Use of CFPB's "Dormant" Authority May Mean More Name & Shame
Use of CFPB's "Dormant" Authority May Mean More Name & Shame
OCC Wants Stablecoin Standard, 2nd Country Adopts Bitcoin as Legal Tender, Senators' Zelle Fraud Concern,
Hey all, Jason here.
I’ve noticed a big influx of new readers lately — so, first of all, thank you for subscribing!
For new readers who may have missed it, I’m continuing to donate 15% of net subscription revenue to causes on a rolling basis (usually, financial health-related organizations.)
This morning, I made a donation to the UN’s Ukraine Humanitarian Fund, funded by subscriptions from the last two months — thank you to everyone who signed up for a paid subscription!
The next organization I’ll be supporting is the Accion Opportunity Fund, which is a financial support system for small businesses that advances racial, gender, and economic justice for all.
Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:
New York City’s Largest Fintech Event Is In Just Three Weeks
Sponsored content: In just 3 weeks' time, LendIt Fintech USA returns to the Javits Center for two days of learning and networking. This is the event for fintechs, banks and investors seeking to stay abreast of the latest fintech developments and build the relationships necessary to drive innovation. Key topics include digital banking, Web3, green fintech, consumer lending, embedded finance and much more.
Time is running out to confirm your participation — save 20% on your pass with the code MEDIA15_FBW.
CFPB’s Expansion of Nonbank Supervision Takes Aim at Fintech, Big Tech
Move May Result In More Use of “Name and Shame”
Last week, the CFPB announced its intention to make use of a “dormant” authority to examine nonbank entities that “pose a risk” to consumers.
This has the potential to considerably expand the scope and type of companies and products the CFPB supervises, including serving as a backdoor mechanism to use the consumer protection agency to carry out anti-trust policy — something Director Chopra hasn’t exactly been subtle about.
Simultaneously, the agency issued a procedural rule purportedly “to increase the transparency of the risk-determination process.”
The new procedural rule, which, the agency argues, is exempt from the notice-and-comment process typically required by the Administrative Procedures Act, enables the CFPB director to unilaterally release information, in whole or in part, surrounding the agency’s decision on whether or not to designate a given nonbank as “posing a risk” to consumers.
To better understand what this means in practice, it’s worth quickly revisiting what entities the CFPB is typically understood to have supervisory authority over. Note that its supervisory authority is distinct and narrower in scope than the agency’s enforcement authority; the CFPB is empowered to investigate and determine whether any company has engaged in conduct that violates Federal consumer financial law.
Dodd-Frank clearly spells out that the CFPB has supervisory authority as it relates to consumer protection over depository institutions with more than $10 billion in assets.
For nonbanks, the CFPB explicitly has supervisory authority over all entities, regardless of size, in the mortgage, private student loan, and payday loan industries.
An additional category gives the CFPB supervisory power over nonbank “larger participants” in the market for financial services, which includes certain entities in the consumer reporting, debt collection, student loan servicing, remittances, and auto loan servicing industries.
Many Fintechs Fall Outside of CFPB’s Supervisory Authority
However, for depository institutions with less than $10 billion in assets, their prudential regulator (OCC, FRB, or FDIC) also has supervisory authority over consumer protection matters.
In practice, this means popular partners for fintechs — banks like Bancorp, Coastal Community, Green Dot, Web Bank, Blue Ridge, etc. — are not supervised by the CFPB.
By extension, fintechs that partner with these smaller banks — which are legally considered vendors or service providers of those banks — don’t fall under the CFPB’s supervisory authority. Rather, for consumer protection matters, they would be overseen by their partner bank’s prudential regulator.
Fintechs that don’t rely on bank partners and Big Tech companies (Apple, Google, Amazon, Facebook) offering consumer finance products would also generally sit outside of the CFPB’s supervisory authority (with the exceptions noted above).
CFPB’s “Dormant” Authority
In last week’s announcement, the CFPB is attempting to expand its authority to supervise companies offering consumer financial products that aren’t explicitly part of its mandate.
To be fair to the CFPB, Dodd-Frank was drafted in the wake of the 2008 financial crisis and went into effect in 2010 — long before the consumer fintech boom we’re in today began (and, in some ways, Dodd-Frank enabled that boom, but that’s another story).
Now, the CFPB is attempting to use this additional category of supervision — “nonbanks whose activities the CFPB has reasonable cause to determine pose risks to consumers” — to expand its scope, including to supervise ‘fintech’ and ‘Big Tech’ entities.
