Treasury calls for improved oversight of Fintech partnerships – Fin Tech
On November 16, 2022, the Department of Finance (“Treasury”) issued a report entitled “Assessing the impact of new non-bank entrants on competition in consumer finance markets” (“Treasury Report”), which recommends, among other things, that federal financial regulators pursue a more robust regulatory framework for non-bank financial services. Recognizing the continued importance for consumers of bank-fintech relationships to have access to competitive financial services Treasury -the report calls for “responsible innovation” through increased oversight.The Treasury report includes a set of recommendations to be used within existing regulatory frameworks to ensure that bank-fintech partnerships continue to promote competition and innovation in a reasonable manner, while protects consumers and the safety and soundness of banks.
This financial report was the result of President Biden’s July 9, 2021, Executive Order 14036, “Promoting Competition in the American Economy” (“Executive Order”). The executive order established the White House Competition Council and directed federal agencies to take a series of actions related to the administration’s policies related to competition and anticompetitive conduct.
The Treasury report recognizes and encourages cooperation between banks and fintech, noting that bank-fintech relationships have the ability to increase market competition, improve consumer access to financial services and reduce prohibitive cost barriers to those services. However, these benefits, according to the financial report, come with risks, especially in new, largely untested financial services and the limits of the existing regulatory framework. For example, the financial report noted that (1) fintechs, unlike banks, are generally not subject to supervisory regulation, (2) the Consumer Financial Protection Bureau’s (“CFPB”) supervisory authority varies based on the fintech’s activities and size, and (3) government oversight of fintechs is uneven, and therefore, “by offering unbundled products and services,” the activities of fintechs “can be conducted largely outside the perimeter of federal supervisory regulation and oversight.”
Treasury offers a series of recommendations to federal regulators. The recommendations focus on how federal banking regulators and the CFPB can balance the need for competition and the need to advance regulatory oversight of the changing risk landscape. Importantly, the finance report focuses on the “core consumer finance markets” – ie deposits, payments and credit, and the Treasury’s recommendations are framed within existing regulatory authorities.
While this client alert focuses on Treasury’s recommendations, the Treasury report consists of five sections covering a range of topics. First, Treasury provides an overview of the current market landscape, including a description of the regulatory environment applicable to the core consumer finance markets. In the second part, Treasury acknowledges and explores the changing financial services landscape, particularly as it relates to the entry of non-banking firms. The third part of the financial report reviews the opportunities and risks associated with new non-bank market entrants and the benefits they could bring to consumer finance as a whole. In part four, Treasury reviews how the entry of Big Tech firms could affect consumer finance markets. Finally, in section five, Treasury makes recommendations for how regulators can promote competition and innovation in markets for the benefit of consumers.
Treasury recommendations
The Treasury report focuses on advancing two goals—(1) enabling competition in the provision of financial services to consumers that can benefit consumers while appropriately managing risk; and (2) promote regulatory oversight across financial institutions commensurate with the activities and risks associated with new structures for delivering financial services to consumers.
Encourage increased measurement of competition and review of concentration in banking
Treasury supports the ongoing review by the DOJ and the federal banking agencies of bank merger oversight policy given the changes in the consumer finance markets. Both the DOJ and the Federal Deposit Insurance Corporation have previously requested public comment on their respective analyzes of bank mergers.
Enables competition within responsible consumer credit guarantee
With respect to responsible consumer credit underwriting, the Treasury Department recommends that federal banking regulators: (1) use the existing supervisory framework to provide clarity to insured depository institutions (“IDIs”) regarding the use of alternative data and complex algorithms in credit underwriting (particularly in light of fair lending risks and implications for consumers’ privacy and data security) – i.e. credit visibility; (2) continue to engage institutions seeking to implement new assurance approaches through pilot programs and new tools that can encourage self-testing and remediation; (3) review current underwriting and fair lending guidance to detect any gaps that may exist in helping IDIs develop risk management processes for products using new underwriting approaches; (4) clarify and supplement the MRM regulatory framework1 so that IDI’s model risk management processes can protect against uncertain or adverse outcomes; and (5) coordinate with relevant federal agencies to identify and mitigate fair lending violations where alternative data in consumer credit insurance is used.
