercising its supervisory authority, the CFPB conveys 
its findings, conclusions, expectations, and recommendations to a 
supervised entity regarding its compliance, and utilizes various forms 
of supervisory communications and actions to promote compliance and 
address associated risks.\423\ The CFPB's supervisory communications 
may specify corrective actions such as changes to practices and 
operations, payment of remediation to consumers,\424\ and steps to 
prevent such violations from occurring or recurring, including 
compliance-management-system improvements. In the CFPB's experience, 
when an entity adopts preventive measures in response to those types of 
CFPB supervisory communications and actions, the entity's actions 
generally will reduce risk of violation of Federal consumer financial 
law. As such, these costs may be necessary to maintain compliance with 
Federal consumer financial law, as described in the CFPB Supervision 
and Examination Manual. In any event, the CFPB is not able to estimate 
these costs in advance, as such costs will vary depending on the nature 
and scope of the CFPB's supervisory communications and actions and the 
entity's response. As discussed above, in many cases CFPB supervision 
also may benefit providers under supervision by detecting compliance 
problems early, which can reduce costs in the long run.
---------------------------------------------------------------------------

    \423\ See, e.g., CFPB Bulletin 2021-01, supra.
    \424\ See id.
---------------------------------------------------------------------------

    Regarding the risk of privacy breaches, the CFPB agrees with the 
commenter that consumer data privacy is important. The CFPB recognizes 
that data privacy breaches can impose costs on consumers and firms and 
therefore adheres to the Federal requirements to reduce the risk of 
data and other privacy breaches. For example, the CFPB complies with 
requirements provided in the Presidential Executive Orders, Federal 
Information Security Management Act (FISMA), applicable Office of 
Management and Budget (OMB) Memoranda, U.S. Department of Homeland 
Security (DHS) Cybersecurity

[[Page 99651]]

and Infrastructure Security Agency (CISA) Binding Operational 
Directives, as well as National Institute of Standards and Technology 
(NIST) Federal Information Processing Standards and Special 
Publications, and other applicable guidance. Further, CFPB implements 
improvements from annual information security audits of its data 
security practices by the Office of Inspector General (OIG), the 
Government Accountability Office (GAO) and other auditors, as 
recommended. The CFPB believes that these steps mitigate the risk of 
privacy breaches.
3. Costs of Assessing Larger-Participant Status
    Providers of general-use digital consumer payment applications 
might decide to incur costs to assess whether they qualify as larger 
participants, to respond to CFPB requests for information to assess 
larger participant status under 12 CFR 1090.103(d), or potentially to 
dispute their status.\425\ Larger-participant status would depend on 
both a nonbank's aggregate annual covered consumer payment transaction 
volume and whether the entity is a small business concern based on the 
applicable SBA size standard. The CFPB expects that many market 
participants already assemble general data related to the number of 
transactions that they provide for general-use digital consumer payment 
applications. Moreover, many providers are required to report certain 
transaction data to State regulators.\426\
---------------------------------------------------------------------------

    \425\ A nonbank covered person that is subject to certain orders 
may be required to register pursuant to the CFPB's nonbank 
registration regulation, 12 CFR part 1092. If such a registered 
entity is not already supervised by the CFPB under section 1024(a), 
and it participates in this market, then it may need to assess its 
larger participant status to determine whether it must comply with 
certain additional requirements under that rule that may apply to 
persons supervised under CFPA section 1024(a), including larger 
participants. See also response to general comments on promoting 
compliance with Federal consumer financial law, supra.
    \426\ As noted above, the States have been active in regulation 
of money transmission by money services businesses. For example, 49 
States and the District of Columbia requiring entities to obtain a 
license to engage in money transmission, as defined by applicable 
law. Further, many States also actively examine money transmitters, 
including certain products and services they provide through 
general-use digital consumer payment applications. See, e.g., CSBS 
Reengineering Nonbank Supervision MSB Chapter at 4 (discussing how 
providers of digital wallets hold and transmit monetary value).
---------------------------------------------------------------------------

