Continuing to flex its muscle, the CFPB has released its nine Consumer Protection Principles for new faster payment systems. While fintech companies providing payment services are not governed by the CFPB, they should pay careful attention to the CFPB principles as they may foreshadow future CFPB action. The CFPB historically has used its broad authority under Dodd Frank to regulate through enforcement, using the “unfair and deceptive” language of Dodd Frank to justify its authority to regulate and enforce practices that fall outside of its express jurisdiction and to expand requirements of other federal statutes.
The stated purpose of the CFPB principles is to further “safe, transparent, accessible and efficient, faster payment systems” without compromising certain consumer protection concerns. The principles contain concepts common to other federal statutory protections, including the Gramm Leach Bliley, Electronic Funds Transfer and Truth in Lending Acts.
- Consumer Control over Payments. New, faster systems should enable consumers to control the time period for which an authorization is valid, the amount and the payee. They should also include procedures allowing consumers to easily revoke authorization.
- Data and Privacy. Similar to the disclosures required by Gramm Leach Bliley, consumers should be informed as to how data will be transferred and used, who has access to the data, and the potential risks associated with electronic transfers.
- Fraud and Error Resolution Protections. New systems should contain robust consumer protections against “mistaken, fraudulent, unauthorized or otherwise erroneous transactions.” The CFPB suggests that systems should contain mechanisms for facilitating post-transaction evaluations and for reversing erroneous and unauthorized transactions quickly. Systems should “also provide consumers with regulatory protections, such as Regulation E and Regulation Z…”
- Transparency. The CFPB principles promote transparency with regard to real time status of transactions, as well as disclosures as to costs, risks, funds availability and security of payments.
- Cost. Fee structures need to be affordable and disclosed in a meaningful manner to allow consumers to compare the costs of different payment options.
- Access. Newer systems need to be broadly accessible and accepted including through non-depositories, including mobile wallet providers and payment processors.
- Funds Availability. Faster payments need to bring faster, guaranteed access to funds.
- Security and Payment Credential Value. Systems need to include built-in protections to detect and limit errors, unauthorized transactions and fraud and to safeguard and respond to data breaches.
- Strong Accountability Mechanisms that Effectively Curtail System Misuse. Commercial participants must be held accountable for “risks, harm, and costs they introduce to payment systems and are incentivized to prevent and correct fraudulent, unauthorized or otherwise erroneous transactions for consumers.”
In the accompanying release, the CFPB indicates its intent to continue working with other regulators, entities developing new payment systems, and other stakeholders to ensure these new systems address consumer needs and interests.