It was easy to miss the CFPB’s paradigm-shifting prepaid-card rule on Wednesday given all the shouting that always accompanies this agency’s actions.  Despite the CFPB’s inability to clear anything with which anyone can cost-effectively comply – this rule is 1,689 pages long – it’s critical to pull out of this swamp the fact that it’s a wholesale rewrite of U.S. retail payments.  For all the bank-regulatory talk about shadow-banking risk, the Bureau has actually done something – actually quite a lot – about it.  With this new rule, new non-bank entrants have to play by costly bank rules, a business-model buster that redefines the competitive landscape at a transformational point in time.

How so?  Armed with unique federal authority to govern like-kind providers regardless of whether they be bank or non-bank, the CFPB’s prepaid rule goes way, way beyond the consumer protections feared by more traditional prepaid-card providers offering services to low- and moderate-income individuals who either can’t or won’t do business with a traditional bank.  The rule scrambles a lot of the key assumptions for these providers, but its reach also to on-line payment and mobile-wallet services is the paradigm shifter of which I speak. 

Assured by imaginative counsel and cosseted by accommodating state regulators, these non-bank innovators have developed a wide array of new payment products premised on the usual smart-device model:  it’s cool, fast, and fun, so why worry about risk.  Think smartphones and how long it took before providers did anything more than feel your pain if your phone (along with all its secrets) was lost or stolen.  In short, the provider sells the product and the customer takes the risk.

That is of course far from the long-standing model of regulated consumer finance.  One can debate – indeed, we seem to do so without end – how well consumers are protected, but the fact is that customers have direct and indirect recourse to banks when something goes awry with a credit or debit card, with a deposit account, and with mortgage servicing and other loan payments.  The CFPB has begun to use its enforcement powers on non-bank providers of these services to ensure they provide comparable protections, but the prepaid-card rule is the first one reaching deeply and purposefully into the full suite of innovative, tech-centric consumer-finance products.  Because protection comes at a cost – often significant as banks know well – the you-buy-it/you-bought-it model has been fundamentally torn apart.

The new costs come because the CFPB now demands that on-line, P2P, smartphone, and similarly-innovative payment providers limit user risk to the long established $50 one governing credit and debit cards.  This moves risk back onto the provider’s balance sheet, meaning it needs reserves with which to make consumers and vendors whole if deposit accounts are drained or products are not paid for.  Cyber-security also becomes a lot more important because it’s now the vendor, not the consumer, who takes this formidable operational risk. 

This model is so well understood by banks that many may miss its profound impact on non-banks.  Most of these new entrants posited their business models on those they knew well – phones and apps in which the provider is a neutral intermediator with no fulfillment or recourse risk.  With its new approach, the Bureau has taken a fee-based business and changed it into a balance-sheet one.  This will prove most challenging for startups, but even long-established, very wealthy providers like Apple will now have to rejigger their P&Ls and decide whether it’s really worth their while to go it alone. 

The CFPB now also demands that any retail-payment product with an overdraft or similar feature come under rules akin to those for credit cards – i.e., long delays before consumers must honor obligations and resilient rights to dispute their bills.  These requirements demand not only greater reserves, but also a lot of liquidity.  For most prepaid providers, these reserve and liquidity requirements will be too much of a stretch and most will either abandon overdraft features or convert them into some sort of sweep structure in which a bank or payday company actually provides the credit and takes the risk.

In a speech Thursday, I outlined M&A and new-product opportunities for banks despite the damning political climate and regulatory risk-aversion.  Fintech was on my list, but it moves to the top in the wake of the CFPB’s new rule.  Rapid assessment of which non-bank providers add innovative-transaction value, yet may be challenged by new balance-sheet risk, will identify some exciting revenue add-ons.  Given that this business is still a fee-based one, the marginal capital and liquidity costs for banks will not be anywhere as punishing as for non-banks suddenly thrust into these requirements.  With darkness now shrouding some shadow banks, it is time for banks to step back into the light, reclaiming the deposit and transaction services for which many of their franchises first were established.