Fintech Law TL;DR (May 18)
CRA Proposal -- SEC Crypto Hires -- ECOA Opinion
Hi all 👋
Lithic is hiring a Content Creator! I work with Lithic’s marketing folks regularly and they’re awesome, so please apply or send great folks our way!
Your email will likely clip this, so click here to read in browser.
CRA Revamp Proposal
One way the US has tried to combat redlining – the practice of providing less credit in certain areas in a way that leads to racial (and other) discrimination – is the Community Reinvestment Act (CRA). The law was passed in the late ‘70s, and it creates an incentive system for banks to better serve all segments of society, including underserved and low- and moderate-income (LMI) areas.
The CRA has a complex set of rules, but the TL;DR is that banks get CRA ratings based on how well they’re serving their communities. They get points for lending to underserved home buyers and SMBs, the number of branches in LMI areas, or sponsoring financial literacy programs. Then, if a bank wants to be part of a merger or acquisition, or add branches, regulators consider its CRA ratings.
But the rules haven’t been updated in 2+ decades and there are a few problems with them in practice. Two big ones are:
The rules aren’t written for a world of online banks! They’re framed for physical-first banks, where branches play a big role, not a world with Chime or BlueVine.
Banks get passing scores pretty easily; the law doesn’t have much bite in practice. And that’s driven, in part, by vague, opaque standards.
There have been a few attempts the past few years to modernize the CRA rules.1 But they were false starts, and Dems are now taking the opportunity to revise the CRA rules while they can.
Specifically, the Fed, OCC, and FDIC released a proposal last week to facelift the CRA rules, including:
CRA assessments would include online and mobile activities, branchless banking, and hybrid banks. Assessments would include areas a bank doesn’t have an office if they make a certain number of loans in the area.
The rating rules will be more transparent, with benchmark metrics and clearer activities that count for CRA purposes.
“Great,” you say, “but does it apply to fintech?” Not directly; the agencies kept “nonbanks” out of this proposal. But that makes sense; the law’s enforcement mechanisms are enforced by banking regulators, which generally don’t have as pervasive authority over fintechs.
But! The new CRA rules (once finalized) may trickle down to fintechs.
Fintechs may find themselves having conversations with bank partners about the CRA. Some examples:
Bank partners may want to geographically limit how many products (e.g., SMB loans or home loans) can be offered in areas to avoid triggering the CRA there.
But banks may also be more interested in talking with (and potentially cutting subsidized deals or investing in) impact-focused fintechs that could help CRA scores. SMB, farm lenders, and mortgage lenders, in particular.
I’m hearing banks are realizing they over-indexed on credit fintech partnerships nowadays, so it’s already getting harder to find a fintech credit sponsor bank if you don’t have a compelling case. 🤔
Banks may ask to leverage more of the educational PR fintechs do (e.g., personal finance webinars or blogs).
Banks may be more interested in keeping loans on their books, instead of selling them to the relevant fintech partner (so they can continue to claim the community impacts of the loans).
TL;DR: smart fintechs will consider how they can use new CRA rules (once finalized) as leverage with their bank partners.
CFPB ECOA Opinion
ECOA is one of the main fair lending laws, and it prohibits discriminating2 against consumers and businesses in the extension of credit. But the law itself talks about “applicants” for credit. Some have argued that ECOA only covered credit applications, and didn’t apply once credit was offered or accepted.
Well, the CFPB just published an advisory opinion affirming that ECOA applies to individuals and businesses not just when they apply for credit, but after credit has been extended. You can’t discriminate when reviewing a credit application or over the life of that credit relationship.
ECOA requires creditors to send “adverse action” notices (or AANs) whenever any adverse decisions are made on a credit application (e.g., denial). The new advisory opinion makes it clear that AANs are required after credit has been offered or extended, too (e.g., revoking credit, or decreasing credit line size).
From what I know, most fintechs already do a good job with this and recognize discrimination isn’t just an “application” thing. Regardless, any fintechs with credit products may want to consider their practices for ECOA issues. For example:
After a customer has been offered credit, what sorts of criteria are used when deciding to decrease or revoke credit? Do those criteria correlate with discriminatory impacts? Are there other criteria you could use with less discriminatory outcomes?
Are you sending AANs when a customer’s existing credit terms are adversely changed?
SEC Crypto Headcount
The SEC announced they’ve added 20 positions to the Crypto Assets and Cyber Unit, for a total of 50 people. Since the unit was created in 2017, it’s brought enforcement actions against fraud and unregistered securities crypto offerings and platforms.
The tone of release focuses on investor protection rather than fraud, and it names crypto offerings (i.e., sales), exchanges, lending and staking, DeFi, NFTs, and stablecoins as priorities.
Two thoughts. First, some folks (like SEC Commissioner Hester Peirce) are alarmed that the SEC is primarily writing crypto rules by reactive enforcement rather than proactive regulation.
One way to look at the SEC’s approach to crypto – the way crypto advocates look at it – is to say “the SEC is being lazy, they’re hurting innovation, they don’t understand that crypto needs new rules!” Another way – the way the SEC looks at it – is to say “crypto meets the existing definitions of securities and commodities, we don’t need new rules!” And, IMO, unless there’s a new federal law on crypto regulation, we’re going to get the latter interpretation. Which looks like regulation by enforcement in practice.
Second, there’s a theory that in nascent industries or products regulators go after the egregious frauds, and foot faults are overlooked. As the relevant industry or product grows, regulators move from egregious situations that pose more imminent harm to enforcing foot faults, where the potential harm is less immediate and less material but enforcement is more preventative.