Enables effective oversight of bank-fintech relationships
To make one clearer and more consistently usedregulatory framework, where fintechs, and not IDIs, provide services, the Treasury Department recommends that the federal banking agencies finalize the proposed interagency guidance on risk management of third-party relationships (“TPRM Guidance”). The TPRM guidance will confirm that IDI is responsible for carrying out its activities, including those carried out by a third party, in a safe and sound manner. The Treasury report also noted that the federal banking agencies have the legal authority to “regulate and supervise IDI activities … conducted directly, or with or through a third-party relationship as if all aspects of the activities were conducted by IDI itself,” and which as a result, “the activities conducted on behalf of IDI by a Fintech will be subject to the laws and regulations applicable to IDI and subject to oversight and examination by IDI’s federal regulator.”
Treasury further recommends that regulators include in the final TPRM guidance language to assist IDIs in negotiating contract provisions consistent with their internal oversight and risk management policies.
Treasury also noted the “significant benefits” that could result from “enhanced coordination among the full suite of relevant federal agencies” to ensure that fintechs participating in a bank-fintech partnership are appropriately supervised.
Encourage competition in responsible small-dollar lending
Treasury recommends that the federal banking regulators revise their supervisory practices with respect to the interagency Lending Principles for Offering Responsible Small-Dollar Loans (“SD Lending Guidance”). It further recommends updating the SD Lending Guidance to cover larger loan amounts and the ways in which the SD Lending Guidance applies to bank-fintech lending relationships to cover more aspects of a loan program. Treasury recommends that regulators provide IDIs with adequate guidance on how to offer small dollar loans while maintaining compliance with applicable laws and regulations.
For non-bank lenders that do not operate through a relationship with an IDI, Treasury recommends that the CFPB monitor and examine the development of small dollar installment loan products and review its authorities to determine whether it can directly supervise larger non-bank consumer lenders. These will include buy-now-pay-later (“BNPL”) and installment loan providers. In September 2022, the CFPB released a report on its key insights into the BNPL market and identified areas of risk for consumer harm, including, according to the CFPB, inconsistent consumer protection for BNPL borrowers and overextension of BNPL borrowers.
Enables secure data sharing
To facilitate continued access to shared financial data, the Treasury Department recommends that the CFPB adopt a rule to implement section 1033 of the Dodd-Frank Act. The final rule should clearly define the scope of financial data that is subject to consumer access rights. Furthermore, the TPRM guidance should also clarify “an IDI data holder’s assessment of consumer authorized access by third party data collectors and data users,” and any obligations an IDI has to protect consumer authorized data from a fourth party2 abuse. Treasury is also recommending that the CFPB review its authorities to consider how to oversee data collectors, as financial states can hold large amounts of consumer data with little oversight of their information security or data practices.
Implications for the financial report
Like other recent developments, the finance report and its recommendations reflect expected increased regulatory scrutiny of fintechs and bank-fintech partnerships. The CFPB has already taken a number of actions that signal its focus on fintechs, including, as noted above, the BNPL report, as well as orders directed at a number of “Big Tech” companies related to their payment business practices. In addition, the Office of the Comptroller of the Currency also reached a settlement agreement in August 2022 with a supervised bank related to its alleged failure in the bank’s supervision and oversight of a fintech in the bank’s partnership with the fintech.
The Treasury report also suggests a primary role for the CFPB in the enhanced oversight of fintechs, as many of the Treasury Report recommendations called for either the CFPB to review its supervisory authority over fintechs or more coordination with the CFPB.
We will continue to follow developments related to the recommendations from the Treasury in the Treasury report.
Jason Nerland, an associate in our Washington, DC office, contributed to the writing of this notice.
Footnotes
1. Treasury uses this term to refer collectively to the existing principles-based approaches to model risk management supervision that the federal banking regulators set forth in their Model Risk Management and Supervisory Practices Guidance.
2. A “fourth party” data use is one that receives, through a data aggregator, consumer authorized data from an IDI.
Due to the generality of this update, the information provided here may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved