CFPB partially grants confidentiality request and modifies CID’s notification of purpose
On April 13, the CFPB released a Supplemental Decision and Order partially granting a payment technology company’s request for confidential treatment of its petition that sought to set aside a 2019 CID seeking information related to, among other things, the company’s payment processing activities. The CFPB noted in its supplemental decision and order that while the company’s initial confidentiality arguments were rejected, it provided the company an opportunity to make an additional submission following a U.S. Supreme Court decision that clarified the standard for determining what information may be withheld under Exemption 4 of FOIA. The Bureau ultimately granted the company’s confidentiality request with respect to its payment processor information only.
The supplemental decision and order is related to the company’s now-published original petition to set aside the CID, in which it asserted that it is not a covered person under the Consumer Financial Protection Act because even though it sells various products and services, it does not provide payment processing services. The company also argued that it is not a service provider because it does not offer or provide consumer financial products or services, nor does it provide services to a covered person. Furthermore, because it is not a financial institution, the company claimed that the CFPB has no EFTA authority over it. The original petition requested that the CID be set aside because it exceeds the Bureau’s jurisdictional authority. The Bureau responded that the company’s arguments did not warrant setting aside the CID because the investigation was “not patently outside” its authority, but it partially modified the CID’s Notification of Purpose to provide greater detail about the conduct the Bureau was investigating. The Bureau also contended that the fact that the company is not a financial institution does not affect whether the Bureau can conduct an investigation into potential violations of section 1005.10(b) of Regulation E (EFTA), which “applies to any person.”