The rapid growth of payments technology has created gray areas in regulatory compliance and consumer protection, and regulators are working to catch up.
The most recent example is the request for information published Feb. 26 by the Federal Deposit Insurance Corporation. The FDIC wants comments on “potential changes to its sign and advertising rules to better reflect how banks and savings associations are transforming their business models to take deposits via physical branches, digital, and mobile banking channels.” It also asks for input on addressing possible misrepresentations by nonbanks about FDIC insurance.
This request is a recognition that the way money flows in and out of banks has changed, and will continue to change, as new channels open. It also reflects a need for clarity about what companies actually are. Companies that are described as “challenger banks” by themselves or by the press are not federally insured deposit institutions. The deposit insurance that protects their customers is provided by a partner FDIC-insured institution. These third parties are program managers like the program managers in the prepaid card business that assemble value chains to deliver financial services to consumers.
That value-chain structure means the FDIC is not the only regulator that needs to figure out how to move new payments companies out of regulatory limbo. The Consumer Financial Protection Bureau created a large gray area when it finalized its prepaid-accounts rule in October 2016.
First, the CFPB did not limit its rule to prepaid cards. It said digital wallets “to the extent that they are used to access funds the consumer has deposited into the account in advance” should be covered by the rule. It also specified that the access method is not what’s at issue, but rather that an account exists.
However, the CFPB then complicated things when it said that “the Bureau declines to limit coverage under the definition to accounts held in a pooled account structure, because the Bureau believes that the characteristics that make an account a prepaid account should not be dependent on the product’s back-office infrastructure.” Rather, it was more concerned with “the way the account is marketed or labeled, as well as … the account’s primary function.”
With account structure set aside, it seems that compliance depends in part on good marketing. If a fintech wants to avoid the strictures of the prepaid rule, it appears it will likely market itself as a “different” kind of bank account, or least not as a prepaid account. But, as the FDIC’s request demonstrates, these companies are not banks themselves.
Regulators face two important questions. First, if fintechs are not banks and not prepaid accounts, then what are they? More important, what recourse do their customers have if something goes wrong?
These questions will be at issue in the lawsuit PayPal filed against the CFPB in December. PayPal argues that its digital wallet should fall outside the scope of the prepaid rule because digital wallets are fundamentally different from prepaid accounts. It also argues that the rule’s requirements for disclosures are unconstitutional because they violate the First Amendment.
It might be easy to see the suit as something that primarily concerns PayPal. But if PayPal succeeds, it is likely that the rule itself will be thrown out. This would mean that the payments industry would go back to where it was in 2012—being regulated under a patchwork of agencies and rules, with no guiding principles. It also could mean that consumers would see account protections become contractual instead of codified.
Regulators will need to resolve this fintech regulatory limbo to protect both the banks that make these products possible and their customers.
—By Ben Jackson, bjackson@ipa.org