Skip to main content


As scrutiny increases, BNPL businesses should take action

Buy now, pay later (BNPL) plans give consumers the ability to pay for products in installments, often interest-free. And they are quite popular: More than 40% of American consumers have used a form of BNPL service. As regulators are increasingly scrutinizing BNPL plans, it is critical that plan providers take action to protect their organizations.

Buy now, pay later (BNPL) plans give consumers the ability to pay for products in installments, often interest-free. And they are quite popular: More than 40% of American consumers have used a form of BNPL service, according to a recent Credit Karma survey, and financial institutions and legacy technology providers are increasingly entering the market, with some observers estimating steep growth in the coming years.

But regulators in both the US and other countries are scrutinizing BNPL plans, underscoring the importance that plan providers take action to protect their organizations.

Widespread use, minimal vetting

Large payments platforms like Visa, AmEx, PayPal, and Square have moved into the BNPL space, often through either acquisitions or partnerships. Just last month, Affirm, a major BNPL platform, announced a deal with Amazon that would allow the online retailer’s customers to make monthly payments on purchases of $50 or more.

Despite its widespread use, however, the BNPL process often requires minimal — if any — vetting of a consumer’s finances. BNPL plans often do not require credit checks, which can protect non-sophisticated consumers from taking on more debt than they can manage to pay off.

Moreover, while some BNPL providers are formally classified as financial services companies, many others are still operating in a largely unregulated — but growing — field. That’s now changing, as regulators take a closer look at the way these offerings are structured and implications on consumer credit.

Keep up to date with regulatory changes

The ease of securing BNPL financing as well as the rapid acceleration of these services is attracting regulatory scrutiny and focus, which could lead to specific action. The Consumer Financial Protection Bureau recently warned consumers about the potential risks related to BNPL loans.

Despite the current lack of regulations, BNPL providers should consider investing in robust internal controls. As the regulatory landscape shifts, companies without significant internal compliance frameworks could face significant risk, especially if new regulations require swift changes to a company’s business model.

Regulators will likely look at a range of potential concerns for the industry, but will probably focus on ensuring that BNPL businesses do not harm consumers, whether purposefully or not. Areas of scrutiny will likely include:

  • Suitable disclosures
  • Fees charged for late payments
  • Marketing materials, with a focus on ensuring that they properly explain fee structures and risks for customers who take on excessive amount of debt
  • Potential discrimination in the approval process

Minimize risks through smart technology investments

BNPL providers can invest in technology to de-risk their operations through specific tools and processes, including anti-money laundering initiatives and know-your-customer technologies that allow them to verify the identity of consumers.

Because providers generally operate over technology-enabled platforms, regulators will likely be interested in the cyber controls that they have put in place to safeguard information. Companies can invest in internal controls and processes that improve their resilience to cyberattacks, including multifactor authentication tools.

Critical risk transfer considerations

Greater scrutiny and the potential for new regulations that may require extensive business changes could be costly for BNPL companies. These companies could also face litigation, either from regulators or consumers themselves.

While insurance policies can be crafted to transfer this exposure, coverage is often limited and requires extensive negotiation with carriers. BNPL companies that effectively explain their risk mitigation strategy to insurers are typically in a better position to secure cost effective coverage that is suitable for their needs.

BNPL companies may benefit from:

  1. Errors and omissions (E&O) insurance, which typically provides coverage for lending activity and regulatory exposure. Companies should carefully review these policies with their brokers and insurance advisors, and clarify whether they are sufficiently covered, especially since some policies, like technology E&O, may include financial services exclusions.
  2. Directors and officers liability (D&O) insurance, which can provide coverage for the organization’s directors and officers. This is particularly important for hyper-growth or publicly traded organizations that may be at high risk of litigation.
  3. Cyber insurance, which can protect institutions in the event of an attack that either leads to the interruption of service or puts customer information at risk.

As the BNPL market continues to grow and regulators keep an eye on the industry, companies offering the service should revisit their risk and insurance programs. Taking action now, including stepping up internal controls and making changes to insurance coverage, may help to protect your organization from potential regulatory and consumer action.

Meet the author

Ali Inan

Ali Inan

US Fintech Industry Leader, Marsh

As US FinTech Industry Leader, Ali helps organizations solve for operational and organizational risks to empower strategic business initiatives..

Related insights