In an attempt to understand and position itself to respond to technological innovations that are occurring in the consumer financial services market, the Consumer Financial Protection Bureau (CFPB) recently issued a public request for information regarding the use by consumers of mobile electronic devices to access financial services and to manage their personal finances. The issuance of this request immediately preceded a CFPB field hearing held in New Orleans on the same topic.
Summary of the Information Request
In the preamble to its information request, the CFPB observes that mobile devices have become nearly ubiquitous among American consumers and that consumers are increasingly utilizing their mobile devices for banking and other financial services. According to the CFPB, mobile financial service applications are revolutionizing consumer financial services by reducing the costs of bill payment, checking, money transfers, and other services while increasing the availability and accessibility of such services. The CFPB also notes that innovative applications exist for mobile devices that enable consumers to consolidate and organize information about their various financial accounts, help them to understand and analyze their current financial conditions and historical behaviors, and assist them in setting and achieving their financial goals.
The CFPB seeks public comment about whether, and to what extent, these benefits also apply to economically vulnerable and underbanked consumers. For instance, it asks the extent that rural and other communities with few or no physical bank branches accessible to them tend to utilize their mobile devices to gain access to banking services. Similarly, it asks whether the availability of mobile banking will lead consumers in communities served primarily by payday lenders and other high-cost financial service providers to transition to lower-cost banking services. The CFPB also asks whether any barriers exist among economically vulnerable and underbanked consumers to accessing mobile financial services, such as the cost of mobile phones and the expense of data plans.
Furthermore, the CFPB solicits public comment about any risks to consumers that are associated with mobile financial services as well as any consumer protections that may be required to address those risks. The CFPB cites examples of such risks, which include the following.
The CFPB questions whether consumers' increasing use of mobile devices to conduct their banking activities will cause banks to decrease the numbers of their physical branches or the business hours of their branches, thereby limiting access to banking services among those consumers who either do not have access to mobile devices or choose not to use such devices for banking purposes.
The CFPB also observes that consumers may experience problems with their mobile devices or their mobile financial service applications, such as mechanical breakdowns, software bugs, or transaction errors, which they may not experience when they conduct transactions at physical branches. The CFPB is concerned that consumers may find that these problems are more difficult to report or fix when their relationships with financial service providers are automated and impersonal.
The CFPB notes that consumers who rely exclusively on their mobile devices to access financial services risk losing access to those services if their devices break, if they are misplaced or stolen, or if disruptions occur to internet or cellular telephone signals.
Finally, the CFPB remarks that many privacy and security risks are associated with the use of mobile financial services, including privacy risks arising from the collection, disclosure, and use of their personal information, and security risks arising from the theft and loss of their mobile devices and of the data that they transmit to service providers.
The mere fact that the CFPB is expressing an interest in mobile financial services should be cause enough for providers of existing services, as well as developers of new services, to analyze the designs and operations of their services and address any attendant risks or harms to consumers that they find. In assessing whether mobile financial services pose risks to consumers, providers and developers should look through the same lens as the CFPB does in its information request. In addition to assessing whether mobile consumer financial services comply with the letter of currently applicable laws and regulations, providers and developers of mobile financial services may want to consider the following:
- Whether they fully and accurately disclose to consumers the material terms and conditions of their services, and whether consumers can readily access and understand the disclosures prior to purchasing, signing up for, or otherwise engaging in the services;
- Whether they disclose, not only the costs of downloading mobile software applications that comprise the services, but also any subsequent costs that consumers must incur to subscribe to the services, to make "in-app" purchases, to engage in transactions, or to otherwise use the services;
- To the extent that money management services involve recommending particular financial products to consumers based upon their credit scores, transaction history, or financial goals, whether they clearly disclose to consumers the basis for the recommendations and, in particular, the existence of any business relationships or affiliations that might affect the impartiality of the recommendations;
- Whether the designs of the software applications and, in particular, any design choices aimed at streamlining or scaling down applications for ease of use in mobile devices renders any aspect of the services unfair or deceptive, including by rendering illegible, concealing, oversimplifying, or omitting required disclosures or the material terms or conditions of the services, or by obscuring the nature or consequences of consumers' decisions and actions within the applications;
- Whether the marketing of their services, in "app stores" and other locations, is accurate and not materially inconsistent with the terms and conditions of the services;
- Whether their services provide consumer rights and protections that are consistent with those of other financial products and services - such as the right of consumers to receive liability protection for unauthorized uses of their credit cards - and if not, whether the services disclose clearly to consumers any material differences in such rights and protections that exist vis-à-vis other products and services;
- Whether their customer support services, including technical assistance, error redress, fraud reporting, and complaint reporting, are available, adequately staffed, readily accessible, advertised, and appropriately attentive to consumer concerns;
- Whether they refrain from collecting, storing, sharing, or selling to third parties, consumers' personal or financial data without first clearly informing consumers of their policies for doing so and affording consumers effective choices as to whether to allow such practices to occur;
- Whether they take appropriate steps to secure any consumer financial data they collect and maintain, including through password protection, data encryption, physical safeguards, and by establishing and implementing breach notification and redress policies; and
- Whether they take affirmative steps to ensure that all the third parties that they rely upon to provide their services comply with applicable consumer financial protection laws.
At this point in time, the CFPB seems focused primarily upon gathering information. It is too soon to know whether, or to what extent, the CFPB's request for information portends any particular regulatory, supervisory, or enforcement actions involving providers of mobile financial services. Nevertheless, providers of mobile financial services should not wait to find out.