BILLING CODE: 4810-AM-P
CONSUMER FINANCIAL PROTECTION BUREAU
12 CFR Part 1090
[Docket No. CFPB-2023-0053]
RIN 3170-AB17
Defining Larger Participants of a Market for General-Use Digital Consumer Payment
Applications
AGENCY: Consumer Financial Protection Bureau.
ACTION: Final rule.
SUMMARY: The Consumer Financial Protection Bureau (CFPB) issues this rule to define
larger participants of a market for general-use digital consumer payment applications. Larger
participants of this market will be subject to the CFPB’s supervisory authority under the
Consumer Financial Protection Act (CFPA). A nonbank covered person qualifies as a larger
participant if it facilitates an annual covered consumer payment transaction volume of at least 50
million transactions as defined in the rule, and it is not a small business concern.
DATES: This rule is effective [INSERT DATE 30 DAYS AFTER PUBLICATION IN THE
FEDERAL REGISTER].
FOR FURTHER INFORMATION CONTACT: George Karithanom, Regulatory
Implementation and Guidance Program Analyst, Office of Regulations, at 202-435-770. If you

require this document in an alternative electronic format, please contact
CFPB_Accessibility@cfpb.gov.
SUPPLEMENTARY INFORMATION:
I. Overview
Section 1024 of the CFPA,1 codified at 12 U.S.C. 5514, gives the CFPB supervisory
authority over all nonbank covered persons2 offering or providing three enumerated types of
consumer financial products or services: (1) Origination, brokerage, or servicing of consumer
loans secured by real estate and related mortgage loan modification or foreclosure relief services;
(2) private education loans; and (3) payday loans.3 The CFPB also has supervisory authority
over “larger participant[s] of a market for other consumer financial products or services, as
defined by rule[s]” the CFPB issues.4 In addition, the CFPB has the authority to supervise any
nonbank covered person that it “has reasonable cause to determine by order, after notice to the
covered person and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in
conduct that poses risks to consumers with regard to the offering or provision of consumer
financial products or services.”5

Consumer Financial Protection Act of 2010, title X of the Dodd-Frank Wall Street Reform and
Consumer Protection Act, Pub. L. 111-203, 124 Stat. 1376, 1955 (2010) (hereinafter, “CFPA”).
The provisions of 12 U.S.C. 5514 apply to certain categories of covered persons, described in section
(a)(1), and expressly excludes from coverage persons described in 12 U.S.C. 5515(a) (very large insured
depository institutions and credit unions and their affiliates) or 5516(a) (other insured depository
institutions and credit unions). The term “covered person” means “(A) any person that engages in
offering or providing a consumer financial product or service; and (B) any affiliate of a person described
[in (A)] if such affiliate acts as a service provider to such person.” 12 U.S.C. 5481(6).
3

12 U.S.C. 5514(a)(1)(A), (D), (E).

12 U.S.C. 5514(a)(1)(B), (a)(2); see also 12 U.S.C. 5481(5) (defining “consumer financial product or
service”).
12 U.S.C. 5514(a)(1)(C); see also 12 CFR part 1091 (prescribing procedures for making determinations
under 12 U.S.C. 5514(a)(1)(C)). In addition, the CFPB has supervisory authority over very large
depository institutions and credit unions and their affiliates. 12 U.S.C. 5515(a). Furthermore, the CFPB
has certain authorities relating to the supervision of other depository institutions and credit unions.
12 U.S.C. 5516(c)(1). One of the CFPB’s objectives under the CFPA is to ensure that “Federal consumer
financial law is enforced consistently, without regard to the status of a person as a depository institution,
in order to promote fair competition[.]” 12 U.S.C. 5511(b)(4).
This rule (the Final Rule) is the sixth in a series of CFPB rulemakings to define larger
participants of markets for consumer financial products and services for purposes of CFPA
section 1024(a)(1)(B).6 The Final Rule establishes the CFPB’s supervisory authority over
nonbank covered persons that are larger participants in a market for “general-use digital
consumer payment applications.” In establishing the CFPB’s supervisory authority over such
persons, the Final Rule does not impose new substantive consumer protection requirements. In
addition, some nonbank covered persons that would be subject to the CFPB’s supervisory
authority under the Final Rule also may be subject to other CFPB supervisory authorities,
including for example under CFPA section 1024 as a larger participant in another market defined
by a previous CFPB larger participant rule. Finally, regardless of whether they are subject to the
CFPB’s supervisory authority, nonbank covered persons generally are subject to the CFPB’s
regulatory and enforcement authority and to applicable Federal consumer financial law.
The market described in the Final Rule includes providers of funds transfer and payment
wallet functionalities through digital payment applications for consumers’ general use in making
payments to other persons for personal, family, or household purposes. Examples include
consumer financial products and services that are commonly described as “digital wallets,”
“payment apps,” “funds transfer apps,” “peer-to-peer payment apps,” “person-to-person payment
apps,” “P2P apps,” and the like. Providers of consumer financial products and services delivered
through these digital applications help consumers to make a wide variety of consumer payment
transactions, including payments to friends and family and payments for purchases of
nonfinancial goods and services.
The CFPB is authorized to supervise nonbank covered persons that are subject to CFPA
section 1024(a) for purposes of (1) assessing compliance with Federal consumer financial law;

The first five rules defined larger participants of markets for consumer reporting, 77 FR 42874
(July 20, 2012) (Consumer Reporting Rule), consumer debt collection, 77 FR 65775 (Oct. 31, 2012)
(Consumer Debt Collection Rule), student loan servicing, 78 FR 73383 (Dec. 6, 2013) (Student Loan
Servicing Rule), international money transfers, 79 FR 56631 (Sept. 23, 2014) (International Money
Transfer Rule), and automobile financing, 80 FR 37496 (June 30, 2015) (Automobile Financing Rule).
(2) obtaining information about such persons’ activities and compliance systems or procedures;
and (3) detecting and assessing risks to consumers and consumer financial markets.7 The CFPB
conducts examinations of various scopes of supervised entities. In addition, the CFPB may, as
appropriate, request information from supervised entities prior to or without conducting
examinations.8 Section 1090.103(d) of the CFPB’s existing larger participant regulations also
provides that the CFPB may require submission of certain records, documents, and other
information for purposes of assessing whether a person qualifies as a larger participant of a
market as defined by a CFPB larger participant rule.9
Consistent with CFPA section 1024(b)(2), the CFPB has established and implemented a
risk-based supervisory program that is designed to prioritize supervisory activity among nonbank
covered persons subject to CFPA section 1024(a) on the basis of risk.10 The CFPB’s
prioritization process takes into account, among other factors, the size of each entity, the volume
of its transactions involving consumer financial products or services, the size and risk presented
by the market in which it is a participant, the extent of relevant State oversight, and any field and
market information that the CFPB has on the entity. Specifically, as the CFPB Supervision and
Examination Manual explains in greater detail, the CFPB evaluates risks to consumers at marketwide and the institution product line levels. At the market-wide level, the CFPB considers and
compares risks to consumers across different types of products (e.g., mortgage loans or debt
collectors) along with the relative product market size in the overall consumer finance
marketplace. At the institution product line level, the CFPB evaluates and compares risks across
entities that, regardless of status as a nonbank or an insured depository institution or credit union,
12 U.S.C. 5514(b)(1). The CFPB’s supervisory authority also extends to service providers of those
covered persons that are subject to supervision under 12 U.S.C. 5514(a)(1). 12 U.S.C. 5514(e); see also
12 U.S.C. 5481(26) (defining “service provider”).
See, e.g., 12 U.S.C. 5514(b)(1) (authorizing the CFPB both to “require reports and conduct examinations
on a periodic basis” of nonbank covered persons subject to supervision).
9

12 CFR 1090.103(d).

12 U.S.C. 5514(b)(2). The CFPB notes that its prioritization process is not the subject of this
rulemaking.
offer the same or similar products (e.g., providers of mortgage loans). When evaluating risks
across entities in an institution product line, the CFPB considers which entities have business
models and market shares that pose greater risk of harm to consumers. The CFPB also places
significant weight on “field and market intelligence,” which includes findings from prior
examinations and other information about the strength of compliance management systems,
metrics gathered from public reports, and the number and severity of consumer complaints the
CFPB receives.11 Taken together, this approach of assessing risks at the market-wide level and
at the institutional level allows the CFPB to focus on areas where consumers have the greatest
potential to be harmed, specifically, on relatively higher-risk institution product lines within
relatively higher-risk markets. Finally, as described in CFPA section 1024(b)(3), the CFPB also
coordinates its supervisory activities at nonbank covered persons with the supervisory activities
conducted by Federal prudential regulators and State regulatory authorities.12
The specifics of how an examination takes place vary by market and entity. However,
the examination process generally proceeds as follows.13 CFPB examiners contact the entity for
an initial conference with management and often request records and other information. CFPB
examiners may review the components of the supervised entity’s compliance management
system. Based on these discussions and a preliminary review of the information received,
examiners determine the scope of an on-site or remote examination and coordinate with the
entity to initiate this portion of the examination. While on-site or working remotely, examiners
discuss with management the entity’s compliance policies, processes, and procedures; review

See id. For further description of the CFPB’s supervisory prioritization process, see CFPB Supervision
and Examination Manual (updated Sept. 2023), part I.A (pages 11-12 of Overview section),
https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_2023-09.pdf
(last visited Nov. 10, 2024).
12 U.S.C. 5514(b)(3). The Final Rule further describes this coordination in response to general
comments about existing oversight of the market below. As discussed there, the CFPB also coordinates
its supervisory activity with the Federal Trade Commission. The CFPB notes that its coordination
process is not the subject of this rulemaking.
For further description of the CFPB’s examination process, see CFPB Supervision and Examination
Manual, part I.A.
documents and records; test transactions and accounts for compliance; and evaluate the entity’s
compliance management system. At the conclusion of that stage of an examination, examiners
may review preliminary examination findings at a closing meeting. After the closing meeting, if
examiners have identified potential violations of Federal consumer financial law, they also may
provide the entity an opportunity to respond in writing to those potential findings.14 Finally,
examinations may involve issuing confidential examination reports, supervisory letters, and
compliance ratings. In addition to the process described above, the CFPB also may conduct
other supervisory activities, such as periodic monitoring.15
II. Background
On November 17, 2023, the CFPB published a notice of proposed rulemaking to define
larger participants of a market for general-use digital consumer payment applications
(Proposed Rule).16 As described in part V below, the Proposed Rule would have defined a larger
participant as any nonbank covered person that, in the previous calendar year, both facilitated at
least five million consumer payment transactions by providing general-use digital consumer
payment applications and was not a small business concern as defined in the Proposed Rule. The
CFPB requested comment on the Proposed Rule. The CFPB received 59 comments from
consumer advocate organizations (consumer groups), nonprofits, companies, industry
associations, State attorneys general, Members of Congress, and other individuals. The
comments are discussed in more detail below.
III. Summary of the Final Rule
The CFPB is authorized to issue rules to define larger participants in markets for
consumer financial products or services. Subpart A of the CFPB’s existing larger-participant

See, e.g., CFPB, Supervisory Highlights Issue 8, Summer 2015, sec. 3.1.3 (describing supervision
process of sending a Potential Action and Request for Response (PARR) letter to a supervised entity),
https://files.consumerfinance.gov/f/201506_cfpb_supervisory-highlights.pdf (last visited Nov. 5, 2024).
CFPB Supervision and Examination Manual, part I.A (page 12 of Overview section describing
supervisory monitoring).
16

88 FR 80197 (Nov. 17, 2023).

regulation, 12 CFR part 1090, prescribed procedures, definitions, standards, and protocols that
apply to the CFPB’s supervision of larger participants.17 Those generally-applicable provisions
will apply to the CFPB’s supervision of larger participants in the general-use digital consumer
payment application market described by the Final Rule. The definitions in § 1090.101 should
be used to interpret terms in the Final Rule unless otherwise specified.
The CFPB includes relevant market descriptions and associated larger-participant tests,
as it develops them, in subpart B.18 Accordingly, the Final Rule defining larger participants of a
market for general-use digital consumer payment applications is codified in § 1090.109 in
subpart B.
The CFPB is finalizing the Proposed Rule largely as proposed, with certain changes
described below, including changes to increase the transaction threshold that the CFPB will use
as part of the test to assess when a nonbank covered person is a larger participant of a market for
general-use digital consumer payment applications.
The Final Rule defines larger participants of a market for general-use digital consumer
payment applications. That market encompasses specific activities. The market definition
generally includes nonbank covered persons that provide funds transfer or payment wallet
functionalities through a digital payment application for consumers’ general use in making
consumer payments transactions as defined in the Final Rule. The Final Rule defines “consumer
payment transactions” to include payments to other persons for personal, household, or family
purposes, excluding certain transactions as described in more detail in the section-by-section
analysis in part V below. The Final Rule also identifies a limited set of digital payment
applications that do not fall within the proposed market definition because they do not have
general use for purposes of the Final Rule.

12 CFR 1090.100 through 103.

12 CFR 1090.104 (consumer reporting market); 12 CFR 1090.105 (consumer debt collection market);
12 CFR 1090.106 (student loan servicing market); 12 CFR 1090.107 (international money transfer
market); 12 CFR 1090.108 (automobile financing market).
The Final Rule sets forth a test to determine whether a nonbank covered person is a larger
participant of the general-use digital consumer payment applications market. As further
explained below, a nonbank covered person is a larger participant if it satisfies two criteria.
First, the nonbank covered person (together with its affiliated companies) must provide generaluse digital consumer payment applications with an annual volume of at least 50 million
consumer payment transactions denominated in U.S. dollars. Second, the nonbank covered
person must not be a small business concern based on the applicable Small Business
Administration (SBA) size standard. As prescribed by subpart A of the CFPB’s general larger
participant regulation, any nonbank covered person that qualifies as a larger participant would
remain a larger participant until two years from the first day of the tax year in which the person
last met the larger-participant test.19
As noted above, § 1090.103(d) of the CFPB’s existing larger participant regulation
provides that the CFPB may require submission of certain records, documents, and other
information for purposes of assessing whether a person is a larger participant of a market as
defined by a CFPB larger participant rule.20 As with the CFPB’s other larger participant rules
codified in subpart B, this authority will be available to facilitate the CFPB’s identification of
larger participants of the general-use digital consumer payment applications market. In addition,
pursuant to existing § 1090.103(a), a person will be able to dispute whether it qualifies as a
larger participant in the general-use digital payment applications market. The CFPB will notify
an entity when the CFPB intends to undertake supervisory activity; if the entity claims not to be
a larger participant, it will then have an opportunity to submit documentary evidence and written
arguments in support of its claim.21

12 CFR 1090.102.

12 CFR 1090.103(d).

12 CFR 1090.103(a).

IV. Legal Authority and Procedural Matters
A. Rulemaking Authority
The CFPB is issuing the Final Rule pursuant to its authority under the CFPA, as follows:
(1) sections 1024(a)(1)(B) and (a)(2), which authorize the CFPB to supervise nonbanks that are
larger participants of markets for consumers financial products or services, as the CFPB defines
by rule;22 (2) section 1024(b)(7), which, among other things, authorizes the CFPB to prescribe
rules to facilitate the supervision of covered persons under section 1024;23 and (3) section
1022(b)(1), which grants the CFPB the authority to prescribe rules as may be necessary or
appropriate to enable the CFPB to administer and carry out the purposes and objectives of
Federal consumer financial law, and to prevent evasions of such law.24
B. Consultation with Other Agencies
In developing the Final Rule and the Proposed Rule, the CFPB consulted with the
Federal Trade Commission (FTC), as well as with the Board of Governors of the Federal
Reserve System, the Commodity Futures Trading Commission (CFTC), the Federal Deposit
Insurance Corporation (FDIC), the Financial Crimes Enforcement Network, the National Credit
Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the
Securities and Exchange Commission (SEC), on, among other things, consistency with any
prudential, market, or systemic objectives administered by such agencies.25

12 U.S.C. 5514(a)(1)(B), (a)(2).

12 U.S.C. 5514(b)(7).

12 U.S.C. 5512(b)(1).

Specifically, 12 U.S.C. 5514(a)(2) directs that the CFPB consult with the FTC prior to issuing a final
rule to define larger participants of a market pursuant to CFPA section 1024(a)(1)(B). In addition,
12 U.S.C. 5512(b)(2)(B) directs the CFPB to consult, before and during the rulemaking, with appropriate
prudential regulators or other Federal agencies, regarding consistency with objectives those agencies
administer. The manner and extent to which provisions of 12 U.S.C. 5512(b)(2) apply to a rulemaking of
this kind that does not establish standards of conduct are unclear. Nevertheless, to inform this rulemaking
more fully, the CFPB performed the consultations described in that provision of the CFPA.
Some commenters questioned whether the CFPB met its consultation obligations based on the statement
in the proposal that it “consulted with or provided an opportunity for consultation and input to” the FTC
and certain other agencies. 88 FR 80197 at 80199. The CFPB clarifies that it did meet during the

V. Section-by-Section Analysis
Part 1090
Subpart B—Markets
Section 1090.109 General-use digital consumer payment applications market
Proposed Rule
As described further below, the CFPB proposed to establish CFPB authority to supervise
nonbank covered persons that are larger participants in this market because: (1) the market has
grown dramatically and become increasingly important to the everyday financial lives of
consumers; (2) CFPB supervisory authority over its larger participants would help the CFPB to
promote compliance with Federal consumer financial law; (3) that authority would help the
CPFB to detect and assess risks to consumers and the market, including emerging risks; and
(4) that authority would help the CFPB to ensure consistent enforcement of Federal consumer
financial law between nonbanks and insured banks and credit unions.
To accomplish these goals, the Proposed Rule would have added to existing subpart B of
part 1090 of the CFPB’s rules a new § 1090.109 establishing CFPB supervisory authority over
nonbank covered persons who are larger participants in a market for general-use digital
consumer payment applications.26
As the Proposed Rule explained, many nonbanks provide consumer financial products
and services that allow consumers to use digital applications accessible through personal

rulemaking process with the FTC and other agencies listed above to consult about the rule. Some
commenters also suggested that the CFPB is specifically required to consult with the FTC’s Bureau of
Competition, in line with those commenters’ view that the CFPB must apply antitrust principles when
defining a market for a larger participant rule. However, the relevant statutory provision,
12 U.S.C. 5514(a)(2), by its terms requires the CFPB to consult with the FTC, and not with specific
divisions of the FTC. The CFPB addresses comments regarding the applicability of antitrust principles in
discussion of general comments in part V further below.
As explained in the Proposed Rule and discussed further below, the general-use digital payment
applications described in this Final Rule are “financial products or services” under the CFPA.
12 U.S.C. 5481(15)(A)(iv), (vii). Nonbanks that offer or provide such financial products or services to
consumers primarily for personal, family, or household purposes are “covered persons” under the CFPA.
12 U.S.C. 5481(5)(A), (6).
computing devices, such as mobile phones, tablets, smart watches, or computers, to transfer
funds to other persons. Some nonbanks also provide consumer financial products and services
that allow consumers to use digital applications on their personal computing devices to store
payment credentials they can then use to purchase goods or services at a variety of stores,
whether by communicating with a checkout register or a self-checkout machine, or by selecting
the payment credential through a checkout process at ecommerce websites. Subject to the
definitions, exclusions, limitations, and clarifications discussed in the Proposed Rule, the
proposed market definition generally would have covered these consumer financial products and
services.
The Proposed Rule explained that the CFPB proposed to establish supervisory authority
over nonbank covered persons who are larger participants in this market because this market has
large and increasing significance to the everyday financial lives of consumers.27 Consumers are
growing increasingly reliant on general-use digital consumer payment applications to initiate
payments.28 Recent market research indicates that 76 percent of Americans have used at least

The Proposed Rule explained that, in proposing a larger participant rule for this market, the CFPB was
not proposing to determine the relative risk posed by this market as compared to other markets. It noted
that, as explained in its previous larger participant rulemakings, “[t]he Bureau need not conclude before
issuing a [larger participant rule] that the market identified in the rule has a higher rate of noncompliance, poses a greater risk to consumers, or is in some other sense more important to supervise than
other markets.” 88 FR 80197 at 80200 (citing Consumer Debt Collection Larger Participant Rule,
77 FR 65775 at 65779).
See CFPB, Issue Spotlight: Analysis of Deposit Insurance Coverage Through Payment Apps
(June 1, 2023) (CFPB Deposit Insurance Spotlight), https://www.consumerfinance.gov/dataresearch/research-reports/issue-spotlight-analysis-of-deposit-insurance-coverage-on-funds-storedthrough-payment-apps/full-report/ (last visited Oct. 23, 2023); see also McKinsey & Company,
Consumer digital payments: Already mainstream, increasingly embedded, still evolving (Oct. 20, 2023)
(describing results of consulting firm’s annual survey reporting that for the first time, more than 90
percent of U.S. consumers surveyed in August 2023 reported using some form of digital payment over the
course of a year), https://www.mckinsey.com/industries/financial-services/our-insights/bankingmatters/consumer-digital-payments-already-mainstream-increasingly-embedded-still-evolving (last
visited Oct. 30, 2023); J.D. Power, Banking and Payments Intelligence Report (Jan. 2023) (reporting
results of a survey of Americans that found that from the first quarter of 2021 to the third quarter of 2022,
the number of respondents who had used a mobile wallet in the past three months rose from 38 percent to
49 percent), https://www.jdpower.com/business/resources/mobile-wallets-gain-popularity-growingnumber-americans-still-prefer-convenience (last visited Oct. 23, 2023); PULSE, PULSE Study Finds
Debit Issuers Focused on Digital Payments, Mobile Self-Service, Fraud Mitigation (Aug. 17, 2023)
(reporting that nearly 80 percent of debit card issuers reported increases in consumers’ use of mobile
one of four well-known P2P payment apps, representing substantial growth since the first of the
four was established in 1998.29 Even among consumers with annual incomes lower than $30,000
who have more limited access to digital technology,30 61 percent reported using P2P payment
apps.31 And higher rates of use by U.S. adults in lower age brackets may drive further growth
well into the future.32 Across the United States, merchant acceptance of general-use digital

wallets in 2022), https://www.pulsenetwork.com/public/insights-and-news/news-release-2023-debitissuer-study/ (last visited Oct. 30, 2023); FIS, The Global Payments Report (2023) (FIS 2023 Global
Payments Report) at 175 (industry study reporting that in 2022 digital wallets became the leading
payment preference of U.S. consumers shopping online), https://www.fisglobal.com//media/fisglobal/files/campaigns/global-payments%20report/FIS_TheGlobalPaymentsReport_2023.pdf
(last visited Nov. 5, 2024); Digital Payment Industry in 2023: Payment methods, trends, and tech
processing payments electronically, eMarketer (formerly known as Insider Intelligence) (Jan. 9, 2023)
(projecting 2023 transaction volume by U.S. P2P mobile payment app providers to reach over $1.1
trillion), https://www.emarketer.com/insights/digital-payment-services/ (last visited Nov. 5, 2024);
Consumer Reports Survey Group, Peer-to-Peer Payment Services (Jan. 10, 2023) (Consumer Reports
P2P Survey) at 1 (reporting results from a survey finding that four in ten Americans use P2P services at
least once a month), https://advocacy.consumerreports.org/wp-content/uploads/2023/01/P2P-Report-4Surveys-2022.pdf (last visited Oct. 23, 2023); Kevin Foster, Claire Greene, and Joanna Stavins, 2022
Survey and Diary of Consumer Payment Choice: Summary Results (Sept. 17, 2022) at 8 (reporting results
of survey conducted by Federal Reserve System staff finding that, as of 2022, two thirds of consumers
reported adopting one or more online payment accounts in the previous 12 months – a share that was
nearly 20 percent higher than five years earlier), https://www.atlantafed.org//media/documents/banking/consumer-payments/survey-diary-consumer-paymentchoice/2022/sdcpc_2022_report.pdf (last visited Oct. 30, 2023); FDIC, FDIC National Survey of
Unbanked and Underbanked Households (2021) at 33 (Table 6.4 reporting finding that nearly half of all
households (46.4 percent) used a nonbank app in 2021), https://www.fdic.gov/analysis/householdsurvey/2021report.pdf (last visited Oct. 23, 2023).
See, e.g., Monica Anderson, Pew Research Center, Payment apps like Venmo and Cash App bring
convenience – and security concerns – to some users (Sept. 8, 2022) (Pew 2022 Payment App Article),
https://www.pewresearch.org/short-reads/2022/09/08/payment-apps-like-venmo-and-cash-app-bringconvenience-and-security-concerns-to-some-users/ (last visited Oct. 23, 2023).
Emily A. Vogels, Pew Research Center, Digital divide persists even as Americans with lower incomes
make gains in tech adoption (June 22, 2021) (reporting results of early 2021 survey by Pew Research
Center, finding 76 percent of adults with annual household incomes less than $30,000 have a smartphone
and 59 percent have a desktop or laptop computer, compared with 87 percent and 84 percent respectively
of adults with household incomes between $30,000 and $99,999, and 97 percent and 92 percent
respectively of adults with household incomes of $100,000 or more), https://www.pewresearch.org/shortreads/2021/06/22/digital-divide-persists-even-as-americans-with-lower-incomes-make-gains-in-techadoption/ (last visited Oct. 23, 2023).
Consumer Reports P2P Survey at 2 (55 percent reported ongoing use and six percent stated they used to
use this kind of service).
See id. (85 percent of surveyed consumers aged 18 to 29 and 85 percent of surveyed consumers aged 30
to 44 reported using a digital payment application, compared with 67 percent of consumers aged 45 to 59
and 46 percent of consumers aged 60 and over); see also Ariana-Michele Moore, The U.S. P2P Payments
Market: Surprising Data Reveals Banks are Missing the Mark (AiteNovarica 2023 Impact Report) at 6,
24 (Figure 13 reporting 94 percent and 86 percent adoption of P2P accounts and digital wallets among the
consumer payment applications also has rapidly expanded as businesses seek to make it as easy
as possible for consumers to make purchases through whatever is their preferred payment
method.33
The Proposed Rule described how consumers rely on general-use digital consumer
payment applications for many aspects of their everyday lives. In general, consumers make
payments to other individuals for a variety of reasons, including sending gifts or making
informal loans to friends and family and purchasing goods and services, among many others.34
Consumers can use digital applications to make payments to individuals for these purposes, as
well as to make payments to businesses, charities, and other organizations. According to one
recent market report, nonbank digital payment apps have rapidly grown in the past few years to
become the most popular way to send money to other individuals other than cash,35 and are used

youngest adult cohort born between 1996 and 2002, compared with 57 percent and 40 percent among the
oldest cohort born before 1995), https://aite-novarica.com/report/us-p2p-payments-market-surprisingdata-reveals-banks-are-missing-mark (last visited Oct. 23, 2023) and https://datosinsights.com/reports/us-p2p-payments-market-surprising-data-reveals-banks-are-missing-mark/ (last
visited Nov. 5, 2024).
See Geoff Williams, Retailers are embracing alternative payment methods, though cards are still king
(Dec. 1, 2022) (National Retail Federation article citing its 2022 report describing a Forrester survey
indicating that 80 percent of merchants accept Apple Pay or plan to do so in the next 18 months, 65
percent of merchants accept Google Pay or plan to do so in the next 18 months, and, online, 74 percent
accept PayPal or plan to do so), https://nrf.com/blog/retailers-are-embracing-alternative-paymentmethods-though-cards-are-still-king (last visited Oct. 23, 2023); see also The Strawhecker Group (TSG),
Merchants respond to Consumer Demand by Offering P2P Payments (June 8, 2022) (TSG: Merchants
Offering P2P Payments) (reporting results of TSG and Electronic Transactions Association survey of over
500 small businesses merchants finding that 82 percent accept payment through at least one digital P2P
option), https://thestrawgroup.com/merchants-respond-to-consumer-demand-by-offering-p2p-payments/
(last visited Oct. 23, 2023).
AiteNovarica 2023 Impact Report at 8-9 (Figure 1 reporting 66 percent of 5,895 consumers surveyed
reported making at least one domestic P2P payment in 2022 whether via digital means or not, and Figure
2 reporting that, of consumers who made P2P payments in 2022, among other purposes, 70 percent did so
for birthday gifts, 64 percent for holiday gifts, 49 percent for other gift occasions, 46 percent to lend
money, 41 percent to make a charitable contribution, 39 percent paid for services, 39 percent purchased
items, 31 percent provided funds in an emergency situation, and 18 percent provided financial support).
Id. at 25 (Figure 14 reporting that, among other payment methods or sources, 74 percent of consumers
made P2P payments in cash, 69 percent used alternative digital P2P payment services, defined as services
offered by nonbank providers via mobile app, web service, or digital wallet, and 27 percent used Zelle
through a bank’s mobile application).
for a higher number of such transactions than cash.36 For many consumers, general-use digital
consumer payment applications offer an alternative, technological replacement for non-digital
payment methods.37 Consumers increasingly have adopted general-use digital consumer
payment applications38 as part of a broader movement toward noncash payments.39 Amid
growing merchant acceptance of general-use digital consumer payment applications, consumers
with middle and lower incomes use digital consumer payment applications for a share of their
overall retail spending that rivals or exceeds their use of cash.40 Such applications now have a
share of ecommerce payments volume that is similar to or greater than other traditional payment
methods such as credit cards and debit cards used outside of such applications.41 Such
applications also have been gaining an increasing share of in-person retail spending.42
Id. at 27-28 (Figure 15 reporting that, compared with 20 percent of P2P transactions made in cash, 37
percent of P2P transactions made through alternative P2P payment services).
See Marqueta, 2022 State of Consumer Money Movement Report (May 26, 2022) at 1 (summary of
report describing results of industry survey finding that 56 percent of US consumers felt comfortable
leaving their non-digital wallet at home and taking their phone with them to make payments),
https://www.marqeta.com/resources/2022-state-of-consumer-money-movement (last visited
Oct. 23, 2023).
AiteNovarica 2023 Impact Report at 24 (Figure 13 reporting 81 percent of U.S. adults surveyed held
one or more P2P accounts and 69 percent had one or more digital wallets).
The Federal Reserve Payments Study: 2022 Triennial Initial Data Release (indicating a rapid increase
in core non-cash payments between 2018 and 2021 and a rapid decline in ATM cash withdrawals during
the same period), https://www.federalreserve.gov/paymentsystems/fr-payments-study.htm (last visited
Nov. 19, 2024).
PYMNTS, Digital Economy Payments: The Ascent of Digital Wallets (Feb. 2023) at 16-17 (December
2022 survey finding 6.1 percent of overall consumer spending by consumers with lower incomes made
using digital consumer payment applications, compared with 9.9 percent of consumer spending by
consumers with middle-level incomes), https://www.pymnts.com/study/digital-economy-paymentsecommerce-shopping-retail-consumer-spending/ (last visited Oct. 23, 2023).
See FIS 2023 Global Payments Report at 176 (reporting 32 percent share of ecommerce transactions,
by value, made using a digital wallet, compared with 30 percent by credit card and 20 percent by debit
card).
See, e.g., 2023 Pulse Debit Issuer Study (Aug. 17, 2023) at 11 (reporting that mobile wallet use at point
of sale nearly doubled in 2022, representing nearly 10 percent of total debit card purchase transactions in
2022), https://content.pulsenetwork.com/2023-debit-issuer-study/2023-pulse-debit-issuer-study-whitepaper (last visited Nov. 5, 2024); Digital Economy Payments: The Ascent of Digital Wallets at 12
(December 2022 survey finding 7.5 percent of in-person consumer purchase volume made with a digital
consumer payment application). See also CFPB Issue Spotlight, Big Tech’s Role in Contactless
Payments: Analysis of Mobile Devices Operating Systems and Tap-to-Pay Practices (Sept. 7, 2023)
(CFPB Contactless Payments Spotlight) (describing market report by Juniper Research forecasting that
the value of digital wallet tap-to-pay transactions will grow by over 150 percent by 2028),
The Proposed Rule would have brought nonbanks that qualified as larger participants in a
market for general-use digital consumer payment applications under the CFPB’s supervisory
jurisdiction.43 The Proposed Rule explained that supervision of larger participants, who engage
in a substantial portion of the overall activity in this market, would help to ensure that they are
complying with applicable requirements of Federal consumer financial law, such as the CFPA’s
prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the
Gramm-Leach-Bliley Act (GLBA) and its implementing Regulation P,44 and the Electronic Fund
Transfer Act (EFTA) and its implementing Regulation E.45 The Proposed Rule also explained
that, as firms increasingly offer funds transfer and wallet functionalities through general-use
digital consumer payment applications, the rule would enable the CFPB to detect and assess new
risks to both consumers and the market.46 As stated in the Proposed Rule, the CFPB’s ability to
detect and assess emerging risks is critical as new product offerings blur the traditional lines of
banking and commerce.47
The Proposed Rule explained that the CFPB regularly supervises depository institutions
that provide general-use digital consumer payment applications.48 As the Proposed Rule noted,
greater supervision of nonbanks in this market therefore would further the CFPB’s statutory

https://www.consumerfinance.gov/data-research/research-reports/big-techs-role-in-contactless-paymentsanalysis-of-mobile-device-operating-systems-and-tap-to-pay-practices/full-report/ (last visited
Oct. 23, 2023).
12 U.S.C. 5514(a)(1)(B).

See generally 12 CFR part 1016—Privacy of Consumer Financial Information (CFPB’s Regulation P
implementing 15 U.S.C. 6804).
15 U.S.C. 1693 et seq., implemented by Regulation E, 12 CFR part 1005. See, e.g., 12 CFR 1005.11
(Procedures for financial institutions to resolve errors).
88 FR 80197 at 80201 & n.43 (citing CFPB, The Convergence of Payments and Commerce:
Implications for Consumers (Aug. 2022) (CFPB Report on Convergence of Payments and Commerce) at
sec. 4.1 (highlighting the potential that consumer financial data and behavioral data are used together in
increasingly novel ways), https://files.consumerfinance.gov/f/documents/cfpb_convergence-paymentscommerce-implications-consumers_report_2022-08.pdf (last visited Oct. 27, 2023)).
47

See generally id.

For example, as the Proposed Rule noted, some depository institutions and credit unions provide
general bill-payment services and other types of electronic fund transfers through digital applications for
consumer deposit accounts. Id. at n.45.
objective of ensuring that Federal consumer financial law is enforced consistently between
nonbanks and depository institutions in order to promote fair competition.49
The Proposed Rule also recognized that States have been active in regulation of money
transmission by money services businesses and that many States actively examine money
transmitters.50 The Proposed Rule stated that the CFPB would coordinate with appropriate State
regulatory authorities in examining larger participants.

12 U.S.C. 5511(b)(4).

88 FR 80197 at 80198 n.12, 80214 n.108 (citing CSBS, Reengineering Nonbank Supervision, Ch. 4:
Overview of Money Services Businesses (Oct. 2019) (CSBS Reengineering Nonbank Supervision MSB
Chapter), https://www.csbs.org/sites/default/files/other-files/Chapter%204%20%20MSB%20Final%20FINAL_updated_0.pdf (last visited Nov. 5, 2024)).
General Comments Received51
In this part of the section-by-section analysis, the Final Rule summarizes and responds to
comments about general aspects of the proposal, including the rulemaking process, the CFPB’s
general reasons for issuing the proposal, and certain other general topics.
Comments on rulemaking process
Some comments addressed the rulemaking process. First, some commenters suggested
that the CFPB should not have issued, and should not finalize, the Proposed Rule during the
pendency of a Supreme Court case concerning the constitutionality of the CFPB’s funding
structure under the Appropriations Clause.52 Second, some industry commenters, a nonprofit
commenter, an individual commenter, and some Members of Congress asked the CFPB to
extend the comment period, such as by an additional 30 or 45 days. These commenters cited
various reasons for their request, including the number of holidays during the comment period,
the complexity of the proposed market including coverage of digital assets, the complexity of the
proposed larger-participant test that included multiple steps, a need for more specifics regarding
which products and services were encompassed in the market and the risks the CPFB believed
they pose that justify the need for the Proposed Rule, and overlap between the comment period
for the Proposed Rule, the comment period for the CFPB’s proposal regarding personal financial
data rights, and the CFPB’s new market-monitoring orders covering some of the same entities.
One industry commenter added that the decision not to extend the comment period formed part
of the basis for their view that the CFPB should withdraw the Proposed Rule.
Comments on the large and growing market

Some commenters provided additional recommendations that are outside the scope of this rulemaking,
such as increasing education of consumers who use general-use digital consumer payment applications,
promulgating new consumer protections for these consumers, or imposing information collection
requirements such as collecting the legal entity identifier (LEI) of larger participants. The Final Rule
does not address these comments, which are outside the scope of a rulemaking under CFPA
section 1024(a)(1)(B) to define and establish supervisory authority over larger participants in a market for
consumer financial products and services. In addition, a consumer group suggested that the CFPB the
CFPB expressly clarify that meeting the definition of a larger participant does not automatically cause
Commenters agreed that the market for general-use digital consumer payment
applications has grown substantially in recent years. For example, consumer groups, several
nonprofits, a payment network, an industry association, two banking industry associations, and a
credit union association agreed (and an industry provider acknowledged53) that there has been
rapid growth and widespread consumer adoption of general-use digital consumer payment
applications. In support of their view, these commenters cited data in the Proposed Rule as well
as other public information. An industry association stated that digital consumer payment
applications have helped millions of U.S. consumers to send money to friends and family and
make retail payments more efficient. A group of State attorneys general noted that a significant
portion of consumers with lower incomes frequently rely upon general-use digital consumer
payment applications. Two nonprofit commenters also agreed that adoption by younger
individuals may drive further growth.54 An industry association observed that the proposed
market has experienced rapid increases in consumer adoption that likely will continue. As a
consequence, this commenter described this market as still in what industry lifecycle literature
describes as a stage of market growth as opposed to market maturity.
Several of these commenters stated that these general-use digital consumer payment
applications increasingly are accepted by retailers and embedded into in-person and online

application of exclusions in State privacy laws for GLBA compliance and that the CFPB coordinate with
States to avoid risk of preempting State privacy laws when the CFPB supervises for compliance with the
GLBA and its implementing Regulation P. This rulemaking does not establish or interpret substantive
consumer protection requirements and thus does not interpret Regulation P (including its provision
describing its relationship with State laws in 12 CFR 1016.17); it also does not itself govern State
coordination, which occurs separately when the CFPB carries out nonbank supervision.
See CFPB v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 416 (2024) (U.S. argued Oct. 3, 2023).

As discussed further below, this commenter stated that growth alone was insufficient to justify the
Proposed Rule, and that the CFPB must make certain specific findings regarding market risk. The Final
Rule responds to those comments further below in the discussion of general comments about the
relevance of risks to consumers to the rulemaking.
While not disputing the rapid growth in the market, some other industry commenters suggested that the
broader consumer payments sector should be considered, including when defining the market and setting
the threshold for the larger-participant test, as discussed in the section-by-section analysis of those
provisions further below.
commerce, which is itself growing. They pointed to this as one trend driving existing growth
and future growth in the market. A comment from several consumer groups stated that as
merchants seek to avoid interchange fees, they will increasingly rely upon digital payment
applications as a payment method at the point of sale. A banking association and consumer
group stated that they also expected the lines between banking, commerce, and technology to
further converge and blur.55 A comment from several consumer groups stated that nonbank
providers of consumer financial products and services have greater latitude under U.S. law to
integrate those products into commercial platforms, and that large technology firms’ business
models depend on data collection.56
Another nonprofit commenter suggested in general terms that CFPB supervision of larger
participants in the general-use digital consumer payment applications market could help the
CFPB to detect and assess risks to the U.S. financial system. It stated that the market may
present such risk, given how general-use digital consumer payment applications facilitate a high
volume of transactions, including flows of funds through stored value accounts that are not
FDIC-insured.
However, some industry and nonprofit commenters stated that the rapid growth in the
market and widespread consumer adoption merely indicates that the market is successful and
popular among consumers. In their view, as discussed further below, the fact that the market is

One of these commenters pointed to an industry white paper describing a trend in the market toward
“embedding financial services into nonfinancial apps and other digital experiences.” Google LLC White
Paper, Embedded finance: The new gold rush in financial services (2021) (Google LLC Embedded
Finance White Paper) at 4 (“These embedded experiences will soon permeate all aspects of our lives that
involve money – and they’ll feel so frictionless that users won’t be aware of the underlying work financial
institutions are doing to support these transactions.”), at 6 (“Embedded finance means, simply, embedding
your financial services in the non-financial products, services or technologies consumers already use and
love. Since they spend much of their time in non-financial applications in their everyday lives -- but only
a fractional amount of time in financial applications -- the growth opportunity for financial services
companies is considerable.”), https://cloud.google.com/resources/financial-services-embedded-financewhitepaper (last visited Nov. 5, 2024).
One consumer group commenter added that in its view, Big Tech firms have a business model that
seeks to maximize data collection based on different goals from publicly-chartered and regulated financial
institutions.
large and growing market is not an adequate basis for subjecting its larger participants to
supervision, absent findings of risks to consumers or markets or market failures.57
Comments on promoting compliance with Federal consumer financial law
The Proposed Rule stated that CFPB supervision of larger participants would promote
compliance with applicable requirements of Federal consumer financial law. A group of State
attorneys general, consumer groups, some nonprofit and individual commenters, a banking
association, and a comment from a payment network and an industry association generally
agreed that the proposal would serve this purpose, as described below. However, as described
further below, some industry and nonprofit and other commenters disagreed or stated that the
proposal did not provide sufficient support for the claim that it would serve this purpose.58
Several commenters expressed concern that larger participants may be violating or
inadequately incentivized to comply with one or more of the Federal consumer financial laws
cited in the Proposed Rule. A joint comment from consumer groups stated that consumers are
exposed to unfair, deceptive and abusive practices in the payments area, and stated that oversight
of this market is needed to ensure market participants comply with the prohibition against unfair,
deceptive, and abusive acts and practices.59 This comment assessed the risk of abusive practices
as high due to what the comment described as lack of competition and consumer choice with
respect to the larger participants defined in the Proposed Rule. A comment from a group of State
attorneys general stated that the Proposed Rule, coupled with existing State consumer protection
statutes, would allow the Federal and State governments to work together to prevent and abate
unfair, deceptive, and abusive acts and practices in the market. A consumer group and a

The Final Rule further summarizes and responds to those comments in the discussion below of general
comments on detecting and assessing risks (including emerging risks) to consumers and markets.
Some commenters also suggested that existing State and Federal oversight of some market activities,
including for compliance with Federal consumer financial law, was adequate. The Final Rule separately
addresses comments on those general topics further below.
See 12 U.S.C. 5531, 5536 (prohibiting unfair, deceptive, and abusive acts and practices in connection
with the offering or provision of consumer financial products and services).
nonprofit commenter stated that the Proposed Rule would be especially useful in promoting
compliance with the prohibition against unfair, deceptive, and abusive acts and practices by
companies that provide financial services to incarcerated and recently incarcerated persons. And
a consumer group and nonprofit commenter stated that it was common sense that unfair,
deceptive, and abusive acts and practices protections be applied to new entrants and technologies
like those described in the Proposed Rule.
As an example of how supervision of larger participants would promote compliance, a
banking association noted that the CFPB’s publication Supervisory Highlights60 communicates
CFPB expectations of compliance to the overall market and encouraged its use in this market,
and stated that the proposal should enable the CFPB to publish Supervisory Highlights
identifying problematic conduct in this market. A comment from several consumer groups
pointed to findings in Supervisory Highlights related to violations of Regulation E and other
provisions of Federal consumer financial law violations at banks. The comment stated that the
CFPB also should supervise larger nonbank companies handling consumer payments, including
payment apps, because such violations at nonbanks are just as likely if not more so.
Regarding EFTA and Regulation E, a comment from consumer groups stated that
oversight is needed to ensure payment app and digital wallet providers comply with the EFTA’s
consumer protections for electronic fund transfers, highlighted payment fraud as a significant
risk, and stated that violations of the EFTA related to digital payments are extremely common,
even among banks that are closely supervised by regulators. The commenter cited to several
findings of EFTA violations from CFPB examinations in this area that the CFPB has published

The CFPB periodically publishes Supervisory Highlights to share key examination findings in order to
help industry limit risks to consumers and comply with Federal consumer financial law. Each
Supervisory Highlights publication shares recent examination findings, including information about
recent enforcement actions that resulted, at least in part, from the CFPB’s supervisory activities. These
reports also communicate operational changes to the CFPB’s supervision program and provide a
convenient and easily-accessible resource for information on the CFPB’s recent guidance documents.
Supervisory Highlights does not refer to any specific institution in order to maintain the confidentiality of
supervised entities. See https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last
visited Nov. 5, 2024).
in Supervisory Highlights. A credit union association commenter stated that nonbanks that offer
consumer payment services have error resolution responsibilities under Regulation E which the
CFPB cannot effectively assess without exercising supervisory authority.
Commenters also addressed risks posed to consumers associated with potential violations
of the GLBA and Regulation P.61 A comment from a group of State attorneys general supported
the Proposed Rule in part because it would allow the CFPB to examine digital payment
applications for compliance with the privacy provisions of the GLBA. The comment stated the
Proposed Rule would permit the CFPB to address the critical data privacy issues posed by digital
payment applications by allowing the CFPB to assess how applications are storing, using, and
sharing their collections of sensitive consumer data as well as changes to larger participants’
privacy policies. A consumer group commenter stated that its review had identified multiple
risks associated with peer-to-peer payment application companies. The commenter stated that
more than 25,000 consumers had signed a petition urging the CFPB to take action with respect to
various risks posed by payments applications, including risks associated with fraud and
collection and storage of consumer information.62
Other commenters such as a company, nonprofits, and an industry association stated that
the Proposed Rule did not adequately assess the degree of existing compliance or otherwise
explain how it would promote compliance. For example, one commenter criticized the statement
in the proposal that CFPB supervision would incentivize compliance as circular, given what it
viewed as inadequate discussion in the Proposed Rule of the level of existing non-compliance or
risks of non-compliance.63 In addition, several industry comments suggested that

Title V, subtitle A of the GLBA and its implementing regulation, Regulation P, govern the treatment of
nonpublic personal information about consumers by financial institutions.
Similarly, other commenters emphasized potential risks with respect to use of consumer data and risks
to consumer privacy that may be associated with payment application and digital wallet providers,
including the risk of losing money through fraud or mistakes or having personal data collected and
shared.
Further below, the Final Rule summarizes and responds to comments more broadly addressing the
general topic of risks to consumers in the market.
EFTA/Regulation E, GLBA/Regulation P, or both do not apply to certain market participants,
which they viewed as undermining the notion that the Proposed Rule would promote compliance
with Federal consumer financial law. A company commenter added that the proposal did not
explain how the prohibition against unfair, deceptive, or abusive acts or practices applied to
market participants, or why supervision is the appropriate mechanism to identify and prevent any
anticipated violations of Federal consumer financial law more broadly. Further, an industry
commenter stated that State supervision by itself is more effective and better at enforcing the law
than CFPB supervision.
Comments on detecting and assessing risks to consumers and markets, including
emerging risks
Comments from a group of State attorneys general, a payment network, a banking
association, consumer groups, and nonprofits agreed that CFPB supervision of larger participants
in this market would help the CFPB to detect and assess risks to consumers and markets,
including emerging risks, in this rapidly growing and evolving market. For example, an industry
association generally described the potential for CFPB supervision to promote maturity in the
market, which it described as immature and rapidly evolving.64 In addition, these comments
pointed to several reasons why the CFPB supervision and examination process is well suited to
this goal. A consumer group stated that supervisory authority is one of the most basic tools
regulators have to identify new risks in the market as early as possible, before market failures
with wide-ranging implications occur. Several consumer groups added that CFPB should not
rely only on third-party sources of information to assess market activity, which would lead to
delayed responses to problems, compared with supervision.65 A nonprofit commenter stated that

In its view, the Proposed Rule may result in development of a robust, consumer-protected market, given
how previous larger participant rules had helped to ensure consumer protection remains a prominent
concern among participants in those markets.
These commenters also stated supervision of larger participants would allow the CFPB to respond more
quickly to emerging problems affecting servicemembers who are especially vulnerable to identity theft
and fraud in the market.
because supervision occurs outside of the adversarial legal process, it is an especially effective
tool for rapidly gathering information that can prevent dubious practices before they develop.
Several comments also identified various existing and emerging risks in the market that
the commenters believed the CFPB would be able to effectively detect and assess though
supervision, including risks with respect to consumers’ loss of funds and loss and misuse or
abuse of data. The Final Rule summarizes these comments below. In addition, a group of State
attorneys general stated that the rule will allow the CFPB to detect and assess risks that emerge
not only from the existing products and services, but also as a result of future technological
advancements in the market.
With respect to the potential for consumers to lose funds or access to funds, a group of
State attorneys general noted that research cited in the proposal indicated that almost a third of
digital payment application users with lower incomes reported one or more problems related to
funds being sent to the wrong person or not receiving funds that were sent to them.66 These
commenters stated that a lack of regulatory oversight has significantly contributed to those
problems. A nonprofit commenter stated that larger participants pose unique risks to consumers
related to what the commenter characterized as the lack of consumer protections associated with
these applications, as well as the possible systemic risks they may present to the financial
markets. The commenter raised specific concerns about the risk of consumer loss of funds from
uninsured entities and lack of consumer awareness of such matters. The commenter also stated
that CFPB supervision of these nonbank payment applications would, among other things, help
to identify and mitigate systemic financial risk and enhance consumer protection. An individual
commenter stated that the market had diverse participants but that there are common areas of risk
with payment apps linked to a stored value product, including a risk of losing access to funds to

Consumer Reports P2P Survey at 7 (also indicating that of all respondents who have used a P2P
service, 22 percent reported one or more such problems). See also 88 FR 80197 at 80200 n.25
(proposal’s discussion of other data in this report, noted above).
pay for food or bills due to a technical glitch. Additional commenters raised various concerns
about what they often described as fraud in the market and lack of related consumer protections,
and a nonprofit commenter cited complaints submitted to the FTC regarding peer-to-peer
payment fraud. At the same time, several industry commenters suggested that certain consumer
protections such as EFTA/Regulation E or GLBA/Regulation P do not apply to some market
participants, as described further above, and that consumers often are adequately protected by
other parties to the transaction such as banks and credit unions, as described in the discussion of
general comments about existing oversight of the market further below.
With regard to uses of consumer payments data, a banking association, a payment
network, a nonprofit commenter, and several consumer groups stated that the way in which
nonbanks can exploit the convergence of payments and commerce poses risk to consumers with
respect to this market, such as through aggregation and monetization of consumer financial data.
A group of State attorneys general added that supervision of larger participants would help the
CFPB to detect and assess emerging risks in the use of consumer financial data as technology
continues to evolve. And an individual commenter and several industry comments stated that
consumer payments data is often used for purposes beyond initiation of the consumer payment
transaction.67 Several consumer groups described the level and use of consumer data collected
by large technology firms as unreasonable and potentially dangerous. Several other commenters
including individuals noted that the collection of such data also raises data security risks,
including what a nonprofit commenter described as novel security risks raised by digital wallets.
At the same time, other comments from industry suggested that data security risks to consumers
were particularly low given the security and anti-fraud enhancements from market participants’

The Final Rule discusses and responds to these comments in more detail in the section-by-section
analysis of the exclusion for certain marketplace activities described further below.
reliance on features such as tokenization.68 And a nonprofit commenter stated that government
regulators generally are not effective at preventing data breaches as some of the largest have
occurred at heavily-regulated institutions.
Some commenters disagreed that the goal of detecting and assessing risks including
emerging risks warrants the proposed expansion of CFPB’s supervisory authority in this market.
For example, two nonprofit commenters stated that the rationale of detecting and assessing
emerging risks was not supported by evidence, and instead only by the theoretical possibility of
harm in an innovative, successfully-growing and popular market. Another nonprofit commenter
stated that the proposal did not examine the nature of the emerging risks, whether by mentioning
novel security risks posed by digital wallets or other harms. Another nonprofit commenter stated
its belief that market participants’ responses to the CFPB’s previous market-monitoring orders
generated adequate information for the CFPB to determine the level of risks posed by this
emerging market.69 Two industry associations stated that they agreed in principle that regulation
needed to evolve along with new technology, but they stated that the CFPB first must identify
harms it perceives in the market before proposing to supervise its larger participants. Another
industry association agreed, stating that the Proposed Rule merely described the possibility of
“new risks” from “new product offerings” and did not state what the “new risks” might be. It
pointed to market reports that, in its view, indicated that nonbanks’ multi-sided business models
in the digital economy provide new benefits to consumers and promote competition.70 A
nonprofit commenter characterized the proposal as referring to hypothetical risks that may occur

In addition, digital assets industry comments described what they viewed as additional security that
digital assets provide. As discussed in the section-by-section analysis of the larger-participant test further
below, the Final Rule does not count those transactions toward the larger-participant test.
However, this commenter also recommended that the CFPB continue to gather information on the
market before expanding its supervisory authority as proposed.
Separately, this commenter observed that the financial technology sector that encompasses the
proposed market often uses advanced technologies including artificial intelligence, block chain
technology, and data mapping to create new financial products and services that are beneficial in various
ways. This commenter did not state that such products posed any risk or could pose any emerging or new
risks.
in the future, and described this reference as a mere pretext to support an agenda to target large
technology firms. An industry commenter added that the goal of detecting and assessing new
and emerging risks is inadequate as a foundation for a larger participant rule. In its view, the
CFPB can only engage in larger participant rulemakings when it identifies risks that supervision
would mitigate. The commenter also asserted that, because the CFPB must consider risks to
consumers in exercising its supervisory authority under section 1024(b)(2), the CFPA also
requires that the CFPB establish the existence of specific risks to consumers that would be
mitigated by supervision when issuing a larger participant rule under
section 1024(a)(1)(B) and (2). The industry commenter also claimed that principles of
administrative law likewise require the rule to target identified risks.71
More broadly, many of the industry commenters and other commenters stated that the
Proposed Rule did not adequately consider whether market activity currently poses risks to
consumers and if so how and to what degree. Other commenters similarly stated that the
proposal failed to establish that certain provisions of Federal consumer financial law apply to
market participants; that the proposal failed to identify potential violations of law or other
specific harms that the Proposed Rule would seek to address, or any relevant market failures; and
that the CFPB should first issue a report articulating the risks it sees in the proposed market or
otherwise identify such risks prior to issuing a final rule.72 Certain commenters also stated that
the CFPB should evaluate risk separately with respect to various subcomponents of the market
described in the Proposed Rule, and argued for the exclusion of various market participants, as

The commenter also stated in a footnote that if the rule does not need to identify meaningful risks to
consumers then the CFPA would violate the non-delegation doctrine in constitutional law. The
commenter did not explain the basis for that view, and the CFPB disagrees with that view. Through the
CFPA, Congress has provided guidance to the CFPB on how to exercise its rulemaking authority under
12 U.S.C. 5514(a)(1)(B) and has imposed limits on that authority, including rules of construction for
defining larger participants and policy considerations, which the CFPB has addressed in this Final Rule.
A nonprofit commenter stated that the unique data security risks that digital wallets pose should be
addressed through public education rather than regulation. As noted above, consumer education is
outside the scope of this rule and, for the reasons explained in the response to general comments,
education is not a substitute for supervision.
discussed in more detail in the section-by-section analysis of the corresponding component of the
market definition further below.73 Finally, a nonprofit commenter stated that the CFPB should
provide greater clarity to market participants as to how the CFPB would assess risk in its
prioritization process in this market, including what risks it would consider.
Comments on ensuring consistent enforcement of Federal consumer financial law
between banks and nonbanks
Some comments addressed the Proposed Rule’s statement that the rule would further the
CFPB’s statutory mandate to ensure consistent enforcement of Federal consumer financial law
between nonbanks and banks and credit unions, in order to promote fair competition. Several
consumer groups, banking and credit union industry associations, a payment network, some
nonprofits, and an industry provider generally agreed that the Proposed Rule would have that
benefit. For example, a community banking association stated that community banks have long
expressed concerns that financial technology and large technology firms are offering financial
products and services traditionally provided by banks, without the same level of regulatory
oversight. A banking association stated that consumers are best protected when banks and
nonbanks offering similar financial products and services are subject to the same oversight,
which mitigates the potential for consumer harm and improves consumer trust and confidence.
This commenter and another banking association added that establishing parity in supervision
will help to ensure that nonbanks provide the same consumer protections when they provide the
same services as banks. A payment network and a nonprofit commenter agreed that the proposal
would help to ensure that entities engaged in the same functional activities are subject to the
same functional regulation. Some comments described nonbanks as deriving a competitive
advantage due to their lesser supervisory oversight, and banks and credit unions as

Some commenters suggested that CFPB supervision itself would increase risk such as by reducing
examinees’ resources available for fraud prevention, or exposing the supervised entity’s data to breaches.
For the reasons explained in the impacts analysis in part VII, the CFPB has not determined the Final Rule
will reduce fraud prevention. With regard to the risk of data breaches, the CFPB’s information security
system mitigates those risks as further discussed in part VII.
disadvantaged. For example, the credit union industry association commenter stated that the
lesser supervisory oversight of nonbank peer-to-peer payment apps increases burdens on credit
unions responding to consumer disputes of transactions conducted in those apps due to the app
providers’ underinvestment in compliance and customer service and consumer preferences for
contacting the credit union. The community banking association also stated that this gap in
oversight erodes consumer trust. One of the banking industry associations agreed, noting that its
2022 survey found that an overwhelming majority of consumers were concerned about a gap in
regulatory oversight between fintech firms (including cryptocurrency firms) and banks, and
believed that the CFPB and Congress should do more to protect consumers from harm and abuse
in these areas.74
At the same time, some industry and nonprofit commenters challenged the potential for
Proposed Rule to promote consistent enforcement of Federal consumer financial law as between
nonbanks and depository institutions, and thereby promote fair competition, as well as the
appropriateness of that consideration in the rulemaking. For example, some of these commenters
described the proposed objective as an illegitimate form of “mission creep . . . outside of [the
CFPB’s] core jurisdiction” or further suggested that the Proposed Rule would place the CFPB in
the role of market gatekeeper for nonbanks, which would frustrate competition and innovation
(which one of these commenters described as the effect that banking regulation already has on
banks). Some industry commenters also suggested the objective failed to account for the
structure of nonbank market activity vis-à-vis banks and credit unions. For example, an industry
association stated that many nonbank market participants either complement banks and credit
unions by making it easier for consumers to use payment methods provided by those financial

Consumer Bankers Ass’n, Press Release, NEW POLL: Nearly Ninety Percent Of Americans
Concerned That Fintech & Crypto Firms Do Not Have Appropriate Level of Federal Regulation
(Dec. 12, 2022) (describing 56 percent of respondents that want greater oversight compared to 24 percent
who are satisfied with existing oversight), https://consumerbankers.com/press-release/new-poll-nearlyninety-percent-of-americans-concerned-that-fintech-crypto-firms-do-not-have-appropriate-level-offederal-regulations/ (last visited Nov. 18, 2024).
institutions, or partner directly with the banks and credit unions. Some banking associations also
expressed concern that the rule would increase indirect burden on banks and may create
confusion about differences between banks and nonbanks. As another example, an industry
provider stated that banks provide deposit accounts (and associated funds transfer
functionalities), not pass-through payment wallets allowing consumers to access payment
methods issued by third-party financial institutions.75 And for that reason, in its view, increased
oversight of those activities would not serve the CFPB’s stated purpose. However, another
industry association stated that banks have been introducing their own digital wallets, both
directly and through affiliates, in an effort to compete with nonbank incumbents that have
embedded their digital wallets into merchant checkout processes.
Finally, an industry association also suggested that in some ways the Final Rule may not
promote consistent enforcement of Federal consumer financial law. It stated that the CFPB
should explain why larger participants in the proposed market should be subject to what it
viewed as significantly more CFPB supervisory authority than exists over other persons that
facilitate consumer payment transactions, such as banks and credit unions providing physical
payment cards and providers of payment applications that do not have “general use” as defined
in the Proposed Rule such as automobile purchase applications and food delivery applications.76
Comments on other regulators’ existing oversight authority
Some commenters suggested the rule would help existing regulatory oversight efforts in
the market, while others stated that the Proposed Rule did not adequately consider whether the

As discussed below in the section-by-section analysis of the definition of “covered payment
functionality,” the preamble uses the phrase pass-through payment wallet to describe this type of
functionality discussed by commenters.
The commenter also stated the Proposed Rule excluded from “general use” bill-payment applications
and applications used to purchase financial assets including securities. However, the Proposed Rule
specifically acknowledged the existence in the market of “a general-use bill-payment function.”
88 FR 80197 at 80206. In addition, the Proposed Rule did not list applications for purchase of securities
among the examples of activities that do not have “general use” because it already excluded those
transaction from the proposed definition of “consumer payment transaction” as discussed in the sectionby-section analysis of that term further below.
CFPB supervisory authority was needed in light of existing regulatory oversight mechanisms of
other regulators.
A group of State attorneys general stated that the Proposed Rule would allow Federal and
State authorities to coordinate to prevent and abate unfair, deceptive, and abusive acts and
practices in the market. They indicated that violations of Federal law detected through CFPB’s
supervisory examinations could assist State enforcement, including in States such as California,
New Jersey, and New York, where a commercial practice that violates Federal law is deemed or
presumed to violate the State’s consumer protection laws.
On the other hand, some other commenters stated that the Proposed Rule did not
adequately consider the degree to which the market already is overseen by other regulators,
including State oversight of nonbank market participants that are money transmitters, Federal
prudential regulators’ oversight with respect to banks and credit unions that provide accounts,
hold funds, and process payments facilitated by nonbank market participants, and FTC
enforcement of consumer protection laws including competition laws.77 Several industry
associations stated that the rulemaking generally must better account for the potential for CFPB
supervision to duplicate the oversight by those other regulators, and the unnecessary burdens and
diverging regulatory expectations that such duplicative supervision can create.78 One of these
commenters stated that the CFPB should clarify the scope and requirements of the rule to prevent
these outcomes, and stated that close coordination by the CFPB with other regulators is needed
before the CFPB pursues oversight of larger participants.

