Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 16, the FDIC’s technology lab, FDiTech, announced a tech sprint, which challenges participants to “identify solutions that can be used by institutions of all sizes to measure and test their resilience to a major disruption.” The tech sprint, From Hurricanes to Ransomware: Measuring Resilience in the Banking World, is designed to review new measures, data, tools, or capabilities to calculate how well community banks, and the banking sector as a whole, can withstand a major disruption. According to the FDIC, “[r]ecognizing the evolving threat environment to bank operations, their need to strengthen resilience, and given the challenges that banks face in identifying criteria to determine their respective levels of tolerance for a disruption, the FDIC seeks solutions that improve sector-wide resilience by helping answer the question: ‘What would be the most helpful set of measures, data, tools, or other capabilities for financial institutions, particularly community banks, to use to determine and to test their operational resilience against a disruption?’” Registration will be required for stakeholders to participate, and additional information on how to participate is expected on the FDiTech website.
On June 16, the FDIC’s technology lab, FDiTech, announced a tech sprint, which challenges participants to “explore new technologies and techniques that would help expand the capabilities of banks to meet the needs of unbanked individuals and households.” The tech sprint, Breaking Down Barriers: Reaching the Last Mile of Unbanked U.S. Households, invites banks, non-profit organizations, academic institutions, private sector companies, and others to identify data, tools, and other resources that may assist community banks meet the needs of the underbanked in a cost-effective manner. According to the FDIC, a recently published survey found that more than seven million U.S. households were unbanked with Black, Hispanic, American Indian or Alaska Native households having a higher likelihood of being unbanked. Registration will be required for stakeholders to participate, and additional information on how to participate is expected on the FDiTech website in early July.
On May 27, the House Select Subcommittee on the Coronavirus Crisis sent letters to two banks and two fintech companies seeking information on the companies’ handling of loan applications under the Paycheck Protection Program (PPP). According to a press release announcing the launch of the subcommittee’s investigation, the letters (available here, here, here, and here) were sent to four companies that facilitated PPP loans but may have allegedly failed to adequately screen PPP loan applications for fraud. The subcommittee notes that recent reports lend “credence to reports that criminal actors sought out [fintechs] for fraudulent PPP loans because of the speed with which the [fintech] companies processed the loans—which in some cases could be approved in ‘as little as an hour’—and the fact that the [fintech] loan application process appeared to include very little scrutiny of its applicants.” The letters request documents and information to assist the Subcommittee in understanding the fraud controls and compliance systems that the companies applied to their PPP loan programs.
On May 11, FDIC Chairman Jelena McWilliams spoke at the Federalist Society Conference about the Dodd-Frank Act in a post Covid-19 environment and the future of financial regulation. Among other topics, McWilliams emphasized the importance of promoting innovation through inclusion, resilience, amplification, and protecting the future of the banking sector. McWilliams pointed out that “alternative data and AI can be especially important for small businesses, such as sole proprietorships and smaller companies owned by women and minorities, which often do not have a long credit history” and that “these novel measures of creditworthiness, like income streams, can provide critical access to capital” that otherwise may not be possible to access. McWilliams also discussed an interagency request for information announced by the FDIC and other regulators in March (covered by InfoBytes here), which seeks input on financial institutions’ use of AI and asks whether additional regulatory clarity may be helpful. McWilliams also added that rapid prototyping helps initiate effective reporting of more granular data for banks. Additionally, McWilliams addressed agency’s efforts to expand fintech partnerships through several initiatives intended to facilitate cooperation between fintech groups and banks to promote accessibility to new customers and offer new products. Concerning the ability to confront the direct cost of developing and deploying technology at any one institution, McWilliams added that “there are things that we can do to foster innovation across all banks and to reduce the regulatory cost of innovation.”
On April 29, the FDIC’s technology lab, FDiTech, announced that it will host a series of virtual “office hours” to hear from a variety of stakeholders in the business of banking concerning current and evolving technological innovations. The office hours will be hour-long, one-on-one sessions that will provide insight into the contributions that innovation has made in reshaping banks and enabling regulators to manage their oversight efficiently. According to the FDIC, “FDiTech seeks to evaluate and promote the adoption of innovative and transformative technologies in the financial services sector and to improve the efficiency, effectiveness, and stability of U.S. banking operations, services, and products; to support access to financial institutions, products, and services; and to better serve consumers.” FDiTech’s goal is to contribute to the transformation of banking by supporting “the adoption of technological innovations through increased collaboration with market participants.” In the first series of office hour sessions, the FDIC and FDiTech are seeking participants’ outlook on artificial intelligence and machine learning related to: (i) automation of back office processes; (ii) Bank Secrecy Act/Anti-Money Laundering compliance; (iii) credit underwriting decisions; and (iv) cybersecurity.
