Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 1, the SBA announced that three new Small Business Lending Company (SBLC) licenses have been issued to lenders focused on underserved markets, which is notably the first expansion of the SBLC program in more than 40 years. An SBLC license permits lending institutions to leverage government guarantees during the process of approving small business loans, decreasing risk for the lender, and lowering costs for the borrower. Consequently, SBA noted, SBLCs can extend a greater number of loans to small businesses than would be feasible without government support. The announcement stated that SBA's current SBLCs surpass banks and credit unions in their ability to provide loans to minority-owned businesses.
In June, the SBA opened a window for new applications for lenders. In announcing the new licensees, SBA Administrator Isabel Guzman stated that “[w]ith the addition of three new Small Business License Companies, the SBA will be able to serve even more small business owners who need capital to start, operate, and grow their businesses.” The SBA highlighted that “[e]ach of the three new SBLC license holders will focus on historically underserved markets, including small businesses in Native, rural, and low-income communities.”
Recently, the U.S. Senate passed a joint resolution of disapproval (S.J. Res. 32) under the Congressional Review Act to nullify the CFPB’s small business lending rule. As previously covered on InfoBytes, the rule, which requires financial institutions to collect and report to the CFPB credit application data for small businesses, has faced opposition from various politicians and is the subject of litigation brought by financial institutions that would be subject to the rule in the U.S. District Court of the Southern District of Texas. In support of the joint resolution, Sen. John Kennedy (R-LA), who introduced the legislation, recently argued on the floor that “the CFPB is setting these small business people… up for lawsuits” because “[it] has promulgated a rule that totally perverts our intention in section 1071.” If the House of Representatives similarly passes the joint resolution, and President Biden signs it, the CFPB’s rule will be nullified under the Congressional Review Act.
The joint resolution follows the order from the U.S. District Court for the Southern District of Texas granting a nationwide preliminary injunction enjoining the CFPB from enforcing the rule (covered by InfoBytes here and here).
On May 9, CFPB General Counsel and Senior Advisor to the Director, Seth Frotman, discussed the evolution of the payments system and its significant impact on consumer financial protection. Speaking before the Innovative Payments Association, Frotman commented that over the past few years, growth in the use of noncash payments (i.e. ACG, cards, and checks) accelerated faster from 2018 to 2021 than in any previous period, with the value of noncash payments since 2018 increasing nearly 10 percent per year, approaching almost $130 trillion in 2021. The value of ACH transfers and the number of card payments also increased tremendously, Frotman noted, pointing to a rapid decline in ATM cash withdrawals and the use of checks. He observed that the use of peer-to-peer (P2P) payment platforms and digital wallets is also growing quickly, with more traditional financial institutions redoubling their efforts to expand product offerings to capture market shares in this space. Additionally, several large tech firms, drawing on their significant customer bases and brand recognition, are looking to integrate payment services into their operating systems, with some offering payment products used by consumers daily, Frotman said.
Addressing concerns relating to data harvesting and privacy, Frotman said the Bureau is concerned that companies, including big tech companies, are using payment data to engage in behavioral targeting or individualized marketing, while some companies are sharing detailed payments information with data brokers or third parties as a way to monetize data. These behaviors, which he said only increase as payment systems continue to grow, raise the potential for harm, including limiting competition and consumer choice and stifling innovation. Frotman added that these issues are not limited to big tech. Banks, Frotman said, are also rolling out digital wallets as a way to access payment information, and Buy Now Pay later lenders are collecting consumer data “to increase the likelihood of incremental sales and maximize the lifetime value extracted from each current, past, or potential borrower.” Frotman reminded attendees that the Bureau has several critical tools at its disposal to address concerns about how data is bought, sold, used, and protected, and warned the payments industry to comply with applicable legal requirements.
Frotman also discussed challenges facing “gig” and other non-standard workers when trying to navigate consumer financial markets, particularly with respect to the intersection between how workers are being paid and the EFTA. According to Frotman, the Bureau is concerned about whether gig workers are being improperly required to receive payments through a particular financial institution or via a particular payment product or app. Frotman instructed employers to provide payment options that do not require workers to establish an account with a particular institution to ensure they do not run afoul of the EFTA’s “compulsory use” provision. Consumers who use a personal P2P app for work transactions are also entitled to EFTA protections with respect to fraud and error resolution, Frotman added. Frotman closed his remarks by touching briefly on liquidity and stability in the P2P payment system. He warned that consumers who use P2P payment products to store funds do not have the same level of protection as consumers who use traditional banking products.
