InfoBytes Blog

Congressman releases report on small business fintech lending

On August 17, Congressman Emanuel Cleaver, II (D-MO) released a report detailing his findings from an investigation into the small business lending practices of fintech companies, concluding that the algorithms used in the application process may not reduce the risk of discrimination. The report notes that one company disclosed utilized a third-party fair lending consulting firm to assist in preventing discrimination, but that some survey responses “lacked key information or were willfully vague” about how the algorithms help avoid income-based and racial bias. The report cites to other criticisms of small business lending in the fintech industry, including (i) the use of forced arbitration clauses; and (ii) utilizing personal credit scores to establish a business’ credit worthiness. In contrast, the report emphasizes that fintech lending “can be potentially advantageous for small businesses looking to get a leg up in a competitive market” and that fintech companies often serve markets traditionally ignored by banks. The report concludes with a list of best practices and principles for fintech companies that will lend to small businesses, such as (i) registering with the CFPB’s complaint database; (ii) replicating TILA disclosures required for consumers; and (iii) securing third party fair-lending audits.

Fintech U.S. House Fair Lending Small Business

FTC Announces Weekly Blog on Reasonable Data Security Practices

On July 21, the FTC announced a new initiative as part of ongoing efforts to provide guidance to businesses on protecting and securing consumer data. Each Friday, the FTC will post a new blog that will build on the FTC’s Start with Security principles, and will showcase hypothetical examples using material from closed investigations, FTC law enforcement actions, and questions from businesses. The first blog post, “Stick with Security: Insights into FTC Investigations,” highlights practical approaches for businesses to take in securing consumer data based on examples gleaned from FTC complaints and orders. The post also examines emerging themes from closed FTC data security investigations that did not necessarily result in FTC law enforcement.

Privacy/Cyber Risk & Data Security FTC Small Business

FTC to Host Small Business Roundtables Focusing on Cybersecurity

On July 20, the FTC announced it will host a series of public roundtables to discuss pressing challenges facing small businesses when protecting the security of their computers and networks. The feedback will be used to assist the FTC and its partners in creating additional cybersecurity education resources. The Engage, Connect, and Protect Initiative: Small Business and Data Security Roundtables are part of Acting FTC Chairman Maureen K. Ohlhausen’s initiative to help small businesses protect against cyberattacks. Earlier this year, Ohlhausen launched a website designed to provide guidance for small businesses on scams and cyberattacks, many of which lack the resources larger companies have to spend on cybersecurity. (See previous InfoBytes post here.)

The first roundtable will be on July 25 in Portland, Oregon, in partnership with the National Cyber Security Alliance (NCSA), the SBA, and other organizations. On September 6, a second roundtable discussion will convene in Cleveland in collaboration with the SBA and the Council of Smaller Enterprises. The third roundtable in the series, sponsored by the NCSA, will occur later in September in Des Moines, Iowa.

Privacy/Cyber Risk & Data Security Agency Rule-Making & Guidance FTC Small Business