FDiTech anticipates hosting approximately 15 one-hour sessions each quarter. Interested parties seeking to participate in these sessions must contact the FDIC by May 24.
On April 13, SEC Commissioner Hester M. Pierce released an updated version of her proposal for a three-year safe harbor rule applicable to companies developing digital assets and networks. As previously covered by InfoBytes, last year Pierce suggested that not only would the rule provide regulatory flexibility “that allows innovation to flourish,” but it would also protect investors by “requiring disclosures tailored to their needs” while still maintaining anti-fraud safeguards, allowing investors to participate in token networks of their choice. The three-year grace period for qualifying companies, Pierce suggested, would allow time for the development of decentralized or functional networks, adding that at the end of the three years, a successful network’s tokens would not be regulated as securities.
The updates to the proposal reflect feedback from the cryptocurrency community, securities lawyers, and the pubic, and include, among other things:
- A requirement for companies to provide semi-annual updates to the plan of development disclosure and a block explorer;
- An exit report requirement, which would include either (i) an outside counsel analysis explaining why the network is decentralized or functional; or (ii) an announcement that the company will register the tokens under the Securities Exchange Act; and
- Enhancements to the exit report requirement to address what the outside counsel’s analysis should address when explaining why a network is decentralized.
The public is encouraged to provide feedback on the updated proposal.
On February 16, the FDIC announced the appointment of Sultan Meghji as the agency’s first Chief Innovation Officer. Prior to the FDIC, Meghji was the co-founder of a financial technology firm that provides, “secure, cloud-native, artificial intelligence-based software for community banks and credit unions.” Additionally, Mr. Meghji served as an advisor to the U.S. Treasury, the Group of Seven (G7), the OCC, and the FBI in the areas of cybersecurity, quantum computing, and artificial intelligence. In accepting the position, Meghji stated that his mission “is to engage both public and private sector partners to ensure the financial system of the future is innovative, resilient, and equitable.”
On December 16, the enforcement section of the Massachusetts Securities Division filed an administrative complaint against a broker-dealer online trading platform alleging the company violated various state laws by using “aggressive tactics” to gain inexperienced investors. According to the complaint, the company, among other things, (i) used advertising techniques, including using young actors, to target younger individuals (with a median customer age around 31 years old) with little to no investment experience; (ii) failed to implement policies and procedures that were “[r]easonably [d]esigned to [p]revent and [r]espond to [o]utages and [d]isruptions on its [t]rading [p]latform,” resulting in nearly 70 outages throughout 2020; (iii) used “gamification strategies,” such as confetti raining down on the screen after a trade or requiring customers to “tap” a fake debit card to increase their position on the waitlist, to “lure customers into consistent participation” with the platform; and (iv) failed to review and supervise, in accordance with its own procedures, the approval of options trading accounts. The complaint asserts that the company’s tactics failed to adhere to the fiduciary conduct standard required of broker-dealers in the state of Massachusetts since the adoption of amendments in March, with enforcement beginning on September 1. Massachusetts is seeking an injunction, restitution, disgorgement, and administrative fines.
On October 15, NYDFS, in collaboration with the Conference of State Bank Supervisors and the Alliance for Innovative Regulation, announced that a first-of-its-kind techsprint focusing on virtual currency will take place early 2021. The techsprint will bring together regulators, fintech and virtual currency industry stakeholders, and experts to collaborate on regulatory compliance solutions. Possible solutions may include “process improvements to a functional prototype of a reporting mechanism,” such as Digital Regulatory Reporting (DRR), which will “give regulators instant access to data provided by firms under their supervision.” Based on the takeaways from the techsprint, NYDFS intends to “develop a set of common standards and an open source technical framework for DRR” that may be adopted by NYDFS and other regulatory agencies. As part of the collaboration, future techsprints will also be developed that focus on other types of nonbank entities subject to financial regulation.
On July 17, the CFPB announced a new Compliance Assistance Statement of Terms Template (CAST Template) under its Compliance Assistance Sandbox (CAS) Policy issued to a company’s program designed to help employees build emergency savings. Specifically, under the approved template, known as “Autosave,” interested employers could help employees build emergency savings by directing a portion of the employee’s pay to an employee-designated account at a financial institution; or if an employee does not designate an account, directing the funds to an “Autosave” account at an employer-designated institution. The Bureau notes that a CAST Template is necessary for this program due to the legal uncertainty around the application of the “compulsory use” prohibition in the Electronic Fund Transfer Act (EFTA), and Regulation E. However, the applicants assert the Autosave program embodies a “reasonable default enrollment method,” which, according to the Bureau, can be consistent with the consumer choice requirements of the EFTA and Regulation E.
- Buckley Webcast: Best practices for incident-response planning in a dangerous and regulated world
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek