At the recent Finovate Conference in New York City, a showcase of cutting-edge banking and financial technology, Keith Noreika, acting Comptroller of the Currency, made an unusual comparison regarding the relationship between FinTech and regulators.
“It's kind of like dating,” he said, advocating a getting-to-know-you period and fully acknowledging there may be differences in expectations.
The comparison may not be as unusual as it seems at first, especially when put in the lexicon of online flirting. Swipe right: leveraging technology to lower costs, increase financial inclusion, expand services, and improve service. Swipe left: predatory products, damage to traditional business models, data exploitation, and the increased likelihood of security breaches.
FinTech subsectors primarily include lending, mobile payments, digital wealth management, and distributed ledger technology (better known as blockchain).
Up-and-coming firms undoubtedly have a love-hate relationship with the prospect of uniquely tailored regulations that can be both a burden and, in the right conditions, provide an evolutionary leap in legitimacy. The challenge for regulators is how to balance innovation with consumer protections and fears of systemic risk.
A novel regulatory concept, intended to tear down the Tower of Babel nature of silo-ensconced regulators, emerged during a Sept. 12 hearing, “Examining the FinTech Landscape,” convened by the Senate Banking Committee.
“We hope that financial innovation breaks down barriers, increases financial inclusion, and ultimately does good,” said Sen. Brian Schatz (D-Hawaii), “but the risks are real and there are security issues…There's the risk of creating a platform for predatory actors and entrenching social and racial biases.”
“Innovation is disruptive, but it can be disruptive in both positive and negative ways,” he added.
Schatz’ proposa dedicated innovation office a one-stop shop in the government for FinTech businesses to figure out which regulations apply to them and a mechanism for coordinating among the regulators, he explained. “It would be a ild est without some attempt to coordinate. We already have narrow questions of compliance for particular companies.”
“I think it's a great idea,” said expert witness Eric Turner, a research analyst with S&P Global Market Intelligence. “Having some sort of sandbox program in place could help FinTech and regulators really figure out what they're working towards.
If you look at large banks today, I think they all have innovation offices,” he .
“Inter-agency cooperation is a really profound problem,” said Frank Pasquale, a professor of law at the University of Maryland Francis King Carey School of Law. “The big agenda item over the next decade is how you can get these agencies to cooperate on something like an Office of Innovation. “
Plenty of other ideas regarding FinTech regulation have been bandied about in recent months. A February forum sponsored by the Brookings Institution, through its Center on Regulation and Markets, catalogued many of the top pitches.
“We hope that financial innovation breaks down barriers, increases financial inclusion, and ultimately does good, but the risks are real and there are security issues,”
Sen. Brian Schatz (D-Hawaii)
The Financial Innovation Act, introduced by Rep. Patrick McHenry (R-N.C.) in 2016 to promote innovation in financial services, would provide a regulatory safe-space to allow companies, in conjunction with regulators, to test products in a limited launch. “This change would provide data to regulators that could be used to craft regulation for similar products, while enabling industry, consumers, and government officials to benefit from real world-experiences,” a Brookings report said.
Several government efforts are also gaining prominence in FinTech discussions. The Office of the Comptroller of the Currency, notably, has proposed granting special purpose national charters for FinTech companies, applying a bank-like regulatory framework.
The effort, however, is far from a done deal. The OCC has been sued by the New York Department of Financial Services over the preemption of state regulators.
In June, the Commodity Futures Trading Commission announced the creation of LabCFTC, a multi-faceted hub for the agency’s engagement with FinTech innovators. The initiative is aimed at promoting responsible FinTech innovation to improve “the quality, resiliency, and competitiveness of the markets the CFTC oversees.”
Located in New York LabCFTC will also look to accelerate the Commission's engagement with FinTech and RegTech solutions “that may enable the it to carry out its mission responsibilities more effectively and efficiently.”
“Digital innovations present equal regulatory challenges,” Chairman J. Christopher Giancarlo said. They include “big data” capability to enable more sophisticated data analysis and interpretation, artificial intelligence to guide highly dynamic trade execution, “smart” contracts that value themselves and calculate payments in real-time, behavioral biometrics that can detect and combat online fraud, and distributed ledger technology, more commonly known as blockchain.
LabCFTC includes “a tool for innovators to efficiently communicate with the CFTC to seek specific regulatory guidance about proposed applications of new technologies.” Another effort, CFTC 2.0, is designed “to strengthen the agency’s understanding of new technologies, and to adopt them in support of our essential mission overseeing derivative markets.”
The CFTC also established an internal FinTech/RegTech innovation lab “to better understand new technologies and to identify potentially useful applications.”
The OCC is similarly considering a safe-space/sandbox that would allow firms to work cooperatively with regulators to develop new technologies without immediate, initiative-killing regulatory liability.
In October 2016, the Consumer Financial Protection Bureau released its first report on Project Catalyst, an effort to encourage consumer-friendly innovation in markets for consumer financial products and services.
