Welcome to the Fintech chapter of our annual report Consumer Financial Services 2023 Year in Review.

Looking Ahead to 2024

The CFPB is expected to finalize rulemaking authorizing supervision of payment application and digital wallet providers, with examinations of certain providers to follow.

The CFPB is expected to provide additional guidance on TILA's application to earned wage access (EWA) products.

Prudential regulators will continue to focus on risks arising from banks' failure to adequately supervise the activities and control environments of their nonbank partners.

The CFPB is expected to implement a rule requiring nonbanks subject to the CFPB's supervisory authority to "register each year in a nonbank registration system . . . information about their use of certain terms and conditions in form contracts for consumer financial products and services that pose risks to consumers."

In the News

CFPB Proposes Rule to Supervise Fintechs Offering General-Use Digital Consumer Payment Applications

In November, the CFPB proposed a rule to define a market for general-use digital consumer payment applications and wallets, invoking its authority under the CFPA to supervise, by rule, any nonbank covered person that the CFPB "has reasonable cause to determine by order . . . is engaging, or has engaged in, conduct that poses risk to consumers with regard to the offering or provision of consumer financial products or services." While the rule would not impose substantive new consumer protection obligations on market participants, it would authorize the CFPB to conduct examinations of providers of general-use digital payment applications with an annual volume of at least five million consumer payment transactions. The CFPB estimates that under the rule, approximately 17 companies would become subject to its supervisory jurisdiction. The CFPB has said it intends to exercise its supervisory authority for purposes of (1) assessing compliance with Federal consumer financial law, (2) obtaining information about such persons' activities and compliance systems or procedures, and (3) detecting and assessing risks to consumers and consumer financial markets.

Federal and State Regulators Grapple With EWA Products

In March, the U.S. Government Accountability Office (GAO) issued a report concerning EWA products that facilitate consumers' access to their accrued but unpaid wages. The report analyzed four fintech products, including EWA products. Although the cost of EWA products is often less than the typical costs associated with payday loans, the products pose risks to consumers because of a lack of transparency around costs, consumers' dependence on accessing wages early, and inaccurate wage estimations. The report notes that despite the CFPB's 2020 advisory opinion, some industry groups, including the Financial Technology Association and the National Association of Consumer Credit Administrators, have "expressed continued uncertainty about how the Truth in Lending Act and Regulation Z apply to" EWA products. The GAO concluded its report by recommending that the CFPB "issue clarification on the application of the Truth in Lending Act's definition of 'credit' for earned wage access products." The CFPB had previously issued an advisory opinion in November 2020 that EWA products with certain features were not "credit," but it has since expressed concern that the advisory opinion is being misread by the industry. In November, the CFPB stated that it "plans to issue further guidance to provide greater clarity concerning the application of the Truth in Lending Act in this market." The question of when EWA products constitute a "loan" or "credit" has also manifested itself at the state level. Last year, California proposed regulations that would require companies that offer EWA products to register with the DFPI or obtain a license and would require that charges, including tips and fees to speed up payments, not exceed 5% per transaction. At the other end of the spectrum, the Montana Division of Banking and Financial Institutions issued an opinion in December that EWA products are not "consumer loans" or "deferred deposit loans" under Montana law and thus do not require licensure by the Montana Division of Banking and Financial Institutions.

OCC Risk Perspective Report Covers Third-Party Relationships with Fintechs

In December, the Office of the Comptroller of the Currency (OCC) issued a report discussing key risks facing the federal banking system. The report addresses a variety of operational and compliance risks associated with bank–fintech partnerships. For example, the OCC states that effective management and oversight are critical for third-party relationships, and that management processes for bank–fintech partnerships should "be commensurate with the size, complexity, and risk profile of the bank and with the nature of the third-party relationship." Additionally, the report suggests that banks should "engage in more rigorous oversight of third-party relationships that support higher-risk and critical activities" and "maintain talent management strategies to ensure sufficient resources and subject matter expertise to implement critical controls." The OCC further points to compliance risks associated with fintech partnerships, as fintech firms "may be providing services to other fintech firms without appropriate controls."

CFPB Issues Report Regarding Tap-to-Pay Payments

In September, the CFPB issued a report about the role of Big Tech in contactless payments. The CFPB explained that as contactless payments on mobile devices become increasingly available to mobile users, tech companies are able to play a more powerful role in determining the payment options available to consumers. In preparing the report, the Bureau analyzed point-of-sale payments "in the context of mobile operating systems to better understand the state of platform interoperability in payments." The CFPB determined that consumers' use of tap-to-pay options in the United States has grown rapidly in recent years, with an estimated $300 billion-plus spent on purchases through Apple Pay, Google Pay, and Samsung Pay in 2022. The report also pointed out that both Apple and Google have established terms that govern and often restrict developers' ability to integrate "near field communication technology" (NFC), which is required to execute tap-to-pay transactions, into their applications. This practice restricts tap-to-pay payments for third-party applications such as PayPal and Venmo. The CFPB concluded that restrictions on NFC technology — and thus tap-to-pay options for consumers — "inhibit choice and innovation in consumer payments . . . [and] increase roadblocks to open banking . . . potential" in the United States.

