Ballard Spahr is proud to partner with Venminder, Inc., on this podcast posted today discussing third-party vendor risk management concerns of financial institutions and service providers. Hosted by Venminder’s Chief Risk Officer Branan Cooper, the podcast features Glen Trudel, a partner in Ballard Spahr’s Consumer Financial Services Group with extensive experience in this area.

The podcast addresses practical business issues and concerns often found with vendor management structures, the increasing importance of cybersecurity considerations in achieving effective risk management, ways to demonstrate senior management involvement and adherence to regulatory guidelines, and the possibility of regulatory relief or moderation in this area of compliance.

On May 7, 2018, in Arlington, Virginia, the FDIC will host a forum, “Use of Technology in the Business of Banking.”  Registration is required to attend.  The forum will also be webcast live and recorded for on-demand access after the event.

The FDIC’s notice states that panels at the forum  “will focus on emerging technologies that are transforming banking operations, the impact of emerging technologies on retail banking, including new and innovative delivery channels, enhanced customer experiences, economic inclusion; and consumer financial data access—balancing rights and security.”

It further states that the forum “will bring together representatives from banks that use or are considering using emerging technologies, representatives from firms offering emerging technologies, representatives from bank trade associations, thought leaders on the use of technology in the business of banking, leaders of consumer and community organizations, and representatives from federal and state financial regulatory agencies.”

As one of his final actions before resigning last Friday from the Consumer Financial Protection Bureau, Director Richard Cordray sent letters to the chief executives of 29 banks, credit unions, and other financial companies urging them to help their customers attain greater control over their financial lives.

“There is enormous value in new technology that makes it feasible, right now, to enable consumers to exert much greater control over their credit cards, debit cards, and other payment methods,” Director Cordray wrote. He asserted that consumers should have the ability to easily and conveniently control how, when, and to what extent their accounts may be accessed.

Director Cordray’s letter suggested digital media platforms as the most convenient method of enabling consumers to exercise this detailed control over their accounts. He provided several examples of enhanced capabilities digital media servicing may be able to offer, such as the ability to set spending limits on each payment card for particular merchants, categories of spending, or channels of transactions (for example, online, phone, in-person, and recurring transactions). Digital media servicing could also provide consumers the ability to receive alerts or warnings if a transaction is attempted that falls outside the consumer’s personal preset parameters (or parameters for a separate authorized user). These money management tools could be offered through financial institutions’ online and mobile platforms.

Director Cordray pointed out that, as in past advisory letters, his suggestions are not regulatory requirements, but rather issues that financial institutions “would do well to consider as [they] seek to better serve [their] customers.” He posited that allowing consumers to control their own spending would lessen consumer worries about data breaches and help financial institutions minimize the incidence of fraudulent payment card usage. By helping consumers to help themselves, financial institutions will materially improve the lives of their customers, while reducing their own costs at the same time.

Earlier this month, the Pennsylvania Department of Banking and Securities issued a letter to “all persons engaged in activity regulated or licensed by the [Department] regardless of the means of delivery of such regulated financial service” which it described as intended to “reiterate[] and remind[]” such persons of its existing licensing guidance.  A number of states, including California, have previously undertaken initiatives to enforce licensing requirements applicable to fintech and other companies.  The Pennsylvania letter is a reminder of the need for such companies to make sure that they have all required licenses for the states in which they operate.

In the letter, the Department comments that “recent public and industry discourse regarding the delivery of financial services via ‘Fintech’ companies has clouded the regulatory environment concerning the regulation and oversight of the financial services and companies via existing consumer protection and licensing statutes.  The notion that a company labels itself as ‘Fintech’ because of the means by which it offers or delivers a financial service does not alter the underlying nature of the transaction or service it is offering.”