On January 18, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act to identify a Hong Kong-registered global virtual currency exchange operating outside of the U.S. as a “primary money laundering concern” in connection with Russian illicit finance. FinCEN announced that the virtual currency exchange offers exchange and peer-to-peer services and “plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia.” A FinCEN investigation revealed that the virtual currency exchange facilitated deposits and funds transfers to Russia-affiliated ransomware groups or affiliates, as well as transactions with Russia-connected darknet markets, one of which is currently sanctioned and subject to enforcement actions that have shuttered its operations. The investigation also found that the virtual currency exchange failed to meaningfully implement steps to identify and disrupt the illicit use and abuse of its services, and lacked adequate policies, procedures, or internal controls to combat money laundering and illicit finance.
Recognizing that the virtual currency exchange “poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN acting Director Himamauli Das emphasized that “[a]s criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.” He warned that FinCEN will continue to leverage the full range of its authorities to prohibit these institutions from gaining access to and using the U.S. financial system to support Russian illicit finance. Effective February 1, covered financial institutions are prohibited from engaging in the transmittal of funds from or to the virtual currency exchange, or from or to any account or CVC address administered by or on behalf of the virtual currency exchange. Frequently asked questions on the action are available here.
Concurrently, the DOJ announced that the founder and majority owner of the virtual currency exchange was arrested for his alleged involvement in the transmission of illicit funds. Charged with conducting an unlicensed money transmitting business and processing more than $700 million of illicit funds, the DOJ said the individual allegedly “knowingly allowed [the virtual currency exchange] to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” and was aware that the virtual currency exchange’s accounts “were rife with illicit activity and that many of its users were registered under others’ identities.” While the virtual currency exchange claimed it did not accept users from the U.S., it allegedly conducted substantial business with U.S.-based customers and advised users that they could transfer funds from U.S. financial institutions.
Deputy Secretary of the Treasury Wally Adeyemo issued a statement following the announcement, noting that the action “is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.” He reiterated that the action “sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”
On December 21, the California Department of Financial Protection and Innovation (DFPI) announced it has ordered an online platform offering several crypto-related services and products to desist and refrain from violating the California Securities Law and the California Consumer Financial Protection Law. According to DFPI, the company, which is registered with the California Secretary of State, offers services including (i) a peer-to-peer loan brokering service in which it claims that loans are secured by borrowers’ crypto assets; (ii) an interest-bearing crypto asset account that promises a fixed annual percentage rate yield; and (iii) an interest-bearing fiat account that promises a fixed annual percentage interest rate return. DFPI maintained that the company engaged in unlicensed loan brokering by offering and providing brokering services for personal loans made from one consumer to another (known as peer-to-peer lending), and conducted the unregistered sale of securities, in which consumers’ assets were pooled together with the stated purpose of generating passive returns. DFPI claimed that the company was and is not registered to offer investment contracts or to operate in this capacity with any relevant authority. Finding that these peer-to-peer lending services and interest-bearing accounts violate state law, including a prohibition against engaging in unlawful acts or practices, DFPI ordered the company to stop offering the services and products in California.
On September 22, the Senate Banking Committee held a hearing entitled “Annual Oversight of the Nation’s Largest Banks” where chief executive officers from the seven largest U.S. retail banks testified on bank activities related to topics including peer-to-peer (P2P) payment networks; mortgage practices; overdraft fees; forced arbitration; and environmental, social, and governance agendas. Among other things, senators pushed the CEOs to take more aggressive action to eliminate overdraft fees and compensate P2P payment fraud victims.
- Overdraft fees. Democratic senators stressed that charges still fall too heavily on low-income and minority customers, with Senator Bob Menendez (D-NJ) saying that there is “no reasonable explanation to continue to charge overdraft fees on working families.” The CEOs discussed their respective efforts to relax overdraft policies to reduce fees, with one CEO noting that “there are a lot of occasions where if [overdraft protection] is not used, [customers] would be charged a higher fee on the other side.” These fees, he noted, “can often reduce the cost on the other side and stop them from going to payday lenders.” Another CEO added that he believes “giving people a choice and letting them opt in or out is the proper thing to do.” One bank CEO noted that his bank offers two accounts with no fees and provides customers the opportunity to choose in the moment if they want to return or pay for an item.
- P2P platforms. Senators Sherrod Brown (D-OH) and Elizabeth Warren (D-MA) asked the CEOs if they would give customers their money back if they are defrauded on a certain P2P platform and complain to the bank. The CEOs emphasized that their banks currently reimburse customers for fraud and “unauthorized transactions” and are taking measures to reduce the incidence of fraud, including educating consumers on how to detect scams. “There’s a tremendous amount that we can do as owners of the network to drive down the ability for thieves to take advantage of the network,” one CEO said when asked if banks believe it is their responsibility to make a consumer whole again. “That is what we're working on. That’s what we have to do.” Another CEO pointed out that other P2P platforms have “15 times the number of disputes” coming into the bank than the highlighted platform. One CEO also stressed that banks need to work through partnerships with law enforcement and regulatory agencies “to actually catch the criminals who are perpetuating this fraud against our customers.”