A few industry comments also mentioned Federal oversight of money transmitters by FinCEN in the
U.S. Treasury. These commenters did not describe any nexus between that oversight and compliance
with Federal consumer financial law, or otherwise suggest that supervisory activity by FinCEN and the
CFPB would have overlapping subject matter related to compliance with Federal consumer financial law.
Some commenters also discussed Federal prudential regulators’ existing oversight of banks and credit
unions as relevant due to the inclusion in the market of nonbanks that partner with banks and credit
unions, and of pass-through payment wallets that facilitate the use of accounts provided by banks and
credit unions. The Final Rule summarizes and responds to those comments in more detail in the sectionby-section analysis of “covered payment functionality” below.
With respect to existing State oversight, an industry association stated that State financial
regulators supervise various aspects of the market and the CFPA requires the CFPB to account
for oversight by State authority when exercising its supervisory authority. Two other industry
associations indicated that in their view the Proposed Rule did not consider how the CFPB would
address overlap in scope with State examinations on the same subject matter particularly at
money transmitters. A nonprofit commenter suggested that State oversight is sufficient because
States are better at enforcing the law because they have a better understanding of local
conditions.79
Comments on CFPB enforcement and market-monitoring authorities
An industry association stated that the Proposed Rule did not explain how supervisory
authority would promote additional compliance with Federal consumer financial law beyond
compliance the CFPB ensures through its enforcement function and aided by its marketmonitoring function. A nonprofit suggested that CFPB enforcement is sufficient to address risks
to consumers, and that supervision would only impose unnecessary burden.
Comments raising “major questions” doctrine
Another area of comment related to the “major questions doctrine.” Those commenters
who addressed the doctrine generally were critical of the Proposed Rule and took an expansive
view of the circumstances in which the doctrine applies. First, one nonprofit commenter stated
that the major question doctrine precludes the CFPB from defining larger participants in a digital
wallet market generally. This commenter stated that, despite the existence of digital wallets at
the time of adoption of the CFPA, Congress did not expressly include them within the scope of
CFPB supervisory authority and therefore chose to foster innovation free from the CFPB’s
supervisory oversight. Further, in its view, the market has vast economic and political

This commenter also stated that States generally occupy the field of consumer protection law, that
Federal supervisory oversight by the CFPB would “preempt” State law, and that the proposal did not
provide compelling evidence for doing so. The CFPB disagrees that a larger participant rule, which
establishes CFPB supervisory authority and does not impose substantive consumer protection obligations,
preempts such State consumer protection laws.
significance given both the aggregate dollar value of transactions on digital wallets (nearly $1
trillion) and references by the CFPB to payment systems as “critical infrastructure” and to “Big
Tech” companies.80 Second, some commenters stated that the CFPB’s interpretation of the
merchant payment processing exclusion in CFPA section 1002(15)(A)(vii)(I) also is
impermissible under the major questions doctrine.81 Third, some commenters stated that the
major questions doctrine voids the CFPB’s interpretation of CFPA section 1024(b) as
authorizing supervision of all consumer financial products and services provided by a larger
participant for compliance with Federal consumer financial law and related risks.82
Comments on potential scope of CFPB examinations of larger participants
Relatedly, the CFPB received several other comments on the proposal’s statement that
the CFPB’s supervisory authority is not limited to the products or services that qualified a person
for supervision, but also includes other activities of such a person that involve other consumer
financial products or services or are subject to Federal consumer financial law.83 Four
commenters (representing the banking industry) expressed agreement with the CFPB’s
description of its supervisory authority over larger participants. They stated that the CFPB’s
position is consistent with how the CFPB supervises large banks, where every consumer
financial activity that the bank engages in is subject to CFPB jurisdiction. Several other
commenters (several industry trade groups, an individual company, and a law firm) disagreed
CFPB Press Release (Nov. 7, 2023) (announcing Proposed Rule),
https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-techcompanies-and-other-providers-of-digital-wallets-and-payment-apps/ (last visited Nov. 8, 2024).
In addition, some commenters stated that the inclusion of certain digital assets transfers in the proposed
definition of consumer payment transactions raised a “major question.” As discussed further below, the
CFPB has decided, for purposes of this Final Rule, not to define larger participants in the general-use
digital consumer payment applications market by reference to activity involving digital assets. This Final
Rule therefore does not address these major questions comments further.
As discussed further above in the general comments on how the rule would enable the CFPB through
its supervisory activity to detect and assess risks to consumers and markets, a nonbank commenter
claimed that the larger participant rule itself must identify meaningful risk, or it would violate the major
questions doctrine. For the reasons described below in the response to these general comments above, the
CFPB disagrees with both claims. The CFPB also disagrees that this rule implicates the major questions
doctrine for reasons discussed below.
83

88 FR 80197 at 80198 n.7 (quoting 77 FR 42874 at 42880).

with the CFPB’s description of its supervisory authority. These commenters generally
interpreted CFPA section 1024 to limit the scope of nonbank supervisory authority over larger
participants to specific consumer financial products and services included in the market covered
by the corresponding larger participant rule. One of these commenters asserted that the rule
could not be used by the CFPB to scrutinize the digital assets business lines of entities, including
those already subject to supervision. One commenter also suggested that even if the CFPA’s
view of its authority is correct, it would be unreasonable for the CFPB to actually exercise that
authority because the costs of such supervision would exceed the benefits. Another said the
exercise of such authority would discourage innovation and competition.
Response to General Comments Received
After first responding to comments on rulemaking process issues, the Final Rule provides
a response below to other general comments. For the reasons described below, the CFPB
continues to believe that issuance of this larger participant rule is warranted because: (1) the
market has grown dramatically and become increasingly important to the everyday financial
lives of consumers; (2) CFPB supervisory authority over its larger participants would help the
CFPB to promote compliance with Federal consumer financial law; (3) that authority would help
the CPFB to detect and assess risks to consumers and the market, including emerging risks; and
(4) that authority would help the CFPB to ensure consistent enforcement of Federal consumer
financial law between banks and nonbanks.

Rulemaking process
While the CFPB was considering comments on the Proposed Rule, the Supreme Court
issued a decision ruling that the CFPB funding mechanism is constitutional under the
Appropriations Clause.84 The CFPB disagrees with commenters’ suggestion that it should have
forgone larger participant rulemaking activity during such a challenge.
The CFPB also disagrees with those commenters suggesting that an extension of the
comment period was necessary to allow for meaningful input on the Proposed Rule. The
Proposed Rule would have a narrow impact, establishing CFPB supervisory authority over a
group of nonbank covered persons who already are subject to CFPB enforcement and marketmonitoring authority, and at least some of whom already are subject to CFPB supervisory
authority on other grounds. Despite this, the CFPB received timely comments from a wide array
of commenters, as described above, and all but one of the commenters described here filed
timely comments after requesting more time. The CFPB disagrees that an extension of the
comment period is warranted based on the proposal of a market definition that commenters
viewed as complex or a larger-participant test with more than one criterion. As discussed below,
commenters provided numerous useful comments about the proposed market definition and the
CFPB is making several adjustments to the market definition in the Final Rule in response
including to improve clarity. With regard to the larger-participant test, the CFPB proposed a test
that was based on two criteria (consumer payment transaction volume and the entity’s size by
reference to SBA size standards) that were explained in the proposal and are not especially
complicated. Proposed rules often include small entity exclusions, and many commenters
provided substantive comments on the proposed exclusion, as discussed further below.85

CFPB v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 416 (2024).

With respect to the proposed coverage of digital assets, commenters from the digital asset sector
provided extensive and detailed comments, demonstrating that those commenters were able to provide
meaningful input on the Proposed Rule during the comment period. In any event, as discussed below, the
CFPB has decided, for purposes of this Final Rule, not to define larger participants in the general-use
digital consumer payment applications market by reference to activity involving digital assets.
Further, it was unnecessary to extend the comment period with an accompanying notice of the
risks the CFPB believes market participants pose to consumers because, as explained in the
Proposed Rule and discussed below, the CFPB is not required to make findings about relative
risks in a market to justify issuing (or proposing) a larger participant rule. Finally, the CFPB
notes that the Proposed Rule set a January 8, 2024, deadline for filing of comments, about two
months after the rule was issued on November 7, 2023, and 52 calendar days after its
November 17, 2023, publication in the Federal Register. Commenters had well over 30 days to
prepare comments even accounting for the end-of-year holiday season.86 Indeed, several of the
requests for an extension cited their own substantive comments on the Proposed Rule as the
reasons for requesting an extension. For these reasons, the CFPB also disagrees with the
industry comment suggesting that the lack of extension of the comment period supports a
conclusion that the CFPB should withdraw the Proposed Rule.
Establishing CFPB supervisory authority over the large and growing market
As described above, commenters agreed with the findings in the Proposed Rule that the
market has grown rapidly to achieve a significant size with high levels of adoption and broad
reliance by consumers on general-use digital consumer payment applications. As the proposal
explained in detail, the market for general-use digital consumer payment applications has large
and increasing significance to the everyday financial lives of consumers, who are growing
increasingly reliant on such applications to initiate payments.87 Further growth can be
anticipated.88 For example, as the proposal stated, nonbank digital payment applications have

The extensive comments in the rulemaking record demonstrate that the presence of Federal holidays
(Veteran’s Day after issuance of the proposal and Thanksgiving, Christmas, and New Years after
publication in the Federal Register) and a concurrent proposal and ongoing market monitoring in this
market did not preclude commenters from offering detailed substantive comments. In any event, the
CFPB sent the market-monitoring inquiries to a limited number of firms and issued the parallel proposal
(which, unlike this rulemaking, proposed substantive consumer protections) almost three weeks earlier
with a 60-day comment period.
87

See 88 FR 80197 at 80200-80201.

Id.

rapidly grown in the past few years to become the most popular way to send money to other
individuals other than cash, and are used for a higher number of such transactions than cash.89
The proposal also cited various market research publications indicating that most merchants in
the United States accept general-use digital consumer payment applications as a means or
method of payment. Given the extent of consumer adoption and reliance, the extent of the
consumer payment transaction volume (approximately 13.5 billion annually) and value
(approximately $1.2 trillion annually), and the breadth of associated consumer data collected, it
is important for the CFPB to establish Federal supervisory oversight of larger participants.
The CFPB also has considered the industry association commenter’s observation that the
market for general-use digital consumer payment applications as defined in the Proposed Rule
may not have reached the maturity stage in the industry lifecycle. The CFPB acknowledges that,
compared to the markets covered by previous larger participant rulemakings,90 this market has
developed more recently, fueled by technological change. In the years after a large nonbank
financial technology firm developed the first well-known digital payment app in the late 1990s,91
other large fintech firms including BigTech firms92 entered and expanded the market by

Id.

Following significant growth in the 1980s, by 1990, personal remittances from the United States had
reached over US$10 billion. See World Bank Group, Personal remittances, paid (current US$) – United
States, https://data.worldbank.org/indicator/BM.TRF.PWKR.CD.DT?locations=US (last visited Nov. 5,
2024). Nearly two decades earlier, consumer reporting agencies and consumer debt collection markets
had already grown to the point that Congress adopted substantive consumer protection legislation to
regulate them. See Pub. L. 91-508 (Oct. 26, 1970) (title VI adopting Fair Credit Reporting Act); Pub. L.
95-109 (Sept. 20, 1977) (Title VIII adopting Fair Debt Collection Practices Act). By that time, following
adoption of the Higher Education Act of 1965, Pub. L. 89-329 (Nov. 8, 1965), student lending and student
loan servicing had already been expanding. And largescale consumer automobile financing dates back to
at least the 1920s. See Buy Now Pay Later: A History of Personal Credit, Harv. Bus. School Library
(section titled “Cards on time” noting that “[i]n the 1920s, auto financing took a giant leap forward when
the car manufacturers entered the game”), https://www.library.hbs.edu/hc/credit/credit4d.html (last visited
Nov. 5, 2024).
PayPal Editorial Staff, Alternative and digital payment methods: Shaping the payment industry and
preparing for the future (Dec. 18, 2023) (stating that “[t]he first digital solution in the alternative payment
industry was PayPal, developed in 1998 to enable people to make payments via an email address”),
https://www.paypal.com/us/brc/article/alternative-payment-method-trends (last visited Nov. 5, 2024).
Consistent with its use by the Financial Stability Board, the Final Rule uses the term “BigTech” to refer
to large technology companies with extensive customer networks. See, e.g., Financial Stability Board
leveraging new digital consumer technologies, such as smartphones that support digital
applications (which proliferated starting in the late 2000s)93 and smartphone near-field
communication (NFC) technologies that support in-store payments (which proliferated in the
2010s).94 More recently, well-known market participants have been bundling consumer financial
products and services to help consumers to make payments to friends and family and payments
to merchants together in the same digital application. Although the market is newer than some
other consumer finance markets, consumer adoption for these types of consumer payment
transactions already has reached very high levels. As described in the Proposed Rule and
explained above, general-use digital consumer payment applications already play a fundamental
role in facilitating the payments that many consumers in the United States make every day.
Therefore, the CFPB believes it is an appropriate time for it to issue a rule to establish the
authority of the CFPB to supervise larger participants in this market. The CFPB reaches that
conclusion in the Final Rule not solely due to the size of the market and its growth, but in
conjunction with its goals described below of promoting compliance with Federal consumer
financial law, detecting and assessing risks to consumers and markets, and ensuring consistent
enforcement of Federal consumer financial law.

Report P091219-1, BigTech in finance – Market developments and potential financial stability
implications (Dec. 9, 2019) at 3 (“BigTech firms are large technology companies with extensive
established customer networks. Some BigTech firms use their platforms to facilitate provision of
financial services. Those that do so can be seen as a subset of FinTech firms – a broader class of
technology firms (many of which are smaller than BigTech firms) that offer financial services.”),
https://www.fsb.org/wp-content/uploads/P091219-1.pdf (last visited Nov. 5, 2024).
Apple Press Release, Apple Reinvents the Phone with iPhone (Jan. 9, 2007),
https://www.apple.com/newsroom/2007/01/09Apple-Reinvents-the-Phone-with-iPhone/ (last visited
Nov. 5, 2024); Michael DeGusta, Are Smart Phones Spreading Faster than Any Technology in Human
History? MIT Technology Review (May 9, 2012) (citing data that smart phones, which represented only
six percent of U.S. mobile phone sales as of 2006, had grown to a two-thirds share as of 2012, with use by
nearly 40 percent of the U.S. population), https://www.technologyreview.com/2012/05/09/186160/aresmart-phones-spreading-faster-than-any-technology-in-human-history/ (last visited Nov. 5, 2024).
94

CFPB Contactless Payments Spotlight, supra.

Promoting compliance with Federal consumer financial law
As described in the proposal, supervision of larger participants in a market for generaluse digital consumer payment applications will help ensure those companies are complying with
applicable requirements of Federal consumer financial law.95 One of the primary purposes of
supervision under CFPA section 1024(b)(1) is “assessing compliance with the requirements of
Federal consumer financial law,” and the Final Rule will further the CFPB’s ability to assess
compliance by larger participants with the requirements of those laws.96
As identified by several commenters and described further above, the larger participants
defined in the Rule engage in activities that are subject to applicable Federal consumer financial
law such as the prohibition against unfair, deceptive, and abusive acts and practices set forth in
the CFPA; the EFTA and its implementing Regulation E; and the data privacy protections of the
GLBA and its implementing Regulation P. The CFPB disagrees with the comments suggesting
that certain larger participants would not be subject to any Federal consumer financial laws.97
The larger participants defined by the rule are covered persons under the CFPA and would at a
minimum be subject to the CFPA’s prohibition against unfair, deceptive, and abusive acts and
practices.98 Assessing compliance with the prohibition against unfair, deceptive, and abusive
acts and practices is itself important, because such practices can cause significant harm to

88 FR 80197 at 80201, 80212.

See 12 U.S.C. 5514(b)(1)(A).

As discussed further below, the CFPB disagrees with industry commenter suggestions that pass-through
payment wallets are excluded from the scope of the CFPA as “electronic conduit services.”
See 12 U.S.C. 5481(5) (defining the term “covered person”), 5531 (applying prohibition against unfair,
deceptive, and abusive acts and practices to all “covered persons” as well as other persons), 5536 (same).
The CFPB also can supervise larger participants for other Federal consumer financial laws that apply,
including laws that take effect or for which compliance is mandatory in the future. For example, the
CFPB recently finalized a personal financial data rights rule under its CFPA authority that is part of
Federal consumer financial law and that generally applies to market participants. CFPB, Final Rule,
Required Rulemaking on Personal Financial Data Rights, 89 FR 90838 (Nov. 18, 2024) (CFPB Personal
Financial Data Rights Rule). As another example, the CFPB’s nonbank registration regulation imposes
requirements on covered nonbanks related to the registration of covered orders including, for covered
nonbanks that are supervised registered entities, written-statement requirements. See
12 CFR 1092.201(q), 1092.204.
consumers.99 Many of these commenters also acknowledged that some of the other Federal
consumer financial laws would apply to at least a subset of the larger participants defined by the
Proposed Rule.100
The CFPB agrees with the commenters that stated that this rule will help the CFPB to
ensure compliance with Federal consumer financial laws, and disagrees with those that stated
that it would not. The CFPB’s supervisory authority will promote compliance with applicable
legal requirements in multiple ways. As described in the proposal, under the CFPA, the CFPB
shall use its supervisory authority to “assess[] compliance with the requirements” of Federal
consumer financial laws101 and to “obtain[] information about the activities and compliance
systems of procedures” of market participants.102 The CFPB may review the entity’s activities
and compliance systems or procedures and issue supervisory findings or criticisms as
appropriate.103

For example, under the CFPA, an unfair act or practice must cause or be likely to cause “substantial
injury” to consumers. 12 U.S.C. 5531(c)(1); see also, e.g., Supervisory Highlights Issue 18, Winter 2019
at 13-14 sec. 3.1.2, https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue18_032019.pdf (last visited Nov. 13, 2024) (noting that CFPB supervisory activities resulted in or
supported the public enforcement action resolved in 2019 by consent order In re: Enova International,
Inc., Admin. Proc. File No. 2019-BCFP-0003 (Jan. 25, 2019) ¶¶ 9-33 (describing unfair acts and practices
including repeat debiting of consumer accounts without valid authorization),
https://files.consumerfinance.gov/f/documents/cfpb_enova-international_consent-order_2019-01.pdf (last
visited Nov. 13, 2024); Supervisory Highlights Issue 21, Winter 2020 at 16 sec. 4.1 (noting that CFPB
supervisory activities resulted in or supported the public enforcement action resolved in 2019 against
Maxitransfers Corporation including deceptive acts and practices in statements in terms and conditions
regarding company’s responsibility for errors by their agents),
https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-21_2020-02.pdf (last
visited Nov. 13, 2024); Issue 32, Spring 2024, supra, at 14 sec. 4.1 (noting that CFPB supervisory
activities resulted in or supported the public enforcement action resolved in 2023 against Toyota Motor
Credit Corporation finding several unfair acts and practices).
For a discussion of comments suggesting that the market should be confined to entities that receive or
hold the funds being transferred in consumer payment transactions, or that the market should cover
consumer payment transactions that transfer funds from nonbank accounts but not from bank accounts,
see the section-by-section discussion below of Final Rule § 1090.109(a)(2) regarding the term “consumer
payment functionality.”
101

See 12 U.S.C. 5514(b)(1)(A).

See 12 U.S.C. 5514(b)(1)(B).

See also discussion below regarding 12 U.S.C. 5514(b)(1)(C) in connection with the use of CFPB
supervisory authority for the purpose of “detecting and assessing risks to consumers and markets for
consumer financial products and services,” including the CFPB’s use of its authority under the Final Rule
Supervision is one of the CFPB’s most important and powerful tools to protect
consumers by promoting compliance with Federal consumer financial law. As discussed in the
proposal and as a nonprofit commenter emphasized, the prospect of the CFPB exercising
supervisory authority over such firms may cause them to allocate additional resources and
attention to compliance and to take steps to mitigate any noncompliance.104 In addition, based
on the CFPB’s supervisory experience in other markets, the CFPB’s supervisory activities
authorized under the Final Rule are likely to help entities to identify issues before they become
systemic or cause significant harm. Through its supervisory activity, the CFPB detects and
addresses legal violations. In some instances, the CFPB uses enforcement actions to address
violations that it originally identified through supervision. The CFPB also uses supervision to
help ensure that supervised entities develop and maintain systems and procedures to prevent and
remedy violations. CFPB supervisory reviews and related compliance ratings promote the
development of compliance risk management practices designed to manage consumer
compliance risk, support compliance, and prevent consumer harm.105 Through supervision,
CFPB examiners may articulate supervisory expectations to supervised larger participants in
connection with supervisory events.106 The CFPB also notes that, following the issuance of its
five prior larger participant rules, it has successfully used its supervisory authority to detect
violations and promote compliance in each of the markets covered by those rules, as the CFPB

to better understand how the Federal consumer financial laws apply to larger participants defined by the
rule and the products and services they offer and to review and mitigate risks related to noncompliance.
See 88 FR 80197 at 80211-12.

See, e.g., Federal Financial Institutions Examination Council, Uniform Interagency Consumer
Compliance Rating System, 81 FR 79473, 79474 (Nov. 14, 2016) (discussing assessment by agency
examiners of consumer compliance), https://www.ffiec.gov/press/pr110716.htm (last visited
Nov. 5, 2024).
See CFPB, Bulletin 2021-01: Changes to Types of Supervisory Communications (Mar. 31, 2021),
https://files.consumerfinance.gov/f/documents/cfpb_bulletin_2021-01_changes-to-types-of-supervisorycommunications_2021-03.pdf (last visited Nov. 5, 2024).
has documented in its periodic publication Supervisory Highlights.107 Thus, the CFPB disagrees
with comments criticizing the proposal’s statement that CFPB supervision will help to ensure
that larger participants are complying with applicable requirements of Federal consumer
financial law.108 Moreover, by authorizing the CFPB to supervise larger participants, the Rule
will promote strong compliance risk management practices in this market.109 The CFPB also
disagrees with commenters stating that CFPB supervision generally harms consumers by
reducing the resources available to those companies. Instead, CFPB supervision as provided
under the rule will, as intended by Congress, promote compliance with Federal consumer
financial law and otherwise facilitate the CFPB’s statutory objectives. For the reasons discussed
above, the CFPB concludes that the rule will help the CFPB to promote compliance with Federal
consumer financial law in the market. That, in turn, will reduce risks of harm to consumers, as
also discussed in the impacts analysis in part VII below.

The CFPB publishes Supervisory Highlights on its website several times each year at
https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited Nov. 5, 2024). Since
its first larger participant rules took effect in late 2012 and early 2013, these publications have highlighted
findings of violations of Federal consumer financial law and compliance management weaknesses from
examinations in markets subject to its larger participant rules. See, e.g., Issue 4, Spring 2014 at 8-10
(consumer reporting market), at 11-14 (consumer debt collection market); Issue 10, Winter 2016 at 11-14
(international money transfer market). For the most recent examples, see, e.g., Issue 35, Fall 2024
(automobile finance market); Issue 34, Summer 2024 (consumer debt collection market); Issue 32, Spring
2024 at 4-7 (consumer reporting market); Issue 31, Fall 2023 at 13-14 (international money transfer
market); Issue 30, Summer 2023 at 4-8 (automobile financing market), at 8-9 (consumer reporting
market), at 12-13 (consumer debt collection market), at 29-30 (international money transfer market);
Issue 29, Winter 2023 at 14-15 (student loan servicing market); Issue 28, Fall 2022 at 4-7 (automobile
financing market), at 7-8 (consumer reporting market), at 16-17 (consumer debt collection market);
Issue 27, Fall 2022 at 14-25 (student loan servicing market); Issue 26, Spring 2022 at 5-11 (consumer
reporting market), at 14-16 (consumer debt collection market), at 22-25 (international money transfer
market), at 25-27 (student loan servicing market).
See 88 FR 80197 at 80201. Further, the CFPB disagrees that it is required to make findings of
noncompliance in the market in order to issue this rule, for generally the same reasons (discussed below)
that it is not required to make findings regarding the level of risk in the market or market failure.
For example, as discussed in the impacts analysis further below in part VII, entities may improve their
compliance management either in response to the possibility of an examination or in response to an
examination finding regarding compliance management weaknesses. See also CFPB Supervision and
Examination Manual, part II.A (describing how CFPB examinations conduct compliance management
reviews).
Detecting and assessing risks to consumers and markets, including emerging risks
The CFPB concludes that this rule will help the CFPB to detect and assess risks to
consumers and markets from the provision of general-use digital consumer payment applications.
As explained in the Proposed Rule and for the reasons elaborated further below, the CFPB agrees
with comments suggesting that CFPB supervision of larger participants in this rapidly-growing
and evolving market will be especially useful to the detection and assessment of emerging risks.
As discussed below, the CFPB disagrees with the commenters that stated that the CFPB must
first make a risk determination before establishing supervisory authority over larger participants
by rule.
The CFPB concludes that establishing its supervisory authority over larger participants in
this market would help it to detect and assess emerging risks for several reasons.
First, the CFPB shares the view of the group of State attorneys general and other
commenters that this highly-concentrated market will continue to grow and evolve rapidly as the
technology that has fueled its rapid growth also continues to evolve. As with other markets the
CFPB now supervises, it is important for the CFPB to be able to closely assess whether pressure
to sustain high growth in this market will drive nonbank firms to develop new and increasingly
risky products.110
In addition, the CFPB agrees with the comments expecting that the market will continue
to grow, including by expanding how general-use digital consumer payment applications help
consumers to make payments in other ways. As the proposal explained, it is critical for the
CFPB to be able to detect and assess emerging risks as new product offerings blur the traditional

Cf. Financial Crisis Inquiry Commission Report (Feb. 25, 2011) at 104 (“The refinancing boom was
over, but originators still needed mortgages to sell to the Street. They needed new products that, as prices
kept rising, could make expensive homes more affordable to still-eager borrowers. The solution was
risker, more aggressive, mortgage products that brought higher yields for investors but correspondingly
greater risks for borrowers.”), at 414 (also noting that “high-risk, nontraditional mortgage lending by
nonbank lenders flourished in the 2000s and did tremendous damage in an ineffectively regulated
environment, contributing to the financial crisis”), https://www.govinfo.gov/content/pkg/GPOFCIC/pdf/GPO-FCIC.pdf (last visited Nov. 6, 2024).
lines of banking and commerce.111 This blurring was noted by several commenters that
described a trend toward “embedded finance” described above and is illustrated in industry
comments discussed below describing various ways that nonbanks’ general-use digital payment
applications serve as intermediaries between consumers and merchants.112 Such applications
also can facilitate payments from many different types of accounts consumers hold across
multiple financial institutions. Supervision can detect and assess risks that may arise from a
single application establishing connections that can cause payments to be made from many
different consumer accounts.113 In addition, as noted in the industry report cited by a consumer
group commenter, consumers also can use payment functionalities embedded in digital
applications, such as text messages, to make payments, including peer-to-peer payments.114
The CFPB also agrees with the group of State attorneys general that new risks may
emerge as the relevant technologies in this market evolve. In this market, by using its
supervisory activity as general-use digital consumer payment applications incorporate new
technology, the CFPB can inform its assessment of risks to consumers and to markets.115

For example, the proposal noted how in its 2022 market-monitoring report on the convergence of
payments and commerce, the CFPB described the potential for consumer financial data and behavioral
data to be used together in increasingly novel ways. 88 FR 80197 at 80201 and n.43.
See section-by-section analysis of § 1090.109(a)(1) and of “covered payment functionality” in
1090.109(a)(2). See also Google LLC Embedded Finance White Paper at 7 (“Embedded finance also
offers a bonus for financial services companies: The data you collect from each transaction can help
enhance customer service experience and innovate new products and experiences. The possibilities are
endless for these kinds of partnerships, with high revenue and business growth potential. Before
embarking on the embedded finance journey, however, you’ll need to prepare” by, among other steps,
“[p]lan[ning] to manage and analyze the vast trove of data you’ll be collecting.”); CFPB Report on
Convergence of Payments and Commerce, supra, at sec. 3.3 (“Embedded commerce”).
Today, a general-use digital consumer payment application can initiate payments from multiple credit
cards, prepaid accounts, and checking accounts. A general-use digital consumer payment application can
facilitate payments from accounts that the provider offers through depository institution partners, or from
linked accounts issued by other institutions (sometimes referred to as pass-through payments).
Google LLC Embedded Finance White Paper at 3; Apple Cash Website (“Send and Receive Money in
Messages. With Apple Cash, you can send and receive money with just a text, in Messages. So it’s easy
to tip your dog walker, request funds from your roommate, or chip in for a coworker’s gift.”),
https://www.apple.com/apple-cash/ (last visited Nov. 6, 2024).
In the CFPB’s experience, for some financial institutions, even the rollout of relatively conventional
digital technologies can pose significant risks to consumers, including in the area of digital payments. Cf.
CFPB, In re: VyStar Credit Union, Admin Proc. File No. 2024-CFPB-0013 (Oct. 31, 2024), ¶ 20
Supervision can be effective at detecting and assessing such risks. As a nonprofit
commenter noted, supervision allows for rapid exchange of information outside of the
adversarial legal process. The supervisory process also generally is confidential, which also
facilitates the exchange of information.116 For example, when examiners conduct a compliance
management review, they can assess the strength of larger participants’ compliance management
as applied to the development and marketing of new products.117 In addition, as illustrated by its
work during the COVID-19 pandemic, examiners who are familiar with supervised entities can
review activities across a market to identify emerging risks of consumer harm in a time of
macroeconomic stress or shock.118 As another example, through its supervisory tool, the CFPB

(describing how outage in the establishment of a new online banking platform of large credit union left
consumers unable to engage in certain banking activities, and that “[s]ome members’ previously
scheduled recurring payments were delayed or even deleted.”),
https://files.consumerfinance.gov/f/documents/cfpb-vystar-credit-union-consent-order_2024-10.pdf (last
visited Nov. 16, 2024).
The CFPB treats CFPB confidential supervisory information consistent with applicable regulation; see
12 CFR part 1070. As noted above, even when Supervision highlights its findings to the public through
Supervisory Highlights, it generally does not identify individual firms (outside of highlighting any
associated enforcement actions).
See ,e.g., CFPB Supervision and Examination Manual, part I.A (page 6 of compliance management
review section explaining how examiners’ compliance management review includes a review of the
“processes for development and implementation of new consumer financial products or services and
distribution channels or strategies, to determine degree of compliance function participation.”); see also
id. at 4-5 (describing how examiners review product development as a component of the review of board
and management oversight of compliance); id. at 9 (review of training of staff responsible for product
development); id. at UDAAP Examination Procedures at 2 (review of product development
documentation in connection with examiner’s assessment of compliance with the prohibition against
unfair, deceptive, and abusive practices).
See, e.g., CFPB, Prioritized Assessment FAQs (July 20, 2020) at 1 (“The Bureau is adapting its
supervision program to meet the needs of the current national emergency . . . . Through Prioritized
Assessments, the Bureau will expand its supervisory oversight to cover a greater number of institutions
than our typical examination schedule allows, gain a greater understanding of industry responses to
pandemic-related challenges, and help ensure that entities are attentive to practices that may result in
consumer harm.”), https://files.consumerfinance.gov/f/documents/cfpb_prioritizedassessment_frequently-asked-questions.pdf (last visited Nov. 7, 2024); Supervisory Highlights Issue 23,
Jan. 2021 (secs. 3.3, 3.5, and 3.6 of COVID-19 special edition describing supervisory observations in
prioritized assessments in student loan servicing, consumer reporting, and consumer debt collection
markets subject to larger participant rules),
https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-23_2021-01.pdf (last
visited Nov. 7, 2024).
can respond rapidly to reports of any widespread outages at larger participants by gathering
information through an established supervisory relationship.119
Supervision of larger participants in this market also can identify new and emerging risks
to consumers relating to the applicability of existing requirements of Federal consumer financial
law to new products. For example, comments from consumer groups and State attorneys general
suggested that non-compliance with EFTA/Regulation E and GLBA/Regulation P is common in
this market, while some industry commenters stated that neither EFTA/Regulation E nor
GLBA/Regulation P apply to at least some market participants. Other commenters described
how some consumers may be confused about the legal protections afforded through certain
payment apps. The CFPB does not define the application of those laws in this rulemaking.
Through its supervisory activity, the CFPB can gather information to assess the applicability of
those laws to the specific consumer financial products and services that a larger participant
provides. Where the law applies and is violated, examiners can address the situation through
supervisory action and where appropriate the CFPB can consider enforcement activity. In
addition, such findings can help to inform what the CFPB communicates to the broader market,
including through its Supervisory Highlights publication.
The CFPB disagrees with certain comments, summarized further above, that suggested
that in a larger participant rule the CFPB is required to assess the degree or prevalence of risks to
consumers, potential violations of law, or other specific harms occurring in the described market.
The relevant provisions of the CFPA do not impose such requirements. While some comments
did not identify any legal basis for this alleged obligation, others asserted that the obligation

See CFPB, What happens if my payment app has an outage and I can’t access my account?
(Dec. 21, 2023) (describing consumer complaints as one way the CFPB collects information about
outages at payment apps), https://www.consumerfinance.gov/ask-cfpb/what-happens-if-my-payment-apphas-an-outage-and-i-cant-access-my-account-en-2145/ (last visited Nov. 8, 2024); FEDS Notes, Offline
Payments: Implications for Reliability and Resiliency in Digital Payment Systems (Aug. 16, 2024)
(describing how “several recent high-profile outages have highlighted the need for building more
reliability and resiliency in digital payment systems”), https://www.federalreserve.gov/econres/notes/fedsnotes/offline-payments-implications-for-reliability-and-resiliency-in-digital-payment-systems20240816.html (last visited Nov. 8, 2024).
arises from section 1024(b)(2), which concerns the CFPB’s operation of a “risk-based
supervision program.” The CFPB believes that these comments misinterpret the scope and
purpose of section 1024(b)(2). As the CFPB has previously explained,120 that provision
describes the manner in which the CFPB must “exercise its authority under paragraph
[(b)](1)”121 which in turn authorizes the CFPB to supervise “persons described in subsection
(a)(1).” The Final Rule does not exercise authority provided by section 1024(b)(1). Rather, it
“describe[s],” in part, a set of persons falling within section 1024(a)(1), by defining a category of
“larger participant[s].” The CFPB only exercises the authority set forth in section 1024(b)(1)
when it actually requires reports or conducts examinations of such persons. In exercising
authority under section 1024(b)(1), the CFPB considers (and for larger participants under this
Final Rule will consider) the factors set forth in section 1024(b)(2), including risks to consumers,
as further described above in part I’s discussion of the CFPB’s prioritization process. However,
the CFPA does not mandate consideration of those factors when issuing a rule that defines a
category of larger participants under paragraph (a)(1).122
As noted above, one industry comment further argued that general principles of
administrative law require the CFPB to identify concrete risks to consumers that will be
mitigated by supervision in order to issue this rule. The commenter suggested that the Proposed
Rule should have specified in detail what kind of compliance improvements the CFPB envisions,
what activities of particular entities are currently non-compliant, why compliance will prevent
particular risks to consumers, the likelihood of such risks occurring, the resulting harm to
consumers, and how all of these issues compare to related markets. Elsewhere this Final Rule

See 77 FR 42874 at 42883; 77 FR 65775 at 65779.

12 U.S.C. 5514(b)(2).

This conclusion is reinforced by the immediately following subsection of the CFPA, 1024(a)(1)(C),
which expressly references the consideration of risk. Under that provision, the CFPB has the authority to
supervise any nonbank covered person that the CFPB “has reasonable cause to determine, by order, after
notice . . . and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in conduct that
poses risks to consumers with regard to the offering or provision of consumer financial products or
services.” 12 U.S.C. 5514(a)(1)(C) (emphasis added).
discusses the CFPB’s statutory authority, reasons, and supporting evidence for issuing this Final
Rule and explains how this Final Rule will help the CFPB to effectuate the statutory purposes of
the CFPA. The CFPB disagrees that it was additionally required to consider in this rulemaking
the kinds of detailed information about mitigation of concrete risks contemplated by the
commenter. As explained above, there is no indication in the text of the CFPA that the CFPB is
required to consider such information in issuing a larger participant rule.123 Because the CFPB’s
risk-based prioritization process considers the type of information about risks described in part I
above, the CFPB’s supervision of larger participants ultimately may assist the CFPB in detecting
and assessing risks to consumers and to markets.124 But sections 1024(a)(1)(B) and (2) do not
require the CFPB to reach conclusions regarding such matters before it can even initiate riskbased prioritization for a category of larger participants.
To the extent the industry commenter suggests the CFPB should consider such
information because it asserts its own type of digital wallet product is “low risk” and should
therefore be excluded from the market and ineligible for CFPB supervision, the CFPB does not
believe that it is required to categorically exempt allegedly “low-risk” products within a market
when issuing a rule to define larger participants of a market.125 The CFPB likewise disagrees
with other commenters who suggested that the CFPB is obligated to undertake a separate risk
assessment of various subcomponents or sectors of the described market, or to include only the

With respect to cross-market comparisons of risk, as explained in the Proposed Rule and in its
previous larger participant rulemakings, “[t]he Bureau need not conclude before issuing a [larger
participant rule] that the market identified in the rule has a higher rate of non-compliance, poses a greater
risk to consumers, or is in some other sense more important to supervise than other markets.”
88 FR 80197 at 80200 n.24; 77 FR 65775 at 65779.
124

See 12 U.S.C. 5514(b)(1)(C).

Nor has the CFPB determined in this rulemaking exercising CFPA section 1024(a)(1)(B) authority that
any specific market participant or larger participant poses any particular type or level of risk, low or
otherwise, to consumers. Thus, although this commenter made claims regarding its product having low
risk including low risk of violation of the prohibition against unfair, deceptive, and abusive acts and
practices, the CFPB does not adjudicate such claims in this legislative rulemaking, for the reasons
described above. In any event, the CFPB disagrees that the commenter was prevented from presenting
evidence regarding the risks posed by its products. It had notice of the CFPB’s reasons for the proposal
and commented on them.
riskiest subcomponents or sectors within the larger participant definition. CFPA
section 1024(a)(1)(B) provides for the issuance of rules defining “larger participant[s] of a
market” for consumer financial products or services, and contains no language requiring
exemptions for allegedly “low-risk” subcomponents of a market. Consistent with CFPA
section 1024(b)(2), the CFPB considers whether products are lower risk, and thus less of a
priority for supervisory attention, when choosing particular entities and consumer financial
products and services for supervisory examinations as part of its operation of its risk-based
supervision program.126 The CFPB’s operation of that risk-based supervision program is
designed to prevent CFPB’s supervision program from placing undue burdens on larger
participants whose activities are genuinely lower risk. The CFPB also provides below further
justification for the scope of the market described in this Final Rule, including regarding the
inclusion of pass-through payment wallets in the market.127
The CFPB disagrees with the industry commenter suggesting that the CFPB may issue a
rule to define larger participants of a market for consumer products or services only in cases of
“market failure.” There is no support for this view in the text or legislative history of the CFPA.
Moreover, while concerns about market failure often underlie laws and regulations imposing
substantive consumer protection requirements,128 this Final Rule does not impose substantive
requirements and instead concerns the scope of the CFPB’s supervisory authority, which is an
authority designed to accomplish the statutory purposes established under CFPA
section 1024(b)(1)(A)-(C). In that context, there is little reason to read section 1024(a)(1)(B) to

As described above, the CFPB Supervision and Examination Manual describes the CFPB’s established
process for conducting risk-based prioritization of nonbank covered persons subject to its supervisory
authority under CFPA section 1024(a).
127

See section-by-section analysis of § 1090.109(a)(2) (definition of “wallet functionality”).

See, e.g., 12 U.S.C. 4301(a) (Congressional finding in Truth in Savings Act that “competition between
depository institutions would be improved . . . if there was uniformity in the disclosure of terms and
conditions on which interest is paid and fees are assessed in connection with such accounts.”);
15 U.S.C. 1601(a) (Congressional finding in Truth in Lending Act that “competition among the various
financial institutions and other firms engaged in the extension of consumer credit would be strengthened
by the informed use of credit.”).
impliedly bar the issuance of a larger participant rule in the absence of a demonstrated market
failure.
Although the CFPB disagrees with the comments suggesting that it must make findings
regarding risk to issue this larger participant rule and it does not do so here, as discussed above
other commenters described various existing and emerging risks to consumers that may be
associated with products and services provided by larger participants. Those comments raise
legitimate concerns regarding potential risks to consumers in the market and thus provide further
support for the CFPB’s conclusion that this rule will help the CFPB to use its supervisory tool to
detect and assess risks to consumers and the market. It is not necessary for this rule to adjudicate
the nature, extent, or source of such risks, or for the CFPB to publish market-wide findings about
such risks as a predicate for larger participant rulemakings. As discussed above, the CFPB
incorporates information available to it about such risks (including from its market-monitoring
function, among others) when prioritizing which nonbank covered persons subject to CFPA
section 1024(a) it will examine.129 In response to the nonprofit calling on the CFPB to describe
in more detail the risks it would consider in prioritizing larger participants for examination in this
market, part I of the Final Rule above explains in further detail the CFPB’s prioritization process
and the factors the CFPB considers as part of that process, consistent with the CFPA and as
described in its Supervision and Examination Manual. The CFPB also expects that it will
continue to periodically publish Supervisory Highlights to communicate key examination
findings and risks identified over time on a market-by-market basis.
Ensuring consistent enforcement of Federal consumer financial law
With regard to comments on whether the Proposed Rule would further the CFPB’s
statutory objective of ensuring that Federal consumer financial law is enforced consistently

The CFPB also provides additional responses further below to the comments suggesting it must
publish the results of its market monitoring, or establish why its supervisory tool is superior to its marketmonitoring tool. In any event, the CFPB has used data from its market-monitoring orders to inform the
estimates published in this Final Rule, as discussed in the section-by-section analysis of the largerparticipant test further below.
between nonbanks and depository institutions in order to promote fair competition,130 the CFPB
agrees with commenters who stated that the Proposed Rule would further that objective by
permitting the CFPB to supervise both banks and nonbanks operating in the general-use digital
consumer payment application market and by reducing the competitive advantage nonbanks may
derive from being subject to less supervisory oversight. The CFPB disagrees with the
commenter that characterized the Proposed Rule as a form of “mission creep . . . outside [the
CFPB’s] core jurisdiction.” The commenter did not address the CFPA’s statutory objective of
consistent enforcement of Federal consumer financial law without regard to an entity’s status as
a depository institution. In addition, the CFPB already has enforcement and rulemaking
authority with respect to participants in the market; thus, those entities already fall within the
CFPB’s “jurisdiction” in significant ways.131 The CFPB also disagrees with a related comment
that described the larger participant rule as placing the CFPB in a market gatekeeper role. That
comment appeared to misunderstand the function of larger participant rules, which do not
regulate who enters a market but instead identify “larger participants” for purposes of
section 1024(a)(1)(B). In addition, the CFPB disagrees with some commenters’ suggestion that
the rule should not be issued because of their concerns about the rule potentially making
nonbanks less competitive and frustrating their innovation. As discussed below, the Final Rule
adopts a significantly higher threshold, resulting in fewer market participants qualifying as larger
participants. Even with respect to larger participants, the CFPB does not have evidence to
indicate that the Final Rule is likely to significantly affect innovation.

12 U.S.C. 5511(b)(4).

The CFPB also disagrees with the industry comment suggesting that the Proposed Rule failed to
account for the role of the FTC in promoting competition. As the Proposed Rule explained, it is focused
on the statutory objective (codified in 12 U.S.C. 5511(b)(4)) of ensuring Federal consumer financial law
“is enforced consistently, without regard to the status of a person as a depository institution, in order to
promote fair competition[.]” 88 FR 80197 at 80198 n.5. The CFPB can promote consistent enforcement
of Federal consumer financial law without impeding the FTC’s mission; the two are compatible, and the
CFPB coordinates with the FTC regarding its supervision activities more broadly.
The CFPB also disagrees with those industry comments stating that the Proposed Rule
would not promote consistent enforcement of Federal consumer financial law and fair
competition because the proposed market definition included pass-through payment wallets that
banks do not provide. Banks and credit unions can and do provide payment wallet
functionalities. For example, very large depository institutions offer payment wallet
functionalities that facilitate consumers’ payments from accounts at the depository institution to
make purchases online and in stores.132 In addition, these comments appear to presuppose that
the CFPB can only further the statutory objective of consistent enforcement in this rule if banks
and nonbanks compete to offer precisely the same products in precisely the same manner to
consumers. But the objective of consistent enforcement can also be furthered where the CFPB
has the ability to supervise both nonbanks and depository institutions that play complementary
roles in payment transactions. For example, when a depository institution subject to the CFPB’s
supervisory authority makes its accounts accessible to the consumer through a general-use digital
consumer payment application provided by an unaffiliated nonbank, supervision of both the
depository institution and the nonbank serves the statutory objective described above. Nonbanks
may initiate payments from consumer accounts held at banks and credit unions and engage in a
number of related activities that can implicate Federal consumer financial law compliance
obligations.133 In addition, the CFPB agrees with the credit union association commenter that

For example, an industry association commenter pointed to a new digital wallet called Paze and a
click-to-pay product offered by banks. See also, e,g., Early Warning Services, LLC, Press Release, Paze
Hits Major Milestone: 125 million Credit and Debit Cardholders Can Check out Online (Oct. 1, 2024)
(describing “Paze, a reimagined digital wallet offered by banks and credit unions,” as available for use
with 125 million payment card accounts issued by seven very large banks), https://www.paze.com/pazehits-major-milestone-125-million-credit-and-debit-cardholders-can-check-out-online (last visited
Nov. 7, 2024); Click to Pay with American Express (describing how depository institution offers an
ecommerce payment wallet), https://network.americanexpress.com/globalnetwork/v4/products/click-topay-with-american-express (last visited Nov. 7, 2024). See also CFPB Contactless Payments Spotlight,
supra (n.59 describing how JPMorgan previously provided the Chase Pay app to facilitate consumer
payments for retail purchases).
See, e.g., Board of Gov. of Fed. Rsv. System, FDIC, OCC, Joint Statement on Banks’ Arrangements
with Third Parties to Deliver Bank Deposit Products and Services (July 25, 2024) at 1 (noting how under
certain bank/fintech arrangements, “banks rely on one or multiple third parties to . . . process payments
unaffiliated payment applications can cause burdens on credit unions related to error resolution
and customer service. Where the CFPB can supervise both a nonbank pass-through payment
wallet and a depository institution involved in payments transactions, it is better positioned to
consistently enforce applicable legal obligations with respect to the two entities. Below in the
section-by-section analysis of “wallet functionality,” this Final Rule further discusses the reasons
why pass-through payment wallets are appropriately included in the market definition.
Finally, the CFPB disagrees with the industry association commenter to the extent it was
suggesting that larger participant rules cannot promote fair competition between banks and
nonbanks unless they apply antitrust principles to define the market. For the reasons discussed
below in the section-by-section analysis of the market definition in § 1090.109(a)(1), the purpose
of antitrust law is different from the purpose of larger participant rules and the CFPB does not
apply antitrust law in this rule. Nonetheless, as explained above, banks, credit unions, and their
affiliates can offer and provide covered payment functionalities with general use through digital
applications. In this rulemaking, the CFPB shares the goals expressed by the banking association
and payment network commenters of applying consistent functional oversight to similar
functional activities in this market. And as explained below in the section-by-section analysis of
the market definition, the activities encompassed by the market definition are similar in how they
support, digitally, a common set of payment activities that consumers engage in, such as making
everyday payments to friends and family and for purchases. Relatedly, the CFPB disagrees with
the industry association commenter to the extent it was suggesting that, by not including physical
payment cards in the market, the Final Rule will not promote consistent enforcement of Federal
consumer financial law. For the reasons discussed in the section-by-section analysis further

(sometimes with the ability to directly submit payment instructions to payment networks); perform
regulatory compliance functions; provide end-user facing technology applications; service accounts;
perform customer service; and perform complaint and dispute resolution functions”),
https://www.occ.gov/news-issuances/news-releases/2024/nr-ia-2024-85a.pdf (last visited Nov. 7, 2024).
See id. at 1-3 (describing how deployment of new digital payment technologies create a potential for
insufficient risk management to meet consumer protection obligations such as requirements under
Regulation E to investigate and resolve certain payment disputes within required timeframes).

below, the CFPB concludes the “digital application” component of the market definition is
appropriate. The CFPB already has broad supervisory oversight of the use of physical payment
cards issued by the very large banks and credit unions that it supervises. However, there is a
supervisory gap over the significant role that nonbank larger participants play in facilitating the
use of payment cards through general-use digital consumer payment applications. As described
above, consumer adoption of general-use digital consumer payment applications is very high,
indicating that consumers often prefer them to physical cards. Indeed, in some cases, such as at
the time of origination or card replacement, a nonbank’s general-use digital consumer payment
application may be the only way for the consumer to use the payment card.134 The Final Rule
will fill this gap, which will promote consistent enforcement of Federal consumer financial
law.135
Other regulators’ existing oversight authority
With regard to comments on existing oversight of market participants, the CFPB agrees
with the comment from the group of State attorneys general that stated that the rule would help
existing regulatory oversight efforts in the market and would allow for increased coordination
between Federal and State authorities to prevent unlawful conduct. The Bureau agrees that the
existing regulatory oversight framework governing general-use digital consumer payment
applications is important, but the Bureau believes that establishing its supervisory authority as
part of this framework would better promote compliance with and consistent enforcement of
Federal consumer financial law and help it to detect risks to consumers and the market. The

PULSE, PULSE Debit Issuer Study (Aug. 8, 2024) at 9-10 (reporting that all surveyed issuers report
provisioning debit cards to digital wallets, that 38 percent of debit cards are loaded into digital wallets,
and that digital issuance of debit cards directly to such wallets is the top new capability that debit card
issuers plan to introduce with 50 percent of issuers planning to add this service),
https://content.pulsenetwork.com/2024-debit-issuer-study/2024-pulse-debit-issuer-study (last visited
Nov. 7, 2024).
With respect to what the commenter referred to as food delivery applications and automobile purchase
applications, for the reasons discussed in the section-by-section analysis of the exclusion for certain
merchant and marketplace payment activities in paragraph (C) of the definition of “consumer payment
transaction,” the CFPB believes those are part of a distinct market.
CFPB disagrees with the industry association comment suggesting that the CFPB must determine
whether the market covered by the rule is inadequately supervised before issuing a larger
participant rule; no such requirement appears in the text of the CFPA.136 The CFPB accounts for
existing oversight when evaluating how to exercise its supervisory authority pursuant to CFPA
section 1024(b)(2). Specifically, the CFPB takes seriously its inter-governmental coordination
obligations, described below, and believes that they will promote coordination and minimize
regulatory burden in connection with the CFPB’s exercise of its supervisory authority over larger
participants in this market and the existing regulatory oversight structure at the Federal and State
levels.
For example, as required by the CFPA and explained in the Proposed Rule, the CFPB
coordinates its examination activity, including at nonbanks, with State regulators.137 One
purpose of this coordination is to prevent duplication and unnecessary regulatory burden. That
coordination will address commenter concerns regarding CFPB oversight of larger participants
that may engage in market activity that is subject to State money transmitter laws. In addition,
industry comments often recognized that providers of pass-through payment wallets that do not
hold or receive funds generally are not engaged in money transmission under State laws, and
thus are not subject to State-level supervision.
The CFPB also disagrees with industry comments suggesting that this rule establishing
CFPB authority to supervise larger participants in this market will create CFPB supervisory

See, e.g., 12 U.S.C. 5514(a)(1)(B), (a)(2).

