Administrative Law

Payment Pending: CFPB Proposes to Regulate Digital Wallets

November 27, 2023
Administrative Law, Financial Law, Regulatory

Kevin Malecha, MJLST Staffer

Federal regulators are increasingly concerned about digital wallets and person-to-person payment (P2P) apps like Apply Pay, Google Pay, Cash App, and Venmo, and how such services might impact the rights of financial consumers. As many as three-quarters of American adults use digital wallets or payment apps and, in 2022, the total value of transactions was estimated at $893 billion, expected to increase to $1.6 trillion by 2027.[1] In November of 2023, the Consumer Financial Protection Bureau proposed a rule that would expand its supervisory powers to cover certain nonbank providers of these services. The CFPB, an independent federal agency within the broader Federal Reserve System, was created by the Dodd-Frank Act in response to the 2007-2008 financial crisis and subsequent recession. The Bureau is tasked with protecting consumers in the financial space by promulgating and enforcing rules governing a wide variety of financial activities like mortgage lending, debt collection, and electronic payments.[2]

The CFPB has identified digital wallets and payment apps as products that threaten consumer financial rights and well-being.[3] First, because these services collect mass amounts of transaction and financial data, they pose a substantial risk to consumer data privacy.[4] Second, if the provider ceases operations or faces a “bank” run, any funds held in digital accounts may be lost because Federal Deposit Insurance Corporation (FDIC) protection, which insures deposits up to $250,000 in traditional banking institutions, is often unavailable for digital wallets.[5]

Enforcement and Supervision

The CFPB holds dual enforcement and supervisory roles. As one of the federal agencies charged with “implementing the Federal consumer financial laws,”[6] the enforcement powers of the CFPB are broad, but enforcement actions are relatively uncommon. In 2022, the Bureau brought twenty enforcement actions.[7] By contrast, the Commodity Futures Trading Commission (CFTC), which is also tasked in part with protecting financial consumers, brought eighty-two enforcement actions in the same period.[8] In contrast to the limited and reactionary nature of enforcement actions, the CFPB’s supervisory authority requires regulated entities to disclose certain documents and data, such as internal policies and audit reports, and allows CFPB examiners to proactively review their actions to ensure compliance.[9] The Bureau describes its supervisory process as a tool for identifying issues and addressing them before violations become systemic or cause significant harm to consumers.[10]

The CFPB already holds enforcement authority over all digital wallet and payment app services via its broad power to adjudicate violations of financial laws wherever they occur.[11] However, the Bureau has so far enjoyed only limited supervisory authority over the industry.[12] Currently, the CFPB only supervises digital wallets and payment apps when those services are provided by banks or when the provider falls under another CFPB supervision rule.[13] As tech companies like Apple and Google – which do not fall under other CFPB supervision rules – have increasingly entered the market, they have gone unsupervised.

Proposed Rule

Under the organic statute, CFPB’s existing supervisory authority covers nonbank persons that offer certain financial services including real estate and mortgage loans, private education loans, and payday loans.[14] In addition, the statute allows the Bureau to promulgate rules to cover other entities that are “larger participant[s] of a market for other consumer financial products or services.”[15] The proposed rule takes advantage of the power to define “larger participants” and expands the definition to include providers of “general-use digital consumer applications,” which the Bureau defines as funds transfer or wallet functionality through a digital application that the consumer uses to make payments for personal, household, or family purposes.[16] An entity is a “larger participant” if it (1) provides general-use digital consumer payment applications with an annual volume of at least five million transactions and (2) is not a small business as defined by the Small Business Administration.[17] The Bureau will make determinations on an individualized basis and may request documents and information from the entity to determine if it satisfies the requirements, which the entity can then dispute.

