On December 6, the Consumer Financial Protection Bureau (CFPB or Bureau) announced an order asserting supervisory authority over Google Payment Corp. (GPC), a subsidiary of Google LLC. This decision was based on alleged “risks to consumers” associated with GPC’s retired peer-to-peer (P2P) payment product. The CFPB’s order, however, does not assert that GPC violated any laws or engaged in wrongdoing. Instead, it relies on a relatively small number of unverified consumer complaints to justify future examinations, even though GPC stopped offering the product.

In response, GPC filed a complaint against the CFPB and Director Rohit Chopra challenging the legality of the supervisory designation.

Key allegations in the complaint include:

  • Exceeding Statutory Authority: GPC argues that the CFPB’s decision to supervise based on a retired product exceeds its statutory authority. The company contends that there can’t be any “risk to consumers” because the product is no longer offered and Dodd-Frank only permits the supervisory designation for current or future risks to consumers.
  • Low Threshold for Supervision: GPC claims that the Bureau set an unreasonably low bar for what constitutes sufficient “risks to consumers,” allowing supervision based on any quantum of risk, including de minimis or routine risks inherent in offering consumer financial products.
  • Ignoring Evidence: GPC asserts that the CFPB ignored substantial evidence provided by GPC, including detailed responses to consumer complaints and a report from an independent consulting firm. The company argues that the CFPB failed to consider its comprehensive compliance program and ongoing state regulatory oversight.
  • Procedural Violations: GPC alleges that the CFPB violated its own procedural rules by introducing new evidence and arguments throughout the administrative process, denying GPC a reasonable opportunity to respond.
  • Coercive Tactics: GPC claims that the Bureau threatened to publicize the supervisory designation if GPC contested the allegations, while offering confidentiality if GPC consented to supervision. GPC also alleges that the CFPB leaked a copy of the order to the press at a time when GPC was statutorily barred from publicly commenting and, thus, unable to defend its reputation. This, according to GPC, constitutes coercive behavior.

This marks the first occasion on which a company designated for supervision based on the CFPB’s risk-based authority has challenged the designation in court. The outcome of this litigation will have important implications for the scope of the CFPB’s supervisory authority and the regulatory landscape for nonbank financial entities, and depending on the outcome, could end up restricting the Bureau’s future ability to designate companies under this provision of Dodd-Frank.