Trends & Research

Trends & Research

Access the power of data and objective insight. Data from various sources, including NEACH surveys and member interviews, is compiled and made available as white papers, case studies, articles, benchmarking, and industry reports to provide a snapshot of both the current and future payments landscape. 

Published on Tuesday, June 27, 2023

Payments Report: News from Washington, Brought to you by NEACH

The Payments Report is a complimentary monthly newsletter included in your NEACH membership.  It covers legislation and regulatory changes being considered by federal government agencies -- providing analysis of pending actions and inside political intelligence, Congressional priority of legislation, and intent of proposed language.  Please share this publication with colleagues in your financial institution or ask them to request a copy by sending an email to


CFPB Proposes Rules to Establish Non-Bank Registries

Overview: In December 2022 and January 2023, the Consumer Financial Protection Bureau (“CFPB”) proposed two related rules that would require non-bank consumer financial services providers to report information concerning enforcement actions and their consumer contract terms to the CFPB. The CFPB would use this information to create a public database hosted on the CFPB’s website. These rule proposals are the latest steps in the CFPB’s effort to extend its oversight of fintechs and other non-bank consumer financial services companies.


The Dodd-Frank Act originally only authorized the CFPB to supervise non-banks operating in specific markets: residential mortgage, private student lending, and payday lending. Congress also authorized the CFPB to conduct rulemaking to define “larger participants” in consumer finance markets that it could then examine, and the CFPB has conducted such rulemaking to extend its supervisory authority to larger participants in the consumer reporting, debt collection, student loan servicing, international remittance, and auto finance markets.

Under its current leadership, the CFPB has moved to extend its reach over fintechs and other non-bank consumer financial services providers. In April 2022, the CFPB announced that it would begin to use what it characterized as “dormant” authority to examine any non-bank when the CFPB has “reasonable cause” to determine there is risk to consumers, even if the company is not operating in one of the markets in which the CFPB has specific examination authority. The CFPB finalized a procedural rule in November 2022 governing information that will be released to the public when it exercises that authority. The December 2022 and January 2023 announcements are the next steps in the CFPB’s bid to increase its oversight of non-banks providing consumer financial services.

Non-Banks Would be Required to Report Enforcement Actions to the CFPB

On December 12, 2022, the CFPB proposed a rule that would require non-banks to report to the Bureau when they are the subject of certain public enforcement orders from a Federal, State, or local agency (the “Enforcement Rule”). This reporting requirement would apply broadly to any non-bank consumer financial services provider subject to an enforcement action under the federal consumer finance laws (including the Truth in Lending Act, the Electronic Fund Transfer Act, the Fair Credit Reporting Act, and the Equal Credit Opportunity Act) or federal or state laws regarding unfair, deceptive, or abusive acts or practices.

Although the CFPB has characterized this rule as an attempt to address issues with companies subject to a series of enforcement actions—which it refers to as “repeat offenders”—companies would be required to report to the CFPB after being subject to only a single enforcement action.

Companies subject to the Enforcement Rule would be required to provide identifying information about the company and detailed information about the enforcement action (including a copy of the order itself). Companies would also be required to provide periodic updates about the status of the order. In addition, larger nonbanks that are supervised by the CFPB would also be required to designate a senior executive to submit an annual statement attesting to the steps taken to oversee the activities subject to the order and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.

The Contract Terms Rule

On January 11, 2023, the CFPB proposed a second new rule that would require non-banks to report when they use broad categories of contract terms that, in the CFPB’s view, waive or limit consumer rights or protections (the “Contract Terms Rule”).

The Contract Terms Rule would only apply to non-banks that are explicitly subject to CFPB supervisory jurisdiction (residential mortgage lenders and servicers, private student lenders, payday lenders, and larger participants in the consumer reporting, debt collection, student loan servicing, international remittance, and auto finance markets).

The Contract Terms Rule would require covered entities to annually register with the CFPB if they use specific terms and conditions in contracts with consumers, including:

  • Waivers of claims a consumer can bring in a legal action;
  • Limits on the company’s liability to a consumer;
  • Limits on the consumer’s ability to bring a legal action by dictating the time frame, forum, or venue for a consumer to bring a legal action;
  • Limits on the ability of a consumer to bring or participate in collective legal actions such as class actions;
  • Limits on the ability of the consumer to complain or post reviews; and
  • Arbitration agreements.