    To the extent that some providers of general-use digital consumer 
payment applications do not already know whether their transactions 
exceed the threshold, such nonbanks might, in response to the Final 
Rule, develop new systems to count their transactions in accordance 
with the proposed market-related definitions of ``consumer payment 
transactions,'' ``covered payment functionality,'' ``general use,'' and 
``digital application'' discussed above. The data that the CFPB had at 
the time of the Proposed Rule did not support a detailed estimate of 
how many providers of general-use digital consumer payment applications 
would engage in such development or how much they would spend, and 
commenters did not provide this information. Commenters also did not 
provide any estimates or data to support estimates. Regardless, 
providers of general-use digital consumer payment applications would be 
unlikely to spend significantly more on specialized systems to count 
transactions than it would cost to be supervised by the CFPB as larger 
participants.
    The CFPB notes that larger-participant status also depends on 
whether an entity is subject to the proposed small business exclusion. 
In certain circumstances, larger-participant status may depend on 
determinations of which SBA size standard applies, and by extension, 
which NAICS code is most applicable. Therefore, providers of general-
use digital consumer payment applications may choose to incur some 
administrative costs to evaluate whether the small business exclusion 
applies. However, providers would not need to engage in this evaluation 
if they could establish that their annual covered consumer payment 
transaction volume was below 50 million.
    It bears emphasizing that even if a nonbank market participant's 
expenditures on a new transaction counting system enabled it to 
successfully prove that it was not a larger participant (which, again, 
it would not need to do if it was a small business concern according to 
SBA standards), it would not necessarily follow that this entity could 
not be supervised under other supervisory authorities the CFPB has that 
this rulemaking does not establish. For example, the CFPB can supervise 
a nonbank entity whose conduct the CFPB determines, pursuant to CFPA 
section 1024(a)(1)(C) and regulations implementing that provision, 
poses risks to consumers.\427\ Thus, a nonbank entity choosing to spend 
significant amounts on a transaction counting system directed toward 
the larger-participant transaction volume test could not be sure it 
would not be subject to CFPB supervision notwithstanding those 
expenses. The CFPB therefore believes very few if any nonbank entities 
would be likely to undertake such expenditures.
---------------------------------------------------------------------------

    \427\ See 12 U.S.C. 5514(a)(1)(C); 12 CFR part 1091.
---------------------------------------------------------------------------

    Commenters on the Proposed Rule stated that providers of digital 
applications to make payments using cryptocurrency-assets may need to 
change their product design to capture data that would allow them to 
identify consumer payment transactions that would determine larger 
participant status under the Proposed Rule. However, because the Final 
Rule adopts a larger participant test based on the transfer of funds in 
consumer payment transactions denominated in U.S. dollars, those 
providers would not face the potential for those types of impacts.
    An industry association commented that the ambiguity of the 
proposal could cause firms to incur costs when assessing their larger 
participant status. The significantly higher threshold test of 50 
million annual transactions adopted in the Final Rule should 
substantially diminish the level of uncertainty compared to the 
proposal regarding an entity's larger participant status. Additional 
clarifications of the market in the Final Rule, including clarifying 
the definition of ``general use'' and limiting the definition of 
``annual covered consumer payment transaction volume'' to transactions 
denominated in U.S. dollars, should further facilitate the 
determination of whether an entity is a larger participant.

E. Potential Specific Impacts of the Final Rule

1. Insured Depository Institutions and Insured Credit Unions With $10 
Billion or Less in Total Assets, as Described in Dodd-Frank Act Section 
1026
    The Rule does not apply to insured depository institutions or 
insured credit unions of any size. However, as noted in the section-by-
section analysis of ``digital application'' above, it may apply to 
nonbank covered persons to the extent that they provide covered payment 
functionalities through a digital application of an insured depository 
institution or insured credit union. In addition, it might have some 
competition-related impact on insured depository institutions or 
insured credit unions that provide general-use digital consumer payment 
applications. For example, if the relative price of nonbanks' general-
use digital consumer payment applications were to increase due to 
increased costs related to supervision, then insured depository 
institutions or insured credit unions of any size might benefit by the 
relative change in costs. These effects, if any, would likely be small.