What ‘risks’ might justify bringing a nonbank entity under the CFPB’s jurisdiction? According to its announcement (emphasis added):
“Such risky conduct may involve, for example, potentially unfair, deceptive, or abusive acts or practices, or other acts or practices that potentially violate federal consumer financial law.
The CFPB may base such reasonable cause determinations on complaints collected by the CFPB, or on information from other sources, such as judicial opinions and administrative decisions. The CFPB may also learn of such risks through whistleblower complaints, state partners, federal partners, or news reports.”
Possible targets for supervision include neobanks like Chime, companies offering wallet products, like Apple and Google, and peer-to-peer payments companies, like Block (formerly Square) and PayPal/Venmo.
The combination of the required grounds for supervision here — that a company’s action poses a risk to consumers — coupled with the new procedural authority to publicly identify and release information about these companies seem to be setting the stage for continued use of the CFPB’s bully pulpit, something that has become increasingly common under Director Chopra.
While the CFPB is understandably attempting to leverage the tools it has available, there are some serious flaws and risks in this approach.
The authority here is to regulate individual companies based on potential risks to consumers — a significant departure from regulating categories of product / company.
Targeting individual companies, rather than sectors or categories of products, runs the risk of further politicizing the regulatory environment. This is particularly true, given that the agency’s Director is now able to be removed by the President at will and thus less insulated from political pressure.
One can imagine the reaction if the Trump-era CFPB used this power against, say, Amazon, regardless of the underlying merits of the consumer risk claims.
Further, targeting its authority to individual companies, coupled with the implied threat to name the company and publicly release its risk factors, reads a bit like blackmail: agree to the CFPB’s jurisdiction, or it will name and shame you.
This approach is a significant departure from the idea of confidential supervisory information and is likely to erode companies’ relationships with the CFPB and, potentially, other regulators, if they’re concerned information made available as part of the previously confidential regulatory process will be made public.
Each entity the CFPB attempts to bring under supervision using this mechanism will require a discrete administrative process — something that is time consuming and resource intensive, especially if the agency is going after well-funded adversaries.
Hints from Chopra’s Congressional Testimony
The day after news of its intention to leverage its “dormant” authority to regulate nonbank entities that pose a risk to consumers, the CFPB’s director testified before the Senate banking committee.
Director Chopra’s testimony gave some hints of potential targets of this authority as well as speaking to other relevant topics.
Specifically, Chopra’s written testimony spoke to the agency’s goals of promoting competition, including via timely rule making for “1033” to implement open banking requirements, and of “preparing for the era of big tech and big data in banking.”
Notably, his testimony explicitly drew comparisons to the perceived risks of Chinese “super apps” Alipay and WeChatPay, stating (emphasis added):
“Currently, the United States is lurching toward a consolidated market structure where finance and commerce co-mingle fueled by uncontrolled flows of consumer data. This is the market structure that has emerged in China, where Alipay (operated by Ant Group, formerly known as Alibaba) and WeChatPay (operated by Tencent) predominate. Alipay is part of the same conglomerate that dominates e-commerce, and WeChatPay is connected to the dominant messaging app.
These super-apps have access to an extraordinary set of data about consumers and businesses, including financial businesses that they may compete with. Over the last several years, Chinese tech and finance giants have developed so-called “social scoring” that goes beyond credit performance and relies on analyzing user habits unrelated to credit and banking.
The outsized influence of such dominant tech conglomerates over the financial services ecosystem comes with risks and raises a host of questions about privacy, fraud, discrimination, and more. The CFPB is currently studying these issues first as part of our inquiry into Big Tech’s entry into consumer payments in the United States.
The agency has issued a set of orders to Google, Facebook, Amazon, Apple, PayPal and Block (formerly Square) to further understand key issues on their plans for consumer payments. We expect to issue reports on our research to contribute to the critical policy discussions about the future of consumer finance and relationship banking in our country.”
Beyond the obvious and somewhat misleading Chinese fearmongering, Chopra’s statements and, presumably, the forthcoming reports lay the groundwork for presenting Big Tech’s push into financial services as anti-competitive.
While these companies’ entrance into the financial services space does pose risks, “competition” isn’t really one of them. Consumer banking has come to be dominated by a handful of mega-banks like JP Morgan Chase, Bank of America, Wells Fargo, and Citibank.
