Earlier today, the Consumer Financial Protection Bureau (“CFPB”) released a series of consumer protection principles for the development of new payment systems (“Principles”). The CFPB’s stated purpose in releasing the Principles is to ensure that consumer interests remain top of mind throughout system development. According to the CFPB, the Principles are based on the CFPB’s experience in advocating for the development of faster and safer consumer payment capabilities, participation in the Federal Reserve's FedPayments Improvement initiative, and general engagement with payment system stakeholders.
The Principles, summarized below, are not prescriptive. Instead, the CFPB expressly acknowledges that there are myriad ways to incorporate the Principles in system development.
- Consumer control over payments: The system should be clear about what payment activity the consumer has authorized, and the consumer should be able to easily withdraw any such authorization.
- Data and privacy: Consumers should be informed about the system’s use of data about the consumer (e.g., how data is being transferred, how it can be used and who has access); consumers should have control over what data is transferred and whether third parties can access the data; data should be collected and used only in ways that benefit consumers; and the system should protect against misuse of the data associated with payment transactions.
- Fraud and error resolution protections: Payments should have robust consumer protections with respect to unauthorized and erroneous transactions; system architecture should create a forensic trail to facilitate post-transaction evaluation; systems should provide mechanisms to quickly reverse erroneous and unauthorized transactions; and systems should provide consumers with regulatory protections (e.g., protections under Regulation E and Z) and other appropriate safeguards.
- Transparency: Systems should include real-time access to information about the status of transactions, and consumers should receive timely disclosure of the costs, risks, funds availability, and security of payments.
- Cost: To promote ubiquity, payments should be affordable to consumers, and fees charged to consumers should be disclosed in a manner that allows consumers to comparison shop among available payment options and does not obscure the full cost of making or receiving a payment.
- Access: Systems should be broadly accessible to consumers, including access through qualified intermediaries and other non-depositories (e.g., mobile wallet providers and payment processors).
- Funds Availability: Systems should provide faster guaranteed access to funds.
- Security and payment credential value: Systems should have built-in protections to detect and limit errors, unauthorized transactions, and fraud, including safeguards to protect against and respond to data breaches, and should enable intermediaries to offer consumers enhanced security protections. Systems also should limit the value of consumer payment credentials (e.g., by tokenization).
- Strong accountability mechanisms that effectively curtail system misuse: The goals and incentives of stakeholders, including operators, participants, and end users, should align against misuse, and systems should have automated monitoring capabilities, incentives for participants to report misuse, and transparent enforcement procedures.
The CFPB appears to be issuing the Principles in response to the Federal Reserve’s stated strategy, from its January 2015 paper, entitled Strategies for Improving the U.S. Payment System, to work “with payment stakeholders to identify effective approach(es) to implementing a U.S. payments infrastructure to support a safe, ubiquitous, faster payments capability that promotes efficient commerce, facilitates innovation, reduces fraud and improves public confidence.” The Principles represent a veritable consumer “wish list” in a faster payment system: affordability, ubiquity, security, and end-user control. However, like the Federal Reserve’s desired outcomes articulated in its 2013 paper, entitled Payment System Improvement - Public Consultation Paper, the Principles must be balanced against the business case to develop a system that embodies the Principles. Notwithstanding their one-sidedness, the Principles provide insight into the CFPB’s perspective as it relates to the broader faster payments/payment system improvement discussion.
Note that providers of payment and payment-related products and services not otherwise subject to the CFPB’s supervisory authority will not be subject to the same simply by virtue of the CFPB’s release of the Principles. While payment and payment-related products and services may generally be viewed as consumer financial products or services under the Dodd-Frank Act, unless another basis applies, CFPB supervision would still require a “larger participant” rulemaking or a determination that a provider of payment products or services is engaged in conduct that poses risks to consumers with regard to providing consumer financial products or services. Providers of payment and payment-related products and services would, nonetheless, be subject to the CFPB’s enforcement authority as it relates to federal consumer financial protection law and unfair, deceptive, or abusive acts or practices (“UDAAP”).