In early 2019, FedFin issued a report highlighting an array of hazards as bigtech’s “surveillance capitalism” business model increasingly subsumed financial services.  On Thursday, the Consumer Financial Protection Bureau finally took the first step  – a giant step – towards the wholesale rewrite of the U.S. bigtech industry that’s only become still more urgent.  Finance is structurally, systemically, and equitably different when someone who tracks what kind of underwear we like also knows how much money we have, where we spend it, and who holds it.  Given this, the Bureau’s full-bore attack on bigtech may well realign the sector’s competitive construct not just in the U.S., but also around the world.  This can be for the way-better if the Bureau picks its targets well and stands its ground under the ruthless barrage sure to start at hearings later this week.

That the CFPB contemplates an incoming fusillade is clear from its order.  All it demands of Amazon, Apple, Facebook, Google, PayPal, and Square makes daunting reading even if one doesn’t have to fill in seventeen pages of penetrating questions and provide all the supporting documentation demanded on each one of them.  Tech platforms are told to hand over memos, names, product numbers, contracts, operating manuals, and pretty much anything else anyone might think of for any aspect of recent bigtech operation that touches consumer finance.  The full scope of all these data demands is stunning, but perhaps the most interesting among them focus on data harvesting, surveillance-based advertising, targeted offers, and how personal financial data are monetized.

Given that harvesting, ads, targeted offers, and data monetization are what make bigtech tick, any Bureau action to disentangle these network effects would force the platform companies to compete far more equitably with companies unable by law to commingle banking and commerce and those who, even if they could sell T-shirts, don’t because they’re too busy ensuring operational resilience and complying with lots of other rules.  Traditional financial companies thus welcome CFPB sanctions that level the proverbial playing field.

However, ill-differentiated CFPB standards could instead be only a lowest-common denominator if the CFPB launches too much of a scatter-shot attack.  It needs to pick its targets so it can aim straight and true.

My own list of top CFPB targets starts with ensuring that consumers are not victims of information asymmetry based on the contradiction between their often simple best interests and tech-platform complexity.  A few more mandated disclosures almost certainly won’t address these asymmetries because they’ll be no less impenetrable to vulnerable consumers than any of the other disclosures that frequently do little for anyone but lawyers.  As a result, high-impact problematic practices such as tying financial-service availability or pricing to commercial-product selection should be simply prohibited for tech platforms just as they are for banking organizations.

Another critical solution to information asymmetry is loss limitation.  This is resolved for many regulated banking products by the $50 limits on credit and debit card loss and many other backstops – think FDIC insurance to see how vital these are.  Few, if any, consumer safeguards exist on non-traditional financial products but, as our 2019 report made clear, consumers often can’t tell the subtle legal differences that allow a nonbank to proffer something that looks a lot like a bank product, only better.  To ensure both fairness and consumer protection, any financial product that looks like a bank product should be backed by the same consumer-loss and error-resolution buffers.

Given that tech platforms are unregulated, the only way to ensure that this in fact happens is via mandated, transparent, and sterile reserves.  These aren’t the same type of reserves I addressed last week for stablecoins except when the tech-platform product is a stablecoin.  The point is the same though: act like a bank or even a central bank, protect vulnerable consumers like a bank or even a central bank.

The Bureau’s orders cast so wide a net that the agency may also contemplate operational-resilience standards on grounds that these are essential for consumer protection and so they are.  If the CFPB’s legal authority isn’t as sweeping as it suggests, then Congress must step in to ensure that someone somewhere protects consumers from the hours-long outages that most recently afflicted Facebook.  These are one kind of consumer problem when it takes a while to see what your kids ate for lunch; quite another when you can’t pay your bills or find your paycheck.

When the Bureau opens the gates with a public request for comment atop the new order, much will flood in – there are few issues more important to genuine inclusion, financial-market integrity, systemic stability, and meaningful consumer protection.  My priority-target list is just a starting point for action on the reforms urged in our 2019 report and more recently in my book, where there’s a detailed payment-system and cryptography discussion atop the earlier analysis.

Since I wrote this part of my book in 2020, the risks have only grown higher because bigtech has only gotten more inextricably intertwined in every aspect of everyday life and the financial transactions that power them.  Policy intervention is overdue, but at least it’s now in sight.