In August 2018, Arizona began accepting applications for its regulatory sandbox that “enables a participant to obtain limited access to Arizona’s market to test innovative financial products or services without first obtaining full state licensure or other authorization that otherwise may be required.”  The state’s Attorney General is responsible for the application process and oversight of the sandbox.  At the end of last week, the Arizona AG announced that two more participants, Grain Technology, Inc. and Sweetbridge NFP, Ltd., had been added to the state’s sandbox.

In October 2018, there was an announcement by the AG that Omni Mobile Inc. had become the first sandbox participant.  The AG’s press release described Omni as “a mobile payment platform aiming to test cheaper and faster payment transfers through its centralized wallet infrastructure.”  It indicated that the product would be tested by processing guest payments at an Arizona resort, with Arizona-resident guests to receive a disclosure agreement (regarding the company’s participation in the sandbox), an explanation of the test nature of the product, a privacy notice, and the ability to opt out of any information sharing with the resort.

The AG’s announcement regarding Omni was accompanied by an announcement that the AG’s Office had signed a cooperation agreement with Taiwan’s financial regulator, the Financial Supervisory Commission, with the goal of creating an information-sharing arrangement that might create opportunities for businesses to develop and test fintech products in both markets.

The two additional sandbox participants announced last week are described in the AG’s press release as follows:

  • Grain Technology, Inc., based in New York, will test a savings and credit product in Arizona using proprietary technology to offer consumers customized savings plans and credit opportunities. Arizona consumers participating in the program will obtain access to a small line of credit aimed primarily at providing overdraft protection for bank accounts.  APRs for loans obtained through this line of credit may be as low as 12% for consumers who agree to follow a recommended repayment plan calculated using Grain’s technology (a standard APR of 15.99% will apply for those who adopt a different repayment plan).  Grain intends for loans and payments occurring through this line of credit to be reported to major credit-reporting agencies to enable consumers to build their credit profiles.
  • Sweetbridge NFP, Ltd., a Scottsdale-based international nonprofit building blockchain protocols for supply chains and commerce, will test a lending product using proprietary blockchain technology with an APR cap of 20%.  At these rates, Sweetbridge’s product will allow consumers to obtain credit at up to 1/10th the cost allowed under Arizona law.

In September 2018, the CFPB proposed significant revisions to its “Policy to Encourage Trial Disclosure Programs,” which sets forth the Bureau’s standards and procedures for exempting individual companies, on a case-by-case basis, from applicable federal disclosure requirements to allow those companies to test trial disclosures.  The proposal followed Acting Director Mulvaney’s July 2018 appointment of Paul Watkins to serve as Director of the Bureau’s Office of Innovation.  Before joining the CFPB, Mr. Watkins was in charge of fintech initiatives in the Arizona AG’s Office and led the state’s efforts to create its regulatory sandbox.  The CFPB’s proposal includes a process for the CFPB to coordinate with sandbox programs offered by other regulators.

 

The Conference of State Bank Supervisors (CSBS) has filed a second lawsuit in D.C. federal district court to stop the Office of the Comptroller of the Currency (OCC) from issuing special purpose national bank (SPNB) charters to fintech companies.  A similar lawsuit was filed last month in a New York federal district court by the New York Department of Financial Services.

The CSBS and the DFS had previously filed lawsuits challenging the OCC’s authority to grant SPNB charters to fintech companies at a time when the OCC had not yet decided whether it would move forward on its charter proposal.  Both lawsuits were dismissed for failing to establish an injury in fact necessary for Article III standing and for lacking ripeness for judicial review.  The new lawsuits were filed in response to the OCC’s July 2018 announcement that it would begin accepting applications for SPNB charters from fintech companies.  In its complaint, the CSBS alleges that “things have changed substantially since the Court’s decision [dismissing the prior CSBS lawsuit].  The issuance of a [SPNB] charter is now clearly imminent.”  It further alleges that “upon information and belief, multiple pre-qualified candidates have already decided to apply (and may have already applied).”

