FinTech Law TL;DR (Aug 12)

Credit Repair Order -- ISA Settlement -- Crypto Infra

Aug 12, 2021

Hi all 👋

I had a great chat with Rohit over at Stilt recently, and they’re looking for a top notch first compliance hire. Go help build Stilt!

Gonna be at Moov’s Fintech Devcon? Let me know and let’s connect. You can get a 15% discount with the code “tldr”.

Crypto Is...Infrastructure?

We talked in the last update about how language in the infrastructure bill effectively means everyone in crypto will need to do basic KYC and report user info to the IRS.

Well, the Senate just passed that $1T infrastructure bill.

The crypto KYC language ultimately stayed in the bill. But I think the biggest FinTech news this week was much crypto derailed the bill.

It was expected to pass on Saturday, but crypto lobbyists flexed and held the bill up until Tuesday with debate and proposed amendments, even garnering a Tweet from Gene Simmons.

Neeraj K. Agrawal @NeerajKA

take a second to pause and admire the fact that this a real headline

Senator Cynthia Lummis @SenLummis

The endorsement we didn’t know we needed.

Gene Simmons @genesimmons

I support the Wyden-Loomis-Toomey amendment re crypto currencies and DeFi.

The bill still needs to get passed in the House and, if it does, the relevant provision shouldn’t go into effect until 2023 at the earliest. So there’s time for crypto lobbyists to get it amended.

CFPB Credit Repair Order

The CFPB filed an order against a credit repair service. The company allegedly misled consumers to believe they could lower credit card debt and improve credit score, but had no data to back it up.

The order alleges some egregious misleading, but it’s still a warning to FinTech startups focused on credit repair: you should be able to back up your claims.

FFIEC Access Release

Yesterday, the FFIEC (a group of the five main U.S. banking regulators) released updated guidance on best practices for managing “authentication and access” cyber risks.

In English: how should banks think about risk management when it comes to user access and authentication?

The release covers what you’d expect: use two-factor authentication, have reliable identity verification methods, etc. But Section 9 jumped out:

Risk management systems should consider “data aggregators and other customer-permissioned entities.” (I.e., the Plaids and Mints of the world).
Banks can assess risk based on how access is given (e.g., entering user name and password, or using a token).

There isn’t much beyond that. But when you pair it with the recent proposal on banks’ third party risk management, you start seeing the signal that regulators want banks to take their FinTech partner risks seriously.

CA ISA Agreement

So Income Sharing Agreements (ISAs) are arrangements where:

You go to some kind of school.
You pay nothing up front!
You pay a chunk of your salary for a while after graduation.

The idea is: let’s align incentives. Let’s structure the cost of an education so that schools are incentivized to make sure graduates have skills that are worth the education cost.

There’s lots of detail and variation we won’t get into today (e.g., how long do I pay after graduation?). The more interesting is the question: what is an ISA, really?

Is it a loan? Yes (there’s no “interest”) and no (you get value up front and pay it off later).

Is it a security? A school invests resources in a student and gets paid later. But it feels very different from buying AMC on Robinhood.

Or maybe it’s an installment sale.

This isn’t just a thought exercise. If a regulator says “this is a loan,” for example, that could trigger laws that apply to consumer loans (e.g., required disclosures, interest rate limits).

This past week, CA’s financial regulator reached an agreement with Meratas, a FinTech that provides ISA capabilities to schools:

CA will give Meratas a conditional license to provide ISAs to CA students.
But Meratas’s ISAs will be regulated as “student loans” under CA’s Student Loan Servicing Act (SLSA).

To be clear, this agreement only says Meratas’ ISAs are loans for servicing purposes (i.e., handling payments and collections) in CA, not any other purposes.

But it does give Meratas some certainty to test the market, and a data point that might help inform how ISAs may be regulated in the future.

Poloniex Settles with SEC

Much of the “securities” conversation in crypto focuses on whether a token (e.g., ZEC) is a security, which triggers SEC registration requirements.

But another issue is that securities exchanges themselves also have to register with the SEC.

Remember how we talked last update about the disclosures in Circle’s recent regulatory filing, and one said Circle set aside $10.4M for Poloniex charges?

Well, this week, Poloniex formally announced that $10.4M SEC settlement over operating as an unregistered securities exchange from 2017-19.

It’s not clear from the order who is paying, but it seems like Circle may be footing the bill (they owned Poloniex from early 2018 to late 2019).

Gensler Crypto Speech

The head of the SEC, Gary Gensler, gave a recent speech about crypto that got a lot of attention but…isn’t particularly insightful to me?

It’s a standard regulator stance:

Crypto’s innovation is real and valuable.
But it’s also a “wild west” (his words, not mine) with bad actors.
Oh and Congress, please give us more money to regulate it.

