Tomorrow, September 18, the Senate Banking Committee will hold a hearing, “Fintech: Examining Digitization, Data, and Technology.”  Topics expected to be discussed include data privacy and the Treasury Department’s recent fintech report.

The scheduled witnesses, who do not include any regulators, are:

  • Brian Knight, Director of the Innovation and Governance Program, Mercatus Center at George Mason University
  • Steven Boms, President, Allon Advocacy, on behalf of Consumer Financial Data Rights
  • Saule T. Omarova, Professor of Law and Director, Jack Clarke Program on the Law and Regulation of Financial Institutions and Markets, Cornell University

In January 2018, the House Financial Services Committee held a hearing on fintech issues.

On September 12th, the Conference of State Bank Supervisors (CSBS) announced that it would again pursue litigation in opposition to the OCC’s recent decision to accept applications from non-depository financial technology firms for a special purpose national bank (SPNB) charter.

While it announced that its Board of Directors had approved renewing litigation against the OCC at an August 28 meeting, the CSBS did not indicate when it plans to file the lawsuit.  The lawsuit would represent the second time that the CSBS has pursued litigation challenging the OCC’s authority to issue a SPNB charter to fintech companies.  On April 30, 2018, a D.C. federal district court dismissed the first lawsuit filed by the CSBS challenging the OCC’s authority to grant SPNB charters on the grounds that the CSBS had failed to establish any injury in fact necessary for Article III standing and that the case was not ripe for judicial review.  In its initial filing, the CSBS argued that the OCC’s 2017 proposal to issue SBNB charters to fintech companies exceeded the authority granted to the OCC by Congress under the National Bank Act (NBA) and other federal banking laws to charter institutions that engage in the “business of banking.”  The CSBS argued that to engage in the “business of banking,” the NBA requires an institution, at a minimum, to receive deposits.

The New York Department of Financial Services (DFS) also previously filed a lawsuit challenging the OCC’s authority to issue SPNB charters.  That lawsuit, which was filed in a New York federal district court, was dismissed in December, 2017 on similar grounds.  While the DFS has not announced whether it will renew its litigation against the OCC, DFS Superintendent Maria Vullo stated in a July 31 press release that “DFS believes that this [OCC] endeavor, which is also wrongly supported by the Treasury Department, is clearly not authorized under the National Bank Act.  As DFS has noted since the OCC’s proposal, a national fintech charter will impose an entirely unjustified federal regulatory scheme on an already fully functional and deeply rooted state regulatory landscape.”

We recently blogged about the announcement by Varo Bank, N.A., a fintech bank, that it had received preliminary approval from the OCC of its application for a full-service national bank charter.  We do not expect the CSBS or the DFS to challenge the preliminary approval since there would not appear to be any basis to challenge the OCC’s authority to issue a full-service national bank charter to Varo assuming it satisfies the standard conditions for obtaining such a charter.

Politico has reported that in remarks made at a fintech policy event last week, Andrew Smith, the FTC’s Director of Consumer Protection, indicated that fintech companies will be a focus of the FTC’s enforcement activities.

According to Politico, Mr. Smith said that FTC was particularly interested in online lending, with an emphasis on small-business lending.  Mr. Smith is also reported to have identified lead generation in the context of online lending as a key area of interest for the FTC.

In a press release, the organizers of Varo Bank, N.A. announced they have been granted preliminary approval by the OCC of their application to form a de novo national bank, which they claim “put[s] Varo on track to become the first all-mobile national bank in the history of the United States.”

In July 2018, the OCC announced that it would begin accepting applications for special purpose national bank (SPNB) charters from financial technology (fintech) companies.  Rather than a SPNB charter, Varo is seeking a full-service national bank charter from the OCC.  A SPNB charter provides an option for a fintech company for whom, because of its own non-financial activities or those of an affiliate, the Bank Holding Company Act would be an obstacle to obtaining a full-service national bank charter.  Obtaining a full-service national bank charter, however, is the preferred option for a fintech company that can do so consistent with the BHCA.  Many years ago, two of my Ballard partners successfully converted a consumer finance company to a full-service national bank.