[[Page 99652]]

2. Impact of the Provisions on Consumers in Rural Areas
    Because the Rule would apply uniformly to consumer payment 
transactions that both rural and non-rural consumers make through 
general-use digital consumer payment applications, the Rule should not 
have a unique impact on rural consumers. The CFPB is not aware of any 
evidence suggesting that rural consumers have been disproportionately 
harmed by Federal consumer financial law noncompliance by providers of 
general-use digital consumer payment applications.
Comments Received
    The CFPB sought information from commenters related to how digital 
consumer payments affect rural consumers. A nonprofit associated with 
decentralized finance commented that rural communities in particular 
may benefit from digital payment technologies due to limited access to 
brick-and-mortar financial services and suggested that costs imposed by 
this Rule could limit rural communities' access to such technology. 
That commenter did not offer research to substantiate this assertion. 
In contrast, a nonprofit commented that 94 percent of their member 
webinar participants did not believe that digital consumer payments 
impacted rural consumers differentially. Several State attorneys 
general advocated for increased oversight in this market in part 
because they believe it would benefit in particular some consumers who 
rely on applications covered by this Rule and who do not use 
traditional banks and their bank-provided digital consumer payment 
applications.
Response to Comments
    The CFPB believes that both rural and non-rural consumers may 
benefit from general-use digital consumer payment applications as 
defined in the Final Rule. As discussed further above, the Bureau does 
not expect the costs imposed by this Rule to be high enough to impact 
the availability of this technology to consumers irrespective of 
whether they reside in rural or non-rural areas. Moreover, the Final 
Rule does not cover transactions in cryptocurrencies or stablecoins.

VIII. Regulatory Flexibility Act Analysis

    The Regulatory Flexibility Act (RFA), as amended by the Small 
Business Regulatory Enforcement Fairness Act of 1996, requires each 
agency to consider the potential impact of its regulations on small 
entities, including small businesses, small governmental units, and 
small not-for-profit organizations.\428\ The RFA defines a ``small 
business'' as a business that meets the size standard developed by the 
SBA pursuant to the Small Business Act.\429\
---------------------------------------------------------------------------

    \428\ 5 U.S.C. 601 et seq. The term `` `small organization' 
means any not-for-profit enterprise which is independently owned and 
operated and is not dominant in its field, unless an agency 
establishes [an alternative definition after notice and comment].'' 
5 U.S.C. 601(4). The term `` `small governmental jurisdiction' means 
governments of cities, counties, towns, townships, villages, school 
districts, or special districts, with a population of less than 
fifty thousand, unless an agency establishes [an alternative 
definition after notice and comment].'' 5 U.S.C. 601(5). The CFPB is 
not aware of any small governmental units or small not-for-profit 
organizations to which the Proposed Rule would apply.
    \429\ 5 U.S.C. 601(3). The CFPB may establish an alternative 
definition after consultation with SBA and an opportunity for public 
comment. As mentioned above, the SBA defines size standards using 
NAICS codes that align with an entity's primary line of business. 
The CFPB believes that many--but not all--entities in the proposed 
market for general-use digital consumer payment applications are 
primarily engaged in financial services industries. See, e.g., SBA, 
Table of Small Business Size Standards Matched to North American 
Industry Classification System Codes (eff. Mar. 17, 2023), sector 52 
(Finance and Insurance), at https://www.sba.gov/document/support--table-size-standards (last visited Oct. 26, 2023).
---------------------------------------------------------------------------

    The RFA generally requires an agency to conduct an initial 
regulatory flexibility analysis (IRFA) of any Proposed Rule subject to 
notice-and-comment rulemaking requirements, unless the agency certifies 
that the Proposed Rule would not have a significant economic impact on 
a substantial number of small entities.\430\ The CFPB also is subject 
to certain additional procedures under the RFA involving the convening 
of a panel to consult with small entity representatives prior to 
proposing a rule for which an IRFA is required.\431\
---------------------------------------------------------------------------

    \430\ 5 U.S.C. 605(b).
    \431\ 5 U.S.C. 609.
---------------------------------------------------------------------------

    In the Proposed Rule, the undersigned certified that the proposal 
would not have a significant impact on a substantial number of small 
entities (SISNOSE) and that an IRFA was therefore not required.

