Financial Law

Payment Pending: CFPB Proposes to Regulate Digital Wallets

Kevin Malecha, MJLST Staffer

Federal regulators are increasingly concerned about digital wallets and person-to-person payment (P2P) apps like Apply Pay, Google Pay, Cash App, and Venmo, and how such services might impact the rights of financial consumers. As many as three-quarters of American adults use digital wallets or payment apps and, in 2022, the total value of transactions was estimated at $893 billion, expected to increase to $1.6 trillion by 2027.[1] In November of 2023, the Consumer Financial Protection Bureau proposed a rule that would expand its supervisory powers to cover certain nonbank providers of these services. The CFPB, an independent federal agency within the broader Federal Reserve System, was created by the Dodd-Frank Act in response to the 2007-2008 financial crisis and subsequent recession. The Bureau is tasked with protecting consumers in the financial space by promulgating and enforcing rules governing a wide variety of financial activities like mortgage lending, debt collection, and electronic payments.[2]

The CFPB has identified digital wallets and payment apps as products that threaten consumer financial rights and well-being.[3] First, because these services collect mass amounts of transaction and financial data, they pose a substantial risk to consumer data privacy.[4] Second, if the provider ceases operations or faces a “bank” run, any funds held in digital accounts may be lost because Federal Deposit Insurance Corporation (FDIC) protection, which insures deposits up to $250,000 in traditional banking institutions, is often unavailable for digital wallets.[5]

Enforcement and Supervision

The CFPB holds dual enforcement and supervisory roles. As one of the federal agencies charged with “implementing the Federal consumer financial laws,”[6] the enforcement powers of the CFPB are broad, but enforcement actions are relatively uncommon. In 2022, the Bureau brought twenty enforcement actions.[7] By contrast, the Commodity Futures Trading Commission (CFTC), which is also tasked in part with protecting financial consumers, brought eighty-two enforcement actions in the same period.[8] In contrast to the limited and reactionary nature of enforcement actions, the CFPB’s supervisory authority requires regulated entities to disclose certain documents and data, such as internal policies and audit reports, and allows CFPB examiners to proactively review their actions to ensure compliance.[9] The Bureau describes its supervisory process as a tool for identifying issues and addressing them before violations become systemic or cause significant harm to consumers.[10]

The CFPB already holds enforcement authority over all digital wallet and payment app services via its broad power to adjudicate violations of financial laws wherever they occur.[11] However, the Bureau has so far enjoyed only limited supervisory authority over the industry.[12] Currently, the CFPB only supervises digital wallets and payment apps when those services are provided by banks or when the provider falls under another CFPB supervision rule.[13] As tech companies like Apple and Google – which do not fall under other CFPB supervision rules – have increasingly entered the market, they have gone unsupervised.

Proposed Rule

Under the organic statute, CFPB’s existing supervisory authority covers nonbank persons that offer certain financial services including real estate and mortgage loans, private education loans, and payday loans.[14] In addition, the statute allows the Bureau to promulgate rules to cover other entities that are “larger participant[s] of a market for other consumer financial products or services.”[15] The proposed rule takes advantage of the power to define “larger participants” and expands the definition to include providers of “general-use digital consumer applications,” which the Bureau defines as funds transfer or wallet functionality through a digital application that the consumer uses to make payments for personal, household, or family purposes.[16] An entity is a “larger participant” if it (1) provides general-use digital consumer payment applications with an annual volume of at least five million transactions and (2) is not a small business as defined by the Small Business Administration.[17] The Bureau will make determinations on an individualized basis and may request documents and information from the entity to determine if it satisfies the requirements, which the entity can then dispute.

Implications for Digital Wallet and Payment App Providers

Major companies like Apple and Google can easily foresee that the CFPB intends to supervise them under the new rule. The Director of the CFPB recently compared the two American companies to Chinese tech companies Alibaba and WeChat that offer similar products and that, in the Director’s view, pose a similar risk to consumer data privacy and financial security.[18] For smaller firms, predicting the Bureau’s intentions is challenging, but existing regulations indicate that the Bureau will issue a written communication to initiate supervision.[19] The entity will then have forty-five days to dispute the finding that they meet the regulatory definition of a “larger participant.”[20] In their response, entities may include a statement of the reason for their objection and records, documents, or other information. Then the Assistant Director of the CFPB will review the response and make a determination. The regulation gives the Assistant Director the ability to request records and documents from the entity prior to the initial notification of intended supervision and throughout the determination process.[21] The Assistant Director also may extend the timeframe for determination beyond the forty-five-day window.[22]