88 FR 80197 at 80198 n.12. See also 12 U.S.C. 5514(b)(2)(D) (CFPB shall exercise its supervisory
authority under 12 U.S.C. 5514(b)(1) in a manner designed to ensure that such exercise takes into
consideration, among other things, the extent to which supervised nonbanks are subject to oversight by
State authorities for consumer protection); 12 U.S.C. 5514(b)(3) (CFPB coordination of supervisory
activities with States); Int’l Money Transfer Larger Participant Rule, 79 FR 56631 at 56632, 56638,
56643 (explaining how the Bureau will coordinate with appropriate State regulatory authorities and will
consider the extent of State supervisory activity when prioritizing individual examinations.); 2013 CFPBState Supervisory Coordination Framework (May 7, 2013) (describing process for CFPB-State
coordination under information-sharing memorandum of understanding),
https://files.consumerfinance.gov/f/201305_cfpb_state-supervisory-coordination-framework.pdf (last
visited Nov. 8, 2024).
activities that are unnecessarily duplicative or burdensome vis-à-vis oversight activities by the
FTC and prudential regulators. Congress has adopted mechanisms to prevent unnecessarily
duplicative or burdensome CFPB supervisory activities in cases where the FTC may exercise
enforcement authority or prudential regulators may exercise supervisory authority over larger
participants.138 Among other things, the CFPB coordinates across its functions with the FTC,
which does not have a supervisory tool.139 In addition, the CFPA provides that the CFPB has
exclusive authority with respect to the prudential regulators to supervise larger participants for
purposes of assuring compliance with Federal consumer financial law.140 Also, consistent with
the requirements of CFPA section 1024(b)(3), the CFPB coordinates with prudential regulators
to minimize the duplication and regulatory burden of supervisory activity pursuant to
memoranda of understanding, including where appropriate at nonbank larger participants.141
Moreover, as discussed above, nonbank larger participants engage in substantial volumes of

Such supervisory authority may exist, for example, where (as noted by the industry commenter)
prudential regulators may examine certain nonbank service providers to banks under authorities such as
the Bank Service Company Act. See generally 12 U.S.C. 1861-67.
The CFPB coordinates with the FTC consistent with its obligations under the CFPA, including
12 U.S.C. 5514(c)(3) and 5581(b)(5). See CFPB-FTC Memorandum of Understanding (Feb. 25, 2019)
(section VII describing how CFPB coordinates its supervision and examination activities with the FTC),
https://files.consumerfinance.gov/f/documents/cfpb_ftc_memo-of-understanding_2019-02.pdf (last
visited Nov. 8, 2024).
12 U.S.C. 5514(c), (d) (describing the extent to which CFPB supervisory and enforcement authorities
are exclusive with respect to nonbank covered persons described in CFPA section 1024(a)(1)). See also
CFPA section 1025(b)(1) (similarly providing that the CFPB has exclusive authority to supervise very
large depository institutions and their affiliates for the purposes listed therein, including assessing
compliance with the requirements of Federal consumer financial laws).
See 12 U.S.C. 5514(b)(3) (“To minimize regulatory burden, the Bureau shall coordinate its supervisory
activities with the supervisory activities conducted by prudential regulators . . . including establishing
their respective schedules for examining persons described in subsection (a)(1) [of CFPA section 1024]
and requirements regarding reports to be submitted by such persons.”). See, e.g., CFPB, Board of Gov. of
Fed. Rsv. System, FDIC, NCUA, and OCC Memorandum of Understanding (MOU) on Supervisory
Coordination (May 16, 2012) at 2 (noting how CFPA sections 1024(b)(3)-(4) and 1025(b)(2) require the
CFPB to “coordinate its supervisory activities with the supervisory activities conducted by the Prudential
Regulators, including consultation regarding their respective schedules for examining Covered
Institutions and requirements regarding reports to be submitted by Covered Institutions.”),
https://files.consumerfinance.gov/f/201206_CFPB_MOU_Supervisory_Coordination.pdf (last visited
Nov. 7, 2024); see also id. (listing objectives of the MOU, including “[a]void[ing] unnecessary
duplication of effort” and “[m]inimiz[ing] unnecessary regulatory burden”); id. at 8 (“The CFPB and
Prudential Regulators will coordinate in connection with examinations that relate to Covered Supervisory
Activities of Covered Institutions’ Service providers”).
market activity with interconnection across the U.S. financial system. CFPB supervision of
nonbank larger participants can assess compliance with the requirements of Federal consumer
financial law across their various market activities, which involve interactions with banks and
credit unions overseen by various Federal prudential regulators. Thus, CFPB oversight of larger
participants can ensure consistent enforcement of Federal consumer financial law and
complement the oversight of the Federal prudential regulators.
CFPB’s existing enforcement and market-monitoring authorities
The CFPB disagrees with those industry commenters suggesting that it cannot use its
larger participant rulemaking authority to establish supervisory authority in this market due to
the existence of the CFPB’s enforcement and market-monitoring authorities. The CFPA
identifies supervision of nonbank covered persons under CFPA section 1024 as a primary
function of the CFPB.142 Sections 1024(a)(1)(B) and (2) of the CFPA specifically empower the
CFPB to prescribe larger participant rules for the purpose of authorizing CFPB supervision, and
those provisions contain no requirement that a larger participant rule consider the adequacy of
the CFPB’s other authorities or functions.143 Given the statutory scheme in the CFPA, any larger
participant rule will generally apply to nonbank covered persons that also are subject to the
CFPB‘s market-monitoring and enforcement authorities. These comments thus appear to reflect,
in large part, a policy disagreement with Congress’s decision to give the CFPB the ability to
supervise nonbank larger participants of markets for consumer financial products and services it
defines by rule in addition to its other authorities.
Further, as the Proposed Rule noted and as also discussed above, supervision can serve an
important function that is distinct from and complementary to enforcement and market

See 12 U.S.C. 5511(c)(4) (listing supervision of covered persons, including nonbank covered persons,
as one of the CFPB’s “primary functions”).
By contrast, in allocating its supervisory resources under CFPA section 1024(b)(2) the CFPB
considers, among other things, “the extent to which such institutions are subject to oversight by State
authorities for consumer protection.” 12 U.S.C. 5514(b)(2)(D).
monitoring.144 For example, supervision can benefit consumers and providers by detecting
compliance problems early, at a point when correcting the problems would be relatively
inexpensive and before many (or many more) consumers have been harmed.145 In addition, the
CFPB conducts its supervisory activities not only for the purposes of assessing compliance with
the requirements of Federal consumer financial law, but also for purposes of obtaining
information about the person’s activities and compliance systems or procedures and detecting
and assessing risks to consumers and markets. These latter two purposes of its supervisory
activities generally are distinct from its enforcement activities, which focus on addressing
violations of Federal consumer financial law.146 In addition to promoting compliance in their
own right, those activities also help to inform CFPB decisions regarding when to initiate
enforcement activity. Similarly, CFPB supervisory and examination activity at individual firms
can inform how the CFPB conducts market-wide monitoring. The CFPB’s market monitoring
function also can support decisions about when to initiate supervisory activity. For example,
under CFPA section 1022(c)(1), the CFPB may use its market monitoring to support its
functions, including to inform its prioritization of its nonbank supervision examination activities
at larger participants.147
The Final Rule does not implicate the “major questions” doctrine
The CFPB disagrees with comments stating that the Rule implicates the “major
questions” doctrine, which is reserved for “extraordinary cases” in which the “history and the
breadth of the authority that the agency has asserted” and the vast “economic and political
significance” of the assertion of authority by the agency “provide a reason to hesitate before

88 FR 80197 at 80212-13.

See also CFPB Supervision Director, What new supervised institutions need to know about working
with the CFPB (Jan. 9, 2023) (“Supervisory activities may help entities identify issues before they
become systemic or cause significant harm.”), https://www.consumerfinance.gov/about-us/blog/whatnew-supervised-institutions-need-to-know-about-working-with-the-cfpb/ (last visited Nov. 7, 2024).
146

12 U.S.C. 5511(c)(4).

See 12 U.S.C. 5512(c)(1).

concluding that Congress meant to confer such authority.”148 As noted above, the Final Rule
does not impose any new substantive consumer protection requirements on larger participants.
Because general-use digital consumer payment applications are consumer financial products and
services as defined in the CFPA,149 the CFPB already has enforcement authority, marketmonitoring authority, and rulemaking authority with respect to nonbank covered persons
participating in the market for general-use digital consumer payment applications. Whether or
not the CFPB may exercise one additional form of authority – supervision – over a group of
larger participants in that market is not a question of vast economic and political significance in
the sense recognized by courts.150 In this regard, the CFPB notes that one nonprofit commenter
confuses the overall dollar value of transactions through digital wallets (which the commentator
estimates at almost $1 trillion) with the economic impact of this larger participant rulemaking,
which is of course vastly smaller.151
CFPB examinations of larger participants
With respect to comments on the statement in the Proposed Rule noting that the CFPB’s
supervisory authority is not limited to the consumer financial products or services that qualified a
person for supervision, the CFPB clarifies it is not relying on that position as a rationale for the
Final Rule or as authority for issuing the Final Rule, and that the CFPB would finalize the market

W. Virginia v. EPA, 597 U.S. 697, 721 (2022) (cleaned up).

See nn.241-42 infra (noting explanation in Proposed Rule, 88 FR 80197 at 80205 nn.64-65).

Cf., e.g., Biden v. Nebraska, 143 S. Ct. 2355, 2373-74 (2023) (citing an estimate that the agency’s
action would “cost taxpayers between ‘$469 billion and $519 billion’” and that it implicated a “matter of
earnest and profound debate across the country”).
Similarly, the CFPB’s statements in press materials cited by the commenter do not suggest that this
rulemaking would have a vast economic impact. The costs and benefits of this rulemaking are further
discussed below. The CFPB also disagrees with the commenter that section 1024(a)(1)(B) would need to
refer specifically to “digital wallets” to authorize this rulemaking. By that logic, there could be no larger
participant rulemakings because section 1024(a)(1)(B) refers to markets for “other consumer financial
products or services” without expressly identifying particular consumer financial products and services.
definition, market-related definitions, and larger-participant test as currently formulated in this
Final Rule irrespective of the existence of that position.152
109(a)(1) Market definition—providing a general-use digital consumer payment application
Proposed Rule
Proposed § 1090.109(a)(1) would have described the market for consumer financial
products or services covered by the Proposed Rule as encompassing “providing a general-use
digital consumer payment application.” The term would have been defined as providing a
covered payment functionality through a digital application for consumers’ general use in
making consumer payment transaction(s). This term incorporated other terms defined in
proposed § 1090.109(a)(2): “consumer payment transaction(s),” “covered payment
functionality,” “digital application,” and “general use.” The term “covered payment
functionality” would have included a “funds transfer functionality” and a “wallet functionality,”
terms which proposed § 1090.109(a)(2) also would have defined.153 The Proposed Rule sought
comment on all aspects of the proposed market definition, including whether the market
definition in proposed § 1090.109(a)(1) or the market-related definitions in proposed

Nonetheless, the CFPB notes that it explained the basis for this interpretation in its first larger
participant rulemaking, for the consumer reporting market, where it noted that the “Dodd-Frank Act
authorizes the Bureau to supervise ‘covered person[s]’ described in 12 U.S.C. 5514(a)(1)(A) through
(E)[]” and that supervision of certain other activities of such persons “is consistent with the purposes that
the Dodd-Frank Act sets out for the Bureau’s supervisory activities” set forth in 12 U.S.C. 5514(b)(1).
See 77 FR 42874 at 42880; see also 12 U.S.C. 5514(a)(1)(B) (providing that “this section shall apply to
any covered person” that is a nonbank “larger participant of a market for other consumer financial
products or services” as defined by rule); 12 U.S.C. 5514(b)(1) (providing that “[t]he Bureau shall require
reports and conduct examinations on a periodic basis of persons described in [12 U.S.C. 5514(a)(1)] for”
certain listed purposes). The CFPB disagrees with certain commenters’ suggestion that the reference to
“relevant product markets and geographic markets” in the provision describing the operation of the
CFPB’s risk-based supervision program (12 U.S.C. 5514(b)(2)) was intended to impliedly limit the scope
of the CFPB’s supervisory authority under 12 U.S.C. 5514(a)(1) and (b)(1) to only the consumer financial
products and services described in the larger participant rule. The CFPB also disagrees that this
interpretation implicates the major questions doctrine for reasons discussed above in the CFPB’s response
to other comments about that doctrine.
The term “consumer payment transaction(s)” also would have incorporated another term – “State,”
which proposed § 1090.109(a)(2) would have defined.
§ 1090.109(a)(2), discussed in the section-by-section analysis below, should be expanded,
narrowed, or otherwise modified.
Comments Received
Several commenters addressed the proposed market definition overall. The Final Rule
summarizes those comments in this section-by-section analysis of the market definition in
§ 1090.109(a)(1). In addition, some comments addressed certain specific defined terms used in
the market definition or called for certain exclusions or additions to the market by modifying
those defined terms. The Final Rule summarizes and responds to those comments in the sectionby-section analysis of the market-related definitions in § 1090.109(a)(2) below.
As discussed above, some commenters expressed support for the Proposed Rule to
establish supervisory authority over the market that includes funds transfer apps and wallet
functionalities with general use that nonbank covered persons provide to consumers through
digital applications. For example, as described above, a group of State attorneys general stated
that the CFPB’s supervisory oversight of larger participants in this market would help to promote
compliance with Federal consumer financial law and to detect and assess risks posed by this
emerging financial market and market participants. Banking and credit union associations, as
well as a payment network and nonprofit, also supported CFPB supervisory oversight of larger
participants in the proposed market, as described in the summary of general comments above.
As also described above, consumer group comments also were supportive of the scope of the
market activities defined in the Proposed Rule, while calling for certain scope expansions, as
discussed further below. In addition, an industry association expressed general support for the
proposal to define a market that allows the CFPB to oversee entities with varied business models.
Other commenters disagreed with the approach to market definition in the Proposed Rule.
For example, some industry commenters stated that larger participant rules must apply antitrust
law market definition principles because, in their view, the statutory provision in CFPA
section 1024(a)(1)(B) authorizing CFPB rules to define larger participants of “a market”

incorporates those principles. Some of these commenters did not provide a legal basis for this
view. Others, such as three industry trade associations, cited Congress’ use of the phrase
“relevant product markets” in an adjacent provision, CFPA section 1024(b)(2), and suggested
that the term “market” in section 1024(a)(1)(B) is implicitly limited by the phrase “relevant
product market.”154 They further suggested that the terms “market” and “relevant product
market” should be understood to incorporate antitrust case law discussing the boundaries of a
market for purposes of evaluating the viability of an antitrust claim, including cases holding that
a group of products are in the same market under antitrust law if they are reasonably
interchangeable by consumers for the same purposes.155 Two of these industry associations also
stated that Congress included the requirement in CFPA section 1024(a)(2) that the CFPB consult
with the FTC prior to issuing a larger participant rule because of the FTC’s role in enforcing
Federal antitrust laws.156 These commenters therefore concluded that a larger participant rule
must define “a market” that qualifies as a “relevant product market” within the meaning of
antitrust law.157
Those commenters and several other comments from industry, nonprofits, and Members
of Congress also disagreed with the proposed market on the grounds that it was overbroad,
conflating several markets into one. For example, a comment from Members of Congress stated
that in their view, the proposal sought to cover different markets such as peer-to-peer services,
stored value accounts, neobanking, merchant payment processing, and payment credential

Section 1024(b)(2) calls for the CFPB to exercise its authority in CFPA section 1024(b)(1) to require
reports and examinations of nonbank covered persons described in CFPA section 1024(a)(1) “in a manner
designed to ensure that such exercise . . . is based on the assessment by the Bureau of the risks posed to
consumers in the relevant product markets and geographic markets,” and taking into consideration certain
factors further specified in CFPA section 1024(b)(2).
See, e.g., United States v. E.I. du Pont de Nemours & Co., 351 U.S. 377, 395 (1956). One commenter
also cited a European regulation in support of its position.
The summary and response to comments regarding the FTC consultation process is included in part IV
above.
Two of the industry associations also indicated that the Proposed Rule did not do so because antitrust
law market definition requires examining the factors that influence consumer choices, and the Proposed
Rule did not discuss those factors.
management.158 In addition, some industry associations stated that the proposed market would
not qualify as a valid market because it groups together four different types of activities that, in
their view, are not economic substitutes. They stated that these activities function in different
ways and meet different needs and use cases. They described four of these activities as follows:
(1) drawing from a stored balance held by the company; (2) routing funds held in a third-party
bank account for transmission to a recipient; (3) charging or offering a payment method for
consumer purchases in a manner that is excluded from State money transmitter regulations;159
and (4) storing and transmitting payment credentials without participating in the flow of funds
from the consumer to the recipient. They also stated that digital applications for person-toperson transfers and digital applications for processing payments for merchants are different and
present different risks of consumer harm. Because these activities in their view constitute
separate markets, they stated that the Proposed Rule deviated without justification from previous
larger participant rules that did not encompass multiple markets.160
More broadly, an industry association also stated that the market includes “P2P” and
digital wallet functionalities that, in their view, are not reasonably interchangeable because they
provide “similar” but “differentiated” services to consumers. Another industry association stated
that consumers rely on funds transfer functionalities and wallet functionalities in different ways,
and that these functionalities sometimes, but not always, may be interrelated. They stated that
the CFPB should do a “piecewise analysis” of these functionalities, separately analyzing how
consumers rely upon them. They stated that wallet functionalities initiate funds transfers but are
subject to Regulation E only when they store funds. They suggested that the Proposed Rule did

However, as discussed above, the market is not based on providing a stored value account. And as
discussed below under “covered payment functionality,” the market definition generally does not apply to
merchant payment processors.
They added that State money transmitter regulation excludes this activity because, in their view, the
activity poses low risks.
As an example, they cited the international money transfer larger participant rule in which the CFPB
declined to include the domestic money transfer market.
not establish a purpose for including wallet functionalities in the market when they do not store
funds. An industry firm and two nonprofits suggested that wallet functionalities that do not store
funds instead facilitate consumers’ payments for purchases from merchants by storing and
transmitting payment credentials for accounts held at third-party financial institutions the CFPB
already supervises. They described that activity as part of a separate market from the other
payment functionalities included in the proposed market. They stated that the CFPB’s proposal
to include such wallet functionalities in the proposed market does not reflect the sensitivity the
CFPB has shown to differences among other consumer financial products and services, such as
consumer reporting, consumer debt collection, and student loan servicing, by covering them in
separate larger participant rulemakings defining separate markets.161
A nonprofit commenter described the proposed market as being composed of multiple
sectors, including the first three groups of activities listed by the industry association comments
described above, as well as what they described as fully online fintech firms such as “neobanks”
and money transmitters. In its view, consumers interact with these products differently and rely
on them for different purposes, and each presents different consumer harms.
Response to Comments Received
As an initial matter, the CFPB disagrees with some industry commenters’ novel
suggestion that larger participant rules must define a market that would qualify as a market under
antitrust law. In the CFPB’s international money transfer larger participant rulemaking, large
providers of international money transfers urged the CFPB to take the opposite position – i.e., to
state that larger participant rules do not define “markets” for purposes of antitrust law. In
response, the CFPB so clarified.162

This commenter and another industry association suggested this approach was inconsistent with how a
previous larger participant rule engaged in “tailor[ing]” of the rule. 78 FR 73383 at 73397. However, the
quoted portion of the previous rule addressed the tailoring of the larger-participant test to the market at
hand, which was not the subject of the comments described here.
See Comment on proposed international money transfer larger participant rule by Dolex Dollar
Express, Inc., MoneyGram Payment Systems, Inc., RIA Financial Services, Sigue Corporation, and
Having carefully considered commenters’ arguments, the Final Rule maintains the
position announced in the international money transfer larger participant rule for several reasons.
As explained below, the market definition in the Final Rule fits within a more general
understanding of the term “market” reflected in CFPA section 1024(a), which does not require
application of antitrust law. First, commenters have not identified any language in CFPA
section 1024, or any legislative history, that expressly refers to antitrust statutes, antitrust
caselaw, or antitrust concepts of a market such as substitutability and reasonable
interchangeability. Instead, the commenters’ argument depends on an attenuated and
unpersuasive argument that (1) reads the term “market” in section 1024(a)(1)(B) as being
implicitly limited by the phrase “relevant product market” in a separate provision, section
1024(b)(2); and then (2) further suggests that the phrase “relevant product market” in section
1024(b)(2) was meant to implicitly import antitrust concepts of substitutability and reasonable
interchangeability into the CFPB’s larger participant rulemakings under section 1024(a)(1)(B).
Second, section 1024(a)(1)(B) gives authority to the CFPB to define by rule a larger participant
of “a market for other consumer financial products or services[.]”163 That phrasing is
meaningful because CFPA section 1024(a) enumerates, in paragraphs (A), (D), and (E) three
categories of consumer financial products and services over which the CFPB has supervisory
authority. Legislative history suggests that Congress understood each to be a separate “market”
in a general sense.164 The first category encompasses an array of different services that broadly

Western Union Financial Services, Inc. (April. 1, 2014) (2014 Industry Comment Letter) at 5 (“[T]he
term ‘market’ for purposes of defining a larger participant should not be used in the absence of cautionary
language to make clear that the term is not reflective of a Bureau determination of ‘market’ for antitrust
purposes.”), https://www.regulations.gov/comment/CFPB-2014-0003-0014 (last visited Nov. 7, 2024);
CFPB, Final International Money Transfer Larger Participant Rule, 79 FR 56631 at 56635 n.43 (stating in
response to comment that in its larger participant rulemakings “[t]he Bureau neither defines markets for
purposes of antitrust law, nor intends the market definition in this Final Rule to be used for any purpose
other than determining larger-participant status”).
12 U.S.C. 5514(a)(1)(B).

The Senate Report to the CFPA describes the “mortgage market” that is the subject of CFPA section
1024(a)(1)(A) as “consist[ing] of more than 25,000 lenders, servicers, brokers, and loan modification
relate to mortgage loans (the “origination, brokerage, or servicing of [mortgage] loans” and also
“loan modification and foreclosures relief services in connection with such loans”).165 Another
category is “private education loans,” which are generally understood to be part of a broader
market for educational financing that also includes Federal student loans.166 The third category
is “payday loans,” which are understood to compete with other types of higher-cost credit such
as title loans and installment loans.167 These categories thus do not describe consumer financial
products and services that correspond to the strict antitrust conception of a market, which
undercuts the suggestion that the term “market” in section 1024(a)(1)(B) should be understood to
implicitly incorporate antitrust concepts.168 Third, the purpose of defining a “relevant product
market” under antitrust law is to determine whether a firm can exert monopoly power in a market

firms that would be subject to Bureau supervision and enforcement.” S. Rep. 111-176 (Apr. 30, 2010) at
163.
12 U.S.C. 5514(a)(1)(A); see, e.g., CPFB, Final Rule, Mortgage Servicing Rules Under the Real Estate
Settlement Procedures Act (Regulation X), 78 FR 10696, 10699 (Feb. 14, 2013) (providing an overview
of the “mortgage servicing market” within the context of the “mortgage market” that is “broader”).
12 U.S.C. 5514(a)(1)(D); see, e.g., CFPB, Final Rule, Defining Larger Participants of the Student
Loan Servicing Market, 78 FR 73383, 73385 (Dec. 6, 2013) (“[t]he student loan servicing market is
comprised of entities that service Federal and private student loans that have been disbursed to pay for
post-secondary education expenses”); Kelly D. Edmiston, Lara Brooks, and Steven Shepelwich, Fed. Rsv.
Bk. of Kansas City Research Working Paper 12-05, “Student Loans: Overview and Issues (Update)”
(Aug. 2012 rv. Apr. 2013) at 4 (“The student loan market is made up of federal and ‘private’ student
loans. Federal student loans are those that are listed under Title IV of the Higher Education Act. Private
student loans are those made by depository and non-depository financial institutions (banks) and nonprofit lenders (states).”), https://www.kansascityfed.org/documents/5428/rwp1205edmistonbrooksshepelwich.pdf (last visited Nov. 7, 2024).
12 U.S.C. 5514(a)(1)(E); see, e.g., CFPB, Final Rule, Payday, Vehicle Title, and Certain High-Cost
Installment Loans, 82 FR 54472, 54475 (Nov. 17, 2017) (referring to payday loans as part of a “broader
set of liquidity loan products that also includes certain higher-cost longer-term installment loans” that are
sometimes referred to as “payday installment loans”); NCUA, Final Rule, Payday Alternative Loans,
84 FR 51942 (Oct. 1, 2019) (authorizing credit unions to originate certain higher-cost installment loans
with a term of up to 12 months to compete with payday loans).
Similarly, larger participant rulemakings only apply to nonbank covered persons, and not to insured
depository institutions, insured credit unions, and certain of their affiliates that may compete with
nonbanks (and that may be subject to CFPB supervision under section 1025 or certain CFPB supervisory
activities described under section 1026). See 12 U.S.C. 5514(a)(3)(A). If Congress had intended larger
participant rulemakings to define a market for antitrust purposes, it presumably would have expressly
accounted for how insured depository institutions, insured credit unions, and certain of their affiliates
participate in such markets too.
and thereby profit from supra-competitive pricing.169 Market power and the analysis of it
generally is the domain of antitrust law, not the Federal consumer financial law over which the
CFPB has authority. Commenters have not presented any persuasive reason why Congress
would have wanted the terms “market” and “relevant product market” in section 1024 to be
limited by reference to antitrust laws that the CFPB does not enforce and that do not concern the
CFPB’s supervisory function.
In addition, the CFPB disagrees with comments suggesting that the FTC consultation
requirement in section 1024(a)(2) compels the conclusion that the term “market” should be
interpreted by reference to antitrust law.170 The commenters cite no legislative history or other
evidence supporting their position, and the provision itself does not reference the FTC’s
competition mission or its Bureau of Competition. The FTC also has a consumer protection
mission171 and it has certain overlapping authority with the CFPB over nonbanks that provide
consumer financial products and services, which generally would include nonbanks that qualify
for supervision as a larger participant.172 Given that overlap, the CFPA includes various
provisions requiring the CFPB to coordinate or consult with the FTC.173 In that context, there is

See, e.g., Thomas G. Krattenmaker, Robert H. Lande, Steven C. Salop, Monopoly Power and Market
Power in Antitrust Law, 76 Geo. L. J. 241, 255 (1987) (noting that “antitrust law now requires proof of
actual or likely market power or monopoly power to establish most types of antitrust violations” and
“market power and market definition are closely related, because a relevant market is that group of firms
that significantly constrains each other’s pricing and output decisions.”),
https://www.justice.gov/archives/atr/monopoly-power-and-market-power-antitrust-law (last visited Nov.
7, 2024); Louis Kaplow, On the Relevance of Market Power, 130 Harv. L. Rev. 1303, 1304 n.1 & 1366
(2017) (noting that “[i]t is familiar that market power is a prerequisite for most types of competition law
violations[,]” listing different violations that depend on establishing market power, and noting how the
“relevant market” is the frame of reference for assessing whether a firm has monopoly power for purposes
of a Sherman Act violation).
170

See 12 U.S.C. 5514(a)(2).

See, e.g., What the FTC Does, https://www.ftc.gov/news-events/media-resources/what-ftc-does (last
visited Nov. 7, 2024) (noting “the Agency’s two primary missions: protecting competition and protecting
consumers”).
12 U.S.C. 5581(b)(5)(A) (transferring FTC’s authority to prescribe rules under an enumerated
consumer law to the CFPB, but not its enforcement authority).
See, e.g., 12 U.S.C. 5514(c)(3) (requiring CFPB and FTC agreement for coordinating on enforcement
actions regarding nonbanks subject to its supervisory authority); 12 U.S.C. 5581(b)(5)(D) (requiring
little reason to interpret the consultation requirement in section 1024(a)(2) as reflecting an
unstated Congressional intention that the term “market” be interpreted by reference to antitrust
law.174
More generally, the CFPB agrees with the comments that expressed support for the
proposed market definition as describing a set of activities that most consumers in the United
States regularly rely upon to conduct a significant portion of their everyday payments. These
everyday financial transactions involve making payments to multiple unaffiliated persons, as
described further below in the section-by-section analysis of the revised definition of “general
use” adopted in the Final Rule. The universe of potential recipients for consumer payment
transactions can vary from one general-use digital consumer payment application to another.
Some peer-to-peer payment applications facilitate payments to multiple consumers. Others
facilitate payments to multiple unaffiliated merchants. As discussed further below, the general
trend in the market is to facilitate payments to some combination of both. That is, many of the
well-known market participants bundle together different payment methods for consumers to
make payments to friends, family, and merchants.
Depending on the market participant and which payment method the consumer selects,
the general-use digital consumer payment application provider may hold the funds used to make
a payment or they may be held by a third-party financial institution. Regardless of who holds the
funds used for a payment, market participants share the common activity of facilitating consumer
payments transactions by providing payments data processing products and services to

coordination between CFPB and FTC in certain rulemakings “that apply to a covered person or service
provider with respect to the offering or provision of consumer financial products and services[.]”).
In addition, it is not necessary to define an antitrust market for the rule to help the CFPB to ensure
consistent enforcement of Federal consumer financial law between nonbanks and depository institutions
in order to promote fair competition. For the reasons discussed in the response to general comments
above, the CFPB concludes the Final Rule would serve that purpose based on the market it defines.
consumers through digital applications.175 In light of these considerations, and as further
discussed below, the Final Rule reasonably defines a market that comfortably fits within the
parameters Congress set for markets in CFPA section 1024(a)(a)(1)(B).176
The CFPB disagrees with the conclusions by some industry and nonprofit commenters
that the proposed market does not describe a valid “market” for purposes of CFPA
section 1024(a)(1)(B).177 That includes industry comments suggesting that the CFPB cannot
reasonably define a single market that encompasses consumer financial products and services
that facilitate digital payments with different purposes, such as payments to friends and family
and payments for purchases. Similarly, the CFPB disagrees with comments suggesting that it
cannot reasonably define a market that encompasses the facilitation of consumer payments using
different payment methods or accounts, such as stored value accounts held with the market
participant, third-party banak accounts, and payment cards issued by third party financial
institutions such as debit cards and credit cards. These comments appear to rely on an unduly
See also discussion under “covered payment functionality” of comments seeking exclusion of
nonbanks providing payment services in partnership with banks. Some market activity such as that of
P2P payment apps often consists of consumer financial products and services that rely upon both funds
transmitting and payments data processing, while other types of market activity, such as pass-through
payment wallets, may be more limited to payments data processing. As the CFPB recently explained in
another rulemaking, CFPA section 1002(15)(A)(vii) encompasses activity that “extends beyond payment
processing to broadly include other forms of financial data processing, including where the financial data
are processed in connection with other financial or non-financial products and services.” 88 FR 74796,
74842 (Oct. 31, 2023) (proposed rule); see also 89 FR 90838 at 90955 (same point in final rule).
Providing payments data processing in connection with funds transmitting is simply one example of this.
See also CFPA section 1002(5)(A) (defining a “consumer financial product or service” as including a
financial product or service that is described in “one or more categories under” CFPA section 1002(15)).
Contrary to the suggestion of some commenters, grouping activities that are in some ways different
into a single market is not a departure from previous larger participant rulemakings. See 77 FR 42874 at
42886 (consumer reporting larger participant rule concluding that “resellers, national credit repositories,
specialty consumer reporting agencies, analyzers, and others engaged in consumer reporting activities as
defined in the final rule are properly included in a single market” because “[t]hese different types of firms
all participate in the process of preparing consumer financial information for use in decisions regarding
consumer financial products or services”); 77 FR 9592 at 9598 (Feb. 17, 2012) (discussing difficulty
separating business models of third-party debt collectors, debt buyers, and collection attorneys because
“[s]ome third-party debt collectors also buy debt, and debt buyers may utilize in-house or third-party
collectors. Similarly, collection attorneys and law firms may, in addition to representing debt owners,
buy debt and collect on their own behalf.”).
To the extent commenters criticized the proposed market as invalid based on its limitation to payment
functionalities provided through “digital applications” with “general use,” the Final Rule discusses those
comments in the section-by-section analysis of those defined terms below.
narrow view of the meaning of the term “market” in the CFPA, which as discussed above in
response to antitrust-related comments Congress used in a more general sense. To that end, the
Final Rule reasonably defines a market that comports with the range of “markets” in subsections
(A), (D), and (E) of section 1024(a)(1) that Congress appears to have referenced in using the
term “other markets” in section 1024(a)(1)(B).
In addition, these comments ignored or did not adequately account for how often
companies provide a single general-use digital payment application with covered payment
functionalities that facilitate consumer payment transactions with either purpose (to pay friends
and family and to make purchases), often offering multiple payment methods for transactions
with either purpose. In the CFPB’s experience and expertise, informed by its market monitoring
and other activities, well-known market participants increasingly provide general-use digital
consumer payment applications that bundle together options to make payments for these
different purposes and payment methods, often in a manner that appears seamless to the
consumer as described below. This assessment, focusing on the commonality across market
participants’ activities, also is consistent with market research described in the Proposed Rule
and discussed further below, and even some industry associations’ own presentation of these
activities in other settings.178
Many well-known market participants bundle offerings of both peer-to-peer (P2P) and
payments for purchases – sometimes in a formal and explicit manner, other times less so.

This trend predates 2024. See, e.g., Testimony of Scott Talbott, Sr. Vice President of Government
Affairs, Electronic Transactions Association (ETA), House Cmttee. on Fin. Servs, Serial No. 117-82
(Apr. 28, 2022) at 52 (“Digital wallets can be defined broadly to include mobile and other online
applications that allow users to process payments, access account information, and pay for services.
Digital wallets provide users with access to stored payment credentials, which may include a credit or
debit card, bank account, or, less commonly, a prepaid or gift card linked to the phone or app. This
technology has gained popularity with consumers as a safe and convenient way to transmit funds in
multiple settings, including for online purchases, payments at brick-and-mortar retailers, and person-tobusiness (i.e., bill pay) and P2P transfers. The concept of the digital wallet has been swiftly embraced by
the public due to its ease of use. The user just has to download and register a mobile wallet on his or her
phone.”), https://www.congress.gov/117/chrg/CHRG-117hhrg47649/CHRG-117hhrg47649.pdf (last
visited Nov. 7, 2024).
Comments from several Members of Congress highlighted the degree to which sole proprietors
and other small businesses rely on market participants to accept payments. While larger
merchants may accept these payments by entering into formal merchant acceptance agreements,
small businesses such as sole proprietors may simply enroll their bank account in a P2P payment
service to receive funds from consumers.179 As the Proposed Rule noted, by 2022, an industry
report found that 82 percent of small business merchants surveyed accepted at least one P2P
payment option.180 Research by a major payment network similarly describes how small and
medium businesses are paid not only through “mobile wallets” but also through “mobile
payment apps.”181 Moreover, recent market research found that nearly half of U.S. consumers

One government report estimated that in tax year 2017, three P2P apps alone filed U.S. tax reports (at
a reporting threshold of $20,000) disclosing nearly $200 billion in payments to businesses through those
platforms. Treasury Inspector General For Tax Administration, The Internal Revenue Service Faces
Challenges in Addressing the Growth of Peer-to-Peer Payment Application Use, Report No. 2021-30-022
(Apr. 22, 2021) at 6 (Figure 3), https://www.tigta.gov/sites/default/files/reports/202207/202130022fr_4.pdf (last visited Nov. 7, 2024). In some contexts, the bundling of the two types of
payments has been so seamless that the payment apps themselves have not been able to effectively
disentangle personal payments from purchases. See 26 U.S.C. 6050W (“Returns relating to payments
made in settlement of payment card and third party network transactions”); IR-2023-221 (Nov. 21, 2023)
(describing phase-in transition years where reporting not required unless payees receive over $20,000 for
more than 200 transactions in tax year 2023, and more than $5,000 for tax year 2024),
https://www.irs.gov/newsroom/irs-announces-delay-in-form-1099-k-reporting-threshold-for-third-partyplatform-payments-in-2023-plans-for-a-threshold-of-5000-for-2024-to-phase-in-implementation (last
visited Oct. 24, 2024).
TSG: Merchants Offering P2P Payments (reporting results of TSG and Electronic Transactions
Association survey of over 500 small businesses merchants), cited in Proposed Rule at n.30. For
example, some of these apps began by offering only P2P payments focused on paying friends and family,
but then leveraged that feature to gain formal merchant acceptance. See, e.g., eBay, eBay Launches
Venmo as a Payment Option, a Continued Push to Expand Ways to Pay and Invest in Digital Natives
(June 13, 2024), https://www.ebayinc.com/stories/news/ebay-launches-venmo-as-a-payment-option-acontinued-push-to-expand-ways-to-pay-and-invest-in-digital-natives (last visited Nov. 7, 2024); James
Pothen, Cash App exec hints at Square integration (June 3, 2024),
https://www.paymentsdive.com/news/square-cash-app-pos-p2p-block-jack-dorsey-retail-point-of-salestrategy/717753/ (last visited Nov. 7, 2024).
VISA Global Back to Business Study (7th ed. 2023) (describing multinational survey of plans for
digital payment option acceptance by small and micro businesses (SMBs) including in the United States
indicating 55 percent of SMBs planned to accept “mobile payment apps” in 2023 and 50 percent planned
to accept “mobile wallets”), https://usa.visa.com/content/dam/VCOM/blogs/visa-back-to-business-7-onepager-september-2023.pdf (last visited Nov. 7, 2024). A recent Forbes survey similarly described how
both “digital wallet apps” and “[p]eer-to-peer apps” are popular ways for consumers to make retail
purchases. Amanda Claypool, 53% Of Americans Use Digital Wallets More Than Traditional Payment
Methods: Poll (updated Aug. 25, 2023), https://www.forbes.com/advisor/banking/digital-walletspayment-apps/ (last visited Nov. 7, 2024). For example, Amazon, which provides Amazon Pay, also had
a brief partnership with Venmo. See PYMNTS.COM, Venmo No Longer Accepted on Amazon in
surveyed reported using a P2P app for purposes such as making purchases with payment cards
and bill pay functions. The report concluded that “P2P apps are at an inflection point,
transitioning from single-purpose apps to additional, more robust, and often-bundled product
features.”182
Meanwhile, as suggested by comments from consumer groups, other digital wallets
gained market share by offering formal merchant acceptance but then began to promote a P2P
payment feature.183 For example, as consumer group commenters pointed out, PayPal, which
initially grew as a payment functionality for merchants selling goods and services through an
affiliated company’s online marketplace, has long since graduated to offering a broader range of
services including peer-to-peer payments.184

January (Dec. 7, 2023), https://www.pymnts.com/amazon-payments/2023/amazon-will-discontinuevenmo-payments-in-january/ (last visited Nov. 7, 2024).
Marqueta, 2024 State of Payments Report at 39, https://www.marqeta.com/state-of-payments (last
visited Aug. 1, 2024). See also Press Release, Venmo Introduces the Ability to Schedule Payment
Requests (Oct. 9, 2024) (reporting that “more than 84% of consumers have used a peer-to-peer service
with common payments including monthly rent, utilities, and other regular living expenses[]” as found in
a 2022 survey by Lending Tree at https://www.lendingtree.com/personal/peer-to-peer-services-survey/
(last visited Nov. 7, 2024)), https://newsroom.paypal-corp.com/2024-10-09-Venmo-Introduces-theAbility-to-Schedule-Payments-and-Requests (last visited Nov. 7, 2024).
Apple, New features come to Apple services this fall (June 11, 2024) (describing new “Tap to Cash”
feature that can be used with existing Apple Cash stored value product),
https://www.apple.com/newsroom/2024/06/new-features-come-to-apple-services-this-fall/ (last visited
Nov. 7, 2024); Business Wire, VISA Reinvents the Card, Unveils New Products for Digital Age (May 15,
2024) (provider of Click-to-Pay ecommerce wallet describing new mobile device app-based feature for
VISA cards “Tap to P2P (person-to-person): Allows money to be sent between family and friends”),
https://www.businesswire.com/news/home/20240515563838/en/ (last visited Nov. 7, 2024).
Compare PayPal, Inc. Form S-1 (Sept. 28, 2001) at 5 (“We depend on online auction transactions for a
significant percentage of our payment volume.”),
https://www.sec.gov/Archives/edgar/data/1103415/000091205701533855/a2059025zs-1.htm, with eBay
Press Release, eBay Inc. Board Approves Completion of eBay and PayPal Separation (June 26, 2015),
https://www.ebayinc.com/stories/news/ebay-inc-board-approves-completion-of-ebay-and-paypalseparation/ (last visited Nov. 7, 2024) & PayPal, Send money to just about anyone, anywhere (website
FAQ describing how consumers can use the PayPal app to “[s]end money online to friends and family in
the US”), https://www.paypal.com/us/digital-wallet/send-receive-money/send-money (last visited Nov. 7,
2024). See also PayPal Holdings, Inc. Form 10-K (Feb. 2, 2024) (PayPal 2023 10-K) at 8 (“Our Venmo
digital wallet in the U.S. is a leading mobile application used to move money between our customers and
to make purchases at select merchants.”),
https://www.sec.gov/Archives/edgar/data/1633917/000163391724000024/pypl-20231231.htm.
In addition, the most recent Federal Government diary and survey on consumer payment
choice results continue to illustrate how mobile app/online payment accounts generally are
understood as supporting both “purchases and person-to-person payments[.]”185 That project
groups together nonbank payment apps such as PayPal, Venmo, Apple Pay, Google Pay, Cash
App, and Samsung Pay under the common heading “online payment accounts.”186 Other
surveys, market research, and even a foreign regulator similarly refer collectively to both uses—
payments to other consumers and payments for purchases.187

Berhan Bayeh, Emily Cubides & Shaun O’Brien, Fed. Rsv. Fin. Svcs. FedCash Services, 2024
Findings from the Diary of Consumer Payment Choice (May 2024) (2024 Diary Findings) at 5-6 (Figure
3 grouping together “purchases and P2P payments” and describing growth in proportion made “online or
remotely” versus “in-person”),
https://www.frbservices.org/binaries/content/assets/crsocms/news/research/2024-diary-of-consumerpayment-choice.pdf (last visited Nov. 7, 2024). The Proposed Rule noted how the Federal Government
publishes the results of an annual diary and survey on consumer payment choice. 88 FR 80197 at 80200
n.25 (citing report on 2022 diary and survey by Federal Reserve System staff).
2023 Survey and Diary of Consumer Payment Choice Tables (table 1 reporting survey results
indicating that 71.8 percent of U.S. consumers adopted online payment accounts as of 2023),
https://www.atlantafed.org/-/media/documents/banking/consumer-payments/survey-diary-consumerpayment-choice/2023/tables_dcpc2023.pdf (last visited Nov. 7, 2024). That survey also reported that
“[s]even in 10 consumers made at least one payment using a phone or tablet in the 12 months ending
October 2023.” Kevin Foster, Claire Greene & Joanna Stavins, Fed. Rsv. Bk. of Atlanta Research Data
Report No. 24-1, 2023 Survey and Diary of Consumer Payment Choice: Summary Results (June 3, 2024)
at 16-17 (“On average, 13 mobile payments per consumer were reported” for October 2023, of which “10
were for purchases, two for bills, and one to pay another person”), https://www.atlantafed.org//media/documents/banking/consumer-payments/survey-diary-consumer-paymentchoice/2023/sdcpc_2023_report.pdf (last visited Nov. 7, 2024).
See, e.g., Claire Greene, Fumiko Hayashi, Alicia Lloro, Oz Shy, Joanna Stavins & Ying Lei Toh,
Defining Households That Are Underserved in Digital Payment Services, Fed. Rsv. Bk. of Atlanta
Research Data Report No. 24-3 (Sept. 9, 2024), sec. 3.1 (describing a “(sub)component of financial
inclusion relating to digital payments (a subset of payments), which we term digital payments inclusion.
Digital payments are payments made through a digital device or channel, such as electronic fund transfer
(for example, automated clearing house [ACH] and instant payments); debit, prepaid, or credit card;
closed-loop online payment services offered by online payment service providers (for example, PayPal
and Cash App); and cryptocurrency transfer.”), table 1 (describing examples of digital payments with
wide acceptance by merchants, billers, and individuals), https://www.atlantafed.org//media/documents/banking/consumer-payments/research-data-reports/2024/10/10/03--defininghouseholds-that-are-underserved-in-digital-payment-services.pdf (last visited Nov. 7, 2024); Pengfei Han
& Zhu Wang, Technology Adoption and Leapfrogging: Racing for Mobile Payments, Fed. Rsv. Bk. of
Richmond Working Paper No. 21-05R (Mar. 2021 rev. May 1, 2024) (Racing for Mobile Payments) at 6
(“Following Crowe et al. (2010), we define a mobile payment to be a money payment made for a product
or service through a mobile phone, regardless of whether the phone actually accesses the mobile network
to make the payment. Mobile payment technology can also be used to send money from person to
person.”), https://www.richmondfed.org//media/RichmondFedOrg/publications/research/working_papers/2021/wp21-05r.pdf (last visited Nov. 7,
2024); U.S. Dept. of Treasury, Assessing the Impact of New Entrant Non-bank Firms on Competition in
In addition, commenters claiming that the rule encompassed multiple markets rather than
a single market did not provide evidence regarding consumer understanding to support their
claims. By contrast, through its experience and expertise developed through its market
monitoring and other activities, the CFPB has seen that several well-known general-use digital
consumer payment applications engage in many of the activities industry commenters
characterized as distinct markets. For example, when consumers open what some describe as a
peer-to-peer payment app, now they often may access a screen to send money to other persons
they identify, whether consumers or businesses.188 In addition, market participants often design
their general-use digital consumer payment application so that a single screen can display all

Consumer Finance Markets (Nov. 2022) at 13 (“New entrant non-bank firms offer digital applications to
make payments online and through mobile devices that have expanded accessibility for consumers.
These payments firms generally provide a front-end digital user interface for consumers to make
payments to other parties (other consumers or, increasingly, businesses) on the same platform.”),
https://home.treasury.gov/system/files/136/Assessing-the-Impact-of-New-Entrant-Nonbank-Firms.pdf
(last visited Nov. 7, 2024); Pew Research Center, Who Uses Mobile Payments? (May 26, 2016) at 1
(defining “[m]obile payment users” as “consumers who have made an online or point-of-sale purchase,
paid a bill, or sent or received money using a Web browser, text message, or app on a smartphone”),
https://www.pewtrusts.org/-/media/assets/2016/05/who_uses_mobile_payments.pdf (last visited Nov. 7,
2024); Pew Research Center, Are Americans Embracing Mobile Payments? (Oct. 3, 2019) at 3 (defining
“mobile payment” and “mobile payment apps” in similarly broad manner), https://www.pewtrusts.org//media/assets/2019/10/mobilepayments_brief_final.pdf (last visited Nov. 7, 2024); U.K. Payment
Systems Regulator & Financial Conduct Authority, Call for Information: Big tech and digital wallets,
Doc. CP24/9 (July 2024), sec. 2.1-2.3 (“Digital wallets can be defined as apps, software or online services
that allow consumers to make payments, quickly and conveniently, using mobile phones or other
electronic devices . . . . Some digital wallets facilitate retail transactions, others allow peer-to-peer
payments, and others do both . . . . Digital wallets can be either ‘staged’ [by holding funds] or ‘passthrough’ [because they do not hold funds themselves but instead allow users to make payments from a
payment card] . . . . While the features and functionality of digital wallets vary, in general terms, they
offer consumers a quick and convenient way to make payments.”),
https://psr.org.uk/media/yqinyhhn/cp24-9-cfi-digital-wallets-july-2024-v2.pdf (last visited Nov. 7, 2024).
See, e.g., Venmo, Show some local love: Pay businesses – like your favorite neighborhood spots – the
same easy way you pay friends on Venmo (describing how consumer can use a merchant’s Venmo QR
code to identify the merchant as a payment recipient), https://venmo.com/pay/businesses/ (last visited
Nov. 7, 2024); Venmo, Adding & Removing Friends (describing how consumers can use QR codes from
other consumers to identify them as recipients), https://help.venmo.com/hc/en-us/articles/217532217Adding-Removing-Friends (last visited Nov. 7, 2024); Block Investor Day 2022, Cash App at 8 (stating
that Cash App “started with peer-to-peer payments”) & at 71 (showing screenshot of how a consumer can
add a business account to receive payments),
https://s29.q4cdn.com/628966176/files/doc_presentations/2022/05/Cash-App-Block-Investor-Day2022.pdf (last visited Nov. 7, 2024). Other payment apps also bundle money transfers to individual
consumers and bill pay functionalities. See, e.g., Western Union, Send and Track Money Online (U.S.
consumer home page describing how a consumer can use the Western Union app to “[s]end money, pay
bills, check exchange rates, or start a transfer in the app and pay in-store-all on the go.”),
https://www.westernunion.com/us/en/home.html (last visited Nov. 7, 2024).
available methods for making a given payment, including prepaid accounts, debit cards linked to
deposit accounts, and credit cards, whether issued by the digital application provider or by thirdparty financial institutions.189 The CFPB therefore declines to differentiate the market in ways
suggested by industry commenters that do not align with the more seamless, undifferentiated
common user experience that well-known market participants themselves create for consumers.
Even when firms choose to discontinue offering payments to other consumers,190 or have
not yet enabled that capability in the United States,191 their general-use digital payment
applications still comprise part of the overall market described in the Final Rule, which includes
but is not limited to digitally facilitating consumer payment transactions for purchases.
Final Rule
For the reasons described in this Final Rule, including the CFPB’s consideration of and
responses to the comments on the Proposed Rule, the CFPB concludes that the set of activities
covered by the market definition in the Final Rule, all of which digitally facilitate consumer
payment transactions to multiple unaffiliated persons, regardless of the payment method, source,
or account used to fund the payment, reasonably describes a market for purposes of CFPA
section 1024(a)(1)(B). In addition, the Final Rule makes several revisions to market-related
definitions as described in the section-by-section analysis of § 1090.109(a)(2) below. Because

See, e.g., Apple, Wallet Carry one thing. Everything (consumer-facing website showing screenshot of
Apple Wallet displaying payment methods including a Discover credit card, an Apple Cash prepaid
account card, and an Apple MasterCard), https://www.apple.com/wallet/ (last visited Nov. 7, 2024);
PayPal, Add. Pay. Earn. Smile (consumer-facing website showing screenshot of PayPal payment method
screen where consumer can “[u]se your bank or cards to pay or send money”),
https://www.paypal.com/us/digital-wallet/ways-to-pay/add-payment-method (last visited Nov. 7, 2024).
See, e.g., Google, Simplifying our payment apps in the U.S. (Feb. 22, 2024) (announcing that effective
June 4, 2024, the U.S. version of the Goole Pay app will no longer be available to send money to other
consumers but that consumers can continue to use Google Pay to check out online and to tap-to-pay in
stores), https://blog.google/products/google-pay/payment-apps-update/?sjid=232731559998132243-NA
(last visited Nov. 7, 2024).
See Amazon, Unified Payment Interface (UPI) FAQs (describing how consumers in India can use the
Amazon Pay Unified Payment Interface to send money to other consumers),
https://www.amazon.in/gp/help/customer/display.html?nodeId=202212990 (last visited Nov. 7, 2024).
the market definition incorporates those defined terms, those revisions also affect the scope of
the market the Final Rule defines.
109(a)(2) Market-related definitions
Proposed § 1090.109(a)(2) would have defined several terms that are relevant to the
proposed market definition described above. Below the CPFB summarizes and responds to
comments on each proposed definition and describes changes to these definitions in the Final
Rule, which also numbers each definition for clarity.
Consumer payment transaction(s)
Proposed Rule
The proposed market definition would have encompassed providing covered payment
functionalities through a digital application for a consumer’s general use in making consumer
payment transactions. Proposed § 1090.109(a)(2) would have defined the term “consumer
payment transactions” to mean the transfer of funds by or on behalf of a consumer physically
located in a State to another person primarily for personal, family, or household purposes.192 The
proposed definition would have clarified that, except for transactions excluded under paragraphs
(A) through (D), the term applies to transfers of consumer funds and transfers made by extending
consumer credit. Paragraphs (A) through (D) of the proposed definition would have excluded
the following four types of transactions: (A) An international money transfer as defined in
§ 1090.107(a) of this part; (B) A transfer of funds that is (1) linked to the consumer’s receipt of a
different form of funds, such as a transaction for foreign exchange as defined in
12 U.S.C. 5481(16), or (2) that is excluded from the definition of “electronic fund transfer”
under § 1005.3(c)(4) of this chapter; (C) A payment transaction conducted by a person for the

The Proposed Rule would have defined the term “consumer payment transaction” for purposes of the
Proposed Rule. Payment transactions that are excluded from, or otherwise do not meet, the definition of
“consumer payment transaction” in the Proposed Rule would not have been covered by the market
definition in the Proposed Rule. However, persons facilitating those transactions may still have been
subject to other aspects of the CFPB’s authorities besides its larger participant supervisory authority
established by the Proposed Rule.
sale or lease of goods or services that a consumer selected from an online or physical store or
marketplace operated prominently in the name or such person or its affiliated company; and (D)
An extension of consumer credit that is made using a digital application provided by the person
who is extending the credit or that person’s affiliated company.193
The first component of the proposed definition of “consumer payment transaction” was
that the payment transaction must result in a transfer of funds by or on behalf of the consumer.
This component therefore would have focused on the sending of a payment, and not on the
receipt. The proposed definition would have encompassed a consumer’s transfer of their own
funds – such as funds held in a linked deposit account or in a stored value account. It also would
have encompassed a creditor’s transfer of funds to another person on behalf of the consumer as
part of a consumer credit transaction.194 For example, a nonbank’s wallet functionality may hold
a credit card account or payment credential that a consumer uses to obtain an extension of credit
from an unaffiliated depository institution. If the consumer uses the digital wallet functionality
to purchase nonfinancial goods or services using such a credit card, the credit card issuing bank
may settle the transaction by transferring funds to the merchant’s bank for further transfer to the
merchant, and a charge may appear on the consumer’s credit card account. That transfer of
funds may have constituted part of a consumer payment transaction under the Proposed Rule
regardless of whether it is an electronic fund transfer subject to Regulation E.195
The CFPA did not include a specific definition for the term “funds” used in the Proposed
Rule. As the Proposed Rule explained, that term is used in various provisions of the CFPA,
including in section 1002(15)(A)(iv), which defines the term “financial product or service” to

Subpart A of the CFPB’s existing larger-participant rule includes a definition of “affiliated company”
that would have applied to the use of that term in the Proposed Rule. See 12 CFR 1090.101.
In certain circumstances, consumer credit transactions would have been excluded from the proposed
definition of “consumer payment transaction,” for example as described in the exclusion in proposed
paragraph (D) discussed below.
See also generally § 1005.12(a) (describing relationship between Regulation E and other laws
including the Truth in Lending Act and its implementing regulation, Regulation Z).
include “engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise
acting as a custodian of funds or any financial instrument for use by or on behalf of a
consumer.”196 Without fully addressing the scope of that term, the Proposed Rule interpreted the
term “funds” in the CFPA to not be limited to fiat currency or legal tender, and to include digital
assets that have monetary value and are readily useable for financial purposes, including as a
medium of exchange, such as crypto-assets, which are sometimes referred to as virtual
currency.197
The second component of the proposed definition of “consumer payment transaction”
was that the consumer must be physically located in a State, a term the proposal would have
defined by reference to jurisdictions that are part of the United States as discussed in the sectionby-section analysis below. The CFPB requested comment on this limitation.
The third component of the proposed definition of “consumer payment transaction” was
that the funds transfer must be made to another person besides the consumer. For example, the
other person could be another consumer, a business, or some other type of entity. This
component would have distinguished the proposed market for general-use digital payment
applications that facilitate payments consumers make to other persons from adjacent but distinct
markets that include other consumer financial products and services, including the activities of
taking deposits; selling, providing, or issuing of stored value; and extending consumer credit by
transferring funds directly to the consumer. For example, this component of the proposed
definition would have excluded transfers between a consumer’s own deposit accounts, transfers
between a consumer deposit account and the same consumer’s stored value account held at
12 U.S.C. 5481(15)(A)(iv).

