FinTech Law TL;DR (Dec 14)
FinCEN Database -- Payment Processor Order -- FDIC Drama
Guess who’s back 🎵 back again 🎶
Didn’t have the time for this newsletter given some big work and personal projects going on, but it feels good to be back!
I’m off on vacation the next two weeks, so you won’t hear from me until the new year. Lots more fun writing coming in 2022, stay tuned…
FinCEN’s Shell Co. Proposal
The US could use some help with shell companies.
Anti-money laundering (AML) laws require many financial institutions to identify owners of 25%+ of an entity, but there hasn’t been a great coordinated way for federal agencies or other FIs to access or share that info. Which makes it hard to trace money laundering, tax evasion, and other crimes.
In early 2021, Congress passed an overhaul of money laundering laws, and a piece of it requires FinCEN to create a database of material entity owners (aka, “beneficial owners”). It won’t be public, but law enforcement, banks, and others will have access.
Most big companies already have to report this kind of stuff (think: public company filings). So this new database mainly affects a lot of medium and small private companies.
One fun practical question: how, exactly, is FinCEN going to get that info?
When you form an entity, you need to file basic info with a state, so there was hope states would coordinate with FinCEN to collect and report the owner info.
Welp, last week FinCEN released proposed rules. And part of it says, in effect, that they talked to states and states said LOL no way.
So it seems like entities will have to report their owner info to FinCEN directly. And I’m sure money launderers and tax evaders will do that ASAP.
BUT. The new law provides penalties for companies who don’t report.1 So it does give regulators a new hammer when they identify a sketchy entity. “Tell us who owns you, or else!”
FTC Bans Payment Processor
Last month, the FTC entered an order and filed suit in DC district court against a payment processor, Automatic Funds Transfer Services, and its owner for facilitating payments for a fraudulent student loan debt relief scheme.2 The order includes $$ penalties and bans the processor from helping any debt relief companies.
Among other flags, the court facts suggest the processor:
Knew they had higher ACH return rates than normal,
Was aware of reports ACHs weren’t authorized,
Was aware the debt relief scheme used several names to hide their identity, and
Knew about plenty of consumer complaints re: the debt relief company.
We talked in June about a CFPB suit against a payment processor based on UDAAP claims. These FTC actions are just more evidence for why payment processors need to have good systems in place for investigating red flags.
Fireworks at the FDIC
The short version: last Thursday, two Democrat-appointed members of the FDIC’s board pushed out a request for comments on updating the FDIC’s policies in reviewing proposed bank M&As. It’s spicy because they published it over the objection of the FDIC chair woman, a Republican-appointee, and it’ll kick off a process that’ll likely make bank M&A harder.
OK so, some fun stuff is happening at one of the usually-less-scandalous regulators:
The FDIC is governed by a board of 5 members, and Jelena McWilliams, a Republican-appointee, is currently the chair of the board.
Two board members, Rohit Chopra and Martin Gruenberg, announced an FDIC request for comment on the CFPB’s site.
Chopra = Democrat-appointee & director of the CFPB
Gruenberg = Democrat-appointee
The request says the FDIC plans to review the standards for reviewing and approving bank M&A, so they’re opening up to public comments.
Plot twist: the FDIC then released “FDIC Statement on CFPB Statement,” saying the FDIC didn’t approve the release.
What it all means:
The FDIC’s board is majority Democrat, and they’ll likely want to make bank M&A harder. So it seems like McWilliams probably didn’t want to let the tightening of M&A standards kick off.
It might be the first attempt by Dems to push McWilliams out. She’s generally been less favorable to climate considerations and more willing to let banks take on risks.
It’s another data point that Chopra’s CFPB is happy to push its boundaries; the FDIC statement was published on the CFPB’s site, not the FDIC’s.
It’s also another angle for regulators to address antitrust issues, which explains why Lina Khan seemed to support it…
There’s also some interesting debate on whether McWilliams, as chair, has the ability to override the other board members, and whether Chopra and Gruenberg have standing to issue the request. See this piece from Adam Levitin if you want the legalese.
OCC’s Stablecoin Update
The OCC, under Brian Brooks, issued three interpretive letters related to crypto. An “interpretive letter” is a regulator saying, for example, “hey there’s this new tech that doesn’t fit nicely in our laws, but we interpret the law in a way that allows it.”
Brook’s prior letters said national banks can:
Provide crypto custody services,
Hold dollar deposits as stablecoin reserves, and
Act as nodes in or participate in blockchains that are used for payments.