Fintech and, to a lesser extent (currently anyway), Big Tech represent the best-positioned companies to compete with today’s mega-banks.
OCC’s Hsu Says Stablecoin Standard Needed
Following an appearance at an event last week, acting Comptroller Michael Hsu made the following statement, arguing that emerging technologies, including stablecoins, need to have defined, common standards, including interoperability.
His statement said (emphasis added):
“Well-designed standards can promote inclusive and responsible innovation. Take the internet, for instance. The technical foundations of the internet provide for an open, royalty-free network — something we take for granted today. Those foundations did not emerge on their own. They were developed by standard setting bodies like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium), which had representatives with differing perspectives, a shared public interest ethos, and a strong leader committed to the vision of an open and inclusive internet.
Emerging technologies such as AI and stablecoins enable transactions in blockchain-based systems. Stablecoins lack shared standards and are not interoperable.
To ensure that stablecoins are open and inclusive, I believe a standard setting initiative similar to that undertaken by IETF and W3C needs to be established, with representatives not just from crypto/Web3 firms, but also including academics and government. My conversation today with Deputy Secretary Graves underscored that need and reflected the willingness of governmental bodies like NIST and the OCC to engage in such efforts.”
Stablecoins arose as a sort of work around for a specific challenge: moving money between volatile cryptocurrencies, like bitcoin, and fiat currency. The “on- and off-ramps” necessary to move between these required interfacing with the traditional banking sector, including its legal and compliance procedures and antiquated money movement mechanisms like ACH.
Stablecoins solved for this by allowing users to hold something that looked like dollars (or euros, pounds, yen, etc.) “on chain.”
But, the approaches stablecoin issuers have taken to backing their coins vary widely.
Some are backed 1:1 by dollars held at commercial banks, some have taken those dollars and invested them in debt of varying duration and risk, and others have no backing assets at all, but instead use algorithms to balance supply and demand to maintain a peg to the dollar.
Further, the availability of a specific stablecoin may vary by blockchain (eg, Bitcoin, Ethereum, Solana, Avalanche, etc.)
The result is balkanized ecosystem where, despite USD-linked stablecoins all purporting to have identical value, their backing and utility may vary considerably.
By way of comparison, imagine if the “dollar” you held in your account at Chime had an entirely different basket of assets backing it than a “dollar” at Chase (in fact, this actually is the case, but prudential regulation and deposit insurance abstracts this risk for depositors with less than $250,000) — and that the two operated on different sets of networks and weren’t always interoperable. You get the idea.
Commercial bank deposits, even where the backing assets are different, can be treated equivalently, and are linked by common networks like ACH and FedWire.
For stablecoins to gain widespread acceptance beyond their current crypto-trading use cases, they need to be safe, equivalent, and interoperable.
There are multiple paths to getting there; for instance, an issuer that fully reserves against the stablecoins it issues arguably should need different/less regulation than an issuer that fractionally reserves against the stablecoins it has issued.
Hsu’s comments echo statements from last November’s President’s Working Group Report on stablecoins, which stated (emphasis added):
“In particular, with respect to stablecoin issuers, legislation should provide for supervision on a consolidated basis; prudential standards; and, potentially, access to appropriate components of the federal safety net.
The legislation would prohibit other entities from issuing payment stablecoins.
Legislation should also ensure that supervisors have authority to implement standards to promote interoperability among stablecoins.”
Sens. Flag Zelle Fraud Concerns
Peer-to-peer payment apps have been in the spotlight lately — and not in a good way. Venmo and Cash App had their turn early in the pandemic, now, it seems, it’s Zelle’s turn.
Zelle is an interesting case compared to the other two major P2P apps in that it is owned and operated by Early Warning Services, which, in turn, is owned by seven of the largest banks: Bank of America, Capital One, JPMorgan Chase, Truist, U.S. Bank, PNC, and Wells Fargo.
In their letter to Early Warning, Democratic Senators Elizabeth Warren, Robert Menendez, and Jack Reed highlighted “disturbing reports” of a rise in fraud — and banks’ frequent refusal to reimburse customers who are the victims of fraud.
The Senators’ letter to Early Warning stated (emphasis added):
“Alarmingly, both your company and the big banks who both own and partner with the platform have abdicated responsibility for fraudulent transactions, leaving consumers with no way to get back their funds. Zelle’s biggest draw — the immediacy of its transfers — also makes scams more effective and ‘a favorite of fraudsters,’ as consumers have no option to cancel a transaction even moments after authorizing it.
And banks have chosen to let consumers suffer, blaming them for authorizing fraudulent transactions. According to Consumer Watchdog, banks were essentially “throw[ing] up their hands and say ‘it’s not our problem because you authenticated it.’”
A former executive at your company even argued that banks have not done enough to deter fraud on Zelle, warning that banks had not sufficiently educated consumers about the risks. One customer observed that ‘it’s like the banks have colluded with the sleazebags on the street to be able to steal.’”
The letter also highlights that the CFPB has previously argued that Reg E, which implements the EFTA, protects defrauded users — even “those who were ‘induced’ into transferring the money themselves.”
Central African Republic Adopts Bitcoin as Legal Tender — But It’s Not Clear Why
The Central African Republic joined El Salvador to become the second country to adopt bitcoin as legal tender. The country, despite being rich in resources like uranium, gold, and diamonds, remains one of the poorest in the world.
The decision to adopt bitcoin as legal tender, in addition to the existing CFA franc, was met with confusion by citizens of the country and worldwide crypto-enthusiasts alike.
The bill authorizing bitcoin as legal tender was passed unanimously by the country’s parliament; the country’s president argued the move would “improve the conditions of Central African citizens” and position the country as one “of the world’s boldest and most visionary countries.”
Still, with just 11% of the population having internet access, 14% having access to electricity, and less than half with a mobile phone, it’s unclear how the population will be able to even use the cryptocurrency, let alone benefit from it.
Speculation on ulterior motives for adoption bitcoin included an attempt to reduce the influence of France, which colonized much of the region and backs the current multi-country currency, the CFA franc.
Chris Maurice, CEO of African cryptoexchange Yellow Card Financial, characterized it as “a big middle finger to the French economic system.”
Others view the move as a possible attempt to cozy up to Russia. The Central African Republic has deployed mercenaries from Russia’s Wagner group to battle rebel groups in an ongoing civil war in the country. The CAR was one of the few countries choosing to abstain from a UN vote condemning Russia’s invasion of Ukraine.
“‘The context, given the systemic corruption and a Russian partner facing international sanctions, does encourage suspicion,’ French analyst Thierry Vircoulon told the AFP news agency,” according to the BBC.
Are You Doing Enough to Protect Your Customers from Scams?
Sponsored content: Scams are having a moment. And no, we don't just mean in pop culture. Real people -- possibly your customers -- are falling victim to romance scams. While scams like this have been around since the dawn of time, online dating and the pandemic have super-charged the problem, with a record-setting $547 million in losses reported in 2021. Are you doing enough to protect your customers?
Use systems for suspicious activity monitoring for fraud detection, Anti-Money Laundering (AML), and more to protect your customers.
The face of fraud is changing quickly. Use a platform that can adjust just as quickly.
Look at more than transactions. Monitor various data points such as behaviors, including account switching, movements, and trends over time.
Take quick action to report suspicious activity to the authorities such as the Federal Trade Commission (FTC) and Financial Crimes Enforcement Network (FinCEN).
Implement identity verification but continue monitoring changes in details around identity and transaction.
Unit21 is a fully customizable no-code platform for risk and compliance operations teams. We seamlessly integrate three products: onboarding orchestration, transaction and data monitoring, and case management to help our customers fight financial crime all without reliance on engineering resources.
Other Good Reads
The $7 Trillion Embedded Finance And BaaS Gold Rush (Ron Shevlin/Forbes)
Bitcoin-Bond Sale Flop Deepens Debt Market Rout in El Salvador (Bloomberg)
What Was Bill Hwang Thinking? (Money Stuff)
Contact Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Sponsoring this newsletter
Content collaboration or guest posting
News tip or story suggestion
Early stage startup looking to raise equity or debt capital
It is a common misconception that stolen Bitcoins can not be recovered. This is totally false as I have personally just recovered my bitcoins with the help of Mattdunham928 at g male .com
Hi Jason, really enjoyed this - especially the section on stablecoins. On the interoperability point and regulation to make stablecoins 'good', I wonder if there's also point about making sure that stablecoins are embedded and can be easily converted to other fiat currencies, as well as to other crypto. Coins like Celo, USDC, USDT, Dai and other leaders are all linked to the Dollar, which could compound Dollar Hegemony in international money institutions (IMF, WB etc) if transactions are always realized in dollar terms, enforcing money accounting, storage etc to all be dollar based.