Has Apple Pay Just Put Apple in the CFPB’s Crosshairs?

I strongly suggest you read Georgetown law professor Adam Levitin’s new post on why he believes Apple’s newly announced Apple Pay service puts Apple under the CFPB’s jurisdiction but virtue of having made itself a regulated financial institution. And Levitin means all of Apple’s consumer services, not just Apple Pay. He believes that Apple is now a “service provider” under the Consumer Financial Protection Act. That makes Apple subject to CFPB examination and UDAAP.

What, say you, is UDAAP? UDAAP stands for “unfair, deceptive, or abusive acts and practices”. UDAAP is the CFPB’s most feared power. From CSI Regulatory Compliance:

Can one word actually have power? Did the addition of “abusive” to the original Unfair and Deceptive Acts or Practices (UDAP) regulation give it the teeth to cause the most significant problems for the industry? Among all the changes the Dodd-Frank Act (DFA) wrought, many believe UDAAP will turn out to do just that. And given the significance of other DFA changes, that’s quite a statement. But we believe that UDAAP’s broad and vague scope, combined with the Consumer Financial Protection Bureau’s (CFPB’)s declination to provide specific UDAAP rules, make it potentially the most dangerous weapon in the Bureau’s arsenal. In an Inside Counsel article, Martin Bishop warns that, “UDAAP gives the CFPB the power to look at the acts and practices of anyone subject to its jurisdiction and declare those acts or practices–without notice–to be unfair, deceptive or abusive.” Take a look at the events of late, which reveal the CFPB’s plans for this powerful weapon.

The report lists a series of cases in 2013 and concludes:

These events make clear that UDAAP is a top priority for the CFPB, and this focus is filtering to other regulatory and law enforcement agencies as well. Several of the CFPB’s enforcement actions were issued jointly, with such other agencies as the Office of the Comptroller of the Currency, the FDIC, state agencies and state attorneys general. The other eye-opening fact to note is that while all of the CFPB’s enforcement actions cited UDAAP, none of them claimed “abusive” practices, leaving this amorphous term’s definition still elusive to institutions. One does wonder, though—given the charges in the CFPB’s enforcement actions—if the expansion of UDAAP with the word “abusive” added weight to the original two–-unfair and deceptive.

Let us return to the issue of Apple’s exposure to CFPB oversight. Levitin makes clear that his reading is preliminary. My gut is that he’s correct, but that the CFPB will choose to use its powers narrowly rather than expansively. But that may not save Apple from the attentions of state-level enforcers.

Here is the guts of Levitin’s analysis:

The CFPB has authority over two classes of people: “covered persons” and “service providers”. The CFPB has authority over these classes to the extent they are offering a “financial product or service.” Apple does not currently fit within the definition of “covered person” because it is not offering a “financial product or service”. Apple Pay does not actually transmit funds (they way, say PayPal does); that’s why Apple doesn’t have a MSB license (as far as I’m aware).

But even if one isn’t a “covered person,” one can still be a “service provider” to a covered person. I think there’s a reasonable case that Apple is a “service provider” by virtue of Apple Pay. A “service provider” must provide “a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service”. Card issuers are covered persons, and Apple is providing a material service in connection with a consumer financial product–a credit card.

The “service provider” definition explicitly includes those anyone who “participates in designing, operating, or maintaining the consumer financial product or service”.

Yves again. Levitin reviews a series of carve-outs and concludes that none offer Apple any relief. His conclusion:

So what does this mean if I’m correct and Apple is now a “service provider” under the Consumer Financial Protection Act? First, it means that Apple is now subject to CFPB examination and enforcement authority. Second, it means Apple is subject to UDAAP, including CFPB rulemaking and enforcement and state enforcement of the federal UDAAP statute.

And note that the way the Consumer Financial Protection Act is drafted, UDAAP is not limited to unfair, deceptive, and abusive practices in connection with the offering of the consumer financial product or service. It is a simple prohibition on covered persons and service providers engaging in unfair, deceptive, and abusive acts and practices, period. There is no language saying that the unfair, deceptive, or abusive acts and practices has to have any relationship with the consumer finance business. Read literally, anything Apple does is therefore fair game for state AGs, and for private attorneys who use private rights of action under state UDAP statutes based on a predicate violation of the federal UDAAP statute (that does not contain a private right of action).

Levitin thinks the CFPB is unlikely to examine Apple any time soon even if it agrees with his reading; the agency already has a full plate. But he wonders whether Apple missed this one entirely, or chose not to disclose it, which would raise securities law issues.