The Department states that it is “reiterating its previous guidance that a regulated financial service activity offered to consumers of the Commonwealth will be regulated in accordance with the statute governing the offering of that service regardless of the person offering such service or the means by which such service is offered.”  The Department states further that “a person that offers a financial service to the residents of Pennsylvania…regardless of whether they designate themselves as a ‘Fintech’ company or any other type of nomenclature, must be licensed in accordance with the appropriate statute and comply with all the provisions of the law under which they are regulated.  Compliance is required based upon the activity conducted and not the means in which that activity is conducted.”

In the letter, the Department cites to its previous guidance supporting this position.  Such guidance includes a 2008 notice regarding the need for nondepository entities charging more than 6% simple interest per annum on nonmortgage loans made to Pennsylvania residents to be licensed under the Pennsylvania Consumer Discount Company Act regardless of the method used to make the loans.  The Department’s position was upheld by the Pennsylvania Supreme Court.

The Conference of State Bank Supervisors has released a list of 33 companies that will serve as members of its Fintech Industry Advisory Panel.

According to the CSBS, the Advisory Panel’s purpose is “to support state regulators’ increased efforts to engage with financial services companies involved in fintech.”  More specifically, over the next twelve months, Advisory Panel members will participate in at least two in-person meetings with members of the CSBS Emerging Payments and Innovation Task Force and other state banking commissioners “to identify actionable steps for improving state licensing, regulation, and non-depository supervision and for supporting innovation in financial services.”  The Task Force consists of regulators from ten states, including the Superintendent of the New York Department of Financial Services.

The CSBS and the NY DFS have filed separate lawsuits challenging the OCC’s authority to grant special purpose national bank charters to nondepository fintech companies.  The OCC has filed motions to dismiss both lawsuits.

The Office of the Comptroller of the Currency (OCC) has filed a motion to dismiss the lawsuit filed by the New York Department of Financial Services (DFS) challenging the OCC’s authority to grant special purpose national bank (SPNB) charters to nondepository fintech companies.

The DFS lawsuit, which was filed in May 2017 in a New York federal district court, is similar to the lawsuit filed in April 2017 by the Conference of State Bank Supervisors (CSBS) in D.C. federal district court.  Earlier this month, the OCC filed a motion to dismiss the CSBS lawsuit.

The arguments made by the OCC in support of its motion to dismiss the DFS lawsuit track those made in support of its motion to dismiss the CSBS lawsuit.  Most notably, the OCC again makes the central argument that because it has not yet decided whether it will offer SPNB charters to companies that do not take deposits, the DFS complaint should be dismissed for failing to present either a justiciable case or controversy under the U.S. Constitution or a reviewable final agency action under the Administrative Procedure Act.

In remarks given last month, Acting Comptroller Keith Noreika confirmed that the OCC is continuing to consider its SNPB charter proposal despite the departure of the SPNB proposal’s architect, former Comptroller Thomas Curry, who Mr. Noreika replaced.  While indicating that the OCC planned to vigorously defend its authority to grant an SNPB charter to a nondepository company in the DFS and CSBS lawsuits, Mr. Noreika was noncommittal about what the OCC’s ultimate position would be on implementing the proposal.  He also suggested that fintech companies consider seeking a national bank charter by using more established OCC authority.

A new research paper released by the Federal Reserve Bank of Philadelphia found that fintech lending has expanded consumers’ ability to access credit.  The paper, “Fintech Lending: Financial Inclusion, Risk Pricing, and Alternative Information,” used account-level data provided by a large fintech lender to “explore the advantages/disadvantages” of loans made by such lender “and similar loans that were originated through traditional banking channels.”

The study’s key findings include:

  • The fintech lender’s consumer lending activities penetrated into areas that could benefit from additional credit supply, such as areas that have lost a disproportionate number of bank branches and highly concentrated banking markets.
  • Consumers presenting the same credit risk could obtain credit at lower rates through the fintech lender than through traditional credit cards offered by banks.
  • The lender’s use of alternative credit data allowed consumers with few or inaccurate credit records (based on FICO scores) to access credit at lower prices, thereby resulting in enhanced financial inclusion.