If an entity becomes supervised, the Bureau will contact it for an initial conference.[23] The examiners will then determine the scope of future supervision, taking into consideration the responses at the conference, any records requested prior to or during the conference, and a review of the entity’s compliance management program.[24] The Bureau prioritizes its supervisory activities based on entity size, volume of transactions, size and risk of the relevant market, state oversight, and other market information to which the Bureau has access.[25] Ongoing supervision is likely to vary based on these factors, as well, but may include on-site or remote examination, review of documents and records, testing accounts and transactions for compliance with federal statutes and regulations, and continued review of the compliance management system.[26] The Bureau may then issue a confidential report or letter stating the examiner’s opinion that the entity has violated or is at risk of violating a statute or regulation.[27] While these findings are not final determinations, they do outline specific steps for the entity to regain or ensure compliance and should be taken seriously.[28] Supervisory reports or letters are distinct from enforcement actions and generally do not result in an enforcement action.[29] However, violations may be referred to the Bureau’s Office of Enforcement, which would then launch its own investigation.[30]

The likelihood of the proposed rule resulting in an enforcement action is, therefore, relatively low, but the exposure for regulated entities is difficult to measure because the penalties in enforcement actions vary widely. From October 2022 to October 2023, amounts paid by regulated entities ranged from $730,000 paid by a remittance provider that violated Electronic Funds Transfer rules,[31] to $3.7 billion in penalties and redress paid by Wells Fargo for headline-making violations of the Consumer Financial Protection Act.[32]

Notes

[1] Analysis of Deposit Insurance Coverage on Funds Stored Through Payment Apps, Consumer Fin. Prot. Bureau (Jun. 1, 2023), https://www.consumerfinance.gov/data-research/research-reports/issue-spotlight-analysis-of-deposit-insurance-coverage-on-funds-stored-through-payment-apps/full-report.

[2] Final Rules, Consumer Fin. Prot. Bureau, https://www.consumerfinance.gov/rules-policy/final-rules (last visited Nov. 16, 2023).

[3] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[4] Id.

[5] Id.

[6] 12 U.S.C. § 5492.

[7] Enforcement by the numbers, Consumer Fin. Prot. Bureau (Nov. 8, 2023), https://www.consumerfinance.gov/enforcement/enforcement-by-the-numbers.

[8] CFTC Releases Annual Enforcement Results, Commodity Futures Trading Comm’n (Oct. 20, 2022), https://www.cftc.gov/PressRoom/PressReleases/8613-22.

[9] CFPB Supervision and Examination Manual, Consumer Fin. Prot. Bureau at Overview 10 (Mar. 2017), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_2023-09.pdf.

[10] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 4 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[11] 12 U.S.C. §5563(a).

[12] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[13] Id.

[14] 12 U.S.C. § 5514.

[15] Id.

[16] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 3 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[17] Id. at 4.

[18] Rohit Chopra, Prepared Remarks of CFPB Director Rohit Chopra at the Brookings Institution Event on Payments in a Digital Century, Consumer Fin. Prot. Bureau (Oct. 6, 2023), https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-at-the-brookings-institution-event-on-payments-in-a-digital-century.

[19] 12 CFR § 1090.103(a).

[20] 12 CFR § 1090.103(b).

[21] 12 CFR § 1090.103(c).

[22] 12 CFR § 1090.103(d).

[23] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 6 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[24] Id.

[25] Id. at 5.

[26] Id. at 6.

[27] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 3 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[28] Id.

[29] Id.

[30] Id.

[31] CFPB Orders Servicio UniTeller to Refund Fees and Pay Penalty for Failing to Follow Remittance, Consumer Fin. Prot. Bureau (Dec. 22, 2022), https://www.consumerfinance.gov/enforcement/actions/servicio-uniteller-inc.

[32] CFPB Orders Wells Fargo to Pay $3.7 Billion for Widespread Mismanagement of Auto Loans, Mortgages, and Deposit Accounts, Consumer Fin. Prot. Bureau (Dec. 20, 2022), https://www.consumerfinance.gov/enforcement/actions/wells-fargo-bank-na-2022.


Data Privacy Regulations in 2023: Is the New Standard Burdensome?

Yolanda Li, MJLST Staffer

Beginning in 2023, businesses will see enhanced regulations on data privacy. There has been an increase in legal requirements for company-held data in protection of companies’ customers as a number of proposed data security laws and regulations came into effect in 2023. Specifically, the FTC Safeguards Rule and the NIS2 Directive.

The FTC Safeguards Rule

The FTC Safeguards Rule came into force in December 2022. The FTC requires non-banking financial institutions “to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.”[1] Non-banking financial institutions affected by this rule include mortgage brokers, motor vehicle dealers, and payday lenders. The Safeguards Rule is promulgated under the Gramm-Leach-Bliley Act of 1999, which requires financial institutions to “explain their information-sharing practices to their customers and to safeguard sensitive data.”[2] Financial institutions include companies that offer consumer financial products or services like loans, insurance, and financial or investment advice.[3] Specifically, the rule required that the covered financial institutions “designate a qualified individual to oversee their information security program, develop a written risk assessment, limit and monitor who can access sensitive customer information, encrypt all sensitive information, train security personnel, develop an incident response plan, periodically assess the security practices of service providers, and implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.”

