MRC Membership Impact Assessment: CFPB 'Stop Work Directive'

Current Situation — The new Director of the Consumer Financial Protection Bureau (CFPB) has requested the agency to cease ‘supervisory activity’ and ‘stakeholder engagement’. Additionally, the Director notified the Federal Reserve that the agency will not be taking its next round of funding. While the Trump administration cannot shut down the CFPB without approval from Congress, it does have the power to direct the Bureau’s activities. Theoretically, this means it could halt all supervisory, rulemaking, and enforcement efforts – which currently appears to be the approach that the administration is taking.

What types of activities does the CFPB engage in?

The CFPB serves as the financial industry watchdog, overseeing consumer protection efforts from predatory financial practices, data protection, limitations on consumer fees, and more. It has recently also focused heavily on activities within the payment and fintech space.

While the CFPB is not considered a primary bank regulator like the FDIC, OCC or Federal Reserve, its areas of focus do overlap with FTC and have a strong ‘consumer protection’ mandate. This means that a potential reduction in force or suspension of rule-making and supervisory activities can have material consequences – especially for the consumers that have benefited from the CFPB’s focus on transparency and fairness (particularly when it comes to fee charging). It will likely also mean that areas of shared ‘jurisdiction’ between the FTC and CFPB will likely shift into the domain of the FTC – it’s unclear at present how this might impact the FTC’s overall capacity and current priorities.

Among its notable activities in recent years, the CFPB has:

• Implemented limitations on credit card late fees and overdraft charges
• Banned the inclusion of medical debt reporting on credit reports
• Limited how banks, fintech, and other data brokers can use and sell consumer data
• Enforced regulations and rule frameworks on payday lenders and BNPL providers
• Developed and approved a framework for ‘open banking’ and access to consumer financial data
• Proposed regulatory frameworks for digital wallet providers
• Penalized several companies for illegal business practices through various enforcement actions

Potential Risks of the ‘Stop Work’ Directive

The FDIC, OCC, Federal Reserve and state regulators will likely continue to operate as normal, providing critical oversight and governance of banking activities – these will continue to have a consumer dimension even if these agencies take a somewhat more holistic approach in balancing the financial systems of the United Systems of the United States.

One significantly impacted area will be the CFPB’s focus in recent years to spur innovation in the financial services industry. Efforts in this area include Consumer Financial Data Rights under Rule 1033 (part of the larger umbrella of ‘Open Banking’ rule-making), and the Larger Participant rule, which recognizes the increasing number of players engaging in ‘money movement’ and ‘digital wallet’ capabilities.

The CFPB has sought to create the regulatory foundation for more innovation, but in concert with rules designed to provide the guardrails for consumer protection. Striking this balance is tricky, and without the CFPB focused on driving it there is some risk that consumer access to new services – particularly in the Open Banking arena – may stagnate.

Impacts for Payments Industry Players:

• All Stakeholders in the Payments ecosystem should recognize that the lines between regulators can be fluid and cooperative, often with shared interests and priorities. The CFPB ‘Stop Work’ directive will no doubt have impacts but that doesn’t mean their priorities will disappear: other agencies may absorb rule-making and enforcement actions.
• Merchants who have business models that include ‘money movement’ and ‘digital wallet’ capabilities may find there is no longer any capacity to drive supervisory and enforcement efforts at the CFPB level. This may reduce the resource requirement in these organizations to deal with supervisory or enforcement actions, at least in the short term.
• Merchants who rely on chargeback and dispute prevention services should be aware that the FTC’s focus on this sector is likely to continue. The FTC has been principally driving this effort, even though the CFPB’s mandate overlaps with it to some extent. Merchants should not infer that the ‘Stop Work’ effort will diminish the FTC’s interest in this area due to capacity constraints (the specific concern relates to the use of merchant refunds to prevent disputes and chargebacks, thus masking true indicators of consumer ‘abuse’).
• Merchants should be concerned that consumers may be exposed to increasing abuse by certain solution/service providers, resulting in financial pressure and decreased consumer spend potential.
• Solution Providers focused on creating new ‘Open Banking’ related services should be aware that opening up consumer access to data could hit some speed bumps. Under the ‘Stop Work’ directive, implementation of these directives will be paused, including the data protection measures intended to safeguard consumers.
• Banks & Fintech Providers will continue to face regulatory scrutiny. While there will still be plenty of regulatory actions impacting banks, it’s unclear whether banks should consider changing their compliance posture at this time. The traditional regulators in this space aren’t going away. It’s also possible the CFPB’s major directives could, at least partially, be absorbed by other regulatory entities.

The MRC will continue monitoring the ‘Stop Work’ directive and report back as the situation evolves.

For further information or to share your thoughts, please contact keith.briscoe@merchantriskcouncil.org

Thanks to the team at Glenbrook Partners for providing content and insights included in this bulletin.