In February 2017, the CFPB issued a request for information that seeks information about the use of alternative data and modeling techniques in the credit process.

On August 3, 2017, the Consumer Financial Protection Bureau (CFPB) provided the mortgage industry with a first look at the portal to be used for the reporting of, and public access to, data under the Home Mortgage Disclosure Act (HMDA).  Reporting institutions will use the portal to submit data commencing with the submission of calendar year 2017 data by March 1, 2018.  Also, instead of making their HMDA report and modified Loan Application Register (LAR) available to the public, reporting institutions will direct members of the public to the HMDA portal for this information.  The presentation was conducted by Michael Byrne, a Project Director in the Technology Division with the CFPB.  The presentation addressed only the data submission aspects of the portal, and not the ability to access HMDA data that is publicly available.

The portal was created by the CFPB in conjunction with the significant revisions to the HMDA rule.  As we have reported previously, most of revisions are scheduled to be implemented on January 1, 2018.  Nevertheless, initially the portal will be available only for the submission of the current HMDA data fields, which must be collected for 2017 activity and reported in 2018.

The portal is not yet available for access.  Mr. Byrne advised that the CFPB plans to make a Beta version of the portal available around the end of the third quarter, and that the CFPB will use input from the Beta period to revise the portal during the fourth quarter prior to the final version being released.  The CFPB also plans to release a check digit tool for use in verifying the universal loan identifier, and a geocoder tool, during the fourth quarter.

Once the portal becomes live, persons responsible for HMDA reporting at their institution will need to create an account to be able to access the portal.  The portal includes a series of steps to validate the accuracy and correct formatting of the data in a LAR before it can actually be submitted.  The CFPB has a File Format Verification Tool that institutions can use to test whether their 2017 HMDA data is formatted correctly.   The CFPB plans to issue a File Format Verification Tool for the revised HMDA data categories.  Data for the revised categories will first be collected for the 2018 reporting year, and reported in 2019.

Mr. Byrne advised that for institutions with a smaller volume of loans who elect to use the Excel-based LAR Formatting Tool that is available on the CFPB website, the CFPB designed the tool to convert the data into the format necessary to submit the data through the HMDA  portal.  The CFPB plans to issue a version of the LAR Formatting Tool for the revised HMDA data categories later this year.

For institutions that collect HMDA data with multiple LARs, they will be able to use the multiple LARS to test the data on the portal before submission.  However, to submit the data institutions will need to combine the multiple LARS into a single LAR file.

The Office of the Comptroller of the Currency (OCC) has filed a renewed motion to dismiss the lawsuit filed by the Conference of State Bank Supervisors (CSBS) in D.C. federal district court challenging the OCC’s authority to grant special purpose national bank (SPNB) charters to fintech companies.  The OCC had filed the motion several days earlier but was required to file a renewed motion to reduce the number of footnotes.  Except for adding a new statute of limitations argument, the arguments in the new memorandum in support of the motion track those made in the initial memorandum.

The OCC’s central argument for dismissal is that because it has not yet decided whether it will offer SPNB charters to companies that do not take deposits, the CSBS complaint should be dismissed for failing to present either a justiciable case or controversy under the U.S. Constitution or a reviewable final agency action under the Administrative Procedure Act (APA).  More specifically, the OCC argues that:

  •  CSBS cannot establish standing necessary to meet the Article III “case or controversy” requirement because the OCC has not yet taken any relevant action that could have a concrete effect on CSBS or its members—no SPNB charter has been issued to a non-deposit taking bank, the OCC has not received any applications to charter such a bank, no final procedures for processing such applications are in place, and the OCC’s public statements about the SPNB charter were part of ongoing policy development that is not final.
  • The actions taken by the OCC that are referred to as the “Nonbank Charter Decision” in the CSBS complaint are nothing more than a collection of non-final policy papers and solicitations for public input that do not represent a “final agency action” subject to review under the APA.
  • Because no final agency action has taken place, the court should conclude that the matter is not ripe for judicial review.

