Skip to main content

Buy Now, Pay Later

Consumer Protection and Regulatory Risks of BNPL Products

Rhonda McGill
September 22, 2022
Marketing Compliance

The moment we’ve all been waiting for (or at least, the moment we’ve been waiting for at PerformLine)… the Consumer Financial Protection Bureau (CFPB) published the findings from their inquiry into the Buy Now, Pay Later (BNPL) industry that outlines market trends and areas of consumer harm, titled “Buy Now, Pay Later: Market trends and consumer impacts.

The report summarizes the data collected over the last several months and details both consumer protection and regulatory compliance risks associated with BNPL products.

Here are our top takeaways from the report and what it means for BNPL compliance programs moving forward.


In December of 2021, shortly after Rohit Chopra became the Director of the CFPB, he put out an inquiry to collect information from five BNPL companies-Affirm, Afterpay, Klarna, PayPal, and Zip-to better understand the risks and benefits of what he referred to as “fast-growing loans.”

The goal of the inquiry was to illuminate the range of these consumer credit products and their underlying business practices. The Bureau specifically called out concerns around accumulating debt, regulatory arbitrage, and data harvesting.

CFPB’s BNPL Report Overview

For the purpose of the report, the CFPB was specific to point out that they are only referring to the “pay-in-four” BNPL model of no interest, 25% down and three remaining installment payments collected in two-week intervals. The report does not include the point-of-sale installment plan or post-purchase credit card installment plan loans.

In addition to the information provided by the BNPL companies, the CFPB supplemented their findings by using information gathered from public comments, complaints filed in the CFPB’s Consumer Complaint Database, and publicly available information such as financial filings, earnings calls, research papers, media interviews with BNPL lenders, vendors, and clients.

The CFPB admits that although this report is the most quantitative and qualitative review of the BNPL industry to date, it still has some limitations including the report only being limited to the pay-in-four products which they refer to as “pure players.”

The data provided was aggregated data and does not provide in-depth individual loan level detail, so they could not assess the credit performance from the data collected. As a result, the structural soundness of the loan product credit models could not be evaluated. In fact, the only demographic the lenders collected and provided was age.

Finally, because they are dealing with “pure-play” data for the five BNPL lenders, the data cannot begin to project the depth of the true BNPL market in the U.S. 

BNPL Customer Acquisition Models

There are two strategies that the BNPL industry uses to drive the usage of their product.

  • The Merchant Partner Acquisition Model: For the merchant partner acquisition model, the BNPL company enters into a contract with a merchant to embed their product on their retail checkout page when consumers go to make a purchase. 
  • The App-Driven Acquisition Model: While lenders acquire most of their users via the merchant partner model, many are rapidly shifting towards the app-driven model in which consumers complete their credit application on the BNPL lender’s private app. Once approved, the customer receives access to a virtual shopping mall of merchants to shop from. The CFPB notes that the app-driven model can create loyalty from the consumer, who is now a part of the lender’s app ecosystem.

Consumer Protection Concerns for BNPL Products

In the report, the CFPB reports that there are some competitive benefits of BNPL products, including ease of access, no interest and if payments are made on time, there are no late fees. The repayment structure of these loans is simple and for the most part straightforward.

However, the report goes further to note that there are three main areas of consumer protection risks for BNPL products, including:

  • Discrete consumer harms. This refers to the lack of clear disclosures of loan terms, lack of clarity on how to file and resolve disputes, and having only one means of repayment (autopay) for all loan payments.
  • Data harvesting. BNPL lenders use the data that they collect from consumers to deploy models, product features, and marketing campaigns. The CFPB has concerns over how the data is being used to “increase the likelihood of incremental sales and maximize the lifetime value from each and every borrower.” Of note, the CFPB mentioned the potential for how these products could “compromise consumers’ privacy and autonomy” in overextension.
  • Overextension. The BNPL business model presents risks to the consumer including loan stacking, which occurs when borrowers take out multiple loans from multiple lenders; and sustained usage, which occurs when a consumer is a frequent user of the BNPL product, and this usage over time can result in their inability to meet their financial obligations outside of the BNPL ecosystem.

The CFPB noted many similarities between BNPL and traditional credit cards, including the merging of payments and credit and the ability for the borrower to replenish the extension of credit as long as they make good on their payments. Unlike the credit card product, however, the BNPL product is less transparent and the consumer’s payment history is not furnished to the Nationwide Consumer Reporting Companies unless the consumer defaults on their payment.

Dark Patterns and BNPL User Experience

The CFPB’s report discussed how BNPL companies are using data to drive the user experience by making adjustments to words, layout, color schemes etc. to get the attention of the consumer.