And if the CFPB isn’t ready to take an expansive view of its powers, that does not mean Apple can rest easy. Levitin stresses that UDAAP makes a covered person liable for any “unfair, deceptive, and abusive acts and practices” irrespective of whether it relates to providing a consumer financial service. In light of Apple’s wage fixing scheme, would other Apple employment practices fall short of this standard?

If nothing else, New York State banking superintendent Benjamin Laswky has been particularly creative and aggressive. If a deep pockets, high profile player like Apple were to run afoul of banking regulations, the technology giant would make for a very attractive target.

Print Friendly, PDF & Email


  1. John

    I applaud Apple’s wherewithal to push the bounds of innovative products, but this one does seem to be a stretch. Apple may have to turn this over to a third party like they do with iPhone carriers. Some things you cannot or should not do in house.

    1. vlade

      Yes, I do wonder.. Not sure how it works in US, but in the UK fraud on the card which is not caused by negligence of the holder (such as writing down the pin on the card, although banks do get creative on this.. ) is card provider responsibility. Whose responsibility is it in case they break Apple’s security?

      1. Jason King

        I think that article misses a very big piece of Apple Pay. Your actual CC# isn’t stored on the phone anywhere after the initial setup (a per-device token associated with your account is stored), and all transactions involve a one-time use token (that can be remotely wiped via find my iphone).

        In other words, the next Home Depot or Target level breach doesn’t effect people using Apple Pay–the only information that can be stolen from a merchant is useless. The token can’t be reused (like stolen CC#s) to purchase goods (or obtain cash) since it’s only good for a single transaction. Having had cards stolen, or just having to update your account numbers everywhere because your CC might have been stolen is a pain.

        Some CCs have offered bits and pieces of the functionality in the past (either single-use CC#s, separate CC#s that could only be used at one merchant, etc), but it usually involved running a separate program on your computer (or phone) to generate the CC# and really only worked well for online purchases where you had the time to open the program, login, generate the CC#, copy/paste it in.

    2. diptherio

      Familiar with the “butt-dial”? Get ready for the “butt-pay”.

      “Honey, I swear I was gonna pick up the tab for dinner tonight, but when we sat down to eat I inadvertently transfered all of my money to the last guy I bought something from…can you get this one?”

      1. Slick

        This has significant implications for the field of “buying a third motorcycle without asking my wife’s permission”. I am prepared to offer myself as a research volunteer.

  2. Paul Tioxon

    You are right to be wary of the narrowest interpretation. And size does matter. Apple is the biggest of the American brands for consumer products, and not surprisingly, as the novelty of its innovations travel the well worn path to cheapo commodityville status, entre financialization. If they can’t make money by selling the stuff they make, as much as they used to, it’s high time for them to turn to the other well traveled path to make money with money.

    This time OPM, Other People’s Money. By branding the service as a wallet, it is hard to avoid the description that makes them a financial service provider. And also actually offering the financial service and getting paid for it by the larger banking entities it has now entered an electronic payment service alliance with. Time and time again, I have heard Apple compared directly with paypal as a payment service operator, for its iTunes and Iwhatever downloading service. Since it has one of the largest collections of people’s credit card numbers in order to facilitate the purchase of music and ring tones and I guess to a lesser degree videos, they are structured very similarly to ebay/paypal. Since paypal is currently the exclusive payment service built into ebay on the site, but has also expanded to offer it payment service beyond ebay to other web based stores, Apple just has to take the next step and go beyond its iStore and offer its payment service to the retailing public. Now, it has.

    The business analysts watching the paypal and Apple payment stories do not seem to differentiate one from the other. Now, it looks like CFPB won’t be able to either.

    1. washunate

      ” If they can’t make money by selling the stuff they make…”

      The irony in the tech world is that Apple actually makes its money selling devices. Apply Pay isn’t a financing stream to replace lost profits of a commodity product. It’s a piece of software code that makes Apple hardware more valuable, that keeps the hardware from being commoditized in the first place (at least, Apple hopes it makes the devices more valuable…).

      1. Paul Tioxon

        I am sure what you are saying is true. From my own experience and the biznews reports about Apple. I don’t mean to indicate that Apple is in the death throes from competition pounding their pricing power to red ink. But certainly, you have to notice that even if the code makes the hardware more profitable, the code that makes you regulated by the innumerable Banking, Finance and Consumer laws, simply by entering into the payment business, is not something akin to hoping for the next killer app, like email or spreadsheets or Angry Birds. I don’t believe Elizabeth Warren will turn up much of a connection between the decline of the middle class due to apps or video games the way health insurance, credit card fees and bank over draft fees slowly bled people to death by a thousands cuts.

