Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 27, the House Select Subcommittee on the Coronavirus Crisis sent letters to two banks and two fintech companies seeking information on the companies’ handling of loan applications under the Paycheck Protection Program (PPP). According to a press release announcing the launch of the subcommittee’s investigation, the letters (available here, here, here, and here) were sent to four companies that facilitated PPP loans but may have allegedly failed to adequately screen PPP loan applications for fraud. The subcommittee notes that recent reports lend “credence to reports that criminal actors sought out [fintechs] for fraudulent PPP loans because of the speed with which the [fintech] companies processed the loans—which in some cases could be approved in ‘as little as an hour’—and the fact that the [fintech] loan application process appeared to include very little scrutiny of its applicants.” The letters request documents and information to assist the Subcommittee in understanding the fraud controls and compliance systems that the companies applied to their PPP loan programs.
On May 11, FDIC Chairman Jelena McWilliams spoke at the Federalist Society Conference about the Dodd-Frank Act in a post Covid-19 environment and the future of financial regulation. Among other topics, McWilliams emphasized the importance of promoting innovation through inclusion, resilience, amplification, and protecting the future of the banking sector. McWilliams pointed out that “alternative data and AI can be especially important for small businesses, such as sole proprietorships and smaller companies owned by women and minorities, which often do not have a long credit history” and that “these novel measures of creditworthiness, like income streams, can provide critical access to capital” that otherwise may not be possible to access. McWilliams also discussed an interagency request for information announced by the FDIC and other regulators in March (covered by InfoBytes here), which seeks input on financial institutions’ use of AI and asks whether additional regulatory clarity may be helpful. McWilliams also added that rapid prototyping helps initiate effective reporting of more granular data for banks. Additionally, McWilliams addressed agency’s efforts to expand fintech partnerships through several initiatives intended to facilitate cooperation between fintech groups and banks to promote accessibility to new customers and offer new products. Concerning the ability to confront the direct cost of developing and deploying technology at any one institution, McWilliams added that “there are things that we can do to foster innovation across all banks and to reduce the regulatory cost of innovation.”
On April 29, the FDIC’s technology lab, FDiTech, announced that it will host a series of virtual “office hours” to hear from a variety of stakeholders in the business of banking concerning current and evolving technological innovations. The office hours will be hour-long, one-on-one sessions that will provide insight into the contributions that innovation has made in reshaping banks and enabling regulators to manage their oversight efficiently. According to the FDIC, “FDiTech seeks to evaluate and promote the adoption of innovative and transformative technologies in the financial services sector and to improve the efficiency, effectiveness, and stability of U.S. banking operations, services, and products; to support access to financial institutions, products, and services; and to better serve consumers.” FDiTech’s goal is to contribute to the transformation of banking by supporting “the adoption of technological innovations through increased collaboration with market participants.” In the first series of office hour sessions, the FDIC and FDiTech are seeking participants’ outlook on artificial intelligence and machine learning related to: (i) automation of back office processes; (ii) Bank Secrecy Act/Anti-Money Laundering compliance; (iii) credit underwriting decisions; and (iv) cybersecurity.
FDiTech anticipates hosting approximately 15 one-hour sessions each quarter. Interested parties seeking to participate in these sessions must contact the FDIC by May 24.
On April 13, SEC Commissioner Hester M. Pierce released an updated version of her proposal for a three-year safe harbor rule applicable to companies developing digital assets and networks. As previously covered by InfoBytes, last year Pierce suggested that not only would the rule provide regulatory flexibility “that allows innovation to flourish,” but it would also protect investors by “requiring disclosures tailored to their needs” while still maintaining anti-fraud safeguards, allowing investors to participate in token networks of their choice. The three-year grace period for qualifying companies, Pierce suggested, would allow time for the development of decentralized or functional networks, adding that at the end of the three years, a successful network’s tokens would not be regulated as securities.
The updates to the proposal reflect feedback from the cryptocurrency community, securities lawyers, and the pubic, and include, among other things:
- A requirement for companies to provide semi-annual updates to the plan of development disclosure and a block explorer;
- An exit report requirement, which would include either (i) an outside counsel analysis explaining why the network is decentralized or functional; or (ii) an announcement that the company will register the tokens under the Securities Exchange Act; and
- Enhancements to the exit report requirement to address what the outside counsel’s analysis should address when explaining why a network is decentralized.
The public is encouraged to provide feedback on the updated proposal.
On February 16, the FDIC announced the appointment of Sultan Meghji as the agency’s first Chief Innovation Officer. Prior to the FDIC, Meghji was the co-founder of a financial technology firm that provides, “secure, cloud-native, artificial intelligence-based software for community banks and credit unions.” Additionally, Mr. Meghji served as an advisor to the U.S. Treasury, the Group of Seven (G7), the OCC, and the FBI in the areas of cybersecurity, quantum computing, and artificial intelligence. In accepting the position, Meghji stated that his mission “is to engage both public and private sector partners to ensure the financial system of the future is innovative, resilient, and equitable.”
