Weekly Fintech Focus

  • The Consumer Financial Protection Bureau (CFPB) issued a circular and compliance bulletin providing guidance on two junk fee practices—surprise overdraft fees and surprise depositor fees—that it concluded are likely unfair, and therefore unlawful, under the Consumer Financial Protection Act (CFPA).
  • The director of the CFPB announced that the agency plans to launch a rule-making process that will provide for personal financial data rights, seeking to move toward a more decentralized and neutral consumer financial market structure.
  • According to news reports, the Federal Trade Commission (FTC) is investigating whether Visa and Mastercard are restricting debit-card routing competition, particularly through the way in which they use security tokens for online payments.

CFPB Issues Guidance To Help Banks Avoid Charging Illegal Junk Fees on Deposit Accounts

On October 26, 2022, the Consumer Financial Protection Bureau (CFPB) issued guidance on two junk fee practices­—surprise overdraft fees and surprise depositor fees—that it concluded are likely unfair, and therefore unlawful, under the Consumer Financial Protection Act (CFPA).

Surprise overdraft fees. The first practice involves overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate. While the CFPB notes that unanticipated overdraft fees may arise in a variety of circumstances, the agency focuses on one example in particular: overdraft fees assessed when consumers have enough money in their account to cover a debit charge at the time a bank authorizes it, but due to intervening settlements or other complex processes, the consumes balance is insufficient at the time of settlement (sometimes referred to as “authorize positive, settle negative” or “APSN” transactions).

  • According to the CFPB’s circular, unanticipated overdraft fees inflict a substantial injury on consumers, considering that these fees may total up to $36 and be assessed more than once.
  • In addition, the CFPB’s circular finds that consumers cannot reasonably avoid these unanticipated overdraft fees for a variety of reasons. For instance, financial institutions use complex policies to assess these fees that are often not clear to consumers (e.g., timing gaps between authorization and settlement, using one kind of balance over another when calculating fees, and ordering transactions in certain ways prior to processing). Furthermore, the circular notes that consumers increasingly make use of mobile banking tools, which could lead them to think the balance shown accurately reflects the balance available to conduct transactions. Under these circumstances, the CFPB’s circular concludes that it is difficult for consumers to reasonably anticipate when a transaction may give rise to an overdraft fee (and thereby avoid said fee).
  • Finally, the CFPB’s circular finds that the injury from these unanticipated overdraft fees is likely not outweighed by countervailing benefits to consumers or competition. In particular, the CFPB does not find it plausible that the ability to generate revenue through such fees allows for lower account or maintenance fees that would outweigh the substantial injury, and the agency notes that economic research suggests shifting costs from front-end prices to back-end fees risks harming competition.

Surprise depositor fees. The second practice involves indiscriminately charging depositor fees to every person who deposits a check that bounces, which the CFPB similarly concludes is likely unfair. As a matter of prosecutorial discretion, the CFPB does not intend to seek monetary relief for potential unfair practices regarding surprise depositor fees assessed prior to November 1, 2023.

  • According to the CFPB’s bulletin, these fees also inflict a substantial injury on consumers, and in many instances, consumers likely would not be able to reasonably avoid them (considering that consumers depositing checks would normally be unaware of and have little control over whether check originators have funds in their account). The CFPB notes, however, that it is unlikely an institution will violate the prohibition on unfair acts or practices if the method by which fees are imposed is tailored to only charge consumers who could reasonably avoid injury—for example, by only charging consumers a fee if they repeatedly deposit bad checks from the same originator, or when checks are unsigned.
  • The CFPB bulletin also advises institutions that it may be difficult to show that the injury from blanket policies of charging surprise depositor fees is outweighed by countervailing benefits to consumers or competition. Benefits to depository institutions are not necessarily benefits to consumers; and the fees are not well-tailored to recoup costs from consumers who are responsible for the costs imposed on depository institutions for expected losses. The CFPB bulletin acknowledges that deterring consumers from depositing checks that will be returned may benefit them and the public interest but underscores that this can only be accomplished through the collection of targeted (rather than indiscriminate) fees. As to benefits to competition, the CFPB bulletin highlights arguments similar to those raised with respect to unanticipated overdraft fees, i.e., that these add-on fees may have a distortionary market effect that makes it more difficult to compete on transparent prices.

