U.S. Proposes a National Framework for the Regulation of Fintech
By Lawrence D. Kaplan, Thomas P. Brown, Chris Daniel & Joshua S. Downer
Federal regulators in the United States have released a series of recommendations that form a proposed national framework for companies engaged in financial technology (“Fintech”). In a report entitled “A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation” (the “Treasury Report” or “Report”),
The OCC thereafter released a policy statement (the “OCC Policy Statement”)
I. National Fintech Framework Proposed
A key component of the national framework set forth by the Treasury involves the OCC following through on its 2016 proposal to issue a new form of a special purpose charter. An OCC charter would permit Fintech companies to operate on a uniform basis across the country under the supervision of one federal regulator. As noted by the OCC, the business of banking evolves over time, as do the types of institutions that provide banking services, and companies that engage in the business of banking in new and innovative ways should have the same opportunity to obtain a national bank charter as companies that provide banking services through more traditional means. In announcing that it will now accept applications for a special purpose charter and issuing related guidance on the chartering process for Fintechs, the OCC has taken a critical step in making this proposal a reality.
A. OCC Special Purpose National Bank Charter
A special purpose charter from the OCC could be attractive to Fintech companies. Most Fintech companies rely on the internet and mobile communications platforms to operate on a nationwide basis. A special purpose charter would allow Fintech companies to exchange 50 (or more) regulators for a single national regulator. As a form of a national bank, such an institution would have the ability to export terms on a nationwide basis and avoid state-by-state licensing requirements as well as state-by-state supervision.
The OCC has explained that these new special purpose entities would not be permitted to accept deposits. This would allow such entities to operate without applying for deposit insurance and subjecting themselves to regulation and supervision by the Federal Deposit Insurance Corporation (the “FDIC”). Without a requirement to accept deposits, these special purpose entities would not be “banks” for purposes of the Bank Holding Company (“BHC”) Act and, therefore, their controlling shareholders would not be subject to regulation and supervision by the Board of Governors of the Federal Reserve System and the activities restrictions under the Bank Holding Company Act (“BHC Act”). These features may make an OCC special purpose charter attractive to venture-capital and private-equity backed enterprises.
State regulators have previously criticized the OCC special purpose charter as a mechanism for allowing Fintechs to escape regulatory scrutiny.
Although a special purpose entity will not be subject to the Community Reinvestment Act (“CRA”) because it will not accept deposits,
Finally, the Treasury Report notes that further clarification will be needed from the Federal Reserve regarding whether special purpose entities will have access to the Federal Reserve’s payment systems. Although such firms will be a type of national bank and national banks are required to be members of the Federal Reserve System pursuant to the Federal Reserve Act,
Litigation Likely Pending Issuance of First Charter
The OCC’s announcement that it will accept application for a special purpose charter by Fintech companies increases the likelihood that state banking regulators will renew litigation against the OCC based on the allegation that the National Bank Act
In defending the proposed special purpose charter in the CSBS and DFS litigation, the OCC asserted that the National Bank Act authorizes the OCC to grant charters to national banks to engage in the “business of banking,” which the OCC interprets to include at least one of the three “core banking functions”: taking/issuing deposits, paying checks (or the digital equivalent) or lending money.
B. Strong Support of the Bank Sponsorship Model
As not all Fintech companies will want to seek a special purpose charter, the Treasury formally endorsed contractual bank sponsorship arrangements between Fintech companies and third party banks. The report offers several proposals to help clarify operations under these arrangements. Under a typical bank sponsorship, a Fintech company and depository institution enter a contractual relationship whereby the Fintech provides financial services on behalf of the bank as if the bank itself provides them.
The Treasury Report states that “it is important to encourage the partnership model to promote innovation,” and recommends that the bank regulatory agencies tailor their third party guidance to the needs and particularities of these arrangements.
Further develop the framework to regulate partnerships with Fintech lenders to apply strong and tailored regulatory oversight while supporting banks (particularly small community banks) to partner with Fintech companies;
Provide greater clarity around the vendor oversight requirements for cloud service providers;
Support more secure methods for consumers to access their financial data, such as through Application Program Interface (“API”) agreements between banks and data aggregators; and
Identify common tools banks can leverage as part of due diligence efforts, such as robust independent audits, recognized certifications, and collaboration among institutions in an effort to enhance efficiencies and reduce costs.
