Bureaucratic Overreach or Consumer Protection? Examining the CFPB’s Latest Action to Restrict Competition in Payments

Preserving a diversified fintech ecosystem requires that any regulatory interventions be risk-based and pursuant to lawful process. Regulators should target market failures, not market successes. They should act neither arbitrarily nor capriciously. To defend consumer choice and the freedom to innovate, Congress, not administrative agencies, should define the bounds and limits of regulators’ jurisdiction.

March 13, 2024 • Testimony

By Jack Solowey

Testimony

Chairman Hill, Ranking Member Lynch, and distinguished members of the Subcommittee on Digital Assets, Financial Technology, and Inclusion, my name is Jack Solowey, and I am a Policy Analyst at the Cato Institute’s Center for Monetary and Financial Alternatives focusing on financial technology.

I thank you for the opportunity to take part in today’s hearing entitled, “Bureaucratic Overreach or Consumer Protection? Examining the CFPB’s Latest Action to Restrict Competition in Payments.”

The focus of my testimony is on the deficiencies of the Consumer Financial Protection Bureau’s (CFPB’s or Bureau’s) proposed rule Defining Larger Participants of a Market for General-Use Consumer Payment Applications (Proposed Rule) and the path forward.¹

Background on Consumer Payment Apps

Since the first consumer digital payment application launched in the late 1990s, the digital payment ecosystem has become highly successful at satisfying demand.

In the CFPB’s Proposed Rule and request for comment, the Bureau aptly summarizes how digital payment apps have been widely adopted by American consumers.² More than three in four Americans report using at least one of four major peer-to-peer payment apps, and more than nine in ten U.S. consumers report using some form of digital payment.³ Digital payment apps have “become the most popular way to send money to other individuals” aside from cash.⁴ Moreover, digital payment app adoption may only continue to grow given younger adults’ propensity for using these tools.⁵

Notably, a majority of lower-income Americans—61% of consumers earning less than $30,000 annually—report using digital payment apps.⁶ This usage data suggests that such apps make an important private sector contribution to promoting financial inclusion in the United States.

Importantly, the Bureau has recognized that consumer preference for digital payment apps is at the heart of their adoption within the payment ecosystem:

“Across the United States, merchant acceptance of general-use digital consumer payment applications also has rapidly expanded as businesses seek to make it as easy as possible for consumers to make purchases through whatever is their preferred payment method.”⁷

The Proposed Rule Improperly Targets Market Success, Not Market Failure

Unfortunately, the Bureau takes the popularity and utility of digital payment apps as a reason to subject these tools to new regulatory supervision.⁸ Instead of articulating a comprehensive and persuasive risk-based rationale for the Proposed Rule, the CFPB treats market success, not market failure, as the reason for greater regulatory scrutiny. This is a perverse policy outcome.

Notably, when it comes to delineating which particular digital payment activities within the broader category are to be covered, the Bureau does consider risk to be a relevant factor. The CFPB’s own logic, then, makes it hard to dismiss a risk-based justification as unnecessary. Without a risk-based explanation for why digital payment apps, as a general category, should be newly subjected to supervision, the Proposed Rule is not justified. In addition, the absence of that risk-based explanation leaves covered parties without practical guidance regarding the types of risks the CFPB expects them to mitigate.

The Bureau Does Not Provide a Risk-Based Justification for the Proposed Rule

The Bureau is straightforward about digital payment apps’ popularity being the reason to subject them to heightened regulatory supervision. The Proposed Rule states: “The CFPB is proposing to establish supervisory authority over nonbank covered persons who are larger participants in this market because this market has large and increasing significance to the everyday financial lives of consumers.”⁹

The Bureau does not identify specific risks from popular digital payment apps to justify a new regulatory intervention. Rather, the Proposed Rule makes the occasional vague and conclusory reference to generic risks. For example, the Bureau makes limited references to risks of harm to consumers from non-compliance with federal consumer financial protection laws and from unfair and deceptive practices—all of which the Bureau asserts could be mitigated by supervision.¹⁰ Yet these mentions of risk amount to little more than largely circular arguments that compliance exams promote compliance.