While tech executives refer to these changes as “iterations,” the CFPB says that the term “dark patterns” or “deceptive designs” would be just as accurate. While the CFPB notes that “there is no single uniform standard for determining what constitutes a dark pattern,” they can generally be described as a design that manipulates or heavily influences users to make certain choices.

Although the CFPB is not calling it out directly, it does sound like they may consider these dark patterns under the scope of UDAAP as they have the potential to lead consumers to make choices that they may not have otherwise made and could cause harm to the consumer. With the expansion of UDAAP and even the same-day release of the FTC’s latest report on dark patterns, it seems very likely that the foundation for the future of oversight in this space is being put in place.

Regulatory Challenges of BNPL Products

Most BNPL lenders are not providing consumers with standard cost-of-credit disclosures. The Truth in Lending Act (TILA) generally requires this so that the consumer is able to understand the cost and terms of a loan or credit product that they are receiving through those disclosures.

These TILA disclosures, as implemented by Regulation Z, should be clear, conspicuous, and available to the consumer in advance of taking out the loan. Regulation Z has additional disclosure requirements for open-end credit to address penalties, additional charges, and grace periods amongst other things.

Regulation Z also requires a means for consumers to dispute matters and even withhold payment during the resolution process. In many instances when a consumer has a dispute, they are directed to the merchant, however, the BNPL continues to collect payment via autopay. In these instances, a consumer is unable to pause payments-which brings attention to the Electronic Funds Transfer Act (EFTA) as implemented by Regulation E, which prohibits a lender from requiring repayment of a loan by automatic withdrawal from their bank account. This is called out in the report and may come into focus as a part of their regulatory oversight of BNPL lenders.

Consumer Complaints for BNPL Products

Lack of Transparency Regarding Credit Assignment

Consumers are offered credit using such terms as “purchase power,” “pre-approved to spend,” “estimated spending power,” or “prequalified to spend.” A final verdict does not occur until an attempt to purchase is made, therefore, the credit is described as “estimated and not guaranteed.” Consumers have complained that the amount of their actually approved credit is not the same as presented as the “prequalified to spend” amount (as displayed on the app).

According to the CFPB’s database, consumers complained that this process is deceptive and they are often approved for much less than the “purchase power” they were told they had.

Arbitrary Decreases in Credit

Consumers also regularly complained about arbitrary decreases in their credit limit, leaving them unable to use the product or complete planned purchases.

Absence of Traditional “Ability to Pay” Calculations

In the CFPB’s request for comments on BNPL, many advocate commenters spoke about the absence of the “ability to pay” calculations from most lenders’ underwriting processes. Lenders do not look at other debt obligations or income and assets. Often, the only information collected is often just the name, address, phone number, email, date of birth, and occasionally the last four digits of the social security number. There is no consideration of other debt obligations that the consumer may have, which could be impacted by entering into a BNPL agreement.

How the CFPB Will Address BNPL Risks

As part of the report’s conclusion, the CFPB detailed how they plan to address the concerns and risks outlined within the report:

  • To address the discrete consumer harms, the CFPB will identify potential interpretive guidance or rules to issue with the goal of ensuring that Buy Now, Pay Later lenders adhere to many of the baseline protections that Congress has already established for credit cards. As part of this review, the agency will also ensure Buy Now, Pay Later lenders, just like credit card companies, are subjected to appropriate supervisory examinations.
  • To address emerging risk issues with data harvesting, the CFPB will identify the data surveillance practices that Buy Now, Pay Later lenders should seek to avoid.
  • To reduce the risk of borrower overextension, the CFPB will continue to address how the industry can develop appropriate and accurate credit reporting practices. The agency will also take steps to ensure the methodology used by the CFPB and the rest of the Federal Reserve System to estimate household debt burden is rigorous.

Proactive BNPL Compliance Monitoring with PerformLine

Whatever BNPL regulation may look like, make sure you’re protected with PerformLine’s omni-channel compliance monitoring solution.

The CFPB explicitly said that its goal is to ensure that BNPL lenders adhere to many of the same protections that have already been established for credit cards. PerformLine works with some of the leading credit card brands to monitor across their consumer interaction channels for brand and regulatory compliance, and we’ve already started using that knowledge to help leading BNPL companies do the same across merchant networks.

Schedule some time with our team to learn how we can help your organization gain complete visibility into your merchants’ activities and protect against potential regulatory scrutiny from the CFPB and other regulators.

author avatar
Rhonda McGill Senior Director of Client Success
Rhonda is the Senior Director of Client Success at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.