Federal court lawsuits challenging the OCC’s authority to issue SPNB charters were filed in 2017 by the Conference of State Bank Supervisors and the New York Department of Financial Services.  Both lawsuits were dismissed for failure to establish an injury in fact necessary for Article III standing and lack of ripeness for judicial review.  While such challenges may be renewed now that the OCC has announced that it will begin accepting SPNB charter applications, there would not appear to be any basis for a similar challenge to the issuance of a full-service national bank charter to Varo assuming it satisfies the standard conditions for obtaining such a charter.

I am pleased to announce that Chris Ford, an attorney who has led some of the country’s largest and most innovative Fintech and payment systems transactions, has joined Ballard Spahr as a partner in the firm’s Consumer Financial Services Group.  He will be based in the firm’s Washington, D.C. office.

Chris advises clients on large-scale commercial transactions, particularly those involving financial services, payments, technology, and outsourcing.  He also provides strategic counsel to clients on co-brand and private-label card transactions, card processing and network-related deals, merchant acquisition, and information technology and business process outsourcing.

Chris’ clients include Fortune 100 companies, merchants, and financial institutions.  His work includes representing one of the world’s largest financial institutions in its global, retail, commercial, and small business credit card processing agreements; assisting a global finance company in the issuance of a credit card in the United States; assisting one of the largest merchant-acquiring companies in a strategic partnership with a major credit card issuer; and advising a major grocery retailer in its merchant-acquiring and payment processing arrangements.

To learn more about our new colleague, read our firm’s announcement.

The U.S. Department of the Treasury’s recent report evaluating economic opportunities presented by nonbank financial institution and fintech company innovations includes a detailed account of current data aggregation activities in the financial services marketplace and provides policy recommendations that shed light on the federal government’s current views on data aggregation. (See our legal alert and blog posts (here and here) for a discussion of other portions of the Treasury’s report.)  In seeking to harness the potential benefits that can come from data aggregation, the Treasury report firmly supports the inclusion of these market participants.

Following are key takeaways from the Treasury’s report with respect to data aggregation practices and regulatory issues.

  • BCFP and private sector should develop consumer disclosure best practices. The Treasury suggests that the Bureau of Consumer Financial Protection (BCFP) should develop, either with the private sector or pursuant to its rulemaking authority, consumer-facing disclosures that are “plain language, readily accessible, readable through the preferred device used by consumers to access services… so that consumers can give informed and affirmative consent regarding to whom they are granting access, what data is being accessed and shared, and for what purpose,” and to opt-out of such sharing.
  • APIs provide advantages and should be supported. The report raises a number of issues with screen scraping while promoting the benefits of application programming interfaces (APIs) “that allow for the inclusion of robust security features, greater transparency and access controls for consumers, improved data accuracy, and more predictable and manageable information technology costs.”  Following is a graphic from the report identifying the similarities and differences between bilateral/partnered API and open API arrangements.  It highlights how APIs can remove the need for fintech apps (users of aggregated data) and data aggregators to access consumers’ bank account login credentials and, therefore, supports Treasury’s suggestion that the private sector and financial regulators should work to implement API solutions that “address data sharing, [data normalization,] security, and liability [and should support] efforts to mitigate implementation costs for community banks and smaller financial services companies with more limited resources to invest in technology.”