Newsom Signs California Digital Financial Assets Law

In October 2023, California Governor Gavin Newsom signed Assembly Bill 39 and Senate Bill 401 into law — together, the Digital Financial Assets Law (DFAL). The DFAL provides the DFPI with rulemaking authority to ensure that the regulatory framework for the DFAL is tailored to address industry trends and to mitigate consumer harm. Beginning on its effective date of July 1, 2025, Assembly Bill 39 will prohibit a person from "engaging in digital financial asset business activity, or holding itself out as being able to engage in digital financial asset business activity, with or on behalf of a resident unless any of certain criteria are met, including the person is licensed" with the DFPI. The term "digital financial asset" is defined in part as a "digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender." Senate Bill 401, in turn, governs "digital financial asset transaction kiosks" and provides that any kiosk operator must provide the DFPI with a list of all kiosk locations owned, operated, or managed in California by the kiosk operator. Senate Bill 401 further mandates that by January 1, 2024, a kiosk operator may not dispense or accept more than $1,000 in a day to or from a customer via kiosks and must provide a customer with a receipt that includes specified information for any transaction made at the kiosk.

2023 Enforcement Highlights

FDIC Enters into Consent Order with Bank Over Fair Lending Concerns

In April, the Federal Deposit Insurance Corporation (FDIC) announced that it had entered into a consent order with Cross River Bank to resolve allegations that the bank engaged in unsafe or unsound banking practices related to its compliance with fair lending laws and regulations. The FDIC claimed that Cross River Bank failed to establish and maintain "internal controls, information systems, and prudent credit underwriting practices" in conformance with applicable law in connection with its oversight of fintech lending partners. The consent order requires Cross River Bank to institute substantial due-diligence policies and procedures and obtain approval from the FDIC before entering into any new fintech partnership. Additionally, the consent order mandates that the bank perform a fair lending risk assessment to improve its third-party risk management compliance programs and its fair lending policies, procedures, and processes.

Fintech Lender Settles with State Regulators Over Tip and Donation Requests

In May, a fintech offering peer-to-peer lending entered into three consent orders with regulators from the District of Columbia, California, and Connecticut concerning the alleged practice of using tips and donations to disguise interest charges. The fintech operates a platform that facilitates loans between its members, who can borrow and lend on the platform. Potential borrowers may offer a tip, calculated as a percentage of the requested loan amount, to prospective lenders, and the fintech allegedly asked borrowers to pay an optional donation prior to initiating a loan request. In its consent order, the District of Columbia alleged that the fintech engaged in deceptive practices by disguising the true cost of the peer-to-peer loans and by facilitating loans with an average interest rate that exceeds the District of Columbia's usury cap. The consent order issued by the California DFPI alleges that borrowers were incentivized to offer the maximum tip and donation amounts and that the majority of borrowers did so. The consent order further alleges that the fintech's pop-up messaging "prompting the [b]orrower to pay a donation to [the fintech] for providing the [p]latform" could not be disabled without finding a "buried" setting on the platform. Finally, the Banking Commissioner of Connecticut alleged that the fintech engaged in deceptive practices by "brokering" small loans without the required licenses. The fintech agreed to pay a $30,000 fine in the District of Columbia, a $50,000 file in California, and a $100,000 fine in Connecticut.

California Superior Court Denies Preliminary Injunction Against Fintech

In October, a California Superior Court issued an order denying the DFPI's motion for preliminary injunction that sought to enjoin Opportunity Financial LLC (OppFi) from facilitating loans to California borrowers from its partner bank at interest rates higher than the interest rate cap imposed by the California Financing Law (CFL). OppFi's platform allows banks to provide access to "simple short-term lending products for consumers whom traditional lenders may otherwise turn away in light of their credit profile." The court determined that the DFPI had not shown a reasonable probability of prevailing on the merits of the litigation, concluding that, to the extent that loans originated from OppFi's partner bank had permissible interest rates at the time the loans were made, the fact that the bank sold, assigned, or otherwise transferred the loans to the fintech should not make the loans usurious.

CFPB Enters into Consent Order with Nonbank Remittance Transfer Provider Over Misleading Advertisements

In October, the CFPB entered into a consent order with a nonbank that provides international money transfer services to consumers through its mobile application. The Bureau claimed that the remittance transfer provider made false and misleading statements in advertisements regarding the speed of remittance transfers by asserting that transfers would be delivered "instantly" or "within seconds" and misrepresented to consumers the cost associated with sending remittance transfers. The Bureau alleged that the nonbank violated the CFPA by misrepresenting the speed and cost of remittance transfers to consumers and violated the EFTA by (1) failing to provide required information in disclosures, including the date of fund availability and exchange rate; (2) failing to provide timely disclosures; and (3) failing to promptly investigate and determine whether an error had occurred. Under the consent order, the nonbank agreed to pay a civil money penalty of $1.5 million to the Bureau and $1.3 million in redress to affected consumers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.