.svg)
The US Consumer Financial Protection Bureau (CFPB) has finalised a rule granting federal supervision over the largest digital payment apps, marking a significant expansion in oversight for big tech firms in the payments space.
The new rule targets nonbank companies handling more than 50m transactions annually, aiming to ensure they comply with federal laws governing privacy, fraud prevention and consumer rights.
This move brings big tech and other dominant payment app providers under CFPB supervision, a framework that already applies to banks, credit unions and other financial institutions.
The CFPB estimates that the most widely used apps collectively process more than 13bn consumer transactions each year, with a total transaction volume exceeding $1trn annually.
"Digital payments have gone from novelty to necessity and our oversight must reflect this reality,” said CFPB director Rohit Chopra.
"The rule will help to protect consumer privacy, guard against fraud, and prevent illegal account closures."
New compliance requirements for big tech
The rule enables the CFPB to proactively examine companies in a number of critical areas.
New privacy and data protection expectations will mean the regulator can make companies adhere to federal laws that allow consumers to opt out of certain data-sharing practices and prohibit misleading claims about data privacy.
It has made this a priority because “large technology companies are collecting vast quantities of data about an individual’s transactions”.
The CFPB is also introducing fraud and error resolution rules because it “is particularly concerned about how digital payment apps can be used to defraud older adults and active duty service members”.
Digital payment providers will be required to investigate disputes over fraudulent or erroneous transactions, a responsibility many currently shift to banks or credit card companies.
In addition, the regulator is introducing debanking and accessibility rules after consumers reported significant disruptions when apps freeze or close accounts without notice.
It plans to address these issues to prevent harm caused by sudden loss of access.
Changes and future implications
The final rule raises the supervision threshold to companies handling 50m annual transactions, up from initial proposals, and limits the scope to US-dollar transactions, reflecting the evolving nature of digital payment ecosystems.
This means that crypto firms, for now, evade the CFPB’s supervisory grip with these new requirements.
The new rule is part of a broader CFPB initiative to regulate big tech's role in consumer financial markets.
Previous actions include warnings about behavioural targeting, research on uninsured funds in payment apps and an investigation into the "tap-to-pay" market dominated by Apple and Google.
The rule is the CFPB's sixth major effort to define oversight for large participants in consumer financial markets, joining existing rules for credit reporting, debt collection, student loan servicing, international money transfers and auto financing.
The new compliance requirement will take effect 30 days after its publication in the Federal Register.