See generally U.S. Treas. Fin. Stability Oversight Council, Report on Digital Asset Financial Stability
Risks and Regulation (Oct. 3, 2022) at 7 (“For this report, the term ‘digital assets’ refers to two categories
of products: ‘central bank digital currencies’ (CBDCs) and ‘crypto-assets.’ This report largely focuses on
crypto-assets. Crypto-assets are a private sector digital asset that depends primarily on cryptography and
distributed ledger or similar technology. For this report, the term crypto-assets encompasses many assets
commonly referred to as ‘coins’ or ‘tokens’ by market participants.”),
https://home.treasury.gov/system/files/261/FSOC-Digital-Assets-Report-2022.pdf (last visited Oct. 23,
2023).
another financial institution, such as loading or redemptions, as well as a consumer’s
withdrawals from their own deposit account such as by an automated teller machine (ATM).
The fourth component of the proposed definition of “consumer payment transaction” is
that the funds transfer must be primarily for personal, family, or household purposes.198 As a
result, the Proposed Rule would have defined the relevant market activity (providing a generaluse digital consumer payments application) by reference to its use with respect to consumer
payment transactions. Although a general-use digital consumer payment application also could
help individuals to make payments that are not for personal, family, or household purposes, such
as purely commercial (or business-to-business) payments, those payments would not have fallen
within the proposed definition of “consumer payment transaction.”
In addition, the proposed definition of “consumer payment transaction” would have
excluded four types of transfers. First, paragraph (A) of the proposed definition would have
excluded international money transfers as defined in § 1090.107(a). The CFPB defined larger
participants in a market for international money transfers in its 2014 rule.199 In proposing this
larger participant rule, the CFPB did not propose to alter the international money transfer larger
participant rule. Rather, the CFPB proposed this larger participant rule to define a separate
market, focused on the use of digital payment technologies to help consumers make payment
transactions that are not international money transfers as defined in the international money
transfer larger participant rule. Accordingly, the proposed definition of “consumer payment
transaction” would have excluded an international money transfer as defined in § 1090.107(a).
As the Proposed Rule explained, to the extent that nonbank international money transfer

Under a relevant definition of consumer financial products and services in CFPA section 1002(5)(A), a
financial product or service is a consumer financial product or service when it is offered or provided for
use by consumers primarily for personal, family, or household purposes. 12 U.S.C. 5481(5)(A).
199

79 FR 56631.

providers facilitate those transactions, whether through a digital application or otherwise,200 that
activity remains part of the international money transfer market, and the CFPB may be able to
supervise such a nonbank if it meets the larger-participant test in the international money transfer
larger participant rule.
Second, for clarity, paragraph (B) of the proposed definition of “consumer payment
transaction” would have excluded a transfer of funds by a consumer (1) that is linked to the
consumer’s receipt of a different form of funds, such as a transaction for foreign exchange as
defined in 12 U.S.C. 5481(16), or (2) that is excluded from the definition of “electronic fund
transfer” under § 1005.3(c)(4) of this chapter. Paragraph (1) of this proposed exclusion would
have clarified, for example, that the market as defined in the Proposed Rule does not include
transactions consumers conduct for the purpose of exchanging one type of funds for another,
such as exchanges of fiat currencies (i.e., the exchange of currency issued by the United States or
of a foreign government for the currency of a different government). Paragraph (2) would have
clarified that transfers of funds the primary purpose of which is the purchase or sale of a security
or commodity in circumstances described in Regulation E section 3(c)(4) and its associated
commentary also would not have qualified as consumer payment transactions for purposes of the
Proposed Rule.201
Third, proposed paragraph (C) would have excluded a payment transaction conducted by
a person for the sale or lease of goods or services that a consumer selected from an online or
physical store or marketplace operated prominently in the name of such person or its affiliated
company.202 This exclusion would have clarified that, when a consumer selects goods or
services in a store or website operated in the merchant’s name and the consumer pays using

See CFPB, Remittance Rule Assessment Report (Oct. 2018, rv. April 2019) at 143 (describing trends
including “widespread use of mobile phones to transfer remittances and the growth of online-only
providers[]”), https://files.consumerfinance.gov/f/documents/bcfp_remittance-rule-assessment_report.pdf
(last visited Oct. 25, 2023).
201

12 CFR 1005.3(c)(4).

See 12 CFR 1090.101 (definition of “affiliated company”).

account or payment credentials stored by the merchant who conducts the payment transaction,
such a transfer of funds generally is not a consumer payment transaction included within the
market defined by the Proposed Rule.
This exclusion also would have clarified that when a consumer selects goods or services
in an online marketplace and pays using account or payment credentials stored by the online
marketplace operator or its affiliated company,203 such a transfer of funds generally is not a
consumer payment transaction included within the market defined by the Proposed Rule. For
such transactions to qualify for this exclusion, the funds transfer must have been for the sale or
lease of a good or service the consumer selected from a digital platform operated prominently in
the name (whether entity or trade name) of an online marketplace operator or their affiliated
company.204 However, this proposed exclusion would not have applied when a consumer uses a
payment or account credential stored by a general-use digital consumer payment application
provided by an unaffiliated person to pay for goods or services on the merchant’s website or an
online marketplace. For example, when a consumer selects goods or services for purchase or
lease on a website of a merchant, and then from within that website chooses an unaffiliated
person’s general-use digital consumer payment application as a payment method, then proposed
paragraph (C) would not have excluded the resulting consumer payment transaction.
The Proposed Rule explained that the CFPB proposed this exclusion to the definition of
“consumer payment transaction” to clarify the scope of the proposed market and to clarify which
transactions count toward the proposed threshold in the larger-participant test in

The Proposed Rule noted that a common industry definition of an online marketplace operator is an
entity that engages in certain activities, including “[b]ring[ing] together [consumer payment card holders]
and retailers on an electronic commerce website or mobile application” where “[i]ts name or brand is:
[]Displayed prominently on the website or mobile application[; ] Displayed more prominently than the
name and brands of retailers using the Marketplace[; and is p]art of the mobile application name or
[uniform resource locator.]” 88 FR 80197 at 80203 n.59 (citing VISA, Visa Core Rules and Visa Product
and Service Rules (Apr. 15, 2023) (“VISA Rules”), Rule 5.3.4.1 (defining the criteria for an entity to
qualify as a “Marketplace” for purposes of the VISA Rules), Oct. 2024 edition last updated Apr. 2023,
https://usa.visa.com/dam/VCOM/download/about-visa/visa-rules-public.pdf (last visited Nov. 7, 2024)).
The Proposed Rule noted that this aspect of the example is consistent with what some significant
payments industry standards consider to be a digital marketplace. See id.
proposed § 1090.109(b). For example, some online marketplace operators may provide generaluse digital consumer payment applications for consumers to use for the purchase or lease of
goods or services the consumer selects on websites of unaffiliated merchants. Absent the
proposed exclusion in paragraph (C), the providing of such a general-use digital consumer
payment application could result in counting all transactions through such an application,
including for goods and services the consumer selects from the online marketplace, toward the
larger-participant test threshold in proposed § 1090.109(b). Yet the Proposed Rule noted that the
CFPB was not seeking to define a market or determine larger-participant status in this
rulemaking by reference to payment transactions conducted by merchants or online marketplaces
through their own payment functionalities for their own sales transactions. The CFPB therefore
believed it was appropriate to propose excluding the former type of payment transactions from
the market defined in the Proposed Rule.
The Proposed Rule explained how, in this regard, the scope of the proposed term
“consumer payment transaction” is narrower than the CFPB’s authority under the CFPA, which
can extend to payment transactions conducted by merchants or online marketplaces for sales
through their own platforms under certain circumstances. The CFPA defines a consumer
financial product or service to include “providing payments or other financial data processing
products or services to a consumer by any technological means, including processing or storing
financial or banking data for any payment instrument . . .”205 The Proposed Rule explained that
such activities generally are consumer financial products or services under the CFPA unless a
narrow exclusion for financial data processing in the context of the direct sale of nonfinancial
goods or services applies.206 The Proposed Rule explained that exclusion would not apply if a

12 U.S.C. 5481(15)(A)(vii).

“[A] person shall not be deemed to be a covered person with respect to financial data processing solely
because the person . . . is a merchant, retailer, or seller of any nonfinancial good or service who engages
in financial data processing by transmitting or storing payments data about a consumer exclusively for
purpose of initiating payments instructions by the consumer to pay such person for the purchase of, or to
complete a commercial transaction for, such nonfinancial good or service sold directly by such person to
merchant or online marketplace’s digital consumer application stores, transmits, or otherwise
processes payments or financial data for any purpose other than initiating a payments transaction
by the consumer to pay the merchant or online marketplace operator for the purchase of a
nonfinancial good or service sold directly by that merchant or online marketplace operator.
Other purposes beyond payments for direct sales could include using or sharing such data for
targeted marketing, data monetization, or research purposes. The Proposed Rule explained that
the exclusion also would not apply if an online marketplace operator’s digital consumer
application processes payments or other financial data associated with the consumer’s purchase
of goods or services at unaffiliated online or physical stores or third-party goods or services on
the operator’s online marketplace.
Finally, proposed paragraph (D) would have excluded an extension of consumer credit
that is made using a digital application provided by the person who is extending the credit or that
person’s affiliated company. As the Proposed Rule explained, the CFPB proposed this exclusion
so that the market definition does not encompass consumer lending activities by lenders through
their own digital applications. In this rulemaking, the CFPB did not propose to define a market
for extending consumer credit, as it did, for example, in the larger participant rule for the
automobile financing market.207 As a result of this proposed exclusion, for example, a nonbank
would not have been participating in the proposed market simply by providing a digital
application through which it lends money to consumers to buy goods or services.208

the consumer[.]” 12 U.S.C. 5481(15)(A)(vii)(I). The Proposed Rule stated that this narrow exclusion is
descriptive of the limited role that many merchants play in processing consumer payments or financial
data. 88 FR 80197 at 80204 n.62.
12 CFR 1090.108.

Thus, to the extent consumer credit transactions would have fallen within the proposed definition of
consumer payment transactions, this would have been because the relevant market participant engaged in
covered payment-related activities beyond extending credit to the consumer. For example, a nonbank
may provide a wallet functionality through a digital application that stores payment credentials for a
credit card through which an unaffiliated depository institution or credit union extends consumer credit.
The CFPB proposed a market definition that would have reached that nonbank covered person’s activities
because their role in the transaction is to help the consumer to make a payment, not to themselves extend
credit to the consumer.
Comments Received
Some commenters addressed certain terms in the proposed definition of “consumer
payment transaction” including, in relation to its reference to the “transfer of funds,” how the
Proposed Rule stated that the CFPB interprets “funds” to include digital assets in certain
circumstances, as described above. A few commenters also commented on how the Proposed
Rule sought to define covered transactions based on the location of the consumer in a State.
Finally, some commenters addressed certain proposed exclusions from the definition, including
specifically paragraphs (C) and (D).
Many of the comments on the proposed definition of “consumer payment transaction”
related to the proposed inclusion of certain transfers of digital assets in this definition, when they
transfer “funds” under the CFPA. Several consumer groups and a nonprofit expressed general
support for including digital assets within the market definition. The nonprofit stated that the
firms providing cryptocurrency products and services have been marked by a wide assortment of
investor and consumer abuses. Consumer groups agreed, noting that reports coming out of the
late 2022 downturn in the sector illustrated that that consumers would benefit from broader
oversight, including CFPB supervision of digital assets activities involved in consumer payment
transactions. They stated that such oversight could address risks consumers have faced, such as
improper restrictions that distressed digital asset platforms have placed on consumers’ access to
hosted digital asset wallets. The consumer groups also stated that consumers increasingly are
relying on cryptocurrencies for consumer payment transactions, as industry emphasizes a longterm strategy of promoting such activity. They cited examples of a long-time, well-known
market participant introducing a stablecoin expressly to facilitate consumer purchases, and
another digital asset firm contracting with merchants for acceptance of crypto assets the firm
holds for consumers. A banking industry association also supported the coverage of virtual
currency and crypto assets, which it stated consumers use for personal, family, and household
purposes, and should be regulated on par with fiat currency consistent with the “same activity,

same risk, same regulation” principle. An individual commenter agreed that crypto asset users
face significant risks, and called for the Final Rule to clarify how it applies to digital assets.
On the other hand, for several reasons described below, several nonprofits, providers of
digital asset products and services, and digital asset industry associations, banking industry
associations, and other industry associations opposed inclusion of digital assets in the market
definition. They called for exclusion of these transactions from the rule and, if warranted, a reproposal based on addressing the various issues they described; a payment network and nonprofit
added that, to facilitate regulatory certainty and transparency and avoid unintended
consequences, the Final Rule should only apply to fiat currency and legal tender. They stated
that the rule should accomplish that goal by limiting the interpretation of “funds.”209
First, some industry commenters stated that the CFPB should not adopt this aspect of the
Proposed Rule because, in their view, the CFPB has not conducted adequate market monitoring
of digital assets activities and does not in general have data, experience, or expertise in this area
sufficient to assess risk to consumers and finalize a regulation covering them. One industry
commenter added that the CFPB would have benefited from issuing market-monitoring orders to
larger digital asset firms as the CFPB had done to Big Tech firms offering consumer payment
applications that transfer U.S. dollars. One commenter stated that the Proposed Rule did not rely
on public blockchain data from industry sources such as Elliptic, Chain Analysis, and TRM, as
well as trends data published by Circle, and insufficiently disclosed any data on which it did rely.
Second, several comments from industry, nonprofits, and some Members of Congress
stated that the Proposed Rule did not consider the impact of covering digital assets. For
example, some industry commenters stated that the Proposed Rule underestimated the number of
larger participants, citing uncertainty over the rule’s application to digital assets and ineligibility

As discussed at the outset of the section-by-section analysis above, an industry association commenter
also stated that if the CFPB excludes digital assets from the Final Rule, then the CFPB precludes its
examination of that activity by larger participants under the Final Rule. The CFPB summarizes and
responds to that comment separately above.
for the proposed small business exclusion by small businesses in the digital assets sector that are
based abroad, organized as nonprofits, or dominant in their field. Further, some industry
associations, digital assets firms, and a nonprofit stated that it was uncertain which digital assets
transactions would be covered because it is uncertain which are for personal, family, or
household purposes. In addition, some commenters suggested that the Proposed Rule would
impose significant burdens on the digital asset sector, whether due to the proposed interpretation
of “funds” in the CFPA as including digital assets which they viewed as a change in substantive
consumer protections, or to what they anticipated would be exposure to potentially arbitrary and
shifting CFPB interpretations as to whether Regulation E covers digital assets.210 Finally, an
industry firm stated that the Proposed Rule did not adequately consider the potential for digital
asset firms to pass through costs of this rule to consumers. Some Members of Congress and an
industry association added that covering digital assets would discourage competition and
innovation in payments.
In addition, many of these commenters emphasized potential impacts of what they
described as the proposal’s apparent coverage of so-called “unhosted” or “self-hosted” digital
asset wallets. They stated that providers of these products and services must be excluded from
the rule because they are merely providing software with no ongoing customer relationship or
intermediary role, no access to information about the existence, nature, or use of any digital asset
held in the wallet, and no control over the use of the wallet for any purpose including to make
payments.211 They added that unhosted digital asset wallets cannot block transactions, reverse

One industry association stated that the Final Rule should clarify that it does not serve as a basis for
subjecting virtual currencies or other digital assets to Regulation E. Another trade association called for
the CFPB to consult with stakeholders in industry, other agencies, and Congress to understand the
potential implications of applying Regulation E in this context.
One commenter stated that an exclusion for what it called “unhosted” digital asset wallets would be
consistent with FinCEN 2019 guidance that they described as excluding software providers of unhosted
digital asset wallets from the scope of Federal money transmitter regulation. Another commenter stated
that the First Amendment of the U.S. Constitution protects software code writing as speech, and that the
proposed small business concern exclusion discriminated between speakers based on the size of their
business, constituting speaker and viewpoint discrimination that it did not believe would survive strict
constitutional scrutiny.
transactions to correct unauthorized transfers, close accounts, or track or monetize consumer
data. As such, they stated that they also do not know whether the wallet holds funds at all (even
under the CFPB’s interpretation) versus other uses of distributed ledger technology including an
estimated 1.8 million types of crypto assets, nonfungible tokens (NFTs), and loyalty points
among others. They stated they do not know where the consumer is located for the purposes of
the proposed definition of “consumer payment transaction.” They also stated they do not know
when a transaction occurs at all much less whether it is a consumer payment transaction. They
stated that the lack of provider collection of such data is a critical feature of their product from
the perspective of the consumer, and that this feature reduces risk to consumers.
Third, some commenters raised legal objections to including digital assets in the
rulemaking or certain digital asset products and services. For example, some industry
commenters disagreed generally with the proposal’s interpretation of “funds” as including digital
assets. These commenters stated that the CFPB did not provide sufficient reasoning or evidence
to support what they viewed as a change in its legal position, that the interpretation ran contrary
to the statute, Congress’ understanding at the time of its enactment,212 relevant case law, and the
“major questions” doctrine,213 that digital asset products and services are not part of a consumer
financial products or services market because they are not provided for use by consumers
primarily for personal, family, or household purposes, and that the CFPA precludes CFPB
oversight over such activities overseen by the SEC or CFTC.214 Some commenters stated more
specifically that the CFPB lacks authority over unhosted digital asset wallets because, for

Some commenters noted that very few cryptocurrencies existed as of 2010, and noted that stablecoins
were not introduced until several years later.
These commenters pointed to the size of digital asset activity, including an estimated $130 billion U.S.
stablecoin market, as well as varied uses of digital assets and efforts in Congress to enact a legislative
oversight framework.
In addition, a nonprofit commenter and other industry commenters stated that the CFPB should not
finalize this aspect of the Proposed Rule because, in their view, it reflects inadequate coordination by the
CFPB across government as called for under an executive order relating to digital assets and reflects
inadequate CFPB consultation with the SEC and CFTC, which have asserted regulatory authority over
digital assets.
example, they function similarly to a web browser or password manager with a variety of uses
beyond payments,215 they have no more power to intervene in a consumer payment transaction
than an internet service provider, and these activities are eligible for the “electronic conduit
services” exception in CFPA section 1002(15)(C)(ii).
With respect to other aspects of the proposed definition of “consumer payment
transaction” beyond the context of digital assets, two commenters addressed the part of the
proposed definition of “consumer payment transaction” that limited the term to payments by or
on behalf of a consumer “located in a State” in the United States as described above. A
nonprofit stated that a survey indicated that the majority of its members (59 percent) did not
believe that larger participants would be able to determine whether the consumer is located
within a State, such as based on the consumer’s Internet Protocol address at the time of a
transaction. An industry association stated that this part of the proposed definition was
overbroad because it extended beyond Federal consumer financial laws that the Proposed Rule
identified as applicable in the market. Specifically, the commenter stated that basing market
scope on the location of the consumer leads the market to include electronic fund transfers that
are not covered by Regulation E, such as payments that foreign firms facilitate for foreign
nationals who do not reside in the United States, including while traveling within the United
States.216 They suggested that, in order to avoid being subject to a U.S. supervisory regime,
foreign providers may abandon support of such foreign national customers when traveling in the
United States. They also pointed to foreign providers’ provision of payment accounts located
outside the United States as another example that they believed generally falls outside of
Regulation E. As a result, they called for narrowing the transactions included in the market. In

This commenter added that, although the Proposed Rule did not specifically address covering unhosted
digital asset wallets and thus such coverage may not have been intended, based on the interpretation of
“funds” in the Proposed Rule, its proposed definition of “covered payment functionality” could be viewed
as reaching them, which, as noted, would be legally impermissible in its view.
216

They also suggested that Regulation P may not apply to those transactions.

addition to the proposed limitation requiring that the consumer be located in a State in the United
States, in their view, the definition of “consumer payment transaction” also should be limited to
U.S. residents making payments from payment cards or stored value accounts issued by U.S.
financial institutions. In their view, those additional limitations would better align the scope of
the market with the scope of regulations the CFPB proposes to apply in its examination of larger
participants, including Regulation E, whose scope with respect to transnational activity is
described in its comment 3(a)-3.
Commenters presented a range of views on the exclusion in paragraph (C) of the
proposed definition of “consumer payment transaction” for payment transactions conducted by
merchants or marketplaces for the sale or lease of goods or services the consumer selected from a
store or marketplace the merchant or marketplace operates prominently in its name or the name
of an affiliated company. Some commenters also addressed the statement in the Proposed Rule
describing circumstances in which merchant or marketplace payment processing activities that
fall outside the proposed market definition because they are excluded by paragraph (C)
nonetheless may qualify as a consumer financial product or service under the CFPA.
Consumer group commenters generally opposed the proposed exclusion in paragraph (C).
One consumer group noted stated that certain nonbank payments companies sell consumers’
payments data, including information about how much people spend, where, and on what, as
described in a 2023 report the commenter published and linked to in its comment.217 In their
view, to the extent a marketplace collects payments data and uses it for purposes beyond
completing the payment transaction, the marketplace should be brought under supervisory
authority, including when “its transactions fall within its own marketplace[.]” Meanwhile, other
consumer groups stated that marketplace payment functions can comprise a significant portion of

R.J. Cross, How Mastercard sells its ‘gold mine’ of transaction data (Sept. 30, 2023, updated
June 17, 2024), https://pirg.org/edfund/resources/how-mastercard-sells-data (last visited Nov. 7, 2024).
the marketplace’s revenues, can expand into or spin off as general-use digital consumer payment
apps, and also can engage in practices that the FTC has alleged to violate competition laws.
A law firm commenter agreed that the rule should exclude payment transactions
conducted by online marketplaces for sales through their own platforms. This commenter stated
that consumers seek out online marketplace platforms for their ability to sell goods and services
including primarily from third-party retailers hosted on the marketplace. It called for clarifying
the definition of marketplace in proposed paragraph (C) to better achieve the CFPB’s stated goal
of excluding payment transactions conducted by merchants for their own sales and payment
transactions conducted by online marketplaces for sales made through their platform. As noted,
the scope of the exclusion in proposed paragraph (C) would apply to marketplaces operated
prominently in the name of the person that conducts the payment transaction. This commenter
described this aspect of the exclusion as unduly focused on branding. It stated that different
online marketplace operators have different levels of branding and name display, suggesting
uncertainty about which marketplaces would have qualified under the “prominently” standard.
To the extent that a platform did not meet the “prominently” standard in the Proposed Rule, in
the view of this commenter, the exclusion would be arbitrary because a platform would be
ineligible despite being a marketplace as defined in a Federal law administered by the FTC,
despite consumers still plainly understanding it to be a marketplace, and despite the platform
presenting different consumer protection concerns as the Proposed Rule recognized was the case
for excluded marketplaces. For all of these reasons, it stated that the Final Rule should adopt the
definition of “online marketplace” Congress adopted in the Integrity, Notification, and Fairness
in Online Retail Marketplaces for Consumers Act (INFORM Act).218 That statute defined a
marketplace based on its function, and not its level of name branding. The commenter added

15 U.S.C. 45f(f)(4).

that, by incorporating the INFORM Act definition, the exclusion would apply both when the
marketplace is paid and when a third-party seller selling through the marketplace is paid.
Some industry commenters addressed whether the Rule should include consumer
payment transactions consumers initiate through “buttons” on merchant websites. One industry
association indicated that it was important for the rule to provide for universal coverage of digital
wallets, including those a consumer uses by pressing a payment button a checkout screen on a
merchant website. It suggested that broad coverage was important to achieve consistent
supervision across providers, which promotes competition. On the other hand, some industry
commenters called for adding an exclusion for what they described as express checkout options
that nonbanks facilitate for third-party merchant websites and apps, including “buy buttons.”219
One industry association called for the rule to clarify that payment checkout buttons are excluded
from the market because they do not function generally across merchants but instead require
individual merchant acceptance agreements.220 Another industry association cited research
indicating that many online merchants including small businesses facilitate consumers’
purchases by offering these buttons, and suggested that the Proposed Rule was unnecessarily
directing its coverage to merchant payment processing.221

A few industry commenters suggested that the integration of general-use digital consumer payment
applications into merchant websites through payment buttons does not pose any risk to consumers, and
that this type of activity should not be included in the market definition. The CFPB considers and
responds to comments related to risks to consumers separately in the response to general comments
above.
This commenter cited this fact as supporting its view that such checkout buttons do not have “general
use” – which the Final Rule discusses in the section-by-section analysis of that term further below. To
ensure full consideration of all related comments, the CFPB also describes that comment here in the
context of other comments regarding checkout buttons associated with general-use digital consumer
payment applications provided by nonbank covered persons.
As discussed in the impacts analysis in parts VII and VIII, a comment from certain Members of
Congress also stated that providers of general-use digital consumer payment apps could pass the cost of
the rule onto merchants, including small merchants, that accept the apps as a payment method. For the
reasons explained in the impacts analysis, the CFPB does not have information to indicate that larger
participants are likely to pass through a significant portion of these costs to merchants. As the impacts
analyses further explain, the costs of the Final Rule are not high and, even if they were passed through,
that would be spread across the very high number of merchants that accept one or more of these apps as a
method of payment.
Some industry and nonprofit commenters appeared to have interpreted the statement in
the preamble regarding the scope of the CFPB’s authority under CFPA section 1002(15)(A)(vii)
as potentially intended to narrow or alter the scope of the exclusion in paragraph (C). For
example, several Members of Congress, stated that the scope of the market definition was
ambiguous because, on the one hand, the Proposed Rule excluded merchant and marketplace
payment functions in circumstances described in paragraph (C), but on the other hand, the
preamble of the Proposed Rule stated that the statutory exclusion in CFPA
section 1002(15)(A)(vii)(I) does not apply to these functions when they use payments data for
purposes beyond processing a payments transaction. Similarly, an industry association
commenter suggested that, due to the proposal’s interpretation of 1002(15)(A)(vii)(I), the
Proposed Rule would apply to merchants processing payments on their own behalf because
retailers widely use financial data for purposes beyond processing transactions. Because it did
not understand the CFPB to be seeking to cover merchants’ payment processing in this rule, it
called for the CFPB to remove this interpretation from the Final Rule to ensure that its scope is
focused on the general-use digital consumer payment applications that create risks to consumers
that the CFPB has identified. Another industry association suggested that the interpretation
appeared designed to increase CFPB scrutiny of merchants through supervision. In their view, if
the CFPB exercises jurisdiction over merchants on the basis described in the interpretation
above, that could make it more difficult for merchants to combat fraud, cause merchants to raise
prices or reduce discounts, and cause merchants to decrease reliance on newer, competitive
forms of payment. Finally, a law firm also indicated it was unclear whether the interpretation of
the CFPA was intended to narrow the scope of paragraph (C).
In addition to expressing uncertainty regarding its impact on the scope of paragraph (C),
some industry commenters disagreed with the Proposed Rule’s interpretation of the CFPB’s
payments processing authority in CFPA section 1002(15)(A)(vii). In particular, they asserted
that the proposal’s interpretation of the exclusion in CFPA section 1002(15)(A)(vii)(I) was

invalid because it would have the result that many merchants would not satisfy the exclusion. In
addition to the comments described above, comments from two industry associations stated that
merchants use payments data for a variety of purposes that they described as beneficial to
consumers, such as research, fraud prevention, targeted marketing of discounts, and even routing
of transactions consistent with Federal Reserve Regulation II to reduce the cost of payment
acceptance. Because they viewed those uses as potentially for purposes other than initiating the
payment transaction, these commenters believed that merchants would almost never be eligible
for the exclusion in 1002(15)(A)(vii)(I) under the CFPB’s interpretation of it. One of these
commenters added that that result would contravene general intent of Congress to exclude
merchants from the CFPA, including pursuant to CFPA section 1027(a). Relatedly, they stated
that the proposed interpretation would harm consumers by disincentivizing merchants from
engaging in all of these uses of consumer payments data. On the other hand, a consumer group
supported the proposal’s interpretation of the exclusion in CFPA section 1002(15)(A)(vii)(I).
This commenter stated that digital wallets collect and monetize high amounts of consumer data,
including through transactions that occur on marketplaces, without oversight.
Some commenters addressed the inclusion of consumer credit transactions in the
proposed definition of “consumer payment transactions” in general, as well as the related
exclusion in paragraph (D) for extensions of credit made using a digital application provided by
the person extending credit or its affiliated company.
With respect to the inclusion of consumer credit transactions generally, several
commenters including an industry provider and two nonprofits generally recognized that passthrough payment wallets facilitate both debit card and credit card transactions (among other
types of transactions). However, a nonprofit commenter disagreed with the proposal’s inclusion
of a creditor’s transfer of funds in the definition of “consumer payment transaction.” In its view,
expanding the scope of CFPB supervisory authority beyond electronic funds transfers subject to
Regulation E could lead companies to invest less in tokenization and anti-fraud technologies and

could disincentivize allocation or use of credit for consumers who prefer general-use digital
consumer payment applications.
With respect to the proposed exclusion in paragraph (D), an industry association stated
that the Final Rule should clarify that this exclusion applies to nonbanks that partner with other
financial institutions to offer consumer credit products that fund consumer payment transactions.
The commenter stated that in these arrangements, the nonbank may provide a consumer-facing
digital application through which the consumer accesses an extension of credit made and issued
by a third-party financial institution. It stated that the third-party financial institution extends
credit by transferring funds directly to the consumer (which the commenter stated would not
qualify as a payment by the consumer to another person). Through its mobile application, the
nonbank then may facilitate the consumer’s use of those funds to make a payment.
A banking trade association and a payment network stated that it was uncertain whether
the proposed market included the extension of credit through what it referred to as buy-now-paylater (BNPL) applications. It stated that the rule should provide illustrative examples of covered
consumer credit products and clarify whether BNPL applications are eligible for the proposed
exclusion in paragraph (D) in light of uncertainty as to whether BNPL providers are extending
credit. They also stated that it was unclear why the CFPB would exclude BNPL applications,
since they function similarly to other activities described in the Proposed Rule and also have
grown rapidly as a means for consumers to pay for the purchase of goods and services. They
stated that the CFPB should include participants in what they referred to as the BNPL market
within the scope of this rule, or in a separate larger participant rulemaking.
Finally, several consumer groups called for the rule to clarify whether proposed
paragraph (D) applies to funds transfers by earned wage advance products and services, given
that some nonbanks that provide those products and services claim not to be extending consumer
credit.

Response to Comments Received
After considering comments on the inclusion of certain digital assets transactions in the
proposed definition of “consumer payment transaction,” the CFPB has decided, for purposes of
this Final Rule, to exclude such transactions from coverage under the Rule. The CFPB intends to
continue to gather data and information regarding the nature of such transactions and the impact
of digital assets transactions on consumers, and to take further action as appropriate. For
example, the CFPB has considered comments from industry and others stating that some digital
asset products and services, such as so-called unhosted or self-hosted wallets, may not currently
be able to collect the data necessary to administer the larger-participant test that would be
applied to establish supervisory authority. Based on the limited data and information these
commenters provided in their comments, the CFPB is not prepared in this Final Rule to
determine whether and how to distinguish between hosted and unhosted wallets. As further
discussed below, the CFPB is implementing this change by updating the larger participant
threshold to only consider U.S. dollar transactions (see section-by-section analysis of “threshold”
below).
In addition, for purposes of defining what qualifies as a “consumer payment transaction”
covered by the Final Rule, the CFPB has considered the industry association and nonprofit
comments, including the survey described above, which indicate that most market participants
may be more familiar with assessing where a consumer resides222 than where the consumer is
located at the time of any given consumer payment transaction (which can change from
transaction to transaction, especially when consumers make payments using mobile phones).
Thus, to facilitate administration of the larger-participant test, rather than adopting the proposal
to base coverage of consumer payment transactions on whether the consumer is physically

See Reg. E, cmt. 3(a)-3 (stating that regulation E applies to all persons providing EFT services to U.S.
residents through U.S.-located accounts). Regulation Z, which governs consumer credit card transactions,
also links its scope to residency in a State. See Reg. Z, cmt. 1(c)-1.
located in a State at the time of the transaction, the Final Rule defines “consumer payment
transactions” as subject to the rule based on whether the consumer is a U.S. resident, as
described further below.223
With regard to comments on the proposed exclusion in paragraph (C) of the definition of
“consumer payment transaction,” the CFPB agrees with the consumer group comments that
online marketplaces can pose risks to consumers when they sell payments data. Nonetheless, as
discussed above, the market definition does not include or exclude activities based on the level of
risk they pose. In addition, the law firm commenter reasonably notes that consumers seek out
marketplace platforms for the goods and services they offer, including from third-party
marketplace sellers.224 In that way, consumers seek out a marketplace platform for purposes that
differ from the payment-focused purposes for which they seek out a general-use digital consumer
payment application. Therefore, the Final Rule treats a merchant or marketplace conducting
payment transactions for sales through its own platform as distinct from the activity included in
the market defined in this rule.225 The CFPB believes that it is therefore appropriate to exclude
such transactions from this Final Rule in paragraph (C). Finally, with regard to the consumer

The CFPB declines the industry association suggestion to further narrow “consumer payment
transactions” to those that U.S. residents make (1) from a location in a State (2) using a payment card
issued by a U.S. bank or a stored value account provided by a U.S. financial institution. The CFPB
believes that limiting “consumer payment transactions” to U.S. residents will address the commenter’s
concerns regarding the inadvertent coverage of foreign residents’ transactions using accounts issued by
foreign institutions while traveling to the United States. The additional changes the commenter suggests
are not necessary or appropriate in the context of this rule. This rulemaking is not defining a market for
payment cards or stored value accounts. The market activity is not providing an “account”; rather, it is
facilitating consumer payment transactions through a general-use digital consumer payment application.
Such activity can facilitate payments from accounts held by third-party financial institutions. Therefore,
the nationality of the provider of the underlying account is not necessarily relevant.
See also FTC, Buying From an Online Marketplace (Sept. 2022) (“In general, online marketplaces
connect buyers and sellers.”), https://consumer.ftc.gov/articles/buying-online-marketplace (last visited
Nov. 7, 2024).
Relatedly, the CFPB also disagrees with the law firm commenter to the extent it was suggesting that
the proposed exclusion in paragraph (C) would not apply to a payment transaction conducted by an online
marketplace on behalf of a third-party seller. Under the terms of the proposed exclusion, when a
consumer selects goods or services from an online marketplace and the marketplace operator conducts the
consumer payment transaction, that would have been excluded by paragraph (C) even if a third-party
seller was involved in the sale.
group comment that marketplace operators can grow into general-use consumer payment
applications, the Rule accounts for that. If those operators do expand into general-use consumer
payment applications and qualify as larger participants under this rule, they will be subject to the
CFPB’s supervisory authority.
Regarding the definition of “marketplace” in proposed paragraph (C), the CFPB agrees
that in some circumstances it may be complex to evaluate the level of prominence of an entity’s
branding on a marketplace platform. As the proposal noted, major payment network rules
include that standard to define a marketplace. However, it is unclear to the CFPB how
administrable that standard is in that context. Accordingly, as discussed further below, the Final
Rule does not adopt the proposed limitation on the exclusion related to the prominence of
branding.
The CFPB declines the commenter’s further suggestion that the rule expressly
incorporate a definition of “marketplace” in the INFORM Act.226 While the CFPB believes that
platforms that qualify as “online marketplaces” under the INFORM Act generally would qualify
as marketplaces for purposes of the exclusion in paragraph (C), the INFORM Act definition is
limited to online marketplaces for third party sellers of a “consumer product,” defined by
reference to certain “tangible personal property[.]”227 The Proposed Rule referred more broadly
to a marketplace for sale of goods or services. And, as noted above, incorporating the INFORM
Act is not necessary to ensure exclusion of marketplace platform payments to third-party sellers.
For these reasons, the CFPB believes the language in the Proposed Rule is more appropriate in
this context and expressly incorporating the definition in the INFORM Act is unnecessary.
The CFPB agrees with the industry association commenter that stated that the rule should
apply to general-use digital consumer payment applications on a consistent basis, including when

15 U.S.C. 45f(f)(4).

15 U.S.C. 45f(f)(2) (incorporating definition of “consumer product” in 15 U.S.C. 2301(1) and
associated implementing regulations).
consumers click on buttons on merchant or online marketplace websites to access general-use
digital consumer payment applications provided by third parties. As the commenter suggested,
covering these consumer financial products and services serves the CFPB’s statutory objective of
ensuring consistent enforcement of Federal consumer financial law to promote fair competition,
as discussed further above. However, in response to comments about coverage of consumer
payment transactions initiated through online merchant checkout processes that rely on payment
buttons, the CFPB seeks to clarify the scope of the market definition. The market consists of
providing, through a digital payment application, a general-use covered payment functionality.
As discussed above, some market participants have pursued a deliberate strategy of “embedded
finance,” through which nonbank providers of general-use digital consumer payment
applications embed them into nonfinancial digital applications. Given the market reliance upon
“embedded finance” as a way of promoting general-use digital consumer payment applications,
it is reasonable for the Rule not to exclude that activity merely because it is embedded.
However, that does not mean the Rule covers the merchant that embeds a payment button on its
ecommerce website. When a merchant displays on its ecommerce website a payment button for
an unaffiliated third-party’s general-use digital consumer payment application, the merchant is
not itself providing a covered payment functionality as defined in the Rule. The CFPB
understands that these buttons operate as application programming interfaces (APIs) or redirects
to launch the general-use digital consumer payment application provided by the third party.228 In
these circumstances, for purposes of the market definition in this Rule, the third party is
providing the general-use digital consumer payment application, not the merchant. For these

See, e.g., Lotus Lin, E-commerce APIs Introduction, Medium.com (Mar. 24, 2023) (describing how
some providers of general-use digital consumer payment applications provide payment gateway APIs),
https://medium.com/@lotus.lin/e-commerce-apis-introduction-29664558a3b0 (last visited Nov. 7, 2024);
PYMNTS, Buy Buttons (“Branded buy buttons are usually placed underneath the standard ‘buy’ or ‘pay’
button on the merchant’s checkout page and make it possible for consumers to pay for something without
establishing an account with that merchant. Branded buy buttons use payment credentials that consumers
have stored with the buy button brands. PayPal is the most widely accepted buy button, with Amazon
Pay, Google Pay and Apple Pay also gaining acceptance in apps and online.”),
https://www.pymnts.com/tag/buy-buttons/ (last visited Nov. 7, 2024).
reasons, the CFPB disagrees with industry commenters’ suggestions that the Rule needs an
exclusion for ecommerce checkout processes. Further, the CFPB does not agree that, because
merchants individually agree to offer payment buttons linking to digital consumer payment
applications provided by unaffiliated nonbanks, this indicates that the third party’s digital
consumer payment application does not have general use. Under the Final Rule, as discussed
further below, “general use” is based on whether the consumer can use the digital consumer
payment application to pay more than one unaffiliated person. For example, the same payment
button may appear on the websites of thousands of different merchants, each of which may have
its own acceptance agreement with the provider of the associated general-use digital consumer
payment application.229 The app associated with the payment button can have general use for the
consumer, who can use it to make online purchases virtually anywhere that payment button
appears on an ecommerce site on the internet.230

Merchants often accept consumers’ payments through well-known digital payment applications by
agreeing to the terms and conditions imposed by the provider. One-way digital consumer payment
applications gain general use is through acceptance across multiple unaffiliated merchants. See, e.g.,
Apple, Tap to Pay on iPhone (“Before your app can enable Tap to Pay on iPhone and configure a
merchant’s device, the merchant must accept the relevant terms and conditions.”),
https://developer.apple.com/design/human-interface-guidelines/tap-to-pay-on-iphone (last visited
Nov. 7, 2024); Apple Pay Platform Web Merchant Terms at https://developer.apple.com/applepay/terms/apple-pay-web/ (last visited Nov. 7, 2024); Amazon Pay, Getting started for merchants at
https://pay.amazon.com/business/getting-started (last visited Nov. 7, 2024); Google Pay API Terms of
Service at https://payments.developers.google.com/terms/sellertos (last visited Nov. 7, 2024); Meta Pay
onboarding contract described at https://developers.facebook.com/docs/meta-pay/overview#onboarding
(last visited Nov. 7, 2024); PayPal Developer Agreement (Mar. 21, 2022) (describing how holders of
business accounts can use APIs and a PayPal Button) at https://www.paypal.com/us/legalhub/xdeveloperfull?locale.x=en_US (last visited Nov. 7, 2024); Samsung Pay, Web Payments Integration Guide at
https://developer.samsung.com/internet/android/web-payments-integration-guide.html (last visited Nov.
7, 2024); Venmo Approved Business Account Addendum (effective date Jan. 24, 2019) at
https://venmo.com/legal/us-business-addendum/ (last visited Nov. 7, 2024). In addition, a payment
processor that online merchants use describes examples of digital wallets that merchants can accept
through its software. See Stripe, Wallets: Learn about wallet payments with Stripe (stating that the
payment processor has “created a single integration for all wallets that works across [its] products” and
identifying numerous such payment methods it enables), https://stripe.com/docs/payments/wallets (last
visited Nov. 7, 2024).
With regard to industry comments that payment buttons do not pose risks to consumers, the CFPB
considers the comments about risks to consumers from various types of market activity in the response to
general comments above. For the reasons discussed above, this rulemaking is not the vehicle in which the
CFPB must assess such risks. Rather, the CFPB takes risk into account when prioritizing entities for
examination and scoping examinations. As a result, to the extent that any given larger participant’s
The CFPB also seeks to clarify that the CFPB’s statement regarding the scope of its
authority under CFPA section 1002(15)(A)(vii) was not intended to narrow or otherwise alter the
scope of the exclusion in paragraph (C). Paragraph (C) generally excludes transactions in which
a merchant or online marketplace conducts payments to itself for sales through its platform. The
Proposed Rule discussed the scope of CFPA section 1002(15)(A)(vii) to clarify that the CFPA
describes a broader set of activities including in some circumstances those that may be excluded
by paragraph (C). In other words, certain payment transactions may fall within the CFPA’s
authority under the CFPA but not qualify as “consumer payment transactions” for purposes of
this larger participant rule. In summary, the CFPB proposed the exclusion in paragraph (C) for
the purpose of defining the scope of the market and not the scope of its statutory authority under
CFPA section 1002(15)(A)(vii). That said, the CFPB does not share the view expressed by some
industry commenters that the proposal’s discussion of the exclusion in CFPA section
1002(15)(A)(vii) was contrary to the provision’s language or would lead to results that Congress
did not intend. However, the validity of this Final Rule does not depend on the correctness of the
proposal’s interpretation of CFPA section 1002(15)(A)(vii) because, as noted above, the market
definition does not encompass the full extent of the CFPB’s authority under that provision.
Therefore, it is not necessary for the CFPB to further address comments regarding that
interpretation in this Final Rule.
With regard to the proposed coverage of consumer credit transactions in the definition of
“consumer payment transaction,” as several commenters acknowledged, pass-through payment
wallets commonly facilitate transactions using both debit cards and credit cards. Because market
participants commonly provide digital applications that facilitate consumer payment transactions
using both debit card and credit cards (among other payment methods), the Final Rule
appropriately includes consumer payment transactions that use both types of payment cards in

general-use digital consumer payment application does in fact pose low risks to consumers, then the
CFPB supervision program is designed to ensure they are at low risk for examination.

the market. The CFPB disagrees with the nonprofit commenter to the extent it was suggesting
that paragraph (D) should have excluded all consumer credit transactions or that the definition of
“consumer payment transaction” should only apply to payments made from a consumer’s asset
accounts.231 Excluding all consumer credit transactions from the market would not be consistent
with the way nonbanks often provide these consumer financial product and services in the
market.232
In addition, the commenter did not provide support for its view that including consumer
credit transactions in the definition of “consumer payment transactions” could create economic
incentives for firms to reduce credit card lines or fraud protections. For several reasons, the
CFPB disagrees with the commenter, to the extent it was suggesting that its general concerns
over potential incentives warranted excluding general-use digital consumer payment
applications’ facilitation of consumer credit transactions. First, the commenter did not offer a
persuasive rationale for the Rule to treat consumer credit transactions that nonbanks facilitate
through digital payment applications differently from payments from asset accounts, when
general-use digital consumer payment applications facilitate both, as noted above. Second, the
commenter did not explain why it believed that the supervisory authority the rule would establish
over nonbank larger participants could disincentivize allocation or usage of revolving lines of
consumer credit through general-use digital consumer payment application. Such an impact is
unlikely, given that the lender’s own app-based lending activity can be excluded by
paragraph (D) and the CFPB already supervises much of the lending activity in the credit card

Contrary to the commenter’s suggestion, by including consumer credit transactions in the definition of
“consumer payment transactions,” the Proposed Rule would not have expanded the scope of substantive
consumer protections including Regulation E. This rulemaking does not amend or modify Regulation E.
As the Proposed Rule explained, a larger participant rule merely establishes supervisory authority and
does not impose any new substantive consumer protection regulation.
The Final Rule discusses other comments seeking exclusion of pass-through payment wallets in the
discussion of “covered payment functionality” further below.
market.233 Finally, with regard to market participants’ investments in tokenization and anti-fraud
protections, the commenter did not explain why larger participants would seek to offset the costs
of CFPB examination by specifically reducing investment in anti-fraud protections or provide
evidence or otherwise show that the rule would create a meaningful disincentive to engage in
these activities. The CFPB believes that it is also possible that, after the Final Rule takes effect,
larger participants will continue investing in such technologies as part of their efforts to avoid
risks to consumers and non-compliance with Federal consumer financial law. As with the
commenters’ other concerns, the CFPB does not believe that this general concern regarding
potential incentives warrants excluding the facilitation of consumer credit transactions from the
Final Rule.
However, as the Proposed Rule explained,234 by including consumer credit transactions in
the definition of “consumer payment transaction,” the CFPB does not seek to define this
payments market in a manner that encompasses “consumer lending activities by lenders through
their own digital applications.” In particular, the CFPB is not seeking to define a market for
extending consumer credit, such as the market it defined in the larger participant rule for
automobile financing originations. The CFPB therefore proposed the exclusion in paragraph (D)
to maintain a distinction between payments-focused activity (included in the market) and
consumer credit originations (excluded by paragraph (D)). The CFPB declines the suggestion by
the industry comment to expand the scope of this market to include what it described as the buy-

Proposed paragraph (D) already clarified that the market definition is not based on the activity of
extending credit. Moreover, the CFPB already supervises very large insured depository institutions and
insured credit unions, which issue the bulk of consumer credit cards in the United States, as well as their
service providers. CFPB, The Consumer Credit Card Market (Oct. 2023), sec. 2.21 (annual CARD Act
report discussing concentration in the credit card issuance market, with the top 30 issuers representing 95
percent of credit card loans in 2022, and 3,800 smaller banks and credit unions accounting for five to six
percent of the market). With regard to the potential for larger participants to pass through costs of the
Rule to others, the Final Rule discusses this issue in part VII below.
234

88 FR 80197 at 80204.

now-pay-later market.235 For the same reason, the CFPB agrees with the industry association
commenter that a nonbank should be eligible for the exclusion in paragraph (D) when it provides
a digital application to initiate a consumer credit transaction and also engages in a set of
activities directed at originating the extension of consumer credit, regardless of who is extending
the credit (and even if a third-party financial institution such as a bank or credit union is
extending the credit). Accordingly, the CFPB is clarifying paragraph (D) in the Final Rule as
described below to describe additional activities integral to consumer credit originations that
would be part of the eligibility criteria for the exclusion, including brokering, purchasing, or
acquiring the extension of credit.236 If a nonbank provides a digital application to initiate
consumer credit transactions and engages in those other activities in connection with those
consumer credit transactions, then the CFPB believes it generally is engaged in consumer credit
origination activity, which is not the focus of this rulemaking. By excluding extensions of
consumer credit in the circumstances described in paragraph (D), the Final Rule excludes the
transfer of funds resulting from that extension of credit, such as a consumer’s payment to a
merchant for goods and services from the funds provided by a credit card issuer. In light of the
distinguishing characteristics of loan origination activities and the other reasons set forth above,
the Bureau declines to include such loan origination activity in the market for which this Final
Rule defines larger participants. As the Bureau has explained, this larger-participant rulemaking
is only one in a series. Nothing in this Final Rule precludes the Bureau from considering in

See also CFPB, Interpretive Rule, Truth in Lending (Regulation Z); Use of Digital User Accounts to
Access Buy Now, Pay Later Loans, 89 FR 47068, 47071 (May 31, 2024) (BNPL Interpretive Rule)
(discussing how BNPL providers facilitate extension of consumer credit marketed as BNPL loans). The
CFPB also notes that the exclusion in paragraph (D) is not limited to extension of consumer credit by
“creditors” as defined in TILA.
See, e.g., CFPB section 1002(15)(A)(i) (describing activities associated with consumer credit
origination “including acquiring, purchasing, selling, brokering, or other extensions of credit[]”); CFPB
Automobile Financing Larger Participant Rule, 12 CFR 1090.108(a)(i)(4) (defining automobile financing
“originations” as including “[p]urchases or acquisitions” of automobile purchase loans, their refinancings,
and leases).
future larger-participant rulemakings other markets for consumer financial products or services
that might include certain types of consumer credit origination activity.
However, as revised, paragraph (D) does not exclude pass-through payment wallet
functionalities that facilitate consumer payments from accounts issued by third-party financial
institutions that the pass-through payment wallet functionality provider did not originate by
engaging in the activities described above (such as extending, brokering, acquiring, or
purchasing the extension of credit). As a result, the definition of “consumer payment
transaction” adopted in the Final Rule still captures the general activities of pass-through
payment wallets, which often facilitate consumer payment transactions, whether through funds
they hold, funds they receive, or debit cards or credit cards provided by third-party financial
institutions.237
The CFPB also seeks to provide clarification about the scope of “consumer payment
transactions” in light of the consumer groups’ comment noting that some providers of earned
wage products do not treat their transactions as extensions of consumer credit, and seeking
clarification of whether they qualify as “consumer payment transactions” included in the market.
Specifically, the CFPB seeks to clarify how the proposed definition of “consumer payment
transaction” applied to a payment by or on behalf of a consumer to another person. As explained
above, “consumer payment transaction” for purposes of the proposed market definition did not
include “transfers between a consumer’s own deposit accounts[ or] transfers between a consumer
deposit account and the same consumer’s stored value account held at another financial
institution, such as loading or redemptions[.]”238 Consistent with that approach, the CFPB also
This approach is consistent with other Federal consumer financial laws and their implementing
regulations, which treat that activity as part of a consumer payments market. See e.g., Regulation Z,
cmt. 13(a)(3)-2 (describing a “third-party payment intermediary, such as a person-to-person Internet
payment service, funded through the use of a consumer’s open-end credit plan[]”). In light of the
examples discussed in this paragraph, the CFPB does not believe changes to paragraph (D) or
specification of illustrative examples in that paragraph are needed. It also is not the purpose of this Final
Rule to define who is extending credit, which will depend on facts and circumstances that are beyond the
scope of this rulemaking or the comments received.
238

88 FR 80197 at 80203.

did not intend and does not believe that earned wage products generally would be included in the
market because they transfer wages belonging to or advanced on behalf of a consumer to that
same consumer.239 Similarly, for clarity and administrability, the CFPB does not interpret the
market definition as including payments by or on behalf of a consumer to other accounts the
consumer owns or controls in which another person, such as a spouse co-owner or minor child,
also holds an interest.240
Final Rule
For the reasons described above, the CFPB adopts the proposed definition of “consumer
payment transaction” with four changes, as described below.
First, for the reasons discussed above in the responses to comments, the Final Rule covers
consumer payment transactions made by or on behalf of a consumer “who resides in” a State,
rather than a consumer “physically located” in a State as stated in the Proposed Rule. As a
result, when a nonbank provides a general-use digital consumer payment application to a person
who does not reside in a State, the transactions it facilitates for that person would not be included
in the market. The CFPB believes that this change will make the larger-participant test for this
Final Rule more administrable because, unlike a consumer’s physical location, a consumer’s
country of residence does not constantly change. Since the comments indicate that some
companies may not currently collect data on consumer location at the time of making a payment,
this change in the Final Rule also will avoid inadvertently creating a potential incentive for
market participants to collect such data to determine larger participant status.

See, e.g., CFPB, Data Spotlight: Developments in the Paycheck Advance Market (July 18, 2024)
(“Earned wage products provide workers access, before their payday, to a portion of their earned but
unpaid wages or to funds that purport to equal or approximate a portion of their unpaid wages.”),
https://www.consumerfinance.gov/data-research/research-reports/data-spotlight-developments-in-thepaycheck-advance-market/ (last visited Nov. 7, 2024).
For example, a payment functionality usable for an adult to transfer funds to K-12 school lunch
accounts for the benefit of two or more minor children would not be included in the market because the
adult transferor typically owns or controls the recipient account.
Second, for reasons discussed above in the responses to comments, the Final Rule
clarifies the exclusion in paragraph (C) for payment transactions conducted by certain merchants
and marketplace operators. Specifically, the Final Rule does not adopt the proposed requirement
that the marketplace be operated “prominently in the name of” the excluded person or its
affiliated company. This change will make the larger-participant test more administrable by
avoiding the need to evaluate the form or extent of name branding when evaluating which
entities qualify for the exclusion, as discussed above.
Third, the Final Rule modifies paragraph (C) to confirm that the Final Rule excludes a
payment transaction conducted by a person for a donation to a fundraiser that a consumer
selected from the person or its affiliated company’s platform. In the Proposed Rule, the CFPB
did not intend to include payment platforms provided solely to facilitate donations to fundraisers.
Such donation platforms would not have had “general use” under the proposal and therefore
transactions would not have been within the scope of the proposed market. Because the Final
Rule revises the definition of “general use” as described below to generally apply to payment
functionalities that are usable to facilitate consumer payment transactions to more than one
unaffiliated person, a platform that facilitates donations to multiple unaffiliated persons could be
part of the market in some circumstances in the absence of another exclusion. Thus, consistent
with the scope of the Proposed Rule, the Final Rule modifies the definition of “consumer
payment transaction” to clarify that those transactions would not be in the market.
Fourth, for the reasons discussed above in responses to comments, the Final Rule clarifies
paragraph (D) to exclude extensions of consumer credit initiated through a digital application
that is provided by a person who is extending, brokering, acquiring, or purchasing the credit or
that person’s affiliated company. As explained above, by referring to digital application-based
initiations of consumer credit transactions by persons engaged in these additional activities of
brokering, acquiring, or purchasing the extension of credit, the exclusion in paragraph (D) better

defines a payments market in this Rule by excluding activities that are distinguishable as being
part of a market for consumer credit originations.
Covered payment functionality
Proposed Rule
The proposed market definition would have applied to providing covered payment
functionalities through a digital application for a consumer’s general use in making payment
transactions. Proposed § 1090.109(a)(2) would have defined two types of payment
functionalities as covered payment functionalities: a funds transfer functionality and a wallet
functionality. Proposed § 1090.109(a)(2) would have defined each of those two functionalities
as described below. The CFPB requested common on each proposed definition, and whether it
should be modified, and if so, how and why.
A nonbank covered person would have been participating in the proposed market if its
market activity includes only one of the two functionalities, or both functionalities. Similarly, a
particular digital application may provide one or both functionalities. A nonbank’s level of
participation in the proposed market would not have been based on which functionality is
involved; rather, it would have been based on the annual covered payment transaction volume as
defined in proposed § 1090.109(b).
The CFPB proposed to treat these two covered payment functionalities as part of a single
market for general-use digital consumer payment applications. As the Proposed Rule noted, the
technological and commercial processes these two payment functionalities use to facilitate
consumer payments may differ in some ways. However, consumers can use both types of
covered payment functionalities for the same common purposes, such as to make payments for
retail spending and sending money to friends and family. For example, a funds transfer
functionality may transfer a consumer’s funds in a linked stored value account to a merchant to
pay for goods or services, or to friends or family. Similarly, a wallet functionality may transmit
a stored payment credential to facilitate a consumer’s payment to a merchant or to friends and

family. Indeed, the same nonbank covered person may provide a digital application that
encompasses both functionalities depending on the payment method a consumer chooses. For
example, a nonbank covered person’s digital application may allow the consumer to access a
wallet functionality to make a payment using a credit card for which a third party extends credit,
or a funds transfer functionality to make a payment from a stored value account the nonbank
provides. The role these two functionalities play in a single market therefore was driven by their
common uses, not their specific technological and commercial processes.
(A) Funds transfer functionality
The first payment functionality included in the definition in covered payment
functionality in proposed § 1090.109(a)(2) was a funds transfer functionality. Paragraph (A)
would have defined the term “funds transfer functionality” for the purpose of this rule to mean,
in connection with a consumer payment transaction: (1) receiving funds for the purpose of
transmitting them; or (2) accepting and transmitting payment instructions.241 These two types of
funds transfer functionalities generally described how nonbanks help to transfer a consumer’s
funds to other persons, sometimes referred to as P2P transfers. The nonbank either already holds
or receives the consumer’s funds for the purpose of transferring them, or it transmits the
consumers payment instructions to another person who does so. Paragraph (1), for example,
would have applied to a nonbank transferring funds it holds for the consumer, such as in a stored
value account, to another person for personal, family, or household purposes. Even if the
nonbank providing the funds transfer functionality does not hold or receive the funds to be

As stated in the Proposed Rule, 88 FR 80197 at 80205 n.64, such funds transfer services are consumer
financial products or services under the CFPA. See 12 U.S.C. 5481(5)(A) (defining “consumer financial
product or service” to mean a financial product or service “offered or provided for use by consumers
primarily for personal, family, or household purposes[]”). The CFPA defines a “financial product or
service” to include “engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise
acting as a custodian of funds or any financial instrument for use by or on behalf of a consumer[.]”
12 U.S.C. 5481(15)(A)(iv); see also 12 U.S.C. 5481(29) (defining “transmitting or exchanging funds”).
The CFPA also defines a “financial product or service” to include generally “providing payments or other
financial data processing products or services to a consumer by any technological means, including
processing or storing financial or banking data for any payment instrument,” subject to certain exceptions.
12 U.S.C. 5481(15)(A)(vii).
transferred, it generally would have qualified under paragraph (2) by transmitting the consumer’s
payment instructions to the person that does hold or receive the funds for transfer. Paragraph (2),
for example, would have applied to a nonbank that accepts a consumer’s instruction to send
money from the consumer’s banking deposit account to another person for personal, family, or
household purposes, and then transmits that instruction to other persons to accomplish the fund
transfer. As the Proposed Rule noted, a common way a nonbank may engage in such activities is
by acting as a third-party intermediary to initiate an electronic fund transfer through the
automated clearinghouse (ACH) network. Another common way to do so noted in the Proposed
Rule is to transmit the payment instructions to a partner depository institution. However, in
some circumstances, a nonbank may be able to execute a consumer’s payment instructions on its
own, such as by debiting the consumer’s account and crediting the account of the friend or
family member, without transmitting the payment instructions to another person. In those
circumstances, the nonbank generally would have been covered by paragraph (1) because, to
conduct the transaction in this manner, the nonbank typically would be holding or receiving the
funds being transferred.
(B) Wallet functionality
The other payment functionality included in the definition in covered payment
functionality in proposed § 1090.109(a)(1) was a wallet functionality. Paragraph (B) would have
defined the term wallet functionality as a product or service that: (1) stores account or payment
credentials, including in encrypted or tokenized form; and (2) transmits, routes, or otherwise
processes such stored account or payment credentials to facilitate a consumer payment
transaction.242 Through this proposed definition, the proposed market would have included

As stated in the Proposed Rule, 88 FR 80197 at 80205 n.65, the wallet functionality as described above
is a consumer financial product or service under the CFPA. See 12 U.S.C. 5481(15)(A)(vii) (defining
“financial product or service” to include “providing payments or other financial data processing products
or services to a consumer by any technological means, including processing or storing financial or
banking data for any payment instrument, or through any payments systems or network used for
processing payments data, including payments made through an online banking system or mobile
payment functionalities that work together first to store account or payment credentials and
second, to process such data to facilitate a consumer payment transaction.
As indicated above, paragraph (B)(1) of the proposed definition of “wallet functionality”
would have clarified that “account or payment credentials” can take the form of encrypted or
tokenized data. Storage of account or payment credentials in these forms would have satisfied
the first prong of the “wallet functionality” definition. For example, the first prong would have
been satisfied by storing an encrypted version of a payment account number or a token243 that is
specifically derived from or otherwise associated with a consumer’s payment account number.
Paragraph (B)(2) of the proposed definition of “wallet functionality” described the types
of processing of stored account or payment credentials that would have fallen within this
definition. For example, consumers commonly use wallet functionalities provided through
digital applications to pay for purchases of goods or services on merchant websites. To facilitate
such a consumer payment transaction, a consumer financial product or service may transmit a
stored payment credential to a merchant, its payment processor, or its website designed to accept
payment credentials provided by the wallet functionality. This type of product or service would
have been covered by paragraph (B)(2).

telecommunications network,” subject to certain exceptions); see also 12 U.S.C. 5481(5)(A) (defining
“consumer financial product or service” to mean a financial product or service “offered or provided for
use by consumers primarily for personal, family, or household purposes”).
As the Proposed Rule noted, tokens now are often used for wallets to store a variety of payment
credentials including network-branded payment cards. See, e.g., Manya Saini, Visa tokens overtake
payments giant’s physical cards in circulation, Reuters.com (Aug. 24, 2022) (describing how VISA’s
token service “replaces 16-digital Visa account numbers with a token that only Visa can unlock,
protecting the underlying account information.”), https://www.reuters.com/business/finance/visa-tokensovertake-payments-giants-physical-cards-circulation-2022-08-24/ (last visited Oct. 23, 2023); In re
Mastercard Inc., FTC Docket No. C-4795 (Complaint dated May 13, 2023) ¶¶ 24-32 (describing how
payment cards are “tokenized” for use digital wallets by “replacing the cardholder’s primary account
number (‘PAN’) [] with a different number to protect the PAN during certain stages of the []
transaction.”),
https://www.ftc.gov/system/files/ftc_gov/pdf/2010011C4795MastercardDurbinComplaint.pdf (last visited
Oct. 23, 2023); American Express, American Express Tokenization Service,
https://network.americanexpress.com/globalnetwork/products-and-services/security/tokenization-service/
(last visited Oct. 23, 2023); Discover Digital Exchange, Powering digital payment experiences,
https://www.discoverglobalnetwork.com/solutions/technology-payment-platforms/discover-digitalexchange-ddx/ (last visited Oct. 23, 2023).
Comments Received
Some commenters supported the inclusion of the range of payment functionalities
described in the proposed definition of “covered payment functionality.” For example, one
nonprofit stated that its members surveyed generally supported the proposed definitions of
“funds transfer functionality” and “wallet functionality” and that the latter adequately described
digital wallets in use today. A merchant trade association stated that the market should include
digital wallet offerings from nonbanks, including when offered by nonbanks through joint
ventures or partnerships with banks or payment networks. In their view, if a nonbank develops
and determines how the service operates, then regardless of the involvement by a bank or
payment network, the CFPB should supervise the nonbank to ensure fair competition. In
addition, as described at the outset of the section-by-section analysis above, other commenters
including consumer groups and banking industry associations generally supported the Proposed
Rule without raising concerns regarding the proposed definition of “covered payment
functionality.”
On the other hand, as discussed in the section-by-section analysis of general comments
on the proposed market definition in § 1090.109(a)(1) above, several industry and nonprofit
commenters stated that the Proposed Rule inappropriately grouped what they described as
different markets, including funds transfer functionalities and wallet functionalities, as well as a
number of subtypes of each, into a single market. The Final Rule responds to those comments
above. In addition, as described below, some commenters stated that the rule should exclude
certain activities from the proposed definition of “covered payment functionality.” These
comments either sought to remove entire components of the proposed definition of “covered
payment functionality,” to limit the scope of the term in the context of nonbank/bank
partnerships, or to clarify that the term did not include what they described as business-tobusiness services.