  • Clarifying applicability of third-party oversight guidance to data aggregators. The report states that there is some ambiguity regarding when third-party oversight guidance issued by federal banking regulators applies to data aggregator relationships, noting that data aggregators entering into “an API agreement with a bank [] may become subject to third-party guidance because of the contractual relationship, which can increase compliance costs.”  The Treasury suggests that federal banking regulators take action to resolve this ambiguity.
  • Third-party data aggregators should be treated as “consumers.”  Section 1033 of the Dodd-Frank Act provides “consumers” a right to access certain account information electronically upon request.  Treasury recommends that this section be interpreted so that “third parties properly authorized by consumers, including data aggregators and consumer fintech application providers, fall within the definition of ‘consumer’… for the purpose of obtaining access to financial account and transaction data.”
  • Data security addressed by GLBA Safeguards Rule. The report assumes that “data aggregators and consumer fintech application providers are subject to the Gramm-Leach-Bliley Act (GLBA)” and that “the Safeguards Rule appropriately addresses” data security concerns with data aggregation activities.  To the extent additional regulatory or legislative measures are considered to address data aggregation data security issues, the Treasury suggests that such activities occur at the federal level rather than the state level to ensure uniformity.
  • Other financial regulators should support data aggregation. The report suggests that regulators in addition to the BCFP should take steps to enhance data aggregation activities, including the Securities and Exchange Commission, the Financial Industry Regulatory Authority, Department of Labor, and state insurance regulators.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?”  A link to register is available here.

 

 

 

A portion of the Treasury’s report entitled “A Financial System That Creates Economic Opportunities, Nonbank Financials, Fintech, and Innovation” focuses on the mortgage industry.  A detailed discussion of the Treasury’s mortgage-related findings and recommendations is available here.

We have previously blogged about the portion of the Treasury report that focuses on payments and have published a legal alert that discusses other portions of the report.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?”  A link to register is available here.

 

Last week the CFPB announced an initiative to create a Global Financial Innovation Network (GFIN) with 11 other financial regulators and related organizations across the globe. The GFIN sprang from a previous proposition by the UK Financial Conduct Authority (FCA) to create a “global sandbox” for innovative financial services firms to be able to test new financial services and products such as artificial intelligence and blockchain based solutions in different financial markets. Feedback provided in response to that proposition indicated a need for more comprehensive collaboration among regulators to expand the innovation activities currently undertaken by financial services regulators around the world.

The GFIN, as described within the Consultation Document announcing its creation, is intended to serve three main functions:

  1. Facilitate information and knowledge sharing among financial services regulators on emerging innovation trends and best practices and to share appropriate regulatory contact information with financial services firms;
  2. Provide a forum for joint policy work and regulatory trials; and
  3. Develop a “global sandbox” for business to consumer (B2C) or business to business (B2B) firms to trial and scale new technologies in multiple jurisdictions.

In the press release announcing the initiative, CFPB Acting Director Mick Mulvaney stated that joining the GFIN “demonstrates the Bureau’s commitment to promoting innovation by coordinating with state, federal and international regulators. We look forward to working closely with other regulatory authorities—whether in the United States or abroad—to facilitate innovation and promote regulatory best practices in consumer financial services.”

The GFIN working group is encouraging responses and feedback from interested parties to 10 questions posed within the Consultation Document by October 14, 2018. Commenters can submit responses to the Bureau’s representative, Paul Watkins in the recently-established Bureau’s Office of Innovation. Responses and input are particularly sought from innovative financial services firms, technology companies and providers, accelerators, academia, consumer groups, financial services regulators, and other entities or individuals interested in helping to develop the GFIN. After October 14 the working group will review feedback and agree on next steps, including a timeline for when to launch the GFIN.

A portion of the Treasury’s report entitled “A Financial System That Creates Economic Opportunities, Nonbank Financials, Fintech, and Innovation,” focuses on payments.  (See our legal alert for a discussion of other portions of the Treasury’s report.)

Current payment methods.  The report notes four primary core payment systems: credit cards, debit cards, automated clearing house (ACH) transfers, and wire transfers.  Among the issues facing such systems is that their regulation is fragmented, with the first two systems subject to significant federal regulation, the ACH system heavily dependent on agreement, and wire transfers primarily subject to uniform state law.  The report, given its focus, ignores the check system, also regulated by uniform state law, and virtual currency payment methods that have yet to reach significant volume as a payment method.