Proposed Non-Bank Registry

The CFPB would use the information it collects in connection with the Enforcement Rule and Contract Terms Rule to create a public database, available on the CFPB’s website, of covered non-bank entities and the information they report to the CFPB. Companies subject to the rules would be required to periodically update their registration and the information they have submitted to the CFPB.

Banks and credit unions would not be required to report the same information and would not be included in the public database. The CFPB’s rationale for this decision is that the four federal prudential regulators regularly publish information relating to the banks and credit unions they supervise, whereas there is no comprehensive, readily accessible source of information concerning non-banks. However, the CFPB noted in its proposals that it would consider extending these requirements to banks and credit unions in the future.

Outlook: The CFPB continues to assert expanded authority over fintechs and non-banks providing consumer financial services. The database that the CFPB would assemble with information reported under the proposed rules would likely serve as a source of information that the CFPB and other regulators would use to concentrate their supervisory and enforcement efforts. Companies should begin analyzing whether they would be subject to these rules, and the information they would be required to report.

Federal Banking Regulators Issue Statement About Crypto-Asset Risks to Banks

Overview:  In January, the federal banking regulators—the Federal Reserve Board (“FRB”), Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC” and collectively the “Agencies”) issued a joint statement warning their respective regulated financial institutions about the risks associated with crypto-assets.


In the past, the Agencies have issued a number of letters and circulars addressing various aspects of conducting business that involves digital assets. For example, the OCC has issued four interpretive letters on these topics from 2020 through 2021—Interpretive Letters 1170, 1172, 1174, and 1179. Cumulatively, these letters establish that the OCC permits national banks to engage in certain activities – namely, providing custody of cryptocurrency or blockchain wallet encryption keys, holding stablecoin reserve funds, and using distributed ledgers and stablecoins to facilitate payment activities – provided they can demonstrate to the OCC that they have sufficient controls in place to conduct the activities in a safe and sound manner. However, the OCC has been clear that before a national bank may proceed with any of these activities, it must first obtain a written non-objection from the OCC for each activity the bank proposes to conduct.

The FDIC has also previously established the requirement that its supervised financial institutions must seek feedback from the FDIC before engaging in crypto-related activities. In April 2022 it issued Financial Institution Letter FIL-16-2022, which essentially warned insured financial institutions of risks related to crypto-related activities and required that institutions notify the FDIC before engaging in such activities. The FDIC promised to review the relevant information and provide relevant supervisory feedback. Unlike the OCC, however, the FDIC expressly declined to address the legal permissibility of any specific crypto-related activity under the Federal Deposit Insurance Act.

Like the FDIC, the FRB has taken a more general stance toward crypto-related activities. In August 2022 it issued a Supervision and Regulation Letter (SR 22-6/CA 22-6) stating that a supervised banking organization should notify its lead supervisory point of contact at the FRB before engaging in any crypto-asset-related activity. Although the FRB did not explicitly state that a regulated banking organization must wait for approval by the FRB before proceeding, the letter did state that the FRB’s supervisory staff would “provide relevant supervisory feedback, as appropriate, in a timely manner,” in response to any such notification from a banking organization.

The January 2023 Joint Statement

The January 2023 joint statement appears to be a response to recent high-profile cases involving crypto-asset businesses, such as the FTX scandal and the Luna collapse. The Agencies noted “significant volatility and the exposure of vulnerabilities in the crypto-asset sector” over the past year and, rather than adding much substance to the Agencies’ previous guidance, focused on risks to financial institutions and reiterates the Agencies’ established positions. The statement outlined eight “key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware of.” The risks identified include fraud and scams, legal uncertainties, misleading representations, volatility, stablecoins’ susceptibility to runs, and others.

The Agencies made clear that they are carefully reviewing all proposals to engage in activities involving crypto-assets on a case-by-case basis. In other words, the statement reiterates that banking organizations should not engage in any crypto-asset-related activity without seeking prior approval or non-objection from their federal regulators.

