Last month, Apple plunged into the complex world of payment processing with its Apple Pay service that allows its mobile devices to be used to make payments. A mere wave at the register with an iPhone is all it takes for electronic cash to move from the customer’s account to a retailer.

Apple is not alone in its foray into payment processing. Tech giants Google, Microsoft, and Facebook have already made inroads into the alternative payments space. And companies like PayPal, Softcard, Looped In, and several others have been working to make the wallet obsolete for years.

The Apple announcement, however, has renewed debate over how far a non-financial entity can move into the banking arena before regulators come knocking. The questions those regulators are grappling with, in particular the Consumer Financial Protection Bureau, is how to accomplish oversight without stifling innovation.

“There are various types of mobile payments that have to be considered, including mobile banking, mobile payment processing, and mobile storage,” says Gerald Sachs, a member of the law firm Paul Hastings’ global banking and payments systems practices and former senior counsel for policy and strategy at the CFPB’s Office of Enforcement. “All three have different regulations that have to be considered.”

Apple’s business model is to partner with credit card providers that pay a per-transaction fee back to the company. Banks will also continue to assess a fee on merchants on each transaction. To head off cyber-security fears stoked by hacker infiltrations at Target and Home Depot, Apple will use fingerprint technology to verify transactions.

Waiting and Watching

How have regulators reacted to Apple’s plans? For now, they are sitting back and watching. Apple has not registered with the Treasury Department’s Financial Crimes Enforcement Network as a money-service business, nor has it been asked to do so. That registration brings with it the need for an anti-money laundering compliance program, know-your-customer responsibilities, and filing Suspicious Activity Reports. Facebook and Google, by contrast, registered as MSBs with FinCEN when they launched payment platforms that allow users to store and move cash and equivalents.

Apple Pay’s approach may escape regulatory scrutiny for the time being by making the case that its service is no different than having a telecom company in the middle of a customer giving a merchant their credit card number by phone. But as similar services become more common, it is unlikely that regulators will remain in the background for long. “You absolutely will see regulatory oversight of these new technologies,” Sachs says.

Sachs expects that the CFPB is best suited to step in as these disruptive technologies gain wider acceptance. The Federal Trade Commission, he explains, is active on matters involving mobile payments, but has limited jurisdiction when it comes to mobile banking. The CFPB, however, has broad jurisdiction when it comes to payment processing and oversees both big banks (with $10 billion or more in assets) and non-banks offering consumer financial products and services.

“There are various types of mobile payments that have to be considered, including mobile banking, mobile payment processing, and mobile storage. All three have different regulations that have to be considered.”
Gerald Sachs, Member, Paul Hastings

There are “very clear instances” where the CFPB’s jurisdiction would cover payment processing and mobile payments, Sachs says. Among them are engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds. The question regulators will need to evaluate is whether a service is holding funds on behalf of a customer or is merely acting as a middleman for processing payments.

The CFPB can also get involved when a company offers products or services that include processing or storing financial or banking data for any payment instrument. Payment systems tied to online banking systems or a mobile telecommunications network may draw its attention, Sachs says. “I would be surprised if the CFPB didn’t take note of mobile payments,” he adds. “These technologies interact directly with consumers. Considering the CFPB’s mission of consumer protection, I would think they would have to look at some of these technologies.”

One of the reasons financial regulators have taken a wait-and-see approach is that the digital wallet transaction volume has been relatively small. That could change with Apple Pay.  “The number of merchants, issuers, and consumers Apple will bring to the table through Apple Pay means that the new iPhone 6 has the potential to further accelerate the move toward mobile payments,” Trevor Salter, an associate with the law firm Ballard Spahr and an author of its CFPB Monitor blog says. “This, in turn, could cause the CFPB and other regulators to move beyond requests for information (RFIs) and whitepapers in their efforts to ensure that consumers using mobile financial services are adequately protected.”

Apple may ultimately qualify as a “service provider” for purposes of the Consumer Financial Protection Act, which means it would be subject to CFPB examination and the Unfair, Deceptive, or Abusive Acts or Practices provisions of the Dodd-Frank Act, Adam Levitin, a law professor at Georgetown University suggests. The CFPB, he says, has authority over “covered persons” and “service providers” that offer a financial product or service.  Apple doesn’t fit within the definition of “covered person” because it is not offering a “financial product or service.” It could still be viewed as a “service provider,” however, a definition that “explicitly includes anyone who ‘participates in designing, operating, or maintaining the consumer financial product or service.’"

