Yes, The CFPB Is Now Regulating Digital Marketers—And That's Just As Scary As It Sounds
The CFPB is a famously aggressive regulator of banks and credit companies. But now the same government agency responsible for bringing the nation’s most powerful financial institutions in line is setting its sites on digital marketing companies, and it is a real eye opener.
On August 10, the Consumer Financial Protection Bureau (CFPB) issued a new interpretive rule to address when digital marketing providers for financial firms can be held liable under the Consumer Financial Protection Act (CFPA), including its prohibition on unfair, deceptive, or abusive acts or practices (UDAAP). Stated simply—the CFPB will now be reviewing the content of digital marketing creatives to determine whether they might fall short of agency standards.
*Insert shocked face emoji here.*
Now rather obviously digital marketers should already be focused on providing clear and honest communications with consumers—and the FTC already compels a focus on avoiding unfair or deceptive advertising. Similarly, the CMS requires clear and transparent communication in the medicare space. So the content of these rules is not a huge departure for digital marketing companies, but the regulating organization is a REALLY big shift. The CFPB culturally is a very “involved” agency—regular check ins with regulated companies are common, as are extensive document reviews.
If the CFPB is really planning to treat digital marketers the same as other regulated institutions, these companies can expect frequent contact from the regulator along with much additional scrutiny. This could get really interesting for an industry that has traditionally operated with limited oversight. (And it really raises the importance of organizations like REACH…)
So what actually happened?
Backing up a bit here, the CFPA provides authority to the CFPB to enforce Federal consumer financial laws and ensure that markets for consumer financial products are fair and transparent.
The CFPA applies to "covered persons" and their "service providers." A "covered person" is someone who offers or provides financial products or services for use by consumers primarily for personal, family, or household purposes. 12 U.S.C § 5481(6). The CFPA further establishes that "any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service" is a service provider. 12 U.S.C § 5481(26)(A).
While (26)(A) is broad, the CFPA provides an exception for companies that solely provide time or space for an advertisement for a consumer financial product or service through print, newspaper or electronic media. 12 U.S.C. § 5481(26)(B). So digital marketers were never previously within the purview of the CFPB’s regulatory authority.
Under the CFPB’s new interpretive rule—out last week— the CFPB determined the exception does not cover entities that are materially involved in the development of content strategy. According to the CFPB, while digital marketing providers may be providing space for ads, they are also offering many other services that go beyond the exemption -- such as algorithms or other analytics to target specific customers with ads or content that can be held liable for abuses under the federal law.
Because “[d]igital marketing providers are typically materially involved in the development of content strategy when they identify or select prospective customers or select or place content in order to encourage consumer engagement with advertising,” the CFPB explained that digital marketers “engaged in this type of ad targeting and delivery are not merely providing ad space and time,” and therefore cannot fall within the “time or space” exception.
If it seems weird that an agency can just expand its own power by interpreting the extent of an exemption to that power narrowly—it is. And it may not be constitutional. But we’re years away from a successful challenge on that ground.
For now, the CFPB has plainly set its site on the new “shiny object” of digital marketing agencies. And I suspect the agency will be aggressive out of the gate. As CFPB’s Director Rohit Chopra stated "[w]hen Big Tech firms use sophisticated behavioral targeting techniques to market financial products, they must adhere to federal consumer financial protection laws." Doesn’t seem like they’re going to be pulling any punches here guys.
Chopra also stated that the new interpretive rule is one of several actions the CFPB is taking to prepare for the future of consumer finance as technology firms expand their reach. “Advances in technology should help our economy and society advance, rather than incentivizing a rush to seize our sensitive financial data and to allow tech giants to evade existing laws that other firms must comply with,” he added. Unclear what else the CFPB may have up their sleeve here, but definitely a worrying development for the primary regulator of financial services to now have decided it is going to regulate high tech companies too.
I will keep an eye out on this.