        As far as commodityville, Sprint is offering Apple phones replacement every 2 years and a monthly fee of less than $100. If it is not over the horizon for them right now, anyone in business knows it’s a matter of time before you are copied at a cheaper price and with innovative features, that forces pricing power downward and leadership moving towards the competition. Apples new phones are in a bigger size to compete with the others. They can’t be just a phone and tablet company. Financializaton, it’s tried and true, and now Apple is planning on making it a part of its future. How well it works for them, who knows, but they are going forward into a swampland that’s new to them.

        1. washunate

          I agree that’s where the business model is very interesting. In financial services, users are generally prey. The goal is to get as much out of them as possible. Whether one likes Apple products or not, their business model is the exact opposite – create value for the user so they gladly buy additional products. If apple pay is a prelude to larger foray into finance, I don’t see that as a problem. I see it as a huge opportunity. One of the selling points of the iphone was that it removed a lot of the carrier crapware and general hassle of the telcos. You can even activate your phone at home from your computer. I’m sure somebody at Apple has thought about how nice it would be to send a few bucks to your friend for pizza over Messages, no change required.

          And speaking of cell phones, getting ads every two years is an improvement in the post iphone world. I remember getting offers for phones every six months or so from Cingular back in the day. Cell phone contracts are weird things. I got my iPhone 3GS “free” – then it cost me a two year contract and $36 activation fee.

          And iPhones get reused and passed down; Apple still supports several older models. Indeed, Apple Pay itself is one of Apple’s sales pitches to buy a new phone (or watch) – it requires hardware not included in many older models.

          This is what I think is tricky about analyzing Apple in our post-crapification world. They still operate as if they have a strategic vision that is coherent and operational company-wide.

  3. amateur socialist

    Who knows maybe the CFPB can be enlisted to make them pay their income taxes. Anything’s possible.

  4. cnchal

    As much as I detest Apple, and their shiny factory in China with suicide prevention nets surrounding the building is a symbol of their moral depravity and greed, I find it strange to have to defend them on principle.

    But we believe that UDAAP’s broad and vague scope, combined with the Consumer Financial Protection Bureau’s (CFPB’)s declination to provide specific UDAAP rules, make it potentially the most dangerous weapon in the Bureau’s arsenal. In an Inside Counsel article, Martin Bishop warns that, “UDAAP gives the CFPB the power to look at the acts and practices of anyone subject to its jurisdiction and declare those acts or practices–without notice–to be unfair, deceptive or abusive.”

    We are near the bottom of a slippery slope when government agents can make laws up on the fly, and decide what is punishable at any particular moment for any particular reason. It is Star Chamber justice.

    Government has shown itself to be as criminally corrupt as the financial sector. It wouldn’t take long for corrupt government agents to be hired by Apple to “help guide them through the minefield” of made up rules. This will become a breeding ground for ever more corruption.

    Government will expand this principle to other areas quickly, and then it’s too late (if not already) to reel this form of insanity in.

    1. Jason King

      As much as I detest Apple, and their shiny factory in China with suicide prevention nets surrounding the building is a symbol of their moral depravity and greed, I find it strange to have to defend them on principle.

      You do realize that isn’t Apple but Foxconn (who also manufactures components not just for Apple, but for many other companies, including Apple’s competitors). If you’re going to be so sanctimonious, at least pick an issue that is unique to them.

      1. cnchal

        You do realize that isn’t Apple but Foxconn

        Thank you for enlightening me. I am terribly sorry for not understanding that Apple is so blind to it’s own commercial connections, that it failed to notice the nets surrounding the building of it’s subcontractor.

          1. Gaianne

            So maybe someone needs to call them up and mention Foxconn’s suicide nets? They are so busy with so many important things I am sure the just overlooked this, and will be glad, no, happy and grateful to have the matter brought to their attention so that they can like, you know, continue to improver their ever-so-wonderful products!


          2. cnchal

            Thanks for the links.

            It is astounding that over 44% of Apple’s suppliers are in China, alone.

            85% of their suppliers are in Asia, including China.

            9% are in North, Central, and South America, combined

            6% are in Europe, Africa and the Middle East, combined.

            There are nearly 800 suppliers in Apples slavery chain, and it is highly probable that many suppliers have multiple locations.

            There are thousands of places to inspect, so when the Foxconn managers were asked about the nets by Apple inspectors, if it was daylight and they noticed, they might have been told that it was a big trampoline, as a way for stressed workers to relieve tension. The Apple guys said “cool”.