The OCC’s other arguments for dismissal include:

  • If the adoption of the amendments to the OCC’s chartering regulations (12 C.F.R. Section 5.20(e)(1)) that would allow the OCC to charter a bank that does not receive deposits constituted a final agency action, an APA cause of action accrued in January 2004 when the final rule became effective.  Since an APA action is subject to a six-year statute of limitations, the time for filing an APA challenge expired in January 2010.
  • Even if the court were to reach the merits of the validity of Section 5.20(e)(1), the complaint should be dismissed for failure to state a claim because, under Chevron, the provision represents a reasonable interpretation of the undefined and ambiguous term “business of banking” in the National Bank Act.
  • CSBS’ argument that the OCC’s authority under the NBA to charter an entity to “commence the business of banking” does not give the OCC authority to charter a national bank that does not accept deposits is without merit for reasons that include contrary U.S. Supreme Court and D.C. Circuit authority.

Democratic Senator Mark Warner has introduced a bill, S.1642, that would override the Second Circuit’s decision in Madden v. Midland Funding.  (In Madden, the Second Circuit ruled that a nonbank that purchases loans from a national bank could not charge the same rate of interest on the loan that Section 85 of the National Bank Act allows the national bank to charge.)  The bill would add the following language to Section 85 of the National Bank Act: “A loan that is valid when made as to its maximum rate of interest in accordance with this section shall remain valid with respect to such rate regardless of whether the loan is subsequently sold, assigned, or otherwise transferred to a third party, and may be enforced by such third party notwithstanding any State law to the contrary.”

This language is identical to language in the Financial CHOICE Act and the Appropriations Bill that is also intended to override Madden.  Like the Financial CHOICE Act and Appropriations Bill, the Senate bill would add the same language (with the word “section” changed to “subsection” when appropriate) to the provisions in the Home Owners’ Loan Act, the Federal Credit Union Act, and the Federal Deposit Insurance Act that provide rate exportation authority to, respectively, federal savings associations, federal credit unions, and state-chartered banks.

Unlike the CHOICE Act and Appropriations Bill, however, the Senate bill includes “findings” that appear intended to avoid the bill from being characterized as a change in the law.  The findings state that the valid-when-made doctrine is an “important and longstanding principle [that] derives from the common law and its application has been a cornerstone of United States banking law for nearly 200 years.”  They also explain why there is a need for the doctrine to be “reaffirmed soon by Congress.”

Like the adoption of the OCC’s proposal to create a fintech charter, the enactment of legislation reaffirming the valid-when-made doctrine would help some companies avoid Madden’s negative impact.  However, it would not help fintech companies deal with the risk of a court or enforcement authority concluding that the fintech company, and not its bank partner, is the “true lender.”  Treating a nonbank as the “true lender” would subject the nonbank to usury, licensing, and other limits to which its bank partner would not otherwise be subject.

As a result, even if “valid-when-made” legislation is enacted, there would still be a need for the OCC to confront the true lender risk directly, something we have previously urged it to do.  This could (and should) be accomplished through adoption of a rule: (1) providing that loans funded by a bank in its own name as creditor are fully subject to Section 85 and other provisions of the National Bank Act for their entire term; and (2) emphasizing that banks that make loans are expected to manage and supervise the lending process in accordance with OCC guidance and will be subject to regulatory consequences if and to the extent that loan programs are unsafe or unsound or fail to comply with applicable law.  (The rule should apply in the same way to federal savings banks and their governing statute, the Home Owners’ Loan Act.)  In other words, it is the origination of the loan by a supervised bank (and the attendant legal consequences if the loans are improperly originated), and not whether the bank retains the predominant economic interest in the loan, that should govern the regulatory treatment of the loan under federal law.