Sophia Goldberg
December 27, 2023
On November 7th, the CFPB released a proposal for a rule which would call for increased examination and supervision over wallets. We’ve taken a deeper look at what it says and what we think this could mean, and have tried to put it in layman’s terms for you below. In short, they’re proposing structure and requirements to supervise large digital wallets.
This regulatory proposal reads like a shot across the bow to Apple, Cash App, and potentially Coinbase alike. The CFPB wants the proactive ability to monitor these wallet programs. This post, which is very much not legal advice, aims to help you understand which types of companies could fall under supervision and examination if this rule is codified.
This new rule aims to let the CFPB protect consumers by giving them examination and supervisory authority over large wallet operators directly, rather than only when there are complaints to investigate or indirectly through banking partners. Meaningfully it does not expand or alter their enforcement authority.
The CFPB has been studying the digital wallet space for a while (see this article on the role of Big Tech in mobile payments), although it’s unclear what the goal here is beyond more visibility. I read this proposal as the CFPB wanting to go on “offense” rather than waiting to enforce only after consumer complaints come in. As younger generations shift their financial relationships away from traditional banking to more third parties (neobanks, P2P platforms) this could be an attempt for more direct visibility to those platforms too.
So who could this new rule apply to? They have four criteria which define which wallets are in or out of the proposed rule’s scope. The CFPB notes that there are at least 17 “larger participants” — though does not call them out by name. “Large” is defined, in part, as doing over 5 million transactions per year. They use the term “general-use digital consumer payment applications”, which sounds broad and hard to grok at first read — in layman’s terms: large digital wallet providers.
They further define that with 4 new terms: those providing covered payment functionality through a digital application for consumer’s general use in making consumer payment transactions. To fall under this rule a company would have to meet all four of these criteria. Let’s take a look at each:
(1) Covered payment functionality includes two types:
In easier terms either a staged wallet or a pass-through wallet. Funds transfer means receiving consumer funds into the wallet and actively storing those funds. Think Venmo, Cash App. This is what we call a staged digital wallet. This definition also includes virtual assets, so custodial crypto wallet platforms like Coinbase could be within this definition.
Wallet functionality means storing payment credentials to initiate a transaction. Think ApplePay or GooglePay, a pass-through wallet.
(2) Digital application means the consumer uses their devices for digital payment or access the payment digitally.
(3) General use speaks to where these funds can be spent. Are there significant consumer limitations? If not, the wallet could be seen as general use. At first read I thought we could also slap a clean definition on “general use”: closed loop versus open loop. Closed loop wallets can only be spent with one brand or group of brands, while open loop wallets have funds that can be used anywhere that wallet is accepted.
What’s interesting is that this definition notably exempts payment functionality for a specific type of goods or services, including food. This makes it seem that a digital wallet like Starbucks’ is out of scope. But are all brand-specific apps? It’s not clear if a merchant-specific closed loop wallet where funds can be spent on multiple types of goods and services — for example, Target — would qualify. Note that they might be exempt from CFPB authority altogether under another exemption outside this proposal, but we’ll leave that aside for now.
An example of a wallet for affiliated brands is ShopPay. These funds can be spent within the Shopify merchant ecosystem. An eBay wallet would serve a similar purpose, but could appear to be less “general use”. Marketplace or platform wallets could be argued to lie on either side of the general use definition.
(4) Used for making consumer payment transactions. At first read this feels obvious: is the wallet used for payments? But the counter argument for brand-specific or closed-loop wallets could be that the wallet facilitates a consumer’s use of their balance but not the funds. For a wallet like Starbucks those funds are the brand’s as soon as they’re loaded, so does usage of those funds to redeem a brown sugar shaken espresso with cold foam constitute a payment transaction? The CFPB may be able to argue that the act of loading funds into the wallet counts as a payment transaction, but this last point of the criteria is still opaque.
So you’re one of the mysterious 17 entities, what now? All wallet program managers or brands will have additional reporting overhead and examination. The CFPB posits that this will cost roughly $25k to prepare for the exam, but experts have weighed in that it’s likely to be 10x that and large operational lift.
Quite a few open questions remain. Why now? How did they choose scope?
We need more clarity on what entities fit the General Use criteria. Clearly ApplePay fits the definition, but what about ShopPay? How does a closed-loop wallet on a digital or software platform fit? If Square or Toast launched a cross-merchant payment method would that count as General Use?
Crypto platforms could also fit all four criteria and be within scope. Was that intentional? Virtual assets are included in the definition of “funds” so hosted wallets definitely seem to me to be affected by this proposed rule.
My main question is: what’s the goal here? From our reading that’s still unclear beyond an overarching goal of better protecting consumers and the ability for proactive monitoring. Almost all of the entities that would fall under the definitions above have a bank partner or other reporting requirement.
With ApplePay and GooglePay, the consumer is protected by the Issuing Banks. For CashApp or Venmo, the consumer is protected by the banks who run the underlying program. They’re already obligated to comply with consumer protection laws.
What we have so far is only a proposal, the comment period runs through January 8th. We expect to see a final rule in the latter half of 2024 so will keep tracking updates in the meantime.
Have questions? Drop us a note at hello@getansa.com