The result of the CFPB’s multi-year study of the BNPL industry is what the CFPB calls an interpretive rule in which it finds that: (1) “digital user accounts” (each a “DUA”) that may be used to access credit are “credit cards” under Regulation Z; (2) the lenders that issue such accounts are “card issuers;” and (3) that as it relates to traditional BNPL loans (loans that are payable in four or fewer installments with no finance charge) these card issuers are “creditors” subject to subpart B of Regulation Z—the provisions typically applicable to open-end credit. Subpart B of Regulation Z imposes requirements on creditors such as requirements to issue account-opening disclosures, periodic billing statements, change in terms notices, rules relating to payments, and disputes rights. Many BNPL lenders were already providing substantive protections similar to those contemplated in Regulation Z. However, despite what the CFPB asserts, this interpretive rule imposes significant new obligations on BNPL providers.

The crux of the Bureau’s argument is that DUAs are “credit cards.” As contemplated in the interpretive rule, DUAs are “secure, personal profiles that the BNPL provider activates for a consumer, enabling the consumer to access and utilize BNPL credit.” In other words, a username and password with biographical data. Once logged in to a DUA, a user may “use” the DUA to access credit on an ongoing basis to make additional purchases. In a footnote, the Bureau acknowledges that each extension of credit accessed through the “use” of a DUA is typically separately underwritten and that there is no guaranteed credit limit.

The CFPB’s Interpretation of “Credit Card”

Under Regulation Z, a “credit card” is “any card, plate, or other single credit device that may be used from time to time to obtain credit.” 12 C.F.R. 1026.2(a)(15)(i). The Bureau’s Official Interpretation expands on this and states that the card must “be useable from time to time” and provides examples of items that are, and are not, credit cards. One of the Official Interpretation’s examples of an item that is not a credit card is an “account number that accesses a credit account, unless the account number can access an open-end line of credit to purchase goods or services. . .” 12 C.F.R. 1026.2(a)(15), Comment 2(a)(15)-2.ii.C (emphasis added).

The interpretive rule correctly notes that a credit card under Regulation Z “is not limited to a plastic or metal embossed physical card” and that plates, coupon books, and account numbers, including virtual cards, can all be “credit cards.” The Bureau then interprets “other single credit device” (and “other device” under TILA’s statutory text) to include DUAs that “a consumer can use through websites, mobile apps, browser extensions, or integrations with merchants websites or mobile apps to access BNPL credit, to the extent the user account is used to draw, transfer, or authorize the draw or transfer of credit in the course of authorizing, settling, or otherwise completing transactions to obtain goods or services.” The Bureau asserts that this interpretation flows from the ordinary meaning of the word “device” and cites both the Merriam-Webster Dictionary and the Oxford English Dictionary as support.

The CFPB also looks to previous comments by the Federal Reserve Board to assert that the Board previously adopted a similarly broad interpretation of “other single credit device” in 2010 to include account numbers. In footnotes, however, the CFPB acknowledges that (1) the “account numbers” contemplated by the Board are distinct from BNPL DUAs and (2) “the Board was only considering open-end credit.

In the Board’s 2010 comments that the Bureau cites to support its contention, the Board specifically acknowledged the limitations of the parameters of what might be a “credit card” and limited it to instances where the account numbers are accessing open-end credit to purchase goods or services:

Because most if not all credit accounts can be accessed in some fashion by an account number, the Board does not believe that Congress generally intended to treat account numbers that access a credit account as credit cards for purposes of TILA. However, the Board is concerned that, when an account number can be used to access an open-end line of credit to purchase goods or services, it would be inconsistent with the purposes of the Credit Card Act to exempt the line of credit from the protections provided for credit card accounts. For example, creditors may offer open-end credit accounts designed for online purchases that function like a traditional credit card account but can only be accessed using an account number. In these circumstances, the Board believes that TILA’s credit card protections should apply.

76 FR 22949 (2011) (emphasis added).

The Board specifically stated that an account number is not a credit card unless it “can access an open-end line of credit to purchase goods or services.” Id. The Board acknowledged that consumer groups were concerned about this exclusion and had stated that it created an “incentive for creditors to develop new products designed to circumvent the Credit Card Act.” Id. In response to these concerns, the Board stated that the commentary was intended to prevent circumvention by clarifying that an account number that accesses an open-end line of credit to purchase goods or services will generally be treated as a credit card. Of particular noteworthiness, the Board seemingly acknowledged the limitations of its interpretive powers and the scope of the current state of Regulation Z and stated: “To the extent that additional products emerge that raise concerns regarding circumvention, further revisions to Regulation Z may be appropriate.” Id.(emphasis added).

Notwithstanding, the Bureau has taken the position that its conclusion that BNPL DUAs—user accounts with biographical information that are used to login to an online account through which the consumer can subsequently apply for individual closed-end extensions of credit—are “credit cards” is an interpretive rule that does not impose any new or revise any existing disclosure requirements. Instead, of issuing a proposed rule and going through a formal notice and comment period, as the FRB apparently contemplated would be necessary in connection with such an interpretation, the Bureau has given the industry 60 days from publication in the Federal Register to make very significant changes to their products and in their operations to comply with Regulation Z’s onerous open-end credit provisions. As perhaps an attempt to stave off challenges, the Bureau has stated that even though it believes it is not required to do so, it will accept comments from the industry and potentially revise its position after it reviews the feedback; however, the Bureau made clear that it is under no obligation to make any revisions and may take no further actions if it feels no revisions are warranted.

New Compliance Obligations

Assuming a DUA is deemed to be a credit card, BNPL providers that issue such “devices” will be deemed to be “card issuers.” These card issuers will be “creditors” for purposes of Regulation Z’s open-end credit provisions under a definition generally meant to apply to so-called travel and entertainment cards that require repayment at the end of each billing cycle. As characterized, BNPL providers will be subject to Regulation Z’s open-end requirements which include requirements relating to account-opening disclosures, billing statements, changes in terms, payment processing, treatment of credit balances, issuance of cards, liability for unauthorized use, merchant disputes, billing disputes, crediting of returns, advertising, and, as the CFPB notes in a footnote, potentially application and solicitation disclosures.

While BNPL products at their core are consumer friendly and while the industry has taken proactive measures to address consumer protection considerations, including those relating to disputes and returns, the Bureau is imposing on the industry onerous requirements that traditionally apply to open-end credit and which will require careful contemplation when implemented—all within 60 days from the interpretive rule’s publication in the Federal Register. By way of example, the Bureau provides no guidance whatsoever as to the timing requirements for billing statements for BNPL accounts where late fees are assessed for failing to make individual payments or for failing to make the final payment.

While the statutory text of the Truth in Lending Act, specifically section 105(d), contemplates that Bureau interpretations of existing regulations (such as those impacting disputes) that require disclosures that differ from those previously required shall not go into effect for at least six months from the date of promulgation, the Bureau appears to have taken the position that none of this is new and therefore has only given the industry 60 days to adapt to these sweeping changes.

We will continue to monitor developments relating to this interpretive rule and its implications to BNPL providers. In addition to BNPL providers, any business that offers consumer accounts that may be used to login and pay for items over time, such as season ticket agreements and annual memberships paid in arrears, should carefully contemplate whether this rule might also apply to them.