In June 2023, The Consumer Financial Protection Bureau (CFPB) published a notice advising businesses and consumers that the funds they store on digital payment applications are often insecure compared to bank and credit union accounts that receive federal deposit insurance coverage. Accompanying this notice was a reminder that the Federal Deposit Insurance Corporation (FDIC) covers account deposits up to $250,000 and a recommendation that users of these digital payment applications should exercise caution as to the amount of money stored on uninsured accounts. While digital payment accounts are increasingly necessary for conducting business, using these accounts present a number of risks that should be understood and addressed.
There are a number of different financial technology services assisting with numerous elements of the transfer, recording, and storage of digital assets. Digital payment applications such as Venmo, PayPal, Zelle, and CashApp offer companies another way to quickly receive payments from customers and can limit exposure to sensitive personal information such as a consumer’s banking information. Similarly, digital wallet services such as Apple Pay and Google Pay enable users to access, manage, and use a variety of payment instruments made available through numerous different applications or websites. Digital wallets can be vital payment sources for many software application providers even with the slow erosion of the dominant application stores. Transaction volumes through digital payment applications can be staggering. For 2022, the CFPB estimates payment applications were used to transfer over $890 billion dollars. The CFPB expects this amount will exceed $1.5 trillion in trading volume by 2027.
Regulatory burdens for using digital payment applications continues to increase as well. For example, the American Rescue Plan Act of 2021 now requires payment application providers, online marketplace operators, and payment card companies (including credit, debit, and gift card providers) to report payments over $600 to the IRS and provide applicable users with a Form 1099-K. This requirement excludes gifts or reimbursements of personal expenses as they are not payments for goods or services. Previously, this provision was only triggered where the user’s gross income exceeded $20,000 or if the user had had 200 or more separate transactions within a calendar year. While beyond the scope of this article, actions by the FDIC and other government entities to expand the breadth of available fintech services can also include additional regulatory burdens on corporate governance, procedures, structure, operations, reporting, risk management, reserve requirements, planning, and liquidity levels. All these in turn will affect how fintech providers operate and the services they can provide.
When creating or renewing a relationship with digital payment application providers, there are a number of matters to be considered and reviewed with representatives of your financial, technical, sales, and legal teams. Internally, the company should set and monitor compliance with policies controlling authorization, creation, and use of digital payment applications. This should include how digital payment account users access these accounts to control against potential fraud, misuse, or activity that could complicate financial tracking or create additional reporting challenges. Companies should limit the amount of money that is stored in a particular account at any time and consider seeking insurance or other guarantees for money stored with digital payment application providers.
When negotiating a contract with a digital payment account provider, a company should at minimum secure an agreement addressing privacy and security concerns and requirements applying to both the company and any customers using the services. This includes the provider’s risk management policies and procedures, cybersecurity and data protection activities, and actions to protect consumer information and funds. Where applicable, commitments regarding software availability and disruption response as well as assurances regarding regulatory regime compliance may be helpful. The company may seek information regarding the provider’s licensing or registration requirements, any minimum capital requirements, and security and other precautions for safeguarding funds. Interoperability with various technologies, payment providers, and financial institutions should be considered for various markets. Understanding geographic limitations for offering services is also important, as national restrictions such as embargoes or regulatory limits may affect the service provider’s ability to assist customers. Currency value fluctuations require consideration of when conversions, deposits, and withdrawals occur, especially when highly volatile cryptoassets are involved.
Providentia exists to help scaling tech companies foresee the regulatory requirements that shape their business, build compliance into their products, and make access to quality, tech-experienced legal support a competitive advantage. Providentia’s rich experience in the Silicon Valley tech industry guides every aspect of what we do, from the practice areas we focus on to our alternative fee structures. We understand the unique environment that rapidly scaling technology companies face and have oriented our services towards providing the most practical, actionable, and tech-relevant counsel. To get in touch with the team at Providentia to help you navigate your company’s legal challenges, please contact us.