Some comments stated that the market definition should not include what they called
payment-method or pass-through wallets captured by the proposed definition of “wallet
functionality.” For consistency, the Final Rule refers to these products and services as passthrough payment wallets. A nonbank firm stated that the rule should exclude from the definition
of “wallet functionality” the storage and transmission of payment credentials for accounts held at
or issued by third-party financial institutions (which it called a “payment method wallet”). In its
view, payment method wallets do not provide consumers access to their funds because they do
not store the funds.244 It stated that supervising the nonbank provider of the payment method
wallet would provide no benefit beyond existing supervision by CFPB and other Federal
agencies of these third-party financial institutions, which includes supervision for compliance
with protections under Regulation Z against billing errors in credit card transactions and
Regulation E in debit card transactions. In support of that conclusion, it outlined its position that
payment method wallets are not subject to EFTA or Regulation E because they do not issue an
asset account used to make the payment and they do not provide an “access device” for an asset
account because any stored debit card is the access device for purposes of Regulation E.245
Some industry association commenters also stated that some market participants were not
financial institutions under either Regulation E or under Regulation P implementing the GLBA,
and that the Proposed Rule therefore did not articulate why CFPB supervision of those firms
would be beneficial or overstated its benefits.246

In its view, they also do not receive funds for purpose of transmitting them on behalf of the consumer
because they generally agree to accept payments as an agent of the merchant.
Another industry association suggested that the Final Rule clarify whether the CFPB considers a
mobile phone to be an access device for purposes of Regulation E. The commenter also stated that
entities may face competing obligations or burdens under this larger participant rule and a personal
financial data rights rule the CFPB may adopt. It stated that both rules would apply to “digital wallets”
but, in its view, define them differently. It called for the CFPB to establish a regulatory safe harbor under
which compliance with a personal financial data rights rule does not determine application of the larger
participant rule, and vice-versa.
The nonbank firm mentioned above generally stated that payment method wallets generally posed low
if any risk to consumers and stated that the Proposed Rule did not establish that payment method wallets
pose any special or heightened risk to consumers’ data related to GLBA/Regulation P compliance
A law firm commenter also stated that the term “wallet functionality” should be removed
from the market definition. It stated that, because the proposal defined “consumer payment
transaction” as involving a transfer of funds, all such transactions will involve a “funds transfer
functionality” that will always be subject to supervision. It also viewed providers of a “wallet
functionality” that does not hold and move funds as excluded from the scope of EFTA and
Regulation E. As a result, in its view, supervision of persons providing a “wallet functionality”
would be unnecessary, duplicative, and not responsive to the same level of risk to consumers.247
Alternatively, this commenter and another industry trade association stated that the rule should
address uncertainty over potential coverage of internet browsers; the Final Rule describes and
responds to those comments in more detail in the section-by-section analysis of “digital
application” further below.
An industry association stated that the rule should narrow the proposed definition of
“wallet functionality” by dropping the reference to storage and transmission of payment
credentials that are in “tokenized form.” It noted that consumers’ personal identification
information, such as a driver’s license, can be tokenized to create digital “identity credentials”
that consumers can use for what it described as non-financial purposes such as identity
verification and “commerce purposes.” It stated that if the rule does not remove the reference to
“tokenized form” form, then it should clarify that term only applies to tokenization of what it
called “existing” payment credentials. It stated that the clarification was necessary to ensure that
the market definition does not cover non-financial applications of tokenization that the CFPB
lacks the authority to regulate.

compared with other products and services not included within the market definition. In response to
general comments further above, the Final Rule responds to comments about the consideration of risk in
larger participant rules.
Again, as noted above, the Final Rule summarizes and responds to comments regarding the
consideration of risk to consumers at the outset of the section-by-section analysis above.
Finally, two industry associations stated that the proposed term “wallet functionality”
includes “pass-through digital wallets” that cannot legally be included in the market definition
because they qualify as “electronic conduit services” defined in CFPA section 1002(15). They
described pass-through payment wallets as holding and passing on payment information, such as
card numbers, and as maintaining a record of such information. They stated that “pass-through
digital wallets” are electronic conduit services because only data, not funds, flow through the
wallet.248
Other industry comments called for removing part of the definition of “funds transfer
functionality.” A few industry trade associations stated that the rule should remove accepting
and transmitting payment instructions from the definition of “funds transfer functionality.” They
stated that many firms transmit payment instructions, and State money transmitter laws generally
exclude this type of payment processing because, in their view, that is a lower-risk activity due
the payment processor not holding or receiving funds, which instead are held at Federallyregulated financial institutions.
Other industry comments called for excluding activities that do not involve the holding or
receipt of funds in certain circumstances, which they generally described as posing lower risk
than other market participants. An industry association and a nonbank firm stated that the rule
should exclude nonbanks providing payment services in partnership with or as service providers
to depository institutions. According to their description, these nonbanks typically develop,
market, and provide a digital application to consumers on behalf of as and a service provider to a
bank or credit union. They described the nonbank as serving solely as a service provider,
regardless of whether the digital application is branded in the name of the nonbank. They stated
that the nonbank provides these services solely to establish the consumer as a customer of the

One of these commenters noted that certain pass-through payment wallets may participate in the flow
of funds when they act as a third-party payment processor, but even in those circumstances, pass-through
payment wallets should not be covered either because they, in the commenter’s view, pose low risk as
evidenced by their being excluded from money transmitter laws.
bank or credit union and to facilitate consumer payment transactions from accounts held by the
bank or credit union either in the name of or “for benefit of” the consumer. They stated that the
bank or credit union processes the consumer payment transactions. For example, the nonbank
may receive and transmit the consumer’s payment instructions to the partner bank to transmit
funds. The nonbank commenter acknowledged that covering nonbank activities that facilitate
payments from accounts held by nonbanks would help align supervision of nonbanks and banks.
However, in the view of these commenters, facilitating payments of funds held in accounts at
partner banks or credit unions is a different activity that should not be included in the market.
For example, compared to what they described as “stand-alone” nonbank payment applications,
they stated the digital applications that nonbanks provide as partners with banks and credit
unions pose lower risk to consumers due to existing Federal prudential regulators’ oversight of
the banks and credit unions and their third-party relationships.249 These commenters also stated
that, in their view, excluding this type of activity from the market definition (or otherwise from
the larger-participant test) would prevent duplicative Federal supervision between the CFPB and
prudential banking regulators. One of these commenters also stated the exclusion would be
consistent with the rule’s goal of defining the market to exclude taking of deposits.250 For

These commenters also asserted that existing oversight of the depository institutions provides
sufficient oversight of this type of activity; the Final Rule addresses comments regarding existing
oversight above. One commenter also suggested that establishing oversight in this rulemaking would
violate a memorandum of understanding between the CFPB and prudential regulators that called for the
CFPB to prevent unnecessary duplication of effort. However, the comment misconstrued that
memorandum of understanding. As explained further above in the discussion of comments on existing
oversight, that memorandum of understanding does not seek to prevent overlapping authority; instead,
where overlapping authority exists, it provides mechanisms for coordinating across agencies to minimize
the types of duplication these commenters mentioned.
The nonbank firm also suggested that the Proposed Rule appeared to purport to establish supervisory
authority over a nonbank that acts as a service provider to a bank with assets of $10 billion or less and not
to a substantial number of such banks. In its view, such a service provider is subject to the exclusive
supervision of a Federal banking agency, and assertion of CFPB supervisory authority over the service
provider would conflict with CFPA section 1026(e), which only establishes authority over service
providers to a substantial number of such banks. It stated that the CFPB may not take supervisory or
enforcement action directly against such a service provider, and instead may only take certain actions
specified in the CFPA related to the service provider, such as accessing the Federal prudential regulators’
reports of examination of the service provider under CFPA section 1022(c)(6)(B).
example, this commenter stated that this type of activity is subject not only to the prohibition
against unfair, deceptive, and abusive practices, but also to consumer protections governing
deposit accounts. They also stated that, to meet the expectations of Federal prudential banking
regulators, banks have extensive mechanisms for overseeing the third-party nonbanks that
provide the consumer-facing or “front end” digital application, and that these mechanisms
further reduce risks posed by these activities. Another industry association called for CFPB to
make unspecified clarifications to the scope and requirements of the Proposed Rule to ensure
close coordination between the CFPB and other regulators to prevent duplicative or diverging
regulatory requirements of nonbanks that partner with depository institutions and credit unions.
In addition, a few industry associations requested that the rule clarify that the market
definition does not include activities that they described in four different ways as business-tobusiness services that nonbanks provide in connection with consumer payment transactions for
the purchase of goods and services. First, both commenters stated that the market definition
should exclude any portions of the process or lifecycle associated with a consumer payment
transaction that involve exclusively business-to-business transactions and do not directly involve
the consumer. Second, both commenters stated that companies that provide merchant payment
processing would fall within the market definition (and, as noted above, disagreed with that
result). However, one of the commenters pointed to what it viewed as significant uncertainty
over whether the market definition included what it described as traditional third-party payment
processing by entities that enable merchants to accept payments. Third, both commenters also
referred to what they called covered payment functionalities provided by a nonbank that its
merchant customer offers to consumers, who use the end product. Although the consumer is an
end user, they described such nonbank activities as facilitating application functionalities

between businesses that should be excluded from the market definition.251 Fourth, one of these
commenters stated that, to avoid what it described as an unintended expansion of the scope of the
proposal, the CFPB should clarify that the rule does not include what it described as “back-office
service providers or other vendors.”
Response to Comments Received
As discussed above in the Final Rule’s response to comments on the market definition in
proposed § 1090.109(a)(1), the CFPB disagrees with comments suggesting that the market
should be confined to entities that receive or hold the funds being transferred in consumer
payment transactions, or that the market should cover consumer payment transactions that
transfer funds from nonbank accounts but not from accounts provided by banks or credit unions.
As the Proposed Rule explained, the CFPB is seeking to define a market for general-use digital
consumer payment applications that facilitate consumer payment transactions that transfer funds
by or on behalf of the consumer, regardless of where those funds may be held. As some industry
association comments regarding bank/fintech partnerships acknowledged, the CPFB is not
seeking to define a market for taking deposits in this rule. Consistent with that purpose, nothing
in the proposed definition of “covered payment functionality” referred to engaging in the “taking
of deposits.” Relatedly, holding or receiving funds is not a requirement for facilitating consumer
payment transactions and participating in the market. Specifically, neither the form of “funds
transfer functionality” described in paragraph (2) of the definition of that term nor the proposed
“wallet functionality” definition were based on receiving or holding funds.252 Excluding
nonbanks that do not hold or receive funds (or that only facilitate payment of funds held at
partner depository institutions) would result in an unduly narrow market definition that

This commenter suggested this exclusion appear in the definition of “digital application.” However,
the Final Rule considers the comment more broadly in relation to other comments seeking exclusion of
what they described as business-to-business offerings.
In addition, while the first prong of “funds transfer functionality” refers to receiving funds, that prong
requires that the funds be received for the purpose of transmitting them.
essentially is limited to money transmission, ignoring the role that other nonbank activities play
in initiating other very common consumer payment transactions through general-use digital
consumer payment applications. For example, consumers have significantly increased their use
of digital wallets to make payments using network-branded payment cards issued by third-party
financial institutions.253 These include consumer credit card transactions in which the lender
transfers funds on behalf of the consumer as part of an extension of credit. In these transactions
and in debit card transactions, the nonbank may not hold or receive funds but it does initiate the
consumer payment transaction at the consumer’s request by receiving and transmitting payment

See, e.g., Worldpay, 2024 Global Payments Report, at 6 (describing “key insight[]” that “[c]onsumer
attraction to digital wallets isn’t a turn away from cards. In card-dominated markets, card spend is simply
shifting to digital wallets like Apple Pay, Google Pay and PayPal. Viewed in total, card transaction
values are at an all-time high and continue to rise.”), at 148 (reporting use of payment cards through
digital wallets under the heading “digital wallets” and separately reporting “direct card use” for debit
cards and credit cards), https://worldpay.globalpaymentsreport.com/ (last downloaded Aug. 22, 2024);
Worldpay, Press Release, Worldpay Global Payments Report 2024: Digital Wallet Maturity Ushers in a
Golden Age of Payments (Mar. 21, 2024) (finding that “in the U.S., credit and debit cards fund 65 percent
of digital wallets in the market.”),
https://www.businesswire.com/news/home/20240321666428/en/Worldpay-Global-Payments-Report2024-Digital-Wallet-Maturity-Ushers-in-a-Golden-Age-of-Payments (last visited Nov. 7, 2024); How Are
Consumers Funding Mobile Wallets? PaymentsJournal (Apr. 1, 2024) (reporting that most consumers use
a debit card or credit card to fund a mobile wallet, versus 36 percent who use the balance within the app,
based on Christopher Miller, 2023 North American PaymentInsights: U.S.: Financial Services and
Emerging Technologies Exhibit, Javelin Research (July 21, 2023)),
https://javelinstrategy.com/research/2023-north-american-paymentinsights-us-financial-services-andemerging-technologies (last visited Nov. 7, 2024)), https://www.paymentsjournal.com/how-areconsumers-funding-mobile-wallets/ (last visited Nov. 7, 2024); Steve Cocheo, Consumers Have
Embraced Digital Wallets. But They Also Want Them to Be Better, The Financial Brand (Mar. 28, 2024)
(discussing the “overlap between digital wallets and cards.”),
https://thefinancialbrand.com/news/payments-trends/digital-wallets-absorb-credit-cards-as-they-boomworldwide-176418/ (last visited Oct. 24, 2024); J.D. Power, Debit Cards Still Lead in Customer
Satisfaction and Utilization, Even as Use of Digital Wallets Grows (May 23, 2024) (survey projecting
“slow deterioration” in share of customers using physical version of debit cards as they opt instead to use
the debit cards as a payment method stored in digital wallets),
https://www.jdpower.com/business/resources/debit-cards-still-lead-customer-satisfaction-and-utilizationeven-use-digital (last visited Nov. 7, 2024): Nicole Murgia & Lily Varon, Digital Payments Have
Surpassed Traditional Payments In The US, Forrester Research (Feb. 29, 2024) (reporting survey data
finding that “69% of U[.]S[.] online adults said that they had used a digital payment method over the past
three months to make a purchase. That’s well ahead of the just over half of online adults who used a
credit card or who used cash. That said, it’s important to remember that cards often are the underlying
payment instrument in growing digital payment scenarios.”), https://www.forrester.com/blogs/digitalpayments-have-surpassed-traditional-payments-in-the-us/ (last visited Nov. 7, 2024); Mastercard,
Mastercard reimagines online checkout; commits to reaching 100% e-commerce tokenization by 2030 in
Europe (June 11, 2024), https://www.mastercard.com/news/press/2024/june/mastercard-reimaginesonline-checkout-commits-to-reaching-100-e-commerce-tokenization-by-2030-in-europe/ (last visited
Nov. 7, 2024).
instructions or storing and transmitting payment credentials.254 And in this way, it also facilitates
consumers’ access to their funds, contrary to the suggestion by an industry commenter.
Excluding these activities from the market would result in a gap in the CFPB’s
supervisory oversight at the very start of the chain of activities that lead a consumer payment
transaction to occur. Yet consumers naturally may look to the provider of that consumer
financial product or service for help resolving problems. And a credit union trade association
commenter stated that credit union customers can find it difficult to obtain prompt resolution of
errors that involve a nonbank platform. A group of State attorneys general also cited a survey
indicating that more 77 percent of consumers encountered difficulty obtaining resolution from
the nonbank’s customer service.255
As to industry commenter claims that nonbank market participants pose lower risk
because the funds consumers use to make payments are held by other regulated and supervised
financial institutions such as banks, credit unions, or money transmitters, this rulemaking does
not define who is included or excluded in the market based on findings of relative risk. More
specifically, the CFPB does not assess in this rulemaking the relative risk of activities to initiate
payments from funds held or received by others; rather, as explained further above, the CFPB
considers the risks that a market and its larger participants pose to consumers when determining
how to exercise its authority to conduct examinations of such persons.
The CFPB also disagrees that the market should exclude nonbanks with a serviceproviding or partnership relationship with the depository institution that holds the funds used to
make the payment. As discussed in the response to general comments above, covering these
activities furthers the CFPB’s statutory objective of ensuring consistent compliance with Federal

The Final Rule responds to general comments about the applicability of Regulation E and Regulation P
in the section-by-section analysis of the market definition further above.
Consumer Reports P2P Survey at 9 (reporting results of questions about services provided by payment
apps such as PayPal, Venmo, Apple Pay, Google Pay, or Zelle). The Proposed Rule, 88 FR 80197 at
80200 n.25, also identified this survey.
consumer financial law without regard to the status of a person as a depository institution to
promote fair competition. The CFPB similarly disagrees with the law firm commenter’s claim
that, when a consumer initiates a consumer payment transaction in reliance on a general-use
wallet functionality a nonbank provides through a digital application, there is no need to include
that activity in the market because another supervised institution, such as a depository institution,
may be providing a funds transfer functionality. Two institutions, including a depository
institution and a nonbank, may work together to provide a covered payment functionality. For
example, a depository institution may accept payment instructions from a nonbank general-use
digital consumer payment application provider. A supervisory review that only considers how
the depository institution processes those instructions would presume that there is no significance
to the role of the nonbank in relaying those instructions to the depository institution. Yet by
design, the conduct of both institutions can affect the degree to which consumers’ payments data
is protected, legitimate transactions proceed without error or delay, and unauthorized
transactions do not occur. The nonbank may even assume primary responsibility for providing
the consumer interface, such as a digital application, and making representation to consumers
about the speed, cost, and other aspects of payments it facilitates. As noted, it is not the purpose
of this rule to enumerate, quantify, and weigh such risks because the rule does not seek to define
a market that includes only high-risk activity. Rather, the purpose of this rule is to establish
authority to examine larger participants in this market. Through operation of that program the
CFPB can detect, assess, and as needed, address risks to consumers and markets, and otherwise
conduct its risk-based supervision program for the purposes established in CFPA
section 1024(b)(1).
In addition, for the reasons explained above in response to general comments about
existing Federal and State oversight of some aspects of market activity, the CFPB does not
define the market based on the degree to which another regulator oversees certain persons, such
as a partner bank, its nonbank partner, or any other nonbank that facilitates a given consumer

payment transaction. The CFPB also does not define the market based on whether market
participants also may act as a service provider to another financial institution.256
The CFPB also disagrees with the two industry associations that argued that certain passthrough digital wallets are subject to the CFPA’s exclusion for “electronic conduit services”
because they only store and transmit card information, and not funds.257 The commenters did not
meaningfully analyze the language of the CFPA’s definition of “electronic conduit services,”
which undermines their argument in at least two ways.258 First, the definition applies to the
“intermediate or transient storage” of electronic data – i.e., to data storage for a limited time.259

The CFPB disagrees with the nonbank firm’s comment to the extent it was suggesting that in general a
service provider to financial institutions cannot also be a nonbank covered person, or, more specifically
that provisions in CFPA sections 1025(d) or 1026(e) describing the CFPB’s supervisory authority over
service providers to banks and credit unions displace the CFPB’s authority under section 1024(a) over
nonbank covered persons. Under the CFPA, a firm can act both as a service provider and as a provider of
a consumer financial product or service. See 12 U.S.C. 5481(26)(C) (“A person that is a service provider
shall be deemed to be a covered person to the extent that such person engages in the offering or provision
of its own consumer financial product or service.”). And with respect to the CFPB’s supervisory
authority, no provision in CFPA sections 1024, 1025(d), or 1026(e) states that 1024(a) is displaced by
1025(d) or 1026(e). By contrast, CFPA section 1024(a)(3)(A) expressly provides that CFPA section
1024, which includes the larger participant rulemaking authority in CFPA section 1024(a)(1)(B), shall not
apply to persons described in section 1025(a) and 1026(a), which refer to insured depository institutions,
insured credit unions, and certain of their affiliates. It does not refer to 1025(d) or 1026(e). Accordingly,
if a nonbank is a covered person because it provides a consumer financial product or service, then the
CFPB may establish supervisory authority over the nonbank covered person via a larger participant
rulemaking under section 1024(a)(1)(B) even if in the course of its activity the nonbank also acts as a
service provider to a bank or credit union.
The CFPA excludes “electronic conduit services” from the definition of “financial product or service.”
12 U.S.C. 5481(15)(C)(ii). The term “electronic conduit services” “(A) means the provision, by a person,
of electronic data transmission, routing, intermediate or transient storage, or connections to a
telecommunications system or network; and (B) does not include a person that provides electronic conduit
services if, when providing such services, the person—(i) selects or modifies the content of the electronic
data; (ii) transmits, routes, stores, or provides connections for electronic data, including financial data, in
a manner that such financial data is differentiated from other types of data of the same form that such
person transmits, routes, or stores, or with respect to which, provides connections; or (iii) is a payee,
payor, correspondent, or similar party to a payment transaction with a consumer.” 12 U.S.C. 5481(11).
Because the commenters do not provide any information regarding how the pass-through digital
wallets they describe operate on a technological level, there may be additional reasons, beyond those
discussed in this Final Rule, why such wallets do not qualify as electronic conduit services. For example,
providers of such wallets may transmit financial data “in a manner that such financial data is
differentiated from other types of data of the same form” that the providers transmit.
12 U.S.C. 5481(11)(B)(ii).
12 U.S.C. 5481(11)(A); cf. Hately v. Watts, 917 F.3d 770, 785 (4th Cir. 2019) (construing similar
phrase “temporary, intermediate storage” in Stored Communications Act to refer to electronic
communications “while they are stored ‘for a limited time’ ‘in the middle’ of transmission” (quoting In re
DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497, 512 (S.D.N.Y. 2001)).
However, as the commenters appear to acknowledge, pass-through digital wallets generally store
payment credential or account information on a persistent or indefinite basis (so that it can be
used to make payments as needed). Because they do so, pass-through digital wallets do not
qualify for the exclusion for electronic conduit services. Second, the commenters incorrectly
conclude that the electronic conduit service exclusion necessarily applies where a provider only
handles data (and not funds). For example, by its terms, that exclusion does not apply to a
provider who “selects . . . the content of the electronic data” being stored or transmitted.260 Passthrough digital wallets generally are designed to store and transmit specific data regarding a
payment card (the card number, expiration date, and CVV) provided by the consumer. Providers
of such wallets thus “select[] . . . the content of the electronic data” that the wallets store and
transmit, and therefore do not qualify for the electronic conduit services exclusion.261
With regard to the industry association commenters that sought exclusion of business-tobusiness services that nonbanks provide in connection with consumer payment transactions for
the purchase of goods and services, the CFPB disagrees that a new exclusion is needed. With
regard to ecommerce websites where the consumer can use a payment button, as explained above
in the discussion of comments on the definition of “consumer payment transaction,” the market
does not include a merchant on the basis of it placing a payment button on its website that
launches a general-use digital consumer payment application provided by an unaffiliated third
party (rather, the market simply includes the third-party app that the payment button launches).
With regard to other examples that the industry association commenter cited—service providers
or other vendors, including those that may act as traditional payment processors and participate

See id. 5481(11)(B)(i). Similarly, the exception for differentiated electronic data in subsection
1002(11)(B)(ii) could apply where a provider only handles data, and not funds. See id. 5481(11)(B)(ii).
In addition, as discussed above, some digital wallets “tokenize” payment information, which involves
replacing the cardholder’s account number with a different number at certain stages of the transaction, in
order to protect the account number. That activity of creating new payment information to facilitate a
payment goes beyond the role of a mere conduit, which is limited to providing “electronic data
transmission, routing, intermediate or transient storage, or connections to a telecommunications system or
network[.]” 12 U.S.C. 5481(11)(A).
in facilitating business-to-business transactions during the lifecycle of a consumer payment
transaction—the Final Rule clarifies that the market generally does not cover that activity. For
purposes of this Final Rule, the term “covered payment functionality” would not cover a
nonbank that operates in a consumer payment transaction process solely as an intermediary
between two businesses, such as where the consumer does not “access” a “digital application” to
make a payment.262 In addition, when consumers provide their payment credential through the
website of a single merchant solely for use at that merchant and its affiliated companies, the
merchant payment processor processing that payment credential (whether for a single transaction
or by storing the card on file for repeat use) is not providing covered payment functionality that
has “general use” based on how the Final Rule defines that term as usable for making payments
to multiple unaffiliated persons as discussed below.263
In light of these clarifications and changes adopted in the Final Rule, the CFPB disagrees
that a broader, general “business-to-business” exclusion is warranted.264 Such an exclusion
would not be consistent with the structure of nonbank provider’s market activities, which involve
intermediation between consumers and payment recipients. When consumers sign up as a
customer for a nonbank’s general-use digital consumer payment application, they do so in order
to use the app to make payments to multiple unaffiliated persons. The consumer payment

In any event, the Final Rule also adopts a revised definition of the term “covered payment
functionality” that focuses on receiving funds “from” the consumer or storing account or payment
credentials “for” a consumer.
Similarly, a consumer may use a general-use digital consumer payment application to make a payment
in a physical store by “tapping” their mobile phone that contains the app on a gateway payment terminal
at the checkout counter. As the proposed Rule explained, a gateway terminal, which is a computing
device merchants acquire, is not a “digital application” as defined in the Proposed Rule because it is not a
personal computing device of the consumer. 88 FR 80197 at 80206. Thus a merchant payment processor
would not be engaged in market activity solely based on operating or accepting payments data through
such a terminal.
These clarifications relate to the scope of the market. Some entities may be acting as a service
provider to a market participant. The Final Rule does not alter the scope of CFPB authority over service
providers conferred by the CFPA. As the Proposed Rule explained, CFPA section 1024(e) expressly
authorizes the supervision of service providers to nonbank covered persons encompassed by CFPA
section 1024(a)(1), which includes larger participants. Adding an express exclusion for service providers
in the Final Rule could cause confusion over the CFPB’s authority to supervise such entities.
transactions they make by accessing that digital application fall within the market, even though
the app provider also may conduct those transactions under the umbrella of a business-tobusiness contract such as a merchant acceptance agreement.265
Final Rule
For the reasons described above, the CFPB adopts the proposed definition of “covered
payment functionality” with certain minor clarifying changes.
First, the Final Rule changes “wallet functionality” to “payment wallet functionality.” As
discussed above, some commenters raised questions about whether the Proposed Rule would
have applied to digital wallets (or the part of their functionalities) that store and transmit data
unrelated to consumer payments. Because the terms “digital wallet” and “wallet” have varied
uses, this revision provides greater precision and prevents confusion.266
Second, the definition of “funds transfer functionality” is revised to clarify that the funds
received or instructions accepted must be “from a consumer” to qualify as market activity.
Similarly, the definition of “payment wallet functionality” is revised to clarify that account or
payment credentials must be stored “for a consumer” to satisfy the first prong of that that

As discussed above, many businesses provide general-use digital consumer payment applications to
consumers and facilitate their payments through business-to-business acceptance agreements with
merchants. At the same time, as also discussed above, the market definition adopted in the Final Rule
does not cover the merchant, even when it provides a payment button that launches the third-party’s
general-use digital consumer payment application.
The CFPB declines to adopt the industry commenter’s suggestion that the Final Rule include a safe
harbor under which compliance with the CFPB’s personal financial data rights rule does not determine
application of this larger participant rule, and coverage under the larger participant rule does not
determine application of the personal financial data rights rule. The comment did not identify any
specific differences between the two proposals’ approach to covering digital wallets that it found to be
significant, or explain how application of one rule could affect application of the other. In fact,
application of one rule does not determine application of the other. The text of each rule governs its
scope. Further, because this Final Rule does not impose substantive consumer protection obligations, it
does not modify the scope of the personal financial data rights rule. In any event, as noted above, to the
extent an entity is a larger participant under this rule and also is subject to the personal financial data
rights rule when compliance is required in the future, CFPB examinations of that entity may review
compliance with the personal financial data rights rule. Further, this treatment is consistent with CFPB
examinations of depository institutions with more than $10 billion in assets; i.e., the CFPB currently
examines these institutions’ compliance with applicable requirements of Federal consumer financial law
(e.g., the EFTA and its implementing Regulation E) and may examine their compliance with the personal
financial data rights rule after compliance is required.
definition. As discussed above, nonbanks are not participating in the market when providing a
payment functionality that a consumer does not access through a digital application. Consistent
with that approach, these clarifications to the definition of “covered payment functionality”
similarly confirm that nonbank firms that do not engage with consumers through digital
applications would not be providing a “covered payment functionality.” For example, for
purposes of this Final Rule that term would not cover a nonbank that operates in a consumer
payment transaction process solely as an intermediary between two businesses. The CFPB does
not believe this is a significant change from the Proposed Rule, since the proposed market
definition only would have applied to providing a payment functionality “for consumers’ general
use” in the first place. But for the avoidance of doubt, the Final Rule includes this additional
clarification on this point.
Digital application
Proposed Rule
The proposed market definition would have applied to providing covered payment
functionalities through a digital application for a consumer’s general use in making consumer
payment transactions. Proposed § 1090.109(a)(2) would have defined the term “digital
application” as a software program accessible to a consumer through a personal computing
device, including but not limited to a mobile phone, smart watch, tablet, laptop computer, or
desktop computer.267 The proposed definition would have specified that the term includes a
software program, whether downloaded to a personal computing device, accessible from a
personal computing device via a website using an internet browser, or activated from a personal

The Proposed Rule noted that the definition considers whether the digital application is accessible
through a personal computing device, not whether a particular payment is made using a computing device
that a consumer personally owns. For example, if a consumer logs into a digital application through a
website using a work or library computer and makes a consumer payment transaction, the transfer would
be subject to the Proposed Rule if that digital application is one a consumer also may access through a
personal computing device.
computing device using a consumer’s biometric identifier, such as a fingerprint, palmprint, face,
eyes, or voice.268
The Proposed Rule explained how market participants may provide covered payment
functionalities through digital applications in many ways. For example, a consumer may access
a nonbank covered person’s covered payment functionality through a digital application
provided by that nonbank covered person. Or, a consumer may access a nonbank covered
person’s covered payment functionality through a digital application provided by an unaffiliated
third-party such as another nonbank, a bank, or a credit union.269 In either case, a consumer
typically first opens the digital application on a personal computing device and follows
instructions for associating their deposit account, stored value account, or other payment account
information with the covered payment functionality for use in a future consumer payment
transaction. Then, when the consumer is ready to initiate a payment, the consumer may access
the digital application again to authorize the payment.
The Proposed Rule also explained how consumers have many ways to access covered
payment functionalities through digital applications to initiate consumer payment transactions.
To make a P2P payment, a consumer may use an internet browser or other app on a mobile
phone or computer to access a nonbank covered person’s funds transfer functionality, such as a
feature to initiate a payment to friends or family or to access a general-use bill-payment function.
The consumer then may direct the nonbank covered person to transmit funds to the recipient or
the consumer may provide payment instructions for the nonbank covered person to relay to the

The Proposed Rule noted for example that some nonbanks allow consumers to use interactive voice
technology to operate the nonbank’s application that resides on the phone itself. See, e.g., Lory
Seraydarian, Voice Payments: The Future of Payment Technology?, PlatAI Blog (Mar. 7, 2022) (software
firm analysis reporting that major P2P participants “allow their customers to use voice commands for
peer-to-peer transfers.”), https://plat.ai/blog/voice-payments/ (last visited Oct. 23, 2023).
As the Proposed Rule noted, if a nonbank covered person provides a covered payment functionality a
consumer may access through a digital application provided by a bank or credit union, the Proposed Rule
would have only applied to the nonbank. Insured depository institutions, insured credit unions, and
certain of their affiliates are not subject to the CFPB’s larger participant rules, which rely upon authority
in CFPA section 1024 that applies to nonbanks. 12 U.S.C. 5514(a)(3)(A).
person holding the funds to be transferred. Or, in an online retail purchase transaction, a
consumer may access a wallet functionality by clicking on or pressing a payment button on a
checkout screen on a merchant website. The consumer then may log into the digital application
or display a biometric identifier to their personal computing device to authorize the use of a
previously-stored payment credential. Or, in an in-person retail purchase transaction, a
consumer may activate a covered payment functionality by placing their personal computing
device next to a merchant’s retail payment terminal. The digital application then may transmit
payment instructions or payment credentials to a merchant payment processor. For example, a
mobile phone may transmit such data by using near-field communication (NFC) technology built
into the mobile phone,270 by generating a payment-specific quick response (QR) code on the
mobile phone screen that the consumer displays to the merchant payment terminal, or by using
the internet, a text messaging system, or other communications network accessible through the
mobile phone.
Through the proposed definition of digital application, the Proposed Rule would have
excluded from the proposed market payment transactions that do not rely upon use of a digital
applications. For example, gateway terminals merchants obtain to process the consumer’s
personal card information are not personal computing devices of the consumer. Merchants
generally select these types of payment processing services, which are provided to consumers at
the point of sale to pay for the merchant’s goods or services. Their providers may be
participating in a market that is distinct in certain ways from a market for general-use digital
consumer payment applications. In addition, the proposed definition of “digital application”
would not have covered the consumer’s presentment of a debit card, a prepaid card, or a credit
card in plastic, metallic, or similar form at the point of sale. In using physical payment cards at
the point of sale, a consumer generally is not relying upon a “digital application” because the

See generally CFPB Contactless Payments Spotlight, supra.

consumer is not engaging with software through a personal computing device to complete the
transaction. However, when a consumer uses the same payment card account in a wallet
functionality provided through a digital application, then those transactions would have fallen
within the market definition.
The Proposed Rule requested comment on the proposed definition of “digital
application,” and whether it should be modified, and if so, how and why. For example, the
Proposed Rule requested comment regarding whether defining the term “digital application” by
reference to software accessible through a personal computing device is appropriate, and if so,
why, and if not, why not and what alternative approach should be used and why.
Comments Received
A consumer group supported the proposal’s definition of a market based on use of a
“digital application.” It cited a 2021 industry white paper observing that most financial
transactions happen via mobile apps, websites, email, text messages, and other digital
communications.271 In addition, as discussed above, many commenters agreed that the market
for general-use digital consumer payment applications has grown rapidly and expressed support
for the proposal to supervise larger participants providing general-use digital consumer payment
applications. These commenters generally did not take issue with or appeared to agree with the
proposal’s defining the market as a digital market.
Some consumer group commenters urged the CFPB to expand the market definition
beyond payments facilitated through digital applications, to cover in-person domestic money
transfers as well as payments consumers make via telephone call to transfer funds to persons
while incarcerated and prepaid cards issued to such persons upon their release from
incarceration. They indicated this approach would be consistent with the market definition in the
international money transfer larger participant rule, which was not limited to app-based

Google LLC Embedded Finance White Paper, supra, at 3.

payments. They stated that some consumers that send funds to friends and family who are
incarcerated have incomes that are too low to afford easy access to digital applications. They
also described a risk of abusive practices with release cards due to consumers’ lack of choice
among card issuers. They further noted that the proposed market definition would not
encompass consumers’ use of release cards outside of digital applications, which they often do
because they likely do not have smartphones when they are released and need to use the funds
immediately.
Meanwhile, an industry association suggested that the “digital application” limitation
invalidates the market definition because it does not satisfy principles of antitrust law due to
excluding reasonably interchangeable non-products with the same use case, such as networkbranded payment cards when used outside of a digital application, whether by swiping a plastic
card in-person or inputting the card information manually to make a digital payment. This
commenter cited data that in its view indicated that those cards are still preferred by consumers.
Thus, in its view, general-use digital consumer payment applications compete with physical
payment methods as part of a broader payment industry. In addition, a nonprofit commenter
disagreed with the “digital application” limitation because, in its view, it incorrectly ascribes a
special status to payments undertaken digitally.272
Other consumer groups and a nonprofit commenter called for clarification of the
definition of “digital application” including its reference to use of a “personal computing
device.” For example, one consumer group suggested that the rule include additional examples
of a “personal computing device” because computer chips are versatile and industry can use
everyday items to facilitate payments and collect consumers’ payments data. They stated that
some automobiles already have “smart dashboards” that consumers may use to make purchases.

A few industry associations also described the proposed definition of “digital application” as vague.
Their comments appeared principally concerned not with what is a digital application, but with who is
providing a covered payment functionality through a digital payment application. The Final Rule
responds to their comments in the section-by-section analysis of “covered payment functionality” above.
They added that home appliances, such as televisions and refrigerators, also could be designed to
facilitate purchases. They stated that some smart appliances already allow consumers to use a
digital wallet provided by a third-party that is dominant in the market. They stated that these
devices should be included as examples of personal computing devices that may facilitate market
activity. On the other hand, a nonprofit commenter stated that some of its members believed the
definition of “personal computing device” is vague and the rule needs to expressly exclude
public computers from that definition. This commenter also stated some of its members believed
that the definition of “digital application” should be clarified to provide additional examples of
how a consumer “may access” the underlying software program. They stated that the use of
PINs and passwords should be added to the examples in the definition.
Finally, two commenters raised questions about the applicability of the Proposed Rule to
internet browsers and functionalities they provide. An industry association stated that the rule
should clarify whether internet browsers that store credit card information would be considered
to facilitate a consumer payment within the meaning of the definition of “covered payment
functionality.” In addition, a law firm commenter stated that it did not understand the goal of the
Proposed Rule to cover generic web browser activity, but a clarification would be necessary to
avoid inadvertent coverage of that activity because of what it described as “payment-autofill
functions” provided by online platforms and applications. It cited specific popular internet
browsers as examples. It described payment autofill functions as prepopulating a consumer’s
stored payment credential information into checkout forms on a merchant website within the
platform’s browser.273

Although it stated that it did not understand that the goal of the Proposed Rule was to cover autofill
functions of generic web browsers, it stated that the autofill functionality could be viewed as transmitting
or otherwise processing a stored payment credential under a broad reading of the proposed definition of
“wallet functionality” discussed further above. However, in its view, such a broad reading would be
incorrect because transmission of the payment credential for processing does not occur until the consumer
clicks the merchant’s payment button and because it is the merchant and their payment service providers
that process the payment.
Response to Comments Received
The CFPB agrees with the consumer group commenter that it is appropriate to define the
market at issue in this Final Rule as one involving “digital applications.” As discussed above,
such digital applications have grown dramatically and become increasingly important to the
everyday financial lives of consumers.
With respect to the industry associations’ comments suggesting that the limitation of the
market to “digital application” would be inappropriate from the perspective of antitrust law
because it excludes consumers’ use of physical network-branded payment cards, as discussed
above this Final Rule does not define a market for purposes of antitrust law. As a consequence,
CFPA section 1024(a)(1) does not require a larger participant rule to define a market to include
all reasonably-interchangeable substitutes for a given consumer financial product or service
whether provided by nonbanks or insured banks or credit unions.274
In addition, the CFPB disagrees with the industry association’s comments because
general-use digital consumer payment applications often function in ways that are distinct from
network-branded payment cards, making it appropriate for the market defined in this Rule to be
limited to such digital applications. For example, as the most recent Federal Reserve annual
report on consumer payment preferences indicates, consumers generally cannot or do not use
network-branded payment cards for making payments to friends and family outside of the
nonbank general-use digital consumer payment applications.275 Similarly, well-known generaluse digital consumer payment applications often provide a functionality that physical payment
cards generally do not have – the ability to load payment credentials for accounts held at multiple
In any event, the CFPB notes that loading the card into a third-party app for app-based use may be an
indicator that the app is a compliment rather than a substitute for the card. See Racing for Mobile
Payments, supra, sec. 2.1.2 (describing “card-complementing mobile payment systems” like those
provided by Apple, Google, and Samsung in the United States).
See 2024 Diary Findings, supra at 16 (indicating that when used by themselves and not through
payment apps, “[d]ebit and credit cards . . . typically are impractical or costly for P2P transactions”). For
example, American Express National Bank has used PayPal and Venmo to facilitate credit card holders’
P2P transactions, as described at https://help.venmo.com/hc/en-us/articles/360058686993-Amex-SendSplit (last visited Nov. 7, 2024).
unaffiliated financial institutions.276 This functionality can be a significant one. According to
one recent report, the average consumer may have as many as eight network-branded payment
cards.277
The CFPB disagrees with the consumer group and nonprofit comments to the extent they
were suggesting that the “digital application” component of the proposed market definition
would leave a significant gap in the CFPB’s supervisory authority with respect to the use of
network-branded payment cards including prison release cards. CFPA section 1025(a) already
grants the CFPB supervisory authority over very large insured depository institutions and insured
credit unions that are among the largest issuers of network-branded payment cards. While some
insured depository institutions and insured credit unions with assets of $10 billion or less also
issue payment cards, including prepaid cards, CFPA section 1024(a)(3)(A) specifically excludes
all insured depository institutions and insured credit unions from the scope of a larger participant
rule under CFPA section 1024(a)(1)(B). Therefore, the CFPB does not have authority to use this
rule to define insured depository institutions or insured credit unions as larger participants in this
market. In any event, when a nonbank prepaid card program manager facilitates consumers’ use
of these cards through the card’s proprietary digital application, such as to make payments to
friends and family, this activity may qualify as a consumer financial product or service of the
nonbank that already is included in the market definition. And when consumers load these cards
into a third-party general-use digital consumer payment applications, the use of the cards through
those apps also would be included in the market definition.

Some banks and credit unions offer an app-based wallet functionality that facilitates payments using
cards issued by multiple unaffiliated card issuers. See Paze FAQs (describing how consumers can add
participating cards into the wallet from the Paze website or through the bank or credit union’s digital
application), https://www.paze.com/faqs (last visited Nov. 17, 2024); see also VISA Blog, One card to
rule them all (May 16, 2024) (describing VISA plans to launch a new service in the United States
allowing consumers to use their card issuer’s app to “swap funding sources” between different accounts
the consumer holds with that same issuer), https://usa.visa.com/visaeverywhere/blog/bdp/2024/05/14/one-card-to-1715696707658.html (last visited Nov. 7, 2024).
Jack Caporal, Credit and Debit Card Market Share by Network and Issuer (Jan. 24, 2024) (citing
Nilson Report data for 2022), https://www.fool.com/the-ascent/research/credit-debit-card-market-sharenetwork-issuer/ (last visited Nov. 7, 2024).
The CFPB also declines the suggestion by consumer group and nonprofit commenters
that the CFPB adopt in this Final Rule a market that includes all domestic money transfers
including those facilitated by telephone call and through in-person transfers not mediated by a
digital application. As discussed above, a trend in the consumer payments area has been the
rapid growth in general-use digital consumer payment applications including their payment
wallet functionalities that do not necessarily involve domestic money transmitting. The CFPB
adopts this Final Rule in response to that growth in an effort to promote compliance with Federal
consumer financial law and detect and assess risks to consumers and the market, including
emerging risks, and to ensure consistent enforcement of Federal consumer financial law in this
area. When consumers make telephone- or in-person-based domestic payments, the CFPB has
other means of assessing risks they may pose to consumers. For example, if a nonbank covered
person has significant involvement in that activity through the provision of a consumer financial
product or service, the CFPB can evaluate whether that poses a risk to consumers sufficient to
warrant a supervisory designation under CFPA section 1024(a)(1)(C).
Further, consistent with its approach in the international money transfer larger participant
rule,278 the CFPB notes that it does not seek in this rule to define a market that covers the entire
universe of consumer payment transactions that fall within the scope of the CFPB’s authority
under the CFPA. This larger-participant rulemaking is only one in a series, and nothing in this
Final Rule precludes the Bureau from considering in future larger-participant rulemakings other
markets for consumer financial products or services that might include non-digital payment
activities not included in the market defined by this rule.
With regard to comments on specific aspects of the “digital application” definition, the
CFPB agrees with the members of the nonprofit commenter that PINs and passwords may be
common ways that consumers use to access general-use digital consumer payment applications.

79 FR 56631 at 56635-56636.

Device-specific codes called passkeys also are an increasingly common way for digital
applications, including general-use digital consumer payment applications, to authenticate a
consumer’s identity.279 The Final Rule therefore accounts for these examples, as described
below.280 The CFPB does not agree with the consumer group commenter to the extent it was
suggesting that the prospect of future participation in the market by manufacturers of
automobiles and smart appliances such as televisions and refrigerators warranted adding those
types of devices to the list of example of personal computing devices in the definition of “digital
application.” Because the proposed definition did not state that the list of examples of personal
computing devices was exhaustive, other devices may qualify as personal computing devices.
However, the research described in the Proposed Rule indicates that general-use digital
consumer payment applications are predominantly distributed via mobile phones and computers.
For that reason, it is not necessary for the regulation text to identify automobiles and smart
appliances such as televisions and refrigerators as additional examples of personal computing
devices. The proposed definition already was flexible enough to capture this activity if it were to
become common in the future. To the extent existing market participants make their general-use
digital consumer applications accessible to consumers not only via mobile phones or computers,
but also via automobiles or smart home appliances manufactured by others, that activity already
would fall within the market definition regardless of whether automobiles or smart home
appliances qualify as personal computing devices. As the Proposed Rule noted,281 if a consumer

See, e.g., PayPal, PayPal Introduces More Secure Payments with Passkeys (Oct. 24, 2022),
https://newsroom.paypal-corp.com/2022-10-24-PayPal-Introduces-More-Secure-Payments-with-Passkeys
(last visited Nov. 8, 2024); Apple iPhone User Guide iOS 17, Use passkeys to sign in to apps and
websites on iPhone, https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-andwebsites-iphf538ea8d0/ios (last visited Nov. 8, 2024); Google, Passkey support on Android and Chrome,
https://developers.google.com/identity/passkeys/supported-environments (last visited Nov. 8, 2024).
However, the inclusion of these examples does not necessarily mean that a nonbank is participating in
the market by providing a product or service to manage a consumer’s passwords. Whether or not that
activity falls within the market definition will depend on whether it is conducted by a nonbank covered
person as part of providing a “covered payment functionality” with “general use.”
281

88 FR 80197 at 80206 n.67.

may access a digital application through a personal computing device, then consumers’ use of
the application would be included in the market regardless of whether they access the application
through other means, such as a work or library computer. For that reason, the CFPB also
disagrees with the members of the nonprofit commenter that suggested the rule needs to further
differentiate between a personal and a public computing device. They did not point to any
examples that should be classified in one category or the other.282
Finally, with regard to comments seeking clarification or exclusion of internet browser
activities including payment autofill functions, the CFPB clarifies that the Proposed Rule was not
intended to treat the operation of a web browser itself as a form of market activity.283 As noted
above, the proposed definition of “digital application” included several examples of software
programs accessed by a personal computing device, including “a website a consumer accesses by
using an Internet browser on a personal computing device.” As that example indicates, the
relevant “digital application” that the consumer accesses using a web browser is the website, and
not the web browser itself. Excluding web browsers from the definition of “digital application”
is consistent with the CFPB’s goal of covering payment applications in the rule. While some
web browsers may store and automatically populate payment forms on merchant websites with
consumer payment account information, that activity alone does not convert a web browser into
a payments-focused digital application that is participating in this market. Nor is the CFPB
aware of market research studies or surveys on consumer payment applications that identify web
browsers as competing with larger participants in the market.

In addition, as explained in the discussion of general comments further above, through supervisory
activity at larger participants defined in this Final Rule, the CFPB can detect and assess emerging risks to
consumers, including as a result of developments in the software or personal computing devices involved
in the delivery of general-use digital consumer payment applications.
See, e.g., United States v. Microsoft Corporation, Case No. 98cv1232, D.D.C. (Complaint filed
May 18, 1998) ¶ 6 (defining an “Internet browser” as “specialized software programs that allow PC users
to locate, access, display, and manipulate content and applications located on the Internet’s World Wide
Web”), https://www.justice.gov/sites/default/files/atr/legacy/2012/08/09/1763.pdf (last visited
Nov. 8, 2024).
Final Rule
For the reasons described above, the CFPB adopts the proposed definition of “digital
application” with certain clarifying changes described below, including changing the term to
“digital payment application.”
First, consistent with the Final Rule changing “wallet functionality” to “payment wallet
functionality” for the sake of precision and clarity, the Final Rule also adopts the term “digital
payment application” instead of the more generic term “digital application.” Based on how the
CFPB proposed the market definition for a “general-use digital consumer payment application,”
the concept of a “digital payment application” already was incorporated into the market
definition itself. This conforming change to the component definition of “digital application”
therefore aligns that term more clearly with the general market definition. Relatedly, for the
reasons discussed above in the CFPB’s response to comments regarding web browsers, the Final
Rule clarifies that operating a web browser is not an example of providing a digital payment
application.
Second, in response to a nonprofit commenter, the Final Rule adds to the list of examples
of how a consumer may access a personal computing device to include other common means,
such as using a personal identifier, such as a passkey, password, or PIN.
General use
Proposed Rule
The proposed market definition would have applied to providing covered payment
functionalities through a digital application for a consumer’s general use in making consumer
payment transactions. Proposed § 1090.109(a)(2) would have defined the term “general use” as
the absence of significant limitations on the purpose of consumer payment transactions
facilitated by the covered payment functionality provided through the digital consumer payment
application. The Proposed Rule explained that the CFPB sought to confine the market definition
to those digital payment applications that consumers can use for a wide range of purposes. The

Proposed Rule noted how digital payment applications with general use can serve broad
functions for consumers, such as sending funds to friends and family, buying a wide range of
goods or services at different stores, or both. As reflected in the non-exhaustive list of examples
in the Proposed Rule discussed below, other consumer financial products and services provide
payment functionalities for more limited purposes. While those other products and services also
serve important functions for consumers, they do not have the same broad use cases for
consumers. As a result, in the Proposed Rule, the CFPB viewed those products as participating
in a market or markets distinguishable from a market from general-use digital consumer payment
applications.
The proposed definition of general use would have clarified that a digital consumer
payment application that would facilitate person-to-person, or peer-to-peer (P2P), transfers of
funds would have qualified as having general use under the Proposed Rule. Even if a payment
functionality provided through a digital application is limited to P2P payments, and that
constitutes a limitation on the purpose of payments, that limitation would not have been a
significant limitation for purposes of the proposed market definition. For example, a P2P
application that permits a consumer to send funds to any family member, friend, or other person
would have qualified as having general use, even if that P2P application could not be used as a
payment method at checkout with merchants, retailers, or other sellers of goods or services. A
P2P application also would have qualified as having general use even if it can only transfer funds
to recipients who also register with the application provider, or otherwise participate in a certain
network (which the Proposed Rule noted some refer to as “closed loop” P2P systems). As the
Proposed Rule noted, although the network of potential recipients in such a system may be
limited in certain respects, often any potential recipient may have the option of joining such a
system (and many consumers already may have joined such systems), so the universe of
potential recipients for such payments often is still broad. The Proposed Rule also stated that a
digital consumer payment application still may have qualified as having general use even when

the universe of potential recipients for a funds transfer is fixed, such as when a consumer can
only make a transfer of funds to friends or family located in a prison, jail, or other secure
facility.284
To provide clarity as to the proposed market definition, the proposed definition of general
use would have included examples of limitations that would be significant for purposes of the
proposal, such that a covered payment functionality offered through a digital consumer payment
application with such limitations would not have had general use.285 The examples would have
illustrated some types of digital consumer payment applications that would not have had general
use. The list of examples was not exhaustive, and other types of digital consumer payment
applications would not have had general use to the extent they cannot be used for a wide range of
purposes.
In addition, the Proposed Rule noted that some payment functionalities may be provided
through two different digital consumer applications. For example, from a merchant’s
ecommerce digital application, a consumer may click on a payment button that links to a thirdparty general-use digital consumer payment application, where the consumer authenticates their
identity and provides payment instructions or otherwise authorizes the payment. Even if the
merchant’s digital application itself would not have qualified as having general use, the
consumer’s use of the third-party general-use digital consumer payment application still would
have constituted covered market activity with respect to the third-party provider.