Curiously, notwithstanding the Bureau’s glancing references to risks and avoidance of a comprehensive risk-based justification for the Proposed Rule, the Bureau nonetheless acknowledges that risk is a relevant consideration when determining which types of digital payment app activities should be supervised. For example, when explaining why payments through online marketplaces’ own platforms should not be covered by the Proposed Rule, the Bureau notes that those platforms “raise[] distinct consumer protection concerns from the concerns raised by general-use digital consumer payment applications that facilitate consumers’ payments to third parties.”¹¹ Similarly, when defending the proposed criteria for covered payment apps (i.e., transaction volume) against possible alternatives, the Bureau rejects “annual receipts from market activity” as a useful criterion because it might exclude too much activity, including situations where “the risks to and impact on the consumer may be just as significant” as those of activities that would be covered.¹² The Bureau does not explain what these concerns or risks to consumers are exactly, how the activities covered under the Proposed Rule exhibit them, or why such risks cry out for supervision.

The Bureau should extend the logic that takes risk to be a relevant criterion for distinguishing activities within the general category of digital payment apps and consider risk to be the salient factor for determining whether digital payment apps should be covered at all. If the CFPB is unable to base its decision to cover digital payment apps on specific risks to consumers, it should not move forward with the Proposed Rule.

The Bureau Does Not Provide Adequate Guidance on Risk-Based Supervision

Notwithstanding the Bureau’s insufficient discussion of risk as a rationale, the Bureau nonetheless emphasizes that when it comes to supervision itself, the degree of supervisory activity to which apps are subjected will be risk-based.¹³ Yet although the Bureau purports to adopt a risk-based approach to supervisory activities, it leaves its priorities vague. The risk-based supervision principles invoked by the Bureau generally do not address how such a program would apply to digital consumer payment apps specifically.¹⁴

The Bureau explains that supervision of designated larger participants “would be probabilistic in nature,” varying based on “the size and transaction volume of individual participants, the risks their consumer financial products and services pose to consumers, the extent of State consumer protection oversight, and other factors the CFPB may determine are relevant.”¹⁵ Here, the CFPB essentially restates the “Risk-based supervision program” factors described in the Consumer Financial Protection Act (CFPA) without further elaboration or clarification.¹⁶ The Proposed Rule’s rehashing of statutory factors and vague mentions of risks and “other factors” does not provide affected parties with clear guidance regarding what is likely to trigger supervision in practice.

Instead of explaining what newly covered larger participants should expect from supervision and the specific risks the Bureau is most concerned about, the Proposed Rule adds uncertainty. For instance, the Bureau explains that among the factors contributing to examination frequency would be “demands that other markets’ [sic] make on the CFPB’s supervisory resources,” which is unknowable to supervised parties and likely unpredictable.¹⁷ The Bureau further indicates that one should not expect consistency from the criteria for examination frequency, as they will continually evolve:

“These factors can be expected to change over time, and the CFPB’s understanding of these factors may change as it gathers more information about the market through its supervision and by other means.”¹⁸

In addition, the Bureau notes that, in at least some instances, supervision would precede identifying risks, explaining that “the rule would enable the CFPB to monitor for new risks to both consumers and the market,” as the “ability to monitor for emerging risks is critical as new product offerings blur the traditional lines of banking and commerce.”¹⁹ This is in tension with the fundamentals of risk-based supervision and would complicate the ability to provide advanced guidance to covered parties.²⁰

If the Bureau does not provide clear and practical guidance to affected parties regarding the anticipated triggers of supervision, its supervision framework would be of limited value as a guide to behavior or incentive for compliance.

A Path Forward

The Bureau should withdraw the Proposed Rule given its lack of justification based on specific risks posed to consumers. The Proposed Rule is not only a solution in search of a problem, but it also counterproductively muddies the waters regarding the types of risks that digital payment app providers should be mitigating and how to prioritize compliance measures.