Recommends Statutory Changes to Facilitate Operations
To address issues that undermine the efficacy of the bank sponsorship model, the Treasury Report also recommends that Congress codify the “valid when made” doctrine and resolve uncertainty around the “true lender” of certain loans. Treasury notes that legal challenges to loans originated under these models have adversely impacted the lending markets.
Specifically, the Report endorses a legislative fix to the Second Circuit’s 2015 decision in Madden v. Midland Funding, LLC, which held, in part, that the National Bank Act, which preempts state usury laws with respect to the interest a national bank may charge on a loan, did not preempt state-law usury claims against a third-party debt collector that had purchased the loan.
Because of Madden, and until Madden is addressed by Congress or the Supreme Court, the ability of nondepository third parties to collect debts originated by depository institutions in reliance upon federal preemption of state usury law limits could be limited in the Second Circuit (and any other Circuit that follows the Madden court’s lead), which the Treasury believes restricts access to credit. In particular, unsecured consumer credit could be diminished because nonbank firms such as marketplace lenders may be discouraged from purchasing and attempting to collect on, sell, or securitize loans by the risk of litigation asserting violations of state usury laws. Accordingly, the Treasury Report recommends that Congress codify the “valid when made” doctrine to “preserve the functioning of U.S. credit markets.”
Treasury also recommends a legislative fix to another legal challenge to the bank partnership model, whereby parties have asserted that banks that partner with Fintech companies are not the “true lender” of the loans they originate, which are marketed and ultimately sold to and serviced by a marketplace lender. A legal finding that the bank is not the true lender of such loans eliminates the benefit and foundational purpose behind the partnership, specifically, that the Fintech company may rely on the originating bank’s powers to extend credit. Accordingly, Treasury recommends that Congress codify, and the banking regulators reaffirm, that a partnership between a bank and a third-party marketplace lender does not affect the role of the bank as the true lender of loans originated and serviced in this manner.
C. Data Aggregation Concerns Aired
The Treasury Report also addresses data aggregation. As the report explains, consumers have grown accustomed to accessing information about their many financial accounts through smart phones, PCs, and other devices. They have also come to rely on a host of applications that help them save, provide them financial advice, protect them against fraud and identity theft, and even help them avoid bank overdrafts and other charges. By and large, the firms that provide these applications do not hold the underlying consumer financial accounts. In order to get access to the information necessary to make these applications useful, these app developers rely on data aggregators, who collect account credentials from consumers to retrieve information from banks and other financial service providers and deliver that information to the app developers. As the Report explains, although this industry has become quietly ubiquitous, it has been a source of controversy in the United States with banks, principally, pushing regulators to support efforts to cut aggregators and, by extension, consumers off from access to account level information.
As the Treasury Report details, the controversy in the U.S. over data access contrasts sharply with the experience in other countries. The Report devotes two pages to explaining how data aggregation has evolved in the United Kingdom (the “U.K.”). As it explains, in 2016, the U.K.’s Competition and Markets Authority concluded that retail banking in the U.K. was dominated by a handful of firms and issued a report that offered a series of recommendation to introduce competition to the industry. Among other things, the Competition and Markets Authority recommend that the nine largest retail financial institutions in the U.K. be required to make account information available to third-party developers. That recommendation, as the Treasury Report explains, was eventually realized in a standard API that provides Fintech developers with “read/write” access to account level information. The standardized API interface allows “consumers to retain full power over their account level information.”
Although the Treasury Report hesitates at urging the United States to follow the U.K. as a model, it observes that the financial services industry in the U.S. seems stuck in a debate that the U.K. has leapfrogged—whether account level Information should be accessed through screen-scraping (i.e., accessed by firms that collect consumer credentials and use those credentials to collect information) or served up via standardized APIs. To resolve this debate, the Report offers a detailed set of recommendations and observations.
Delegated Access. The Report reads the single provision of Federal law that speaks to the issue of account level access, Section 1033 of the Dodd-Frank Act, to give a consumer the right to authorize an “agent, trustee, or representative” to detailed account level information in electronic form.
