In a recent blog post, Alan Kaplinsky and Scott Pearson wrote about the remarks made by CFPB Director Richard Cordray and Comptroller of the Currency Thomas Curry at the LendIt USA conference in New York City earlier this month.  In the blog post, we expressed our strong disagreement with Comptroller Curry’s refusal to author an interpretive opinion to address the disruption in the lending markets caused by the Second Circuit’s Madden decision and promised to share our reasons at a later date for why we think that the OCC should go even further and propose a rule to address Madden 

Alan has now written an article published in BankThink, American Banker’s “platform for informed opinion about the ideas, trends and events reshaping financial services,” that urges the OCC to issue a rule to address Madden.  In Madden, the Second Circuit ruled that a company that purchases loans from a national bank could not charge the same rate of interest on the loan that Section 85 of the National Bank Act allows the national bank to charge.  As Alan demonstrates in his article, there is clear OCC and U.S. Supreme Court precedent for the OCC to issue an interpretive opinion or regulation interpreting Section 85 to address an issue that is being litigated and the Supreme Court has indicated that it can properly do so.  As he also demonstrates, the need for an OCC rule is not eliminated by the OCC’s proposal to create a national bank charter for financial technology companies.





A Democratic congressman has raised concerns about potentially discriminatory lending practices used by fintech companies that extend credit to small businesses, calling on the CFPB “to vigorously investigate whether [such fintech companies] are complying with all anti-discrimination laws, including the Equal Credit Opportunity Act.”

In a letter to Director Cordray dated March 15, 2017, Representative Emanuel Cleaver, II, stated that fintech companies “geared toward lending to small businesses by using certain biased algorithms for creditworthiness have the potential of charging disproportionately higher rates to minority-owned businesses.”  He asserted that, as a result, it is important “to determine if minority-owned small businesses are being charged higher rates, or if they have been subject to predatory fees” by fintech companies.

In addition to urging the CFPB to launch an investigation, Rep. Cleaver requested responses to a series of questions that included when the  CFPB anticipates “finalizing regulation and guidance to fully implement” Dodd-Frank Section 1071.  Section 1071 amended the ECOA to require financial institutions to collect and maintain certain data in connection with credit applications made by women- or minority-owned businesses and small businesses.  Such data include the race, sex, and ethnicity of the principal owners of the business.  The CFPB has not yet proposed a rule to implement Section 1071.  In its Fall 2016 rulemaking agenda, the CFPB estimated a March 2017 date for prerule activities.

For more on Rep. Cleaver’s letter, see our legal alert.

Earlier this week, we attended the LendIt USA conference in New York City, a leading annual fintech conference, at which both CFPB Director Richard Cordray and Comptroller of the Currency Thomas Curry spoke.

Director Cordray began his remarks by returning to his familiar “level playing field” theme, observing that “[e]venhanded oversight of all providers” regardless of size “is a basic rule of the road for effective regulation of the financial marketplace” and that “[n]obody gets a free pass to exploit regulatory arbitrage; everyone must be held to the same standards of compliance with the law.”  He then discussed the CFPB’s two most recent requests for information.

The first RFI, issued in November 2016, seeks information about market practices related to consumer access to financial information.  Director Cordray reported that the CFPB has received about 70 “extensive and thoughtful” comments from financial institutions, data aggregators, companies that use aggregated data, trade associations, consumer groups, and individuals.  He observed that “[c]ertain perspectives presented in the comments are not surprising,” with banks and other financial companies raising concerns about consumer data security and aggregators and users of the data recommending less fettered access and greater freedom to store and use collected data.  He commented that the CFPB is “keenly aware of the serious issues around privacy and security, for consumers and providers alike,”  and noted two “pressing” issues facing the CFPB:  how to satisfy the demands of consumers without exposing the providers that maintain consumer data to undue costs and risks and how to prevent consumers from subjecting themselves to undue risks, including the possibility that their data could be misused.  Echoing comments he made in October 2016, Director Cordray also stated that the CFPB “remain[s] concerned about reports of some institutions that may be limiting or restricting access unduly.”

The second RFI discussed by Director Cordray was the RFI issued last month seeking information about the use of alternative data and modeling techniques in the credit process.  He indicated that the CFPB’s goal in issuing the RFI is “to learn more about issues raised by new technologies and new uses of data” and, in particular, to obtain information “about the potential benefits and risks of using, applying, and analyzing unconventional sources of information to predict people’s creditworthiness.”  He reviewed the main inquiries posed by the RFI, with emphasis on the CFPB’s interest in learning how the use of alternative data might impact so-called “credit invisibles,” meaning consumers with no credit history or credit histories that are too limited to generate a reliable credit score, and the application of fair lending laws to alternative data.