At the very least, the Bureau must provide clearer guidance to affected parties with respect to risk-based supervision factors. This could include explaining how the CFPB interprets risks under the CFPA’s risk-based supervision criteria, what risks specifically it will attend to in the context of digital payment apps, and what “other factors” it anticipates will be relevant to digital payment apps when prioritizing exams.²¹

In addition, this proposal raises questions about the nature of CFPB’s authority to both define by rule and supervise larger participants of a market for consumer financial products or services. The Bureau maintains that it “need not conclude before issuing a [larger participant rule] that the market identified in the rule has a higher rate of non-compliance, poses a greater risk to consumers, or is in some other sense more important to supervise than other markets.”²² For the avoidance of doubt—and to head off the Bureau arrogating to itself essentially unbounded supervisory authority—Congress may wish to amend the existing provisions on supervision of nondepository covered persons to expressly clarify that “largeness” alone is an insufficient criterion for subjecting product or service providers to ongoing supervision.

Applying the Proposed Rule to the Crypto and Decentralized Finance Ecosystem Is Inappropriate

Even if the Proposed Rule had been properly justified, its proposed coverage of the crypto and decentralized finance (DeFi) ecosystem presents multiple problems. The Bureau proposes to extend its jurisdiction to transfers of “digital assets,” “[c]rypto-assets,” and “virtual currency” made for personal, family, or household purposes.²³ This assertion of authority over crypto and DeFi is based on a thin reed of largely non-pertinent case law and is not supported with a proper cost-benefit or impact analysis. Relatedly, the Proposed Rule risks inappropriately sweeping into its ambit the technology of self-hosted, or non-custodial, crypto wallets.

The Proposed Rule Inappropriately Claims Jurisdiction Over Crypto Assets

The Proposed Rule defines the covered market, in relevant part, to include providers of a “covered payment functionality,” through a “digital application,” for making “consumer payment transactions.”²⁴ Importantly, consumer payment transactions are defined to include consumer fund transfers for personal, family, or household purposes, subject to certain exceptions.²⁵ As the Bureau notes, the CFPA does not specifically define the term “funds.”²⁶ Nonetheless, the Bureau goes on to conclude that “consistent with its plain meaning” the term funds is not limited to fiat currency but also covers “digital assets that have monetary value and are readily useable for financial purposes, including as a medium of exchange.”²⁷ To support this proposition, the Bureau cites a handful of cases interpreting the relationship between the term funds and certain digital assets “for purposes of other federal statutes.”²⁸

It is not settled that the original public meaning of “funds” under the CFPA would include cryptocurrency. The first transfer of the first blockchain-based cryptocurrency—Bitcoin—took place in 2009, the year just prior to the passage of the CFPA, which was part of a legislative package designed to address the 2007–2008 Global Financial Crisis. Ethereum would not launch until 2015. Moreover, the CFPB’s invocation of case law that the Bureau admits addresses other

federal law, and not the CFPA, does little to prove that “funds” under the CFPA covers cryptocurrency broadly.

Additionally, the Bureau’s analysis of the costs, benefits, and impact of its proposal to extend authority to the crypto ecosystem is inadequate, raising serious concerns under both the Administrative Procedure Act (APA) and the CFPA itself.²⁹

Reviewing courts must hold unlawful and set aside agency actions that are, among other things, “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.”³⁰ Situations where agency rules are considered to be arbitrary and capricious include those where the agency has “entirely failed to consider an important aspect of the problem.”³¹ For its part, the CFPA requires that the CFPB consider a proposed rule’s potential benefits and costs to consumers and covered persons, including consumers’ potential loss of access to financial products and services as a result of a rule.³²

The Proposed Rule’s cost-benefit section—such as it is—does not consider the specific costs, benefits, and impact of extending CFPB authority to the crypto ecosystem.³³ Extending CFPB larger participant authority over the crypto ecosystem would involve a host of questions, such as the distinct implications of the proposal for cryptocurrency vs. fiat currency, for fungible vs. non-fungible digital assets, for crypto tokens earned in connection with providing network security, and for crypto tokens with niche functions. Where the CFPB does not consider questions specific to crypto, or, in other words, where it has not considered an important aspect of the problem, it would run afoul of statutory rulemaking obligations.

These deficiencies pose risks for the Bureau’s specific rulemaking at issue, but they also conflict with work underway in Congress—and in this subcommittee in particular—to directly address the contours and scope of a crypto regulatory framework. Congress should be wary of any administrative actions that attempt to encroach on its exclusive legislative power.