Such funds may be available to the recipient for a variety of purposes, including to purchase food,
toiletries, medical supplies, or phone credits while incarcerated, and, if not used by the recipient while
incarcerated, may revert upon release to an unrestricted account. See, e.g., CFPB Report, JusticeInvolved Individuals and the Consumer Financial Marketplace (Jan. 2022), sec. 3.1 (n.87 describing uses
of these types of funds transfers) and sec. 4.1 (describing how, as observed in a CFPB enforcement action
and an investigative report on prison release cards, “[w]hen released, people exiting jail receive the
money they had when arrested, and prisons disburse the balance of a person’s commissary account,
including wages from prison jobs, public benefits, and money sent by friends and family.”),
https://files.consumerfinance.gov/f/documents/cfpb_jic_report_2022-01.pdf (last visited Oct. 23, 2023).
The Proposed Rule includes these examples to illustrate the scope of the term “general use” in the
Proposed Rule, and thus the scope of the proposed market definition. The examples are not a statement of
the CFPB’s views regarding the scope of its authority over consumer financial products and services
under the CFPA.
The first example of a payment functionality with a significant limitation such that it
would not have general use would have been a digital consumer payment application whose
payment functionality is used solely to purchase or lease a specific type of services, goods, or
property, such as transportation, lodging, food, an automobile, a dwelling or real property, or a
consumer financial products and service.286 The Proposed Rule listed this example in paragraph
(A) of the proposed definition of general use.
Second, as indicated in paragraph (B), accounts that are expressly excluded from the
definition of “prepaid account” in paragraphs (A), (C), and (D) of § 1005.2(b)(3)(ii) of
Regulation E287 also would not have had general use for purposes of the Proposed Rule. Those
provisions in Regulation E exclude certain tax-advantaged health medical spending accounts,
dependent care spending accounts, transit or parking reimbursement arrangements, closed-loop
accounts for spending at certain military facilities, and many types of gift certificates and gift
cards. The Proposed Rule explained that, while these types of accounts may support payments
through digital applications with varied purposes to different types of recipients, the accounts
remain sufficiently restricted as to the purpose to warrant exclusion from the proposed market.
Third, as indicated in proposed paragraph (C), a payment functionality provided through
a digital consumer payment application that solely supports payments to pay a specific debt or
type of debt or repayment of an extension of consumer credit would not have qualified as having
general use. For example, a consumer mortgage lender’s mobile app or website may provide a
functionality that allows a consumer to pay a loan. Or a debt collector’s website may provide a

For example, when a consumer uses a payment functionality in a digital application for a consumer
financial product or service to pay for that consumer financial product or service, such as by providing
payment card information to a credit-monitoring app to pay for credit-monitoring services, this limited
purpose for that payment functionality would not have had general use under the Proposed Rule. The
term “consumer financial product or service” is defined in CFPA section 1002(5) and includes a range of
consumer financial products and services including those in markets that the CFPB supervises, described
in the Proposed Rule, as well as other consumer financial products and services outside of supervised
markets over which the CFPB generally has enforcement and market-monitoring authority. See generally
12 U.S.C. 5481(5) (definition of “consumer financial product or service”) and 12 U.S.C. 5481(15)
(definition of “financial product or service”).
287

12 CFR 1005.2(b)(3)(ii).

means for a consumer to pay a debt. These digital consumer payment applications have a use
that is significantly limited, to only pay a specific debt or type of debt. In general, digital
applications that solely support payments to specific lenders, loan servicers, and debt collectors
would not have fallen within the proposed market definition.288 The Proposed Rule noted that
the CFPB considers such digital applications generally to be more part of the markets for
consumer lending, loan servicing, and debt collection. The CFPB has issued separate larger
participant rules for such markets and CFPA section 1024(a) also grants the CFPB supervisory
authority over participants in certain lending markets, including mortgage lending, private
student lending, and payday lending. In addition, other digital applications may only help a
consumer to pay certain other types of debts, such as taxes or other amounts owed to the
government, including fines. Under this proposed example, those payment functionalities
provided through those applications also would not have qualified as having general use.
Fourth, as indicated in proposed paragraph (D), a payment functionality provided through
a digital application that solely helps consumers to divide up charges and payments for a specific
type of goods or services would have been excluded. Some payment applications, for example,
may be focused solely on helping consumers to split a restaurant bill. This example is a
corollary of the example in paragraph (A). Since a payment functionality limited to paying for
food would not have qualified as having general use under paragraph (A), paragraph (D) would
have clarified that a payment functionality that enables splitting a bill for food have also would
not have qualified as having general use.
The CFPB requested comment on the proposed definition of general use and examples of
significant limitations that take a payment functionality provided through a digital consumer
application out of the general use category. The CFPB also requested comment on whether the

By contrast, as noted in the section-by-section analysis of the proposed exclusion in paragraph (C) of
the definition of a “consumer payment transaction,” if a consumer uses a general-use digital consumer
payment application as a method of making a payment to such a payee, that general-use digital consumer
payment application would have been participating in the market for those consumer payment
transactions.
examples of significant limitations should be changed or clarified, and whether additional
examples of significant limitations should be included, and if so, what examples and why.
Comments Received
Some commenters stated that the proposed “general use” limitation was excessively
ambiguous or uncertain, though they did not agree on how to clarify the definition. For example,
two industry associations criticized defining “general use” as the “absence of significant
limitations on the purpose of consumer payment transactions facilitated by the covered payment
functionality” on the ground that that standard was ambiguous and that the associated examples
in the proposed definition did not provide sufficient guidance to ascertain the scope of “general
use.” These commenters stated that additional clarification or limitations on the definition were
necessary, and that if the Final Rule did not clarify this term, then firms would incur unnecessary
costs and confusion as to whether they need to prepare their compliance management systems for
CFPB supervision. Similarly, another industry association criticized the definition of “general
use” as ambiguous, and suggested that such ambiguity would generate confusion for providers.
The commenter suggested clarifying how the definition applies to diverse features and
functionalities within payment applications. An individual commenter stated that the proposal
did not clearly define “general use” and suggested that the rule instead adopt a bright-line test,
providing that general use means use with more than 100 merchants, 10 platforms, or 5 different
purposes. A nonprofit commenter stated that while a vast majority of its members approved of
the proposed definition of “general use,” a majority also recommended adding examples to the
definition. A payments industry firm stated that the rule should clarify the example described in
proposed paragraph (B) related to certain gift cards and other products and services that do not
have general use.289 Finally, a comment from consumer groups stated that the Rule should

Specifically, this commenter requested that the CFPB clarify that the definition of “general use” also
excludes certain types of cards, codes, and other devices described in Regulation E section 1005.20(b). It
stated that the Proposed Rule was unclear on this point because it referred only to an account described in
Regulation E section 1005.2(b)(3)(ii)(D). Regulation E section 1005.20(b) describes cards, codes, and
clarify that online marketplace payment functions meet the definition of “general use” (and not
exclude them from the definition of “consumer payment transactions” included in the market as
discussed above). These commenters also stated that the Final Rule should clarify that if a
payment app aimed at servicemembers is not eligible for the narrow Regulation E exclusion cited
in paragraph (B) of the proposed definition of “general use,” then it would meet the definition of
“general use.”290
In addition, commenters had differing views regarding the appropriateness of the breadth
of the proposed definition of “general use.” Some commenters agreed with the breadth of
“general use” or suggested it should be expanded. For example, the comment from consumer
groups expressed general support for the definition, which they characterized as appropriately
broad. Several consumer group and nonprofit comments expressed support for the definition of
“general use” based on how the proposed term reflected what they described as the broad
functions of services to transfer funds to people who are incarcerated. Some of these
commenters added that some large companies provide app-based money transfers both to people
who are incarcerated and to people who are not.291 In addition, without directly addressing the
exclusion in paragraph (D) of the definition of “general use” for payment functionalities solely to

other devices that are excluded from Regulation E section 1005.20(a), which defines the accounts
identified in 1005.2(b)(3)(ii)(D). As a result, in its view there is uncertainty over whether the CFPB
views those cards, codes, and devices has having general use. In its view, section 1005.20(b) refers to
certain types of cards, codes, and other devices with limited uses and the CFPB should confirm those
types of cards, codes, and other devices to do not have general use.
The comment did not provide an example or state whether such consumer financial products or
services currently exist.
In addition, they stated that the “general use” of these payment systems is reflected in the significant
number of people who are incarcerated (nearly two million at any one time with one estimate that people
were incarcerated nearly seven million times in 2021), broad available uses those people have for
transferring the funds while they are incarcerated, and the universal acceptance of release cards loaded
with funds remaining at the time of release. As discussed in the section-by-section analysis of the
comments on the proposed definition of “digital application,” these commenters also called for expansion
of the market to include the full range of payment services that support payments to people while
incarcerated, payments by people while incarcerated, and payments by people who are recently released
from incarceration using payment cards issued upon release. They added that these products and services
pose large risks to consumers, due to, among other features, high fees and the lack of competition for such
products and services.
split a charge for a specific type of goods or services, an industry association stated that
consumers use general-use digital consumer payment applications for, among other purposes,
paying expenses informally split between consumers. An industry association suggested that at
least in certain ways, the proposed definition of “general use” unduly narrowed the market
because it excluded digital applications that help consumers to make payment for the same types
of purchases, such as food and automobiles, using the same underlying payment methods as
applications that meet the proposed definition of “general use.”
On the other hand, several industry commenters stated that the proposed definition of
“general use” was too broad and that it should be narrowed in various ways. These comments
generally stated that the “general use” limitation on the proposed market definition did not
adequately limit the scope of the market definition in the context of payments for consumer
purchases, in the context of peer-to-peer payments, or both.
In the context of digital payments for purchases, two industry associations stated that the
rule should exclude from “general use” what it called “closed-loop transactions” which it
described as transactions that can only occur at a “finite” group of merchants. These comments
stated that the exclusion should be consistent with the CFPB’s understanding of “closed-loop
transactions” in the context of its prepaid account rule under Regulation E.292
In the context of digital peer-to-peer payment applications or functionalities, several
industry and other commenters stated that the proposal’s approach to defining “general use” was
too broad. A nonprofit stated that the Proposed Rule incorrectly treated any peer-to-peer funds
transfer functionality as having general use. Another nonprofit stated that peer-to-peer payment
applications should not have general use unless also enabled for purchases. In its view, the
absence of a purchase functionality constitutes a “significant limitation” within the meaning of

While these commenters quoted a description of “closed-loop prepaid cards” they stated came from the
CFPB’s rules concerning prepaid accounts, the citation they identified is to a CFPB website that contains
consumer education materials regarding general-use prepaid cards, prepaid gift cards, and other prepaid
cards at https://www.consumerfinance.gov/consumer-tools/prepaid-cards/answers/key-terms (last visited
Nov. 17, 2024).
the proposed definition of “general use.” Another industry association stated that the Proposed
Rule should not have classified a peer-to-peer payment application as having general use when it
restricts the universe of payment recipients to other persons who are registered users of the same
application. Finally, several industry trade associations stated that the Proposed Rule was
internally inconsistent by treating a payment functionality used exclusively by people who are
incarcerated to make commissary purchases as having “general use” while simultaneously
excluding payment functionalities provided solely for purchase of certain types of goods,
services, or other property, such as food.293 Two trade associations also suggested that the
Proposed Rule’s assessment that persons who are incarcerated may put funds received to general
use in a closed environment is inconsistent with how the CFPB views closed-loop prepaid cards
under, Regulation E. Another industry association stated that a payment functionality for people
who are incarcerated to pay for goods and services does not have “general use” within its
conventional meaning.294
Response to Comments Received
With respect to comments that the proposed definition of “general use” was excessively
ambiguous or uncertain, the CFPB also shares the commenters’ goal of reducing ambiguity and
uncertainty in the definition of “general use.” Accordingly, the CFPB declines to adopt the
proposal to define “general use” as the absence of significant limitations on the purposes of a
consumer payment transactions facilitated by the covered payment functionality provided
through the digital consumer payment application. Instead, as discussed further below, the Final

In addition, they stated that the proposal’s different treatment of these examples created confusion
about the identity of the estimated 17 larger participants. The CFPB discusses comments on that issue in
the section-by-section analysis of the larger-participant test below.
Some of these commenters further claimed the cost-benefit analysis did not consider potential impacts
on money transfer services for incarcerated people, which they considered to be a distinct product market.
In the response to general comments above, the CFPB responds to comments calling for the CFPB to
divide the proposed market into separate markets for purposes of this rulemaking. The impacts analysis
in part VII further explains how it analyzes the impacts in the market adopted in the Final Rule.
Rule adopts an alternative standard for defining “general use” as usable to transfer funds in a
consumer payment transaction to multiple unaffiliated persons, with limited exceptions.
With respect to comments on the breadth of the term “general use,” the CFPB believes
that the definition of “general use” adopted in this Final Rule is appropriately broad given the
characteristics of the market defined in this Final Rule. The term encompasses digital consumer
payment applications capable of being used for a range of purposes such as sending funds to
friends and family, buying a range of goods or services at different stores, or both. As discussed
above in response to comments on the market definition in § 1090.109(a)(1), treating those
functions as part of a single market is consistent with the CFPB’s experience and expertise, the
views of certain other market observers, and with common consumer user experience.
In response to the commenter that raised concerns about the rule including a “general
use” limitation at all, the CFPB notes that the “general use” limitation reduces the breadth of the
market, which the commenter stated already was overly broad. The CFPB also declines to drop
the “general use” limitation based on that industry association’s comments suggesting that this
limitation impermissibly excludes economic substitutes. The commenter cited examples of food
delivery applications and automobile purchase applications that facilitating payments that
consumers also can make through payment functionalities that have general use.295
The CFPB similarly declines the consumer group comments suggesting that the Final
Rule clarify that marketplaces meet the definition of “general use.” Regardless of whether they
meet that definition, for the reasons discussed in the section-by-section analysis of “consumer
payment transaction” above, the Final Rule adopts the proposed exclusion in paragraph (C) of
the definition of that term for marketplace payment functionalities.

For the reasons described at the outset of the section-by-section analysis above, the CFPB disagrees
with the industry association comment that concluded that antitrust law governs how the CFPB must
define larger participants in a market for consumer financial products or services pursuant to CFPB
section 1024(a)(1)(B). In addition, as discussed further above, the CFPB disagrees that it would be
appropriate for the market to include merchant and marketplace payment functionalities described by the
exclusion in paragraph (C) of the definition of “consumer payment transaction.”
The CFPB disagrees with the industry and nonprofit comments stating that the CFPB
should adopt a narrower definition of “general use” that would exclude some or all peer-to-peer
payment applications. Like a payment functionality that can be used to pay two or more
unaffiliated merchants, a peer-to-peer payment functionality enables transfers for consumer
payment transactions to multiple, unaffiliated individuals. Thus, it is appropriate to for payment
functionalities that solely support payments to friends and family to fall within the definition of
“general use” in the Final Rule. In addition, the market increasingly bundles both types of
payments and many peer-to-peer payment functionalities can be used formally or informally to
make payments for purchases. Defining the market based on the status of the recipient as a
consumer or a business, as the commenter suggests, would be inconsistent with how the market
has evolved, as further discussed above in the response to comments on the market definition in
§ 1090.109(a)(1).
In addition, peer-to-peer digital consumer payment applications often support payments
to millions if not tens of millions of other users including in some circumstances that industry
describes as a “closed loop” system. For example, even in such a system, often any adult
consumer who can pass identity verification can enroll to receive funds.296 The Final Rule
therefore does not treat the need for a recipient to sign up for an account to receive funds as a
basis for excluding the corresponding covered payment functionality from the definition of
“general use.” This approach also promotes consistent oversight of consumer financial products
and services that allow consumers to send funds to other consumers, without regard to whether
they operate through depository institutions.297

CFPB Deposit Insurance Spotlight, supra (“In closed loop systems, transactions are enabled through a
single provider. Under this model, both payer and receiver must have an account with the same provider
to complete the payment.”).
See also Julian Morris, Peer-to-Peer and Real Time Payments: A Primer, Int’l Ctr. For Law & Econ.
(Aug. 21, 2023) (generally describing how “closed loop” is more of an indicator that the platform may
operate outside of the banking system), https://laweconcenter.org/resources/peer-to-peer-and-real-timepayments-a-primer/ (last visited Oct. 24, 2024). The Final Rule also does not define “general use” by
reference to peer-to-peer payment systems that may be described as “closed loop” because usage of the
The CFPB declines to adopt the suggestion by some industry commenters that the Final
Rule exclude payment functionalities based on whether they are limited to use at what the
industry association commenters described as a “finite” number of merchants. The term “finite”
is not a workable standard for this Rule, and the CFPB disagrees with the industry commenters’
further suggestion that if it does not adopt that exclusion (or an exclusion for some other definite
number), the rule would have the paradoxical effect of treating the universe of potential
recipients in closed-loop payment systems for retail spending as infinite. These comments did
not recognize that paragraph (B) of the proposed definition of “general use” already excluded
closed-loop gift cards.298 And the comment did not provide a justification for this Rule to adopt
a broader exclusion, such as for payment functionalities usable at multiple unaffiliated
merchants. The CFPB also disagrees with the individual commenter that the Rule should define
“general use” based on the reaching a specific quantity of merchants, platforms, and purposes.
The commenter did not provide any justification for the specific numbers of merchants,
platforms, and purposes they proposed. In addition, the range of goods and services offered by

term “closed loop” in that context varies and the market is rapidly evolving. See, e.g., CFPB Deposit
Insurance Spotlight, supra (describing how “[c]losed loop payment systems are often connected to
traditional open loop systems, so funds can be deposited or withdrawn out of the closed loop system.”);
Getting the U.S. Banking Market Ready for Instant Payments, PaymentsJournal (May 21, 2024) (“In other
parts of the world, fintechs have taken the lead by converting their closed-loop stored value wallet
propositions and making them interoperable on the back of real-time payment systems. U.S. fintechs
have the same opportunity.”), https://www.paymentsjournal.com/getting-the-u-s-banking-market-readyfor-instant-payments/ (last visited Nov. 8, 2024); VISA, In 2024, payments to get global, open, tailored
and interoperable (Dec. 15, 2023) (describing how “money-moving apps and wallets” operating within
their own “siloed ecosystem . . . is beginning to change. With payments players prioritizing
interoperability, we will soon see a more seamless future-state of global money movement – one where
paying across services is as seamless as using any one service”), https://usa.visa.com/visaeverywhere/blog/bdp/2023/12/14/in-2024-payments-1702577675756.html (last visited Nov. 8, 2024);
VISA, Introducing Visa+ (describing new Visa+ product launched in the United States where “users set
up one payname in their preferred wallet, and pay or get paid regardless of the participating app their
peers use.”), https://usa.visa.com/products/visa-plus.html. (last visited Nov. 8, 2024).
In describing the exclusion they were seeking, these commenters referred to a description of “closedloop prepaid cards” without acknowledging that term included gift cards, which the Proposed Rule
already proposed to exclude in paragraph (B) of the definition of “general use.” See also CFPB, Final
Prepaid Account Rule, 81 FR 83934, 83936 (Nov. 22, 2016) (explaining how “consumers can only use
funds stored on closed-loop prepaid products at designated locations (e.g., at a specific merchant or group
of merchants in the case of certain gift cards; within a specific transportation system in the case of transit
cards)”) (emphasis added).
an individual merchant can vary widely across merchants. As a result, the number of merchants
where a consumer can make purchases is not necessarily an indicator of “general use.”
However, the CFPB agrees that additional clarification may be helpful as to whether the type of
payment account excluded from Regulation E (by virtue of only being usable at a single
merchant or its affiliates) also would be excluded from the market definition here based on
lacking “general use.” The CFPB provides those clarifications below in the discussion of the
revised definition of “general use” adopted in Final Rule.299
Finally, the CFPB does not agree with the industry firm commenter that the Proposed
Rule created significant uncertainty as to whether certain cards, codes, or other devices described
in Regulation E section 1005.20(b) would have general use for purposes of this rule. No other
commenter raised this issue, and the commenter that raised the issue did not explain why it
believed that the CFPB would view all of the cards, codes, or other devices described in
Regulation E section 1005.20(b) as having general use, especially in light of the other examples
of accounts that would not have general use described in proposed paragraph (B). In any event,
the CFPB disagrees that Regulation E section 1005.20(b)(2) describes accounts that would not
have general use for purposes of this rule. Section 1005.20(b)(2) describes general-purpose
reloadable cards that are not marketed as gift cards or gift certificates. But the absence of gift
marketing does not render these cards lacking in general use, and if they are loaded into a
general-use digital consumer payment application, then they may fall within the market
definition.

The Final Rule does not adopt the consumer group suggestion of clarifying that online marketplace
payment functionalities have “general use” because, for the reasons discussed in the section-by-section
analysis of “consumer payment transaction” above, the Final Rule does not drop the exclusion in
paragraph (C) of the definition of that term. The requested clarification would create confusion,
suggesting online marketplace payment functionalities excluded by paragraph (C) are covered by the
definition of “general use.”
Final Rule
In response to the comments analyzed above, the CFPB includes the proposed term
“general use” in the Final Rule but defines it differently than the proposal did. Rather than
adopting the proposal to define “general use” using the “absence of significant limitations on the
purpose” standard and providing illustrative examples of activities that would or would not meet
the standard, the Final Rule adopts an alternative standard that is clearer and more administrable,
along with specific, enumerated exceptions. This approach addresses comments as discussed
above and described below.
For purposes of the Final Rule, “general use” is defined as usable for a consumer to
transfer funds in a consumer payment transaction to multiple, unaffiliated persons. The CFPB is
adopting this new standard because it is clearer and more administrable, and more closely aligns
with the similar concept in Regulation E.300 The definition is subject to specific exceptions as
described below.
This approach is based upon similar concepts in Regulation E, and therefore improves
clarity and reduces uncertainty. For example, Regulation E defines a prepaid card that has
“general use” for purchases based on being “[r]edeemable upon presentation at multiple,
unaffiliated merchants for goods and services[.]”301 Similarly, under the Final Rule, a payment
functionality that facilitates payments to multiple, unaffiliated merchants for goods and services
also would have “general use,” unless an exception applies. Also similar to Regulation E, a
payment functionality would not meet the definition of “general use” in the Final Rule if the
consumer payment transactions it facilitates are solely for a single merchant and its affiliated
companies.

The term “general use” in the Final Rule has certain similarities to terms in Regulation E, 12 CFR part
1005, but differs in some substantive respects as specified below. Usage, or omission, of specific
language from EFTA or Regulation E in the Final Rule is not an endorsement by the CFPB of any
specific interpretation of EFTA or Regulation E.
301

12 CFR 1005.20(a)(3)(ii).

In addition, consumers use digital consumer payment applications to transfer funds from
additional types of payment methods beyond prepaid cards (e.g., other prepaid accounts, bank
accounts, and credit cards) and to make payments to additional types of entities beyond
merchants. Therefore, the CFPB does not view Regulation E as encompassing the full scope of
activity that market participants include within their general-use digital consumer payment
applications. For that reason, the Final Rule does not adopt the precise phrase used to define
“general use” in the Regulation E definition of prepaid cards, which generally facilitate purchase
transactions from merchants. The Final Rule instead adopts the phrase “multiple, unaffiliated
persons” to define the universe of potential recipients of transfers of funds that determine
whether a payment functionality has “general use.” 302 If a covered payment functionality
facilitates consumer payment transactions to multiple unaffiliated entities that are not merchants,
it would qualify as having “general use,” unless an exception applies. Further, if a covered
payment functionality facilitates consumer payment transactions to multiple individuals such as
family or friends not acting as merchants, that covered payment functionality still would qualify
as “general use” for purposes of the Final Rule, unless an exception applies.303 Although this
approach includes many common peer-to-peer transfer systems in the definition of “general use,”
the CFPB disagrees with the industry commenters that this indicates the definition is too
broad.304 As discussed above, given their mixed use, these covered payment functionalities often
facilitate consumer payment transactions to sole proprietors and other small businesses anyway.

See also Regulation E, 12 CFR 1005.2(b)(3)(i)(D)(2) (defining “prepaid account” to include accounts
with the “primary function [] to conduct person-to-person transfers”).
The CFPA defines “affiliate” in section 1002(1) on the basis of a control relationship between two
persons. Two consumers generally would not qualify as “affiliates” because they generally do not
“control” one another for purposes of the CFPA.
A number of industry commenters suggested the proposed definition was too broad because the
Proposed Rule stated that a covered payment functionality dedicated to transferring funds to incarcerated
people may have “general use” based on recipients’ ability to use transferred funds for purchase of a
variety of types of goods, even when those uses might not be subject to Regulation E. The Final Rule
does not adopt that approach because the definition of “general use” in the Final Rule does not depend on
the uses of funds by payment recipients.
With regard to the list of examples in proposed paragraphs (A)-(D) that would not have
met the proposed definition of “general use,” as described below, some are not adopted in the
Final Rule because it already excludes them in other ways, others are maintained with
modifications, and two are not adopted because the Final Rule includes the corresponding
examples in the market.
First, the Final Rule need not adopt proposed paragraph (A) because the CFPB
understands that other revisions the Final Rule would make the exclusion in proposed
paragraph (A) unnecessary.305 First, the Final Rule need not adopt proposed paragraph (A)
because the CFPB understands that other revisions the Final Rule would make the exclusion in
proposed paragraph (A) unnecessary. Specifically, if a merchant or marketplace sells or leases
only specific types of goods, services, or other property, then a payment functionality that is
limited to facilitating payments to that merchant or marketplace already would be excluded from
the Final Rule for other reasons. For example, the definition of “general use” in the Final Rule
already does not cover a payment functionality that facilities consumer payment transactions
solely by facilitating a purchase from a single merchant or its affiliated companies, including a
merchant providing any of the types of goods, services, or other property listed in proposed
paragraph (A).306 Such activities do not facilitate payments to “multiple, unaffiliated persons” in
the definition of “general use.” In addition, to the extent an online marketplace operator’s
payment functionality facilitates payments to multiple, unaffiliated persons for the purchase of

This approach also makes the definition of “general use” more consistent with similar concepts in
Regulation E. Under paragraph (A) in the proposed definition of “general use,” a payment functionality
that solely supports the purchase or lease of a specific type of services, goods, or other property from
multiple, unaffiliated merchants would not have had “general use.” However, the relevant provisions of
the definitions of “prepaid account” and “general-use prepaid card” in Regulation E apply to accounts
redeemable at multiple unaffiliated merchants, regardless of whether they sell the same specific type of
services, goods, or other property. 12 CFR 1005.2(b)(3)(i)(D)(2) & 1005.20(a)(3)(ii). By not including
that exception, the definition of “general use” in the Final Rule is more consistent with Regulation E,
which contains no such exclusion from the definition of “general-use prepaid card” or “prepaid account”
discussed above.
The definition of “general use” in the Final Rule also does not include a payment functionality that
facilitates consumer payment transactions solely to purchase consumer financial products or services from
a single provider and their affiliated companies.
goods or services a consumer selects from the online marketplace (including a marketplace
offering only specific types of goods or services), the online marketplace operator’s conduct of
those payment transactions already would be excluded from the definition of “consumer payment
transaction” as described above.
Second, the Final Rule adopts other examples described in proposed paragraphs
(B) and (C) with certain modifications described below for clarity. In paragraph (B) of the
proposed definition of “general use,” the CFPB proposed to exclude using certain accounts
described in Regulation E section 1005.2(b)(3)(ii)(A), (C), and (D), which Regulation E excludes
from the definition of “prepaid account.” The CFPB did not receive any comments agreeing or
disagreeing with the exclusions described in proposed paragraph (B).307 Notwithstanding the
adoption of a more specific definition of “general use” described above, the CFPB does not view
these types of highly-specialized payment functionalities as having “general use” for purposes of
this rule. For the reasons explained in the Proposed Rule as described above, the Final Rule
therefore maintains these exclusions by listing them as exceptions.
In addition, the Final Rule adopts the exception in proposed paragraph (C) to pay a
specific debt or type of debt. The Final Rule also clarifies that this exception excludes additional
examples beyond loan servicing functionalities that facilitate repayment of extensions of
consumer credit. The Final Rule states that this exception excludes payment functionalities
provided solely for paying the following two types of debts: (1) Debts owed in connection with
origination or repayment of an extension of consumer credit; or (2) Debts in default. Through
these exceptions, the Final Rule separates the market it defines from other distinct markets as

As noted above, two industry associations expressed general support for excluding closed-loop
transactions in a manner consistent with Regulation E. In addition, while acknowledging the exclusion
for using accounts described in 12 CFR 1005.2(b)(3)(ii)(C), some consumer groups suggested that the
Final Rule should clarify that other payment apps directed at servicemembers can have “general use.”
Subject to the exceptions discussed here, the definition of “general use” in the Final Rule applies when to
a covered payment functionality that facilitates payments to multiple, unaffiliated persons, regardless of
whether the functionality is directed at servicemembers. In addition, as discussed above, one commenter
sought clarification regarding how the CFPB reads the exclusion for using accounts described in
12 CFR 1005.2(b)(3)(ii)(D), which the CFPB discusses above.
described below. It therefore does not include those payment functionalities in the definition of
this market. With respect to the type of debts described in paragraph (1), just as the Proposed
Rule did not seek to cover loan servicing such as the servicing of mortgage loans (which is part
of the mortgage market), it also did not seek to cover payment functionalities that facilitate
payments made in connection with origination of a mortgage loan (such as payments through
closing or escrow accounts maintained by providers of real estate settlement services described
in CFPA section 1002(15)(A)(viii)).308 The revised exception clarifies this. In addition, in
paragraph (1), the Final Rule specifies the payment of debts in default as a second type of debt
payment functionality that is excluded by paragraph (B). Specifically, consumers may pay debts
in default through a debt collector as defined in 15 U.S.C. 1692a(6).309 As noted in part III
above, the CFPB already has issued a rule defining larger participants in a market for consumer
debt collection, and may supervise service providers to such persons under CFPA
section 1024(e). And consumers may repay extensions of credit or debts in default through a
debt settlement firm as described in CFPA section 1002(15)(A)(viii)(II).310 The CFPB also
views the market for debt relief services as separate from the market for general-use digital
consumer payment applications.311
Third, for the reasons described below, the Final Rule does not exclude the example
described in proposed paragraph (D) for splitting charges for specific types of goods or services.
As the industry association comment described above noted, consumers can use general-use
consumer payment applications to make payments for split expenses. For example, a consumer
may transfer funds to a friend or family member as reimbursement for food or other expenses.

12 U.S.C. 5481(15)(A)(iii). Real estate settlement services generally are part of a distinct market for
mortgage lending that is subject to additional applicable Federal consumer financial laws such as the Real
Estate Settlement Procedures Act, 12 U.S.C. 2601 et seq.
309

Fair Debt Collection Practices Act, 15 U.S.C. 1692a(6).

12 U.S.C. 5481(15)(A)(viii)(II) (one type of “financial product or service”).

Debt settlement is part of a distinct market that is subject to additional applicable Federal consumer
financial laws such as the Telemarketing Sales Rule. 16 CFR part 310.
Whether the provider markets its digital application primarily for that use, or for other uses, it
can meet the definition of “general use” adopted in this Final Rule. The CFPB does not believe
this change significantly affects the market-related estimates discussed in the section-by-section
analysis of the larger-participant test below or the impacts analyses in part VII below. For
example, online marketplaces may help consumers to split bills and make associated payments in
circumstances that already are excluded from the definition of “consumer payment
transaction.”312 In addition, other products and services marketed as “bill splitting apps” may
help consumers to calculate the amount each consumer will pay, but either do not help
consumers to make the associated payments or refer consumers to a third-party’s general-use
digital consumer payment application to make the associated payments.
Finally, the CFPB reiterates that each of the exceptions from the definition of “general
use” in paragraphs (A) through (C) of the Final Rule is for a payment functionality provided
through a digital application solely to support payments of the type listed in the exception. If a
nonbank provides a payment functionality through a digital application to support one of the
types of payments in paragraphs (A) through (C), but also to support peer-to-peer transfers to
other accountholders generally, then it would still have general use, as described above.
State
Proposed § 1090.109(a) would have defined the term “State” to mean any State, territory,
or possession of the United States; the District of Columbia; the Commonwealth of Puerto Rico;
or any political subdivision thereof. For consistency, the CFPB proposed to use the same
definition of “State” as used in the international money transfer larger participant rule,
§ 1090.107(a), which drew its definition from Regulation E subpart A.313 The CFPB requested

For example, if a consumer selects food for purchase by placing a restaurant order through an online
marketplace platform operator that also conducts transactions to split the bill for that purchase, such
activity may qualify for the exclusion in paragraph (C) of the definition of “consumer payment
transaction.”
313

See International Money Transfer Larger Participant Final Rule, 79 FR 56631 at 56641.

comment on the proposed definition of State. No commenters addressed this aspect of the
Proposed Rule, which the Final Rule adopts as proposed.
109(b) Test to define larger participants
Proposed § 1090.109(b) would have set forth a test to determine which nonbank covered
persons are larger participants in a market for general-use digital consumer payment applications
as described in proposed § 1090.109(a). Under the proposed test, a nonbank covered person
would have been a larger participant if it meets each of two criteria set forth in paragraphs (1)
and (2) of proposed § 1090.109(b) respectively. First, paragraph (1) specified that the nonbank
covered person must provide annual covered consumer payment transaction volume as defined in
paragraph (3) of proposed § 1090.109(b) of at least five million transactions. Second,
paragraph (2) specified that the nonbank covered person must not be a small business concern
based on the applicable SBA size standard listed in 13 CFR part 121 for its primary industry as
described in 13 CFR 121.107. The Final Rule summarizes and responds to comments about the
test in the section-by-section analysis of this proposed definition below.314
Comments Received
Comments from two industry providers, two trade associations, and some Members of
Congress commenters stated that the description in the Proposed Rule of the confidential data it
relied upon was insufficient to allow for meaningful comment. As described below, these
comments generally focused on two types of data the Proposed Rule did not release:
confidential data about market participants’ activities that the CFPB used to estimate their larger

As the Proposed Rule noted, prior to issuing the Proposed Rule, the CFPB conducted analysis of data
sources as described in parts IV, V and VI of the Proposed Rule to identify likely market participants,
and, to the extent of available data: (1) to inform its general understanding of the market; and, relatedly,
(2) to estimate the level of market activity by market participants, the degree to which market participants
would be small entities, and the level of market activity by larger participants. These estimates therefore
relied to some degree on preliminary entity-level analysis that is not dispositive of whether the CFPB
would ever seek to initiate supervisory activity at a given entity or whether, in the event of a person’s
assertion that it is not a larger participant, the person would be found to be a larger participant.
participant status, and, relatedly, the identities of the individual entities included in the Proposed
Rule’s estimate of the number of market participants that would qualify as larger participants.
With regard to the proposal’s estimate of 17 larger participants, several Members of
Congress criticized the Proposed Rule for not identifying the individual firms included in the
estimate. They stated that the Proposed Rule was not specific enough to allow the public to
identify larger participants, which they stated was necessary for the public to understand the
implications of the proposal and to provide comprehensive feedback on its impact. A group of
industry associations also stated that uncertainty in the proposed definition of “general use” left
uncertainty about the identities of firms included in the estimate. Meanwhile, a banking industry
association suggested that, separate from the rulemaking, the CFPB should publish a list of larger
participants that are subject to supervision to help consumers and industry to better evaluate their
relationships with these nonbanks.
Some of these industry commenters also stated that the CFPB should release information
about the confidential transaction data for individual firms that it used to make its estimates
concerning the number of larger participants and their share of market participant that the
Proposed Rule used in support of the proposed threshold. Two of these comments stated that the
CFPB must release the data it relied upon, while the other comment called for releasing what it
called a sanitized version of the NMLS data it used. One indicated that it needed such additional
information to comment on the Proposed Rule’s estimate of the percentage of the market that
larger participants comprised. This commenter also noted the acknowledgment in the Proposed
Rule that the NMLS data may be overinclusive or underinclusive, and its acknowledgment about
the lack of sufficient data to estimate larger participant status for certain market participants.
Some of these commenters added that, in their view, more than 17 companies would qualify as
larger participants, due in significant part to the inclusion of pass-through payment wallet
functionalities within the market definition.

Another industry association stated more generally that the Proposed Rule was not
sufficiently transparent and that the rulemaking needs to provide more comprehensive
information and justification for the threshold, which it stated should be sector-specific.315
Response to Comments Received
The CFPB disagrees with commenters that the Proposed Rule did not provide sufficient
information for commenters to offer meaningful comment. As discussed in the proposal and
further below, the CFPB provided commenters with extensive information about the data and
other evidence supporting the rule to enable informed comment, including the sources of data,
the CFPB’s methodology for analyzing the data, descriptions of market concentration, and the
limitations of the data. While the Proposed Rule did not disclose entity-level transaction volume
and revenue data, entities in this market generally keep this information confidential and do not
disclose it to the public.316 The Bureau has routinely gathered this information in carrying out its
statutory functions with the understanding that such information will be kept confidential
consistent with the CFPA and its implementing rules.
Congress anticipated that the CFPB would collect and rely on confidential data from a
variety of sources to support its rulemaking and other statutory functions, and that it would use
that information in a way designed to protect its confidentiality.317 The confidential transaction
and revenue data that the CFPB relied on in the Proposed Rule came from two sources that the
Bureau had access to: confidential supervisory information regularly shared by the States
through NMLS and data obtained via the CFPB’s market monitoring functions.318

An industry commenter also noted in a footnote that they believed the CFPB could not rely upon data
collected through its 2021 section 1022(c)(4) orders because, in their view, the CFPB did not comply with
the Paperwork Reduction Act (PRA).
As noted below, the only exception is well-known entities in the market that are public companies,
which disclose revenue information in public securities filings.
317

See 12 U.S.C. 5512(c)(1), (c)(3)(B), (c)(4), (c)(6), (c)(8); see also 12 CFR part 1070.

See 12 U.S.C. 5512(c)(8); 12 CFR part 1070.

As the Proposed Rule indicated, the States collect nonpublic NMLS money services
business call report data under explicit assurances of confidentiality.319 The NMLS collects all
of this commercial or financial information from the States as part of State supervisory functions,
also under assurances of confidentiality. On behalf of the States, the State financial regulator
association that operates NMLS authorized the CFPB to use this robust dataset if it complied
with the NMLS confidentiality conditions. When this information is shared with the CFPB, the
CFPB also treats it as confidential supervisory information, which is generally protected from
disclosure by statute and CFPB implementing regulations.320
The Proposed Rule explained that the CFPB also collected certain information pursuant
to orders issued pursuant to section 1022(c)(4) of the CFPA. Those orders provided that the
CFPB will treat the information received in response to the order in accordance with its
confidentiality regulations at 12 CFR 1070.40 through 1070.48.321 Confidential commercial or
financial information about specific transaction volume collected through those orders also

The Proposed Rule (88 FR 80107 at 80209-10 n.83 & n.90) identified the public NMLS website with
detailed information about the type of data collected in NMLS money services business call reports. In
those materials, NMLS emphasizes to money services business that “[a]ll data submitted in the [MSB
call] report is confidential[.]” NMLS MSB Call Report Overview and Definitions at 6 (“Information
Sharing”),
https://mortgage.nationwidelicensingsystem.org/licensees/resources/LicenseeResources/MSBCR%20Ove
rview%20-%20(FINAL).pdf (last visited Nov. 8, 2024).
CFPA sec. 1022(c)(6), 12 U.S.C. 5512(c)(6); 12 CFR 1070.40-48. The CFPB similarly would be
obligated to keep such information confidential had it collected the information directly from the entities,
see 12 CFR 1070.40-1070.48, in addition to increasing the burden on industry with duplicative requests,
cf. 12 U.S.C. 5514(b)(3).
See https://files.consumerfinance.gov/f/documents/cfpb_section-1022_generic-order_2021-10.pdf (last
visited Nov. 7, 2024) (sample 1022 order on website cited in proposal, 88 FR 80197 at 80210 n.90, where
the CFPB explained that “it obtained transaction and revenue data from six technology platforms offering
payment services through a CFPB request pursuant to CFPA section 1022(c)(4)”). See CFPB Orders
Tech Giants to Turn Over Information on their Payment System Plans (Oct. 21, 2021) (CFPB 1022
Orders Press Release), https://www.consumerfinance.gov/about-us/newsroom/cfpb-orders-tech-giants-toturn-over-information-on-their-payment-system-plans/.
generally would be protected by FOIA exemption 4,322 and therefore would qualify as
confidential information under 12 CFR 1070.2(f).323
In the CFPB’s experience, virtually no market participants publicly disclose their volume
of consumer payment transactions as defined in the Proposed Rule, and unless a firm is a public
company, it does not disclose its revenues. No commenters suggested that the individual firmlevel transaction volume data or the revenue data of companies that are not public companies
was not confidential information or generally available to anyone but the individual company
itself. As discussed in the impacts analyses, in response to the proposal’s request for data, no
commenters provided or pointed to sources of additional relevant data.324
The CFPB reasonably relied on this confidential transaction data and revenue data in the
Proposed Rule to provide estimates of the number of firms that would qualify as larger
participants compared to the overall number of estimated market participants and estimates of
larger participants’ market participation share of market activity. To conduct a preliminary
entity-level analysis of which market participants may qualify as a larger participant under the
Proposed Rule, the CFPB generally needed to use available data about the two criteria for the
proposed larger-participant test – an entity’s consumer payment transaction volume and its
revenues (which generally governs small business concern status under applicable size
standards).
The absence of such information provided by commenters supports the conclusion that
the money services business call reports when combined with the CFPB’s section 1022(b) order

See Food Mktg. Inst. v. Argus Leader Media, 588 U.S. 427 (2019).

The CFPB also disagrees with the comment suggesting that the CFPB’s section 1022(c)(4) orders did
not comply with the PRA. These orders, which the CFPB addressed to six entities, were not subject to
the PRA requirements. See 5 CFR 1320.3(c)(4) (defining “collection of information” from “ten or more
persons” as subject to PRA).
88 FR 80197 at 80211. As discussed in the section-by-section analysis above, some commenters
stated that the CFPB should use additional data sources to estimate the volume of consumer payment
transactions that transfer digital assets such as crypto-assets and stablecoins. However, as discussed
below, the Final Rule does not cover those transactions. Therefore, those data sources are not pertinent to
the Final Rule.
responses are the most comprehensive sources available for estimating transaction volume at the
firm level for purposes of this rule. Both sources collect information about consumer payments
facilitated in the United States by market participants. In addition, no commenter indicated that
an individual firm itself did not have access to its own transaction volume data or its revenue
data with which to assess its own larger participant status under the Proposed Rule. Comments
describing potential difficulty individual firms could face in relying on available data to assess
larger participant status referred to difficulties in counting of digital assets transactions, which
the Final Rule does not include in the larger-participant test, as described below.
Courts have held that an agency can rely on confidential information in its rulemaking so
long as the agency discloses “sufficient factual detail and rationale for the rule to permit
interested parties to comment meaningfully.”325 Here, the Proposed Rule disclosed, among other
information: (1) the sources of the data; (2) meaningful sources of additional public information
about the data;326 (3) the methodologies used to analyze the data; (4) the results of deploying
those methodologies; (5) that the data indicated that the market was highly concentrated, with a
few entities facilitating hundreds of millions or billions of consumer payment transactions
annually;327 (6) that only about one percent of market activity was conducted by an estimated
three entities with transaction volume between the five and 10 million transaction thresholds
considered in the Proposed Rule;328 (7) aggregate transaction estimates for the proposal’s

See Fla. Power & Light Co. v. United States, 846 F.2d 765, 771 (D.C. Cir. 1988); see also Riverkeeper
Inc. v. EPA, 475 F.3d 83, 112 (2d Cir. 2007); rev'd on other grounds, 556 U.S. 208 (2009).
88 FR 80197 at 80210 n.90 (providing links to NMLS and CFPB public websites where commenters
could review descriptions of the type of data identified in the proposed rule and how the data was
collected, including sample 1022 order and NMLS Money Services Business Call Report Overview
described above).
88 FR 80197 at 80210. See also, e.g., FIS 2023 Global Payments Report at 16 (“North America’s
credit and debit card markets are increasingly intermediated by a handful of major digital wallet brands.
These initially consisted of PayPal, Google Pay and Apple Pay, but challengers such as Shop Pay
(Shopify’s checkout solution) and Cash App Pay (recently becoming an open loop wallet) have joined the
playing field.”); 2022 Survey and Diary of Consumer Payment Choice: Summary Results, supra, at 1
(noting that two-thirds of consumers reported that they had adopted an online payment account such as
PayPal, Venmo, or Zelle). The Proposed Rule cited both of these sources at 88 FR 80197 at 80200 n.25.
328

88 FR 80197 at 80210.

estimated 17 larger participants; (8) the extent to which the data sources did not include relevant
data; and (9) the potential for uncertainty in its estimates based on the nature of the data. This
detailed information enabled commenters to provide meaningful comment on, and criticize, the
basis for the proposed test to define “larger participants” in the proposed market, and meaningful
comment on whether the Final Rule should adopt a higher, lower, or different threshold for the
larger-participant test. As described further below, the CFPB received extensive, meaningful
comment on these very questions (as well as numerous other aspects of the rule). The industry
commenters described above also did not explain what additional information could be provided
that would address their comments.
The CFPB disagrees with the industry comments stating that it was necessary for the
Proposed Rule to unmask confidential data, or otherwise provide additional information
regarding confidential data, in order to allow for meaningful comment. As discussed above, the
CFPB is obligated to maintain the confidentiality of the confidential transaction volume and
revenue data described above. The CFPB could not provide a de-identified list of entities linked
to their transaction and revenue data without significant risk of unmasking confidential data, nor
did commenters provide any suggestions as to how the CFPB could disclose the data in a way
that would both preserve confidentiality and improve commenters’ ability to provide meaningful
comment on the Proposed Rule.
The CFPB also declines the request by certain industry commenters to publicly disclose
the identities of individual firms that comprised the rule’s estimate of the number of larger
participants. That CFPB notes that, in their comments, several commenters specifically
identified firms they believed would be larger participants, indicating that many commenters
believed that they did not need the CFPB to identify those larger participants in order to provide
meaningful comment on the rule. In any event, the CFPB disagrees that the identities of the
estimated larger participants were critical facts that commenters needed in order to provide
meaningful comment. As disclosed in the proposal, the CFPB relied on a number of

considerations to define the market (discussed above) and the larger participant test (discussed
below), none of which were the identities of potential larger participants. Based on those
considerations, the information in the proposal described above, and the rest of the proposal,
many commenters made specific comments on the proposed market definition and proposed
threshold, which the CFPB has fully considered and responded to above (on the market
definition) and below (on the larger participant test).329 The industry commenters seeking
release of the list of 17 firms did not explain how public disclosure of their identities would
allow for more meaningful comment. Further, these industry comments did not explain how the
CFPB could make the disclosures they requested without disclosing confidential information,
such as implications from such disclosure that could reveal confidential entity-level transaction
information that the States obtained through their supervisory functions and made available to
the CFPB through NMLS or information that an entity may customarily and actually treat as
private.330
Finally, even if the CFPB’s estimates had relied entirely on public data (which they could
not), public disclosure of the identities of estimated larger participants also may be misleading
and incompatible with the administrative process that CFPB has established to determine which
entities are larger participants.331 As the Proposed Rule noted, the market-wide estimates of the
rule’s scope and impact are based only on “preliminary entity-level analysis that is not
dispositive” of larger participant status or whether the CFPB would conduct supervisory activity

For example, many industry and some nonprofit commenters explained in detail why they believed the
proposed market definition was too broad and why the proposed larger participant test would cover more
larger participants than the CFPB estimated. However, none of those commenters stated how the
methodology and data sources the proposal used and disclosed would have led the CFPB to fail to
estimate any particular entity as a larger participant. And, as noted above, no firms provided additional
data in response to the CFPB request.
For example, disclosing the identities of the 17 estimated larger participants in the Proposed Rule
would have revealed that the entities had greater than 5 million consumer payment transactions based on
the data available to the CFPB. And disclosing the names of all seven entities estimated to be larger
participants in this Final Rule would then reveal that the 10 entities who are no longer estimated to be
larger participants have between 5 and 50 million consumer payment transactions per year.
331

See 12 CFR 1090.103(d) & (a). See also 88 FR 80197 at 80198.

of the entity.332 As a result, publishing the CFPB’s preliminary entity-level analysis could
misleadingly suggest that the CFPB already has determined these entities’ larger participant
status. However, that is not the purpose of the CFPB’s preliminary entity-level analysis, which
instead informs market-wide estimates of the aggregate scope and impact of the rule. By
contrast, for markets in which the CFPB has finalized larger participant rules, the CFPB
administers a separate process for such evaluation under section 103 of its larger participant
regulation at part 1090. Based on notice-and-comment rulemaking, it designed that process to
assess which entities qualify as larger participants. As described in the Proposed Rule, to
determine if an individual entity qualifies as a larger participant, the CFPB can use that same
section 103 process to request confidential supervisory information from the entity and the entity
may voluntarily submit such information including to dispute it qualifies as a larger
participant.333 The confidential supervisory process established in section 103 of part 1090 is an
appropriate means for the CFPB to determine which entities are a larger participants.334
Final Rule
In consideration of the comments described above on data used in the Proposed Rule and
comments on the criteria and threshold for the proposed larger-participant test described below,
the Final Rule adopts the two proposed criteria – annual covered consumer payment transaction
volume and small business concern status. As described below, the Final Rule makes certain
adjustments to the calculation of annual covered consumer payment transaction volume (by

88 FR 80197 at 80208 n.77. Even when publishing the highlights of supervisory findings of violations
of Federal consumer financial law, the CFPB does not identify individual entities. See CFPB Supervisory
Highlights Issue 35, Fall 2024 at 3 (“To maintain the anonymity of the supervised institutions discussed
in Supervisory Highlights, references to institutions generally are in the plural and the related findings
may pertain to one or more institutions.”),
https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights-special-ed-autofinance_2024-10.pdf (last visited Nov. 6, 2024).
333

See 12 CFR 1090.103(d) and (a). See also 88 FR 80197 at 80198.