One specific question that arises is whether the FTC Safeguards Rule will truly elevate data privacy standards. On its face the FTC Safeguards Rule does not run counter to the FTC’s mission of protecting consumers. However, the economic cost and effect behind the rule is debatable. One concern is that the rule may impose substantial costs, especially on small businesses, as the new burdens will render costs that may be unbearable for small businesses with less capital than large companies. According to Commissioner Christine S. Wilson, although financial institutions are already implementing many of the requirements under the rule, or have sophisticated programs that are easily adaptable to new obligations, there are still large burdens underestimated by the FTC Safeguards Rule.[4] Specifically, labor shortages have hampered efforts by financial institutions to implement information security systems. Supply chain issues caused delays in obtaining equipment for updating information systems. What is important to note is, according to Commissioner Wilson, most of these factors are outside the control of the financial institutions. Implementing a heightened standard would thus cause unfairness, especially to small financial institutions who have even more trouble obtaining the necessary equipment during times of supply chain and labor shortages.

Recognizing such difficulties, the FTC did offer a certain extent of leniency for implementation of the rule. Specifically, the FTC extended the deadline by six months, primarily due to supply chain issues that may result in delays and shortage of qualified personnel to implement information security programs. This extension is beneficial to the Rule because it offers the covered financial institutions time for adjustment and compliance.

Another concern that the FTC Safeguards Rule has raised is that the mandates will not result in a significant reduction in data security risks in protecting customers. The answer to this question is still uncertain as the FTC Safeguards Rule just came into effect, and the extension pushes out implementation even farther. One thing to note, however, is that during the rule-making process the FTC sought comments on the proposed Safeguards Rule and during that time extended the deadline for the public to submit comments to changes by 60 days in.[5] This fact may show that the FTC took careful consideration of how to most effectively reduce data security risks by giving the public ample time to weigh in.

NIS2 Directive

A corresponding law is the NIS2 Directive by the EU that came into force on January 16, 2023. This EU-wide legislation provides a variety of legal measures to boost cybersecurity. Specifically, it requires member states to be appropriately equipped with response and information systems, set up a Corporation Group to facilitate corporate exchange of information among member states, and ensure a culture of security that relies heavily on infrastructures, including financial market infrastructure.[6] The Directive also contains a variety of security and notification requirements for service providers to comply with. The NIS2 Directive echoes the FTC Safeguards Rule to a large extent regarding the elevated standard of cybersecurity measures.

However, the NIS2 Directive contains a different measure by implementing duties onto the European Union Agency for Cybersecurity (ENISA) itself. The Directive designates that ENISA assists Member States and the Corporation Groups set up under the Directive by “identifying good practices in the Member States regarding the implementation of the NIS directive, supporting the EU-wide reporting process for cybersecurity incidents, by developing thresholds, templates and tools, agreeing on common approaches and procedures, and helping Member States to address common cybersecurity issues.”[7] The Directive ordering the agency itself to facilitate the carrying out of the Directive may add to the likelihood of success. Although the outcome is uncertain, primarily because of the broad language of the Directive, at least burdens on financial institutions will be lessened to a certain extent. What distinguishes the NIS2 Directive from the FTC Safeguards Rule is that the Member States are given 21 months to transpose to their national legislative framework.[8] This time offers more flexibility as compared to the extension of the FTC Safeguards Rule. As the Directive passes through the legislative framework, more time will be allowed for financial institutions to prepare and respond to the proposed changes.

In summary, data privacy laws are tightening up globally, and the United States should look to and learn from the successes and failures of the EU’s Directive as both countries’ are attempting to do regulate a similar industry. That being said, regardless of the EU, financial institutions in the United States must begin paying attention to and complying with the FTC Safeguards Rule. Though the outcome of the Rule is uncertain, the 6-month extension will at least offer a certain degree of flexibility.

Notes

[1]https://www.ftc.gov/news-events/news/press-releases/2022/11/ftc-extends-deadline-six-months-compliance-some-changes-financial-data-security-rule; 16 CFR 314.

[2] https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act.

[3] Id.

[4] Concurring Statement of Commissioner Christine S. Wilson, Regarding Delaying the Effective Date of Certain Provisions of the Recently Amended Safeguards Rule (Nov 2022).

[5] https://www.ftc.gov/news-events/news/press-releases/2019/05/ftc-extends-comment-deadline-proposed-changes-safeguards-rule.

[6] https://digital-strategy.ec.europa.eu/en/policies/nis2-directive.

[7] https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new#:~:text=On%2016%20January%202023%2C%20the,cyber%20crisis%20management%20structure%20(CyCLONe).

[8] Id.

 


Robinhood Changed the Game(Stop) of Modern Day Investing but Did They Go Too Far?