Implications for Digital Wallet and Payment App Providers

Major companies like Apple and Google can easily foresee that the CFPB intends to supervise them under the new rule. The Director of the CFPB recently compared the two American companies to Chinese tech companies Alibaba and WeChat that offer similar products and that, in the Director’s view, pose a similar risk to consumer data privacy and financial security.[18] For smaller firms, predicting the Bureau’s intentions is challenging, but existing regulations indicate that the Bureau will issue a written communication to initiate supervision.[19] The entity will then have forty-five days to dispute the finding that they meet the regulatory definition of a “larger participant.”[20] In their response, entities may include a statement of the reason for their objection and records, documents, or other information. Then the Assistant Director of the CFPB will review the response and make a determination. The regulation gives the Assistant Director the ability to request records and documents from the entity prior to the initial notification of intended supervision and throughout the determination process.[21] The Assistant Director also may extend the timeframe for determination beyond the forty-five-day window.[22]

If an entity becomes supervised, the Bureau will contact it for an initial conference.[23] The examiners will then determine the scope of future supervision, taking into consideration the responses at the conference, any records requested prior to or during the conference, and a review of the entity’s compliance management program.[24] The Bureau prioritizes its supervisory activities based on entity size, volume of transactions, size and risk of the relevant market, state oversight, and other market information to which the Bureau has access.[25] Ongoing supervision is likely to vary based on these factors, as well, but may include on-site or remote examination, review of documents and records, testing accounts and transactions for compliance with federal statutes and regulations, and continued review of the compliance management system.[26] The Bureau may then issue a confidential report or letter stating the examiner’s opinion that the entity has violated or is at risk of violating a statute or regulation.[27] While these findings are not final determinations, they do outline specific steps for the entity to regain or ensure compliance and should be taken seriously.[28] Supervisory reports or letters are distinct from enforcement actions and generally do not result in an enforcement action.[29] However, violations may be referred to the Bureau’s Office of Enforcement, which would then launch its own investigation.[30]

The likelihood of the proposed rule resulting in an enforcement action is, therefore, relatively low, but the exposure for regulated entities is difficult to measure because the penalties in enforcement actions vary widely. From October 2022 to October 2023, amounts paid by regulated entities ranged from $730,000 paid by a remittance provider that violated Electronic Funds Transfer rules,[31] to $3.7 billion in penalties and redress paid by Wells Fargo for headline-making violations of the Consumer Financial Protection Act.[32]

Notes

[1] Analysis of Deposit Insurance Coverage on Funds Stored Through Payment Apps, Consumer Fin. Prot. Bureau (Jun. 1, 2023), https://www.consumerfinance.gov/data-research/research-reports/issue-spotlight-analysis-of-deposit-insurance-coverage-on-funds-stored-through-payment-apps/full-report.

[2] Final Rules, Consumer Fin. Prot. Bureau, https://www.consumerfinance.gov/rules-policy/final-rules (last visited Nov. 16, 2023).

[3] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[4] Id.

[5] Id.

[6] 12 U.S.C. § 5492.

[7] Enforcement by the numbers, Consumer Fin. Prot. Bureau (Nov. 8, 2023), https://www.consumerfinance.gov/enforcement/enforcement-by-the-numbers.

[8] CFTC Releases Annual Enforcement Results, Commodity Futures Trading Comm’n (Oct. 20, 2022), https://www.cftc.gov/PressRoom/PressReleases/8613-22.

[9] CFPB Supervision and Examination Manual, Consumer Fin. Prot. Bureau at Overview 10 (Mar. 2017), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_2023-09.pdf.

[10] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 4 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[11] 12 U.S.C. §5563(a).

[12] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[13] Id.

[14] 12 U.S.C. § 5514.

[15] Id.

[16] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 3 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[17] Id. at 4.

[18] Rohit Chopra, Prepared Remarks of CFPB Director Rohit Chopra at the Brookings Institution Event on Payments in a Digital Century, Consumer Fin. Prot. Bureau (Oct. 6, 2023), https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-at-the-brookings-institution-event-on-payments-in-a-digital-century.

[19] 12 CFR § 1090.103(a).

[20] 12 CFR § 1090.103(b).