On Sept. 14, it announced, as part of that effort, that a no-action letter was issued to Upstart Network, a company that uses alternative data in making credit and pricing decisions.
As a condition of the no-action letter, Upstart will regularly report lending and compliance information to the CFPB “to mitigate risk to consumers and aid the Bureau’s understanding of the real-world impact of alternative data on lending decision-making.”
Upstart Network, based in California, provides an online lending platform for consumers to apply for personal loans, including credit card refinancing, student loans, and debt consolidation. It evaluates consumer loan applications using traditional factors such as credit score and income, as well as incorporating non-traditional sources of information such as education and employment history.
The action comes as the Bureau “continues to explore the use of alternative data to help make credit more accessible and affordable for consumers who are credit invisible or lack sufficient credit history.”
The no-action letter is specific to the company’s specific facts and circumstances and does not serve as an endorsement of the use of any particular variables or modeling techniques. Under the terms of the letter, Upstart will share information with the Bureau regarding the loan applications it receives, how it decides which loans to approve, and how it will mitigate risk to consumers.
The Senate Banking Committee’s hearing explored a variety of regulatory debates concerning FinTech. “Other governments are exploring options such as a regulatory sandbox approach that encourages innovation by allowing firms to test products and services in a supervised U.S. Senator Mike Crapo (R-Idaho)
A timely detour, however, added a fresh element to the discussion.
Hackers penetrated a Web-based application and subsequently obtained credit card numbers for 209,000 consumers and credit dispute documents for 182,000 users. Social Security numbers, birthdates, and home addresses may have been compromised.
Sen. Sherrod Brown (D-Ohio) connected Equifax’s woes to FinTech concerns.
“I am interested in how Congress can encourage FinTech nnovation to make it easier for community banks to serve their customers, comply with important safety and soundness and anti-money laundering rules,” he said. “While financial technology covers many different activities, all of those activities rely on the responsible use and careful protection of data. In the case of Equifax, that did not happen.”
“The collection and use of this alternative data may promise some benefits by providing access to credit for people in communities that traditional lenders overlook,” he added. “But as recent data breaches have shown, the risks are clear and substantial.”
THE REGULATORY LANDSCAPE
The following is from the written testimony of Lawrance Evans, director of financial markets for the Government Accountability Office, at a recent hearing convened by the Senate Banking Committee.
Regulatory oversight of commonly referenced FinTech subsectors is complex and spread among federal and state entities.
Regulation of the commonly referenced subsectors depends on the extent to which the firms provide a regulated service and the format in which the services are provided, with responsibilities fragmented among multiple entities that have overlapping authorities.
Federal oversight authorities that apply to regulated activities generally include risk management oversight related to services provided to federally regulated depository institutions, consumer protection oversight, and securities and derivatives markets oversight. State licensing laws and oversight mechanisms, including consumer protection, vary by state.
In October 2016, the Consumer Financial Protection Bureau released its first report on Project Catalyst, the project to encourage consumer-friendly innovation in markets for consumer financial products and services. In December 2016, the Office of the Comptroller of the Currency published a paper discussing issues related to chartering special-purpose national banks and solicited public comment to help inform its path moving forward.
Officials from the Conference of State Bank Supervisors we spoke with noted that the states are working on developing tools that can facilitate compliance with state-by-state licensing mechanisms, such as the Nationwide Mortgage Licensing and Registry System. NMLS is intended to enable firms to complete one record to apply for state licensing that fulfills the requirements of each state, for states that participate in the system.
A number of self- regulatory efforts have emerged with the intent of developing responsible innovation and mitigating and reporting risks to potential borrowers seeking marketplace lending products.
Regulation of marketplace lenders is largely determined by the lenders’ business model and the borrower or loan type. Marketplace lenders may be subject to federal and state regulations related to bank supervision and securities regulation. The depository institution regulators other than the National Credit Union Administration have authority to regulate and examine certain services provided by third parties.
Marketplace lenders that provide services through an arrangement with federally regulated depository institutions may be subject to examination by the depository institution’s regulator in connection with the performance of those services. The depository institution regulators also provide third-party guidance or vendor risk management guidance that depository institutions should adhere to.
Some marketplace lenders that originate loans directly to consumers or businesses (e.g., a direct marketplace lender) are generally required to obtain licenses and register in each state in which they provide lending services. According to officials from CSBS, state regulators then have the ability to supervise these lenders, ensuring that the lender is complying with state and federal lending laws. Marketplace lenders may be subject to federal consumer protection laws enforced by CFPB and the Federal Trade Commission.
Certain regulations generally apply to consumer loans but may not apply to small business or other commercial loans, though, FTC does have the authority under Section 5 of the Federal Trade Commission Act to protect, among others, small businesses that are consumers of marketplace lending products or services from unfair or deceptive acts or practices.
Lastly, the Securities and Exchange Commission regulates public offerings of securities by the marketplace lenders, unless an exemption from registration applies.