Brooks was known for more, err…”flexible” interpretations of law (read: crypto-friendly). So when the current acting head of the OCC Michael Hsu stepped in, he announced the OCC would review past actions.
I expected Hsu might fully roll back those crypto letters, but on Nov 18, the OCC released another interpretive letter saying those 3 crypto letters were good with one catch: before a national bank can engage in any of the activities, it has to get an OCC letter saying the OCC doesn’t object.
Before, banks could just start providing crypto custody, or hold stablecoin reserves. Now, they have to effectively get approval from the OCC beforehand. And that approval will depend on showing they have sufficient risk controls in place.
What’s lacking from the Nov 18 update: word on what the OCC under Hsu thinks about crypto trust charters like Anchorage’s. Stay tuned.
🏛️ Jerome Powell was re-appointed as chair of the Fed. 🖨️ 💸 It was a no Brainard.
📝 Federal regulators issued a final rule requiring banks to notify their main regulator if they have a material security breach. More relevant for FinTechs: bank partners must also notify the bank if they have material security breaches.
⚖️ OppFi agreed to settle claims it violated DC’s 24% interest rate cap. DC’s claims alleged OppFi was the “true lender” (not its bank partner). OppFi will pay $2.4M and agreed to stop offering loans with interest >24% in DC.
🤓 Forbes published a must-read on FinTech fraud.
🌎 The OCC is asking for academic and policy research on climate risks in banking and finance.
🤓 The NY Fed and BIS are partnering on a FinTech research center, which will help guide regulators.
💳 NY has a new law that makes it harder for debt collectors to file lawsuits.
🏠 FinCEN announced it will propose rules for real estate transactions, asking for inputs on high-level Qs like who AML reporting requirements should apply to. They tried this in 2003 and got so much backlash they let the proposal die.
⚖️ The New Yorker had a recent, really good piece on FTC Chair Lina Khan’s background and antitrust philosophy: “Do you want an FTC chair who’s going to win cases? . . . Or do you want an FTC chair who’s going to have glorious, spectacular losses that so enrage people that the system gets fixed?”
👋 Saule Omarova withdrew her nomination to lead the OCC.
📝 NY’s financial regulator released a letter about how regulated businesses should be using multi-factor authentication.
😬 Last week, the OCC released its semiannual federal banking risk report: operational risk is high, credit risk is moderate, compliance risk is high, and low-yield-environment pressure is high.
📝 The CFPB released highlights from exams in the first half of 2021.
📱 The company-formerly-known-as-Facebook relaxed its crypto ad restrictions by expanding the number of regulatory licenses it’ll accept if you want to run crypto ads from 3 to 27.
📝 BlockFi finally got their SEC notice over their interest accounts.
📝 The OCC, Fed Board, and FDIC released a statement summarizing the results of their crypto “policy sprint” that suggest the sprint was more of a jog-they-thought-about-but-couldn’t-get-off-the-couch. TL;DR: it just lists key areas that regulators “may” be interested in, but nothing is new (e.g., custody, lending collateralization, payments).
📝 BIS (a group of international bank regulators) released its quarterly review, encouraging policymakers to regulate DeFi and emphasized that DeFi hasn’t gotten away from centralized actors.
“Anonymous Crypto Donors Are Changing Philanthropy”: “About a week later, we received a short note . . . . He was a closeted gay man and, because he was afraid of having it tied back to him, he had never donated to an LGBTQ charity before.”
Sui Generis (Fun Finds)
So so so much cool stuff from while I was away.
First, Patrick McKenzie (aka @patio11) started what is, IMO, one of the best-written blogs out there in FinTech, Bits about Money. Go give it a read. His writing and insights are of the caliber most writers dream of.
Second, the UK’s main financial regulator (the FCA) released a…holiday…jingle?
Third, Brex cofounder Pedro Franceschi recently wrote this piece about “people that scale” and I can’t stop thinking about it:
“Perhaps a better way to think about experience is not as how many times you’ve done a job before, but instead how many times you had to change yourself in order to be successful.”
Lastly, Plaid opened up their accelerator applications:
For the curios: civil penalties of $500/day, and criminal penalties up to $10K and two years in prison. There’s also a 2-year grace period for existing companies after the final regs are passed.
For the lawyers: the claims (in the order and DC case) are based on violating Section 5 of the FTC Act and the Telemarketing Sales Rule.