The CFPB is already turning its attention to these new technologies. On the day Apple Pay was announced, Sept. 10, the Bureau coincidentally closed off the comment period for a Request for Information on mobile financial services. Although that comment process could be a prelude to greater oversight and examinations, CFPB Director Richard Cordray has, thus far, chosen to emphasize potential benefits new technology may bring to the nation’s under-banked.

Regulating Non-Bank Banking

A few days later, however, the Bureau also finalized a rule that allows it to supervise non-bank international money transfer providers for the first time. Although the rule applies to traditional remittance transfers, it could affect mobile cross-border mobile payments. The Bureau estimates that non-bank providers transfer approximately $50 billion annually through about 150 million individual international money transfers. Under the final rule, CFPB examiners will be able to examine larger non-bank international money transfer providers for compliance with remittances rules that require adequate disclosures on exchange rates and fees and the ability to cancel transactions within 30 minutes.


The following is from the Consumer Financial Protection Bureau’s Request for Information, a potential prelude to its oversight of mobile banking and other emerging banking, and bank-like, services.
A major development in the consumer financial services market over the past few years has been the increasing use and proliferation of mobile technology to access financial services and manage personal finances. For example, last year 74,000 new customers a day began using mobile banking services. Using a mobile device to access accounts and pay bills can reduce cost and increase convenience for consumers. By enabling consumers to track spending and manage personal finances on their devices through mobile applications or text messages, mobile technology can help consumers achieve their financial goals. For the economically vulnerable, mobile can enhance access to safer, more affordable products and services in ways that can improve their economic lives.
Given the increasing use of mobile financial services and its potential benefits, the Bureau seeks information on how mobile financial services can be used to empower and address the financial needs of consumers in affordable and safe ways. Specifically, we are seeking information on:
1. The general use of these mobile financial services and the opportunities this technology presents for addressing the needs of consumers, with a focus on economically vulnerable populations, including enhancing access to convenient financial services, facilitating effective account management by consumers, and building financial capability by creating increased ease in money management by use of personal financial management mobile tools;
2. Barriers to low-income, underserved or economically vulnerable consumers accessing and using mobile technology for financial services; and
3. Potential consumer protection issues associated with the use of such mobile technology for financial services by economically vulnerable consumers.
Source: CFPB.

The CFPB may be further prompted to review new payment technologies in response to criticisms voiced in a recent report from the Government Accountability Office. It urged the Bureau to take a more active role in considering standards and regulations for exchanges of the virtual currency Bitcoin, yet another controversial payment method.

“When you look at many of the speeches Cordray has given, he discusses ‘leveling the playing field,’ so I think it is likely that the CFPB is going to have to look at both banks and non-banks in the payments space,” Sachs says. “In contrast to the FTC, which only has jurisdiction over non-bank entities, the CFPB has jurisdiction over the largest banks in the country as well as tens of thousands of non-bank entities.”

Any company entering the mobile payments space will have to consider not only the CFPB and the Federal Trade Commission, but also how prudential regulators might react, Sachs says. State attorneys general may also impose additional privacy regulations or bring cases in court through the Consumer Financial Protection Act. “The mobile payments space will have to consider various regulatory rubrics and different areas of regulation, whether it is the ability for a consumer to reverse a transaction, data security mechanisms that are up to the state of the industry or better, and how they are protecting  consumer personally identifiable information.”

“In the past, a lot of innovative companies thought first about innovation and then about regulation secondarily,” Sachs adds. “The CFPB’s forward-looking views on the marketplace really should suggest to companies that they should be thinking about innovation, but at the same time considering how those innovations apply to regulation.”

The good news: It doesn’t appear that the CFPB “wants to stop innovation at the cost of strict regulation,” Sachs says. Earlier this month, the Bureau published a proposed policy on issuing no-action letters for “innovative financial products or services.”  Similar to no-action letters issued by the Securities and Exchange Commission and Commodities Futures Trading Commission, these would signal that the Bureau has decided to forgo enforcement or supervisory action on a specified matter. The CFPB also announced Project Catalyst, a “trial disclosure program” intended to foster a working relationship between it and providers of new financial technologies.

“Those programs will not negate liability for regulatory violations, but if you are working with the regulators you might be able to understand the law better,” Sachs says.