The regulatory and oversight framework for mobile payments consists of a variety of federal and state regulation and oversight. Determining which laws apply to mobile payments is complicated by several factors, including agency jurisdiction, mobile payment providers’ relationship to depository institutions, and the type of account used by a consumer to make a mobile payment.
Three of the federal depository institution regulators—Federal Reserve, FDIC, and OCC—are authorized to examine and regulate the provision of certain services provided by mobile payment providers to federally insured banks and thrifts.
The CFPB has consumer protection authority over certain nonbank institutions and enforcement jurisdiction over entities that offer or provide consumer financial products or services.
Nonbank providers of financial products and services, including mobile payment providers and prepaid card providers, may be subject to FTC consumer protection enforcement actions. Additionally, state regulators oversee mobile payment providers licensed in each state in which they operate as a money service business.
The SEC regulates investment advisers, which generally includes firms that provide digital wealth management platforms. The SEC subjects digital wealth management firms to the same regulations as traditional investment advisers and requires digital wealth management firms that manage over $110 million in assets to register as investment advisers.
The SEC’s supervision of investment advisers includes evaluating their compliance with federal securities laws by conducting examinations, including reviewing disclosures made to customers. It also investigates and imposes sanctions for violations of securities laws.
State securities regulators generally have registration and oversight responsibilities for investment adviser firms that manage less than $100 million in client assets, if they are not registered with the SEC, and can bring enforcement action against firms with assets of any amount for violations of state fraud laws.
FINRA also has regulatory authority over broker-dealers that use digital investment advice tools to provide investment services to clients. The Commodities Futures Trading Commission has oversight authority over commodity trading advisers, of which CFTC officials stated that digital wealth management firms that meet the statutory definition would be subject to the same oversight and compliance obligations of other traditional commodity trading advisers.
Digital wealth management firms are subject to consumer protection laws that are enforced by FTC.
Source: Senate Banking Committee
Innovation must be paired with assurances of secure data, Brown said.
“If we can encourage banks to partner with each other or innovative startups, we may be able to cut down on red tape without exposing consumers or the financial system to additional risk,” he added. “We have already seen how mobile payments have expanded access for many to the financial system, both at home and abroad. But we also need to fully understand the risks and ensure that oversight gaps do not exist for bad actors to exploit American customers.”
Lawrance Evans, director of financial Markets for the Government Accountability Office, was among those who testified at the hearing. He singled out concerns connected to the use of alternative data in credit decisions and the risk of potential fair lending violations.
Unlike traditional lending companies that look at a person’s credit reports, some marketplace lenders also take into account or have considered using alternative data, such as utilities, rent, telephone bills, and educational history, during the underwriting process.
According to staff from the Federal Trade Commission, marketplace lenders must ensure that their practices meet fair lending and credit reporting laws. “
The use of alternative data also introduces the risk that the data used are inaccurate and concerns that consumers may not have sufficient recourse if the information being used is incorrect,” Evans said.
“Fintech offers tremendous benefits including increased access to financial services, lower costs, and reduced frictions,” said S&P Global Market Intelligence’s Turner.
Regulation, however, “has been unevenly applied to the sector, and in many ways the introduction of a clear regulatory framework could help further boost innovation,” he added. “Issues like cyber-security, data ownership, and data privacy are important not just to FinTechs, but to the financial industry as a whole. Clear standards and regulation can provide clarity in these areas as well.”
The “looming challenge” for digital lenders today is regulation, “since they have no clear regulatory framework,” Turner reiterated.
“Many lenders rely on regulated banks to issue loans on their behalf,” he said. “Other lenders have sought state-level licensing for their businesses, but this can be an expensive and time-consuming process and make it difficult for lenders to offer consistent rates to their borrowers. Some lenders have attempted to find regulation through industrial loan company (ILC) charters, which has already elicited pushback from incumbents.”
Pasquale, of the University of Maryland’s law school, expressed concerns over the use of so-called alternative data. Outside the U.S., FinTech firms have already scored creditworthiness based such factors as: political activity on Twitter account (in India, lenders have considered repayment more difficult and will not lend to those individuals); the contents of a person’s smartphone, including who and when they place calls and receive messages; what apps are on a smartphone; and even how a potential customer fills in online forms.
“Machine learning systems are constantly developing even more invasive forms of assessing creditworthiness, or factors influencing it,” Pasquale said.
Some FinTech advocates advocate radical deregulation of their services, to enable their rapid entry into traditional banking markets, Pasquale explained. There is a risk of the label merely masking “old wine in new bottles.”
“The annals of financial innovation are long, but not entirely hallowed,” he said. When deregulatory measures accelerated in the late 1990s and early 2000s, their advocates argued that new technology would expertly spread and diversify risk. However, new quantitative approaches often failed to perform as billed.”
“Some FinTech may promote competition and create new options for consumers,” Pasquale added. “But we should ensure that it is fair competition, and that these options don’t have hidden pitfalls.”