FinTech Law TL;DR (July 18)
FinTech Law TL;DR (July 18)
Buy Now, Stress Later -- Bank Partner Risk -- Exec Orders
I’m back from Alaska and I gotta say, Denali National Park is a heck of a good reminder why we #KeepItPublic.
This is a longer FinTech Law TL;DR, which seems to be a common problem…there’s just too much interesting stuff happening in FinTech right now!
FinTech Devcon
I’ll be in Denver for Moov’s FinTech Devcon, Sept 7-9. And the folks at Moov were kind enough to offer 15% off for FinTech Law TL;DR readers if you use the code “tldr”.
I’m super excited to meet more FinTech folks in person, so let me know if you’ll be there and let’s grab coffee or drinks!
Third-Party Risk Management
Boring section title, I know. But stay with me for a second.
This past week the FDIC, OCC, and Fed issued a coordinated proposal on how banks should manage third party (3P) risk. Aka, how should banks manage the risks their FinTech partners pose?
I read through the proposal so you don’t have to.
Background: Those agencies had all separately released similar guidance in the past…but they were a venn diagram of partial overlap. So the proposal is mainly meant to make all the agencies’ standards consistent.
At a high-level, the proposal says:
FinTechs can offer “significant advantages” for banks, like faster tech roll out, more product offerings, more human capital, and access to new markets.
Banks need to manage 3P risks.
This means doing diligence before partnering, monitoring, keeping good compliance records, having good contractual protections with partners, and having a plan to terminate the 3P if the arrangement goes south.
The extent of “risk managing” a bank needs to do depends on how critical the FinTech is (more on that shortly).
But there are some interesting takeaways when you read between the lines:
FIRST, not much of the release is “new.” It largely tracks the OCC’s 2013 release and 2020 FAQs.
SECOND, what if banks don’t have good enough 3P risk management processes? The new release says that could be an “unsafe or unsound practice.” Aka, a prudential regulation violation -- which is bad for a bank. It’s another way of saying “you’re a systematic threat to the US banking system.” This is regulators saying “hey folks, this matters; take it seriously.”
THIRD, “critical bank partners” warrant more scrutiny. I read this to distingusih between FinTechs that are part of a bank’s core systems and services (e.g., the sole tech used to process deposits) vs. supplemental business (e.g., Daylight partners with MetaBank to expand access to a niche market)?
FOURTH, one of the factors that makes a 3P “critical” is whether there are alternatives for the bank if that 3P fails. This seems like a backdoor for regulators to target anticompetitive markets.
Consistent, interagency guidance matters because the US is careening towards better open banking regs (more on that below). So banks will increasingly be forced to allow 3Ps to access their systems, and they need to know how to manage the risks that come with that access.
CFPB Overdraft Report
The CFPB released a study on checking account overdrafts. Some key takeaways:
For customers that opt-in1, overdraft and NSF fees are ~75% of checking account fees, and average >$250 per year.
8% of customers incur nearly 75% of all overdraft fees.
The median transaction size that trigger overdraft fees is $50.
Over half of consumers who overdraft bring their account positive within 3 days, and 76% bring it positive within one week.
Biden’s Exec Order
President Biden flexed and issued a number of exec orders aimed at promoting competition.
Two are worth FinTech’s attention.
Bank M&A
First, one order requires the DOJ, FDIC, and OCC to give more scrutiny to bank mergers. Per the Fed, from 1990-2020, the US lost around 8,000 banks (a ~64% decrease). That’s a big increase in concentration, and bank M&A will likely be less easy going forward.
Open Banking
Second, another order “encourages” the CFPB to get on with Section 1033’s regs, already.
Section 1033 of Dodd-Frank gives consumers the right to access their financial info held by a bank; it’s the basis of US “open banking.” But the CFPB hasn’t issued final regs for 1033 despite Dodd-Frank being passed over a decade ago.
Biden’s exec order only “encourages” the CFPB to make Section 1033’s rules. It doesn’t require them to do anything. So no real teeth. But that’s OK; the CFPB was already (finally) pushing those rules forward.
Regardless, articulating what Section 1033 means for consumers should encourage innovation because FinTechs will have more certain guidance for open banking innovations.
But a clearer 1033 will also encourage bank-vs-bank competition. If consumers can switch banks more easily, then banks are going to need to do more to keep their customers happy.
I could go on about what Biden’s “encouragement” of 1033 regs mean for FinTech for a while, but John Pitts already did:
Buy Now, Stress Later?
There was a lot of talk this week about Buy Now, Pay Later (BNPL) after Apple announced it was building its own BNPL Apply Pay service.
But I’ve separately noticed BNPL scrutiny is getting louder, more common, and more substantiated.
CFPB Post
First, the CFPB recently released a blog post “Should you buy now and pay later?” The Bureau flagged BNPL risks for consumers to consider:
BNPL generally doesn’t require hard credit checks, so consumers can easily overextend their finances without that sort of external (albeit imperfect) limit.