You could see these hires as a sign that crypto is in that latter phase. The SEC used its authority to halt scammy ICOs back in 2017-18; Bitconnect was egregious fraud. Arguably, the SEC’s BlockFi interest-bearing account order is an example of a foot fault violation (where harm is more theoretical and possible as opposed to actually happening). The SEC may just be amping up enforcement headcount to go after more vanilla securities violations.
Banking regulators in Connecticut sent a cease and desist to Solo Funds, a company that claimed to be an alternative to predatory payday lending. The regulators claim the company violated state and federal laws by misleading borrowers over interest rates.
Fintech Business Weekly has a superb breakdown of the order and penalties, which I recommend. The TL;DR: Solo showed borrowers they were getting 0% loans (on their TILA disclosure), but borrowers paid tips that yielded APRs of 43% to 4,280%. Many folks have been waiting for the shoe to drop in “tipping” models; it looks like the time has come.
Intuit agreed to pay $141M to settle claims TurboTax (which Intuit owns) steered Americans away from free tax-filing services with misleading ad campaigns, per Reuters.
Senator Durbin led a hearing on interchange fees, initiated by Visa and Mastercards’ April interchange fee increases; Payments Dive has a nice summary of it.
The CFPB ordered a debt relief payment processor to pay nearly $12M for handling illegal fees for student loan debt relief companies, deceiving consumers about fees, and paying illegal commissions to marketing companies.
The CFTC announced it will be holding its first-ever meeting to discuss carbon offset markets, including standardization and data needs.
The FTC proposed rules that would extend the Telemarketing Sales Rule (TSR) protections to small businesses. The TSR set guardrails on what telemarketers can do. E.g., they can’t request advance payment for services (which can be used as a hook for credit builder companies that charge up front, depending on the payment model). Currently, the TSR applies to consumers but not SMBs.
A Fed report found fintech SMB lenders “provide credit to additional borrowers at lower cost.” Aka, they expand the pie.
The OCC is hosting virtual innovation hours to meet 1:1 with fintechs.
FINRA published its 2022 industry snapshot, an annual quantitative report on the activity it oversees. New editions this year include: SPAC filings, geographic distribution of registered individuals, and customer margin debt.
Alvaro Bedoya was confirmed by the Senate and sworn in as an FTC Commissioner, ending a 2-2 split FTC by giving Democrats a 3-person majority which will let FTC Chair Lina Khan more easily push Dem policies.
The CFPB is ramping up its enforcement unit with 20 new attorneys, per American Banker.
The CFPB released highlights of common violations it encountered during H2 2021 supervisory exams. We’ve already talked about the more important ones as they came out, but you can find a good summary from Ballard Spahr if you want more.
Match Group (parent co of Tinder, Match, and OkCupid) sued Google over its “anticompetitive” Android app store pricing and practices.
While “stablecoin” UST broke its dollar peg, the Federal Reserve published its annual Financial Stability Report, which highlighted stablecoin runs and the need for regulation, and Sec. of Treasury Janet Yellen also called for stablecoin legislation at a Senate committee hearing, per WSJ.
Coinbase added a disclosure in its 10-Q saying that customers whose crypto Coinbase holds could be treated as general unsecured creditors if the company went bankrupt. Coinbase CEO Brian Armstrong explained in a Twitter thread that the risk was added based on a new SEC requirement.
CA’s governor signed an executive order promoting crypto. The order directs the state to create a “transparent and consistent business environment” for crypto. The overall aim of the order is to create a clearer, innovation-friendly regulatory framework, and to explore ways crypto could address public service needs.
Goldman Sachs offered its first bitcoin-backed loan, per Bitcoin Magazine.
NY’s mayor is calling for an end to the BitLicense, per CoinTelegraph. The regime has generally been considered poor policy that drives crypto firms out of NY.
FTX applied for a NY trust charter, the alternative to a BitLicense, per CoinDesk. A trust charter would let the firm manage clients’ assets and offer crypto infra products to other financial institutions.
NY’s financial regulator released guidance for crypto companies that stressed the use of blockchain analytics for AML compliance.
The Dept of Treasury sanctioned Blender.io, a crypto mixer used by North Korea to facilitate cyber attacks. It’s the first time Treasury has sanctioned a crypto mixer.
Compound’s institutional USDC-backed yield product, Compound Treasury, was given a B- grade by S&P Global Ratings. It appears to be the first time an institutional DeFi product was scored by a major credit rating agency.
NVIDIA agreed to a cease and desist order and $5.5M penalty to settle SEC charges the company failed to disclose how the crypto mining demand for the company’s GPUs positively impacted its gaming business.
Sui Generis (Fun Finds)
Hi. I’m Reggie. I’m a fintech product lawyer at Lithic
Sponsoring the newsletter
Early stage fintech looking to raise
Just want to say hey!
Are you a fintech company looking to fill roles? If you want your open roles highlighted in two editions (currently) read by 1.5-2K folks, check out the FinTech Law TL;DR Pallet. It’s a targeted fintech audience of primarily legal, compliance, product, and operations folks.
Any views expressed are my own (well, sort of? I mean, they’re based on laws and regulations, so they’re not really “mine”?). Nothing here is legal or financial advice.
For example, in 2020 the OCC pushed a proposal on its own, under a Trump-appointed Comptroller. The current OCC (led by Michael Hsu, a Dem) rescinded those rules recently.
Discrimination based on protected attributes like race, gender, ethnicity, sexuality, and others.