[21] 12 CFR § 1090.103(c).

[22] 12 CFR § 1090.103(d).

[23] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 6 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[24] Id.

[25] Id. at 5.

[26] Id. at 6.

[27] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 3 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[28] Id.

[29] Id.

[30] Id.

[31] CFPB Orders Servicio UniTeller to Refund Fees and Pay Penalty for Failing to Follow Remittance, Consumer Fin. Prot. Bureau (Dec. 22, 2022), https://www.consumerfinance.gov/enforcement/actions/servicio-uniteller-inc.

[32] CFPB Orders Wells Fargo to Pay $3.7 Billion for Widespread Mismanagement of Auto Loans, Mortgages, and Deposit Accounts, Consumer Fin. Prot. Bureau (Dec. 20, 2022), https://www.consumerfinance.gov/enforcement/actions/wells-fargo-bank-na-2022.

Who Is Regulating Regulatory Public Comments?

October 1, 2023
Administrative Law, Agencies, New Technology, Regulatory

Madeleine Rossi, MJLST Staffer

In 2015 the Federal Communications Commission (FCC) issued a rule on “Protecting and Promoting the Open Internet.”[1] The basic premise of these rules was that internet service providers had unprecedented control over access to information for much of the public. Those in favor of the new rules argued that broadband providers should be required to enable access to all internet content, without either driving or throttling traffic to particular websites for their own benefit. Opponents of these rules – typically industry players such as the same broadband providers that would be regulated – argued that such rules were burdensome and would prevent technological innovation. The fight over these regulations is colloquially known as the fight over “net neutrality.” 

In 2017 the FCC reversed course and put forth a proposal to repeal the 2015 regulations. Any time that an agency proposes a rule, or proposes to repeal a rule, they must go through the notice-and-comment rulemaking procedure. One of the most important parts of this process is the solicitation of public comments. Many rules get put forth without much attention or fanfare from the public. Some rules may only get hundreds of public comments, often coming from the industry that the rule is aimed at. Few proposed rules get attention from the public at large. However, the fight over net neutrality – both the 2015 rules and the repeal of those rules in 2017 – garnered significant public interest. The original 2015 rule amassed almost four million comments.[2] At the time, this was the most public comments that a proposed rule had ever received.[3] In 2017, the rule’s rescission blew past four million comments to acquire a total of almost twenty-two million comments.[4]

At first glance this may seem like a triumph for the democratic purpose of the notice-and-comment requirement. After all, it should be a good thing that so many American citizens are taking an interest in the rules that will ultimately determine how they can use the internet. Unfortunately, that was not the full story. New York Attorney General Letitia James released a report in May of 2021 detailing her office’s investigation into wide ranging fraud that plagued the notice-and-comment process.[5] Of the twenty-two million comments submitted about the repeal, a little under eight million of them were generated by a single college student.[6] These computer-generated comments were in support of the original regulations, but used fake names and fake comments.[7] Another eight million comments were submitted by lead generation companies that were hired by the broadband companies.[8] These companies stole individuals’ identities and submitted computer-generated comments on their behalf.[9] While these comments used real people’s identities, they fabricated the content in support of repealing the 2015 regulations.[10]

Attorney General James’ investigation showed that real comments, submitted by real people, were “drowned out by masses of fake comments and messages being submitted to the government to sway decision-making.”[11] When the investigation was complete, James’ office concluded that nearly eighteen of the twenty-two million comments received by the FCC in 2017 were faked.[12] The swarm of fake comments created the false perception that the public was generally split on the issue of net neutrality. In fact, anywhere from seventy-five to eighty percent of Americans say that they support net neutrality.[13]

This is not an issue that is isolated to the fight over net neutrality. Other rulemaking proceedings have been targeted as well, namely by the same lead generation firms involved in the 2017 notice-and-comment fraud campaign.[14] Attorney General James’ investigation found that regulatory agencies like the Environmental Protection Agency (EPA), which is responsible for promulgating rules that protect people and the environment from risk, had also been targeted by such campaigns.[15] When agencies like the FCC or EPA propose regulations for the protection of the public, the democratic process of notice-and-comment is completely upended when industry players are able to “drown out” real public voices.