While the joint statement used language that may appear balanced and open-minded—for example, acknowledging that banking organizations are not prohibited or discouraged from providing banking services to crypto-asset businesses—the Agencies clearly signaled significant hesitancy about the entire crypto-asset sector. In particular, the Agencies noted that they are taking a “careful and cautious” approach and feel there are “significant risks highlighted by recent failures of several large crypto-asset companies." In other words, while the Agencies are stating that providing banking services to crypto-asset businesses is not prohibited, they are also warning banking organizations that they view such customers as presenting significant risks to the banking industry. The joint statement takes great pains to remind banks that they must take a risk-based approach to business activities and compliance while simultaneously declaring that the Agencies view crypto-asset businesses as risky. This combination appears to discourage banking organizations from providing banking services to crypto-asset customers even though the joint statement specifically says that banking organizations are not discouraged from doing so.

It should also be noted that subsequent to the joint statement, the FRB issued a policy statement on January 27, 2023, ostensibly to promote a level playing field for all banks with a federal supervisor. But the policy appears focused more on imposing limitations rather than creating a level playing field. According to the FRB, “The statement makes clear that uninsured and insured banks supervised by the Board will be subject to the same limitations on activities, including novel banking activities, such as crypto-asset-related activities.” The policy statement also reiterated that regulated institutions must ensure that their activities are permitted under applicable law, while noting that the FRB has received numerous inquiries in recent years about engaging in “novel and unprecedented” activities, including those involving crypto-assets.

Outlook:  Banking organizations regulated by the Agencies should proceed with caution and develop adequate policies, procedures, and internal controls before providing banking services to crypto-asset businesses or seeking approval to engage in their own business activities involving crypto-assets. They should expect that the Agencies will review such activities and customers carefully during examinations and investigations.


CFPB Fate to Be Determined by Supreme Court

Overview:  On February 27, 2023 the U.S. Supreme Court agreed to hear a case that may determine whether the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) will continue to exist. The root of the issue is whether the Bureau’s funding mechanism violates the Constitution. In addition to deciding the fate of the Bureau, the case will have implications for whether the Bureau’s past actions should be vacated or dismissed as well.

The Bureau’s Funding Mechanism

Under the Dodd-Frank Act, the CFPB was created as an independent regulatory agency within the broad ambit of the Federal Reserve System. Similar to some other independent financial regulatory agencies—such as the Federal Reserve System itself, the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”)—the CFPB does not derive its operating budget from congressional appropriations. However, where the FDIC and OCC collect assessments that are paid by the financial institutions they regulate, the CFPB draws its funds from the Federal Reserve System. The Bureau submits an annual budget to the Federal Reserve Board and, so long as the budget request does not exceed 12% of the Federal Reserve’s total operating expenses, the Federal Reserve Board must grant the request. And because the Federal Reserve is also outside the congressional appropriations process, the U.S. Court of Appeals for the Fifth Circuit has observed that the Bureau is therefore “double insulated” from Congress’s control of federal spending in a way that is unique among federal agencies.

Constitutional Challenges

In 2018, the CFPB faced one of its first significant tests. PHH Corporation and several of its affiliates and subsidiaries (collectively “PHH”) challenged an administrative ruling handed down by the Bureau relating to PHH’s mortgage insurance and reinsurance transactions under the Real Estate Settlement Procedures Act (“RESPA”). In 2014, the Bureau brought its administrative action, which culminated in a hearing before an administrative law judge (“ALJ”) borrowed by the Bureau from the SEC. The ALJ wrote a Recommended Decision concluding that PHH violated RESPA and recommending a disgorgement of $6.4 million. However, CFPB Director Richard Cordray overruled the ALJ’s recommendation and instead imposed a disgorgement order of more than $109 million. PHH appealed the decision to the U.S. Court of Appeals for the D.C. Circuit, which was heard by a three-judge panel that included Judge Brett Kavanaugh. In October 2016, the panel ruled against the Bureau. Judge Kavanaugh’s opinion was particularly critical toward the Bureau. However, rather than focusing on the funding of the agency, the D.C. Circuit panel struck down the provisions of the Dodd-Frank Act that prohibited removal of the Bureau’s Director without cause. The Bureau appealed to the full D.C. Circuit Court, requesting an en banc decision. The en banc Court then overturned the panel decision, upholding both the Bureau’s decision in the PHH case and the constitutionality of the Bureau itself. Because the Bureau—under a new Director—later dismissed the case against PHH, no further appeal to the Supreme Court was necessary.