Of note, though: Gensler said he’s looking forward to the SEC reviewing Bitcoin ETF applications, “particularly if those are limited to . . . CME-traded Bitcoin futures.”

To date, no BTC ETFs have been approved by the SEC, though over a dozen are actively pending. But this speech seems like a pretty direct hint that the SEC is open to a Bitcoin futures ETF.

Ben Johnson, CFA @MstarETFUS
2:12 PM ∙ Aug 5, 2021
10Likes1Retweet

Caitlin Long 🔑 @CaitlinLong_

🧐ETF wld be based exclusively on #bitcoin futures rather than underlying bitcoin itself, & on cash-settled futures specifically (not bitcoin-settled). This likely means the SEC still isn't comfortable w/ market manipulation issues in bitcoin trading markets--maybe never will be.

Documenting Bitcoin 📄 @DocumentingBTC

SEC Chairman Gary Gensler says he’s open to a #Bitcoin ETF https://t.co/svxNN1JBh1

Elsewhere (in non-crypto)…

🏦 The White House is considering Saule Omarova to run the OCC. Omarova is expected to be less friendly to FinTech and crypto.
📝 The CFPB released a post documenting that credit card usage is still declining compared to pre-pandemic levels.
📝 CA’s financial regulator released a report showing mortgage loans increased by 100.5% from 2019 to 2020, while foreclosures decreased 68.4%, suggesting that eviction moratoriums were effective.
👮 The FDIC announced they’re hiring a Chief AI Officer.
📈 The SEC approved a diversity rule for Nasdaq-listed companies. The rule requires at least 2 diverse directors, including one woman and one member of an underrepresented minority group. Companies who don’t will need to attest in writing why they don’t.
🧹 FINRA is planning to do a sweep of reviews on SPACs.
📝 A group of state bank regulators (CSBS) released guidelines for how states should prudentially1 regulate FinTech companies (and other non-banks) in the mortgage space.
📝 BIS2 released a bulletin saying big tech companies should be regulated like banks.
🏦 Brex withdrew its application for a Utah ILC charter. It sounds like the company wants to strengthen and resubmit its app after feedback from Utah.
🏦 Citi just announced “Bridge,” a marketplace for SMB loans from regional, local, and community banks.
📝 The DOJ came out in support of the Fed’s recent interchange proposed rule. That rule would debit card issuers to give merchants a choice of debit networks for online or other card-not-present transactions.
⚖️ Plaid agreed to settle five class action lawsuits for $58M, based on claims the company passed users’ info onto third parties without user consent.

Elsewhere (in crypto…)

🏦 Circle is applying to become a national bank.
🚨 Brian Brooks resigned as CEO of Binance.US. He’s pretty FinTech/crypto friendly, so the fact he mentioned “differences in strategic direction” seems like a bit of a red flag.
Brian Brooks @BrianBrooksUS
Greetings #crypto community. Letting you all know that I have resigned as CEO of ⁦⁦⁦@BinanceUS⁩ . Despite differences over strategic direction, I wish my former colleagues much success. Exciting new things to come!
7:26 PM ∙ Aug 6, 2021
7,249Likes1,449Retweets
⚖️ The SEC brought its “first” securities DeFi charges against a Cayman company and its two principals, alleging they misrepresented the business model was functioning well after they realized their proposed use of smart contracts wouldn’t work as intended.

SEC @SECGov

🚨 NEWS 🚨 Our first case re: securities using DeFi Tech Today, we charged 2 men & their Cayman Islands company for raising $30 million through fraudulent offerings using smart contracts and so-called “decentralized finance” (DeFi) technology. 👉 ow.ly/psNz30rQ9dm

👮 NY’s financial regulator is hiring a deputy superintendent of crypto.

Sui Generis (Fun Finds)

I don’t write about the FinTech mortgage space that much, but I recommend Alex Johnson’s recent piece on it.

For the payments nerds among us, I came across this fun guide from Gusto: “A Developer's Guide to How ACH Works”

Marc Rubinstein’s has a great overview of AfterPay’s history and business.

Drew Morris @Drew_Morris

Part of being a lawyer is being cool with basically taking the reading comprehension portion of the SAT every day for the rest of your life

About

Hi. I’m Reggie. I’m a lawyer at BlueVine. If you want to connect or are on the FinTech job hunt, come say hi on Twitter or send an email: fintechtldr@gmail.com.

Any views expressed are my own (well, sort of? I mean, they’re based on laws and regulations, so they’re not really “mine”?). Nothing here is legal or financial advice.

Here are the foundational FinTech laws and regs if you want a closer look at anything.

Prudential regulations ensure institutions are “safe and sound,” or will be able to tolerate market shocks.

BIS = international group of banking regulators that suggests regulatory standards.

Fintech Law TL;DR

Discussion about this post