In addition to not providing any meaningful new insights into the CFPB’s views on fintech issues, perhaps the most disappointing aspect of Director Cordray’s remarks was his touting of the CFPB’s no-action letter (NAL) policy in his discussion of Project Catalyst,  the CFPB’s initiative launched in November 2012 for facilitating innovation in consumer-friendly financial products and services.  The CFPB’s NAL policy, which was finalized in February 2016, stated that the CFPB would publish NALs, along with a version or summary of the request, on its website.  Since we could find no NALs on the CFPB’s website, we assume no NALs have been issued.

Indeed, even if any NALs have been issued, they would be of marginal value to the recipients.  As we observed when the NAL policy was finalized, the NAL policy provides no immunity against private litigation or enforcement actions by other federal and state government agencies.  (In fact, the CFPB stated in the policy that an NAL can be revoked or modified at any time.)  To make matters worse, an NAL will receive no deference from the courts and may only cover one or more of the “enumerated consumer laws” and not UDAAP which is often of the greatest concern to banks and companies because of the lack of clarity as to what constitutes an “unfair,” “deceptive” or “abusive” act or practice.  Perhaps the reason no NALs have been issued is that none have been requested because of their marginal value as well as the potential for publication of an NAL to give competitors access to important confidential strategic information.

Comptroller Curry’s remarks focused primarily on the OCC’s fintech charter proposal, which he defended against a number of attacks from state regulators, consumer advocates, as well as industry opponents.  Comptroller Curry said that the OCC definitely has authority to grant special purpose charters without new legislation.  Companies obtaining these charters should not expect “light touch” supervision, as the OCC will supervise them in the same manner that it supervises full-service banks.  Furthermore, the OCC will not grant charters to companies engaging in practices considered to be predatory or abusive.

Comptroller Curry also said that there will be “appropriately calibrated” capital and liquidity standards, as well as financial inclusion requirements for obtaining a charter.  Details on the requirements will be outlined in a forthcoming supplement to the OCC’s licensing manual.  He added that national banks are subject to state law to a much greater extent under Dodd-Frank than previously was the case, so concerns about excessive preemption are misplaced.  Comptroller Curry said that companies will benefit from the OCC’s high standards and “rigorous supervision,” as it adds value to the companies.

Unlike Director Cordray, Comptroller Curry took questions from the audience, including questions from us.  Although he did not indicate whether there has been any contact between the White House and the OCC concerning policy, he said that the OCC intended to comply with the spirit of the recent executive orders concerning deregulation, although it is not required to follow them as an independent agency.  He noted that the OCC already had completed a recent decennial review of its rules as required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996.  Asked whether the OCC would issue an interpretive opinion concerning the Madden v. Midland Funding case consistent with its amicus brief, Comptroller Curry said that it would not, since the agency cannot overrule the Second Circuit.

We strongly disagree with Comptroller Curry’s refusal to author an interpretive opinion which certainly would be helpful outside the Second Circuit (and maybe even within the Second Circuit since the OCC had not weighed in on Madden until it reached the Supreme Court).  For reasons that we will articulate in the future, we think that the OCC should propose to issue a regulation codifying the “valid when made” doctrine.

On March 21, 2017, from 12:00 pm to 1:00 pm ET, Ballard Spahr will hold a webinar, “Alternative Credit – Opportunities, Risks and the CFPB’s Request for Data.”  More information and a link to register is available here.





The announcement by the Office of the Comptroller of Currency that it will allow financial technology (fintech) companies to apply for national bank charters as way of fostering “responsible innovation” has already drawn fire from the New York Department of Financial Services (DFS) and the Conference of State Bank Supervisors (CSBS).  

In their statements responding to the OCC’s announcement, both the DFS and CSBS view the charter as threatening to weaken the states’ role in consumer protection.  In making consumer protection rather than the fostering of innovation their paramount concern, the state regulators appear to be aligned with the CFPB.  Despite the CFPB’s 2012 launch of Project Catalyst, its initiative for facilitating innovation in consumer financial products and services, and repeated claims that it is not attempting to stifle innovation, the CFPB has continued to signal additional regulation and enforcement activity in the fintech space.