In the course of examining whether the removal provisions of the Dodd-Frank Act violated the Constitution, the D.C. Circuit Court also analyzed the Bureau’s funding. In particular, the Court noted that the independence of financial regulators has significant historical precedent and remains “a prominent pattern today.” The Court compared the Bureau to the Federal Reserve System, the FTC, and the CFTC. Because “insulation from political concerns” is “advantageous in cases where it is desirable for agencies to make decisions that are unpopular in the short run but beneficial in the long run,” the Court found that history, tradition, and precedent “show that Congress may appropriately give some limited independence to certain financial regulators.” The Court opined that the CFPB’s independent funding provisions in the Dodd-Frank Act are constitutionally valid.

In 2019, the Supreme Court overturned some of the PHH case’s conclusions when it invalidated the provision of the Dodd-Frank Act that prohibited removal of the Bureau’s Director without cause in Seila Law v. CFPB. But the Seila Law decision was narrow, stopping short of vacating any actions previously taken by the Bureau or addressing the Bureau’s funding.

Beginning in 2018, a collection of trade groups sued the Bureau seeking invalidation of its Payday Lending Rule, adopted in 2017, based on several constitutional challenges. The U.S. District Court for the Western District of Texas dismissed the challenges, but on appeal, the Fifth Circuit ruled against the Bureau specifically with respect to the Bureau’s funding mechanism. Essentially, the Fifth Circuit found that the Constitution not only grants exclusive budgetary power to Congress but also that Congress may not delegate away that responsibility through legislation. According to the Fifth Circuit, Congress’s power of the purse is an essential check against the powers of the other branches of government and therefore fundamentally may not be abdicated. In its opinion, the court noted that “without its unconstitutional funding, the Bureau lacked any other means to promulgate the [Payday Lending Rule].” This opinion thus called into question all actions the Bureau has taken using its unconstitutionally obtained funding.

What Comes Next

The Bureau has petitioned the Supreme Court for a prompt review of the Fifth Circuit decision for three “compelling reasons:”

  • The Fifth Circuit has held that an Act of Congress violates the Constitution but the decision contradicts the D.C. Circuit’s decision in the PHH case with respect to the CFPB’s funding mechanism.
  • The cloud cast by the Fifth Circuit decision has “immense legal and practical significance.” Specifically, according to the CFPB, defendants in several Bureau enforcement cases have now sought dismissal pursuant to the Fifth Circuit decision and new challenges to the Bureau’s other rules and actions are expected to multiply as time goes on. Additionally, the uncertainty caused by the circuit court split will frustrate the Bureau’s work administering and enforcing consumer financial protection laws.
  • The possibility that all of the Bureau’s past actions can now be called into question on constitutional grounds raises serious concerns for the entire financial services industry, and the potential voiding of Bureau interpretations and precedent creates massive regulatory uncertainty for the industry.

Arguably, until and unless the Supreme Court stays the Fifth Circuit decision, the Bureau cannot operate in the states within the Fifth Circuit (Mississippi, Louisiana, and Texas). This would have serious unintended consequences as financial institutions could be subject to Bureau oversight in some states but not others. Upholding the Fifth Circuit’s decision could also have ramifications for the other federal financial regulatory agencies that are funded outside the congressional appropriations process.

It should also be noted that the Supreme Court had the chance to eliminate the Bureau’s structure previously, in the Seila Law case, but chose not to. However, the Court’s makeup has become even more conservative since that time. Senator Elizabeth Warren, the primary architect of the CFPB, issued a statement in response to the Court announcing the case: “Despite years of desperate attacks from Republicans and corporate lobbyists, the constitutionality of the CFPB and its funding structure have been upheld time and time again. If the Supreme Court follows more than a century of law and historical precedent, it will strike down the Fifth Circuit’s decision before it throws our financial markets and economy into chaos.”

One possible solution would be for Congress to amend the Bureau’s empowering statute to change its funding structure. The Supreme Court could even remand the case to Congress to do just that. At that point, most aspects of the Bureau’s makeup would likely become bargaining points for the two political parties. Given the current divided composition of Congress, lawmakers reaching agreement on a revised structure for the CFPB seems highly unlikely.