The CSBS challenges the OCC’s SPNB charter plans in the new lawsuit on the following grounds (which generally track those asserted in the first CSBS lawsuit):

  • 12 C.F.R. Section 5.20(e)(1), on which the OCC has relied for its authority to charter a bank that performs a single core banking function—receiving deposits, paying checks, or lending money—is inconsistent with the National Bank Act because the NBA does not allow the OCC to charter entities that do not receive deposits unless they are carrying on a special purpose expressly authorized by Congress.
  • Because the OCC has indicated that state law would be preempted as to fintech companies that obtain a SPNB charter, the OCC’s plans to issue the charters represent a preemption determination to which notice and comment procedures apply.
  • The OCC’s plans to issue SPNB charters to fintech companies represent a “rule” that was made without compliance with the Administrative Procedure Act and is an arbitrary and capricious action that does not constitute “reasoned decision making” as required by the APA.
  • The OCC’s plans to issue SPNB charters to fintech companies, by enabling nonbank charter holders to disregard state law, violate the Tenth Amendment of the U.S. Constitution under which states retain the powers not delegated to the federal government, including the police powers necessary to regulate nonbank providers of financial services and protect consumers and the public interest from unsound and abusive financial practices.

For the reasons discussed in our blog post about the second lawsuit filed by the DFS, we expect the OCC’s power to issue an SPNB charter will ultimately be withheld.

Tomorrow, September 18, the Senate Banking Committee will hold a hearing, “Fintech: Examining Digitization, Data, and Technology.”  Topics expected to be discussed include data privacy and the Treasury Department’s recent fintech report.

The scheduled witnesses, who do not include any regulators, are:

  • Brian Knight, Director of the Innovation and Governance Program, Mercatus Center at George Mason University
  • Steven Boms, President, Allon Advocacy, on behalf of Consumer Financial Data Rights
  • Saule T. Omarova, Professor of Law and Director, Jack Clarke Program on the Law and Regulation of Financial Institutions and Markets, Cornell University

In January 2018, the House Financial Services Committee held a hearing on fintech issues.

On September 12th, the Conference of State Bank Supervisors (CSBS) announced that it would again pursue litigation in opposition to the OCC’s recent decision to accept applications from non-depository financial technology firms for a special purpose national bank (SPNB) charter.

While it announced that its Board of Directors had approved renewing litigation against the OCC at an August 28 meeting, the CSBS did not indicate when it plans to file the lawsuit.  The lawsuit would represent the second time that the CSBS has pursued litigation challenging the OCC’s authority to issue a SPNB charter to fintech companies.  On April 30, 2018, a D.C. federal district court dismissed the first lawsuit filed by the CSBS challenging the OCC’s authority to grant SPNB charters on the grounds that the CSBS had failed to establish any injury in fact necessary for Article III standing and that the case was not ripe for judicial review.  In its initial filing, the CSBS argued that the OCC’s 2017 proposal to issue SBNB charters to fintech companies exceeded the authority granted to the OCC by Congress under the National Bank Act (NBA) and other federal banking laws to charter institutions that engage in the “business of banking.”  The CSBS argued that to engage in the “business of banking,” the NBA requires an institution, at a minimum, to receive deposits.

The New York Department of Financial Services (DFS) also previously filed a lawsuit challenging the OCC’s authority to issue SPNB charters.  That lawsuit, which was filed in a New York federal district court, was dismissed in December, 2017 on similar grounds.  While the DFS has not announced whether it will renew its litigation against the OCC, DFS Superintendent Maria Vullo stated in a July 31 press release that “DFS believes that this [OCC] endeavor, which is also wrongly supported by the Treasury Department, is clearly not authorized under the National Bank Act.  As DFS has noted since the OCC’s proposal, a national fintech charter will impose an entirely unjustified federal regulatory scheme on an already fully functional and deeply rooted state regulatory landscape.”

We recently blogged about the announcement by Varo Bank, N.A., a fintech bank, that it had received preliminary approval from the OCC of its application for a full-service national bank charter.  We do not expect the CSBS or the DFS to challenge the preliminary approval since there would not appear to be any basis to challenge the OCC’s authority to issue a full-service national bank charter to Varo assuming it satisfies the standard conditions for obtaining such a charter.

