FinTech Law TL;DR (Aug 29)
FinTech Partner Guidance -- Broker Headwinds -- 2020 SAR Data
Hi all 👋
Gonna be at Moov’s Fintech Devcon? Let me know and let’s connect. FinTech Law TL:DR readers can get a 15% discount with the code “tldr”.
Community Bank FinTech Partners
We’ve talked about the Fed/OCC/FDIC guidance on third-party (e.g., FinTech bank partner) risk management from July, as well as the FFIEC’s recent guidance on access and authentication risks (e.g., Plaid access).
Well, on Friday the Fed, FDIC, and OCC released a guide to help community banks assess the risks of partnering with FinTech companies.
It’s mostly what you’d expect, and aligns with the July guidance. It says community banks should diligence a FinTech’s:
Experience, goals, and qualifications.
Financial condition.
Legal and regulatory compliance.
Risk management and controls.
InfoSec and IT.
Operational resilience.
A few observations, though:
Compared to the other releases, this one focuses on FinTech (mentioning “fintech” 129 times vs. 20 in the July release).
The guidance’s examples repeatedly mention early and growth stage as an important factor for community banks to consider. Aka, earlier FinTechs may have fewer financials and compliance policies, so warrant extra scrutiny.
The guidance flags client concentration risk (think: Marqeta and Square), as well as reliance on crucial subcontractors (think: APIs all the way down).
The release mentions funding sources as a diligence consideration, and specifically names VC. This gets at a potential benefit to FinTechs IPOing earlier rather than later; they may be subject to less pressure from VCs to growth in a way that could jeopardize responsible expansion.
It’s nothing groundbreaking. But it’s another data point showing regulators are explicitly thinking and sketching out how our financial system should incorporate FinTech.
Identity Theft Case Study
In case you haven’t seen it in the past two weeks, please go read Fintech Business Weekly’s case study on how various FinTech co’s responded when Jason’s identity was stolen.
It’s not legal news, but it drives home some of the practical tools good actors in FinTech think about (like good customer support and identity verification).
Brokerage Headwinds
Behavioral Hacks
On Friday, the SEC formally announced they’re requesting comments on how broker-dealers and investment advisers use “digital engagement practices.” E.g.; gamification (confetti), differential marketing, behavioral prompts, design hooks, and analytics tools.
I wonder if we’re going to end up with some soft standard like “best execution.”1
I can imagine the SEC following this request up with something like an “undue engagement” proposal where brokers can’t use behavioral hacks to the point they enable excessive trading based on a customer’s risk profile. And then it becomes a case-by-case analysis that develops standards over time.
Another prime example of “digital engagement practices” is…
Free Stock Isn’t Free
I took a few MBA courses in law school, and one that’s really stuck with me was marketing taught by Hal Hershfield, who came at it from a psych POV.
Sidenote: You all should go check out Hal’s work; it’s aimed at how we understand ourselves through time, and how that understanding can be leveraged to make better decisions. Perfect example: showing people age-progressed pictures of themselves leads to higher rates of retirement savings.
One of the things we talked about in the course is all the research on “free.”
Homo Sapiens are absolutely, completely, and profoundly irrational when something changes from costing one cent to being free. We unthinkingly flock to the free option.
Which is why the no-commission Robinhood model of stock trading was such a sea change for retail investing. Free trading.
But Robinhood and other brokers are also using the “free” psych trick by offering investors free shares when they open a new account or refer friends.
A big problem with the free promo stock, though, is companies need to give all those new shareholders proxy materials before annual meetings. And that costs money.
Well, it sounds like regulators are finally listening to public companies’ complaints and scrutinizing the practice. I won’t be entirely surprised if brokers who do this end up having to foot the proxy material bill.
FINRA 2020 SAR Data
So one tool the US uses to fight money laundering is suspicious activity reports (SARs) that financial institutions have to file with FinCEN for certain suspicious transactions.2
(Whether SARs and the current AML system are effective is a different story.)
Well, FinCEN just released its SAR filing data for 2020.
You can play with data from 2014 onwards, but I was curious about two in particular: fraud and money laundering SAR filings by depository institutions during COVID.3
Elsewhere (non-crypto)
The SEC released an API for financial statement data (i.e., an EDGAR API).
FINRA released a notice clarifying what obligations broker-dealers have when using third-party vendors. I can only help but wonder if Robinhood’s $70M FINRA fine from June had something to do with it (HOOD was fined, in part, for failure to oversee an affiliate’s tech that led to outages).
The CFPB filed a $850K settlement against a debt collector for failing to ensure info reported to CRAs was accurate, failing to investigate disputes and identity theft claims, and misrepresenting owed debts.
Outgoing NY Governor Cuomo signed a law to fight overdraft fees. Specifically, it requires NY-regulated banks to process checks either in the order received or from smallest to largest to prevent overdraft fees. Under current law, once a large check triggers overdraft, banks can reject smaller checks even if there are sufficient funds.
The CFPB released a report showing superprime credit card limits dropped in COVID, while most other segments stayed flat and are now just recovering:
Wanting to expand credit access, Fannie Mae will begin considering rental payment history when underwriting.
This new CSBS study shows state-chartered banks were the main distributor of PPP loans.
The CFPB is planning to study the behavioral psychology of electronic disclosures on mobile devices.
The CFPB released new technical specs for credit card issuers to comply with TILA and the CARD Act.
One of Bill Ackman’s SPACs is getting sued for being an unregistered investment company (i.e., an investment fund) instead of an operating company (which is the normal SPAC theory).
The FDIC’s tech lab announced a tech sprint for identifying tools that FIs can use to test their resilience to major disruptions.
Elsewhere (crypto)
I did a guest piece over at Munch this week, looking at recent events and giving a regulatory outlook on crypto.
Binance is now requiring KYC on users.
SEC Chair Gary Gensler gave a WSJ interview saying DeFi projects that reward participants with incentives (e.g., tokens or governance fees) are more likely to be securities.
A District Court (SDNY) ordered five BitMEX entities to pay $100M penalties for offering swaps and derivatives without being approved by the CFTC and failing to implement KYC and AML procedures and programs.
The Fed’s FOMC mentioned crypto for the first time on record in July.
VanEck and ProShares withdrew their submission for Ethereum ETFs.
Per Robinhood’s newest earnings, the broker is collecting more revenue from crypto than retail trading. 62% of that was from Dogecoin.
Sui Generis (Fun Finds)
I Tweeted this fascinating piece on how NY’s investigation of Apple/Goldman’s alleged underwriting discrimination fell short. If you geek out on fair lending issues, the comments are worth a read:
About
Hi. I’m Reggie. I’m a lawyer at BlueVine. If you want to connect or are on the FinTech job hunt, come say hi on Twitter or send an email: fintechtldr@gmail.com.
Any views expressed are my own (well, sort of? I mean, they’re based on laws and regulations, so they’re not really “mine”?). Nothing here is legal or financial advice.
Here are the foundational FinTech laws and regs if you want a closer look at anything.
“Best execution” is a broker-dealer’s (e.g., Robinhood) obligation to execute trades in the way that’s most advantageous to customers.
E.g., >$25K transactions where you suspect a criminal activity, or a transaction that seems highly unusual for a customer.
When FinTechs partner with a bank, it’s the bank’s obligation to file SARs, so FinTech filings would show up in depository institutions. There may be some FinTechs who fall under the money service business category or others, though.