Nonbank Funds Transfers.  The report focuses on nonbank methods of funds transfers between individuals.  It discusses money transmitters that, while subject to federal Bank Secrecy Act regulation, are primarily state-licensed and regulated by diverse state statutes and, for multi-state businesses, are subject to burdensome state licensing.  The report also discusses the Regulation E remittance provisions, P2P and non-P2P transfers, and so-called digital wallets.  The report’s discussion concludes with a review of (1) the effort to encourage faster payments including the Faster Payments Task Force, the Real-Time Payments System of The Clearing House, same day ACH efforts by NACHA and ACH operators, and the challenges these efforts face, and (2) the work of the Secure Payments Task Force.

Recommendations. The Treasury makes the following recommendations:

  • States should work to harmonize money transmitter requirements for licensing and supervisory examinations–a task that may require some federal incentives since the Uniform Money Services Act, requested by Congress that the Uniform Law Commission research and write, has only been enacted by 12 states to date;
  • The CFPB should provide more flexibility regarding the issue of remittance disclosures in Regulation E; and
  • The Federal Reserve should accelerate its efforts to facilitate a faster retail payments system.

Our observations.  While the Treasury’s report is a good start, it could have gone much further.  Noting the complexity in the U.S. payments system, the Treasury might have recommended that efforts be directed at reconciling the credit and debit card systems for similar issues.  For example, the Treasury could encourage the Uniform Law Commission to update Uniform Commercial Code (UCC) payment articles for electronic instruments.  Such a project is already under consideration by the UCC sponsors, the Uniform Law Commission, and the American Law Institute for notes which, when completed, would replace paper instruments as the only payment vehicles covered by the UCC.  Another recommendation could provide support for the Uniform Regulation of Virtual Currency Businesses Act, which supplies what the Treasury’s report characterizes as the need for “adequate prudential regulation and supervision” for that emerging payment method.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?” A link to register is available here.

On August 3, 2018, Arizona began accepting applications for its regulatory sandbox that “enables a participant to obtain limited access to Arizona’s market to test innovative financial products or services without first obtaining full state licensure or other authorization that otherwise may be required.”  In March 2018, Arizona’s Governor signed into law legislation directing the state’s Attorney General to create the sandbox.  The Attorney General is also responsible for the application process and oversight of the sandbox.

To be considered for admission, applicants must complete the nine-page application and pay a $500 application fee.  Each application must be for an innovative financial product or service as defined by the enabling legislation.  For example, products or services regarding most types of credit extending services, such as peer-to-peer lending and online marketplace lending, and innovative products and services for money transmission and investment management would be eligible.  However, “securities trading, insurance products, or services that provide solely deposit-taking functions” are not eligible products.

Applicants must provide details regarding the innovative financial product or service, the testing plan, a “Consumer Protection Plan,” and exit plan.  For the Consumer Protection Plan, applicants must identify the targeted consumers; how the applicants plan to market to those consumers and disclose their participation in the sandbox; the key risks to consumers; the plan to address the risks; and how the applicants will monitor and assess the testing of the product or service to protect consumers in the event the test fails.

The Attorney General has indicated that he will take a holistic approach to determine the applicant’s ability to conduct a test that does not place undue risk on consumers.  The Attorney General may consider factors such as “capitalization; insurance or bonds and their terms; compliance or legal support; accounting practices; cash on hand; and the number and expertise of active advisors and key personnel.”  A weakness in any one area will not necessarily prevent an applicant’s admission into the sandbox.  Applicants will be notified of a decision within 90 days of submitting the application and payment.

The CFPB recently named the sandbox’s architect and former head of fintech initiatives at the Arizona Attorney General’s office, Paul Watkins, as Director of the Bureau’s Office of Innovation.  See our blog about Mr. Watkins.  In June 2018, Ballard Spahr attorneys held a webinar, “The Regulatory Sandbox – What it Means for Fintech Companies,” in which the topics included a discussion of the concept of a regulatory sandbox, the benefits and risks associated with using one, and what a possible sandbox created by the CFPB might look like.  Mr. Watkins was one of the webinar speakers and discussed the Arizona initiative.  We have also previously blogged about Arizona’s regulatory sandbox.