Politico has reported that in remarks made at a fintech policy event last week, Andrew Smith, the FTC’s Director of Consumer Protection, indicated that fintech companies will be a focus of the FTC’s enforcement activities.

According to Politico, Mr. Smith said that FTC was particularly interested in online lending, with an emphasis on small-business lending.  Mr. Smith is also reported to have identified lead generation in the context of online lending as a key area of interest for the FTC.

In a press release, the organizers of Varo Bank, N.A. announced they have been granted preliminary approval by the OCC of their application to form a de novo national bank, which they claim “put[s] Varo on track to become the first all-mobile national bank in the history of the United States.”

In July 2018, the OCC announced that it would begin accepting applications for special purpose national bank (SPNB) charters from financial technology (fintech) companies.  Rather than a SPNB charter, Varo is seeking a full-service national bank charter from the OCC.  A SPNB charter provides an option for a fintech company for whom, because of its own non-financial activities or those of an affiliate, the Bank Holding Company Act would be an obstacle to obtaining a full-service national bank charter.  Obtaining a full-service national bank charter, however, is the preferred option for a fintech company that can do so consistent with the BHCA.  Many years ago, two of my Ballard partners successfully converted a consumer finance company to a full-service national bank.

Federal court lawsuits challenging the OCC’s authority to issue SPNB charters were filed in 2017 by the Conference of State Bank Supervisors and the New York Department of Financial Services.  Both lawsuits were dismissed for failure to establish an injury in fact necessary for Article III standing and lack of ripeness for judicial review.  While such challenges may be renewed now that the OCC has announced that it will begin accepting SPNB charter applications, there would not appear to be any basis for a similar challenge to the issuance of a full-service national bank charter to Varo assuming it satisfies the standard conditions for obtaining such a charter.

I am pleased to announce that Chris Ford, an attorney who has led some of the country’s largest and most innovative Fintech and payment systems transactions, has joined Ballard Spahr as a partner in the firm’s Consumer Financial Services Group.  He will be based in the firm’s Washington, D.C. office.

Chris advises clients on large-scale commercial transactions, particularly those involving financial services, payments, technology, and outsourcing.  He also provides strategic counsel to clients on co-brand and private-label card transactions, card processing and network-related deals, merchant acquisition, and information technology and business process outsourcing.

Chris’ clients include Fortune 100 companies, merchants, and financial institutions.  His work includes representing one of the world’s largest financial institutions in its global, retail, commercial, and small business credit card processing agreements; assisting a global finance company in the issuance of a credit card in the United States; assisting one of the largest merchant-acquiring companies in a strategic partnership with a major credit card issuer; and advising a major grocery retailer in its merchant-acquiring and payment processing arrangements.

To learn more about our new colleague, read our firm’s announcement.

The U.S. Department of the Treasury’s recent report evaluating economic opportunities presented by nonbank financial institution and fintech company innovations includes a detailed account of current data aggregation activities in the financial services marketplace and provides policy recommendations that shed light on the federal government’s current views on data aggregation. (See our legal alert and blog posts (here and here) for a discussion of other portions of the Treasury’s report.)  In seeking to harness the potential benefits that can come from data aggregation, the Treasury report firmly supports the inclusion of these market participants.

Following are key takeaways from the Treasury’s report with respect to data aggregation practices and regulatory issues.

  • BCFP and private sector should develop consumer disclosure best practices. The Treasury suggests that the Bureau of Consumer Financial Protection (BCFP) should develop, either with the private sector or pursuant to its rulemaking authority, consumer-facing disclosures that are “plain language, readily accessible, readable through the preferred device used by consumers to access services… so that consumers can give informed and affirmative consent regarding to whom they are granting access, what data is being accessed and shared, and for what purpose,” and to opt-out of such sharing.
  • APIs provide advantages and should be supported. The report raises a number of issues with screen scraping while promoting the benefits of application programming interfaces (APIs) “that allow for the inclusion of robust security features, greater transparency and access controls for consumers, improved data accuracy, and more predictable and manageable information technology costs.”  Following is a graphic from the report identifying the similarities and differences between bilateral/partnered API and open API arrangements.  It highlights how APIs can remove the need for fintech apps (users of aggregated data) and data aggregators to access consumers’ bank account login credentials and, therefore, supports Treasury’s suggestion that the private sector and financial regulators should work to implement API solutions that “address data sharing, [data normalization,] security, and liability [and should support] efforts to mitigate implementation costs for community banks and smaller financial services companies with more limited resources to invest in technology.”