Self-Hosted Crypto Wallet Developers and Manufacturers Are Not Properly Considered Larger Participants

The Proposed Rule would cover certain providers of “wallet functionality” as defined. Yet the Bureau does not discuss whether the rule would apply to the important crypto technology of self-hosted, or non-custodial, crypto wallets. While there are good reasons the Proposed Rule should not be read to cover these technologies, to avoid doubt the Bureau should expressly clarify that self-hosted crypto wallets are not covered under the Proposed Rule. As discussed further below, applying the Proposed Rule, as currently introduced, to the developers and manufacturers of self-hosted crypto wallets would both clash with the requirements of the APA and CFPA and be inappropriate as a policy matter.

The Proposed Rule should expressly clarify its inapplicability to self-hosted crypto wallets.

The Bureau has not expressly clarified, as it should, that the Proposed Rule does not apply to self-hosted crypto wallets. Self-hosted crypto wallets are, at core, hardware or software tools for storing and safeguarding the cryptographic keys (or a mnemonic phrase for recovering them) that enable users to access their own crypto holdings.³⁴

Under the Proposed Rule, wallet functionality, when provided through a “digital application,” is a covered payment functionality regardless of whether it’s paired with “fund transfer functionality.”³⁵ Constituting wallet functionality itself means satisfying two prongs: (1) storing account or payment credentials; and (2) transmitting, routing, or otherwise processing those credentials “to facilitate a consumer payment transaction.”³⁶

One might interpret prong (1) to cover the storage of cryptographic keys for accessing crypto holdings, though the Bureau does not address cryptocurrency private keys nor discuss this possibility. Prong (2) raises questions when it comes to the possible coverage of self-hosted crypto wallets.

The most basic type of self-hosted crypto wallet is simply a piece of paper (or stamped metal) recording a user’s private key (or a relevant mnemonic for recovering it). Under any plain reading of the Proposed Rule, these paper (or stamped metal) wallets should not be covered, both because they do not themselves transmit, route, or process the information they record, nor do they do so through a “digital application” (as also required by the Proposed Rule).³⁷

Other types of self-custodied crypto wallets can be either software or hardware based. While offerings within these broad categories can vary in terms of their capabilities, developers and users may reasonably ask whether such tools would be covered under prong (2) of the definition of wallet functionality. Unfortunately for those seeking clarity, the Proposed Rule does not discuss either self-custodied software or hardware crypto wallets, let alone in connection with the scope of prong (2).

The Bureau ought to expressly clarify that the Proposed Rule does not apply to self-hosted crypto wallets. For instance, the Bureau could explicitly articulate that a self-hosted software or hardware wallet function—composing and signing (with a private key) a message bound for a crypto network—does not constitute covered transmission, routing, or processing of account or payment credentials, or payment instructions, under the Proposed Rule.³⁸

Applying the Proposed Rule to self-hosted crypto wallets would risk violating the CFPA and APA.

Because the Bureau does not address the applicability of the Proposed Rule to self-hosted crypto wallets and the impact of the Proposed Rule on the market for those technologies (e.g., the benefits, costs, and reduction of consumer financial access that would stem from the application of the Proposed Rule to self-hosted crypto wallets), the application of the Proposed Rule to self-custodied crypto wallets likely would be unjustified under the CFPA and improper under the APA.³⁹

For instance, the APA requires that an agency must “examine the relevant data and articulate a satisfactory explanation for its action including a ‘rational connection between the facts found and the choice made.’”⁴⁰ When it comes to self-hosted crypto wallets, the Bureau did not examine relevant data, articulate any explanation for its action—let alone a satisfactory one—or describe any connection between the facts and its choice. Without that examination and explanation, the proposal’s application to self-hosted crypto wallets likely would be deficient under the APA.

Applying the Proposed Rule to self-hosted crypto wallets would be inapt policy.

Moreover, applying the Proposed Rule to self-hosted crypto wallets would be inappropriate as a policy matter. Unlike a digital payment app that involves necessary user reliance on a service provider to access assets, a self-hosted crypto wallet allows the user to access her own crypto holdings without relying on an intermediary. Importantly, those crypto holdings are neither held nor even documented by the software developer or hardware manufacturer involved in the initial development or production of the self-hosted crypto wallet. Rather, those crypto holdings are recorded on a public blockchain that does not itself rely on the self-hosted wallet developer or manufacturer to operate.

