The U.S. Consumer Financial Protection Bureau (CFPB) has ordered six technology platforms offering payment services to produce detailed information on their products, plans, and practices.  The so-called “market monitoring” orders, issued pursuant to Section 1022 of the Dodd-Frank Act, were sent to Amazon, Apple, Facebook, Google, PayPal, and Square.  According to a sample order provided by the CFPB, responses are due by December 15, 2021.  The CFPB also announced that it will be studying the payment system practices of large Chinese firms, including Alipay and WeChat Pay. 

According to a CFPB release, the orders will compel information on:

  • Data Harvesting and Monetization. Payment companies may be actively sharing payment data across product lines and with third parties.  In some cases, Big Tech companies may be using this data for behavioral targeting.  These practices may not align with consumers’ expectations.  The orders seek information on how companies collect and use data.
  • Access Restrictions and User Choice. When payment systems gain scale and network effects, merchants and other partners feel obligated to participate, and the risk increases that payment systems operators will limit consumer choice and stifle innovation by anti-competitively excluding certain businesses.  The orders seek to understand any such restrictive access policies and how they affect the choices available to families and businesses.
  • Other Consumer Protections. Consumers expect certain assurances when dealing with companies that move their money.  They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law.  The orders seek to understand the robustness with which payment platforms prioritize consumer protection under laws such as the Electronic Fund Transfer Act and the Gramm-Leach-Bliley Act.

In specific, the orders require the submission of detailed information including:

  • Breakdown of consumer-to-consumer and/or consumer-to-business payments products or services, including information regarding their marketing and operations.
  • Description of various fees, discounts, promotions, and benefits
  • Identification of performance indicators that are or have been used to analyze product performance (e.g., consumer use/engagement, revenues). 
  • Copies of all decks, presentations, reports, memoranda, and similar documents that pertain to the development of each product. 
  • Detailed information on how a company monetizes product data. 
  • Identification of consumer attributes and surveillance-based advertising and targeted offers.
  • Description of how access is restricted and the management of third-parties in product delivery.
  • Description of how consumer consents are obtained, as well as copies of all relevant disclosures, terms of use, privacy policies, in-app screens, and similar documents that provide consumer users with information on how their data are being used and how long such data are retained. 

The orders may signify a muscular approach will be taken by the CFPB toward large nonbank providers of financial products and services.  CFPB Director Rohit Chopra, in a statement accompanying the announcement on the orders, stated that “[l]ittle is known publicly about how Big Tech companies will exploit their payments platforms.”  The orders are an attempt to better understand the payments system and “yield insights that may help the CFPB to implement other statutory responsibilities, including any potential rulemaking under Section 1033 of the [Dodd-Frank Act].”