So, what can be done to preserve the democratic nature of the notice-and-comment period? As the technology involved in these schemes advances, this is likely to become not only a reoccurring issue but one that could entirely subvert the regulatory process of rulemaking. One way that injured parties are fighting back is with lawsuits.

In May of 2023, Attorney General James announced that she had come to a second agreement with three of the lead generation firms involved with the 2017 scam to falsify public comments.[16] The three companies agreed to pay $615,000 in fines for their involvement.[17] This agreement came in addition to a previous agreement in which the three stipulated to paying four million dollars in fines and agreed to change future lead generating practices, and the litigation is ongoing.[18]

However, more must be done to ensure that the notice-and-comment process is not entirely subverted. Financial punishment after the fact does not account for the harm to the democratic process that is already done. Currently, the only recourse is to sue these companies for their fraudulent and deceptive practices. However, lawsuits will typically only result in financial losses. Financial penalties are important, but they will always come after the fact. Once litigation is under way, the harm has already been done to the American public.

Agencies need to ensure that they are keeping up with the pace of rapidly evolving technology so that they can properly vet the validity of the comments that they receive. While it is important to keep public commenting a relatively open and easy practice, having some kind of vetting procedure has become essential. Perhaps requiring an accompanying email address or phone number for each comment, and then sending a simple verification code. Email or phone numbers could also be contacted during the vetting process once the public comment period closes. While it would likely be impractical to contact each individual independently, a random sample would at least flag whether or not a coordinated and large-scale fake commenting campaign had taken place. 

Additionally, the legislature should keep an eye on fraudulent practices that impact the notice-and-comment process. Lawmakers can and should strengthen laws to punish companies that are engaged in these practices. For example, in Attorney General James’ report she recommends that lawmakers do at least two things. First, they should explicitly and statutorily prohibit “deceptive and unauthorized comments.”[19] To be effective these laws should establish large civil fines. Second, the legislature should “strengthen impersonation laws.”[20] Current impersonation laws were not designed with mass-impersonation fraud in mind. These statutes should be amended to increase penalties when many individuals are impersonated.

In conclusion, the use of fake comments to sway agency rulemaking is a problem that is only going to worsen with time and the advance of technology. This is a serious problem that should be taken as such by both agencies and the legislature. 

Notes

[1] 80 Fed. Reg. 19737.

[2] https://www.brookings.edu/articles/democratizing-and-technocratizing-the-notice-and-comment-process/.

[3] Id.

[4] Id.

[5] https://ag.ny.gov/press-release/2021/attorney-general-james-issues-report-detailing-millions-fake-comments-revealing.

[6] https://www.brookings.edu/articles/democratizing-and-technocratizing-the-notice-and-comment-process/.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] https://ag.ny.gov/press-release/2021/attorney-general-james-issues-report-detailing-millions-fake-comments-revealing.

[12] Id.

[13] https://thehill.com/policy/technology/435009-4-in-5-americans-say-they-support-net-neutrality-poll/, https://publicconsultation.org/united-states/three-in-four-voters-favor-reinstating-net-neutrality/.

[14] Id.

[15] https://apnews.com/article/settlement-fake-public-comments-net-neutrality-ae1f69a1f5415d9f77a41f07c3f6c358.

[16] Id.

[17] Id.

[18] https://apnews.com/article/government-and-politics-technology-business-9f10b43b6aacbc750dfc010ceaedaca7.

[19] https://ag.ny.gov/sites/default/files/oag-fakecommentsreport.pdf.

[20] Id.

