This edition of Fintech Flash identifies key issues we anticipate will impact the payments industry in 2024. First, the payments regulatory landscape continues to evolve, with a number of proposed rulemakings published by the Consumer Financial Protection Bureau (CFPB) within the past few months, and changes to Regulation II from the Board of Governors of the Federal Reserve System (Federal Reserve Board). The Credit Card Competition Act may also impact interchange rates and create other compliance obligations for credit card issuers. Finally, we anticipate enforcement actions will continue to increase at both the federal and state levels, particularly concerning bank-fintech relationships.

CFPB Rulemakings

  • Wallet Providers. Late last year, the CFPB released a notice of proposed rulemaking (NPRM) that would regulate large providers of digital wallets and payment apps similar to traditional financial institutions under certain federal consumer financial protection laws.1 The official comment period has ended, but on January 30, 2024, Republicans sent a letter to CFPB Director Chopra requesting that the CFPB reopen the comment period.2 In the NPRM, the CFPB uses its power under the Consumer Financial Protection Act (CFPA) to define a new market — a market for general-use digital consumer payment applications — and larger participants in the market would be subject to oversight by the CFPB. The proposed market would cover providers of funds transfer and wallet functionalities through digital applications for consumers' general use in making payments to other persons for personal, family, or household purposes. By defining this market, the CFPB will have the authority to regulate larger participants in such market, regardless of whether they are financial institutions.

    A provider is a larger participant under the NPRM if it provides general-use digital consumer payment applications with an annual volume of at least five million consumer payment transactions and is not a small business concern based on the applicable Small Business Administration size standard. Two types of functionality would be covered by the NPRM when offered by a larger participant: funds transfer functionality and wallet functionality. Larger participants providing covered services would be subject to federal consumer financial protection laws, which include applicable protections against unfair, deceptive, and abusive acts and practices, rights of consumers transferring money, and privacy rights. The CFPB has indicated that it believes this NPRM will "level the playing field" between traditional financial institutions and these larger participants subject to the NPRM.

  • Open Banking. As discussed in a previous Fintech Flash, on October 17, 2023, the CFPB published a long-awaited NPRM for its Proposed Financial Data Rights Rule, implementing Section 1033 of the Dodd-Frank Act.3 The proposed rule would require providers to share consumer data, such as transaction history, account balance, and upcoming billing, with customers themselves or third parties that the customers designate. This process of mandatory data sharing is known informally as "open banking." Director Chopra has indicated he intends to issue a final rule in fall 2024.

    We recommend financial institutions that maintain consumer financial data and fintech companies begin evaluating their existing ability to share and receive information and identify agreements that may need to be updated to reflect changes. This may include bank-fintech partnership agreements, consumer disclosures, and agreements with data aggregators.

  • Overdraft Services and Related Fees. On January 31, 2024, the CFPB published an NPRM that would prohibit covered financial institutions from charging consumers fees for instantaneously declined transactions. These types of fees are typically referred to as non-sufficient funds fees or NSF fees.4 Under the NPRM, charging NSF fees on covered transactions would constitute an abusive practice under the CFPA's prohibition on unfair, deceptive, or abusive acts or practices. Covered transactions would include one-time debit card transactions that are not preauthorized, ATM transactions, and certain peer-to-peer transactions, which the CFPB assumes will continue to be declined instantaneously or near instantaneously. The NSF fee NPRM is in addition to the CFPB's other January proposed rulemaking that would limit the ability of covered financial institutions to offer overdraft services and assess fees for such services.5 According to the CFPB, the NSF fee NPRM is intended to anticipate attempts by covered financial institutions to circumvent the overdraft lending NPRM's prohibitions by assessing other fees. Both NPRMs, if adopted as drafted, could significantly impact financial institutions' ability to offer overdraft services and assess fees for those services. The CFPB's research indicates these fee types provide significant revenue for many financial institutions, and the two NPRMs could impact these revenues.

    Comments to the NSF fee NPRM are due March 25, 2024. Comments to the overdraft services NPRM are due April 1, 2024.

Interchange Fee Changes

  • Regulation II Rulemaking. The Federal Reserve Board recently announced an extension to the comment period for its NPRM amending the interchange fee restrictions found in Regulation II (12 C.F.R. part 205) as well as implementing certain other technical changes to Regulation II, which implements the Durbin Amendment to the CFPA.6 Currently, Regulation II caps debit card interchange fees for large issuers at 21 cents (the base component) and five basis points multiplied by the value of the transaction (the ad valorem component) plus an additional one cent for fraud prevention. Under the NPRM, the base component would decrease to 14.4 cents, the ad valorem component would decrease to four basis points of the transaction, and the fraud-prevention adjustment would increase to 1.3 cents. The NPRM would also adopt a mechanism for the automatic adjustment of the three components of the interchange fee cap every two years without the Federal Reserve Board completing a rulemaking. Comments are now due May 12, 2024.

  • Credit Card Competition Act. Last year Sen. Richard Durbin (D-IL), who sponsored the Durbin Amendment to the CFPA, introduced the Credit Card Competition Act of 2023 (Credit Card Act).7 The Credit Card Act, which some refer to as "Durbin II," would amend the Electronic Fund Transfer Act to require the Federal Reserve Board to prescribe regulations relating to network competition in credit card transactions. Namely, the Credit Card Act would require the largest credit card-issuing financial institutions in the country, i.e., financial institutions with assets in excess of $100 billion, to enable at least two credit card networks to be used on their credit cards instead of just one, and at least one of those networks must be a network other than Visa or Mastercard. If enacted, the requirement that two networks be available could create competition among networks to offer lower interchange rates in order to compete with other networks. The Credit Card Act has received pushback from the financial industry, but merchant and consumer groups argue the Credit Card Act would result in lower interchange fees, thus benefiting merchants and consumers. These are the same arguments advocates made when supporting the original Durbin Amendment, but the results have been mixed. The Credit Card Act is currently before the Senate Committee on Banking, Housing, and Urban Affairs. We will continue to watch for developments.


We saw an increase in examinations and related enforcement actions at both the state and federal levels last year and anticipate continued action in this space. Regulators are increasingly scrutinizing bank-fintech partnerships as part of their examination process. Recent actions indicate regulators at both the state and federal levels expect financial institutions to closely monitor their fintech partners' compliance with financial services laws and evaluate the impact the fintech partner has on the financial institution's safety and soundness. This seems to be a natural development as more and more partnerships are maturing and more and more financial institutions are offering services to fintech companies. As previously discussed, it is imperative for both the financial institution and fintech company to consider the "what ifs" of such relationships at the beginning of the partnership.8 Taking this step at the beginning of the relationship can help mitigate risks associated with examinations and enforcement later.


1. CFPB, "Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications," 88 Fed. Reg. 80197 (Nov. 17, 2023),


3. CFPB Personal Financial Data Rights Proposal: What Are Your Obligations? | Insights & Resources | Goodwin (

4. CFPB, "Fees for Instantaneously Declined Transactions," 89 Fed. Reg. 6031 (Jan. 31, 2024),

5. CFPB, "Overdraft Lending: Very Large Financial Institutions," Proposed Rule (released Jan. 17, 2024),

6. Federal Reserve Board, "Debit Card Interchange Fees and Routing," 88 Fed. Reg. 78100 (Nov. 14, 2023),


8. Playing the 'What If' Game When Reviewing Fintech–Bank Partnership Agreements | Insights & Resources | Goodwin (

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.