Amanda Erickson, MJLST Staffer

It is likely that you have heard the video game chain, GameStop, in the news more frequently than normal. GameStop is a publicly traded company that is known for selling, trading, and purchasing gaming devices and accessories. Along with many other retailers during the COVID-19 pandemic, GameStop has been struggling. Not only did COVID-19 affect its operations, but the Internet beat the company’s outdated business model. Prior to January 2021, GameStop’s stock prices reflected the apparent new reality of gaming. In March 2015, GameStop’s closing price was around $40 a share, but at the beginning of January 2021, it was at $20 a share. With a downward trend like this, it might come as a shock to learn that on January 27, 2021, GameStop’s closing price was at $347.51 a share, with the stock briefly peaking at $483 on the following day.

This dramatic surge can be accredited to a large group of amateur traders on the Reddit forum, r/WallStreetBets, who promoted investments in the stock. This sudden surge forced large scale institutional investors, who originally bet against the stock through short positions, to buy the stock in order to hedge their positions. Short selling involves “borrowing” shares of a company, and quickly selling the borrowed shares into the market. The short seller hopes that these shares will fall in price, so that they can buy the shares back at a potentially lower price. If this happens, they can return the shares back that they “borrowed” and keep the difference as profit. The practice of short selling is controversial. Short selling can lead to stock price manipulation and can generate misinformation about a company, but it can also serve to check and balance the markets. The group on Reddit knew that short sellers had positions betting against GameStop and wanted to take advantage of these positions. This caused the stock price to soar when these short sellers had to repurchase their borrowed shares.

This historic scene intrigued many day traders to participate and place bets on GameStop, and other stocks that this Reddit group was promoting. Many chose to use Robinhood, a free online trading app, to make these trades. Robinhood introduced a radical business model in 2014 by offering consumers a platform that allowed them to trade with zero commissions, and ultimately changed the way the industry operated. That is until Robinhood issued a statement on January 28, 2021 announcing that “in light of recent volatility, we restricted transactions for certain securities,” including GameStop. Later that day, Robinhood issued another statement saying it would allow limited buying of those securities starting the next day. This came as a shock to many Robinhood users, because Robinhood’s mission is to “democratize finance for all.” These events exacerbated previous questions about the profitability model of Robinhood and ultimately left many users questioning Robinhood’s mission.

The first lawsuit was filed by a Robinhood user on January 28, 2021, alleging that Robinhood blocked its users from purchasing any of GameStop’s stock “in the midst of an unprecedented stock rise thereby depriv[ing] retail investors of the ability to invest in the open-market and manipulating the open market.” Robinhood is now facing over 30 lawsuits, with that number only rising. The chaos surrounding GameStop stock has caught lawmakers’ attention, and they are now calling for congressional action. On January 29, 2021, the Securities and Exchange Commission issued a statement informing that it is “closely monitoring and evaluating the extreme price volatility of certain stocks’ trading prices” and expressed that it will “closely review actions taken by regulated entities that may disadvantage investors.” Robinhood issued another statement on January 29, 2021, stating they did not want to stop people from buying these stocks, but that they had to take these steps to conform with their regulatory capital requirements.

The frenzy has since calmed down but left many Americans with questions surrounding the legality of Robinhood’s actions. While it may seem like Robinhood went against everything the free market has to offer, legal experts disagree, and it all boils down to the contract. The Robinhood contract states “I understand Robinhood may at any time, in its sole discretion and without prior notice to Me, prohibit or restrict My ability to trade securities.” Just how broad is that discretion, though? The issue now is if Robinhood treated some users differently than others. Columbia Law School professor, Joshua Mitts, said, “when hedge funds are going to lose from a trading suspension, they don’t face any lockup like this, any suspension, any halt at the retail level, but when retail investors find themselves locked in, they find themselves unable to exit the trade.” This protective action by Robinhood directly contradicts the language in the Robinhood contract that states that the user agrees Robinhood does not “provide investment advice in connection with this Account.” The language in this contract may seem clear separately, but when examining Robinhood’s restrictions, it leaves room to question what constitutes advice when restricting retail investors’ trades.

Robinhood’s practices are now under scrutiny by retail investors who question the priority of the company. The current lawsuits against Robinhood could potentially impact how fintech companies are able to generate profits and what federal oversight they might have moving forward. This instance of confusion between retail investors and their platform choice points to the potential weaknesses in this new form of trading. While GameStop’s stock price may have declined since January 28, the events that unfolded will likely change the guidelines of retail investing in the future.

 


Reviewing Interchange Fees: How Fifteen Years of Litigation Partially Explains the Grimace on Your Local Business Owner’s Face When You Pay for a $2.00 Product With a Credit Card

Jesse Smith, MJLST Staffer

Credit and debit cards have become a fundamental part of commerce. It’s hard to beat the perceived simplicity, convenience, and security of using a small piece of plastic or your phone to purchase goods and services. But many forget that when you swipe your card at any business that accepts cards, the merchant does not receive the full amount of the price it charges for the good or service purchased. “Interchange fees” are costs levied against a merchant by the bank that issued the card being used for payment. Until 2010, interchange fees comprised between 1%-3% of the cost of the purchase. Their described purpose is to “cover handling costs, fraud and bad debt costs, and the risk involved in approving the payment.” In recent decades, card issuers have also used interchange fees to fund popular “rewards programs” offered in the form of cashback and points to cardholders.