Some BNPL companies report to credit bureaus if users miss payments.
BNPL products can have late fees, or trigger fees from your bank (see the recent Afterpay class action over these fees).
BNPL doesn’t come with the same protections credit cards do (like rights to dispute fraudulent charges).
Buy Now, Stress Later?
The second big BNPL item that caught my attention is this study by money.co.uk of 2,000 UK BNPL users.
I haven’t dug into the study methodology, so take it with a grain of salt. But the study found:
19% said BNPl was a way to “buy now, worry later.”
16% admitted using BNPL to fund purchases because they got carried away and bought more than they could afford.
The average time to clear BNPL is nine months, well in excess of the 30- to 60-day window that BNPL plans are based on.
Depending on the BNPL company, anywhere from 8-20% of users said they weren’t confident they could pay back the amount on time.
These seem like bad stats for BNPL FinTechs, but you have to ask: what are those numbers for traditional credit cards?
If you asked 2,000 credit card users, would you get a similar proportion that says they buy more than they can afford?
If you’ve got an eye on BNPL, the study summary is worth reading; it covers other items like what UK consumers are using BNPL for.
Schwab Robo-Advisor Fine?
Schwab’s robo-advisor may pay $200M to settle SEC charges. Schwab added the potential charge to its Q2 SEC filing, saying the SEC was investigating the company following a compliance exam.
Based on the filing, the investigation is focused on past disclosures. Some commentators have guessed that it may be based on Schwab advertising its robo-advisor as “free,” when it actually collected fees based on interest spreads on client cash.
The $200M is just an accounting earmark for now, so Schwab could end up paying less. But this is likely the start of a increased robo-advisor scrutiny by the SEC.
Fed/Yale Stablecoin Rec
The Fed and Yale released a paper yesterday outlining the regulatory options for a US stablecoin.
They use a framework asking:
Would this option eliminate runs on stablecoins?
Would it achieve “NQA” status (aka, no one needs to do diligence on whether the coin has value)?
Their rec is that the US needs to do something, and do it soon. The best options are:
Stablecoins issued by FDIC-insured and regulated banks.
Stablecoins backed by assets like US treasuries or central bank reserves, but history teaches that isn’t a great option.2
Have a central bank digital currency, and “tax private stablecoins out of existence.”
Elsewhere…
✍️ President Biden signed Congress’s resolution to repeal the OCC’s true lender rule. See a prior update for implications.
📝 A group of FinTech lenders and the NCRC asked the CFPB to provide guidance on how ECOA’s disparate impact apply to AI, ML, algorithms, and alternative data.
📝 FinCEN issued its first-ever list of priorities (see this if you want the list ↗️3). What gets measured, gets managed?
⚖️ The FTC fined LendingClub $18M over hidden fees, telling consumers they were approved for loans when they weren’t, and taking money from consumer’s bank accounts without authorization.
📝 The CFPB issued a bulletin saying it is paying particular attention to FCRA obligations for accurate credit reporting and dispute handling.
₿ FinCEN appointed its first “Chief Digital Currency Advisor.”
₿ Per Bloomberg, Crypto exchanges plan to beat Binance by...complying with the law? Yes, yes, that seems like a reasonable strategy.
⚖️ Robinhood will pay a $57M FINRA fine and pay customers $12.6M. Cadwalader has a good breakdown of the specific charges.
⚖️ The Second Circuit affirmed that student loans can be discharged in Chapter 7 bankruptcy.
⚖️ The CFPB settled an enforcement action against GreenSky over the company enabling contractors and merchants to take out home improvement loans for consumers who didn’t request or authorize them. GreenSky has to refund or cancel up to $9M in loans, and pay a $2.5M penalty.
📝 The CFPB released highlights of its 2020 supervisory exams.
Sui Generis (Fun Finds)
File under: “things not to put in an email if you’re using a lawsuit to extort Apple”
Don’t use small font in your contracts.
Tim Wu (of the Wu Khan Clan) explains net neutrality on a roller coaster:
About
Hi. I’m Reggie. I’m a lawyer at BlueVine. If you want to connect or are on the FinTech job hunt, come say hi on Twitter or send an email: fintechtldr@gmail.com.
Any views expressed are my own (well, sort of? I mean, they’re based on laws and regulations, so they’re not really “mine”?). Nothing here is legal or financial advice.
Here are the foundational FinTech laws and regs if you want a closer look at anything.
Banks can’t charge overdraft fees on debit card transactions unless you opt in.
That model was used during the National Banking Era. Inevitably, there was an imperfect supply of Treasuries that caused bank runs.
In no particular order: corruption, cybercrime (including cybersecurity and crypto), terrorist financing, fraud, transnational criminal organizations, drug trafficking, human trafficking and smuggling, and nuclear/chemical/biological weapons financing.