Comments Received

    The CFPB received comments from several industry associations and 
some Members of Congress suggesting that the RFA should include 
potential indirect effects on small merchants that allow consumers to 
use general-use digital consumer payment applications. Another industry 
association expressed support for the small business exclusion in the 
proposal, but objected to certification that the Rule would not result 
in a significant impact on a substantial number of small entities 
without providing a more comprehensive analysis of entities that would 
not qualify as larger participants due to the small business exclusion 
alone.\432\
---------------------------------------------------------------------------

    \432\ It added that in its view, notwithstanding the assessment 
in the Proposed Rule that it would not have a significant impact on 
a substantial number of small entities, the Small Business 
Regulatory Enforcement Fairness Act (SBREFA) review process still 
provides an informative tool to consider these types of issues. For 
the reasons discussed in part VII and this part VIII, the CFPB does 
not believe that discretionary application of the SBREFA review 
process is warranted here.
---------------------------------------------------------------------------

Response to Comments

    The Bureau notes that, in line with statutory requirements, the RFA 
analysis analyzes the potential impacts on small entities to which the 
Rule applies. Therefore, the CFPB declines the request by some 
commenters that the analysis of potential indirect effects be 
incorporated into the RFA analysis. However, the CFPB considered these 
potential impacts of pass-through costs on merchants that may be small 
business concerns in the cost-benefit analysis, as described in the 
1022(b) analysis above.
    Compared to the proposal, the Final Rule adopts in paragraph (b)(3) 
a significantly higher threshold of 50 million annual consumer payment 
transactions denominated in U.S. dollars. At this threshold, no entity 
for which the CFPB has complete transaction information indicating 
transaction volumes of at least 50 million annually would be excluded 
from larger participant status based on the small business concern 
exclusion.\433\
---------------------------------------------------------------------------

    \433\ See section-by-section analysis of threshold adopted in 
final rule, supra. The CFPB has complete transaction information for 
roughly two-thirds of known market participants.
---------------------------------------------------------------------------

    The Final Rule defines a class of providers of general-use digital 
consumer payment applications as larger participants of a market for 
general-use digital consumer payment applications and thereby 
authorizes the CFPB to undertake supervisory activities with respect to 
those nonbank covered persons. The Rule establishes a two-pronged test 
for determining larger-participant status. First, the Rule adopts a 
threshold for larger-participant status of at least 50 million in 
annual covered consumer payment transactions denominated in U.S. 
dollars in the previous calendar year. Second, the larger-participant 
test incorporates a small entity exclusion. As a result, larger-
participant status only applies to a nonbank covered person that, 
together with its affiliated companies, both meets the 50 million 
transaction threshold and

[[Page 99653]]

is not a small business concern based on the applicable SBA size 
standard. Because of that exclusion, the number of directly affected 
small business entities participating in the market that would 
experience a significant economic impact due to the Rule is, by 
definition, zero.\434\
---------------------------------------------------------------------------

    \434\ In addition, the CFPB is not aware of any nonprofit 
entities that would be larger participants under the Final Rule.
---------------------------------------------------------------------------

    Finally, CFPA section 1024(e) authorizes the CFPB to supervise 
service providers to nonbank covered persons encompassed by CFPA 
section 1024(a)(1), which includes larger participants.\435\ Because 
the Rule does not address service providers, effects on service 
providers need not be discussed for purposes of this RFA analysis. Even 
if such effects were relevant, based on the frequency with which the 
CFPB typically examines service providers of nonbank larger 
participants, the CFPB believes that it would be very unlikely that any 
supervisory activities with respect to the service providers to the 
approximately seven larger participants of the nonbank market for 
general-use digital consumer payment applications would result in a 
significant economic impact on a substantial number of small 
entities.\436\
---------------------------------------------------------------------------

