Consumers and businesses alike have significantly benefitted from fintech developments in the payments space over the past decade, including peer-to-peer (P2P) platforms, buy-now-pay-later (BNPL) services and other disruptors within the financial sector.

However, the same qualities that often make these services so successful—convenience, speed, low cost and the actual or perceived removal of market intermediaries—also run the risk of attracting fraudsters.

And in any industry that attracts fraudsters, inquiries by state attorneys general and their federal counterparts are often close behind.

Why do state AGs care?

As the primary enforcers of state consumer protection laws, AGs keep a close eye on products and services that they perceive as risky to consumers.

Moreover, disrupters in any industry have historically drawn AG attention, because it is not always clear whether an innovative business model complies with existing regulatory requirements.

AGs are aware that fast-growing companies (such as venture capital-backed startups) sometimes outpace their ability to scale up regulatory compliance, including consumer privacy and security measures. AGs are also accountable to voters and will often scrutinize industries that have attracted consumer allegations of fraud.

Regardless of the reasons an AG may pay closer attention to a particular industry or product, that heightened awareness has the potential to lead not only to consumer alerts or informal inquiries, but also to formal investigations of a company, including direct inquiries and third-party subpoenas.

Warnings abound

AGs have frequently warned consumers about the use of P2P, BNPL, and other nontraditional financial products and services.

For example, in the past two years, AGs from DC, Illinois, Michigan, Maryland, Nevada, New York, and Wyoming have warned consumers to remain vigilant when using P2P apps to pay people they don’t know, and that demands for payment via P2P app may be a sign of a scam.

Fintech providers can also get caught in the crosshairs of AGs’ investigations into other industries, if their platform is used in the perpetration of consumer fraud or other malfeasance.

For example, in September 2020, former Massachusetts AG Maura Healey settled with payment processor Stripe to resolve allegations that it facilitated the fraudulent and unregistered sales of cryptocurrency by PlexCoin.

Federal enforcers 

Federal consumer protection enforcers at the FTC and CFPB have taken similar actions to examine the fintech industry and protect consumers.

In 2021, the CFPB issued a Notice and Request for Comment regarding “Big Tech Payment Platforms,” in response to which a bipartisan coalition of 33 AGs submitted comments identifying the primary categories of consumer complaints received by the AGs’ offices about such platforms: customer service, account access, and third-party scams.

Additionally, The CFPB recently issued a report analyzing the financial profiles of BNPL borrowers.

The FTC has also brought enforcement actions against payment tech companies.

For example, in 2018, it filed a complaint alleging that Venmo failed to disclose material information to consumers about the availability of funds, and that the platform’s privacy and security practices were insufficient. PayPal (which owns Venmo) reached a settlement with the FTC to address these concerns.

Avoiding regulatory headaches

Of course, while scammers may use certain payment platforms to defraud consumers, there is nothing inherently problematic or harmful to consumers about these tools.

As noted above, they offer many valuable benefits to consumers and businesses alike.

In fact, in a letter to CFPB Director Rohit Chopra in April 2022, a group of 22 AGs acknowledged that there are benefits to BNPL financing, especially when compared to other forms of credit.

As legal practitioners in the AG space well know, whether or not there is any real likelihood of a legal violation, the mere existence of an AG inquiry can significantly disrupt normal business operations.

For that reason, fintech companies, and companies that allow customers to make payments via P2P, BNPL, or other innovative mechanisms, can avoid a regulatory headache by reviewing their compliance programs and consumer-facing materials with the following principles in mind:

• Make robust disclosures to consumers about how their money is being handled, including when payments are actually sent and received, exact terms of any installment payment options, and what entities are actually processing, transmitting, and receiving the customer’s funds.
• Clearly disclose privacy settings and how the company is using customer data, and provide privacy and data use options to customers.
• Bolster risk monitoring and fraud prevention and mitigation procedures, to ensure they will adequately detect and escalate potential fraud.
• Implement two-factor or multi-factor authentication for consumer accounts where possible, and encourage or require consumers to use these tools.
• Check applicability of and, where necessary, confirm compliance with financial-industry specific regulations, such as the Gramm-Leach-Bliley Act—which contains its own privacy and safeguards rules — or state counterparts.

Adhering to these principles can help companies—whether they are offering or using payments fintech—benefit from the deployment of new technologies that help them attract and retain customers whilst avoiding regulatory scrutiny and the potential of a disruptive and costly investigation.