With regard to the banking industry association’s comment seeking publication, outside of the
rulemaking process, of the names of larger participants, the CFPB declines to address that comment
because it is beyond the scope of the rulemaking itself.
counting only those transactions denominated in U.S. dollars) and the threshold volume that
determines when entities that are not small business concerns qualify as larger participants
(adopting a significantly higher volume, of 50 million).
Criteria
Proposed Rule
The Proposed Rule reiterated that the CFPB has discretion in choosing criteria for
assessing whether a nonbank covered person is a larger participant of a market.335 It explained
how the CFPB selects criteria that provide “a reasonable indication of a person’s level of market
participation and impact on consumers.” 336 It noted how previous larger participant rulemakings
acknowledged that, for any given market, there may be “several criteria, used alone or in
combination, that could be viewed as reasonable alternatives.”337
Here, the CFPB proposed to combine the two criteria described above: the annual
covered consumer payment transaction volume and the size of the entity by reference to SBA
size standards. The Proposed Rule’s larger-participant test would have combined these criteria
as follows: a nonbank covered person would have been a larger participant if its annual covered
consumer payment transaction volume exceeded the proposed threshold, discussed in the
section-by-section analysis further below, and, during the same time period (i.e., the preceding
calendar year), it was not a small business concern.
The first criterion would have been based on the number of consumer payment
transactions. Specifically, proposed § 1090.109(b)(3) would have defined the term “annual
covered consumer payment transaction volume” as the sum of the number of the consumer

See, e.g., 77 FR 42874 at 42887 (consumer reporting larger participant rule describing such
discretion); 77 FR 65775 at 65785 (same, in consumer debt collection larger participant rule).
77 FR 42874 at 42887 (consumer reporting larger participant rule); see also 80 FR 34796 at 37513
(automobile financing larger participant rule describing how aggregate annual originations are a
“meaningful measure” of such participation and impact); 78 FR 73383 at 73393-94 (same, for account
volume criterion in student loan servicing larger participant rule).
337

77 FR 65775 at 65785 (consumer debt collection larger participant rule).

payment transactions that the nonbank covered person and its affiliated companies facilitated by
providing general-use digital consumer payment applications in the preceding calendar year.338
The Proposed Rule explained how the CFPB viewed this to be an appropriate criterion for
defining larger participants in a market defined by reference to products that facilitate certain
consumer payments. Each transaction counted under this criterion also generally is a payment.
In that way, a transaction is essentially a well-understood unit of market activity.
The Proposed Rule further noted that, as in the CFPB’s international money transfer
larger participant rule, here the number of transactions also reflects the extent of interactions
between the nonbank covered person providing the in-market consumer financial product or
service. Each one-time consumer payment transaction typically results from a single interaction
with at least one consumer.339 And, in the case of recurring consumer payment transactions,
consumers also have at least one interaction with the covered persons in the market. The number
of transactions also is a common indicator of market participation.340
The Proposed Rule stated that the CFPB considered proposing different criteria, such as
the dollar value of transactions or the annual receipts from market activity, and explained why it
did not propose either of those alternatives. First, digital wallets often are used for consumer
retail spending, which can grow in amount through inflation. For the proposed market that
included digital wallets, a dollar value criterion may become affected by inflation or other

Under the CFPA, the activities of affiliated companies are to be aggregated for purposes of computing
activity levels in larger participant rules. See 12 U.S.C. 5514(a)(1)(B), (3)(B).
See, e.g., 79 FR 56631 at 56641 (international money transfer larger participant rule noting that the
absolute number of transactions “reflects the extent of interactions” between the provider and the
consumer because “each transfer represents a single interaction with at least one consumer”).
State regulators, for example, require money transmitters to report this metric. See generally NMLS,
Money Services Business Call Report,
https://mortgage.nationwidelicensingsystem.org/slr/common/Pages/MoneyServicesBusinessesCallReport.
aspx (last visited Oct. 23, 2023).
factors.341 At the same time, as the Proposed Rule noted, in general, a higher number of
transactions also may often comprise a higher dollar value of transactions.
With respect to annual receipts, the Proposed Rule explained that data was less available,
especially for market participants that are not publicly traded or that do not file call reports on
money transmission at the State level. In addition, in the context of the market at issue, the
Proposed Rule noted that an annual receipts criterion could miss significant market participation
and consumer impacts, such as where a provider is subsidizing a product or otherwise not
earning significant per-transaction revenues.
As noted above, the CFPB proposed a second criterion that also must be satisfied for a
nonbank covered person to be a larger participant, in addition to the annual covered payment
volume criterion. Under the second criterion, in the previous calendar year, the nonbank must
not have been a “small business concern” as that term is defined by section 3(a) of the Small
Business Act, 15 U.S.C. 632(a), and implemented by the SBA under 13 CFR part 121, or any
successor provisions. Thus, under the Proposed Rule, an entity would have been a small
business concern if its size were at or below the SBA standard listed in 13 CFR part 121 for its
primary industry as described in 13 CFR 121.107.342
The CFPB proposed this second criterion because it was not seeking to use this
rulemaking as a means of expending its limited supervisory resources to examine small business
concerns. The consumer digital payments applications market is potentially broad and dynamic,
with rapid technological developments and new entrants. But many well-known market

In addition, as discussed in the impacts analyses in parts V and VI of the Proposed Rule, some of the
data sources the CFPB relied upon in formulating the Proposed Rule may be overinclusive by including
certain payments that are not within the market defined in the Proposed Rule, such as certain business-tobusiness payments. Those payments may have higher dollar values. The Proposed Rule noted how it
would have been less affected by those data distortions by proposing number of transactions as a
criterion.
In addition, under the SBA’s regulations, a concern’s size is measured by aggregating the relevant size
metric across affiliates. See 13 CFR 121.103(a)(6) (“In determining the concern’s size, SBA counts the
receipts, employees, or other measure of size of the concern whose size is at issue and all of its domestic
and foreign affiliates, regardless of whether the affiliates are organized for profit.”).
participants have large business operations that have an impact on millions of consumers. As
explained in the Proposed Rule, in light of its resources, the CFPB believes that it would be
preferable to focus on larger entities, instead of requiring all entities with an annual covered
consumer payment transaction volume over five million to be subject to supervisory review
under the Proposed Rule. If a particular nonbank covered person were a small business concern
participating in this market in a manner that posed risks to consumers, the CFPB has authority to
pursue risk-based supervision of such an entity pursuant to CFPA section 1024(a)(1)(C).343
The CFPB requested comment on its proposed criteria, including whether, instead of
basing the annual volume criterion described above on number of consumer payment
transactions, it should be based on a different metric, such as the dollar value of consumer
payment transactions, and, if so, why.
Comments Received
A few industry commenters addressed the proposed criteria of volume of consumer
payment transactions. Two industry associations and a law firm commenter stated that the
amount (value) of a consumer payment transaction more directly correlates with risks to
consumers than their frequency (volume).344 In their view, if two entities have the same
transaction volume, then the one facilitating the higher dollar amount typically poses greater risk
to consumers.345 Thus, in the view of one of these commenters, a test based on transaction value
would better facilitate the CFPB’s operation of a risk-based nonbank supervision program as
required by CFPA section 1024(b)(2). The second commenter stated that the CFPB should
consider either a transaction value threshold alone or in conjunction with transaction volume. In

12 U.S.C. 5514(a)(1)(C). See generally 12 CFR part 1091 (regulations implementing CFPA
section 1024(a)(1)(C)).
The industry association commenters also stated that the risks are different for firms that hold or
transmit funds compared to those that transmit payment instructions or act as merchant payment
processors.
At the same time, the law firm commenter indicated that, in its view, entities with lower consumer
payment transaction volumes also generally pose less risk to consumers.
its view, the proposal field to articulate a connection between transaction volume and risks to
consumers across the various different types of activity in the market. The third commenter
stated that either approach could be done, but recommended the combined approach in order to
ensure the rule captures only larger participants. Finally, another industry association stated that
to profitably serve lower-income consumers who conduct transactions with lower values,
companies needed to engage in higher volumes of activity; but rather than describing this as a
reason to use a different criteria, it described this as a reason to increase the transaction volume
threshold, as discussed below.
Some comments also addressed the proposed second criteria, an exclusion for entities
that qualified as a small business concern in the previous year. Several commenters supported an
exclusion for small businesses in general,346 though some stated that the exclusion did not
change their views, discussed further below, that the proposed consumer payment transaction
volume threshold was much too low. No commenter disagreed with excluding small business
concerns from larger participant status with respect to transactions covered by the Final Rule.347
For example, two banking industry associations supported the proposed exclusion for a small
business concern. Another industry association stated that it supported the proposed exclusion
because it believed small business concerns should be provided more flexibility than its
competitors to innovate and grow. This commenter also stated that the rulemaking should
provide a fuller explanation of its impact, including whether the CFPB had identified any
companies that exceed an annual consumer payment transaction volume threshold but would
have qualified as small business concerns. It suggested that to the extent that small business
concerns have a volume that exceeds the proposed threshold, this would support their view that

An individual commenter that expressed general support for the Proposed Rule also stated that the
CFPB should clarify the methods and data sources the CFPB would use to determine small business
concern status.
Some commenters focused on the digital asset industry stated that the exclusion would be unfair to
entities not eligible for small business status such as foreign businesses or nonprofits or entities that may
be small but ineligible for small business concern status because they are dominant in their field.
the proposed transaction threshold was too low. It stated that consideration would be relevant
not only with regard to the proposed threshold of five million annual consumer payment
transactions, but also to potential thresholds of 50 million and 500 million annual consumer
payment transactions. It also stated that the rule should consider what advantages a small
business concern would have as a result of such an exclusion. Another industry association
stated that the proposed small business exclusion was inadequate for identifying larger
participants in this market for several reasons, including that the small business size standard
updates every five years are not frequent enough for this market in light of its ongoing growth,
the variety of product offerings market participants have means they can exceed the small
business threshold even with small volumes of market activity, and, by their estimate, even based
only on the market activity alone a small or medium-sized market participant serving
approximately 220,000 consumers could exceed the highest potentially-applicable small business
concern cutoff by charging a one percent fee on the value of the average consumer activity
levels. Finally, another industry association agreed that many small businesses and startups have
annual receipts that exceed small business concern size standards, in light of users’ average
annual digital payment transaction values (which it stated were $7,610 in 2023).
Response to Comments Received
With regard to comments calling for the Final Rule to use a criteria other than the volume
of consumer payment transactions, none of these commenters addressed the Proposed Rule’s
rationale for proposing a volume rather than value-based criterion: the potential for inflation to
shrink the coverage of the rule under a value-based criterion, and the potential for greater
distortion to the extent data relied upon included business-to-business transactions that would not
be in the market.348 For those reasons, the CFPB continues to favor use of a transaction volume
criterion. In addition, the CFPB agrees with the industry comment noting that lower-income

88 FR 80197 at 80209.

consumers have significant adoption levels for general-use digital consumer payment
applications. Compared with consumers that have higher incomes, smaller-dollar transactions by
lower-income consumers generally would comprise a larger share of their disposable income.
Their payment activity therefore may be better captured by a transaction volume criterion.
Finally, the CFPB disagrees with the suggestion by a few commenters that the rule adopt an
additional criteria, such as combining transaction volume and value. That approach would
increase complexity in the administration of the rule and, given the significantly higher consumer
payment transaction volume threshold adopted in the Final Rule discussed below, would not be
necessary to ensure the rule only identifies bona fide larger participants. In any event, when the
CFPB prioritizes entities for examination based on indicators of risk, the CFPA provides a basis
for the CFPB to consider, among other factors, not just the number but also the value of
consumer payment transactions facilitated.349
The CFPB agrees with the commenters that a small business concern exclusion is
appropriate for this larger participant rule. This exclusion will ensure that the CPFB’s exercise
of its larger participant supervisory authority under this rule does not extend to small business
concerns. The CFPB disagrees with the industry association commenter to the extent it was
suggesting this exclusion is likely to confer undue advantages on small business concerns. As
discussed in the below section-by-section analysis of the threshold for the larger-participant test,
which the Final Rule sets at 50 million consumer payment transactions annually, available data
does not establish that any nonbank market participant that exceeds that threshold would qualify
as a small business concern. And even if a small business concern were to exceed the threshold,
it would not necessarily avoid CFPB supervision simply due to not qualifying as a larger
participant under this rule. For example, if its risk profile warranted prioritization for an exam,
then the CFPB also may consider it for supervisory designation under CFPA

See CFPA section 1024(b)(2)(B), (E). 12 U.S.C. 5514(b)(2)(B), (E).

section 1024(a)(1)(C). Finally, with regard to comments that the exclusion is inadequate to
define larger participants (including comments stating that companies with volumes at or slightly
above the proposed threshold of five million annual consumer payment transactions are unlikely
to qualify as small business concerns under SBA size standards), the CFPB understands those
comments to be primarily focused on the threshold for the other proposed criteria for the largerparticipant test (the annual covered consumer payment transaction volume threshold). The
CFPB further discusses comments on that threshold below.
Final Rule
As explained further above, the Final Rule adopts the two proposed criteria, and makes
certain changes to the threshold and its calculation, as described below.
Threshold
Proposed Rule
Under the Proposed Rule, a nonbank covered person would have been a larger participant
in a market for general-use digital consumer payment applications if the nonbank covered person
satisfies two criteria. First, it must facilitate an “annual covered consumer payment transaction
volume,” as defined in proposed § 1090.109(b)(3), of at least five million transactions. As
explained in proposed § 1090.109(b)(3)(i), the volume is aggregated across affiliated companies,
as required by CFPA section 1024(a)(3)(B).350 Thus, the proposed threshold included the
aggregate annual volume of consumer payment transactions facilitated by all general-use digital
consumer payment applications provided by the nonbank covered person and its affiliated
companies in the preceding year.351 Second, under proposed § 1090.109(b)(2) as explained

12 U.S.C. 5514(a)(3)(B) (providing that, “[f]or purposes of computing activity levels under [CFPA
section 1024(a)(1)] or rules issued thereunder [including larger participant rules issued under CFPA
section 1024(a)(1)(B)], activities of affiliated companies (other than insured depository institutions and
insured credit unions) shall be aggregated”).
The Proposed Rule noted that the available data do not always conform to the precise market scope of
covered consumer payment transactions. For example, the data do not always distinguish between
transactions in which a business sent funds, which would not be covered consumer payment transactions,
from transactions in which a consumer sent funds. In addition, in some cases the data may include funds
above, the CFPB also proposed to exclude from larger-participant status any entity in the
proposed market that was a small business concern in the previous calendar year based on
applicable SBA size standards.352 The Proposed Rule stated that the CFPB viewed this proposed
threshold and the proposed small entity exclusion, discussed above, to be a reasonable means of
defining larger participants in this market.353
The CFPB estimated in the Proposed Rule that the proposed threshold would have
brought within the CFPB’s supervisory authority approximately 17 entities,354 about 9 percent of
all known nonbank covered persons in the market for general-use digital consumer payment

a consumer transfers between one deposit or stored value account and another, both of which belong to
the consumer. As the Proposed Rule further noted, the analysis in the Proposed Rule included transaction
volume broadly defined, and the CFPB cannot distinguish between this overall activity and covered
market activity (to the extent they differ). Therefore, the analysis in the Proposed Rule may be an
overestimate of covered market activity and larger-participant status of providers of general-use digital
consumer payment applications subject to the larger-participant threshold.
As discussed above and below, the proposed exclusion would have applied to any nonbank that,
together with its affiliated companies, in the previous calendar year was a small business concern based
on the applicable SBA size standard listed in 13 CFR part 121 for its primary industry as described in 13
CFR 121.107. The SBA defines size standards using North American Industry Classification System
(NAICS) codes. The Proposed Rule noted that the CFPB believed that many – but not all – entities in the
proposed market for general-use digital consumer payment applications are likely classified in NAICS
code 522320, “Financial Transactions Processing, Reserve, and Clearinghouse Activities,” or NAICS
code 522390, “Other Activities Related to Credit Intermediation.” Entities associated with NAICS code
522320 that have $47 million or less in annual receipts are currently defined by the SBA as small
business concerns; for NAICS code 522390, the size standard is $28.5 million. However, the Proposed
Rule noted that other entities that the CFPB believes to be operating in the proposed market may be
classified in other NAICS codes industries that use different standards, including non-revenue-based SBA
size standards, such as the number of employees. While the CFPB had data to estimate the SBA size
status of some market participants in the Proposed Rule, such as publicly-traded companies, the CFPB
lacked data sufficient to estimate the SBA size status of some market participants. See SBA, Table of
Small Business Size Standards Matched to North American Industry Classification System Codes,
effective March 17, 2023, Sector 52 (Finance and Insurance), https://www.sba.gov/document/support-table-size-standards (last visited Oct. 26, 2023).
The Proposed Rule stated that the CFPB identified approximately 190 entities from available data that
provide general-use digital consumer payment applications and may be subject to the Proposed Rule. Of
those entities, the CFPB had data on about half sufficient to estimate larger-participant status, including
whether those entities would be subject to the small business exclusion built into the larger-participant
test. The estimate that approximately 17 entities would have been larger participants was based on the set
of entities for which the CFPB had sufficient information to estimate larger participant status.
The Proposed Rule noted that the estimate of 17 entities excluded entities where either (1) available
information indicated that the small entity exclusion would have applied or (2) the CFPB lacked sufficient
information regarding the entity’s size to assess whether the small entity exclusion would have applied.
applications.355 The Proposed Rule noted that this was a rough estimate because the available
data on entities operating in the proposed market for general-use digital consumer payment
applications was incomplete.356
In the Proposed Rule, the CFPB anticipated that the proposed annual covered consumer
payment transaction volume threshold of five million would have allowed the CFPB to supervise
market participants that represent a substantial portion of the market for general-use digital
consumer payment applications and have a significant impact on consumers. Available data
indicated that the market for general-use digital consumer payment applications is highly
concentrated, with a few entities that facilitate hundreds of millions or billions of consumer
payment transactions annually, and a much larger number of firms facilitating fewer transactions.
The Proposed Rule stated that the CFPB believed that a threshold of five million was reasonable,
in part, because it would have enabled the CFPB to cover in its nonbank supervision program
both the very largest providers of general-use digital consumer payment applications as well as a
range of other providers of general-use digital consumer payment applications that play an
important role in the marketplace. Further, certain populations of consumers, including more

The Proposed Rule described in detail how the CFPB based its market estimates on data from several
sources. The CFPB obtained transaction and revenue data from six technology platforms offering
payment services through a CFPB request pursuant to CFPA section 1022(c)(4). See CFPB 1022 Orders
Press Release, supra. The CFPB was also able to access nonpublic transaction and revenue data for
potential larger participants from the Nationwide Mortgage Licensing System & Registry (NMLS), a
centralized licensing database used by many States to manage their license authorities with respect to
various consumer financial industries, including money transmitters. Specifically, the CFPB accessed
quarterly 2022 and 2023 filings from nonbank money transmitters in the Money Services Businesses
(MSB) Call Reports data (for a description of the types of data reported in MSB call reports, see NMLS,
Money Services Business Call Report). Additionally, the CFPB compiled a list of likely market
participants, as well as transaction and revenue data where available, from several industry sources
(including Elliptic Enterprises Limited) and various public sources including the CFPB’s Prepaid Card
Agreement Database, https://www.consumerfinance.gov/data-research/prepaid-accounts/searchagreements (last visited Oct. 23, 2023), company websites, press releases, and annual report filings with
the U.S. Securities and Exchange Commission.
The Proposed Rule noted that its estimate that approximately 190 entities are participating in the
market may have been an underestimate because, for certain entities, the CFPB lacked sufficient
information to assess whether they provide a general-use digital consumer payment application. In
addition, it noted that for some entities that are among the approximately 190 participants in the market,
the CFPB lacked sufficient information to assess whether certain products they offer constitute a generaluse digital consumer payment application.
vulnerable consumers, may not transact with the very largest providers and instead may transact
with the range of other providers that exceed the five million transaction threshold.
According to the CFPB’s estimates in the Proposed Rule, the approximately 17 providers
of general-use digital consumer payment applications that meet the proposed threshold
collectively facilitated about 12.8 billion transactions in 2021, with a total dollar value of about
$1.7 trillion. The CFPB estimated that these nonbanks were responsible for approximately 88
percent of known transactions in the nonbank market for general-use digital consumer payment
applications.357 At the same time, this threshold likely would have subjected to the CFPB’s
supervisory authority only entities that can reasonably be considered larger participants of the
market defined in the Proposed Rule.
Proposed § 1090.109(b)(3)(i) also would have clarified how the activities of affiliated
companies of the nonbank covered person are included in the test when the affiliated companies
also participate in the proposed market. It provided that, in aggregating transactions across
affiliated companies, an individual consumer payment transaction would only have been counted
once even if more than one affiliated company facilitated the transaction. It also provided that
the annual covered consumer payment transaction volumes of the nonbank covered person and
its affiliated companies would have been aggregated for the entire preceding calendar year, even
if the affiliation did not exist for the entire calendar year.
The Proposed Rule noted that because the general-use digital consumer payment
applications market has evolved rapidly and market participants can grow quickly, the CFPB
also was not proposing a test that is based on averaging multiple years of market activity. As a
result, if an entity has less than the threshold amount for one or more calendar years but exceeds
the threshold amount in the most recent calendar year, it would have been a larger participant.

See 88 FR 80197 at 80209-10 nn.86-91. The Proposed Rule noted that the 88 percent estimate was
calculated among all of the entities for which the CFPB has transaction information. Id. n.92.
The Proposed Rule stated that this would have ensured that the CFPB can supervise nonbanks
that quickly become larger participants, without waiting several years.
The Proposed Rule further stated that the CFPB was considering a lower or higher
threshold.358 Lowering the threshold therefore would not have substantially increased the
number of entities subject to supervision, in part because many entities that exceed a lower
threshold would have been excluded as small entities. Thus the Proposed Rule noted that
lowering the threshold would have resulted in only a marginal increase in market coverage. The
Proposed Rule provided an example of a higher threshold. The Proposed Rule estimated that an
annual covered consumer payment transaction volume threshold of 10 million would have
allowed the CFPB to supervise approximately 14 entities, representing approximately 87 percent
of activity in this market.359 However, at this higher threshold the CFPB would not have been
able to supervise as varied a mix of nonbank larger participants that, as discussed above, have a
substantial impact on the full spectrum of consumers in the market.
The CFPB sought comment, including suggestions of alternatives on the proposed
threshold for defining larger participants of the market for general-use digital consumer payment
applications as defined in the Proposed Rule.
Comments Received
Many of the industry association commenters, a law firm, and some nonprofits stated that
the proposed five million consumer payment transaction volume threshold was too low and did
not identify bona fide larger participants. A nonprofit stated the threshold appeared designed to
maximize oversight rather than define true larger participants. Some of these commenters stated
that the proposed threshold was so low that it would treat virtually all market participants as
larger participants, including those with very small market shares, exposing small/mid-size

The Proposed Rule discussed an example of a lower threshold. An annual covered consumer payment
transaction volume threshold of one million might have allowed the CFPB to supervise approximately 19
entities, still representing approximately 88 percent of activity in this market. See id. at 80210.
359

See id.

companies to supervision when they cannot support the cost of exams, and more generally
stifling market entry, innovation, and competition. These commenters generally stated that the
proposal did not adequately explain the reasoning and evidence in support of such a threshold.360
One industry association commenter encouraged the CFPB to set the threshold here
cautiously, in consideration of the stage of this market’s development. It stated that, unlike in
prior larger participant rules, this market is in the growth stage not the maturity stage, where data
and settled expectations can be more helpful in the development of larger-participant tests. It
viewed the proposed threshold as too low given the market’s current stage and stated that a
higher threshold as necessary for properly determining the true larger participants in the market
as it matures and to allow for proper scalability within the market without impeding
competition.361
Another industry association stated that the proposal of a small business exclusion for the
first time in a larger participant rule appeared to support its concern that the proposed threshold
was too low, and still would discourage firms that are not small businesses from entering the
market. It suggested that the rulemaking should specifically consider a volume of 50 million or
500 million annual consumer payment transactions. It also criticized the Proposed Rule for not
making clear whether entities who were small business concerns would have otherwise met the
transaction volume threshold. It also stated that the rule should consider a threshold more in line
with the debt collection larger participant rule, under which larger participants comprised an
estimated 63 percent of market activity.

One nonprofit commenter also encouraged the CFPB to consider setting different thresholds in the
Final Rule for what it referred to as different sectors within the proposed market. However, it did not
state which parts of the market should be differentiated. The CFPB generally considers comments further
above on whether to define a single market in this Final Rule. Because it has determined to do so, it is
not finalizing a larger-participant test that works differently for different parts of the market.
This commenter also encouraged the CFPB to conduct periodic reviews of the threshold as the market
grows to ensure it continues to capture larger participants. The CFPB notes that it already monitors this
market, among others, as part of its statutory functions. See 12 U.S.C. 5512(c). The CFPB will continue
to monitor this market and may consider adjustments to the threshold, to the extent necessary or
appropriate through future rulemakings.
Several industry associations offered rough estimates to illustrate how the proposed
threshold would treat firms with very small market shares (ranging from, in their estimates, as
low as 0.005 percent of overall consumer payment transactions to no more than two percent of
app-based transactions) as larger participants, which in their view would not make them “larger”
participants under the statute.
Several of these commenters added that the proposed threshold would discourage entry
into the market and innovation and competition. A nonprofit commenter suggested that the
threshold would deter small and mid-sized businesses from expanding. One of the industry
associations stated these effects could limit access to payment products for low-/moderateincome consumers, and urged the CPFB to set the threshold dynamically, at a level that
represents a significant share of market activity.
The law firm commenter added that the proposal would subject firms with barely five
million consumer payment transactions annually to the same supervision as firms with hundreds
of millions or billions of such transactions, when the smaller larger participants cannot sustain
the costs of exams.
On the other hand, banking and credit union industry trade associations supported the
proposed five million consumer payment transaction volume threshold to define nonbanks that
are larger participants. One of them called for periodic CFPB evaluation of this threshold
including to see whether entities may be structuring their activities to evade it and publication of
the results, while another called for adding criteria to capture large, well-resources, fast-growing
organizations with fewer transactions.362 A nonprofit stated that two thirds of its members
surveyed supported the proposed threshold, and that some of its members supported lowering the
threshold to one million annual consumer payment transactions. Some consumer groups and part
of the membership of a nonprofit also stated that the proposed threshold was too high because,

This commenter did not offer a specific criteria for achieving its goal, which may better be achieved
through the more flexible supervisory designation process than through a regulatory test.
among other reasons, some money transfer services for incarcerated people have a dominant
position within that area despite facilitating less than five million consumer payment
transactions. Other consumer groups estimated that large firms that contract with incarceration
facilities to provide money transfer services would qualify as larger participants under the
proposed larger-participant test. They added that the CFPB should ensure that they are subject to
the CFPB’s supervisory authority under a Final Rule.363
An industry association stated that the test should be applied over a longer period (at least
two years) than the proposal (one year). They stated that short-term fluctuations could create an
inaccurate determination of market share. They also noted that, given how the market has been
growing, the CFPB should consider a threshold that is dynamic and grows as the market grows,
so that if the market grows for example more than ten-fold in the future, the test still would
reasonably identify larger participants. In addition, in their view, a one-year period would not
provide sufficient time for entities to undertake the compliance improvements the proposal stated
larger participants would undertake to prepare for supervision. Another commenter, a nonprofit,
stated that an unspecified minority of its membership suggested applying the test over multiple
years.364
Several consumer groups supported aggregating activities of affiliates for purposes of the
transaction threshold in the proposed larger-participant test. In their view, without aggregation,
market participants could avoid larger participant status by structuring different types of
consumer payment transactions, such as consumer payment transactions using different types of
stored value, through different entities within a corporate family. However, two industry

These commenters also stated that the threshold test should include all consumer payment transactions
a market participant facilitates, even when they are not facilitated through the digital application that
made the entity a market participant. These commenters called for counting in-person, kiosk-based, and
telephonic transfers, which they stated would qualify more correctional money-transfer companies as
larger participants, and the test may be more efficient to administer because it would not require breaking
out which transactions occur through the digital app channel.
This commenter noted, without further elaboration, a suggestion of at least one member to set a firstyear threshold of 10 million and a second-year threshold at 5 million.
commenters stated that the larger-participant test should not consider activities of affiliates. An
industry association stated that aggregation would allow the CFPB to supervise activities of
individual entities whose activity levels alone do not qualify them as larger participants, resulting
in an internally contradictory result. Another industry association stated that, to avoid covering
entities with low market shares, the rule should not count receipts of affiliates not engaged in
market activity toward the small business concern test.
Response to Comments Received365
In consideration of comments on the Proposed Rule stating that the proposed threshold of
five million annual consumer payment transactions was too low and could capture certain
entities with very small market shares, as well as the comment suggesting that the CFPB
consider thresholds of 50 million or 500 million annual consumer payment transactions, the Final
Rule adopts the significantly higher threshold of 50 million annual consumer payment
transactions. As discussed below, this higher threshold encompasses the group of firms that have
considerably higher transaction volumes and are in the concentrated part of the market. The
CFPB finds the higher threshold to be appropriate, considering the concentrated market structure
and how a significant number of market participants that would not qualify as larger participants
as discussed below. To the extent any firm has activity levels at or slightly above the threshold,
it may have an individual market share of less than one percent. But such a firm still has larger
participation than the vast majority of participants.366 The CFPB also declines to adopt the

As noted in the section-by-section analysis further above, the CFPB is not including transfers of digital
assets in the Final Rule. The CFPB considers the above comments on the proposed threshold in light of
this update, which the Final Rule implements through a limitation in the threshold described further
below.
See, e.g., Automobile Finance Larger Participant Rule, 80 FR 37496, 37515 (June 30, 2015) (“Each of
the [larger participants] provides or engages in hundreds of automobile originations each week and falls
in the top 10 percent of nonbank entities in the market according to the Bureau’s estimates. They can
reasonably be considered larger participants of the market. Some entities that meet this threshold will
have considerably less than 1 percent market share, but that is due in large part to the fragmentation of the
market and does not change the fact [that] they are ‘larger’ than the vast majority of participants.”).
industry association suggestion to make the threshold dynamic because that approach would be
unnecessary and difficult to administer.367
For the reasons described above, the CFPB disagrees with the comments that supported
the proposed threshold of five million annual consumer payment transactions. Based on
available data, the CFPB estimates in the Final Rule suggest that all of those nonbanks with
annual covered consumer payment transaction volume between 5 million and 50 million
combined facilitate at most a few percent of the market activity. While some consumer groups
estimated that a much higher threshold than the CFPB proposed may not capture some firms
providing what they described as high-risk money transfer services to people who are
incarcerated, those comments also stated that other large corporations provide a broad suite of
money transfer services to people who are and are not incarcerated alike. In any event, as
discussed above, the CFPB declines to define larger participants based on the goal of targeting
activities that may pose specific types of levels of risk to consumers. As discussed in the
section-by-section analysis of the market definition further above, the CFPB accounts for risk
when operating its nonbank supervision program. Any nonbank covered person, including firms
providing digital services for consumers to transfer funds to incarcerated people, can qualify as a
larger participant if it meets or exceeds the threshold in the Final Rule. And through operation of
its risk-based larger participant supervision program, the CFPB may determine how to exercise
its supervisory authority with respect to such a larger participant. Given the number of
consumers those types of firms serve, even the higher threshold that the Final Rule adopts is
reasonably likely to allow it to conduct some supervisory activities in this area.
In addition, given that the Final Rule adopts a higher threshold of 50 million annual
consumer payment transactions as discussed below, the CFPB is not persuaded by claims by
some commenters that nonbank firms would be discouraged from entry, innovation, or growth

As noted above, to the extent necessary or appropriate, the CFPB may adjust the threshold through
future rulemakings that may reflect shifts in the market and other data that may be available to the CFPB.
due to the potential exposure to CFPB examinations resulting from this rule. The CFPB notes its
existing enforcement authority over market participants generally regardless of size, their
existing obligations to comply with Federal consumer financial law regardless of size, how this
rule imposes no substantive consumer protection obligations, how the CFPB uses a prioritization
process to allocate limited supervisory resources toward those nonbanks that pose relatively
higher risks to consumers, and that no firm that is a small business concern would incur the cost
of examination under this rule. Considering all of these factors, the CFPB does not believe that
this rule is likely to shape market participation patterns in the way those commenters describe.
With regard to the industry association commenter asking whether any firms would have
exceeded the proposed threshold but qualified for the small business concern exclusions, the
CFPB notes that it did not include any such firms in its estimate of 17 larger participants because
such firms would not have qualified as larger participants under the Proposed Rule. The Final
Rule discusses this question further in the explanation below of the threshold adopted in the
Final Rule.
With regard to comments on the look-back period for applying the proposed largerparticipant test, the CFPB disagrees that the rule should apply a longer period such as two years.
Fluctuations in market participants’ transaction volumes may occur over time, but if their
volumes exceed the threshold in a calendar year, then they would be sufficient, over a long
enough time period (12 months), to conclude that the entity’s market activity has been having a
significant impact on consumers. As the international money transfer larger participant rule
noted in adopting a one-year lookback period, “[b]ecause the criterion directly measures the
number of transfers in the market, it should not be subject to temporary fluctuations that are
unrelated to an entity’s market participation.”368 In addition, for this rule, as with the
international money transfer larger participant rule, the CFPB “believes that the single-year

79 FR 56631 at 56637.

approach will make the Final Rule’s definitions easier to apply . . . and alleviate the concern
expressed by some commenters about the overall complexity of” certain provisions. For
example, this is the first larger participant rule that adopts a larger-participant test with two
criteria, and the first larger participant rule that adopts an exclusion for small business concerns
as one of the criteria. It would significantly increase complexity in the administration of the test
to judge two different criteria, which generally are measured over a calendar year (such as small
business concern criteria measured by annual receipts) over multiple years.369 Further, to the
extent commenters assumed that all entities that exceed the proposed threshold in the prior year
for the first time would face immediate examination the following year, that assumption is an
incorrect reading of the Proposed Rule. First, if the entity were a small business concern in the
previous calendar year, under the proposed larger-participant test, it would not have qualified as
a larger participant, even if its volume of consumer payment transactions did exceed the
threshold for the first time in that same calendar year. Second, as the Proposed Rule explained,
consistent with the CFPA, the CFPB conducts a risk-based supervision program for nonbanks
subject to supervisory authority under CFPA section 1024(a). This includes a process for
prioritizing entities for examination as described in its public Supervision and Examination
Manual cited in the Proposed Rule and discussed in part I above. As part of that process, where
appropriate, the CFPB can consider the entity’s volume of consumer payment transactions,
including the degree to which it exceeds the transaction threshold and for how long it has
exceeded that threshold.
With regard to comments on the proposal to aggregate activities of affiliated companies,
CFPA section 1024(a)(3)(B) requires aggregation of activity across affiliated companies for
purposes of determining activity levels in larger participant rules. To clarify that the purpose of
paragraph (b)(3) is to implement that requirement, the Final Rule adds language to the header for

Although the CFPB’s first larger participant rules averaged annual receipts over time, those rules only
adopted that single criterion (annual receipts).
paragraph (b)(3) that describes the provision as outlining the “method” for computing aggregate
activity levels. With regard to the industry association comment calling for the rule to assess
small business concern status without counting receipts of affiliated companies, the CFPB
disagrees. The overall size of the business organization, including affiliates, is a relevant
reference point as the CFPB considers which types of entities may incur the estimated cost of
examination pursuant to this rule.
Final Rule
The Final Rule adopts in paragraph (b)(3) a threshold annual covered consumer payment
transaction volume of 50 million consumer payment transactions denominated in U.S. dollars as
described further below.370
The CFPB estimates that seven nonbanks that are not small business concerns have
annual consumer payment transaction volumes that exceed this threshold, that these seven
nonbank firms account for approximately eight percent of the 85 market participants for which
the CFPB has sufficient data to estimate larger participant status (and an even lower share of the
approximately 130 known market participants),371 and that these seven nonbank firms facilitated

The Final Rule also makes non-substantive clarifying revisions to paragraph (b), including identifying
in paragraph (b) that both criteria in paragraphs (b)(1) and (2) are based on the preceding calendar year
and associated revisions.
Due to the Final Rule’s adoption of a threshold limited to transfers of funds denominated in U.S.
dollars discussed further below, the Final Rule does not include in its estimate of nonbank market
participants firms that appear to provide consumer payment transactions solely in the form of digital
assets. The Final Rule also does not include in this estimate two firms that public information indicates
are not nonbank market participants, as described in n.373 below.
In addition, the estimated 130 nonbank market participants includes four additional nonbank financial
firms, as follows: (1) Based on its review of the clarified definition of “general use” described above, the
Final Rule has identified two nonbank financial firms that provide payment functionalities for family and
friends to transfer funds to postsecondary students; (2) The removal of the proposed exclusion for bill
splitting in the definition of “general use” described above also results in one estimated additional
nonbank market participant; and (3) Through its general activities, the CFPB became aware of one
additional nonbank providing a peer-to-peer app-based payment functionality for a deposit account.
Nonbank financial institutions providing these services generally do not appear to be licensed as money
transmitters and the account agreements do not appear to be filed in the CFPB’s prepaid account
agreement database.
Further, as noted above and in the Proposed Rule, an entity is included in the estimated number of
nonbank market participants if public information indicates it currently offers at least one consumer

approximately 13.3 billion consumer payment transactions, accounting for approximately 98
percent of the over 13.5 billion consumer payment transactions market participants provide.372
Despite the increase in the threshold, larger participants’ share of market activity also increased
largely because the nonbank market size estimate in the Final Rule does not include an entity that
the Final Rule estimates, based on further research in response to a comment described above,
may not be a nonbank covered person.373
As some commenters noted, the market continues to grow and evolve rapidly and that
some new entrants may quickly exceed the proposed threshold of five million transactions. For
the reasons explained above, the CFPB does not believe the threshold used to define a larger

financial product or service within the market definition; however, for some of these 130 estimated
nonbank market participants, the CFPB lacks sufficient information to assess whether certain other
products they offer or are developing constitute a general-use digital consumer payment application. As
also noted in the Proposed Rule, the CFPB's estimate of the number of nonbank market participants may
be an underestimate because, for certain entities, the CFPB lacks sufficient information to assess whether
they provide a general-use digital consumer payment application.
Due to the threshold’s limitation to transfers of funds denominated in U.S. dollars discussed further
below, the Final Rule does not include in the market transactions that the data sources specifically
identify as digital assets transactions. In addition, as a result of that limitation on the threshold in the
Final Rule, the Final Rule does not use the transaction volume data from the CFPB’s section 1022 order
responses for one of the estimated larger participants and instead uses money service business call report
data in NMLS.
To respond to the industry association comment (described above) asking whether any of the
rulemaking’s estimated nonbank market participants would have exceeded the consumer payment
transactions volume threshold and also qualified as a small business concern, the CFPB has reviewed
public information and makes two updates to the estimates in the Final Rule. First, the CFPB identified
one entity that would have exceeded the proposed transaction volume threshold that the proposal did not
estimate to be a larger participant because the data sources described in the proposal did not indicate
whether the entity was a small business concern. To respond to the comment, the CFPB reviewed public
information, which suggested the entity may not be a nonbank covered person, and the Final Rule does
not include that entity among the estimated nonbank market participants or its transaction volume in the
market size estimate. Second, for another entity that had that level of transaction volume and which the
proposal estimated was not a small business concern, the CFPB reviewed public information and found
that the firm had previously sold its general-use digital consumer financial application to an unaffiliated
entity, for which the CFPB lacks data to estimate its transaction volume data or whether it is a small
business concern. Therefore, the Final Rule does not include the selling entity among the estimated
market participants or its transaction volume in the market size estimate. As a result of these two updates,
the CFPB estimates that all nonbank entities with data indicating over 50 million consumer payment
transactions are not small business concerns. As noted, the CFPB still does not have transaction volume
data for some market participants; to the extent any of them have over 50 million consumer payment
transactions, it is possible they could be a small business concern. But given that the CFPB estimates that
none of the seven nonbank firms that available transaction volume data indicates have over 50 million
consumer payment transactions are small business concerns, it may be unlikely that if any other firms did
have a volume that exceeds the threshold, they would be a small business concern.
participant in this Final Rule is likely to significantly affect market activity such as new entry,
innovation, and growth. But the significantly higher threshold the Final Rule adopts nonetheless
would provide new entrants and others with smaller volumes more room to grow before coming
under the CFPB umbrella of larger participant supervision in this rulemaking. For example,
based on the estimates in the Final Rule at this threshold, eight fewer entities would qualify as
larger participants because their volume of consumer payment transactions falls between 5 and
50 million annual consumer payment transactions (and another two are no longer estimated to be
nonbank market participants, as noted above). Yet, the remaining entities that the CFPB
estimates qualify as larger participants under the higher threshold adopted in the Final Rule still
account for approximately 98 percent of the market activity as noted above. In addition, this
higher threshold would allow CFPB supervision to focus more consistently on nonbank firms
that account for almost all market activity including the part of the market that the Proposed Rule
described as “highly concentrated, with a few entities that facilitate hundreds of millions or
billions of consumer payments annually[.]”374 At the same time, based on its estimates, the
CPFB finds that the higher threshold still would serve the goal described in the Proposed Rule of
covering larger participants that serve a mix of consumer populations including more vulnerable
consumers such as justice-involved individuals as well as lower-income consumers and the
unbanked or underbanked populations more generally. In any event, because the seven nonbank
firms that the CFPB estimates would be larger participants at the threshold of 50 million account
for approximately 98 percent of market activity, the CFPB does not believe that adopting a lower
threshold that would cover additional market activity would be warranted. The CFPB also does
not believe that it would be appropriate to adopt a threshold that would result in substantially less
market activity being covered, such as the estimated 63 percent in the consumer debt collection
rulemaking that one industry association commenter suggested the CPFB consider here. As that

88 FR 80197 at 80210.

rulemaking noted, the data used to estimate overall market activity included receipts from the
collection of medical debt, which were not included in the larger-participant test.375 As a result,
the circumstances surrounding that estimate in that rule were unique to that rule and that test. In
addition, due to the highly-concentrated nature of the market described above, adopting any
higher threshold (even 500 million transactions, as one commenter suggested the CFPB
consider) would not significantly reduce larger participants’ share of market activity. A
threshold of 500 million transactions would result in an estimated four larger participants with an
estimated 96 percent share of market activity. The CFPB also does not seek to adopt a threshold
at a level that is so high that it only captures the few largest participants, which would have the
incongruous effect of treating only the largest participants as “larger” participants, and in any
event would not achieve the CFPB’s stated goal of covering a mix of activities described above.
In addition to increasing the threshold as described above, the Final Rule limits the
definition of “annual covered consumer payment transaction volume” to transactions
denominated in U.S. dollars. With this clarification (and a corresponding edit to paragraph
(b)(3)(i)), the larger-participant test in this Final Rule excludes transfers of digital assets,
including crypto-assets such as Bitcoin and stablecoins. For the reasons discussed in the sectionby-section analysis of “consumer payment transaction” above, the Final Rule excludes these
transactions from the threshold to ensure the administrability of the larger-participant test while
the CPFB continues to monitor developments in the market for consumer payments involving
digital assets.

77 FR 65775, 65788 n.98.

VI. Effective Date of Final Rule
The Administrative Procedure Act generally requires that rules be published not less than
30 days before their effective dates.376 In the Proposed Rule, the CFPB proposed that, once
issued, the Final Rule for this proposal would be effective 30 days after the Final Rule is
published in the Federal Register. For the reasons discussed below, in consideration of the
comments, the Final Rule adopts that effective date.
Comments Received
An industry trade association stated that nonbanks would need at least 90 days from
publication in the Federal Register to prepare for CFPB supervision. This commenter stated that
some companies may not have reasonable notice from the Proposed Rule that they are
participating in the proposed market. The commenter also pointed to effective date periods of 60
or more days in previous larger participant rules as a precedent. A law firm made similar points
in support of its view that a 60-day pre-effective date period is needed. It also noted that the
rationale the CFPB adopted in the consumer reporting larger participant rule for a 60-day period
– including recognizing the need for entities that have never been examined to conduct training
to prepare for the CFPB examination process377 – also applies here.378 Finally, although two
trade associations representing depository institutions and a trade association representing credit
unions called for the CFPB to use or develop examination procedures for larger participants in a
manner consistent with its procedures for examining banks and credit unions, they did not call
for extending the effective date period.

5 U.S.C. 553(d).

See 77 FR 65775 at 65778-79 & n.30 (consumer debt collection larger participant rule adopting
rationale for a 60-day effective date period in the consumer reporting larger participant rule, recognizing
that “companies affected by the Consumer Reporting Rule might not previously have been supervised at
the Federal or State level”).
A digital assets payment provider stated that a two-year implementation period would be needed to
allow these types of firms and the CFPB time to prepare for supervision. A digital assets industry trade
association stated that firms in this area would need more time to assess whether they are larger
participants. The Final Rule does not include digital assets in the larger-participant test and therefore
those issues are not relevant to setting the effective date.
Response to Comments Received
The CFPB disagrees that additional time, beyond the minimum 30-day period prescribed
by the APA noted above, is necessary before this Final Rule can take effect. Larger participant
rules do not impose substantive consumer protection obligations. Although larger participants
might choose to increase their compliance with Federal consumer financial law in response to the
possibility of supervision, market participants are already obligated to comply, and should
already comply with, applicable Federal consumer financial law, regardless of whether they are
subject to supervision. Thus, entities that qualify as larger participants under the Final Rule
should not require additional time to come into compliance with Federal consumer financial law.
Moreover, the CFPB designs its examination procedures and process to allow companies a
reasonable amount of time to provide responses to information requests before examiners begin
the examination. This is in addition to a 45-day period in which the entity may challenge the
assertion that it is a larger participant under 12 CFR 1090.103(a). In addition, the CFPB believes
that many larger participants have examination experience at the State level, and in some cases
with the CFPB.379 As noted in the Proposed Rule, some larger participants may already be
subject to CFPB examination authority, including but not limited to as larger participants
pursuant to the international money transfer larger participant rule. For all of these reasons, the
CFPB disagrees that a later effective date is necessary to allow companies more time to prepare
for CFPB supervision.380

The law firm commenter’s claim that many larger participants have not previously been examined was
not supported by examples or specifics. It was unclear whether the commenter was considering
examination at the State level, which was part of the rationale for the 60-day effective date in the
consumer reporting larger participant rule as noted above. As noted above, many industry commenters
stated that many market participants are money transmitters subject to examination at the State level.
With regard to an individual commenter’s suggestion of a two-phased adoption process, prior rules
have not taken that approach and the CFPB believes it is not warranted here since, as noted above, larger
participant rules do not impose substantive consumer protection obligations, and the Final Rule does not
include digital assets transactions.
VII. Dodd-Frank Act Section 1022(b) Analysis
A. Overview
In developing this Final Rule, the CFPB has considered the potential benefits, costs, and
impacts of the Rule as required by section 1022(b)(2) of the CFPA.381 The Proposed Rule set
forth a preliminary analysis of these effects, and the Bureau requested and received comments on
the topic.
The CFPB is issuing this Rule to establish supervisory authority over larger participants
in the defined market for general-use digital consumer payment applications. Participation in
this market will be measured on the basis of the aggregate number of annual consumer payment
transactions denominated in U.S. dollars that a nonbank facilitates through general-use digital
consumer payment applications, defined in the Final Rule as “annual covered consumer payment
transaction volume.” If a nonbank covered person, together with its affiliated companies, has an
annual covered consumer payment transaction volume (measured for the preceding calendar
year) of at least 50 million and is not a small business concern, it will be a larger participant in
the market for general-use digital consumer payment applications. As prescribed by existing
§ 1090.102, any nonbank covered person that qualifies as a larger participant will retain larger
participant status until two years from the first day of the tax year in which the person last met
the larger-participant test.382
B. Baseline for Analysis and Data Limitations
The discussion below relies on information that the CFPB has obtained from industry,
other regulatory agencies, and publicly-available sources, as well as on CFPB expertise. These
Specifically, CFPA section 1022(b)(2)(A) calls for the Bureau to consider the potential benefits and
costs of a regulation to consumers and covered persons, including the potential reduction of access by
consumers to consumer financial products or services; the impact on insured depository institutions and
insured credit unions with $10 billion or less in total assets as described in CFPA section 1026; and the
impact on consumers in rural areas. The manner and extent to which the provisions of
12 U.S.C. 5512(b)(2) apply to a rulemaking of this kind that does not establish standards of conduct are
unclear. Nevertheless, to inform this rulemaking more fully, the CFPB performed the analysis described
in those provisions of the CFPA.
382

12 CFR 1090.102.

sources form the basis for the CFPB’s consideration of the likely impacts of the Final Rule. The
CFPB provides estimates, to the extent possible, of the potential benefits and costs to consumers
and covered persons of this Final Rule, against a baseline in which the CFPB takes no action.
This baseline includes the current state of the market and existing regulation, including the
CFPB’s existing rules defining larger participants in certain markets.383 Many States have
supervisory programs relating to money transfers, which may consider aspects of Federal
consumer financial law.384 Federal prudential regulators’ supervisory programs for banks also
may extend to certain nonbank service providers, and may consider aspects of Federal consumer
financial law related to the banking institutions subject to the jurisdiction of those regulators.
However, the activities of larger participants in this market extend beyond State-regulated money
transmitting and acting as service providers to banks. In addition, at present and other than the
CFPB’s activities, no program for supervision of nonbanks that participate in the general-use
digital consumer payment applications market is dedicated exclusively to promoting compliance
with Federal consumer financial law.
To the extent that this rule establishes supervisory authority over entities or their
activities that already are subject to State or Federal supervisory oversight, as discussed in parts I
and V above, the CFPB coordinates with the applicable State and Federal regulators in the
operation of its risk-based nonbank supervision program to prevent unnecessary duplication and
burden. To the extent that entities already are subject to the CFPB’s supervisory authority (such
as entities subject to supervision as service providers under section 1025(d) or 1026(e) of the

See, e.g., 12 CFR 1090.107 (defining larger participants of a market for international money transfers
subject to the CFPB’s supervisory authority under 12 U.S.C. 5514(a)(1)(B)). The CFPB has discretion in
any rulemaking to choose an appropriate scope of analysis with respect to potential benefits and costs and
an appropriate baseline. The CFPB, as a matter of discretion, has chosen to describe a broader range of
potential effects to inform the rulemaking more fully.
The Financial Crimes Enforcement Network’s (FinCEN) Federal regulation of money transmitters
generally does not apply Federal consumer financial law.
CFPA or larger participants under a prior larger participant rulemaking), this rule will establish
an additional basis for the CFPB to supervise those entities.
The CFPB notes at the outset that limited data are available with which to quantify the
potential benefits, costs, and impacts of the Final Rule. As described above, the CFPB has
utilized various sources for quantitative information on the number of market participants, their
annual revenue, and their number and dollar volume of transactions.385 However, the CFPB
lacks detailed information about their rate of compliance with Federal consumer financial law
and about the range of, and costs of, compliance mechanisms used by market participants.
Further, as noted above in the section-by-section analysis of the threshold for the larger
participant test, the CFPB lacks sufficient information on approximately one-third of known
market participants necessary to estimate their larger-participant status.386 Compared to the
lower threshold test of five million annual transactions that the CFPB proposed in the Proposed
Rule, it is less likely that those entities would be larger participants at the higher threshold test of
50 million annual transactions in the Final Rule.
In light of these data limitations, this analysis generally provides a qualitative discussion
of the benefits, costs, and impacts of the Final Rule. General economic principles, together with
the limited data that are available and the CFPB’s experience operating its supervision program,
provided insight into these benefits, costs, and impacts. Where possible, the CFPB has made
quantitative estimates based on these principles and data as well as on its experience of
undertaking supervision in other markets.

See section-by-section analysis of § 1090.109(b).

As stated above, the CFPB estimates that approximately 130 entities operate in the market for
providing general-use digital consumer payment applications as defined in the Final Rule. Of those
entities, the CFPB has data on roughly two-thirds sufficient to estimate larger-participant status, including
whether those entities would be subject to the exclusion for small business concerns. The CFPB
estimates that approximately seven of those would be larger participants under the larger-participant test
defined in the Final Rule.
C. General Comments Received on the 1022(b) Analysis
Several industry commenters and some Members of Congress generally asserted that the
cost-benefit analysis for the proposal was inadequate. For example, three industry associations
stated that the proposal overlooked various direct and indirect costs associated with supervision
and that it underestimated the costs, or that it opportunistically framed the costs and benefits, or
that it overstated benefits of supervision with respect to larger participants that are not “financial
institutions” under Regulation E implementing the EFTA and Regulation P implementing the
GLBA. One industry association commenter referenced the cost to what it referred to as
custodial and non-custodial cryptocurrency-asset wallet developers to change their business
model in order to collect and verify identity and transaction information. Another industry
association commenter stated that the cost of any new regulation, including this Rule, would be
incorporated into production costs and passed on to the consumer. Similarly, another industry
association commenter claimed the CFPB failed to explain how expanding its supervisory
authority would bring about consumer benefits from increased compliance. In addition, a
company commenter claimed that the proposal failed to account for all costs, to accurately
quantify the benefits and costs, and to find that the benefits would outweigh the costs of the
Rule. A law firm commenter stated that the costs of CFPB examinations would outweigh
benefits to consumers for firms at or near the proposed threshold of five million transactions.387
The CFPB disagrees with the general assertion that its consideration of benefits and costs
under section 1022(b) of the CFPA in the proposal was inadequate. The CFPB conducted a
thorough analysis of the reasonably-available data to estimate and quantify benefits and costs to
the extent possible. As noted in the proposal as well as above, where data do not support reliable
quantitative estimates, the CFPB has qualitatively discussed potential benefits and costs based on

Some commenters stated that the CFPB should conduct separate cost-benefit analyses for what they
characterized as disparate markets. The CFPB responds to comments on the market definition above, in
§ 1090.109(a)(1). This section analyzes the costs and benefits of the Rule for the market defined in the
Final Rule.
general economic principles and its experience engaging in supervisory activities in other
markets. The CFPB has provided additional responses to particular comments below, and where
appropriate has updated its consideration of the Rule’s benefits and costs in response to
comments. For example, some industry commenters provided additional information on wages
and salaries as well as predictions of larger participants’ likely future staffing levels for CFPB
supervisory examinations in this market and the CFPB has incorporated this information into
cost calculations below. The CFPB notes that the general criticism of a lack of quantification
generally was not accompanied by submissions of data that would aid in further quantifying
potential costs or benefits that were not quantified in the proposal.388
Above and further below, the Rule discusses how expanding the supervisory authority of
the CFPB to cover this market will help increase compliance.
D. Potential Benefits and Costs to Consumers and Covered Persons
The discussion below describes three categories of potential benefits and costs. First, the
Final Rule authorizes the CFPB’s supervision of larger participants of a market for general-use
digital consumer payment applications. Larger participants of the market may respond to the
possibility of CFPB supervision by changing their compliance systems and conduct, and those
changes may result in costs, benefits, or other impacts. Second, if the CFPB undertakes
supervisory activity of specific larger participant providers of general-use digital consumer
payment applications, those entities may incur costs from responding to supervisory activity, and
the results of these individual supervisory activities also may produce benefits and costs. Third,
the CFPB analyzes the costs that might be associated with entities’ efforts to assess whether they
would qualify as larger participants under the Rule.

The Proposed Rule sought “submissions of additional data that could inform the CFPB’s analysis of
the costs, benefits, and impacts of the Proposed Rule.” 88 FR 80197, 80211.
1. Benefits and Costs of Responses to the Possibility of CFPB Supervision Conducting an
Examination or Other Supervisory Activities
The Final Rule subjects larger participants of a market for general-use digital consumer
payment applications to CFPB supervision. As described in the Proposed Rule, that the CFPB
will be authorized to undertake supervisory activities with respect to a nonbank covered person
who qualifies as a larger participant would not necessarily mean that the CFPB would in fact
undertake such activities regarding that covered person in the near future. Rather, the CFPB
generally would examine certain larger participants on a periodic or occasional basis. The
CFPB’s decisions about supervision are informed, as applicable, by the factors set forth in CFPA
section 1024(b)(2)389 relating to the size and transaction volume of larger participants, the risks
to consumers created by their provision of consumer financial products and services, the extent
of State consumer protection oversight, and other factors the CFPB may determine are relevant.
Part I of the Final Rule provides additional background on the CFPB’s risk-based prioritization
process (including how it considers field market intelligence), which is not the subject of this
rulemaking. Each entity that believes it qualifies as a larger participant will know that it is
subject to CFPB supervision and might gauge, given its circumstances, the likelihood that the
CFPB would initiate an examination or other supervisory activity.
The prospect of potential CFPB supervisory activity could create an incentive for larger
participants to allocate additional resources and attention to compliance with Federal consumer
financial law, potentially leading to an increase in the level of compliance. They might
anticipate that by doing so (and thereby decreasing risk to consumers), they could decrease the
likelihood of their actually being subject to supervisory activities as the CFPB evaluated the
factors outlined above. In addition, an actual examination would be likely to reveal past or
present noncompliance, which the CFPB could seek to correct through supervisory activity or, in

12 U.S.C. 5514(b)(2).

some cases, enforcement actions. Larger participants therefore might judge that the prospect of
CFPB supervision increases the potential consequences of noncompliance with Federal
consumer financial law, and they might seek to decrease that risk by taking steps to identify and
cure or mitigate any noncompliance before the CFPB conducts an examination.
The CFPB believes it is likely that many larger participants would increase compliance in
response to the CFPB’s supervisory activity authorized by the Final Rule. However, because the
Final Rule itself would not require any provider of general-use digital consumer payment
applications to take such action, any estimate of the amount of increased compliance would
require both an estimate of current compliance levels and a prediction of market participants’
behavior in response to a Final Rule. The data that the CFPB currently has do not support a
specific quantitative estimate or prediction. But, to the extent that nonbank entities allocate
resources to increasing their compliance in response to the Final Rule, that response would result
in both benefits and costs.390
Benefits from Increased Compliance Based on Possibility of CFPB Examination
Increased compliance with Federal consumer financial laws by larger participants in the
market for general-use digital consumer payment applications would be beneficial to consumers
who use general-use digital payment applications. Increasing the rate of compliance with
Federal consumer financial laws would benefit consumers and this market by providing more of
the protections mandated by those laws.
Entities are aware that the CFPB would be examining for compliance with applicable
provisions of Federal consumer financial laws, including the EFTA and its implementing
Regulation E, as well as the privacy provisions of the GLBA and their implementing

Another approach to considering the benefits, costs, and impacts of the Proposed Rule would be to
focus almost entirely on the supervision-related costs for larger participants and related benefits of any
increased compliance resulting from examination activity and omit a broader consideration of the benefits
and costs of increased compliance by entities in anticipation of such examination activity. As noted
above, the CFPB has, as a matter of discretion, chosen to describe a broader range of potential effects to
inform the rulemaking more fully.
Regulation P.391 In addition, the CFPB would be examining for whether larger participants of
the market for general-use digital consumer payment applications engage in unfair, deceptive, or
abusive acts or practices.392 Conduct that does not violate an express requirement of another
Federal consumer financial law may nonetheless constitute an unfair, deceptive, or abusive act or
practice. To the extent that any provider of general-use digital consumer payment applications is
currently engaged in any unfair, deceptive, or abusive acts or practices, the cessation of the
unlawful act or practice would benefit consumers. Providers of general-use digital consumer
payment applications might improve compliance policies and procedures in response to possible
supervision in order to avoid engaging in unfair, deceptive, or abusive acts or practices.
The possibility of CFPB supervision also may help to make incentives to comply with
Federal consumer financial laws more consistent between the likely larger participants and
insured banks and insured credit unions, which are subject to Federal supervision with respect to
Federal consumer financial laws. Although some nonbank market participants already are
subject to State supervision and also may be supervised by Federal prudential regulators in
certain capacities, introducing the possibility of Federal supervision that applies to market
activities regardless of the degree to which they are subject to State or Federal prudential
regulatory oversight could encourage nonbanks that likely are larger participants to devote
additional resources to compliance. It also could help to ensure that the benefits of Federal
oversight reach consumers who do not have ready access to bank-provided general-use digital
consumer payment applications.
Comments Concerning Benefits of Increased Compliance Based on Possibility of CFPB
Examination

The CFPB also can supervise larger participants for other Federal consumer financial laws that apply,
including rules that have recently taken effect, such as the CFPB’s nonbank registration regulation at 12
CFR part 1092, or for which compliance is mandatory in the future, such as its Personal Financial Data
Rights Rule.
392

12 U.S.C. 5531.

Two industry association commenters expressed doubt about whether there would be
benefits to consumers from larger participants increasing compliance with Federal consumer
financial laws in anticipation of a possible CFPB supervisory examination due to the data gaps
described in the proposal and the lack of an estimate regarding the number of supervisory
examinations the CFPB plans to undertake in any given year. These commenters moreover
suggested that companies that believe they are larger participants will have to assume they will
be examined such that all potential larger participants would experience the increased
anticipation cost associated with being subject to the rule.
Response to Comments
With respect to data gaps in the analysis of larger participant status, the CFPB notes that
larger participants likely possess more information than the CFPB regarding their own
transaction volume, revenue and/or employee counts necessary to determine their larger
participant status. The CFPB expects the higher threshold of 50 million annual transactions to
reduce uncertainty among potential larger participants as to their larger participant status. While
the CFPA and CFPB regulations thereunder do not require larger participants to prepare for the
examination process before they receive notice of an actual examination, the CFPB believes it is
plausible that many larger participants would respond to the incentives described above as part of
their risk-management strategy, especially if they expect there to be a reasonable chance of
examination in the near future. Commenters did not offer evidence to the contrary. Part V of the
Final Rule above provides additional discussion of general comments concerning the Final
Rule’s promotion of compliance with Federal consumer financial law.
Costs of Increased Compliance Based on Possibility of CFPB Examination
To the extent that nonbank larger participants would decide to increase resources
dedicated to compliance in response to the possibility of increased supervision, the entities would
bear any cost of any changes to their systems, protocols, or personnel. Whether and to what
extent entities would increase resources dedicated to compliance and/or pass those costs on to

consumers would depend not only on the entities’ current practices and the changes they decide
to make, but also on market conditions. The CFPB lacks detailed information with which to
predict the extent to which increased costs would be borne by providers or passed on to
consumers, to predict how providers might respond to higher costs, or to predict how consumers
might respond to increased prices, and commenters did not provide such detailed information in
their comments. The CFPB further considers and responds to related comments about the cost of
compliance enhancements below.
2. Benefits and Costs of Individual Supervisory Activities
In addition to the responses of larger participants anticipating supervision, the possible
consequences of the Final Rule would include the responses to and effects of individual
examinations or other supervisory activity that the CFPB might conduct with respect to larger
participants in the market for general-use digital consumer payment applications.
Benefits of Supervisory Activities
In the CFPB’s experience, supervisory activity generally provides several types of
benefits. As discussed above, the CFPB operates a risk-based nonbank supervision program, and
prioritizes markets and individual entities for supervisory activity on the basis of a risk
assessment that considers the factors listed in CFPA section 1024(b)(2). Due to this risk-based
approach, in the CFPB’s experience, the CFPB’s nonbank supervisory activities often uncover
compliance deficiencies indicating harm or risks of harm to consumers.393 In its supervision and
examination program, the CFPB generally prepares a supervisory letter or report of each
examination. The CFPB shares examination findings with the supervised entity because one
purpose of supervision is to inform the entity of problems detected by examiners. Thus, for

See, e.g., response to general comments in part V above citing examples of Supervisory Highlights
issues that identified compliance deficiencies, violations of Federal consumer financial law, and risks of
violations of Federal consumer financial law by nonbank covered persons, including larger participants in
other markets.
example, an examination may find evidence of widespread noncompliance with Federal
consumer financial law, or it may identify specific areas where an entity has inadvertently failed
to comply, or it may identify weaknesses in compliance management systems including policies
and procedures. These examples are only illustrative of the kinds of information an individual
examination may identify.
Detecting and informing supervised entities about such problems is generally beneficial
to consumers including by identifying issues before they become systemic or cause significant
harm. When the CFPB notifies entities about risks or noncompliance associated with aspects of
their activities, the entities are expected to adjust their practices to reduce those risks. In the
CFPB’s experience, those responses frequently result in increased compliance with Federal
consumer financial law, with benefits like those described above in connection with the
possibility of CFPB examination. However, the benefits in connection with individual
supervisory activities may be greater because the CFPB often will identify specific acts or
practices that violate Federal consumer financial law and direct specific corrective actions
including compliance improvements as well as restitution and remediation. For more than a
decade, the CFPB has regularly described these corrective actions, including by larger
participants, in its Supervisory Highlights publication.394 Such responses can also avert
violations that would have occurred if CFPB supervision did not detect the risk or
noncompliance promptly. In some circumstances, the CFPB also informs entities about acts or
practices that risk violating Federal consumer financial law. Action to reduce those risks is also
a benefit to consumers.
Given the obligations providers of general-use digital consumer payment applications
have under Federal consumer financial law and the existence of efforts to enforce such laws,

