On December 6, the CFPB announced its decision and order to supervise a large tech company, designating it as a “covered person” which allegedly engaged in financial conduct that may have posed risks to consumers. Unlike an administrative enforcement proceeding, which involves findings of fact and conclusions of law on legal violations, the Bureau initiated this proceeding to determine if there was “reasonable cause” to believe the company’s conduct poses risks to consumers. Under Section 1024(a)(1)(C) of the CFPA, the CFPB requires only “reasonable cause to determine” that a company’s conduct poses risks to consumers, not proof of legal violations. The Bureau emphasized that the company’s discontinuation of its payment platforms does not preclude supervision, but noted it “it may influence whether the CFPB determines whether to conduct an examination.”

The Bureau stated the company did not dispute its status as a “covered person” under Section 1024(a)(1)(C). The company had offered two consumer financial payment products — a peer-to-peer payment platform and a stored-value product — both discontinued in June. The CFPB identified risks related to error resolution, citing consumer complaints about inadequate investigations and explanations of erroneous transactions.

The Bureau argued supervision was warranted even after the company’s business changes, as past conduct can indicate weak compliance systems that might lead to consumer risks. The CFPB asserted that Congress intended for the CFPA to empower it to determine the character and magnitude of risks that merit supervision.

In response, the company challenged the order in the U.S. District Court for the District of Columbia, arguing that “Congress did not authorize the CFPB to designate a company for ongoing supervision based on a product it no longer offers.” The company argued that “a product that no longer exists is incapable of posing” risks to consumers. The company contended that “under [the CFPB’s] interpretation, any covered person that ever engaged in conduct that the Bureau determines in its discretion to have posed any alleged risk to consumers is subject to the full weight of the CFPB’s supervisory authority,” warning this position sends a “chilling and damaging message” to all companies interested in providing innovative consumer financial services.

The company also highlighted its existing supervision by state regulators and compliance with the EFTA and Regulation E. It brought four counts against the CFPB: exceeding its statutory authority, taking arbitrary and capricious action, failure to observe required procedures, and lacking substantial evidence to conclude that the company’s products posed risks to consumers. The company sought to vacate the CFPB’s supervisory designation and enjoin the CFPB from enforcing its order.