The CFPB and BNPL: 3 Things to Watch


The Consumer Financial Protection Bureau (CFPB) opened an inquiry into buy now, pay later (BNPL) on Dec. 16, 2021. As part of that inquiry, the CFPB asked for five key BNPL providers to provide data intended to clarify the risks and benefits of this product to consumers. The firms to which the inquiry was directed included Affirm, Afterpay, Klarna, PayPal and and Zip on. The deadline to submit the information was March 1, and it is now time for the agency to decide what’s next.

To understand a bit about what the CFPB may be planning, it’s important to review the letter that the Bureau sent to these companies in December.

In the letter, the Bureau referred to its market monitoring powers under Section 1022(c)(1) and (4) of the Dodd-Frank Act. Historically, the CFPB issued 1022(c)(4) orders to support its efforts to issue specific rulemaking or research reports. Therefore, this part of the letter would suggest that a new policy on BNPL could be a likely outcome from the information collected.

However, even more important is what the letter did not say.

The CFPB did not include any disclaimer in the letter, as it has previously done in other inquiries, that the information won’t be used for enforcement actions. Traditionally, the CFPB has maintained a firewall between its market monitoring function and its enforcement action. Section 1052 of the Dodd-Frank Act establishes the specific enforcement powers of the CFPB and provides that the Bureau may collect information for the purposes of ascertaining whether a financial institution has violated a Federal consumer financial law.

In previous inquiries, such as the order issued in October 2021 against Amazon, Apple, Facebook, Google, PayPal, and Square requesting information about how these firms use personal payments data and manage data access to users, the letter made a distinction between the market monitoring and the enforcement activities. The order said “this is a market-monitoring order …. it is not a supervisory order…. nor is it being issued under section 1052 of the Dodd-Frank Act.”

By contrast, in the letter to the BNPL companies, there is no specific mention of section 1052. Additionally, the letter included a new disclaimer that said, “The Bureau reserves the right to use the information for any purpose permitted by law.”

These changes with respect to previous practice may suggest that the CFPB is willing to use the information collected not only for rulemaking but also to build enforcement cases.

If the CFPB decides to take any action, which it isn’t clear at this moment, there are three areas where the Bureau may be concerned:

  • The accumulation of debt. The regulator is concerned that consumers may spend more than they anticipated, and this may result in charges and fees if the user is not able to cover with funds on hand in their bank account.
  • Regulatory arbitrage. In view of the regulator, some BNPL companies may not be evaluating and/or adhering to the specific consumer protection laws they believe apply to their products.
  • Data harvesting. The CFPB is concerned that BNPL lenders use the consumer’s data to create closed-loop shopping apps with partner merchants, favoriting specific brands and products. While there is nothing wrong with using the data collected in an app or the user’s payment history to provide targeted advertising or to promote certain products, this line of inquiry resembles to the kind of practices probed by antitrust regulators against big tech companies.

Even if BNPL remains largely unregulated, BNPL providers are subject to certain federal and state laws that address fair lending, credit reporting, consumer privacy and the prevention of money laundering. Therefore, the CFPB can bring cases against BNPL providers under several laws, and it also has authority to bring enforcement action against what it regards as unfair, deceptive and abusive acts.

Read also: 44M ‘Invisible Consumers’ Want Credit And Control, New PYMNTS Study Shows