The previous day, the same CEOs discussed similar topics during the House Financial Services Committee’s hearing entitled “Holding Megabanks Accountable: Oversight of America’s Largest Consumer Facing Banks.” Several proposed bills containing provisions that would impact the banks if enacted were also discussed, including those that would (i) improve dispute procedures and disclosures related to reinvestigations of consumer reports (see H.R. 4120); (ii) amend and modernize bank merger laws (see H.R. 5419); and (iii) amend Community Reinvestment Act provisions to improve the assessment process for financial institutions (see H.R. 8833).
During the hearing (see committee memorandum here), committee members questioned the CEOs on a broad range of topics related to consumer protection compliance, enforcement, diversity initiatives, capital standards, emerging technologies and cybersecurity, merchant category codes for firearm purchases, and banking deserts. The CEOs addressed ways their banks have engaged in “responsible growth” and spoke on measures they have taken to bolster customer relations, including modifying overdraft practices. They also noted they are working on improving data protection and cybersecurity. In discussing P2P digital payment services, one CEO emphasized that “scams are growing daily” and regulators and legislators need to respond. He added that “[i]t’s not enough that we apportion blame after the fact. We need to stop fraud and scams before they occur. Secure [P2P] networks, real-time payments, and potentially FedNow allow for direct authentication with a host bank. They also allow members of the network to identify  and police against scam accounts. This is not the case with nonbank networks. These networks are not held to the same security standards as banks.” He stated that banks “have zero visibility into where the money went, zero capability to recover the money, and zero capability to close the bad account.”
On September 1, five Senate Democrats sent a letter to CFPB Director Rohit Chopra urging the Bureau to issue guidance to provide better tools to protect older Americans and their families from the increased prevalence of P2P fraud. The letter discussed that, according to the FTC, P2P apps are used by scammers because “the ease with which consumers may make payments to individuals they have never met on P2P platforms facilitates quick purchasing decisions.” The FTC also found that older adults are increasingly using payment apps or services, noting that P2P-related complaints received by the FTC tripled from 2019 to 2020, and older adults reported $10 million in losses associated with complaints related to payment apps and services in 2020 alone. The letter concluded that the CFPB should “move forward with the guidance under consideration, keeping in mind the disproportionate effect that frauds and scams have on communities of color and people with Limited English Proficiency.”
On February 23, the FTC announced a proposed settlement with a global online payments system company (company) to resolve a complaint filed in 2016 concerning allegations that its payment and social networking service (service) violated the FTC Act when it, among other things, failed to adequately disclose to consumers that transfers to external bank accounts were subject to review and that funds could be frozen or removed based on a review of the underlying transaction. According to FTC allegations, many consumers who relied on notifications from the service that funds were available for transfer found themselves unable to pay rent or other bills. In some instances, the service reversed transactions after initially notifying consumers the funds were available. Additionally, the service allegedly violated the Gramm-Leach-Bliley Act’s Privacy and Safeguard Rules (GLBA Rules) by misleading consumers about protections for their accounts when it claimed to use “bank-grade security systems” and failed to have a written security program or implement basic security safeguards. As a result, the FTC claims unauthorized users were able to, in certain cases, withdraw funds from consumer accounts or change passwords and/or associated email addresses without consumers being notified.
Under the proposed settlement, the company—which did not admit or deny liability and is not required to pay a fine—has agreed that it will not misrepresent any material restrictions on the use of its service, the extent of control provided by any privacy settings, and the extent to which it “implements or adheres to a particular level of security.” The company will also, among other things, make certain disclosures to consumers about its transaction and privacy practices, obtain biennial third-party assessments of its compliance with these rules for 10 years, and refrain from violating any provisions of the GLBA Rules.
On April 18, Senators Sherrod Brown (D-OH), Jeffrey Merkley (D-OR), and Jeanne Shaheen (D-NH) sent a letter to the Government Accountability Office (GAO) requesting that it complete a study on the fintech industry. Under the Dodd-Frank Act, the GAO is required to examine the regulatory structure of person-to-person (P2P) lending. While the letter recognizes that the GAO issued a report on P2P lending in 2011, the senators urged the GAO to recognize that the lending platforms of financial technology firms (often called fintech) “has changed dramatically and evolved beyond consumer lending,” and that “P2P lending, now generally called marketplace lending, is not the only form of fintech that has developed over the last several years.” The letter further cautions that, “gaps in understanding and regulation of emerging financial products may result in predatory lending, consumer abuse, or systemic issues.” Finally, Senators Brown, Merkley, and Shaheen urged the GAO to provide responses to questions relating to, among other things, (i) the size and structure of the loan portfolios maintained by privately owned fintech lenders; (ii) how fintech lenders’ relationships with financial institutions impact both the financial system at large and regulatory framework; (ii) whether the risks that may arise from the investor base shifting from individual investor to institutional investor have grown since this issue was first noted in the GAO’s 2011 report; and (iii) the anti-money laundering, data security, and privacy requirements fintech companies are subject to.