August 08, 2022

CFPB Issues Report on Emerging Risks in BNPL, Super App, and Embedded Commerce Payments

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

Key Takeaways

  • According to the CFPB, the emerging risk in payments is “the potential that consumer financial data and behavioral data are used together in increasingly novel ways.”

In Director Chopra's recent interviews with several news reporting organizations, a persistent theme was the CFPB's concerns about the entry of big tech companies into financial services, particularly in connection with payments and the companies' ability to collect and monetize data about consumers.  Those concerns are the focus of a new CFPB report issued last week titled "The Convergence of Payments and Commerce: Implications for Consumers."

The report explores the implications of recent innovations in the payments space that "may blur the traditional lines of banking and commerce" and focuses on "how large technology platforms and other emerging business models that operate outside of the traditional banking system use peoples' sensitive spending and transaction data."  The CFPB observes that many firms operating in the market for retail financial services are moving from seeing their customers' value as generating revenue from using the firm's financial products (i.e. interest and fee income) "to the customer as a source of behavioral and financial data to be leveraged and potentially sold to create an additional revenue stream."  According to the CFPB, this means "in essence [that] the customer's information could become a revenue source, a ‘lead generator' for the financial institution, and if that organization so chooses, for other companies that can use the data for their own revenue generation activities."

The report looks closely at three new product categories or "new use cases"  ("super apps," buy-now-pay later (BNPL), and "embedded commerce") and makes the following observations:

  • Super apps. These apps originated in China with WeChat and Alibaba and provide "a comprehensive ecosystem where users can find almost anything they need so users can stay engaged within a single app."  The financial services offered by these apps include bill payment, person-to-person payments, insurance, and investments.   These apps "are essentially the ‘internet in an app.'"  In the U.S., instead of the "internet in an app" approach, the more targeted "bank in an app" approach is gaining traction.  Beyond mobile banking apps, this approach combines additional services related to financial services and payments to add value and retain users.  (The PayPal wallet is cited as an example of the U.S. super app.)  While super apps can be a valuable tool for consumers, "they can potentially be exploited to take advantage of consumers who aren't fully aware of what it is that they have, and what it is that they have agreed to."
  • BNPL.  This product was initially offered by BNPL providers partnering with individual merchants.  Consumers interacted with BNPL on the merchant partners' website checkout pages and providers earned revenues from merchant discount fees.  Recently, BNPL providers have moved to a "lead generation" model by selling advertising space on their own apps to merchants who pay referral or affiliate fees to acquire customers, with the referral fees potentially exceeding ten percent of the transaction amount (which is several times higher than the average merchant discount fees charged in the initial BNPL model).  The newer model allows BNPL providers to use virtual debit and credit cards to make any merchant a BNPL merchant because consumers can use one-time virtual cards issued within a BNPL app at almost any merchant that accepts standard card payment methods.  The app allows a BNPL provider to track a consumer's digital footprint and use a consumer's purchase history to craft a personal browsing experience.
  • Embedded commerce.  This concept allows shopping to occur directly on the website or app of a social media feed rather than through traditional ad-based links to a merchant's website.  It creates an opportunity for a social media provider to capture and sell transaction data without consumers' awareness that their data is being monetized and increases the risk of an unwanted purchase by enabling a transaction to occur with very little activity from the consumer.  

According to the CFPB, the emerging risk in payments is "the potential that consumer financial data and behavioral data are used together in increasingly novel ways."  The CFPB sees the closer integration of financial services providers and non-financial companies such as social media and e-commerce that is being driven by technology as creating more opportunities for companies to aggregate and monetize consumer financial data.  In the CFPB's view, more data creates more opportunities for such data to be misused, and with "the prevalence of machine learning and algorithmic optimization in modern business," companies have more capability "to leverage consumer financial data to achieve outcomes that may take significant financial advantage of consumers that may result from automated decision-making with limited transparency."  The CFPB states that it "intends to carefully monitor and scrutinize these practices for potential fair lending risks, as well as the risks of unfair, deceptive, or abusive practices."

The other emerging risks in payments highlighted by the CFPB is the potential impacts of "scale and market power."  The CFPB is concerned that the "new use cases" will create "a new generation of dominant incumbents," similar to how the Chinese market has evolved.  As an example, it suggests that big tech companies "may leverage massive installed consumer bases to quickly gain scale in new payment businesses" and thus "concerns about the market powers of these companies would then be extended into the payments space."  Another CFPB example is that "a concentrated BNPL or embedded payments in a social medial market may be able to extract excess fees from merchants due to unique structural advantage arising from data and scale."  In our view, whatever the merits of these concerns about potential anti-competitive effects, they would seem to be more appropriately addressed by the FTC rather than the CFPB.  (Director Chopra has previously raised concerns about competition that seem more properly in the FTC's purview than that of the CFPB.)

The CFPB concludes the report by noting that it expects to issue a report on its findings from its BNPL monitoring orders and "will determine whether regulatory interventions are appropriate."  It also notes that it seeks to mitigate the potential consequences of big tech firms moving into the real-time payments space.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Ballard Spahr

New York Restricts Automated Decision Making in Employment

By Timothy Dickens Ballard Spahr August 29 , 2022

Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023.

Status Update: Federal Contractor Vaccine Mandate Injunction Narrowed

By Lila A. Sevener Ballard Spahr August 29 , 2022

On August 26, 2022, the United States Court of Appeals for the Eleventh Circuit narrowed the nationwide injunction of Executive Order 14042, which requires federal contractors and employees who work on or in connection with a covered federal contract, or share a workplace with another employee who works on or in connection with such contracts, to be fully vaccinated against COVID-19.

Unions Cannot Force OSHA to Issue Permanent COVID Standard

By Shannon D. Farmer Ballard Spahr August 26 , 2022

On August 26, 2022, the U.S. Court of Appeals for the District of Columbia Circuit turned back efforts by a group of unions seeking to force the Occupational Safety and Health Administration (OSHA) to quickly issue a permanent rule establishing protections for healthcare workers from COVID-19.

More From Financial Services and Banking

Deadline: 'Old' Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022

By Dr. Viola Bensinger Greenberg Traurig December 02 , 2022

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA).

OFSI's Annual Review Highlights Effect of Sanctions on Russia

By Annabel Thomas Greenberg Traurig November 21 , 2022

On 10 November, the UK’s Office of Financial Sanctions Implementation (OFSI) published its annual review for the period April 2021 to August 2022, with a focus on the effect of sanctions on Russia following the invasion of Ukraine in February.

A Sigh of Relief for NPE Investors: Italian Supreme Court Passes Ruling on Land Loan Agreements (Mutui Fondiari)

By Corrado Angelelli Greenberg Traurig November 18 , 2022

On 16 November 2022, in Decision No. 33719, the Italian Supreme Court appear to have ended the nearly decade-long case law dispute on the consequences of a breach of the 80% financeability threshold of land loan agreements entered pursuant to Article 38 of Italian Consolidated Banking Law (TUB)[1].

Featured Stories