Interchange fees have been the subject of intense legislative and litigation controversies for the last two decades. They highlight numerous salient issues at the intersection of law, economics, and technology. In 2004, a group of merchants filed a lawsuit against Visa,  Mastercard, and their card issuing banks (In Re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation 827 F.3d 223 (2d Cir. 2016)), alleging anticompetitive practices in how they set interchange fees and the contractual rules required of merchants who accepted their credit cards. The issues addressed in the case span multiple areas of law including corporate structure, antitrust, freedom of speech, and legislative process.

Over a decade later, the lawsuit culminated in one of the largest antitrust class action settlements in the history of the United States. To understand the history and progression of this lawsuit is to understand interchange fees more generally. I spoke to K. Craig Wildfang, a partner at Robins Kaplan LLP, and co-lead counsel for the merchants in the case. Mr. Wildfang’s explanation of the litigation and payment card industry overall provided unparalleled insight into this important aspect of how we conduct transactions in an increasingly tech driven society.

In 2004, Plaintiffs filed claims against Visa and Mastercard (who previously set interchange fee schedules), and the banks that collectively owned these card networks at the time. The lawsuit challenged the “collective setting of interchange fees” by the defendants as antitrust violations, more specifically, as price fixing conspiracies under Sections 1 and 2 of the Sherman Antitrust Act. It also challenged anti-steering rules written into the card networks’ contracts with merchants, which prevented businesses from using discounts, surcharges, or signage to “steer” customers towards use of cheaper methods of payment, including cash or checks.

Soon after the commencement of the lawsuit, Visa and Mastercard restructured their businesses by divesting the banks from their ownership interests and offering IPOs in their companies’ stock. Doing so would cause interchange fee rate setting to resemble the actions of single entities, rather than joint conduct propagated by the banks as owners of the credit card companies. Such restructuring posed a challenge to the merchants suing, as courts historically look at single conduct less skeptically than joint conduct in an antitrust context. Undeterred, Wildfang and the merchants’ counsel leveraged this action into an additional antitrust claim under § 7 of the Clayton Act (which utilizes a lower standard of proof for anti-competitive behavior). Thus, they were able to obtain discovery that, in Wildfang’s estimation, made it “100% clear that the only reason they [restructured] was to try to minimize their antitrust liability.”

After years of litigation, mediation, and even a DOJ investigation into the defendants, in 2012, the parties finally reached a historic multibillion-dollar settlement that also saw Visa and Mastercard lift their contractual bans on steering policies. The 2nd Circuit struck down the settlement on appeal based on a conflict from the same class counsel representing the plaintiffs for both monetary and injunctive relief. Consequently, Wildfang and Robins Kaplan were appointed as counsel for 23(b)(3) plaintiffs seeking monetary relief. Undeterred by this setback, after further amended complaints, discovery, and mediation, Wildfang and class counsel achieved another victory in 2019, securing a $6.25 billion settlement for over 10 million merchants, before reductions for opt outs. Additionally, Visa and Mastercard did not reinstate any anti-steering provisions into their contracts.

While litigation was a necessary element of relief, the merchants’ counsel understood this was only part of the solution. Wildfang noted that “when we started the litigation, we knew there would be these ancillary battles, and we decided as the leadership of the litigation, that it was in the interest of our clients . . . to play a productive role in these other . . .  fora.”

In 2010, as part of the Dodd-Frank Wall Street Reform Act, Senator Richard Durbin, assisted by Plaintiffs’ counsel and other merchant trade groups, introduced an amendment granting the Federal Reserve the power to regulate debit card interchange fees. The Fed subsequently capped them at approximately 22 to 24 cents per transaction for banks with assets of $10 billion or more. In Wildfang’s assessment, limiting regulation to debit card fees was a logical starting point for legislative reform:

[I]t was much easier for the merchants to argue . . . that a debit card transaction was just an electronic check . . . it made it more appealing to the congressional people we were talking to, to think . . . “well we’re just going to recognize that these are like electronic checks, and checks don’t have interchange fees. So, let’s get rid of these, or at least cap them.” That’s something more reasonable. If you get into trying to cap or regulate credit card interchange fees, that gets a lot more complicated, because the economics of a credit card transaction are a lot more complicated. Some of the interchange revenue ends up going as rewards to cardholders, which of course, the banks always claim is a wonderful good for the consumer, but in fact, those reward dollars are coming out of pockets of other consumers who may not have a credit card.

Senator Durbin espoused this reasoning in discussing the Durbin Amendment in the Senate Congressional Record. Debit card fees are fundamentally like electronic checks, in that they deduct payment for a transaction from a customer’s checking account. The nature of these transactions largely eliminates the need for high interchange fees, as banks need not entice consumers to spend their own money with rewards programs, nor does it require the same costs incurred to mitigate the risk of a consumer refusing to pay what they owe at the end of a month, as with a credit card.

