On April 4, the CFPB published a new Issue Spotlight, titled “Banking in Video Games and Virtual Worlds” that analyzes the increased commercial activity within online video games and virtual worlds and the apparent risks to consumers—in this case, to online gamers. In particular, this report examines how “game assets” are being used and the associated risks, including the emergence of products or services that resemble traditional consumer financial products or services. 

Report’s Key Findings

• Games and game marketplaces and associated infrastructure increasingly resemble traditional financial products and services. According to the report, companies leverage players’ game assets, which include in-game currencies and virtual items, such as skins or cosmetic items, and crypto-assets, which can be transacted via in-game and external marketplaces, through person-to-person (P2P) transfers or buying and selling in-game goods and services, by providing services in the form of payment processing, money transmission, and even loans. Some games also allow consumers to convert game assets back to fiat currency.
• As game assets store greater amounts of value and their use becomes increasingly similar to that of money, there have also been increased reports of users losing access to game assets through hacking attempts, account theft, scams, and unauthorized transactions. Yet operators of game and virtual worlds do not appear to provide the kinds of consumer protections and data security protections that apply to traditional banking and payment systems.
• Game companies are collecting large amounts of data on players, tracking purchasing history, spending thresholds, and location data. Game companies have also become adept at monetizing behavioral, personal and biometric data. According to the CFPB, there is risk that gamers may be harmed when their data is sold, bought, and traded between companies, including for purposes outside of game play.

The Market Participants

• Market participants at the center of this report include the companies that publish traditional video games and virtual world platforms and marketplaces which permit buying and selling of in-game assets. The report also references crypto-assets which are commonly used in web3 offerings such as blockchain games and metaverses. The report references well-established and large technology companies that have either launched their own games, or acquired or invested in game companies that offer these products and services. Finally, the report also focuses on third-party systems (e.g., marketplaces and crypto exchanges) used by gamers to transfer game assets to another account or sell the assets for fiat currency. The report notes that these third-party systems collect a large amount of personally identifiable information including email addresses, game usernames, and log data, such as IP addresses and browser information. Yet, these systems have had a number of data breaches and hacks.

Note that the Issue Spotlight is not intended to impose any obligations or define any rights and is not intended as a CFPB interpretation of any regulation or statute.

How Evolutions in the Business Models of Games Has Led to CFPB Scrutiny

The business models of games has evolved significantly in recent times. Traditionally, game publishers operated a closed-loop economy. Gamers could spend fiat currency to purchase virtual currency which could be used to buy virtual items for in-game use only and there was no way to cash out any of those items. Under this model, game companies typically operate an inventory management system to manage the players’ inventory of game assets and license those assets only for use in the game for entertainment value, not player profit. Most video games still do not permit any cash out. However, a number of unauthorized marketplaces have arisen, where players can buy, sell and trade virtual currencies, virtual items, and even entire game accounts. Additionally, traditional video game models have evolved to include so-called creator economies, where players can create and sell game assets. Some of these creator economies enable users to earn real money from these creations. 

As the report suggests, from a financial regulatory perspective, these innovations minimally bring into play the potential application of money transmission and electronic funds transfer laws. Separately, any perceived weaknesses in a platform’s ability to address customer complaints fairly and timely inevitably raise the specter of regulatory claims alleging unfair, deceptive, and abusive acts and practices. 

A more significant evolution of business model of games has resulted from blockchain games and metaverses. Blockchain games and metaverses are often premised on play to earn business models. With blockchain games, the game assets are typically tokenized and represented as cryptocurrencies or non-fungible tokens (NFTs). With blockchain games, the game economy is decentralized whereby the crypto assets are owned and controlled by the players and can be freely bought, sold and traded via P2P wallet transfers or via crypto marketplaces. Additionally, the play to earn business model with blockchain games has led to other types of “financial” transactions, including staking, mining and lending of the game-based crypto assets. For example, players can earn passive income by lending their in-game items to other players for a fee. In some blockchain games, players form guilds to collaborate on game play, where often players can earn a profit by using the guild’s game assets to play the game.

Metaverses are a web3 version of virtual worlds. With metaverses, the game assets are also typically tokenized and the business model includes a creator economy. In metaverses, players buy tokens representing ownership of virtual land and build things or provide services on their land to earn money. Some players invest significant upfront capital to do this. 

This evolution of business models employed in games and virtual worlds apparently has led the CFPB to view elements of these models as being akin to traditional banking and payment services, including lending. 

Putting it into Practice and What Game Companies Should Do Now

With its latest Issue Spotlight, the CFPB continues to signal its commitment to monitoring non-traditional markets and go where financial products and services may be offered (regardless of infrastructure), to ensure compliance with federal consumer financial protection laws. The Bureau’s next steps following this report remain to be seen, although we could expect the agency to issue market monitoring orders to certain market participants as they did previously to large technology companies, “buy now, pay later” or BNPL providers, and large auto lenders (see our previous blogs posts on these orders here, here and here). In addition, the Bureau has not been shy about using its risk-based supervision authority to take a closer look at non-bank institutions that offer products that may pose a “risk to consumers” (see out previous blog post regarding the CFPB’s first public decision designating a nonbank lender for supervision based on the institution’s potential risk to consumers here).

While the CFPB has not set a timetable for its next move, game companies should carefully review this report, and analyze their current practices to identify any actions that they can take now to minimize risks that they run afoul of any issues on which the report focuses. This may include:

• assessing any potentially harmful practices for gamers, including financial losses due to theft and scams as a result of buying, selling, and trading of game assets;
• determining whether privacy rules are being adhered to and whether consumers, especially young ones and their parents, are fully aware of how their data is being collected and used across the industry, especially when this data is harvested and monetized without the user’s current awareness; and
• assessing whether their products and services are subject to various consumer financial services laws such as the Electronic Funds Transfer Act, BSA/AML, lending laws, and state money transmission requirements.