Weekly Fintech Focus

• In a broad order, CFPB seeks information from big tech payment platforms about their products, practices, and customer data.
• CFPB cracks down on prison financial services company for unfair and abusive acts and practices.

CFPB Initiates Inquiry into Big Tech Payment Platforms

On October 21, 2021, the Consumer Financial Protection Bureau (CFPB) ordered six large technology companies—Google, Apple, Facebook, Amazon, Square, and PayPal—to provide information about their consumer payment services.

According to the accompanying statement by recently confirmed CFPB Director Rohit Chopra, “[l]ittle is known publicly about how Big Tech companies will exploit their payments platforms” and the CFPB’s inquiry “will help to inform regulators and policy makers about the future of our payments system.” The statement noted that the CFPB’s orders build on the efforts of the FTC to “shed light on the business practices of the largest technology companies in the world.” Chopra was an FTC commissioner before being confirmed as CFPB director last month.

The orders were issued pursuant to the CFPB’s statutory authority to monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services. The outcome of such inquiries is a report on the aggregated findings. The information may also inform future rulemakings by the CFPB.

Although the individual orders to the six companies were not disclosed, the CFPB published a generic model order. The order contains fifty-five questions seeking detailed information about each payment product or service that each company either currently offers or provides to consumers in the United States (or provided to consumers at any point since January 1, 2019).

The orders seek information on the following topics:

• Products: Information on specific payment products offered by each company, including features of the payment products, ways in which payment products are marketed to consumers and businesses, fees that may be charged to consumers and businesses, and plans for evolving the product over time.
• Data Harvesting: Information about the data that each company collects and retains as a result of consumers’ use of the products. The CFPB stated that it seeks to understand the kinds of data that each company generates from this product use data—for example, through combining it with externally-sourced data or with other data obtained from the company’s own operations or with data from both such sources. More generally, the CFPB stated that it seeks to understand the purposes associated with the harvesting of different data fields.
• Data Use and Monetization: Information on how each company monetizes the product data—including by improving service delivery to customers of the product, by selling the data directly, and by selling advertising or other targeted content based on attributes derived from the data.
• Access Restrictions: Information on the policies each company uses to manage access to each product for consumers and commercial entities. The CFPB stated that it seeks to understand whether—and, if so, how—each company encourages or requires users of other company products or services to use the product. The CFPB stated that it also seeks to understand how each company manages third-party involvement in product delivery. In addition, the CFPB stated that it seeks to understand the steps that each company takes to increase consumer use of its product relative to other payment products by restricting consumer access to such alternative payment products.
• Select Consumer Protections: Information on how each company addresses a number of aspects of consumer protection, including disclosures and other protections with respect to data practices about the product, the detection of fraudulent activities in connection with the product, methods for consumer users to address issues and problems concerning the products, and any accompanying obligations under Federal consumer financial law and applicable CFPB rules and regulations.
• Usage Data/Metrics: Product-use metrics and related information, including metrics on complaint handling.
• Organizational Structure: Information about the organizational structure of the company, as it relates to the products, during the relevant period.

The deadline for responses stated in the generic model order is December 15, 2021.

CFPB Issues Consent Order Against Prison Financial Services Company for $6 Million

On October 19, 2021, the CFPB issued a consent order upon its review of the practices of , a Florida-based company that provides financial services to prisons, jails, and inmates (the Company). Company was founded in 2002 as an electronic money-transfer service for inmates and their families who would use it to send money for items such as toothpaste, medical needs, and clothing. Company later expanded its business to dozens of states and more than 1,000 Departments of Corrections (DOCs) facilities. Specifically, Company contracted with various DOCs to provide formerly-incarcerated consumers with “Debit Release Cards” which contained the balance of funds owed to a consumer at the time of release from jail or prison, including the consumer’s own commissary or trust funds. The balance also included any “gate money,” which are financial entitlements provided pursuant to certain state or local law to ease transition for an individual reentering society after release from prison or jail.

The CFPB determined that with the exception of some instances in one state, consumers being released from a DOC facility had no choice but to receive the funds owed to them at the time of their release on a Debit Release Card, given that this product was designed to eliminate cash or check options previously offered by DOCs. Company was the exclusive provider of Debit Release Cards for these DOCs. Thus, consumers had no other choice but to establish a prepaid account with Company in order to receive their commissary or trust funds and their gate money. Additionally, consumers were charged transaction fees according to fee schedules Company negotiated with DOCs in 2011. In many jurisdictions, until 2018, the small-print cardholder agreements disclosed no mechanism by which consumers could close their card account and obtain the balance on their cards without paying fees. Therefore, consumers were effectively unable to avoid the associated fees since they were left without the ability to opt out of the Debit Release Card and receive their funds upon release by another method.

Additionally, the fees disclosed in the cardholder agreements were charged without authorization and, in some instances, the fees disclosed in the cardholder agreement were inconsistent with the provided “green sheets” (the disclosure provided to consumers in some jurisdictions along with their Debit Release Cards).

The CFPB found that Company “engaged in unfair and abusive acts,” in violation of the Consumer Financial Protection Act, by attaching fees to cards that people were required to receive as they left prison and that Company also deceived consumers about the fees. The CFPB also found that Company violated the Electronic Fund Transfer Act and its implementing regulation, Regulation E, by illegally requiring consumers to establish accounts with a particular financial institution as a condition to receive their government benefit (i.e., gate money). The consent order prohibits Company from charging fees on its Debit Release Cards, except after 90 days of inactivity. Company is also ordered to pay $4 million in consumer redress and a $2 million civil money penalty.

[View source.]