Capping debit card fees was a monumental victory for merchants. Wildfang noted:

It had been true . . . by the early two thousand teens, that debit card transactions were increasing at a much faster rate than credit card transactions, and that was true whether you were talking about numbers of transactions or transaction volume. And there were a lot of reasons for that . . . [which] made capping debit fees particularly appealing, because we knew that that was a growing piece of the pie, and it was going to continue to grow, and it has continued to grow.

The number of non-prepaid debit card transactions has increased every year from 8.3 billion in 2000, to 72.7 billion in 2018, now constituting over half of all card based transactions, as compared to a little over a quarter in 2000. With the average value of debit card sales hovering consistently in the $38-$39 range, merchants were undoubtedly spared the cost of billions of dollars in interchange fees, having to pay a max of 24 cents, rather than 1%-3% of every transaction conducted. Additionally, the effects of the Durbin Amendment went far beyond relief of the financial burden from debit card fees, igniting tangential legislative and judicial fights throughout the U.S.

Armed with an affordable card payment alternative, it became paramount for merchants to make debit card, check, and cash payment options more appealing by offering discounts for use of these payments, or imposing surcharges on more expensive types of payments. Multiple states, often lobbied by Visa and Mastercard, had either passed or were considering passing laws banning these steering practices. Repealing or preventing these laws was key, as removal of anti-steering provisions from card issuer contracts would be useless if steering were illegal in the first place. Wildfang and merchants’ counsel worked behind the scenes with counsel for plaintiffs in Expressions Hair Design v. Schneiderman, 137 S. Ct. 1144 (2017), where the Supreme Court ruled a New York state law banning merchants from imposing surcharges regulated speech, not conduct. While the holding did not rule on the law’s constitutionality, some believe the case may percolate back to the Court soon to reexamine a key rational basis review standard in free speech cases.

When the litigation first began, consumers paid primarily by cash, check, and magnetic stripe credit or debit cards. Since then, the menu for consumers has increased exponentially, with EMV chip cards, various digital wallets, and cryptocurrencies now permeating payment methods both online and at a physical point of sale. The increasing diversity of payment methods further served to complicate the factual and narrative landscape of the litigation, primarily by challenging the standing Plaintiffs had in the antitrust realm. Wildfang explained:

Let’s take, for example, a transaction like Apple Pay. The economics of that are facially somewhat similar to a credit card, but there are more players in the payment chain, and the impact on the merchant of those transactions is not as clear as in a simple credit . . . or debit card transaction. And you had these intermediate players, one more layer between the banks and the merchant, and as you probably know, under federal antitrust law, only the direct purchaser has standing to bring an action for damages, and the defendants had always argued from the very beginning, that merchants were indirect purchasers, because, as sort of a technical matter, the way the electronics work, the acquiring bank—the merchant’s bank, is in some sense “first in line” as the money goes through them back to the merchant.

This potential dilution of a merchant’s ability to sue as a direct purchaser underscored the need to reach a monetary settlement rather than risk losing at trial. Wildfang believes these developments will play a key role in future electronic payment litigation:

[I]t’s going to be complicated, and the release that we gave to the defendants in the second settlement is almost certain to prompt litigation. There are going to be cases brought in the future where the defendants are going to argue the release applies and protects them against those claims and so there[] [is]going to be a lot of litigation along the edges of the original case, and whether or not a particular future claim has been released or not. And I think that the technological changes are going to be probably right in among all of those cases and kind of test the boundaries of the release.

Digital wallet platforms function and release payment information differently. Google utilizes an actual account for its wallet users to “store” money in, while Apple “facilitat[es] the ordering of fund transfers,” by creating and providing secure payment tokens to the merchant, rather than actual user account information. Apple also levies a 0.15% fee on card issuers who accept Apple Pay for integration with their cards. It remains to be seen how legislatures and courts will classify these roles of differing platforms in the payment chain between consumer and merchant.

But as both merchants and card issuers deal with another party and the costs it brings to the table, numerous issues will emerge once. Will the use of a certain payment method/platform render merchants as indirect purchasers? Will card issuers use additional or new fees to offset the costs of digital wallet providers’ fees? If so, are these fees precluded from litigation by this settlement? These are just a few of countless questions that may arise “around the edges of the original case.” Regardless of if or how these specific battles arise, the dynamic nature of the payment card industry is the one constant in a sea of changing technological variables. As Wildfang summed it up, “for the first forty years or so of the payment card industry, not much changed. But in the last ten years, a lot has changed, and I think that the next five or ten years is going to bring even more change.”


Why Equity-Based Crowdfunding Is Not Flourishing? — A Comparison Between the US and the UK

Tianxiang Zhou, MJLST Editor

While donation-based crowdfunding (giving money to enterprises or organizations they want to support) is flourishing on online platforms in the US, the equity-based crowdfunding (funding startup enterprises or organizations in return for equity) under the JOBS Act is still staggering as the requirements are proving impractical for most entrepreneurs.

