Fintech in the US: the state of the union is questionable
This is the first in a series of three articles by Hogan Lovells’ partner Aaron Cutler and associate Loyal Horsley discussing the regulation of the fintech industry in the US.
This first article provides an overview of the current fintech regulation by the prudential regulators: the OCC, the FDIC, and the Federal Reserve.
The second instalment addresses the views of the Department of Treasury, the CFPB, and the SEC on the regulation of the fintech industry. The third one looks at state-level fintech regulation, proposed legislative solutions, and provide a brief overview of international regulation.
With President Donald J. Trump, it is difficult to predict how the legislative and regulatory landscape will change, but we expect a lighter regulatory environment. On 3 February 2017, President Trump issued an executive order laying out his core principles on financial regulation and mandating a review of current and proposed regulations with a view to their compatibility with those principles. Secretary Mnuchin will provide a report to President Trump in June providing his and the agency heads’ analysis. Fintech has been an area of exciting innovation and regulatory interest, it remains to be seen how it will evolve under this new administration.
“Fintech” is a portmanteau of financial and technology and refers to the vast swath of emerging financial products and services relying on new technology. These include, but are not limited to, marketplace lending (like Prosper or Lending Club), online banking, Bitcoin and blockchain technology (also known as distributed ledger technology or DLT), money management apps (like Mint), and money transmitters/digital wallets (like Venmo and Paypal). Because of their increased availability and utility, state and federal financial regulatory agencies and state and federal legislatures have taken notice of fintech products, services, and companies. There is discussion of whether fintech should be integrated into current laws and regulations or should be specifically addressed in new laws and/or regulations.
The federal regulatory landscape
Because it is new technology, there is not a defined regulator for fintech. At the federal level, there are many agencies that deal with financial regulation, these include the Department of the Treasury, the Office of the Comptroller of the Currency (OCC), the Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB or the Fed), the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission, the National Credit Union Administration, and the Federal Trade Commission.
The OCC, FRB and FDIC are considered prudential regulators because they focus on the safety and soundness of an institution, as well as the entire financial system. Because many fintech companies are partnering with banks in order to avoid expensive regulatory compliance costs, usually on the state level, the prudential regulators want to ensure they understand the marketplace and the risks posed by these new entrants. This article will focus on the prudential regulators’ roles in regulating the fintech industry.
- A growing role for the OCC
The OCC is the primary regulator for all national banks and federal savings and loan associations and it has been among the most proactive in addressing the concern of regulating a growing fintech industry. In December 2016, the OCC announced it was moving forward with its rather audacious plan to use its chartering authority to provide special purpose charters to fintech companies engaged in the “business of banking.” The proposal sets out the OCC’s chartering authority and provides a general outline of the initial and ongoing requirements for receipt of this charter. These requirements include capital, liquidity, and “financial inclusion” (which is the OCC’s term for Community Reinvestment Act – CRA – type requirements).
While capital and liquidity requirements may deter some fintech companies from pursuing a charter, the most potentially burdensome requirements are those related to financial inclusion. As the CRA is only applicable to FDIC-insured institutions, it would likely not cover most OCC-chartered fintech companies. CRA compliance and applicability is already an issue for banks that do not have any brick and mortar branches (digital-only banks) – the CRA is enforced by looking at the bank’s lending, investments, and services in the communities where they have branches.
The CRA requires banks to be examined and graded by their prudential regulator to monitor the bank’s activity in low- and moderate-income neighborhoods that are traditionally underserved by lenders. Regulators adjust their examination based on the bank’s size, with those institutions with more than $1 billion in assets receiving the most rigorous exams; intermediate banks (between $250 million and $1 billion in assets) and small banks (less than $250 million in assets) have successively less robust exams. The examiner reviews the bank’s lending portfolio and determines the percentage and number of loans made to low- and moderate-income borrowers; examiners also review the percentage and number of accounts at the bank belonging to low- and moderate-income customers.
Importantly in this context, one of the guideposts for showing service to low- and moderate-income communities is the number and location of a bank’s branches in those communities. If a bank has no branches, how can examiners measure whether it discriminates against those areas it serves? If a branch is no longer a requirement to be a bank, the CRA will have to be retooled to continue being effective. Currently, some banks are partnering with marketplace lenders to help with their CRA statistics because online lenders are able to reach a wider swath of borrowers. These partnerships are potentially at risk, depending on the OCC’s determination of what CRA-like requirements will apply to its chartered fintech companies.
While the comment period on the special purpose charter just ended on 15 January 2017, the OCC has approved the creation of “Offices of Innovation” in Washington, DC, New York and San Francisco. The hope is that fintech companies will reach out to these offices and discuss their products and services with the OCC prior to launching them, so that the regulator can assess potential consumer harm and help the fintech company understand the laws and regulations that may be applicable to the proposed product or service. If the fintech company is able to integrate the OCC’s advice into their business model, including a mutual understanding of its compliance obligations, it will hopefully allow for a better consumer experience and provide both the business and the regulator with a robust understanding of how the company fits into the larger financial services landscape.
- The Federal Reserve (FRB, the Fed)
The Fed does not directly regulate any of the entities currently involved in fintech, but it does control the US payment systems. As such, the FRB has a special interest in DLT and its potentially transformative presence in payment and settlement systems. In October 2016, the it announced its two task forces (one focused on faster payments capabilities, the other on payment system security) had begun review of proposals and assessments submitted by interested parties throughout the payments industry.
Their findings will be issued in a two-part report with the initial report published on 26 January 2017. The first report provided an overview of the task force’s background, its processes, the benefits of faster payments, and the current US payments landscape.
In December 2016, the FRB released its long awaited report, “Distributed ledger technology in payments, clearing, and settlement” (FRB Report). The report reviewed the current payment, clearing, and settlement systems and provided its view of the potential opportunities and potential pitfalls for the integration of DLT into these systems. To compile the FRB Report, the team worked with industry leaders, in both banking and DLT to better understand both the “frictions” present in the current systems and the potential of DLT.
The report allows that DLT “could reduce or even eliminate operational and financial inefficiencies”, but stresses the technology is in its infancy. Theoretically, DLT has the capability to seriously cut down the threat of large scale hacking and theft of information because it lacks a centralized database with the stored information. In addition, if DLT is going to be useful and transformative, it will have to adopted on a large scale rather than in a piecemeal fashion. Overall, the report agrees that DLT has exciting promise, but it is unlikely to revolutionise payments, clearing, and settlement systems in the very near future.
- The FDIC protects, defends and burdens the banks
The FDIC has only has oversight over FDIC-insured institutions and is the primary federal regulator for all state-chartered insured depository institutions. Therefore, it does not regulate most of those industry participants typically included under the fintech umbrella. Banks, themselves, are entering the fintech “playground” and their activities would be covered by the FDIC, but most fintech activities at banks is happening through their relationships with third parties.
With that in mind, the FDIC released its proposed Third Party Lending guidance in July 2016 (Proposed Guidance). It focuses on bank relationships with third party lenders, which mainly consists of online marketplace lenders. FDIC-insured institutions are incentivized to enter into relationships with marketplace lenders because it allows them to reach a wider potential audience and can pad the bank’s portfolio with regard to its obligations under the CRA.
The FDIC warns, however, that the bank’s board of directors and management are ultimately responsible for the activities of any third party with which it has a relationship. Therefore, the Proposed Guidance details the sort of risk assessments and ongoing compliance oversight a bank must conduct prior to entering, and throughout, a relationship with a third party lender.
In addition, the FDIC has stated it will evaluate the third party’s activities as if they were being conducted by the bank, itself. That means the bank must have enough capital and liquidity to properly safeguard against the increased risk of third party loans. The bottom line is, banks are allowed to enter into third party lending relationships, but they will be subjected to increased scrutiny from the FDIC. Because the Proposed Guidance is from the FDIC, it would only be applicable to state-chartered banks that are not members of the FRB. The OCC and FRB, however, may well take cues from the FDIC.
The comment period on the Proposed Guidance ended in October 2016. While one would usually expect a final rule by probably mid-2017, the new administration has staked out a distinctly anti-regulation point of view. While the Proposed Guidance does not really create additional regulations, it does strengthen the FDIC’s oversight of any bank with third party lending relationships, which the Trump administration may view as inappropriate and overly burdensome.
What’s next?
While a light regulatory touch is usually the preferred system for start-ups and innovation, in financial services that often breeds more confusion than capital. It has long been understood that banks are special – deposits are backed by the full faith and credit of the United States Treasury and banks provide the lubrication for our entire financial system, and therefore the safety and soundness of the U.S. and global economy. This responsibility can make people wary to enter the financial services sector without proper direction from regulators. At the moment, the prudential regulators are poised to offer guidance and new opportunities to fintech businesses, but the future is uncertain.
Click here to read the second article in the series, which provides an overview of the fintech regulation and oversight conducted by other federal financial regulators (the Department of Treasury, the CFPB, and the SEC).
Click here to read the third article, which examines the state-level fintech regulation, proposed legislative solutions, and provides a brief overview of international regulation.