Outlook:  The Supreme Court is not expected to hear arguments in the case until next term, so a decision is not likely to be issued until 2024. All parties involved in the consumer financial services sector will be watching the case closely as it will have a significant impact on every area regulated by the Bureau.

CFPB Proposes Rules to Limit Credit Card Late Fees  

Overview: In February, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule that would significantly reduce the late fees credit card issuers may charge cardholders (the “Proposed Rule”). The Proposed Rule is the latest step in the CFPB and Biden administration’s push to reduce or eliminate so called “junk” fees.


In September 2022, President Biden announced an administration-wide initiative to address so called “junk” fees that may conceal the actual cost of a product for consumers or that exceed the actual cost of providing a service, such as paperwork processing, associated with the fee. One month later, the CFPB issued guidance stating that charging certain overdraft and non-sufficient funds fees may be an illegal unfair practice. Other executive agencies, including the Federal Trade Commission, have also joined the effort to eliminate or reduce certain so-called junk fees. The CFPB’s credit card fee proposal is the latest step in the administration’s junk fee initiative.

The CARD Act Requires Late Payment Fees to be Reasonable and Proportional

In 2009, Congress enacted the Credit Card Accountability Responsibility and Disclosure Act (“CARD Act”) which, among other things, required that credit card late payment fees be “reasonable and proportional” to the costs a card issuer incurs in connection with a late payment. The CARD Act directed the Federal Reserve Board of Governors (the “Board”) to issue rules establishing standards for assessing the reasonableness and proportionality of late fees. In 2010, the Board finalized a rule that creates two options for compliance. First, credit card issuers can make a determination that the dollar amount they charge for a late payment fee represents a reasonable proportion of the total costs incurred in connection with the late payment. As an alternative, the Board set safe-harbor fee maximums t of $25 for the first late payment and $35 for additional late payments. Credit card issuers are presumed compliant with the law if they charge no more than these maximum late fee amounts and today, nearly all such issuers rely on these safe harbor limits.

The Dodd-Frank Act transferred responsibility for CARD Act rulemaking from the Board to the CFPB. The CFPB has continued to adjust the safe harbor limits based on the inflation index, and they are now $30 for the first late payment and $41 for additional late payments.

The CFPB Rule Proposal Would Substantially Limit Credit Card Late Fees

The CFPB has been assessing the fees credit card issuers charge consumers, including by seeking public comment through an advance notice of proposed rulemaking issued in June 2022 and conducting a series of studies based on data collected by the Board and the CFPB. According to information the Bureau published with the Proposed Rule, the income generated by the largest credit card issuers from late fees is approximately five times greater than the collection costs that the companies incur for late payment violations. The CFPB relied on that conclusion in proposing to reduce the amount of the safe harbor limits by a factor of five.

The CFPB issued the Proposed Rule on February 1, 2023. The Proposed Rule has three primary components. If finalized, it would:

  • Lower the safe-harbor maximums from $30 for the first late payment and $41 for additional late payments to $8 for both initial and subsequent late payments.
  • Eliminate the automatic annual inflation adjustment for the safe harbor limit. The CFPB would instead monitor market conditions and the safe harbor amount for potential adjustments as necessary.
  • Cap late fees at 25% of the required minimum payment. The current rule allows a card issuer to potentially charge a late fee that is 100% of the minimum payment owed by the cardholder.

Under the Proposed Rule, credit card issuers could still charge late payment fees that exceed the $8 safe harbor if they can justify their fees’ reasonableness with a supporting cost analysis. However, the CFPB stated in its proposal that it believes the $8 amount “would cover most issuer’ costs from late payments.” This suggests that the CFPB would closely scrutinize any issuers that attempt to support a higher fee structure, and card issuers charging more than an $8 fee could be exposed to significant risk of a CFPB investigation or enforcement.

The proposal also seeks comment on other potential changes to CARD Act regulations, including whether the proposed changes should apply to all credit card penalty fees, whether the safe harbor provision should be eliminated altogether, whether consumers should be granted a 15-day courtesy period, after the due date, before late fees can be assessed, and whether issuers should be required to offer auto pay in order to make use of the immunity provision.