Donation-based crowdfunding is dominating the major crowdfunding websites like Indiegogo, Kickstarter, etc. In March, 2017, Facebook announced that it will introduce a crowdfunding feature that will help users back causes such as education, medical needs, pet medical, crisis relief, personal emergencies and funerals. However, this new crowdfunding feature from Facebook has nothing to do with equity-based crowdfunding; it is only used for donation-based crowdfunding. As for the platforms specialized in crowdfunding,  equity-based crowdfunding projects are difficult to find. If you visit Kickstarter or Indiegogo, most of the crowdfunding projects that appear on the webpages are donation-based crowdfunding project. As of April 2, 2017, there are only four active crowdfunding opportunities appearing on the Indiegogo website that are available for investors. The website stated that “more than 200 (equity-based) projects funded in the past.” (The writer cannot find an equity-based crowdfunding opportunity on Kickstarter or a section to search equity-based crowdfunding opportunities.)

The reason why equity-based crowdfunding is not flourishing is easily apparent. As one article points out, the statutory requirements for Crowdfunding under the JOBS Act “effectively weigh it down to the point of making the crowdfunding exemption utterly useless.” The problems associated with obtaining funding for small businesses that the JOBS Act aims to resolve are still there with crowdfunding: for example, the crowdfunding must be done through a registered broker-dealer and the issuer have to file various disclosure statement including financial statement and annual reports. For smaller businesses, the costs to prepare such reports could be heavily burdensome for the business at their early stage.

Compared to crowdfunding requirements in the US, the UK rules are much easier for issuers to comply with. Financial Conduct Authority (FCA) introduced a set of regulations for the peer-to-peer sector in 2014. Before this, the P2P sector did not fall under any regulatory regime. After 2014, the UK government requires platforms to be licensed or to have regulated activities managed by authorized parties. If an investor is deemed a “non-sophisticated” investor constraints are placed on how much they are permitted to invest, in that they must not invest more than 10% of their net investable assets in investments sold via what are called investment-based crowdfunding platforms. Though the rules require communication of the offers and the language and clarity of description used to describe these offers and the awareness of the risk associated with them, much fewer disclosure obligations are required for the issuers such as the filing requirements of annual reports and financial statement.

As a result, the crowdfunding market in the UK is characterized as “less by exchanges that resemble charity, gift giving, and retail, and more by those of financial market exchange” compared with the US. On the UK-based crowdfunding website Crowdcude, there are 14 opening opportunities for investors as of April 2, 17, and there were 494 projects funded. In comparison, the US-based crowdfunding giant Indiegogo’s statement that “more than 200 projects funded in the past” is not very impressive considering the difference between the sizes of the UK’s economy and the US’ economy.

While entrepreneurs in the US are facing many obstacles in funding through equity-based crowdfunding, the UK crowdfunding websites are now providing more equity-based opportunities to the investors, and sometimes even more effective than government-lead programs. The Crowd Data Center publicized a report stating that seed crowdfunding in the UK is more effective in delivering 40% more funding in 2016 than the UK government funded Startup Loans scheme.

As for the concern that the equity-based fraud funding involves too much risk for “unsophisticated investors,” articles pointed out that in countries like UK and Australia where lightly regulated equity crowdfunding platforms welcomed all investors, there is “hardly any instances of fraud.” While the equity-crowdfunding JOBS Act has not failed to prove its efficiency, state laws are devising more options for the issuers with restrictions of SEC Rule 147. (see more from 1000 Days Late & $1 Million Short: The Rise and Rise of Intrastate Equity Crowdfunding). At the same time, the FCA stated that it will also revisit the rules on crowdfunding. It would be interesting to see how the crowdfunding rules will evolve in the future.


The Rise and Fall of a Scholarly Crowdfunding Article

Tim Joyce, Editor-in-Chief, MJLST Vol. 18

Print publication of science and tech articles is a weird thing. On the one hand, a savvy articles selection team will prioritize articles on the most pressing and innovative advancements in the field. On the other, though—and precisely because these articles are so current—a draft piece can be partially outdated even before the publisher’s pressing start rolling. So it is that a little piece on investment crowdfunding, conceived in September 2015, meticulously researched throughout the 2015–16 academic year, and selected in April 2016, for publication in January 2017, can transform from forward-looking thinkpiece to historically-dated comparison piece.

My recent article with MJLST, 1000 Days Late & $1 Million Short: The Rise and Rise of Intrastate Equity Crowdfunding, compares the newly-activated federal Regulation Crowdfunding to Minnesota’s intrastate investment crowdfunding model MNvest. When the piece was originally conceived both of these laws were not yet active; in fact, it was not yet clear that the SEC would ever release final rules for what would become Regulation Crowdfunding. When the issue was ultimately sent to the printers, each of the laws had been active for at least 6 months. Like I said, weird.

This post is intended to update the curious reader on current happenings with investment crowdfunding on both a federal and a state level.