It is inappropriate to apply a rule designed to supervise digital payment app providers’ ongoing compliance with consumer financial protection law where there is no ongoing consumer reliance on a service provider. Moreover, there is no broader argument that the developer of a software-based, or manufacturer of hardware-based, self-hosted crypto wallet is providing general consumer financial infrastructure, as the backbone of the crypto ecosystem is not based on closed networks of wallet providers but rather on open and public blockchains that are agnostic to the developers or manufacturers of the wallets used to interact with them.

In the event that a user has an issue with the self-hosted crypto wallet she possesses, such issues are best addressed by the user to the relevant developer or manufacturer according to any agreement that governs their relationship or another private cause of action available at law, not a public regulatory agency’s ex ante supervisory regime designed to assess compliance by those providing and maintaining payment services on an ongoing basis.

A Path Forward

As it stands, the Proposed Rule should not properly apply to the crypto ecosystem. In the event that the Bureau were able to resolve the procedural deficiencies, such as inadequate cost-benefit and impact analyses, any application of the Proposed Rule to self-hosted crypto wallets would remain substantively inappropriate. Accordingly, to the extent the Proposed Rule were to move forward, the Bureau must expressly clarify that self-hosted crypto wallets are outside of its scope.

Perhaps most importantly for the long-term health of both the financial technology ecosystem and the constitutional order, Congress should establish the scope and limits of jurisdiction over crypto technology.

Conclusion

The availability of diverse payment tools benefits U.S. consumers, engineers, and entrepreneurs. Consumers benefit from a competitive marketplace and the ability to choose the products and services that best serve their needs. Engineers and entrepreneurs benefit from opportunities to act on their innovative technical and business ideas without facing arbitrary barriers to entry.

Preserving a diversified financial technology ecosystem requires that any regulatory interventions be risk-based and pursuant to lawful process. Regulators should target market failures, not market successes. They should act neither arbitrarily nor capriciously.

To defend consumer choice and the freedom to innovate, Congress, not administrative agencies, should define the bounds and limits of regulators’ jurisdiction.

Given its deficiencies, the Proposed Rule should be withdrawn. At the very least, the CFPB must justify its proposal based on specific risks to consumers; conduct an adequate cost-benefit and impact analysis regarding any extension of the Proposed Rule to the crypto ecosystem; provide clear and advanced guidance to covered persons regarding how the Bureau will prioritize supervisory actions in practice; and expressly clarify that the Proposed Rule does not apply to self-hosted crypto wallets.

* * *

Thank you for the opportunity to provide this information. I welcome any questions that you may have.

Jack Solowey

Policy Analyst, Center for Monetary and Financial Alternatives, Cato Institute

Notes

¹ “Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications” (“Proposed Rule”), Docket No. CFPB-2023–0053; RIN 3170-AB17, available at https://downloads.regulations.gov/CFPB-2023–0053-0001/content.pdf.

² See generally Jack Solowey, Comment Re: CFPB-2023–0053, Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications (January 8, 2024), available at https://www.cato.org/public-comments/public-comment-re-defining-larger-participants-market-general-use-digital-consumer.

³ Proposed Rule at 80200 citing Monica Anderson, “Payment apps like Venmo and Cash App bring convenience – and security concerns – to some users,” Pew Research Center (September 8, 2022), available at https://www.pewresearch.org/short-reads/2022/09/08/payment-apps-like-venmo-and-cash-app-bring-convenience-and-security-concerns-to-some-users/; and Jeana Chen et al., “Consumer digital payments: Already mainstream, increasingly embedded, still evolving,” McKinsey & Company (October 20, 2023), available at https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/consumer-digital-payments-already-mainstream-increasingly-embedded-still-evolving.

⁴ Id. at 80200 citing Ariana-Michele Moore, “The U.S. P2P Payments Market: Surprising Data Reveals Banks are Missing the Mark,” AiteNovarica (June 15, 2023) at 25, available at https://aite-novarica.com/report/us-p2p-payments-market-surprising-data-reveals-banks-are-missing-mark.