On December 16, the enforcement section of the Massachusetts Securities Division filed an administrative complaint against a broker-dealer online trading platform alleging the company violated various state laws by using “aggressive tactics” to gain inexperienced investors. According to the complaint, the company, among other things, (i) used advertising techniques, including using young actors, to target younger individuals (with a median customer age around 31 years old) with little to no investment experience; (ii) failed to implement policies and procedures that were “[r]easonably [d]esigned to [p]revent and [r]espond to [o]utages and [d]isruptions on its [t]rading [p]latform,” resulting in nearly 70 outages throughout 2020; (iii) used “gamification strategies,” such as confetti raining down on the screen after a trade or requiring customers to “tap” a fake debit card to increase their position on the waitlist, to “lure customers into consistent participation” with the platform; and (iv) failed to review and supervise, in accordance with its own procedures, the approval of options trading accounts. The complaint asserts that the company’s tactics failed to adhere to the fiduciary conduct standard required of broker-dealers in the state of Massachusetts since the adoption of amendments in March, with enforcement beginning on September 1. Massachusetts is seeking an injunction, restitution, disgorgement, and administrative fines.
On October 15, NYDFS, in collaboration with the Conference of State Bank Supervisors and the Alliance for Innovative Regulation, announced that a first-of-its-kind techsprint focusing on virtual currency will take place early 2021. The techsprint will bring together regulators, fintech and virtual currency industry stakeholders, and experts to collaborate on regulatory compliance solutions. Possible solutions may include “process improvements to a functional prototype of a reporting mechanism,” such as Digital Regulatory Reporting (DRR), which will “give regulators instant access to data provided by firms under their supervision.” Based on the takeaways from the techsprint, NYDFS intends to “develop a set of common standards and an open source technical framework for DRR” that may be adopted by NYDFS and other regulatory agencies. As part of the collaboration, future techsprints will also be developed that focus on other types of nonbank entities subject to financial regulation.
On July 17, the CFPB announced a new Compliance Assistance Statement of Terms Template (CAST Template) under its Compliance Assistance Sandbox (CAS) Policy issued to a company’s program designed to help employees build emergency savings. Specifically, under the approved template, known as “Autosave,” interested employers could help employees build emergency savings by directing a portion of the employee’s pay to an employee-designated account at a financial institution; or if an employee does not designate an account, directing the funds to an “Autosave” account at an employer-designated institution. The Bureau notes that a CAST Template is necessary for this program due to the legal uncertainty around the application of the “compulsory use” prohibition in the Electronic Fund Transfer Act (EFTA), and Regulation E. However, the applicants assert the Autosave program embodies a “reasonable default enrollment method,” which, according to the Bureau, can be consistent with the consumer choice requirements of the EFTA and Regulation E.
On July 7, the CFPB released a blog post discussing the use of artificial intelligence (AI) and machine learning (ML), addressing the regulatory uncertainty that accompanies their use, and encouraging stakeholders to use the Bureau’s innovation programs to address these issues. The blog post notes that “AI has the potential to expand credit access by enabling lenders to evaluate the creditworthiness of some of the millions of consumers who are unscorable using traditional underwriting techniques,” but using AI may create or amplify risks, including unlawful discrimination, lack of transparency, privacy concerns, and inaccurate predictions.
The blog post discusses how using AI/ML models in credit underwriting may raise compliance concerns with ECOA and FCRA provisions that require creditors to issue adverse action notices detailing the main reasons for the denial, particularly because AI/ML decisions can be “based on complex interrelationships.” Recognizing this, the Bureau explains that there is flexibility in the current regulatory framework “that can be compatible with AI algorithms.” As an example, citing to the Official Interpretation to Regulation B, the blog post notes that “a creditor may disclose a reason for a denial even if the relationship of that disclosed factor to predicting creditworthiness may be unclear to the applicant,” which would allow for a creditor to use AI/ML models where the variables and key reasons are known, but the relationship between them is not intuitive. Additionally, neither ECOA nor Regulation B require the use of a specific list of reasons, allowing creditors flexibility when providing reasons that reflect alternative data sources.
In order to address the continued regulatory uncertainty, the blog post encourages stakeholders to use the Trial Disclosure, No-Action Letter, and Compliance Assistance Sandbox programs offered by the Bureau (covered by InfoBytes here) to take advantage of AI/ML’s potential benefits. The blog post mentions three specific areas in which the Bureau is particularly interested in exploring: (i) “the methodologies for determining the principal reasons for an adverse action”; (iii) “the accuracy of explainability methods, particularly as applied to deep learning and other complex ensemble models”; and (iii) the conveyance of principal reasons “in a manner that accurately reflects the factors used in the model and is understandable to consumers.”
On June 3, NYDFS and France’s Autorité de Contrôle Prudentiel et de Résolution (ACPR) signed a Memorandum of Understanding (MOU) to help ease fintech innovators’ entry into the New York and French markets. This is the first fintech cooperation agreement signed by the ACPR with a U.S. regulator. Under the terms of the MOU, the two regulators will (i) refer companies to one another for potential market entry; (ii) “exchange information about regulatory and policy issues”; (iii) ensure innovators in both jurisdictions receive equal levels of support; and (iv) “share regulatory and supervisory expertise and best practices.” According to NYDFS, the regulators aim to encourage and support financial innovation, enhance consumer protections, and encourage “healthy market competition in their respective markets.”