    \435\ 12 U.S.C. 5514(e); 12 U.S.C. 5514(a)(1).
    \436\ Particularly in light of complexity in the applicable 
market, including how larger participants generally serve a variety 
of consumer populations across many States and facilitate very 
substantial volumes of consumer payment transactions for multiple 
types of recipients using multiple different payment methods, these 
firms typically would rely upon numerous service providers. However, 
as explained in its prior larger participant rules and as noted 
above with respect to the larger participants themselves, the 
frequency and duration of examinations that would be conducted at 
any particular service provider would depend on a variety of 
factors. Based on its experience conducting service provider 
examinations, the CFPB concludes that it is implausible that in any 
given year a substantial number of service providers that are small 
business concerns are subject to CFPB examinations. In any event, 
the impact of any supervisory activities at any small firm service 
providers can be expected to be less than at the larger participants 
themselves given the CFPB's exercise of discretion in supervision.
---------------------------------------------------------------------------

    The Final Rule adopts the Proposed Rule, with some modifications 
that do not lead to a different conclusion. Therefore, a final 
regulatory flexibility analysis is not required.

IX. Paperwork Reduction Act

    The CFPB has determined that the Final Rule does not impose any new 
recordkeeping, reporting, or disclosure requirements that would 
constitute collections of information requiring approval under the 
Paperwork Reduction Act, 44 U.S.C. 3501, et seq.

X. Congressional Review Act

    Pursuant to the Congressional Review Act,\437\ the CFPB will submit 
a report containing this rule and other required information to the 
U.S. Senate, the U.S. House of Representatives, and the Comptroller 
General of the United States prior to the rule taking effect. The 
Office of Information and Regulatory Affairs has designated this rule 
as not a ``major rule'' as defined by 5 U.S.C. 804(2).
---------------------------------------------------------------------------

    \437\ 5 U.S.C. 801 et seq.
---------------------------------------------------------------------------

List of Subjects in 12 CFR Part 1090

    Consumer protection, Credit.

Authority and Issuance

    For the reasons set forth in the preamble, the CFPB amends 12 CFR 
part 1090 as set forth below:

PART 1090--DEFINING LARGER PARTICIPANTS OF CERTAIN CONSUMER 
FINANCIAL PRODUCT AND SERVICE MARKETS

0
1. The authority citation for part 1090 continues to read as follows:

    Authority:  12 U.S.C. 5514(a)(1)(B); 12 U.S.C. 5514(a)(2); 12 
U.S.C. 5514(b)(7)(A); and 12 U.S.C. 5512(b)(1).


0
2. Add Sec.  1090.109 to subpart B to read as follows:


Sec.  1090.109  General-use digital consumer payment applications 
market.