⁵ Id. at 80200 citing Consumer Reports Survey Group, “Peer-to-Peer Payment Services,” Consumer Reports (January 10, 2023) at 2, available at https://advocacy.consumerreports.org/wp-content/uploads/2023/01/P2P-Report-4-Surveys-2022.pdf and Ariana-Michele Moore, “The U.S. P2P Payments Market: Surprising Data Reveals Banks are Missing the Mark,” AiteNovarica (June 15, 2023) at 8, available at https://aite-novarica.com/report/us-p2p-payments-market-surprising-data-reveals-banks-are-missing-mark.

⁶ Id. at 80200 citing Emily A. Vogels, “Digital divide persists even as Americans with lower incomes make gains in tech adoption,” Pew Research Center (June 22, 2021), available at https://www.pewresearch.org/short-reads/2021/06/22/digital-divide-persists-even-as-americans-with-lower-incomes-make-gains-in-tech-adoption/ and Consumer Reports Survey Group, “Peer-to-Peer Payment Services,” Consumer Reports (January 10, 2023) at 2, available at https://advocacy.consumerreports.org/wp-content/uploads/2023/01/P2P-Report-4-Surveys-2022.pdf.

⁷ Id. at 80200 citing Geoff Williams, “Retailers are embracing alternative payment methods, though cards are still king,” National Retail Federation (December 1, 2022), available at https://nrf.com/blog/retailers-are-embracing-alternative-payment-methods-though-cards-are-still-king and The Strawhecker Group, “Merchants respond to Consumer Demand by Offering P2P Payments,” TSG (June 8, 2022), available at https://thestrawgroup.com/merchants-respond-to-consumer-demand-by-offering-p2p-payments/.

⁸ See Jack Solowey, “The CFPB’s Digital Wallet Rule Proposal Reveals What’s Wrong with the CFPB,” Cato at Liberty (blog), Cato Institute (November 22, 2023), available at https://www.cato.org/blog/cfpbs-digital-wallet-rule-proposal-reveals-whats-wrong-cfpb.

⁹ Proposed Rule at 80200. While the Bureau asserts that it does not believe it must show that popular digital payment apps pose greater risks than any other product or services, denying the need to address relative levels of risk does not explain why the Bureau fails to describe specific risks from popular digital payment apps themselves. Id. at 80200 n. 24 citing 77 F.R. 65779.

¹⁰ See, e.g., Proposed Rule at 80201 (“Supervision of larger participants, who engage in a substantial portion of the overall activity in this market, would help to ensure that they are complying with applicable requirements of Federal consumer financial law, such as the CFPA’s prohibition against unfair, deceptive, and abusive acts and practices, the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P, and the Electronic Fund Transfer Act and its implementing Regulation E”) and 80212 (“The CFPB would be examining for compliance with applicable provisions of Federal consumer financial laws, including the Electronic Fund Transfer Act and its implementing Regulation E, as well as the privacy provisions of the Gramm-Leach-Bliley Act. In addition, the CFPB would be examining for whether larger participants of the market for general-use digital consumer payment applications engage in unfair, deceptive, or abusive acts or practices. Conduct that does not violate an express prohibition of another Federal consumer financial law may nonetheless constitute an unfair, deceptive, or abusive act or practice” and “For example, as a result of supervisory activity, the CFPB and an entity might uncover compliance deficiencies indicating harm or risks of harm to consumers”).

¹¹ Id. at 80204.

¹² Id. at 80209.

¹³ See, e.g., Proposed Rule at 80198, 80211, 80212, 80213, 80213, and 80214.

¹⁴ See id.

¹⁵ Id. at 80211. See also 12 U.S.C. § 5514(b)(2).

¹⁶ See 12 U.S.C. § 5514(b)(2).

¹⁷ Proposed Rule at 80213.

¹⁸ Id.

¹⁹ Id. at 80201 citing CFPB, “The Convergence of Payments and Commerce: Implications for Consumers” (August 2022), available at https://files.consumerfinance.gov/f/documents/cfpb_convergence-payments-commerce-implications-consumers_report_2022-08.pdf.