On the federal level, Regulation Crowdfunding rules have been final since October 2015 and active since May 2016. Nearly 200 offerings later, analysts and scholars are already starting to crunch the numbers. [Full disclosure: I am one of those academics. Our paper (co-author Zach Robins of Winthrop & Weinstine) will be presented at the Mitchell-Hamline Law Review Symposium next month, if you’re interested.] Similar to rewards-based crowdfunding models like Indiegogo and Kickstarter, there appear to be some things a crowdfunding issuer can do to increase the likelihood of success of their offering. Here are some examples.

First, a clear business plan is essential to attracting investors. After all, the “crowd” is made of lots of folks without sophisticated investing experience; so you have to find a creative way to hook them without violating securities disclosure restrictions. This isn’t always as easy said than done, and some portal operators have already gotten in serious trouble for violating their obligations to ensure offering accuracy.

Second, and perhaps a bit counterintuitive, the most successful Regulation Crowdfunding issuers actually have slightly higher minimum investments than you would expect. There is no dollar floor to the investment under the rules of Reg CF, but a small minimum opens the door to a potentially unwieldy cap table. In addition, a high minimum investment decreases the number of available spots for investors in the targeted offering amount; there is a very real “exclusivity” effect. To illustrate: it takes 10,000 investors at $10/per to get to $100,000 offering, but you could raise the same $100,000 with only 100 investors at $1,000/per. Issuers get to choose which investors they take on in oversubscription situations, and it can’t hurt to create a little buzz as investors “compete” for limited spots in the offering.

Finally, communicating the business plan using a strong video is a must—industry analysts report that campaigns using any video at raised significantly more money that those without (on the order of 11:1 times more money!). If that video is of good enough quality, according to those same analysts, your offering does even better. Of course, video quality only matters if your network is sufficiently large to reach enough potential investors. For issuers hoping to raise $50,000, that generally means connecting with more than 3,000 people.

There are plenty more nuggets of wisdom to glean from the first 8 months of federal investment crowdfunding offerings, and this post only scratches the surface. For more, see our forthcoming paper in Mitchell-Hamline Law Review’s symposium issue later this year.

As for MNvest, unfortunately, while the law has been technically available for Minnesota crowdfunders since June 2016, it took until the end of the year for the Department of Commerce to approve any portals. So only a handful of issuers and portals are currently active in the space. True to form, for federal crowdfunding offerings at least, craft breweries are making a strong showing (read: in Minnesota, 4 of the first 4 MNvest issuers are breweries!). Hopefully we’ll see more of them as the vehicle becomes more well-known.

One thing that should further aid MNvest issuers is that the SEC recently released final rules that will make it easier and safer for intrastate issuers to use the internet to advertise. Before the rules update, issuers were bound by advertising and solicitation restrictions drafted in the 1970s (that is, before the interwebs). As crowdfunding, almost by definition, requires the use of the internet to reach a crowd, these updates should streamline and loosen up the fundraising process. The new final rules create a new exemption (Rule 147A); state legislatures that based their intrastate laws on old Rule 147 will need to update their laws accordingly first.

Investment crowdfunding laws of the intrastate and federal varieties hold promise for many issuers. And, while there is not yet a perfect model or a one-size-fits-all strategy for fundraising, it is clear that investors and issuers alike are excited by the promise this investment vehicle holds.

Who knows—perhaps in another 18 months the way we crowdfund will have experienced as much change again, to make this piece as quickly “historical” as my earlier article!


Court’s Remain Unclear About Bitcoin’s Status

Paul Gaus, MJLST Staffer

Bitcoin touts itself as an “innovative payment network and a new kind of money.” Also known as “cryptocurrency,” Bitcoin was hatched out of a paper posted online by a mysterious gentleman named Satoshi Nakamoto (he has never been identified). The Bitcoin economy is quite complex, but it is generally based on the principle that Bitcoins are released into networks at a steady pace determined by algorithms.

Although once shrouded in ambiguity, Bitcoins threatened to upend (or “disrupt” in Silicon Valley speak) the payment industry. At their core, Bitcoins are just unique strings of information that users mine and typically store on their desktops. The list of companies that accept Bitcoins is growing and includes cable companies, professional sports teams, and even a fringe American political party. According to its proponents, Bitcoins offer lower transaction costs and increased privacy without inflation that affects fiat currency.

Technologies like Bitcoins do not come without interesting legal implications. One of the oft-cited downsides of Bitcoins is that they can facilitate criminal enterprises. In such cases, courts must address what status Bitcoins have in the current economy. The Southern District of New York recently held that Bitcoins were unequivocally a form of currency for purposes of criminal prosecution. In United States v. Murgio et al., Judge Alison Nathan determined Bitcoins are money because “Bitcoins can be accepted as payment for goods and services or bought directly from an exchange with a bank account . . . and are used as a medium of exchange and a means of payment.” By contrast, the IRS classifies virtual currency as property.
Bitcoins are uncertain, volatile, and complex, but they continue to be accepted as currency and show no signs of fading away. Going forward, the judiciary will need to streamline its treatment of Bitcoins.