Screen Scraping v. APIs. The Report urges the industry to move beyond screen scraping as the means of accessing account level information. According to the Report, there is “universal agreement among financial services companies” that screening scraping is “highly risky practice.”[xxxii]
Disclosures. The Report notes that data access requires express consumer authorization, but it observes that disclosures related to account access are not always “transparent, comprehensible, and readily accessible.”[xxxiii]The Report recommends that disclosures be improved. It also recognizes that disclosure alone may not suffice to protect the consumer interests at stake in providing access to sensitive information. To further protect consumer interest, it recommends that consumers be given “an easy way to revoke their consent to data aggregator access to their financial account and transaction data.”[xxxiv]
Standardization. The Report notes that the access to account level information has not been standardized across the industry. It notes that the differences render different data access services incompatible with one another. It urges industry participants to converge on “[a] standardized set of data elements and formats” and, if that fails, calls on “Congress and financial regulators to evaluate whether federal standards are appropriate to address these issues.”[xxxv]
Regulation of Data Aggregators. The Report notes data aggregators are not subject to a comprehensive regulatory framework such as the one that applies to banks, but that they are subject “to regulation under the federal consumer protection laws administered by the FTC as well as state consumer protection laws.”[xxxvi]The Report refrains, however, from recommending that Congress or other regulators create such a framework. Instead, it claims that movement away from screen scraping as the dominant mode of access account level information should address “the most significant concerns” raised by data aggregators.
D. Regulatory Sandboxes
The Treasury Report also discusses how the existing regulatory approach to financial services—with binary outcomes of approval or disapproval without clearly defined regulatory objectives—inhibits innovation in an industry that is being reshaped by significant changes in technology.
The Treasury Report provides several suggestions for specific efforts to launch this initiative, including the creation of an agency innovation office to create a central point of contact, issuance of guidance or no-action letters (which may be time-limited) to permit experimentation in the marketplace, agency-wide working groups that span multiple divisions and offices to address new technology trends, and engagement with foreign regulators on new developments, including cross-border collaboration agreements.
Provide equal access to companies in various stages of the business lifecycle (e.g., startups and incumbents);
Delineate clear and public processes and procedures, including a process by which firms enter and exit;
Provide targeted relief across multiple regulatory frameworks;
Offer the ability to achieve international regulatory cooperation or appropriate deference where applicable;
Maintain financial integrity, consumer protections, and investor protections commensurate with the scope of the project; and
Increase the timeliness of regulator feedback offered throughout the product or service development lifecycle.[xlii]
Treasury also notes that regulators are inhibited in their ability to explore and regulate new technologies because of statutory restrictions on their flexibility to procure new technologies. Treasury, therefore, recommends that Congress enact legislation authorizing financial regulators to use an exemption to procurement laws and procedures that has typically only applied in the defense and national security space.
Notwithstanding the Treasury Report’s emphasis on maintaining prudent regulation over Fintech companies, the recommendation for a regulatory sandbox will face stiff state opposition. For example, New York DFS Superintendent Maria T. Vullo recently noted “A sandbox is where toddlers play. Adults play by rules and if you engage in banking activities, that means you are responsibly regulated in order to protect the customers. Period.”
E. Treasury’s Recommendations to Address Impediments to Nationwide Operations Under the Laws of Each State and Jurisdiction
To facilitate a more efficient provision of financial services using the traditional state model of regulation, the Treasury Report endorses the “Vision 2020” promulgated by the CSBS, which contemplates establishing a Fintech Industry Advisory Panel to improve and revise state-by-state regulation, harmonizing supervisory processes and redesigning the Nationwide Multistate Licensing System (“NMLS”).
Treasury cautioned that “that if states are unable to achieve meaningful harmonization across their licensing and supervisory regimes within three years, Congress should act to encourage greater uniformity in rules governing money transmission and lending to be adopted, supervised, and enforced by state regulators.”
II. Additional Specific Recommendations in the Treasury Report
The Treasury Report makes numerous additional recommendations touching on a variety of issues impacting Fintech companies, in both the payments and lending spaces. The following represents significant recommendations. An exhibit to this Stay Current is
A. Payday Lending Rule
The Treasury Report recommends that the Bureau of Consumer Financial Protection (the “Bureau”) rescind its rule entitled “Payday, Vehicle Title, and Certain High Cost Loans” (the “Payday Rule”), issued in November 2017, that applies to lenders that extend credit with terms of 45 days or less as well as longer term credit with balloon payments (“Covered Loans”).
B. Reform to Retail Payments System
In describing the significant evolution of the payments system in recent years, the Treasury Report notes that although innovation has impacted the consumer facing aspects of the system, the “back-end processes that actually move value throughout the financial system” have largely remained untouched.