²⁰ While 12 U.S.C. § 5514(b)(1)(C) contemplates supervision for “detecting and assessing” risks to consumers and markets, the Bureau’s emphasis in the Proposed Rule on new and emerging risks is in tension with the idea of exercising that supervisory authority in the first instance in a manner that is based on the Bureau’s assessment of risks posed to consumers in the relevant markets. 12 U.S.C. § 5514(b)(2).

²¹ See 12 U.S.C. § 5514(b)(2)(E).

²² Proposed Rule at 80200 n. 24 citing 77 F.R. 65779.

²³ Proposed rule at 80202. According to the plain text of the Proposed Rule and the Bureau’s express interpretation thereof, the purchase of crypto-assets (e.g., with fiat currency) or the exchange of crypto-assets (e.g., trading one type of crypto-asset for another) are not properly covered by the Proposed Rule. Id. at 80203 and 80215 (proposing section 12 C.F.R. § 1090.109(a)(2)).

²⁴ Id. at 80215 (proposing section 12 C.F.R. § 1090.109(a)(1)).

²⁵ Id. at 80215 (proposing section 12 C.F.R. § 1090.109(a)(2)).

²⁶ Id. at 80202.

²⁷ Id.

²⁸ Id. (emphasis added) citing United States v. Faiella, 39 F. Supp. 3d 544, 545 (S.D.N.Y. 2014); United States v. Iossifov, 45 F.4th 899, 913 (6th Cir. 2022); United States v. Murgio, 209 F. Supp. 3d 698, 707 (S.D.N.Y. 2016); United States v. Ulbricht, 31 F. Supp. 3d 540, 570 (S.D.N.Y. 2014); and United States v. Budovsky, No. 13-CR-368-DLC, 2015 WL 5602853 at *14 (S.D.N.Y Sept. 23, 2015).

²⁹ 5 U.S.C. § 551 et seq. and 12 U.S.C. § 5512(b)(2).

³⁰ 5 U.S.C. § 706(2)(A).

³¹ Motor Vehicle Mfrs. Ass’n of U.S., Inc. v. State Farm Mut. Auto. Ins. Co., 463 U.S. 29, 43 (1983).

³² 12 U.S.C. § 5512(b)(2).

³³ See Proposed Rule at 80211–14.

³⁴ See Jack Solowey and Jennifer J. Schulp, “At Least They Asked This Time: Treasury Department’s Crypto AML Power Wish List Is a Non‐starter” Cato at Liberty (blog), Cato Institute (December 6, 2023), available at https://www.cato.org/blog/least-they-asked-time-treasury-departments-crypto-aml-power-wish-list-non-starter. See also Sidhartha Shukla, “What Are Crypto Wallets and How Do They Work?” Bloomberg (December 15, 2023), available at https://www.bloomberg.com/news/articles/2023–12-15/crypto-wallets-explained-types-keys-and-the-ftx-cautionary-tale.

³⁵ Proposed Rule at 80215–16 (proposing sections 12 C.F.R. §§ 1090.109(a)(1) and (a)(2)).

³⁶ Id. at 80216 (proposing section 12 C.F.R. § 1090.109(a)(2)).

³⁷ Id. at 80215–16 (proposing sections 12 C.F.R. §§ 1090.109(a)(1) and (a)(2)).

³⁸ Given the Bureau’s explanation that presenting a plastic or metallic credit, debit, or prepaid card to merchants’ “gateway terminals” would not involve reliance on a “digital application,” there’s an argument that the use of self-custodied crypto hardware wallets should not either. The Bureau does not grapple with the question of whether self-custodied hardware crypto wallets would even satisfy the requirement of providing a covered payment functionality “through a digital application,” which is defined in relevant part as a “software program.” Proposed Rule at 80206 and Proposed Rule at 80215–16 (proposing sections 12 C.F.R. §§ 1090.109(a)(1) and (a)(2)).

³⁹ 12 U.S.C. § 5512(b)(2) and 5 U.S.C. § 551 et seq.

⁴⁰ State Farm Mut. Auto. Ins. Co., 463 U.S. at 43 citing Burlington Truck Lines v. United States, 371 U.S. 156, 168 (1962).

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Download This Testimony

Bureaucratic Overreach or Consumer Protection? Examining the CFPB’s Latest Action to Restrict Competition in Payments

About the Author

Jack Solowey

Notes