The Consumer Financial Protection Bureau (“CFPB”) this week shed new light on the growing mobile financial services sector, publishing a report compiling responses to its 2014 request for information on these services.

The CFPB’s Office of Financial Empowerment issued a Request for Information (“RFI”) on June 11, 2014, regarding mobile financial services. The RFI’s stated purpose was to help the CFPB “understand better the potential for mobile financial services to help underserved consumers – including low-income, unbanked, underbanked and economically vulnerable consumers – access financial services.” Thus, the focus of this week’s report is on the challenges and opportunities of using mobile financial services to aid that population.

The RFI did not include “point of sale” payments – a technology used in mobile payment systems such as Android Pay and Apple Pay – except insofar as such systems are marketed or used by underserved customers.

The new CFPB report, issued Nov. 4, found that mobile financial services present a mixed bag of benefits and risks to consumers. The report cited comments that “mobile financial services is not a panacea or a silver bullet” for customers facing “fundamental financial issues.” The report pointed to a “general consensus . . . that for mobile financial services to effectively reach underserved consumers, the mobile channel must be paired with consultative or assistance services, at least in the short-term.” Additionally, the report noted emerging security and privacy issues arising from mobile financial services, and mentioned some commenters’ call for new regulations on data privacy issues.

In defining mobile financial services, the CFPB referred in its Nov. 4 report to commenters’ statements that mobile financial services are not “discrete” banking services and products per se, but a “channel” by which such services and products may be accessed. “Both consumer and some industry groups,” the report stated, “cautioned that using the mobile channel should not be viewed as a replacement for accessing products and services via other, more traditional channels.” By suggesting that mobile financial services are derived from more traditional services, the report possibly indicates that the CFPB will take a more “traditional” approach to regulating mobile financial services.

A number of different applications of mobile financial services were cited in the report, including: mobile banking, which encompasses Mobile Remote Deposit Capture technology allowing consumers to take a photo of and deposit a check remotely via their mobile device; personal financial management tools, which aggregate financial information and track spending and savings; text messaging; mobile banking applications; prepaid accounts, which may be managed via mobile phone; mobile payments; mobile carrier billing, which allows consumers to charge goods or services directly to a mobile phone; and mobile person-to-person transfers.

Some advantages of mobile financial services to aid the underserved cited in the report included the ability to perform banking transactions during nontraditional banking hours, and the ability to cash checks without the use of expensive check-cashing agencies. A major barrier cited was the need to educate underserved populations on how to use mobile financial services since many are elderly or reside in rural communities where use of technology, such as the Internet, is lower than in the general population. These distinct issues demonstrate the complexity of determining how an agency such as the CFPB can play a role in making these services more accessible to the targeted population.

The report identified a number of potential security and privacy risks from mobile financial services that are common to the general population, not only to the underserved. Some examples include hacking, data breaches and identity theft. One commentator noted that “even if the number of attacks on mobile financial services is much lower than on online services, we must understand this will not last forever.” Similarly, the privacy concerns raised are common to the general population, such as harvesting data via mobile applications and use of it by data brokers and lead generators. It cited previous Federal Trade Commission findings that “when data is sold to data brokers and other entities, often outside the protections of specific privacy laws, questions arise regarding how this data may be used to either benefit or disadvantage low-income and underserved communities.”

The report also cited comments suggesting regulatory “gaps” in the data privacy area and a call by one commenter for the Bureau to “go beyond” the Gramm-Leach-Bliley Act and Fair Credit Reporting Act data-sharing provisions. Again focusing on underserved communities, the report cited concerns that “geographic-based targeting, combined with data profiling predictive analytics, can lead to potentially discriminatory practices, e.g., denial of credit to certain segments, which further sub-divide a neighborhood based on race, ethnicity, income, buying behaviors, and other factors.” Given that it is the Office of Empowerment that is seeking this information, it would not be unexpected that, if it chooses to regulate mobile financial services, it would address potential mobile banking “redlining.”

Commenters viewed the effect of mobile financial services on access to banking as both a potential positive and negative. While mobile financial services “provide[ ] an opportunity to replace and supplement the ‘vanishing branch network’ in low income neighborhoods” and “could help maintain access to mainstream financial services,” consumer groups stated that “there is an ongoing need for some physical, in-person presence.” Specifically, underserved customers may prefer the customer service benefits of in-person encounters. Accordingly, commenters cited in the report “pointed to the ongoing need for free customer service via phone” when mobile financial services are used.

While the report does not suggest that a new rulemaking on mobile financial services is set to occur, the CFPB has previously indicated that it may consider regulations in this area. In a September 11, 2014, speech at the Consumer Advisory Board Meeting, CFPB Director Richard Cordray stated that there is a “need to make sure that the legal and regulatory framework can keep up effectively, so that all consumers can be well served and remain protected, whether they are opening their wallet or scanning the screen on their smartphone.”