Several banking trade associations have criticized the CFPB’s proposal as misguided and questioned the CFPB’s conclusion that issuers’ income from late payment fees is five times greater than the costs they incur in connection with late payment fees. In particular, industry stakeholders contend that the strict new limitations could significantly impact the extent to which smaller institutions can offer credit cards to their customers.

Comments on the Proposed Rule will be due 30 days after the Proposed Rule is published in the Federal Register. Trade associations have petitioned the CFPB to extend the comment period because of the potential significance of this rule, but to date the CFPB has declined to officially do so.

Outlook: CFPB Director Rohit Chopra stated in comments to the media on the date that the CFPB issued the Proposed Rule that his goal is to issue a final rule later this year so it can take effect in 2024. This is an aggressive timeline for such a significant rulemaking and institutions impacted by the Proposed Rule should be assessing how this potentially significant change would impact their operations. Impacted institutions should also consider submitting comments to the CFPB.


CFPB Issues Policy Statement on Abusive Conduct in Consumer Financial Markets


Overview The Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has issued a policy statement clarifying its approach to enforcing the Dodd-Frank Act prohibition against abusive acts or practices in consumer financial services. The public is invited to submit comments on the policy statement before July 3, 2023.


For years prior to the enactment of the Dodd-Frank Act, unfair and deceptive acts or practices (“UDAP”) were prohibited by the Federal Trade Commission Act and other laws. A combination of case law, enforcement actions, and published regulatory guidance circumscribed the standards by which agencies would determine whether conduct was unfair or deceptive. In 1980, the Federal Trade Commission (“FTC”) issued its policy statement on unfair acts or practices. It followed that policy statement with one in 1983 on deceptive acts or practices. This area of consumer protection law remained relatively static until the enactment of the Dodd-Frank Act in 2010. Among other things, the Dodd-Frank Act expanded UDAP to include a prohibition against abusive acts or practices (together, “UDAAP”) and, in the course of establishing the CFPB as a new agency, granted the Bureau enforcement power over UDAAP violations in the consumer financial services market.

. The Dodd-Frank Act described abusive conduct in broad terms. Specifically, conduct cannot be considered abusive unless it: (i) materially interferes with a consumer’s ability to understand a term or condition of the product or service; (ii) takes unreasonable advantage of a consumer’s lack of understanding of material risks, costs, and conditions, or a consumer’s inability to protect their own interests, or a consumer’s reasonable reliance on the company to act in the consumer’s best interests. For a decade, the Bureau did not immediately adopt a formal policy or set of standards, but rather, was content to rely on the statutory definition without any overarching framework.

Then, at the beginning of 2020, the CFPB (under the Trump administration) issued a policy on abusive conduct, which provided three principles to govern the Bureau’s enforcement actions in this area:

  1. The Bureau would focus on whether harm to consumers from the alleged conduct outweighs the conduct’s benefits to consumers.
  2. The Bureau would avoid, where possible, combining allegations of abusive conduct with allegations of unfair or deceptive conduct arising from the same set of facts. Instead, it would focus on “stand-alone” abusive conduct separate and apart from unfair or deceptive conduct violations.
  3. The Bureau would not generally seek monetary relief for abusive conduct when the business had made a good-faith effort to comply with the abusiveness definition in the Dodd-Frank Act, except to the extent that monetary penalties would be necessary to remedy consumer harm caused by the conduct.

Although the 2020 policy helped consumer financial service providers understand the Bureau’s enforcement philosophy, it lacked specific details about how the CFPB interprets the Dodd-Frank Act’s description of abusive conduct. Critics complained that the policy created more rather than less regulatory uncertainty for market participants. Little more than a year later (under the Biden administration), the Bureau rescinded the 2020 policy statement. When announcing the rescission, the Bureau essentially decided to rely once again on the judicial and administrative process to explore the contours of the abusive conduct prohibition. Businesses were therefore left to figure out the full scope of what conduct could be deemed abusive based mainly on enforcement actions.

2023 Policy Statement on Abusive Acts or Practices

The new policy statement summarizes and consolidates precedent established by 43 CFPB enforcement actions, together with numerous supervisory examinations, conducted over the past thirteen years. The core of the policy statement is there are two types of abusive conduct prohibited by the statute:

  1. obscuring important features of a product or service; and
  2. leveraging certain circumstances (such as gaps in understanding, unequal bargaining power, or consumer reliance) to take unreasonable advantage.