Saving the Planet With Admin Law: Another Blow to Tax Exceptionalism

December 13, 2022
Administrative Law, Agencies, Environment, Tax, Tax Law

Caroline Moriarty, MJLST Staffer

Earlier this month, the U.S. Tax Court struck down an administrative notice issued by the IRS regarding conservation easements in Green Valley Investors, LLC v. Commissioner. While the ruling itself may be minor, the court may be signaling a shift away from tax exceptionalism to administrative law under the Administrative Procedures Act (“APA”), which could have major implications for the way the IRS operates. In this post, I will explain what conservation easements are, what the ruling was, and what the ruling may mean for IRS administrative actions going forward. 

Conservation Easements

Conservation easements are used by wealthy taxpayers to get tax deductions. Under Section 170(h) of the Internal Revenue Code (“IRC”), taxpayers who purchase development rights for land, then donate those rights to a charitable organization that pledges not to develop or use the land, get a deduction proportional to the value of the land donated. The public gets the benefit of preserved land, which could be used as a park or nature reserve, and the donor gets a tax break.

However, this deduction led to the creation of “syndicated conservation easements.” In this tax scheme, intermediaries purchase vacant land worth little, hire an appraiser to declare its value to be much higher, then sell stakes in the donation of the land to investors, who get a tax deduction that is four to five times higher than what they paid. In exchange, the intermediaries are paid large fees. 

Conservation easements can be used to protect the environment, and proponents of the deduction argue that the easements are a critical tool in keeping land safe from development pressures. However, the IRS and other critics argue that these deductions are abused and cost the government between $1.3 billion and $2.4 billion in lost tax revenue. Some appraisers in these schemes have been indicted for “fraudulent” and “grossly inflated” land appraisals. Both Congress and the IRS have published research about the potential for abuse. In 2022, the IRS declared the schemes one of their “Dirty Dozen” for the year, writing that “these abusive arrangements do nothing more than game the tax system with grossly inflated tax deductions and generate high fees for promoters.”

Notice 2017-10 and the Tax Court’s Green Valley Ruling

To combat the abuse of conservation easements, the IRS released an administrative notice (the “Notice”) that required taxpayers to disclose any syndicated conservation easements on their tax returns as a “listed transaction.” The notice didn’t go through notice-and-comment procedures from the APA. Then, in 2019, the IRS disallowed over $22 million in charitable deductions on Green Valley and the other petitioners’ taxes for 2014 and 2015 and assessed a variety of penalties.  

While the substantive tax law is complex, Green Valley and the other petitioners challenged the penalties, arguing that the Notice justifying the penalties didn’t go through notice and comment procedures. In response, the IRS argued that Congress had exempted the agency from notice-and-comment procedures. Specifically, the IRS argued that they issued a Treasury Regulation that defined a “listed transaction” as one “identified by notice, regulation, or other form of published guidance,” which should have indicated to Congress that the IRS would be operating outside of APA requirements when issuing notices. 

The Tax Court disagreed, writing “We remain unconvinced that Congress expressly authorized the IRS to identify a syndicated conservation easement transaction as a listed transaction without the APA’s notice-and-comment procedures, as it did in Notice 2017-10.” Essentially, the statutes that Congress wrote allowing for IRS penalties did not determine the criteria for how taxpayers would incur the penalties, so the IRS decided with non-APA reviewed rules. If Congress would have expressly authorized the IRS to determine the requirements for penalties without APA procedures in the penalty statutes, then the Notice would have been valid. 

In invalidating the notice, the Tax Court decided that Notice 2017-10 was a legislative rule requiring notice-and-comment procedures because it imposed substantive reporting obligations on taxpayers with the threat of penalties. Since the decision, the IRS has issued proposed regulations on the same topic that will go through notice and comment procedures, while continuing to defend the validity of the Notice in other circuits (the Tax Court adopted reasoning from a Sixth Circuit decision).