    (a)(1) Market definition. Providing a general-use digital consumer 
payment application means providing a covered payment functionality 
through a digital payment application for consumers' general use in 
making consumer payment transaction(s) as defined in this subpart.
    (2) Market-related definitions. As used in this section:
    (i) Consumer payment transaction(s) means, except for transactions 
excluded under paragraphs (a)(2)(i)(A) through (D) of this section, the 
transfer of funds by or on behalf of a consumer who resides in a State 
to another person primarily for personal, family, or household 
purposes. The term applies to transfers of consumer funds and transfers 
made by extending consumer credit, except for the following 
transactions:
    (A) An international money transfer as defined in Sec.  
1090.107(a);
    (B) A transfer of funds by a consumer:
    (1) That is linked to the consumer's receipt of a different form of 
funds, such as a transaction for foreign exchange as defined in 12 
U.S.C. 5481(16); or
    (2) That is excluded from the definition of ``electronic fund 
transfer'' under Sec.  1005.3(c)(4) of this chapter;
    (C) A payment transaction conducted by a person for the sale or 
lease of goods or services that a consumer selected from that person or 
its affiliated company's online or physical store or marketplace, or 
for a donation to a fundraiser that a consumer selected from that 
person or its affiliated company's platform; and
    (D) An extension of consumer credit initiated through a digital 
application that is provided by a person who is extending, brokering, 
acquiring, or purchasing the credit or that person's affiliated 
company.
    (ii) Covered payment functionality means a funds transfer 
functionality as defined in paragraph (a)(2)(ii)(A) of this section, a 
wallet functionality as defined in paragraph (a)(2)(ii)(B) of this 
section, or both.
    (A) Funds transfer functionality means, in connection with a 
consumer payment transaction:
    (1) Receiving funds from a consumer for the purpose of transmitting 
them; or
    (2) Accepting from a consumer and transmitting payment 
instructions.
    (B) Payment wallet functionality means a product or service that:
    (1) Stores for a consumer account or payment credentials, including 
in encrypted or tokenized form; and
    (2) Transmits, routes, or otherwise processes such stored account 
or payment credentials to facilitate a consumer payment transaction.
    (iii) Digital payment application, for purposes of this subpart, 
means a software program a consumer may access through a personal 
computing device, including but not limited to a mobile phone, smart 
watch, tablet, laptop computer, or desktop computer. Examples of 
digital payment applications covered by this definition include an 
application a consumer downloads to a personal computing device, a 
website a consumer accesses by using an internet browser on a personal 
computing device, or a program the consumer activates from a personal 
computing device using a personal identifier such as a passkey, 
password, PIN, or consumer's biometric identifier, such as a 
fingerprint, palmprint, face, eyes, or voice. Operating a web browser 
is not an example of providing a digital payment application.
    (iv) General use, for purposes of this subpart, means usable for a 
consumer to transfer funds in a consumer payment transaction to 
multiple, unaffiliated persons, subject to an exception for a payment 
functionality provided through

[[Page 99654]]

a digital consumer payment application solely for the following:
    (A) Using accounts described in Sec.  1005.2(b)(3)(ii)(A), (C) or 
(D) of this chapter; or
    (B) To pay a specific debt or type of debt including:
    (1) Debts owed in connection with origination or repayment of an 
extension of consumer credit; or
    (2) Debts in default.
    (v) State means any State, territory, or possession of the United 
States; the District of Columbia; the Commonwealth of Puerto Rico; or 
any political subdivision thereof.
    (b) Test to define larger participants. A nonbank covered person is 
a larger participant of the general-use digital consumer payment 
applications market if the nonbank covered person met both of the 
following criteria during the preceding calendar year:
    (1) It provided annual covered consumer payment transaction volume 
as defined in paragraph (b)(3) of this section of at least 50 million 
consumer payment transactions; and
    (2) It was not a ``small business concern'' as that term is defined 
by section 3(a) of the Small Business Act, 15 U.S.C. 632(a) and 
implemented by the Small Business Administration under 13 CFR part 121, 
or any successor provisions.
    (3) Annual covered consumer payment transaction volume means the 
sum of the number of consumer payment transactions denominated in U.S. 
dollars that the nonbank covered person and its affiliated companies 
facilitated in the preceding calendar year by providing general-use 
digital consumer payment applications.
    (i) Method of aggregating the annual covered consumer payment 
transaction volume of affiliated companies. The annual covered consumer 
payment transaction volume of each affiliated company of a nonbank 
covered person is first calculated separately, treating the affiliated 
company as if it were an independent nonbank covered person for 
purposes of the calculation. The annual covered consumer payment 
transaction volume of a nonbank covered person then must be aggregated 
with the separately-calculated annual covered consumer payment 
transaction volume of each person that was an affiliated company of the 
nonbank covered person at any time in the preceding calendar year. 
However, if any two or more of these companies facilitated a single 
consumer payment transaction denominated in U.S. dollars, that consumer 
payment transaction shall only be counted one time in the aggregated 
annual covered consumer payment volume calculation. The annual covered 
consumer payment transaction volumes of the nonbank covered person and 
its affiliated companies are aggregated for the entire preceding 
calendar year, even if the affiliation did not exist for the entire 
calendar year.

Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2024-27836 Filed 12-9-24; 8:45 am]
BILLING CODE 4810-AM-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.