            1. washunate

              Yeah, that’s the systemic challenge that’s hard to fathom if you’re not familiar with how transnational corporations operate. The entire consumer electronics industry has moved to the Far East. It’s where the supply chain exists. There is no meaningful capacity anywhere else in the world. Apple has been telegraphing pretty loudly that they would be happy to have a more geographically diverse supply chain, but it’s a collective action problem.

              Only government public policy can change things. If an individual company steps away from the system, they’ll be murdered by everyone from Wall Street analysts to tech pundits complaining about how expensive the products are and how unprofitable the company is. This is particularly true of a company like Apple that has such a large following of naysayers built up over the years who don’t like the company’s focus on making customers happy at the expense of the ‘Serious People’ who are supposed to tell the unwashed masses what to do.

              Quite simply, the authoritarians in the US – the politicians – don’t support worker rights. They oppose them. We already have ‘third world’ working conditions for the most oppressed workers in our economy, such as human trafficking, prison labor, domestic service, food manufacturing plants, and agricultural day labor. While most minimum wage jobs are not as bad as these, they are pretty miserable as far as not just the pay goes, but more importantly, the overall working conditions. The goal of public policy is to move that up the food chain, making more and more work degrading and dehumanizing and rendering workers destitute, without any voice in decision-making processes.

  5. Fraud Guy- Also

    My nominee for a business that the UDAAP authority needs to be applied to is rental cars. They are all crooks, every one of them. The price you pay is always higher than the price that was quoted. They don’t quote as part of the price various elements of their overhead that they pretend are “taxes”, even though they are not, and they try to sneak various financial products (i.e., insurance) onto the bill that you specifically declined. It’s the selling of insurance that, it seems to me, gives the CFPB jurisdiction over them. I say go get them.

  6. Larry

    Talk about the buzz that Apple can create. This is an interesting article for sure, but it left me wondering, what about Google Wallet and similar payment methods? I know Google Wallet has not been widely adopted (I rarely see retail locations where I can use it to pay), but has been around since 2011 and I’ve never read anything about it coming under the CFPB.

    1. Yves Smith Post author

      Even thought that is not how regulations are supposed to work, materiality is usually an issue. As in regulators won’t bother going after a potential/probably violation that is operating at a really low level.

      Apple is making Apple Pay hugely visible, while Google never (from what I can tell) created much profile or to your point, use for Google Wallet.

  7. washunate

    FYI, Apple Pay is the marketing name for a software update that lets certain Apple branded computing devices use your normal credit (or debit) cards without having your card physically present. I agree this is an interesting topic with some potential future ramifications, and I think Apple gets that this is an expansion of service. This is the very first line of the press release with my bold:

    “CUPERTINO, California―September 9, 2014―Apple® today announced Apple Pay™, a new category of service that will transform mobile payments with an easy, secure and private way to pay.”

    Google (Wallet), eBay (PayPal), Softcard (Isis), and Coin are other approaches from the tech side of things to get a piece of the US ‘mobile payments’ market, whatever exactly that is…


    It is pretty remarkable how far Apple has come over the past couple decades, from being openly mocked as an irrelevant business in the 1990s to now attracting attention from all sorts of angles due to how successful it is.

    In the scheme of things, Apple is one of the most well-behaved and customer-focused transnational corporations on the planet. Perhaps, of course, the very notion of having multi-billion dollar corporations is wrong. But given that they are allowed to exist, pretty much everyone has worse governance than Apple. If the CFPB decided to have an expansive view of its powers, I don’t think it’s a threat to Apple.

    I’d say it’s a competitive advantage. Unless it becomes a political football. Which is not Apple’s game, since they spend so much less on lobbying than many other large companies. However, if that’s what happens, this is all moot – that’s not about substantive legal/regulatory problems; that’s just government harassment to shake down companies that don’t do enough campaign contributions.

    At any rate, Apple has been providing financial services – in an expansive sense – since before the GFC. The iTMS opened over a decade ago. Apple Pay takes that further, with specific arrangements with payment systems and additional tech ‘behind the scenes’ for ID and privacy, but the consumer principle is similar. You put your cards on file with Apple. Apple pays the bill when you go shopping. Apple bills the bank behind your credit or debit card. Apple has well over half a billion(!) cards on file in iTunes.


  8. chris

    I’m glad to have stopped wearing a watch 3 decades ago!

    there’s an old Russian saying: “a man who doesn’t wear a watch is a free man”

    …now he’ll also save more money.

Comments are closed.