An act or practice need only fall into one of the two categories to be abusive under the law, but the Bureau was quick to point out that conduct may fall into both. Importantly, the Bureau also noted that, unlike with unfair conduct, abusiveness does not require a showing of substantial injury. For an act to be considered unfair, the Bureau must show that it caused either a significant amount of harm to a small number of consumers or a smaller amount of harm to a large number of consumers. To find that conduct is abusive under this policy statement, the Bureau need only demonstrate that the business engaged in conduct that Congress presumed to be harmful to the proper functioning of the consumer financial services market.

The first type of abusive conduct concerns situations where a business “materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service.” The policy states that there does not need to be an intent to materially interfere, though it is reasonable to infer that conduct materially interferes when it is intended to interfere. Additionally, the Bureau views certain aspects of a transaction to be so important that if they are not prominently or clearly communicated to consumers, it can be presumed that the business materially interfered with the consumers’ ability to understand the product or service. Such crucial information includes, but is not limited to, pricing or costs, limitations on the consumer’s ability to use or benefit from the product, and contractual consequences of default.

The second form of abusive conduct concerns situations where a business takes unreasonable advantage of certain circumstances. In the policy statement the Bureau laid out the three situations where a business may be deemed to have taken unreasonable advantage: (1) a consumer’s lack of understanding of material risks, costs, and conditions; (2) a consumer’s inability to protect their own interests; or (3) a consumer’s reasonable reliance on the business to act in the consumer’s best interests. The policy describes the analysis that the Bureau will perform when examining conduct to determine whether it fits any of these three circumstances.

The policy statement also signaled the Bureau’s current enforcement priorities by highlighting how the use of dark patterns, set-up-to-fail business models (like those employed before the mortgage crisis in 2008), profiteering off captive customers, and kickbacks or self-dealing can all be abusive practices.

The policy was published in the Federal Register on April 12, 2023, offering a public comment period that ends on July 3, 2023. However, it is important to note that unlike in a rulemaking, the Bureau is not required to solicit or address public comments on a policy statement. As such, the policy statement was deemed applicable as of its publication date.

Outlook:  While there certainly may be disagreement over the substance of the policy, the abusive conduct policy is generally useful to financial service providers because it summarizes established precedent and provides specific details about the Bureau’s approach to enforcement in this area. Additionally, the policy reinforces the Bureau’s focus on dark patterns and similar practices. The policy should provide greater regulatory certainty as companies assess whether or not certain conduct could be considered “abusive.” The request for public comments is also an important opportunity for financial service providers to voice concerns about the Bureau’s approach.

California Proposes Rules to Regulate Income-Based Advances

Overview: On March 7, 2023, the California Department of Financial Protection and Innovation (“DFPI”) issued a proposed rule that would for the first time subject earned wage access (“EWA”) providers and other companies that provide advances on consumers’ income to the state’s consumer financial protection laws (the “Proposed Rule”).  The proposed rule may portend – and, indeed, may serve as a guide for – action in other states and possibly the federal government on these increasingly popular financial products.


EWA provides employees access to wages they have earned but have not yet received through their employer payroll. EWA companies generally operate based on one of two business models: a business-to-business model in which the EWA company contracts with employers who provide the EWA service as a benefit for their employees, and a direct-to-consumer model in which the EWA company works directly with the employee, eliminating the employer from transactions. Because EWA is arguably not “credit” or a “loan” as those terms have been defined in existing federal and state law, it has been uncertain whether EWA is subject to those existing laws.

In 2020, California enacted legislation that replaced the former Department of Business Oversight and launched the DFPI as California’s new financial regulator. The legislation also broadly expanded the DFPI’s enforcement and rulemaking powers, including by granting DFPI authority to regulate previously unregulated financial products and services. Because the legislation was based on the powers of the federal Consumer Financial Protection Bureau (“CFPB”), the DFPI has been widely characterized as a “mini-CFPB.”