The Future of Administrative Law and the IRS 

The decision follows other recent cases where courts have pushed the IRS to follow APA rules. However, following the APA is a departure from the past understanding of administrative law’s role in tax law. In the past, “tax exceptionalism” described the misperception that tax law is so complex and different from other regulatory regimes that the rules of administrative law don’t apply. This understanding has allowed the IRS to make multiple levels of regulatory guidance, some binding and some not, all without effective oversight from the courts. Further, judicial review is limited for IRS actions by statute, and even if there’s review, it may be ineffective if the judges are not tax experts. 

This movement towards administrative law has implications for both taxpayers and the IRS. For taxpayers, administrative law principles could provide additional avenues to challenge IRS actions and allow for more remedies. For the IRS, the APA may be an additional barrier to their job of collecting tax revenue. At the end of the day, syndicated conservation easements can be used to defraud the government, and the IRS should do something to curtail their potential for abuse. Following notice-and-comment procedures could delay effective tax administration. However, the IRS is an administrative agency, and it doesn’t make sense to think they can make their own rules or act like they’re not subject to the APA. Either way, administrative law will likely continue to prevail in both federal courts and Tax Court, and it will continue to influence tax law as we know it.

The Mysterious Disappearance of Deference: What Is the Supreme Court’s Current Relationship to Federal Agencies?

February 7, 2022
Administrative Law, Bioethics, Copyrights, Regulatory, Uncategorized

Carly Michaud, MJLST Staffer

The Supreme Court has had no shortage of administrative law cases in the (possibly) final sessions of one of the Court’s administrative law scholars, Justice Stephen Breyer. Yet, Breyer has found himself and his ideological compatriots in the opposition on the topic in which he situates his expertise. In the recent case regarding OSHA’s ability to require COVID-19 vaccines, Breyer’s dissent repeated discusses the proper deference an agency’s determination should be given by the Supreme Court.

Notably absent from the case is any mention of the previous key to the relationship between the courts and federal agencies: Chevron deference. In fact, Chevron U.S.A., Inc. v. National Resources Defense Council, was, (as of a 2014 analysis in the Yale Journal on Regulation) the “Most Cited Supreme Court Administrative Law decision”. While previously considered a niche area, administrative law is now so ubiquitous in practice that as of July 2021, 55 law schools require students take a course in administrative law or one of its mainstays: legislation or statutory interpretation.

In spite of this, Chevron appears nowhere in the discussion of OSHA’s vaccine mandate, nor in the court’s earlier revocation of the CDC’s eviction moratorium. This absence suggests that perhaps this Court has become a body of health experts, relying on their own understanding of COVID-19 to determine whether these agency-created regulations are effective in their mission. Both cases center on whether an agency action to prevent the spread of COVID-19 is within the purview of their empowering statute, and, despite the broad statutory authorities of these agencies to protect the health of Americans, both actions were deemed beyond that authority.

But back to Chevron, has it been abandoned as a standard? Not yet, although there was some discussion of this proposition during the oral argument of American Hospital Association v. Becerra last November. The Court has not released an opinion yet on this case, however the Court of Appeals had previously upheld HHS’s ability to set reembursement rates, per its statutory authority.

In a final thrust of irony, the death knell for Chevron deference may come from a case challenging the very statute and the very agency whose decision-making was at issue in Chevron: the EPA and the Clean Air Act. This is particularly ironic as the EPA administrator whose decision-making was being challenged in Chevron was Anne Gorsuch, the mother of Supreme Court justice and noted antagonist of agency authority: Neil Gorsuch. Yes, in a tale mirroring Hamlet, Neil Gorsuch seems determined to destroy the administrative state that had entangled his mother in various administrative scandals. The latest edition of this showdown between the Gorsuchs and EPA is scheduled for Monday February 28, which will see the Supreme Court hearing arguments in West Virginia v. EPA and its consolidated cases.

This behavior by the Court belies a grave concern both about the continued disempowerment of federal agencies—which have been empowered directly by Congress—at the hands of the unelected judiciary. Further, the most cynical of us may see this as a direct assault on the authority of agencies that some justices may politically disagree with, further disregarding the knowledge of learned experts to push their own political agendas.

Home | Contact Publishing Services | My Account