  • Clarifying applicability of third-party oversight guidance to data aggregators. The report states that there is some ambiguity regarding when third-party oversight guidance issued by federal banking regulators applies to data aggregator relationships, noting that data aggregators entering into “an API agreement with a bank [] may become subject to third-party guidance because of the contractual relationship, which can increase compliance costs.”  The Treasury suggests that federal banking regulators take action to resolve this ambiguity.
  • Third-party data aggregators should be treated as “consumers.”  Section 1033 of the Dodd-Frank Act provides “consumers” a right to access certain account information electronically upon request.  Treasury recommends that this section be interpreted so that “third parties properly authorized by consumers, including data aggregators and consumer fintech application providers, fall within the definition of ‘consumer’… for the purpose of obtaining access to financial account and transaction data.”
  • Data security addressed by GLBA Safeguards Rule. The report assumes that “data aggregators and consumer fintech application providers are subject to the Gramm-Leach-Bliley Act (GLBA)” and that “the Safeguards Rule appropriately addresses” data security concerns with data aggregation activities.  To the extent additional regulatory or legislative measures are considered to address data aggregation data security issues, the Treasury suggests that such activities occur at the federal level rather than the state level to ensure uniformity.
  • Other financial regulators should support data aggregation. The report suggests that regulators in addition to the BCFP should take steps to enhance data aggregation activities, including the Securities and Exchange Commission, the Financial Industry Regulatory Authority, Department of Labor, and state insurance regulators.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?”  A link to register is available here.

 

 

 

A portion of the Treasury’s report entitled “A Financial System That Creates Economic Opportunities, Nonbank Financials, Fintech, and Innovation” focuses on the mortgage industry.  A detailed discussion of the Treasury’s mortgage-related findings and recommendations is available here.

We have previously blogged about the portion of the Treasury report that focuses on payments and have published a legal alert that discusses other portions of the report.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?”  A link to register is available here.

 

Last week the CFPB announced an initiative to create a Global Financial Innovation Network (GFIN) with 11 other financial regulators and related organizations across the globe. The GFIN sprang from a previous proposition by the UK Financial Conduct Authority (FCA) to create a “global sandbox” for innovative financial services firms to be able to test new financial services and products such as artificial intelligence and blockchain based solutions in different financial markets. Feedback provided in response to that proposition indicated a need for more comprehensive collaboration among regulators to expand the innovation activities currently undertaken by financial services regulators around the world.

The GFIN, as described within the Consultation Document announcing its creation, is intended to serve three main functions:

  1. Facilitate information and knowledge sharing among financial services regulators on emerging innovation trends and best practices and to share appropriate regulatory contact information with financial services firms;
  2. Provide a forum for joint policy work and regulatory trials; and
  3. Develop a “global sandbox” for business to consumer (B2C) or business to business (B2B) firms to trial and scale new technologies in multiple jurisdictions.

In the press release announcing the initiative, CFPB Acting Director Mick Mulvaney stated that joining the GFIN “demonstrates the Bureau’s commitment to promoting innovation by coordinating with state, federal and international regulators. We look forward to working closely with other regulatory authorities—whether in the United States or abroad—to facilitate innovation and promote regulatory best practices in consumer financial services.”

The GFIN working group is encouraging responses and feedback from interested parties to 10 questions posed within the Consultation Document by October 14, 2018. Commenters can submit responses to the Bureau’s representative, Paul Watkins in the recently-established Bureau’s Office of Innovation. Responses and input are particularly sought from innovative financial services firms, technology companies and providers, accelerators, academia, consumer groups, financial services regulators, and other entities or individuals interested in helping to develop the GFIN. After October 14 the working group will review feedback and agree on next steps, including a timeline for when to launch the GFIN.