DFPI quickly signaled that it would use its new authority to regulate EWA. In January 2021, DFPI entered into agreements with several leading EWA providers in which the providers agreed to follow a set of industry best practices and provide quarterly reports to DFPI. DFPI subsequently kicked off a rulemaking process by issuing an invitation for public comments in November 2021. By issuing the Proposed Rule, the DFPI has now taken a major step toward becoming the first state to comprehensively regulate EWA.


EWA Providers Would be Required to Register with or Obtain a License from DFPI

The Proposed Rule would squarely address the issue of whether EWA is a “loan” by specifically expanding the definition of a loan under the California Financing Law to include any advance of funds to be repaid in whole or in part by the receipt of a consumer’s wages, salary, commissions, or other compensation for services. This definition is broad enough to cover EWA and other income advance products (such as income share agreements that are provided to students as an alternative to student loans) and means that EWA providers would be required to either register with or obtain a license from the DFPI to provide EWA in California.

The Proposed Rule would provide two paths for EWA providers to continue operating in California. First, EWA providers whose products meet certain criteria, including not collecting charges that would be greater than amounts permitted under the California Financing Law, would have the option of registering with DFPI. Companies that register with DFPI would be subject to regulatory examinations and reporting requirements, but would not be subject to the DFPI’s more detailed and complex licensing process. The second option for companies would be to apply for a full California lending license.

The Proposed Rule Would Limit the Amount EWA Providers Can Charge

EWA companies using the direct-to-consumer model typically operate via two major fee structures: subscription fees or transaction fees. A subscription-based EWA company typically charges a fixed monthly fee, and may also accept optional charges for faster service. A transaction-based EWA company may accept tips, charge fees, and collect optional fees for faster service. EWA companies that accept tips have typically argued that their tips are wholly voluntary, are not finance charges, and have no effect on their services or availability of future advances.

The Proposed Rule would provide that a voluntary or optional payment, including a tip or gratuity, paid by a borrower to a licensee or any other person in connection with a loan, is a charge subject to the California Financing Law. This means that those payments would be subject to California’s limitations on how much a consumer may be charged in connection with a loan, and could significantly reduce the amount EWA providers have previously collected as tips or gratuities.

The Proposed Rule would also clarify when a subscription fee in connection with an income-based advance is permissible. A subscription fee would be permissible if: (1) the fee is $12 per month or less; (2) the consumer has access to products or services other than income-based advances, without additional charge; (3) the fee charged does not affect the terms upon which income-based advances are made to the borrower; and (4) consumers can cancel their monthly subscription without penalty at any time.

Other States Have Introduced Legislation to Regulate EWA

Approximately a dozen state legislatures, including New York and Texas, have introduced legislation this year that would specifically regulate EWA. These bills vary to some extent among the states but, like California, would generally require EWA providers to register or obtain a license from the state regulator. Some of the states would also impose comprehensive regulatory regimes for EWA.

Outlook: The California DFPI is increasingly using its “mini-CFPB” authority to scrutinize emerging products offered by fintechs and non-bank financial services company. California will likely move forward with finalizing the Proposed Rule in the near future, and other states are also beginning to focus on EWA and other income-based advances. EWA providers should be preparing to identify the extent to which new laws and regulations will apply to them, and taking steps to build compliance programs in response to increased regulation of their products.


Craig Saperstein, a member of Nacha’s Government Relations Advisory Group, is a partner in the Public Policy practice of Pillsbury Winthrop Shaw Pittman LLP in Washington, D.C. In this capacity, he provides legal analysis for clients on legislative and regulatory developments and lobbies congressional and Executive Branch officials on behalf of companies in the payments industry. Deborah Thoren-Peden is a partner and member of the Financial Institutions Team at Pillsbury Winthrop Shaw Pittman LLP. She provides advice to financial institutions, bank and non-bank, and financial services companies. Daniel Wood is a Counsel and member of the Financial Services Regulatory Team. He provides analysis for financial institutions, technology companies, and clients that offer consumer financial products. Brian Montgomery is a Senior Counsel and member of the Financial Services Regulatory Team. He provides analysis for financial institutions, technology companies, and clients that offer consumer financial products. The information contained in this update does not constitute legal advice and no attorney-client relationship is formed based upon the provision thereof.


Rate this article:
No rating
Comments (0)Number of views (1072)

Author: Carlos Ortiz

Categories: Trends & Research



Theme picker