Privacy
CFPB Tightens Rules on Digital Wallets
Why This Alert Is Important
The CFPB's new rule extends federal supervisory oversight to large nonbank digital payment apps processing over 50 million transactions annually. This will allow the CFPB to make sure these app providers are protecting consumer data, preventing fraud, and addressing systemic risks in a rapidly growing sector. The CFPB will do this via regular supervisory examinations of the seven entities who currently exceed the 50 million transaction threshold.
Behind the Headlines
The Consumer Financial Protection Bureau (CFPB) has finalized a rule to supervise the largest digital payment platforms, marking a critical milestone in financial regulation. This rule targets nonbank companies that process over 50 million annual transactions, addressing the privacy and security gaps that have emerged as these apps become integral to daily commerce. Supervision does not impose new requirements, but it is a mechanism—long used in connection with banks—for a regulatory to review an entity's compliance with regulatory requirements.
The CFPB identified several areas of concern, including the vast amounts of consumer data collected by these platforms, the rising incidence of fraud, and the impact of account closures on consumers reliant on digital wallets for essential financial transactions. By expanding its authority to conduct proactive examinations, the CFPB aims to enforce compliance with federal consumer protection laws and preempt potential harms, such as unauthorized data collection or service disruptions. The rule, effective 30 days after publication in the Federal Register, is a significant step toward safeguarding the interests of millions of consumers.
Additional Effects of CFPB’s Rule
- This rule finalizes federal oversight of digital payment apps to bring them up to par with traditional financial institutions, signalling a shift in regulatory expectations for Big Tech companies operating in this space. It emphasizes the importance of privacy and data security, reinforcing the need for these platforms to implement clear consumer opt-out options for data collection, robust fraud prevention mechanisms, and transparent policies for account management.
- The rule also notes the CFPB's concerns with certain systemic issues, such as the risk of consumers losing access to their funds during account freezes or closures. Even if your app is not one of the seven covered by this rule, it nonetheless highlights the need to align operations with stringent regulatory requirements, including safeguards for data protection and fraud detection. Companies must ensure their systems can adapt to proactive regulatory examinations, which will require detailed tracking and auditing of data usage and customer interactions.
- For privacy professionals, the rule underscores the importance of staying ahead of regulatory developments. Organizations should evaluate their current privacy frameworks to ensure they are resilient enough to handle both compliance requirements and the dynamic risks of the digital payments industry.
Given the millions of Americans who use digital payment apps, increasing scrutiny of the tech companies that provide them is unsurprising. Any entity that provides a financial service, must be aware of applicable legal and privacy requirements, regardless of the type of institution it is (bank, fintech, or otherwise). While the CFPB will now examine the largest payment app providers, we expect state regulators to follow and examine smaller licenses. Those in this space should stay tuned for the CFPB to release results of its exams in its Supervisory Highlights, which will provide valuable insights into the problems the CFPB uncovers.
Data Privacy Tip
Start by understanding where and how data is stored, processed, and shared across your organization. Developing a robust data governance and mapping program can provide the foundation for compliance with evolving privacy regulations like this one. A focus on clear data workflows and responsive fraud prevention tools can not only help meet new regulatory expectations but also build trust with users. Download the whitepaper to learn more.