WASHINGTON — Apple’s ambition may have accidentally taken it where most companies fear to tread — into the land of financial regulation.
This at least was the argument made by Georgetown law professor Adam Levitin after the tech giant announced last week that it would launch a mobile payments service, Apple Pay.
“I think Apple may have just become a regulated financial institution, unwittingly,” Levitin wrote in a blog post on Credit Slips. “I think Apple is now a ‘service provider’ for purposes of the Consumer Financial Protection Act.”.
This would make Apple subject to examination by the newly created Consumer Financial Protection Bureau, and more broadly bound to the Unfair, Deceptive or Abusive Acts or Practices (UDAAP) monitoring of the agency.
Levitin argues that because Apple is actually configuring the payments data it is transmitting in line with agreements that it has with banks and credit card companies, it is not a simple common carrier but a bona fide service provider in the sense of the law.
Apple Pay will use a unique number for each transaction — a process known as tokenization — and will transmit that instead of any credit card or bank account data.
It is this active role in determining the data transmitted, Levitin argues, that would put Apple under “service provider” definition, which explicitly includes anyone who “participates in designing, operating, or maintaining the consumer financial product or service.”.
The real kicker is that the CFPB’s supervision would cover not only Apple Pay, but, if the company indeed does fall under this definition, every interaction between Apple and consumers.
Apple is not commenting for the moment and it remains to be seen whether the CFPB will assert any authority over Apple Pay.
But as technology advances our means of payment — our very understanding of money — it clearly opens up new opportunities for the fraud, abuse and deception that regulations are designed to police and prevent.
There is no question that the regulatory agency is watching closely — not least because Levitin sits on the CFPB’s Consumer Advisory Board.
In a speech last week, just two days after Apple announced its new mobile payments service, CFPB director Richard Cordray addressed the topic in general terms.
“Using mobile devices for all sorts of banking services can make some transactions cheaper or faster or both,” Cordray said in prepared remarks at a meeting of this advisory board. “But we need to make sure that the legal and regulatory framework can keep up effectively, so that all consumers can be well served and remain protected, whether they are opening their wallet or scanning the screen on their smartphone.”.
He noted that the agency had recently sent out an official Request for Information on an array of issues related to mobile banking and financial management services to get a better idea of how these new technologies affect consumers.
The details of Apple Pay have yet to be released, so Levitin acknowledges that his initial reading may not be correct. He also acknowledges that the CFPB already has a lot to do and limited resources so it probably won’t be tackling Apple anytime soon.
But he goes on to note that if the new service does in fact subject Apple to UDAAP restrictions, it opens the possibility that other federal and state agencies may exert their authority in policing unfair or deceptive practices.
Several of the UDAAP cases pursued by CFPB, resulting in millions of dollars in fines and restitutions, were concluded with other regulators as well as state attorneys general.
As Yves Smith noted in her Naked Capitalism Blog last week, even if CFPB chooses to use its powers narrowly, “that may not save Apple from the attentions of state-level enforcers.”.
High-profile state regulators such as Benjamin Lawsky, head of New York State’s Department of Financial Services, could target Apple even if the CFPB demurs.
Unwitting or not, immediately or not, it is inevitable that mobile payments technology at some point will cross the border into regulatory territory.
If Levitin is correct, it would mean that existing law is flexible (vague) enough for regulators to act on something like Apple Pay even without new legislation.