See, e.g., id.; see also Supervisory Highlights (website compendium of all of these publications),
supra, at https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited
Oct. 17, 2024).
including by the CFPB and States,395 and based on the CFPB’s supervisory experience in other
markets, the CFPB also expects that the results of CFPB supervision will benefit larger
participants under supervision by detecting compliance problems early. When an entity’s
noncompliance results in litigation or an enforcement action, the entity must face both the costs
of defending its action and the penalties for noncompliance, including potential liability to
private plaintiffs. The entity must also adjust its systems to ensure future compliance. Changing
practices that have been in place for long periods of time can be expected to be relatively
difficult because they may be severe enough to represent a serious failing of an entity’s systems.
Supervision may detect flaws at a point when correcting them would be relatively inexpensive.
Catching problems early, in some situations, can forestall costly litigation. To the extent early
correction limits the amount of consumer harm caused by a violation, it can help limit the cost of
redress. In short, supervision is likely to benefit providers of general-use digital consumer
payment applications under supervision by, in the aggregate, reducing the need for other more
expensive activities to achieve compliance.396
Comments Regarding Benefits to Compliance
The CFPB received differing comments regarding the potential compliance benefits of
the Rule. Three nonprofits and one company commented that the proposal lacked support for the
claimed benefit to consumers from increased compliance because the CFPB failed to
demonstrate a baseline lack of compliance with Federal consumer financial laws. For example,

See, e.g., CFPB, Interpretive Rule, Authority of States to Enforce the Consumer Financial Protection
Act of 2020, 87 FR 31940 (May 26, 2022) (interpreting CFPA section 1042 and related provisions).
Further potential benefits to consumers, covered persons, or both might arise from the CFPB’s
gathering of information during supervisory activities. The goals of supervision include informing the
CFPB about activities of market participants and assessing risks to consumers and to markets for
consumer financial products and services. The CFPB may use this information to improve regulation of
consumer financial products and services and to improve enforcement of Federal consumer financial law,
in order to better serve its mission of ensuring consumers’ access to fair, transparent, and competitive
markets for such products and services. Benefits of this type would depend on what the CFPB learns
during supervision and how it uses that knowledge. For example, because the CFPB might examine a
number of larger participants in the market for general-use digital consumer payment applications, the
CFPB would build an understanding of how effective compliance systems and processes function in that
market.
one commenter stated that the proposal did not provide data to show that supervision and
compliance positively correlate with consumer welfare. The company commenter criticized that
the Bureau did not explain how much compliance there currently is and how much incremental
compliance would be achieved by supervision. None of these commenters provided additional
information that would aid in quantifying current compliance levels. In contrast, other
commenters, including consumer groups, an industry commenter, and a group of State attorneys
general, discussed related and additional potential benefits of the Rule without quantifying these
specifically, including: ensuring compliance of payment applications and digital wallet providers
with EFTA and the error resolution responsibilities of Regulation E; the improved ability of the
CFPB to coordinate with State regulators to prevent or address violations of the prohibition
against unfair, deceptive, and abusive acts and practices; effective oversight of compliance with
the privacy provisions of the GLBA in order to address data privacy issues imposed by digital
payment applications; and an improved ability of the CFPB to monitor payment fraud, which one
consumer advocate commenter described as extremely common.
Three industry association commenters claimed that the proposal overstated the benefits
of supervision under the Federal consumer financial laws it referenced because, commenters
asserted, many market participants are not financial institutions under the EFTA and GLBA and
their respective implementing regulations, and the Rule would therefore not have the stated
compliance benefits for consumers of the products of those firms. Similarly, another industry
association and one company asserted that pass-through wallets or payment method wallets are
not subject to Regulation E.
Two of the above-mentioned commenters from industry associations further stated that
the proposal overstated benefits to consumers of supervision due to already-existing State and
Federal oversight that they argued would be duplicative of the additional oversight established
by this Rule. In contrast, several State attorneys general submitted a comment letter stating that

the Rule would help existing regulatory oversight efforts in the market and would allow Federal
and State authorities to coordinate to prevent unlawful conduct.
Response to Comments
The CFPB agrees with several commenters that this Rule provides potential benefits to
consumers that may arise through increased supervision for compliance with Federal consumer
financial laws including the CFPA’s prohibition against unfair, deceptive, and abusive acts and
practices, EFTA and Regulation E, and Regulation P and the privacy protections of the GLBA.
The CFPB disagrees with comments suggesting that the CFPB must estimate or quantify
the baseline level of non-compliance in the market in order to conclude that the Rule is likely to
increase compliance. Such comments are inconsistent with the CFPB’s supervisory experience.
As discussed above, the CFPB’s risk-based supervision program is designed to prioritize
supervisory activity among nonbank covered persons on the basis of risk, and thus to focus on
those activities where consumers have the greatest potential to be harmed. Further, following the
issuance of its five prior larger participant rules, the CFPB has successfully used its supervisory
authority to detect violations and promote compliance in each of the markets covered by those
rules, as reflected in its Supervisory Highlights publication.397 Above, the CFPB provides
additional discussion of comments concerning the Final Rule’s promotion of compliance with
Federal consumer financial law, including comments stating that the CFPB should measure the
baseline level of non-compliance before issuing this Rule.
With respect to comments that some market participants are not financial institutions
subject to EFTA and GLBA, as discussed in the section-by-section analysis above, this
rulemaking does not prescribe substantive consumer protections or otherwise determine the
scope of those laws. Regardless, supervision of those entities that are financial institutions for
their compliance with those laws will still benefit consumers. More broadly, the Bureau will

See CFPB, Supervisory Highlights (website compendium of all of these publications), at
https://www.consumerfinance.gov/compliance/supervisory-highlights/ (last visited Oct. 17, 2024).
examine whether larger participants in the market for general use digital payment applications
engage in unfair, deceptive, or abusive acts or practices.398 As covered persons, larger
participants are subject to the CFPA’s prohibition against such acts and practices. To the extent
that any larger participant or its service provider currently is engaged in any such act or practice,
the cessation of the unlawful act or practice will benefit consumers.399
With respect to comments regarding existing oversight, as discussed further above, the
CFPB agrees with the group of State attorneys general who stated that the rule would help
existing regulatory oversight efforts in the market and would allow Federal and State authorities
to coordinate to prevent unlawful conduct. The CFPB disagrees with comments suggesting that
the CFPB’s supervision will be duplicative of existing State and other Federal regulatory
oversight. As discussed further above, in the response to general comments on this topic in the
section-by-section analysis of the Final Rule, and in the background section of the rule in part II,
the CFPB coordinates its supervisory activities with Federal prudential regulators, the FTC, and
States in order to avoid duplication. Furthermore, there is currently no Federal program for
supervision of nonbank covered persons in the market for general-use digital consumer payment
applications with respect to Federal consumer financial law compliance, and this Rule will fill
that gap.
Costs of Supervisory Activities
The potential costs of actual supervisory activities would arise in two categories. The
first category would be the cost to individual larger participants of supporting supervisory
activity itself. The second category would involve any costs to individual larger participants of
increasing compliance in response to the CFPB’s findings during supervisory activity and to
supervisory actions. These costs in the second category, discussed further below, would be

12 U.S.C. 5531.

The CFPB Supervision and Examination Manual provides further guidance to CFPB examiners on
how the prohibition against unfair, deceptive, and abusive acts and practices applies to supervised entities.
See CFPB Supervision and Examination Manual, part II.C (UDAAP statutory-based procedures).
similar in nature to the possible compliance costs based on the possibility of CFPB examination,
described above, that larger participants in general may incur in anticipation of possible
supervisory actions. This analysis will not repeat that discussion. As the CFPB Supervision and
Examination Manual notes, the reason entities need a sound compliance management system is
“[t]o maintain legal compliance” with Federal consumer financial law.400 That is the case
regardless of whether the entity is examined by the CFPB. For that reason, if a company already
has established a sound compliance management system or improves that system in anticipation
of possible CFPB supervisory actions as discussed above, then it is less likely to incur the costs
in this second category described further below in response to actual CFPB supervisory
activities.401
With respect to the first category of cost of supervisory activities, those activities may
involve requests for information or records, on-site or off-site examinations, or some
combination of these activities. For example, in an on-site examination, CFPB examiners
generally contact the entity for an initial conference with management. That initial contact often
is accompanied by a request for information or records. Based on the discussion with
management and an initial review of the information received, examiners determine the scope of
the on-site exam. While on-site, examiners spend some time in further conversation with

See CFPB Supervision and Examination Manual, part II.A (compliance management review
examination procedures).
A comment by an industry association stated that the proposal’s estimate of the cost of supporting an
examination “seem[ed] to ignore” costs related to establishing compliance programs and systems.
However, that comment appears to have misunderstood the scope of that estimate. The CFPB does not
consider the costs of establishing a compliance management system to be part of the cost of supporting
the supervisory activity itself. Rather, the CFPB considers the costs of establishing or improving a
compliance management system, if they are incurred, as either borne in anticipation of its supervisory
activity (discussed above) or in response to findings of its supervisory activity (the second category of
costs, discussed below). In any event, the Final Rule itself does not impose any requirements related to
the establishment of a compliance management system. Firms are expected to have the systems and
policies necessary to ensure they comply with existing, applicable substantive legal requirements, such as
EFTA, its implementing Regulation E, the privacy provisions of the GLBA, their implementing
Regulation P, and the CFPA’s prohibition against unfair, deceptive, or abusive acts or practices. The
CFPB’s Supervision and Examination Manual describes aspects of compliance management that
examiners review, but does not impose requirements; firms have flexibility in designing those systems
and policies.
management about the entity’s policies, procedures, and processes. The examiners also review
documents, records, and accounts to assess the entity’s compliance and evaluate the entity’s
compliance management system. As with the CFPB’s other examinations, examinations of
nonbank larger participants in the market for general-use digital consumer payment applications
may involve issuing confidential supervisory letters or examination reports and compliance
ratings. The CFPB Supervision and Examination Manual describes the supervision process and
indicates what materials and information an entity could expect examiners to request and review,
both before they arrive and during their time on-site.
The primary costs an entity would face in connection with supporting an examination
would be the cost of employees’ time to collect and provide the necessary information. The
frequency, duration, and scope of examinations of any particular entity would depend on a
number of factors, including the size and transaction volume of the entity, the compliance or
other risks identified, the extent of State consumer protection oversight, and other relevant
factors, such as whether the entity has been examined previously, and the demands on the
CFPB’s supervisory resources imposed by other entities and markets. Nevertheless, some rough
estimates may provide a sense of the magnitude of potential staff costs that larger participants
may incur in supporting the examination of their consumer financial products and services.402
The cost of supporting supervisory activity may be calibrated using prior CFPB
experience in supervision. In the proposal, the CFPB outlined that examinations of larger
participants in the market for general-use digital consumer payment applications would be

In addressing comments in part V above, the Final Rule notes that the market definition, marketrelated definitions, and larger participant test do not depend or rely on the CFPB’s position that the CFPA
authorizes supervision and examination of all of the consumer financial products and services provided by
nonbank covered persons subject to CFPA section 1024(a). This rule does not determine the extent to
which the CFPB would examine other consumer financial products and services provided by larger
participants besides general-use digital consumer payment applications. Nonetheless, the CFPB considers
that the cost to a larger participant of supporting a typical eight-week on-site examination should not vary
significantly depending on which consumer financial products or services are scoped into the
examination.
anticipated to be approximately eight weeks on average,403 with an additional two weeks of
preparation. This estimate assumed that each examination would require two weeks of
preparation time by staff of larger participant providers of general-use digital consumer payment
applications prior to the examination as well as on-site assistance by staff throughout the
duration of the examination. The CFPB has not suggested that counsel or any particular staffing
level is required during an examination. However, based on prior estimates, the CFPB assumed
in the Proposed Rule that an entity might dedicate the equivalent of one full-time compliance
officer and one-tenth of the time of a full-time attorney to assist with an exam. The national
average hourly wage of a compliance officer is $39; the national average hourly wage for an
attorney is $85.404 These averages accounted for the likelihood that some compliance officers
and attorneys will earn below or above the national average. Assuming that wages and salaries
account for 70.3 percent of total compensation for private industry workers, the CFPB estimated
in the proposal that the total employer cost of labor to comply with an examination would
amount to approximately $25,000.405
Comments Received
The CFPB received comments on the Proposed Rule advocating for higher estimates of
the entity’s cost of supporting supervisory activity, including on the wage and or salary level
used in the analysis and on the number of employees typically called upon to support a

For an estimate of the length of examination, see Board of Gov. of Fed. Res. System Office of
Inspector General, The Bureau Can Improve Its Risk Assessment Framework for Prioritizing and
Scheduling Examination Activities (Mar. 25, 2019) at 13, at https://oig.federalreserve.gov/reports/bureaurisk-assessment-framework-mar2019.pdf (last visited Oct. 31, 2023).
For current U.S. Bureau of Labor Statistics (BLS) estimates of mean hourly wages of these
occupations, see BLS, Occupational Employment and Wages, May 2023, 13-1041 Compliance Officers,
at https://www.bls.gov/oes/current/oes131041.htm#(1) (last visited Aug. 15, 2024); BLS, Occupational
employment and Wages, May 2023, 23-1011 Lawyers, at https://www.bls.gov/oes/current/oes231011.htm
(last visited Aug. 15, 2024).
See BLS, Employer Costs for Employee Compensation – March 2024 (table 1 for 2024 Q1 estimates
of the share of wages and salaries in total compensation of private sector workers), at
https://www.bls.gov/news.release/pdf/ecec.pdf (last visited Aug. 15, 2024). This cost is calculated as
follows: ((((0.1×$84.84)+$38.55)/0.703)) ×40 hours×10 weeks.
supervisory exam. For example, two industry associations and one commenter stated that the
types of staff tasked with supervisory examinations at large technology firms are highly
specialized and compensated at rates that are higher than the national average. Two of these
commenters provided alternative estimates for wages and salaries based on industry publications
or U.S. Bureau of Labor Statistics (BLS) compensation estimates for firms with 500 workers or
more. A commenter from a non-profit associated with the cryptocurrency industry stated that
companies would devote “hundreds of thousands of dollars on support services” but did not
describe the components of these costs or provide evidence to substantiate this claim. A law
firm representing an interested party likewise criticized the examination cost estimate of
approximately $25,000 as an underestimate and cited a former CFPB Deputy Director stating
that the costs would amount to “at least ten times that” estimate, but did not provide a detailed
explanation of the estimated cost components.
Relatedly, two industry associations stated that companies may hire consultants and
outside counsel to support an examination, in addition to attorneys, compliance officers and
other staff. Another industry commenter provided a link to an industry study finding that the top
100 U.S. law firms charge clients on average $917 per hour for outside counsel. Neither
commenter elaborated on the frequency or magnitude of this practice, including the share of
firms that would hire outside counsel or the number of hours they would contract to support
company responses to requests for information from CFPB examiners.
Several industry commenters suggested larger participants would be likely to dedicate
multiple compliance officers and attorneys to the preparation and support of a supervisory
examination. For example, one company commenter asserted that both the preparation and the
support for an actual examination would require multiple full-time compliance personnel and
attorneys. Two other industry association commenters asserted that supporting an examination
and meeting the CFPB’s expectations for entities’ compliance management systems would
require “dozens of employees” who collaborate across multiple departments in order to respond

to information requests. One industry association stated that firms not previously supervised
may increase staffing due to the lack of previous experience with CFPB examinations, and also
due to what the commenter stated was antagonistic rhetoric by the CFPB toward this industry.
The CFPB also received comments regarding the estimated length of a typical
supervisory examination that asserted that the true length would be longer than two weeks of
preparation and eight weeks of examination engagement. For example, one company stated that
it takes a year to prepare for examinations and two industry association commenters stated that
the full examination process including responding to follow-up requests spans multiple months
and oftentimes over a year. However, none of these commenters provided a detailed accounting
of specific duties, time estimates, or other evidence to substantiate these statements. Two further
industry association commenters likewise questioned the two- plus eight-week examination
timeline, indicating they thought a longer period to be more accurate, although neither provided
an alternative length estimate.
One industry association criticized that the CFPB declined to state the expected
frequency of examinations. Several commenters stated that the cost of supervision could stifle
new entry, innovation, competition and consumer access to the covered products, and that the
proposal did not adequately account for these costs. For example, one commenter from a nonprofit stated that the proposal’s coverage of pass-through wallets could disincentivize offerings
such as the tokenization of payments and credit products offered through wallets. Three
additional commenters from industry associations asserted that the proposed transaction test of
five million covered transactions was so low that it could lead to barriers to market entry,
innovation, competition, and consumer access to these products. None of the commenters
offered specific estimates or research to help quantify such potential costs, nor did they make
suggestions of how to more adequately evaluate them qualitatively.
Related to the impact of costs on consumers’ access to covered products, some
commenters claimed the proposal inadequately considered potential pass-through costs to

consumers and merchants. For example, some Members of Congress expressed concern that
supervisory costs could have a negative impact on merchants that use covered products. They
cited an industry study that finds that, of the small and medium-sized businesses throughout nine
global markets, including the United States, that responded to their survey, 73 percent reported
digital payments to be “fundamental to their growth.”406 A non-profit and an industry
association representative called for the CFPB to provide evidence that the Rule will not
significantly impact small businesses or consumers.
Some of these same commenters as well as a company commenter claimed the proposal
did not adequately consider the potential for supervisory costs to be passed through to
consumers. For example, the nonprofit commenter noted that supervisory costs could create
barriers to entry into the market and increase prices to consumers. The company stated that
payment method wallets are free to consumers and that the Rule’s costs could lead to firms
charging consumers for the product. An individual consumer questioned whether the Rule
would lead firms to charge fees for covered products. One industry association suggested the use
of the average dollar amount of transactions to estimate potential pass-through costs to
consumers.
Finally, an industry association commenter suggested that the Rule could increase the
risk of privacy breaches and data leaks by increasing the number of individuals with access to
sensitive, private information about customers of larger participants.
Response to Comments
The CFPB acknowledges the concerns raised by industry comments that, in the context of
this market, the cost of supervisory activities may generally be higher than suggested in the
Proposed Rule, and the CFPB is revising certain estimates in the discussion that follows in

See VISA, Back to Business Global Study: 2022 Small Business Outlook, at
https://usa.visa.com/dam/VCOM/blogs/visa-back-to-business-study-2022-outlook-jan22.pdf (last visited
Aug. 26, 2024). The nine markets include Brazil, Canada, Germany, Hong Kong, Ireland, Russia,
Singapore, UAE and the United States. Percentages in the study are not necessarily representative of
small and medium-sized businesses in the United States.
response to those comments. As noted above and discussed further below, the cost of
supervisory activities can vary based on a number of factors, and thus the costs of examination
activities may differ among larger participants within the market defined in this Rule. Those
costs are partly within the control of larger participants, some of whom may choose to devote
more resources to responding to supervisory activities than others (e.g., more staff time or
support from outside counsel and consultants). In addition, as a general matter, the costs of
supervisory activities are likely to be greater where examiners identify compliance violations or
other risks to consumers, which are more likely to generate follow-up information requests and
more extensive engagement with an entity as the CFPB attempts to correct the identified
violations and address other risks.407 These variations mean that the cost figures provided in this
section are necessarily rough estimates, and that individual larger participants’ costs may diverge
from these estimates.
While none of the commenters provided alternative estimates of examination costs that
included specific salaries combined with staffing levels and alternative proposals of the average
examination length, the following paragraphs describe how estimates would change under
different salary, staffing and length assumptions. For these scenarios, the CFPB draws on
comments provided on the proposal. In a first scenario, the alternative estimates below
incorporate higher salary levels that some commenters suggested would be more accurate in this
market. In a second scenario, the CFPB uses these higher salary estimates in conjunction with
higher staffing levels than those discussed in the proposal. A third scenario introduces an
example of when the combined preparation and examination time would be longer than the
proposed ten weeks. Under this scenario, the CFPB provides alternative estimates for an
examination lasting 12 weeks, under the assumption of the higher salaries from scenario one as
well as under both the higher salary and higher staffing levels from scenario two.

For the same reason, as a general matter, examinations with more extensive follow-up activities are
more likely to provide benefits to consumers.
The CFPB does not have complete information pertaining to wages and salaries paid by
all entities that may be subject to the Rule, and does not advocate for any particular wage or
salary level for staff that support supervisory activities. However, the CFPB acknowledges that
the cost to larger participants in this market of complying with a supervisory examination are
likely to be higher than that of the average firm, in part because of where larger participants are
located. For example, the top-paying metropolitan area for both compliance officers and lawyers
is San Jose-Sunnyvale-Santa Clara, California, where the mean hourly wage for compliance
officers is $56 and for lawyers is $129. Using these wage levels and the staffing assumptions set
forth in the Proposed Rule,408 the estimated total employer cost of labor to comply with an
examination would increase to approximately $39,000.409 This estimate is roughly $8,000 higher
than the equivalent employer cost of labor suggested by one industry commenter on the Proposed
Rule.410
Based on its review of comments, and in light of the higher transaction threshold in this
Final Rule, the CFPB is providing additional estimates with respect to staffing the preparation
and support of a supervisory examination in order to account for the fact that many entities are
likely to choose higher staffing levels than those set forth in the proposal. The estimate of one
full-time compliance officer and one tenth of one attorney took into account that there could be
multiple individuals engaged part-time in an examination and part-time in other non-examination

88 FR 80197, 80213 (describing assumption of one full-time compliance officer and one-tenth of the
time of a full-time attorney to assist with the examination for 10 weeks).
This cost is calculated as follows: ((((0.1×$129.12)+$55.83)/0.703)) ×40 hours×10 weeks. An
alternative way to calculate the costs imposed on entities that pay some of the highest national wages for
compliance officers and attorneys would be to use, for example, the 90th percentile of wages rather than
the mean. However, the BLS top codes (suppresses) wages above $115/hour for lawyers such that the
official wage estimates above that threshold would be imprecise. The 90th percentile of national hourly
wages for compliance officers was $59/hour. Using these wage estimates would yield a total employer
cost of labor of approximately $40,000 to comply with a supervisory exam.
One industry commenter, citing three industry publications, asserted that the median rate for a
compliance officer with four-six years of experience is $91,500 and the annual base pay for the majority
of in-house counsel in large cities is “at least $200,000.” Using these numbers, the total employer cost of
an examination would be approximately $31,000 ((0.1× (($200000×10)/52))+(91500×10/52))/0.703.
obligations. Although commenters did not provide precise or entirely consistent estimates
regarding how larger participants are likely to staff examinations, the CFPB acknowledges that
many larger participants in this market may choose to staff examinations with more full-time
equivalent attorneys, compliance officers and other staff than is typically the case in previously
supervised larger participant markets. The larger participants in this market are larger in terms of
revenue compared to larger participants in other established larger participant markets.411 For
illustrative purposes, the CFPB has estimated that an entity that pays salaries at the level of the
highest-paying metropolitan area and staffs an examination with three full-time compliance
officers, two full-time attorneys and one outside counsel that spends 30 hours throughout the
duration of the two-week preparation and eight-week examination period, would incur costs
close to $270,000 per examination.412 Alternatively, at this cost, the entity could staff the
examination with more than five in-house staff if some of them work part-time on the
examination and part-time on other duties. For example, some additional personnel may spend

For example, the 2012 debt collection rule estimated that 168 of the 175 larger participants had annual
receipts between $10 million and $250 million, see 77 FR 65775, 65789. Among larger participants in
the market covered by this Rule, average annual revenue was $208 billion in 2023. Higher revenue may
indicate more complexity, or firms with higher revenue may decide to devote more resources to a
supervisory examination because those costs comprise a small fraction of their operating budget. While it
is reasonable to expect that larger participants in this market generally would devote more resources to a
supervisory examination compared to many previous larger participants, the CFPB does not have
information indicating that would necessarily always be the case.
Without stating a specific number, one individual firm commented on the Proposed Rule that firms
likely would staff supervisory examinations with multiple full-time compliance officers and multiple fulltime attorneys and another industry association commenter asserted that firms would hire outside counsel
to support an examination. Two industry trade associations stated that they expect larger participants to
devote “dozens” of staff to a supervisory examination, but did not elaborate on the number of hours they
would work or otherwise provide more specific numbers or information to substantiate that claim. Based
on supervisory experience in other markets, the CFPB assumes in-house compliance officers spend more
time on examinations than in-house attorneys. Therefore, in line with the general views of these
commenters, the Bureau has assumed for purposes of its estimate that an entity would devote three fulltime compliance officers, two full-time attorneys, and one outside counsel. Because outside counsel does
not typically engage directly with examiners during the 10-week examination process described above,
based on supervisory experience in other markets, the CFPB does not have data on how outside counsel is
typically involved during a standard examination, but acknowledges that the larger participants in this
specific market may seek outside advice on how to respond to and participate in an examination. The
CFPB assumes the number of hours of outside counsel support in this scenario could be approximately 20
hours of preparation and 10 hours of support during the examination and assumes for illustrative purposes
an hourly fee of $917 for outside counsel, as provided by one commenter. The cost of $270,000 is
calculated as follows: ((((2×$129.12)+(3×$55.83))/0.703))×40 hours×10 weeks+(917×30).
some number of hours on data analysis or coding or otherwise preparing materials for
presentations to the CFPB, or may attend and provide information at the standard opening and
closing meetings for the examination, or other initial meetings where they provide a brief
overview of discrete issues. These meetings typically last only a few hours. The CFPB does not
have detailed information to reliably quantify the exact amount of time these additional
employees would devote to such supporting activities, but does not expect these limited
engagements to materially affect this estimate.
With regard to the company comment that claimed that preparation for supervisory
examinations of nonbanks is generally “a year-round affair,” this commenter did not explain or
support this claim. Nor does it fit with the CFPB’s experience since entities generally do not
receive notice a year in advance of a scheduled examination. This assumption also is not in line
with the experience of the CFPB from the supervision of other larger-participant markets.
Supervision typically involves requiring documents from time to time and conducting occasional
in-depth examinations of a company typically over the 10-week engagement period described
above. For example, the CFPB may conduct supervisory monitoring activities throughout the
year, including “contacting the appropriate officer of the institution to discuss new products or
services, events that may impact compliance management, and any questions raised by
information reviewed by the [CFPB’s central point of contact for supervision].”413 However,
these engagements generally are brief and often occur in the form of one phone call or
videoconference. In contrast, during an in-depth examination of a company, CFPB examiners
may ask to see a company’s existing compliance policies and procedures, otherwise review a
company’s records and operations including for selected customer accounts, conduct interviews
with personnel, and assess how the company complies with applicable Federal consumer

See CFPB Supervision and Examination Manual, part I.A (page 13 of Overview section).

financial laws. The scope of an examination will depend on, among other factors, the size and
complexity of the firm.
With respect to comments regarding post-examination costs, the CFPB acknowledges
that entities may face such costs. While the estimated cost for a larger participant in this market
to support a supervisory examination described above assumes two weeks of preparation and
eight weeks of engagement with the CFPB, some examinations may result in a Potential Action
and Request for Response (PARR) letter, which provides a supervised entity with notice of
preliminary findings of conduct that may violate Federal consumer financial laws and advises the
entity that the Bureau is considering taking supervisory action against the entity.414 In such an
event, the CFPB estimates an additional two weeks of staff time necessary to respond to the
PARR. In this third scenario of potentially higher examination costs, an additional two weeks
would result in the cost of an examination increasing by approximately $8,000, to approximately
$47,000, using the average wages of the top-paying metropolitan area, assuming staffing at the
level set forth in the Proposed Rule. Under the higher salary and staffing assumptions described
above, including three full-time compliance officers, two full-time attorneys and one outside
counsel contracted for 80 additional hours of work on a PARR, an additional two weeks would
increase the examination cost by approximately $122,000, to approximately $392,000.415
As stated in the proposal, the overall costs of supervision in the market for general-use
digital consumer payment applications would depend on the frequency and extent of CFPB
examinations and other supervisory activity. Neither the CFPA nor the Final Rule specifies a

See CFPB, Request for Information Regarding the Bureau’s Supervision Program, 83 FR 7166, 7168
(Feb. 20, 2018).
This scenario assumes that outside counsel become more intensively involved in the event of a PARR
and devoted 80 hours to support the larger participant in responding to the PARR, in the event that the
larger participant chose to engage outside counsel for $917 hourly. Examination costs of approximately
$47,000 and $392,000 in scenarios with a PARR are calculated as (((0.1×$129.12)+$55.83)/0.703) ×40
hours×12 weeks and as (((2×129.12)+(3×55.83))/0.703) ×40 hours × 12 weeks+(917×110), respectively.
particular level or frequency of examinations.416 The frequency of examinations would depend
on a number of factors, including the larger participants’ size and volume of transactions; the
CFPB’s understanding of the conduct of market participants and the specific risks they pose to
consumers; the extent of existing State consumer protection oversight; and other relevant factors,
including the responses of larger participants to prior examinations and the demands that other
markets make on the CFPB’s supervisory resources. These factors can be expected to change
over time, and the CFPB’s understanding of these factors may change as it gathers more
information about the market through its supervision and by other means. The CFPB therefore
declines to predict, at this point, precisely how many examinations in the market for general-use
digital consumer payment applications it would undertake in a given year.
However, the CFPB notes that it is unlikely that all seven potential larger participants
would undergo supervisory examinations in the same year. The frequency with which entities
undergo supervision will determine the industry-wide costs. If each of the seven larger
participants underwent examination every other year, the estimated annual direct cost of
supervision would be around $137,000 industry-wide using average wages of the top-paying
metropolitan area and the examination length and staffing levels set forth in the proposal. Even
at the highest range of estimates, where each entity devoted three full-time compliance officers,
two full-time attorneys, and contracted 110 hours of outside counsel with one of the largest 100
U.S. law firms, and all received a PARR, and half of the larger participants undergo supervision
in any given year, the industry-wide estimated cost using the highest-paying metropolitan area
wages would be approximately $1.4 million, or $392,000×3.5.

The CFPB declines to predict at this time precisely how many examinations it will undertake at each
larger participant of general-use digital consumer payment applications. Based on its experience in
examining larger participants in other markets, it does not expect to conduct an examination of each
larger participant in this market each year. If the CFPB were to examine each entity estimated to be a
larger participant of the market for general-use consumer digital payment applications once every two
years, the expected annual labor cost of supervision per larger participant under the higher salary, staffing
and examination length assumptions would be approximately $196,000 (the cost of one examination,
divided by two), depending on the staffing and remuneration decisions of the larger participant as well as
on whether the examination is followed up with a PARR.
With respect to the consideration of pass-through costs to consumers and merchants, the
CFPB disagrees that it did not consider such potential impacts. The CFPB recognizes that many
merchants provide website pay buttons that link to general-use digital consumer payment
applications provided by unaffiliated third parties and that small businesses in particular may
rely on those consumer financial products and services for growth. However, the CFPB expects
the costs of supervisory examinations to not exceed $1.4 million industry-wide annually even if
half of the larger participants were to undergo an extended supervisory examination every year,
which is unlikely.417 As stated in the proposal, the CFPB cannot foresee how larger participants
may respond to the cost of supervision. One possibility is that larger participants absorb the
entire cost of supervision. Another possibility is that they pass through the entire cost of
supervision, or some fraction of the cost of supervision, to merchants and consumers. The extent
to which larger participants would pass through their costs of supervision to merchants (for
products that support payments for purchases) or consumers (for products that support purchases
and/or payments to other consumers) will be limited by competitive forces in the market. For
example, if one larger participant increases its fees for services, merchants or consumers may
switch providers. This potential response to increased prices and competition for merchants’ and
consumers’ business could prevent a full pass-through of costs. Moreover, the highest estimate
of examination costs described in the scenarios above amounts to approximately $392,000 per
larger participant, or 0.0002 percent of the average revenue (approx. $208 billion) of the

417 As

discussed in the section-by-section analysis in part V, the estimates in this Rule do not reflect
supervisory conclusions that particular entities are larger participants; once the Final Rule takes effect, the
CFPB will make those assessments and will prioritize conducting supervisory activity at specific larger
participants in this market based on risk as described in the Supervision and Examination Manual,
consistent with CFPA section 1024(b)(2). Therefore, the CFPB cannot predict in this Final Rule how
many examinations or other types of supervisory events it will conduct at larger participants of this
market in a given year. However, based on its experience with prioritization of supervisory activity at
larger participants in five other markets, the CFPB believes it is unlikely that it would conduct eight-week
on-site examinations of most or even many larger participants in a single year.

estimated seven larger participants.418 Because the examination support costs are a small
fraction of the total revenue of larger participants, the CFPB believes it is less likely that these
costs would cause firms to substantially change their business models.
Even in the event that larger participants pass through the entire cost of the higher end of
the CFPB examination support cost estimates to merchants that use these products, the cost per
merchant likely would be very small. One industry study estimates that there were 13.7 million
online stores in 2024.419 If 59 percent of merchants use buy buttons, as indicated by one industry
report,420 then roughly 8.1 million online merchants use these products. The CFPB estimates
that seven larger participants are responsible for approximately 98 percent of transactions in the
market. Therefore, even if larger participants that underwent an examination were to pass
through 100 percent of $1.4 million in estimated annual examination costs (under the higher
estimate) to approximately eight million merchants, the amount per merchant would likely be
low. Measured against the $1.1 trillion in online retail sales in 2023, the Bureau views this cost
to be negligible and not large enough to discourage entry, innovation or growth among
merchants that use or would like to use these products.421 Likewise, the CFPB views the cost
relative to the gains from doing business in this market as too low to disincentivize offering
credit products through wallets, in particular as a lender’s own app-based lending activity can be
excluded by paragraph (D) of the definition of “consumer payment transaction” as discussed in

Using revenue information from annual report filings with the U.S. Securities and Exchange
Commission described above, the CFPB estimates the average total annual revenue of larger participants
to be approximately $208 billion in 2023. As an alternative comparison, and in response to one industry
commenter, this cost comprises approximately 0.0003 percent of larger participants’ average annual total
transaction value in 2021-2023. This number is likely higher in 2024, as the majority of data points for
transaction values stem from 2021 and the market continued to expand during this period. In any event,
the CFPB views this number as small.
See Capital One, Total Number of Online Stores (July 24, 2024), at
https://capitaloneshopping.com/research/number-of-online-stores/ (last visited Aug. 26, 2024).
See PYMNTS, 6 in 10 Subscription Merchants Drive Conversion with ‘Buy Buttons,’ at
https://www.pymnts.com/subscriptions/2023/60percent-subscription-merchants-drive-conversion-withbuy-buttons/ (last visited Aug. 26, 2024).
For e-commerce retail sales, see the Federal Reserve Bank of St. Louis, E-Commerce Retail Sales, at
https://fred.stlouisfed.org/series/ECOMSA (last visited Aug. 26, 2024).
part V of the rule. With respect to the statement by one commenter that the cost of the Rule
could disincentivize investments in the tokenization of payments, as discussed in part V above,
the commenter did not commenter did not explain why larger participants would seek to offset
the costs of CFPB examination by reducing investment specifically in anti-fraud protections or
provide evidence to support its view, and the CPFB notes that the Rule also could incentivize
investments.
As explained above, the CFPB also does not expect larger participants to pass through the
full cost of supervisory examinations to consumers directly. However, even if they passed
through $1.4 million annually to the millions of consumers who use these products, the cost per
consumer would likely be low.422
As a result of some examinations, supervised entities may incur costs associated with
addressing the CFPB’s supervisory communications and actions, such as by making changes to
its compliance systems or procedures. As noted above, the CFPB considers these costs as a
separate category of costs from the costs of supporting an exam. Where appropriate, in
exercising its supervisory authority, the CFPB conveys its findings, conclusions, expectations,
and recommendations to a supervised entity regarding its compliance, and utilizes various forms
of supervisory communications and actions to promote compliance and address associated
risks.423 The CFPB’s supervisory communications may specify corrective actions such as
changes to practices and operations, payment of remediation to consumers,424 and steps to
prevent such violations from occurring or recurring, including compliance-management-system
improvements. In the CFPB’s experience, when an entity adopts preventive measures in
response to those types of CFPB supervisory communications and actions, the entity’s actions

See U.S. Census Bureau, National Population by Characteristics: 2020-2023, at
https://www.census.gov/data/tables/time-series/demo/popest/2020s-national-detail.html (last visited
Aug. 26, 2024); see, e.g., Pew 2022 Payment App Article, supra.
423

See, e.g., CFPB Bulletin 2021-01, supra.

See id.

generally will reduce risk of violation of Federal consumer financial law. As such, these costs
may be necessary to maintain compliance with Federal consumer financial law, as described in
the CFPB Supervision and Examination Manual. In any event, the CFPB is not able to estimate
these costs in advance, as such costs will vary depending on the nature and scope of the CFPB’s
supervisory communications and actions and the entity’s response. As discussed above, in many
cases CFPB supervision also may benefit providers under supervision by detecting compliance
problems early, which can reduce costs in the long run.
Regarding the risk of privacy breaches, the CFPB agrees with the commenter that
consumer data privacy is important. The CFPB recognizes that data privacy breaches can
impose costs on consumers and firms and therefore adheres to the Federal requirements to reduce
the risk of data and other privacy breaches. For example, the CFPB complies with requirements
provided in the Presidential Executive Orders, Federal Information Security Management Act
(FISMA), applicable Office of Management and Budget (OMB) Memoranda, U.S. Department
of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Binding
Operational Directives, as well as National Institute of Standards and Technology (NIST)
Federal Information Processing Standards and Special Publications, and other applicable
guidance. Further, CFPB implements improvements from annual information security audits of
its data security practices by the Office of Inspector General (OIG), the Government
Accountability Office (GAO) and other auditors, as recommended. The CFPB believes that
these steps mitigate the risk of privacy breaches.
3. Costs of Assessing Larger-Participant Status
Providers of general-use digital consumer payment applications might decide to incur
costs to assess whether they qualify as larger participants, to respond to CFPB requests for
information to assess larger participant status under 12 CFR 1090.103(d), or potentially to

dispute their status.425 Larger-participant status would depend on both a nonbank’s aggregate
annual covered consumer payment transaction volume and whether the entity is a small business
concern based on the applicable SBA size standard. The CFPB expects that many market
participants already assemble general data related to the number of transactions that they provide
for general-use digital consumer payment applications. Moreover, many providers are required
to report certain transaction data to State regulators.426
To the extent that some providers of general-use digital consumer payment applications
do not already know whether their transactions exceed the threshold, such nonbanks might, in
response to the Final Rule, develop new systems to count their transactions in accordance with
the proposed market-related definitions of “consumer payment transactions,” “covered payment
functionality,” “general use,” and “digital application” discussed above. The data that the CFPB
had at the time of the Proposed Rule did not support a detailed estimate of how many providers
of general-use digital consumer payment applications would engage in such development or how
much they would spend, and commenters did not provide this information. Commenters also did
not provide any estimates or data to support estimates. Regardless, providers of general-use
digital consumer payment applications would be unlikely to spend significantly more on
specialized systems to count transactions than it would cost to be supervised by the CFPB as
larger participants.

A nonbank covered person that is subject to certain orders may be required to register pursuant to the
CFPB’s nonbank registration regulation, 12 CFR part 1092. If such a registered entity is not already
supervised by the CFPB under section 1024(a), and it participates in this market, then it may need to
assess its larger participant status to determine whether it must comply with certain additional
requirements under that rule that may apply to persons supervised under CFPA section 1024(a), including
larger participants. See also response to general comments on promoting compliance with Federal
consumer financial law, supra.
As noted above, the States have been active in regulation of money transmission by money services
businesses. For example, 49 States and the District of Columbia requiring entities to obtain a license to
engage in money transmission, as defined by applicable law. Further, many States also actively examine
money transmitters, including certain products and services they provide through general-use digital
consumer payment applications. See, e.g., CSBS Reengineering Nonbank Supervision MSB Chapter at 4
(discussing how providers of digital wallets hold and transmit monetary value).
The CFPB notes that larger-participant status also depends on whether an entity is subject
to the proposed small business exclusion. In certain circumstances, larger-participant status may
depend on determinations of which SBA size standard applies, and by extension, which NAICS
code is most applicable. Therefore, providers of general-use digital consumer payment
applications may choose to incur some administrative costs to evaluate whether the small
business exclusion applies. However, providers would not need to engage in this evaluation if
they could establish that their annual covered consumer payment transaction volume was below
50 million.
It bears emphasizing that even if a nonbank market participant’s expenditures on a new
transaction counting system enabled it to successfully prove that it was not a larger participant
(which, again, it would not need to do if it was a small business concern according to SBA
standards), it would not necessarily follow that this entity could not be supervised under other
supervisory authorities the CFPB has that this rulemaking does not establish. For example, the
CFPB can supervise a nonbank entity whose conduct the CFPB determines, pursuant to CFPA
section 1024(a)(1)(C) and regulations implementing that provision, poses risks to consumers.427
Thus, a nonbank entity choosing to spend significant amounts on a transaction counting system
directed toward the larger-participant transaction volume test could not be sure it would not be
subject to CFPB supervision notwithstanding those expenses. The CFPB therefore believes very
few if any nonbank entities would be likely to undertake such expenditures.
Commenters on the Proposed Rule stated that providers of digital applications to make
payments using cryptocurrency-assets may need to change their product design to capture data
that would allow them to identify consumer payment transactions that would determine larger
participant status under the Proposed Rule. However, because the Final Rule adopts a larger

See 12 U.S.C. 5514(a)(1)(C); 12 CFR part 1091.

participant test based on the transfer of funds in consumer payment transactions denominated in
U.S. dollars, those providers would not face the potential for those types of impacts.
An industry association commented that the ambiguity of the proposal could cause firms
to incur costs when assessing their larger participant status. The significantly higher threshold
test of 50 million annual transactions adopted in the Final Rule should substantially diminish the
level of uncertainty compared to the proposal regarding an entity’s larger participant status.
Additional clarifications of the market in the Final Rule, including clarifying the definition of
“general use” and limiting the definition of “annual covered consumer payment transaction
volume” to transactions denominated in U.S. dollars, should further facilitate the determination
of whether an entity is a larger participant.
E. Potential Specific Impacts of the Final Rule
1. Insured Depository Institutions and Insured Credit Unions with $10 Billion or Less in Total
Assets, as Described in Dodd-Frank Act Section 1026
The Rule does not apply to insured depository institutions or insured credit unions of any
size. However, as noted in the section-by-section analysis of “digital application” above, it may
apply to nonbank covered persons to the extent that they provide covered payment functionalities
through a digital application of an insured depository institution or insured credit union. In
addition, it might have some competition-related impact on insured depository institutions or
insured credit unions that provide general-use digital consumer payment applications. For
example, if the relative price of nonbanks’ general-use digital consumer payment applications
were to increase due to increased costs related to supervision, then insured depository institutions
or insured credit unions of any size might benefit by the relative change in costs. These effects,
if any, would likely be small.
2. Impact of the Provisions on Consumers in Rural Areas
Because the Rule would apply uniformly to consumer payment transactions that both
rural and non-rural consumers make through general-use digital consumer payment applications,

the Rule should not have a unique impact on rural consumers. The CFPB is not aware of any
evidence suggesting that rural consumers have been disproportionately harmed by Federal
consumer financial law noncompliance by providers of general-use digital consumer payment
applications.
Comments Received
The CFPB sought information from commenters related to how digital consumer
payments affect rural consumers. A nonprofit associated with decentralized finance commented
that rural communities in particular may benefit from digital payment technologies due to limited
access to brick-and-mortar financial services and suggested that costs imposed by this Rule could
limit rural communities’ access to such technology. That commenter did not offer research to
substantiate this assertion. In contrast, a nonprofit commented that 94 percent of their member
webinar participants did not believe that digital consumer payments impacted rural consumers
differentially. Several State attorneys general advocated for increased oversight in this market in
part because they believe it would benefit in particular some consumers who rely on applications
covered by this Rule and who do not use traditional banks and their bank-provided digital
consumer payment applications.
Response to Comments
The CFPB believes that both rural and non-rural consumers may benefit from general-use
digital consumer payment applications as defined in the Final Rule. As discussed further above,
the Bureau does not expect the costs imposed by this Rule to be high enough to impact the
availability of this technology to consumers irrespective of whether they reside in rural or nonrural areas. Moreover, the Final Rule does not cover transactions in cryptocurrencies or
stablecoins.
VIII. Regulatory Flexibility Act Analysis
The Regulatory Flexibility Act (RFA), as amended by the Small Business Regulatory
Enforcement Fairness Act of 1996, requires each agency to consider the potential impact of its

regulations on small entities, including small businesses, small governmental units, and small
not-for-profit organizations.428 The RFA defines a “small business” as a business that meets the
size standard developed by the SBA pursuant to the Small Business Act.429
The RFA generally requires an agency to conduct an initial regulatory flexibility analysis
(IRFA) of any Proposed Rule subject to notice-and-comment rulemaking requirements, unless
the agency certifies that the Proposed Rule would not have a significant economic impact on a
substantial number of small entities.430 The CFPB also is subject to certain additional procedures
under the RFA involving the convening of a panel to consult with small entity representatives
prior to proposing a rule for which an IRFA is required.431
In the Proposed Rule, the undersigned certified that the proposal would not have a
significant impact on a substantial number of small entities (SISNOSE) and that an IRFA was
therefore not required.
Comments Received
The CFPB received comments from several industry associations and some Members of
Congress suggesting that the RFA should include potential indirect effects on small merchants
that allow consumers to use general-use digital consumer payment applications. Another
industry association expressed support for the small business exclusion in the proposal, but

5 U.S.C. 601 et seq. The term “‘small organization’ means any not-for-profit enterprise which is
independently owned and operated and is not dominant in its field, unless an agency establishes [an
alternative definition after notice and comment].” 5 U.S.C. 601(4). The term “‘small governmental
jurisdiction’ means governments of cities, counties, towns, townships, villages, school districts, or special
districts, with a population of less than fifty thousand, unless an agency establishes [an alternative
definition after notice and comment].” 5 U.S.C. 601(5). The CFPB is not aware of any small
governmental units or small not-for-profit organizations to which the Proposed Rule would apply.
5 U.S.C. 601(3). The CFPB may establish an alternative definition after consultation with SBA and an
opportunity for public comment. As mentioned above, the SBA defines size standards using NAICS
codes that align with an entity’s primary line of business. The CFPB believes that many – but not all –
entities in the proposed market for general-use digital consumer payment applications are primarily
engaged in financial services industries. See, e.g., SBA, Table of Small Business Size Standards Matched
to North American Industry Classification System Codes (eff. Mar. 17, 2023), sector 52 (Finance and
Insurance), at https://www.sba.gov/document/support--table-size-standards (last visited Oct. 26, 2023).
430

5 U.S.C. 605(b).

5 U.S.C. 609.

objected to certification that the Rule would not result in a significant impact on a substantial
number of small entities without providing a more comprehensive analysis of entities that would
not qualify as larger participants due to the small business exclusion alone.432
Response to Comments
The Bureau notes that, in line with statutory requirements, the RFA analysis analyzes the
potential impacts on small entities to which the Rule applies. Therefore, the CFPB declines the
request by some commenters that the analysis of potential indirect effects be incorporated into
the RFA analysis. However, the CFPB considered these potential impacts of pass-through costs
on merchants that may be small business concerns in the cost-benefit analysis, as described in the
1022(b) analysis above.
Compared to the proposal, the Final Rule adopts in paragraph (b)(3) a significantly higher
threshold of 50 million annual consumer payment transactions denominated in U.S. dollars. At
this threshold, no entity for which the CFPB has complete transaction information indicating
transaction volumes of at least 50 million annually would be excluded from larger participant
status based on the small business concern exclusion.433
The Final Rule defines a class of providers of general-use digital consumer payment
applications as larger participants of a market for general-use digital consumer payment
applications and thereby authorizes the CFPB to undertake supervisory activities with respect to
those nonbank covered persons. The Rule establishes a two-pronged test for determining largerparticipant status. First, the Rule adopts a threshold for larger-participant status of at least 50
million in annual covered consumer payment transactions denominated in U.S. dollars in the

It added that in its view, notwithstanding the assessment in the Proposed Rule that it would not have a
significant impact on a substantial number of small entities, the Small Business Regulatory Enforcement
Fairness Act (SBREFA) review process still provides an informative tool to consider these types of
issues. For the reasons discussed in part VII and this part VIII, the CFPB does not believe that
discretionary application of the SBREFA review process is warranted here.
See section-by-section analysis of threshold adopted in final rule, supra. The CFPB has complete
transaction information for roughly two-thirds of known market participants.
previous calendar year. Second, the larger-participant test incorporates a small entity exclusion.
As a result, larger-participant status only applies to a nonbank covered person that, together with
its affiliated companies, both meets the 50 million transaction threshold and is not a small
business concern based on the applicable SBA size standard. Because of that exclusion, the
number of directly affected small business entities participating in the market that would
experience a significant economic impact due to the Rule is, by definition, zero.434
Finally, CFPA section 1024(e) authorizes the CFPB to supervise service providers to
nonbank covered persons encompassed by CFPA section 1024(a)(1), which includes larger
participants.435 Because the Rule does not address service providers, effects on service providers
need not be discussed for purposes of this RFA analysis. Even if such effects were relevant,
based on the frequency with which the CFPB typically examines service providers of nonbank
larger participants, the CFPB believes that it would be very unlikely that any supervisory
activities with respect to the service providers to the approximately seven larger participants of
the nonbank market for general-use digital consumer payment applications would result in a
significant economic impact on a substantial number of small entities.436
The Final Rule adopts the Proposed Rule, with some modifications that do not lead to a
different conclusion. Therefore, a final regulatory flexibility analysis is not required.

In addition, the CFPB is not aware of any nonprofit entities that would be larger participants under the
Final Rule.
435

12 U.S.C. 5514(e); 12 U.S.C. 5514(a)(1).

Particularly in light of complexity in the applicable market, including how larger participants generally
serve a variety of consumer populations across many States and facilitate very substantial volumes of
consumer payment transactions for multiple types of recipients using multiple different payment methods,
these firms typically would rely upon numerous service providers. However, as explained in its prior
larger participant rules and as noted above with respect to the larger participants themselves, the
frequency and duration of examinations that would be conducted at any particular service provider would
depend on a variety of factors. Based on its experience conducting service provider examinations, the
CFPB concludes that it is implausible that in any given year a substantial number of service providers that
are small business concerns are subject to CFPB examinations. In any event, the impact of any
supervisory activities at any small firm service providers can be expected to be less than at the larger
participants themselves given the CFPB’s exercise of discretion in supervision.
IX. Paperwork Reduction Act
The CFPB has determined that the Final Rule does not impose any new recordkeeping,
reporting, or disclosure requirements that would constitute collections of information requiring
approval under the Paperwork Reduction Act, 44 U.S.C. 3501, et seq.
X. Congressional Review Act
Pursuant to the Congressional Review Act,437 the CFPB will submit a report containing
this rule and other required information to the U.S. Senate, the U.S. House of Representatives,
and the Comptroller General of the United States prior to the rule taking effect. The Office of
Information and Regulatory Affairs has designated this rule as not a “major rule” as defined by
5 U.S.C. 804(2).
List of Subjects in 12 CFR Part 1090
Consumer protection, Credit.
Authority and Issuance
For the reasons set forth in the preamble, the CFPB amends 12 CFR part 1090 as set forth
below:
PART 1090—DEFINING LARGER PARTICIPANTS OF CERTAIN CONSUMER
FINANCIAL PRODUCT AND SERVICE MARKETS
1. The authority citation for part 1090 continues to read as follows:
Authority: 12 U.S.C. 5514(a)(1)(B); 12 U.S.C. 5514(a)(2); 12 U.S.C. 5514(b)(7)(A);
and 12 U.S.C. 5512(b)(1).
2. Add § 1090.109 to subpart B to read as follows:
§ 1090.109 General-use digital consumer payment applications market.
(a)(1) Market definition. Providing a general-use digital consumer payment application
means providing a covered payment functionality through a digital payment application for
consumers’ general use in making consumer payment transaction(s) as defined in this subpart.

5 U.S.C. 801 et seq.

(2) Market-related definitions. As used in this section:
(i) Consumer payment transaction(s) means, except for transactions excluded under
paragraphs (a)(2)(i)(A) through (D) of this section, the transfer of funds by or on behalf of a
consumer who resides in a State to another person primarily for personal, family, or household
purposes. The term applies to transfers of consumer funds and transfers made by extending
consumer credit, except for the following transactions:
(A) An international money transfer as defined in § 1090.107(a);
(B) A transfer of funds by a consumer:
(1) That is linked to the consumer’s receipt of a different form of funds, such as a
transaction for foreign exchange as defined in 12 U.S.C. 5481(16); or
(2) That is excluded from the definition of “electronic fund transfer” under § 1005.3(c)(4)
of this chapter;
(C) A payment transaction conducted by a person for the sale or lease of goods or
services that a consumer selected from that person or its affiliated company’s online or physical
store or marketplace, or for a donation to a fundraiser that a consumer selected from that person
or its affiliated company’s platform; and
(D) An extension of consumer credit initiated through a digital application that is
provided by a person who is extending, brokering, acquiring, or purchasing the credit or that
person’s affiliated company.
(ii) Covered payment functionality means a funds transfer functionality as defined in
paragraph (a)(2)(ii)(A) of this section, a wallet functionality as defined in paragraph (a)(2)(ii)(B)
of this section, or both.
(A) Funds transfer functionality means, in connection with a consumer payment
transaction:
(1) Receiving funds from a consumer for the purpose of transmitting them; or
(2) Accepting from a consumer and transmitting payment instructions.

(B) Payment wallet functionality means a product or service that:
(1) Stores for a consumer account or payment credentials, including in encrypted or
tokenized form; and
(2) Transmits, routes, or otherwise processes such stored account or payment credentials
to facilitate a consumer payment transaction.
(iii) Digital payment application, for purposes of this subpart, means a software program
a consumer may access through a personal computing device, including but not limited to a
mobile phone, smart watch, tablet, laptop computer, or desktop computer. Examples of digital
payment applications covered by this definition include an application a consumer downloads to
a personal computing device, a web site a consumer accesses by using an Internet browser on a
personal computing device, or a program the consumer activates from a personal computing
device using a personal identifier such as a passkey, password, PIN, or consumer’s biometric
identifier, such as a fingerprint, palmprint, face, eyes, or voice. Operating a web browser is not
an example of providing a digital payment application.
(iv) General use, for purposes of this subpart, means usable for a consumer to transfer
funds in a consumer payment transaction to multiple, unaffiliated persons, subject to an
exception for a payment functionality provided through a digital consumer payment application
solely for the following:
(A) Using accounts described in § 1005.2(b)(3)(ii)(A), (C) or (D) of this chapter; or
(B) To pay a specific debt or type of debt including:
(1) Debts owed in connection with origination or repayment of an extension of consumer
credit; or
(2) Debts in default.
(v) State means any State, territory, or possession of the United States; the District of
Columbia; the Commonwealth of Puerto Rico; or any political subdivision thereof.

(b) Test to define larger participants. A nonbank covered person is a larger participant of
the general-use digital consumer payment applications market if the nonbank covered person met
both of the following criteria during the preceding calendar year:
(1) It provided annual covered consumer payment transaction volume as defined in
paragraph (b)(3) of this section of at least 50 million consumer payment transactions; and
(2) It was not a “small business concern” as that term is defined by section 3(a) of the
Small Business Act, 15 U.S.C. 632(a) and implemented by the Small Business Administration
under 13 CFR part 121, or any successor provisions.
(3) Annual covered consumer payment transaction volume means the sum of the number
of consumer payment transactions denominated in U.S. dollars that the nonbank covered person
and its affiliated companies facilitated in the preceding calendar year by providing general-use
digital consumer payment applications.
(i) Method of aggregating the annual covered consumer payment transaction volume of
affiliated companies. The annual covered consumer payment transaction volume of each
affiliated company of a nonbank covered person is first calculated separately, treating the
affiliated company as if it were an independent nonbank covered person for purposes of the
calculation. The annual covered consumer payment transaction volume of a nonbank covered
person then must be aggregated with the separately-calculated annual covered consumer
payment transaction volume of each person that was an affiliated company of the nonbank
covered person at any time in the preceding calendar year. However, if any two or more of these
companies facilitated a single consumer payment transaction denominated in U.S. dollars, that
consumer payment transaction shall only be counted one time in the aggregated annual covered
consumer payment volume calculation. The annual covered consumer payment transaction
volumes of the nonbank covered person and its affiliated companies are aggregated for the entire
preceding calendar year, even if the affiliation did not exist for the entire calendar year.

Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2024-27836 Filed: 12/9/2024 8:45 am; Publication Date: 12/10/2024]