Regulatory compliance: The new frontier for nonbanks has been saved
Perspectives
Regulatory compliance: The new frontier for nonbanks
Is the broadening scope of regulations the springboard for innovation?
Nonbanks—including fintechs, payment companies, and big tech firms that are increasingly offering financial products and services—should prepare for an expanded regulatory perimeter. We have housed the latest updates on regulations, insights, and risk considerations for nonbanks to leverage and understand regulatory expectations while continuing to innovate through the adoption of emerging technologies like artificial intelligence (AI).
The buy now, pay later (BNPL) balancing act
Learn more
US Supreme Court affirms CFPB funding
Learn more
CFPB seeks to expand oversight for digital wallets and payment providers
Learn more
Dark patterns: Considerations for UDAAP programs
Learn more
The buy now, pay later (BNPL) balancing act: Weighing risks against rewards
While BNPL options increase access to credit and boost consumer spending, they can also present risks and challenges for consumers, banks, and nonbank lenders. BNPL and mitigation of potential consumer protection risk is a top priority for regulatory agencies.¹ Providers of BNPL will be subjected to federal and state regulatory scrutiny.
${header-title}
${column1-large-text}
Things nonbanks should know
Consumer risk and regulatory scrutiny
BNPL services have expanded lending beyond traditional banks, and these services, while convenient, can increase the risk of consumer financial harm due to easy access, uninformed consumers, and lax credit checks. The Consumer Financial Protection Bureau (CFPB) will continue to scrutinize BNPL offerings across all participants.²
Importance of responsible lending
Organizations offering BNPL services need to maintain a rightsized compliance management system (CMS) and demonstrate responsible lending practices to mitigate product-specific risks.
${column2-large-text}
Things nonbanks should consider incorporating
Shaping a regulatory strategy
Determine what laws/regulations are in scope, based on your products and services. Develop and formalize a regulatory strategy that grows in tandem with your BNPL portfolio. To confirm that consumers are provided with clear, concise, and understandable terms and conditions before extending service, consumer disclosures should undergo internal review cycles (e.g., legal, compliance, marketing).
Enhanced CMS
Ensure your CMS program considers both federal and state requirements and clearly maps roles and responsibilities across the company. A robust CMS should also include a compliance testing program (augmenting second-line testing and assurance through internal audits or independent reviews).
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
US Supreme Court affirms CFPB funding
Funding for the CFPB recently came under review, and the Supreme Court ruled that funding mechanisms for the Bureau are constitutional.³ This ruling will provide additional clarity and help institutions prepare for CFPB oversight.
${header-title}
${column1-large-text}
Things nonbanks should know
Enforcement action expectations
Many of the CFPB’s enforcement actions were put on pause while waiting for the Supreme Court decision. With this recent ruling, institutions should expect movement on pending cases and a renewed focus on repeat offenders.
Expanded supervision anticipated
The current proposal will enhance the uniformity of federal oversight for banks and nonbanks. Nonbanks may expect to be included in the CFPB’s annual examination cycle.
${column2-large-text}
Things nonbanks should consider incorporating
Monitor CFPB activity
Nonbanks should keep a pulse on CFPB findings and ensure that internal programs mitigate in-scope risk appropriately. CFPB-identified deficiencies may highlight potential “hot topics” across the industry.
Digital wallet and payment provider oversight
Nonbanks should take a proactive approach and determine if current activities would be considered in scope for the CFPB. Gaining an understanding of the examination process as well as day-to-day expectations can help nonbanks to focus resources accordingly.
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
CFPB seeks to expand oversight for digital wallets and payment providers
The CFPB proposed expanding federal oversight of big tech companies offering consumer payments. Nonbanks should take a proactive approach and understand what regulatory requirements apply to their product portfolio and how best to mitigate related consumer risk.
${header-title}
${column1-large-text}
Things nonbanks should know
Things nonbanks should know
The proposed rule establishes criteria to determine which institutions will fall under CFPB supervision. In-scope institutions will include providers of funds transfers and wallet functionalities through consumer digital applications (e.g., digital wallets, payment apps, and peer-to-peer payments).
CFPB supervision of nonbanks
Nonbanks should not expect a visit from the CFPB immediately. The timing and frequency of examinations will likely depend on several factors, including the organization’s size, product portfolio, and risks to consumers, among others. However, the anticipation of a CFPB examination has now become a “when” versus an “if.”
${column2-large-text}
Things nonbanks should consider incorporating
Need for self-assessment
Nonbanks should conduct an internal analysis to determine if their current and/or future activities would trigger CFPB supervision. Nonbanks should also familiarize themselves with consumer laws and ensure rightsized programs are in place—for example, Gramm-Leach-Bliley Act (GLBA); the Electronic Fund Transfer Act (EFTA); and unfair, deceptive, and abusive acts and practices (UDAAP).
Prepare for a CFPB visit
The CFPB visit will likely be risk-based, depending on its examination schedule. CFPB will consider a company’s risk profile, past noncompliance, and consumer complaint history.⁴ Proactively enhancing a company’s CMS and ensuring the right resources are tagged to ongoing efforts can help nonbanks prepare for a CFPB visit.
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
Dark patterns: Considerations for UDAAP programs
As digital commerce continues to evolve, the intersection of innovation and consumer protection becomes increasingly complex. Subscription products can help improve customer loyalty, better predict monthly revenue, and reduce the spend on consumer acquisition. However, they also subject the provider to a higher consumer compliance risk profile. Regulatory bodies are intensifying their scrutiny and acting against deceptive design strategies used to manipulate consumer choices.
${header-title}
${column1-large-text}
Things nonbanks should know
Subscription product risk
Both the CFPB and the Federal Trade Commission (FTC) have indicated that they plan to double down on subscription plan risk (“dark patterns”). The regulators are focusing on businesses using UDAAP to obtain additional revenue from unknowing or unwilling consumers.
New products/services
Subscription products may be structured and delivered in many different forms. Regulators will focus on end-to-end or “product life cycle” reviews (e.g., marketing, onboarding, servicing, termination) to determine if consumer risk is properly mitigated.
${column2-large-text}
Things nonbanks should consider incorporating
Understand and manage subscription risk
Nonbanks should establish robust risk and controls relating to their subscription products, including pre-launch reviews and ongoing monitoring and testing. UDAAP compliance programs should consider dark patterns as an emerging risk factor.
Enhanced controls
Controls:
Nonbanks may benefit from revisiting their new product review process to ensure that all consumer compliance risks are considered. Review cycles should include key stakeholders from business, legal, and compliance functions.
Training:
Annual training should cover UDAAP risks across the subscription offering product life cycle. Awareness across the company is key for compliance. By prioritizing ethical practices and regulatory adherence, companies not only safeguard themselves against potential legal repercussions but also build trust and integrity in their client relationships.
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
Contact us
Get in touch
¹ Consumer Financial Protection Bureau (CFPB), “CFPB takes action to ensure consumers can dispute charges and obtain refunds on buy now, pay later loans,” press release, May 22, 2024.
² CFPB, “CFPB study details the rapid growth of ‘buy now, pay later’ lending,” press release, September 15, 2022.
³ Consumer Financial Protection Bureau v. Community Financial Services Association of America, Ltd., 601 US 416 (2024).
⁴ CFPB, “CFPB proposes new federal oversight of big tech companies and other providers of digital wallets and payment apps,” press release, November 7, 2023.
Recommendations
Regulatory, Risk, and Compliance Operations Services
Digitally transforming your business operations