Accordingly, Treasury makes several recommendations to improve the retail payments system:
The Federal Reserve should move more quickly to facilitate a faster retail payments system, such as through the development of a real-time settlement service;
States should harmonize money transmission requirements for licensing and supervisory examinations; and
The Bureau should continue in its efforts to reform Regulation E, including providing more flexibility regarding disclosures and raising the current 100-transfer per annum threshold for application of the de minimis exemption.[liv]
C. Data Access
The Treasury Report includes an extended discussion of data access for consumers, arguing that consumers have a legally protected interest in delegating account access to third parties and advocating for federal regulation to facilitate that process.
Some financial services companies have argued that data aggregators are not covered by Section 1033, such that consumers would not be permitted to access data through consumer-authorized data aggregators and Fintech applications. Treasury affirmatively rejects that view, noting that the Dodd-Frank Act defines “consumer” to include “an agent, trustee, or representative acting on behalf of an individual.”
D. Credit Services
Treasury notes that many states impose licensing obligations on parties that arrange bank loans, which undermines the ability of banks to use third-parties to help facilitate debt collection. Treasury recommends that states revise credit services laws to exclude businesses that solicit, market, or originate loans on behalf of a federal depository institution pursuant to a partnership agreement.
E. Permissible Activities of Controlling Investors
Treasury recommends that the Federal Reserve consider how it defines “control” to provide a simpler and more transparent standard to facilitate innovation-related investments. Treasury notes that the current application of the BHC definition of “control” can be difficult to determine because it relies upon Federal Reserve discretion under a process that is not always transparent. Treasury believes that the resulting uncertainty can discourage banks from making investments in Fintech firms because if the Fintech firm were to become a BHC affiliate, the Fintech firm would then become subject to BHC-related restrictions. Accordingly, Treasury recommends that (a) the banking regulators harmonize their respective interpretations of the activities in which banking organizations are permitted to engage in and (b) that the Federal Reserve reassess the definition of BHC control to provide a simple and transparent standard.
F. Digital Communications
The Treasury Report includes several recommendations to modernize regulation of digital communications. Several of these recommendations are directed at the implementation of the Telephone Consumer Protection Act (“TCPA”). The report argues that current interpretation of the TCPA limits how financial institutions use digital communication channels to communicate with consumers and makes financial institutions particularly wary of using text messages.
G. Wealth Management and Digital Financial Planning
The Treasury Report notes that the regulation of financial planning is highly fragmented. It observes that regulatory fragmentation creates confusion among financial planners, increases compliance costs, and makes it difficult to conduct integrated financial planning for consumers.
H. Mortgage Lending and Servicing
The Treasury Report describes how the primary residential mortgage market has evolved since the 2008 financial crisis. It notes that banks have largely exited the market for mortgage origination. It attributes the shift in mortgage origination from banks to non-banks to a number of factors, including new regulatory requirements as well as the pace of technological adoption by non-banks.
I. Student Lenders and Servicers
The Treasury Report also recommends that the U.S. Department of Education establish and publish minimum effective servicing standards for federal student loans, including recommendations intended to increase the use of technology in communication with borrowers, enhanced performance monitoring and greater accountability for educational institutions participating in the program.
J. Credit Bureaus
Treasury notes that, despite the critical role they play in the functioning of the credit markets, credit bureaus are not routinely supervised for compliance with federal data security requirements of the Gramm-Leach-Bliley Act.
K. Artificial Intelligence
The Treasury Report expresses optimism that artificial intelligence and machine learning will improve growth and innovation, but also warns that “legal and algorithmic decision-making” may give rise to “discrimination through the potential to compound existing biases, through training models with biased data and the identification of spurious correlations.”
The Treasury Report and OCC Policy Statement lay out an expansive framework to improve the national regulation of the Fintech sector. In particular, the issuance of special purpose charters for Fintech companies, the codification of guidance for sponsorship arrangements between banks and Fintech companies (and proposed legislative fixes to shore-up the sponsorship model), the push for standardized access to account level information, and the harmonization of state money services business regulation and supervision would, collectively, be a significant step toward providing regulatory consistency and certainty for the Fintech industry.
Paul Hastings attorneys are actively working with clients regarding issues raised in the Treasury Report and by the OCC Special Purpose Charter, including the advantages and disadvantages of the charter compared a bank sponsorships and full service banks. Please contact your Paul Hastings contact if you would like to discuss any of these issues in further detail.