Google case just the beginning of CFPB fintech power grab

There has been a bullseye on the Consumer Financial Protection Bureau (CFPB) ever since tech entrepreneur and venture capitalist Marc Andreessen called the agency out during his interview with top podcaster Joe Rogan. Its new attempt to put tech and fintech firms under its supervisory control shows why this alarm about the CFPB is warranted.

The CFPB last month finalized a rule giving itself supervisory regulatory authority over firms operating banking and payment apps. This authority allows the CFPB to regularly inspect voluminous internal documents and data of all operations of these firms, even if not related to a suspected violation of consumer finance laws. Soon after that, the CFPB issued an order putting Google Payment Corp, a division of Google and its parent company Alphabet, under its supervisory control. As its justification for this action, the CFPB cited complaints from the notoriously unreliable CFPB complaints database about a Google peer-to-peer payment service that is no longer offered in the US.

Google has filed suit to stop this from happening. Yet the CFPB’s rule threatens not just Google, but every fintech firm and technology firm that ventures into finance, stifling innovation that these firms may provide to consumers.

As I explained when the CFPB proposed this rule, giving the CFPB a supervisory role over firms operating banking and payment apps is “a solution in search of a problem that will lead to many other problems.” As I added, the proposal would add new red tape rather than fixing an imagined “regulatory gap.”

Despite complaints about the lack of a level playing field by the CFPB and some rent-seeking traditional finance firms, these apps and platforms do play by the same rules as legacy financial institutions. Apps such as Chime and Dave that enable checking and deposit accounts for consumers provide these services through affiliated banks, which are subject to the same regulations and regulators as other banks. Apps such as Google Pay, Apple Pay, and Venmo that primarily involve sending and receiving money are subject to state money transmitter laws as well as the federal statutes and regulations that have applied to money transfer services such as Western Union since before the Internet was even invented.

Furthermore, the CFPB already had authority to penalize firms for specific violations of consumer protection statutes, such as providing a financial product or service found to be fraudulent, deceptive, or “abusive.” Yet the CFPB – without giving much in the way of specific justifications for this power grab – claims it also needs “supervisory” authority to regularly inspect fintech firms sensitive operational and customer data, even from divisions of the firm that have nothing to do with the payment or banking service.

Not only is such power unneeded to protect consumers, it would also be genuinely dangerous for the CFPB to possess. The CFPB, which hasn’t yet resolved its own massive data breach in which a CFPB employee forwarded confidential information of 256,000 consumers to his or her personal email account, would have access under this rule to even more consumer data. As I asked in my previous post, “What are the restrictions on the CFPB if it can view everything – including customer transactions?”

While the existence or extent of CFPB involvement in the Operation Choke Point 2.0 government-backed debanking of cryptocurrency firms and investors is unclear, given its role in the original Operation Choke Point in the Obama administration, CFPB could use such new power for “possible jawboning of an industry with a political agenda.” As in Choke Point, the CFPB could muscle fintech apps and platforms into cutting off financial services to individuals and industries the government deems a “reputational risk.” The revelations earlier this year of bank regulators asking banks to hand over broad swaths of data on consumers who made references to “Trump” and “MAGA” or even made purchases at outdoor stores such as Cabella’s should heighten these concerns about misuse of data by CFPB and other financial regulators.

In comments on the CFPB rule, the internet trade association NetChoice makes a good case that the CFPB is exceeding its authority from Congress in the power grab it is proposing. “Simply put, the CFPB’s proposed rule to regulate non-bank digital wallet and payment app providers is a substantial expansion of its regulatory authority that raises new and novel concerns,” NetChoice states.

Also expressing concerns about the proposed rule is the Blockchain Association, a leading trade group for firms involved in cryptocurrency. The group points out in its comments to the CFPB that the rule asserts authority of some “digital assets” and could extend to crypto trading platforms. The comments state that “as a threshold matter, the CFPB has not established jurisdiction over digital assets by way of an independent rulemaking process, which it must do if it
seeks to supervise the sector.”

Such attempted power grabs by the CFPB show why President-Elect Trump needs to exercise his power to remove Biden-appointed Director Rohit Chopra on Day 1 of his new administration – just as President Biden did in asking Trump-appointed Director Kathy Kraninger to resign on Biden’s first day.

The CFPB also needs to be subject to the Congressional appropriations process, instead of getting its funds from the Federal Reserve. As I have stated previously, “CFPB’s bypassing of the congressional appropriations process — enabled by Dodd-Frank — has allowed it to escape accountability for regulation that imposes crushing costs to community banks, credit unions, and the very consumers it claims to protect.”