We recently blogged about expectations that changes to the CFPB under a Trump Administration will reduce the CFPB’s impact, particularly in the enforcement area.  Faced with a less aggressive CFPB, state attorneys general and financial regulators may be emboldened to ramp up their enforcement activity, with Democratic-controlled states such as New York, Illinois, and California already known for an activist approach likely take the lead.  The DFS and CSBS statements suggest that should the CFPB’s enforcement role diminish in the fintech space, state AGs and regulators will assume the mantle of enforcing the Consumer Financial Protection Act’s UDAAP prohibition using their Section 1042 authority.  In addition, state AGs have direct enforcement authority under several federal consumer protection laws (such as TILA, FCRA and RESPA), and are expressly allowed by the CFPA to bring civil actions against national banks and federal savings associations to enforce state laws that are not preempted.

To help providers of consumer financial services be prepared to defend against the likely surge in state investigations and enforcement activity, we will hold a webinar, “Beyond the CFPB: Preparing for State Enforcement Post-Election,” on December 15, 2016 from 12 p.m. to 1 p.m.  More information about the webinar and a link to register is available here.



In a new report, the CFPB discusses its approach to FinTech and financial innovation, its Project Catalyst initiative, and marketplace developments the CFPB views as potentially beneficial for consumers.  The report, entitled “Project Catalyst report: Promoting consumer-friendly innovation-Innovation Insights,” was released in conjunction with remarks given by Director Cordray at Money 20/20, a large conference focused on payments and financial services innovation.  Launched in November 2012, Project Catalyst is the CFPB’s initiative for facilitating innovation in consumer financial products and services.

In his remarks, Director Cordray responded to widespread criticism of the Bureau’s heavy-handed enforcement actions against start-ups, stating that the CFPB’s enforcement actions against FinTech providers “should not be misread or overstated.”  He stated that the CFPB is seeking to hold FinTech providers to the “same standards” and “same expectations” that apply to other providers of consumer financial products and services and is “not looking to punish anyone merely for raising novel issues that present unsettled points of law or questions that fall into unforeseen cracks in the regulatory framework.”  He described the CFPB’s enforcement actions to date as having “addressed basic meat-and-potatoes issues such as companies that promise one thing to their customers and do something quite different.”

In addition to reviewing Project Catalyst developments in his remarks, Director Cordray stated that the CFPB is “gravely concerned by reports that some financial institutions are looking for ways to limit, or even shut off, access to financial data rather than exploring ways to make sure that such access, once granted, is secure.”  His comments appear to be directed at institutions that have not permitted their customers to use third-party financial aggregators that allow consumers to compile their financial information from multiple banks in one digital setting.  In what seemed to be a warning, Director Cordray stated “Let me state the matter as clearly as I can here: We believe consumers should be able to access [their financial data from financial providers with whom they do business] and give their permission to third-party companies to access this information as well.”

Director Cordray’s remarks and the report indicate that, in the CFPB’s view, financial innovation offers both benefits and risks for consumers and requires the creation of  a “level playing field” for all market participants.  In the report, the CFPB provides examples of how new or improved financial products and services can benefit consumers, such as through expanded access, improved consumer control, and lower prices, but also warns that it “will take action as necessary to protect consumers from innovations that may be unfair, deceptive, abusive, or discriminatory.”  The “level playing field” comment appear to signal additional regulation and enforcement activity in the FinTech space, notwithstanding the Bureau’s repeated attempts to claim that it is not attempting to stifle financial innovation.

With regard to Project Catalyst, the report discusses the project’s goal of establishing effective communication channels with entrepreneurs and innovators, the CFPB’s efforts to coordinate with various state and federal regulatory agencies and international regulators, and its one-day “Office Hours” program held periodically throughout the year in San Francisco and New York “at which companies and other interested parties can engage directly with subject-matter experts at the Bureau.”

The report also reviews the CFPB’s trial disclosure waiver policy and its no-action letter policy.  (We have written about the no-action letter policy’s numerous shortcomings, including its failure to provide immunity against private litigation or enforcement actions by other federal and state government agencies.)  In addition, the report discusses various CFPB “research collaborations” such as its pilot program with American Express to evaluate the effectiveness of certain practices to encourage prepaid card users to develop regular saving behavior.

The last section of the report discusses various “marketplace developments that may hold the potential for consumer benefits.”  According to the report, Project Catalyst learned of these developments through its engagement with “a variety of Fintech and other market participants.”  Such developments include:

  • The development of cash flow management tools to help address the mismatch or time lag between expenses and income, such as services that enable an employee to access accrued wages earlier than his or her regular payday or deduct a portion of his or her wages and apply it to recurring payments to help the consumer with the mismatch of timing and frequency between when income is earned and when bills are due.
  • Efforts to develop compliant ways to incorporate non-traditional data sources and employ machine learning techniques in underwriting methods to expand access to credit.
  • The availability of personal financial management tools that allow consumers to allow third-parties to access their financial records.  (As noted above, Director Cordray, in his remarks, stated that the CFPB is concerned by reports that some financial institutions are looking for ways to restrict third-party access to financial data.  In the report, the CFPB states that the loss of such access “could cripple or even entirely curtail the further development of such products and services” and states that the CFPB “is interested in supporting the ability of consumers to access and share personal information about their own financial lives with others where they believe it is in their best interest to do so.”)
  • The entrance into the student loan market of FinTech companies that offer borrowers with high-rate student loans an opportunity to refinance at lower rates (with the CFPB noting that such companies “also report that certain practices by incumbent student loan servicers” may increase cost and present consumer risks, such as problems in obtaining accurate payoff balances from the originator.)
  • The attempt by several companies to adopt or build more modern technology platforms to improve mortgage loan servicing, such as the use of machine learning to detect at an earlier stage when borrowers are likely to suffer financial distress.
  • The development by FinTech firms of tools to improve consumer access to and understanding of their credit scores and history, such as streamlining the process for consumers to dispute errors on their credit reports directly.
  • Efforts to make peer-to-peer payments more consumer friendly, such as through the development of services that enable consumers to transfer money quickly at lower cost by relying on digital channels.
  • Offering of services that facilitate savings, such as services that help consumers determine how much they can afford to save based on their income and expenses and automate their savings.




On October 13, 2016, the Brookings Institute will hold an event in Washington, D.C. titled: “How to make fintech work for all Americans.”  Speakers include industry representatives and an FDIC representative.  Brookings describes the event as “a conversation about the effects of the fintech boom, with a particular focus on how regulation and public policy can enhance or hinder the industry’s ability to solve some of the more intractable problems facing middle-class.”

Among the questions to be addressed are whether “regulation and policy inhibit innovation and skew benefits toward the well-to-do.”  In discussing regulation and policy, speakers could address CFPB larger participant rulemaking for installment/marketplace lenders and other concerns raised by regulators concerning marketplace lending.



The Securities and Exchange Commission has announced that it will host a public forum in Washington, D.C. on November 14, 2016 to discuss financial technology innovation in the financial services industry.  The forum is designed to foster greater collaboration and understanding among regulators, entrepreneurs and industry experts about fintech innovation and evaluate how the current regulatory environment can most effectively address these new technologies.

The panels will discuss issues such as blockchain technology, automated investment advice or robo-advisors, online marketplace lending and crowdfunding, and how they may impact investors.  The forum will be open to the public and webcast live on the SEC’s website.

A bill was recently introduced by Congressman Patrick McHenry that would establish a “Financial Services Innovation Office” within various federal agencies, including the CFPB and SEC, that would consider petitions from persons that offer or intend to offer a financial innovation and seek to enter into an agreement under which the agency would agree to waive or modify regulatory or statutory requirements applicable to the innovation.


Republican Congressman Patrick McHenry, Vice Chair of the House Financial Services Committee, has introduced the “Financial Services Innovation Act of 2016,” which is intended to provide a streamlined regulatory process for innovative fintech products and greater certainty about compliance requirements.

The federal agencies covered by the bill include the CFPB, Federal Reserve, FDIC, NCUA, OCC, FTC, and HUD.  The bill would require each agency to publish in the Federal Register within 60 days of enactment and biannually thereafter a list that identifies 3 or more areas of existing regulations that apply or may apply to a “financial innovation” and that the agency would consider modifying or waiving if it received a petition as contemplated by the bill.  “Financial innovation” is defined as “an innovative financial service or product, the delivery of which is enabled by technology, that is or may be subject to an agency regulation or Federal statute.”

The bill contemplates that each agency would establish a “Financial Services Innovation Office” (FSIO) to support the development of financial innovations.  The FSIO would consider petitions from persons that offer or intend to offer a financial innovation and seek to enter into an “enforceable compliance agreement containing a modification or waiver of an agency  regulation or Federal statutory requirement under which the agency has supervisory or rulemaking authority with respect to the [petitioner] or a financial innovation the [petitioner] offers or intends to offer.”

While a petition is pending, the bill would create a safe harbor barring the agency from bringing an enforcement action relating to the financial innovation that is the subject of the petition.  The agency would be required to publish the petition in the Federal Register and provide a 60-day notice and comment period.  If the agency disapproves a petition, it would be required to provide the petitioner with a written notice that explains why the petition was rejected.