The CFPB’s circular and bulletin are the most recent announcements regarding the agency’s junk fee initiative, which is one of many efforts across the federal government focused on this issue. More broadly, the Biden-Harris administration seeks to reduce or eliminate junk fees across a range of industries, such as banking services, cable and internet bills, and airlines and concert tickets.

CFPB Director Says Draft Financial Data Rights Rule Coming

On October 25, the director of the Consumer Financial Protection Bureau (CFPB) said that the agency plans to launch a rulemaking process that will provide for personal financial data rights by activating an authority under Section 1033 of the Consumer Financial Protection Act (CFPA).

While not explicitly embracing an open banking or open finance rule, the CFPB director stated that the proposed rule will seek to obligate financial institutions to share consumer data upon consumer request, empower people to break up with banks that provide bad service, and unleash more market competition.

The CFPB director highlighted three areas in which the agency expects to focus its upcoming rulemaking:

  1. Data sharing. The CFPB expects to propose requirements that financial institutions offering deposit accounts, credit cards, digital wallets, prepaid cards, and other transactions accounts set up secure methods for data sharing (such as application programming interfaces (API)). Through data sharing, the CFPB seeks to facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping. While the agency is starting with these particular transaction accounts, it expects to cover more products in the future.
  2. Data use limitations. In addition, the CFPB expects to look at ways to stop incumbent institutions from improperly restricting access when consumers seek to control and share their data. In particular, the CFPB plans to develop requirements to limit misuse and abuse of financial data (including frauds and scams), as well as to ensure that when consumers share their data for a specific use, that use is the only one for which the data will be used. Contending that “Gramm-Leach-Bliley Act privacy rules don’t give consumers meaningful control over how their data is being used,” the CFPB director stated that the agency expects to look at alternatives to the notice-and-opt-out regime.
  3. Safeguards against monopolization. Finally, the CFPB expects to explore safeguards to prevent excessive control or monopolization by one or a handful of firms. Emphasizing that it is “critical that no one owns critical infrastructure,” the CFPB director stated that a “decentralized, open ecosystem will yield the most benefits for creators and consumers alike.”

Moving forward, the CFPB will publicly release a discussion guide on which small firms can weigh in as part of the agency’s obligation to convene a panel of small businesses before issuing a proposed rule. Through this process, the CFPB anticipates hearing from small banks and financial companies that provide and ingest data, as well as from intermediary data brokers who facilitate data transfers. In the first quarter of 2023, the CFPB will publish a report on the input it receives, which will inform the proposed rule it plans to issue later in 2023. The agency hopes to finalize the rule in 2024.

FTC Examining Whether Payment Networks’ Security Tokens Prevent Online Debit Card Payments From Being Processed to Other Networks

On October 17, 2022, the Wall Street Journal (WSJ) reported that the Federal Trade Commission (FTC) is investigating whether Visa and Mastercard are restricting debit card routing competition, particularly through the way in which they use security tokens for online payments.

Generally, when an individual stores a card in a digital wallet, the card number is replaced with a security token, usually provided by the card’s network (e.g., Visa or Mastercard). When a purchase is made, the security token, rather than the card’s actual number, is sent to a payment network. Visa and Mastercard have pushed to increase tokenization, noting that tokens help protect cards from fraud.

When a card number is tokenized, however, only the payment network that tokenized the card can understand the token and reassociate it with an actual card. This makes it easy for security tokens to process those payment networks that provided the security token in the first place. Alternatively, a payment network could unscramble its token so that a transaction can be handled by another network.

According to the WSJ, the FTC is looking into whether Visa and Mastercard have been limiting the information they send when enabling online payments to go over different networks. This alleged practice may increase the chance that the card’s issuing bank will reject the transaction when it is handled by the different network. The FTC is also looking into whether Visa and Mastercard are restricting competition when consumers store their debit card information on a merchant’s website or app, as tokens are often used in these circumstances as well.

For the last few years, the FTC has been probing whether Visa and Mastercard block merchants from routing payments over other debit card networks. The WSJ reported, however, that the FTC’s current probe into the payment networks’ security tokens may be linked to recent action from the Federal Reserve, which clarified that banks must enable at least two networks on all debit card transactions, including online payments.