CFPB issues consumer protection orders to Big Tech

Payment systems and consumer data capture, use, and restrictions

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

Information sought by the CFPB may significantly expand consumer protection and “fairness” in areas of consumer data capture, use, and restriction. Although issued directly to large technology companies regarding payments products and practices, the orders will increase current scrutiny on fair and competitive business practices more broadly and come in addition to the focus by the FTC and DOJ. All companies should assess their current risks and practices in light of these orders

The Consumer Financial Protection Bureau (CFPB) has issued orders to six Big Tech companies that require the companies to provide information about their payments systems, including business plans, products, and practices. The CFPB clarifies that the orders are not supervisory orders but rather carry-out the CFPB’s authority to monitor markets for risks to consumers in the offering of consumer financial products and services, including developments in markets for those products and services.

As outlined by the CFPB, the orders compel information related to:

  • Data harvesting and monetization. The orders seek information on how the companies collect and use consumer data, including identifying the data that is collected and retained, the purpose for harvesting the data, and whether the data is sold directly and/or sold for targeted purposes based on specific attributes (e.g., behavioral marketing).
  • Access restrictions and user choice. In general, CFPB is looking to understand how the scale and networks of these payment platforms increase the potential risk of anticompetitive behavior, limiting consumer choice and innovation. The orders seek information on the companies’ policies to manage access to their payment platforms, encourage or require use of their system, manage third party involvement, and increase use relative to other payment providers.
  • Other consumer protections. The orders seek to understand the robustness with which payment platforms prioritize consumer protections, including those associated with fair and accurate disclosure, payments processing, error resolution, data privacy, fraud, and complaints management.

The information is expected to inform future regulations and policies including:

  • CFPB’s data portability rulemaking (Section 1033 of the Dodd-Frank Act)
  • Federal Reserve System efforts to make payments safer, faster, and more competitive
  • Federal Trade Commission attentions on the business practices of large technology companies.

The CFPB’s announcement included a sample order (available here) and a statement from CFPB Director Chopra (available here).

Get the latest thinking from KPMG