If a petition is approved, the petitioner would be able to enter into an “enforceable compliance agreement” with the agency that includes “the terms under which the [petitioner] may develop or offer the approved financial innovation to the public and any requirements of the [petitioner] and any agency with respect to the financial innovation.”  The agreement would also bar other agencies from bringing an enforcement action against the petitioner with respect to the financial innovation that is the subject of the agreement.  States would be barred from bringing an enforcement action if the petitioner has provided the state with a copy of the compliance agreement and a statement of policies and procedures the petitioner has in place to comply with applicable state laws.  Notwithstanding this limitation, the bill would allow a state to bring an enforcement action if a court were to determine “that the agency’s action was arbitrary and capricious and the financial innovation has substantially harmed consumers within such State.”

The bill does not appear to provide a safe harbor from civil litigation.  However, it provides that a petitioner “can elect to arbitrate any action initiated by another person relating to a financial innovation that is the subject of an enforceable compliance agreement.”  It is unclear whether this provision would trump the CFPB’s arbitration rule once it is final and effective.  Under the CFPB’s proposed rule, a class action waiver in an arbitration provision in a consumer financial services agreement would be invalid.

In November 2012, the CFPB launched “Project Catalyst,” an  initiative for facilitating innovation in consumer-friendly financial products and services.  Under Project Catalyst, the CFPB finalized a trial disclosure policy in October 2013 for exempting individual companies, on a case-by-case basis, from applicable federal disclosure requirements to allow those companies to test trial disclosures.  In February 2016, the CFPB issued a final policy statement on issuing “no-action” letters (NAL) for innovative financial products or services.  We have found the CFPB’s NAL policy to be lacking in many important respects.

By recognizing the need to create a more flexible regulatory environment for fintech innovations, Congressman McHenry’s bill appears to be a step in the right direction.






The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives.  Like the 2014 list, one of the challenges identified by the OIG is the need to ensure that the CFPB has an effective information security program.  Due to the advanced persistent threats faced by the federal government, the OIG concluded that the CFPB needs to strengthen its defenses against attacks from outside governments, organized groups, and other threats.  The OIG identified four high-priority security risk areas for CFPB improvement:

  • Continuous monitoring to assess security controls and system configurations
  • Configuration management of CFPB systems
  • Role-based security training for individuals with significant security responsibilities
  • Incident response and reporting

The OIG applauded the CFPB’s efforts to build out its Cybersecurity Program Management Office, but the OIG recommended that the CFPB should continue improving its information security program, overseeing the security of contractor-operated information systems, transitioning IT resources from the Treasury Department, and ensuring that personally identifiable information (PII) is properly protected, including the PII that the CFPB receives from consumer complaints about credit card accounts, mortgage loans, and other consumer financial products and services.

The American Bankers Association, American Bankers Insurance Association and Consumers Banking Association have submitted a joint comment letter on the CFPB’s proposed policy on issuing “no-action” letters for innovative financial products or services.

The trade groups expressed the overall concern that the proposal will not “serve as a viable approach to alleviating regulatory uncertainty” because it is “limited in its applicability and yet fraught with perils for the requester.”  The specific concerns raised in their comment letter included the following:

  • The information required by the process for requesting a no-action letter puts the requester “at the risk of providing a roadmap for inventive legal attack against the proposed product” by asking the requester to describe any creative liability that might attach to the new product.  The trade groups believe the process should be re-cast to emphasize how the new product’s features vary from products described by the existing rules and why its features achieve the consumer protections pursued by existing rules.
  • In its proposal, the CFPB stated that it plans to issue no-action letters “only rarely and on the basis of exceptional circumstances.”  The trade groups are concerned that this approach will discourage requests and believe the CFPB’s staff should instead pledge to provide a timely response to all requests, giving reasons for their action to grant or deny the request.
  • As proposed by the CFPB, a no-action letter would not provide an interpretation of a statute or regulation nor a safe harbor from the CFPB’s supervisory and enforcement authority.  It also could be modified or revoked by the CFPB at any time.  In the trade groups’ view, the extremely limited scope of a no-action letter “creates virtually no incentive for innovators to undertake the request process.”  The changes they recommend include an expansion of a letter’s scope “to assure against not only Bureau enforcement or supervisory criticism, but to preclude enforcement or supervisory criticism by any agency authorized to conduct such activities under the DFA with respect to institutions in its respective jurisdiction.”
  •  The CFPB indicated in the proposal that its disclosure of a no-action letter request and any data received from the requester in connection with a request is governed by the CFPB’s rule regarding disclosure of records and information.  As the CFPB observed, that rule generally requires the CFPB to disclose records unless they are subject to a FOIA exemption or exclusion.  The trade groups seek improved assurance of confidentiality for information submitted by requesters, commenting that the CFPB’s disclosure of the detailed information and legal analysis that the proposal would require requesters to provide could enable competitors to exploit the idea or add compliance or litigation risk.