Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 30, the CFPB issued an order terminating a financial services company’s sandbox approval order related to its earned wage access (EWA) lending model. As previously covered by InfoBytes, the Bureau issued a two-year approval order to the company in December 2020, which provided the company safe harbor from liability under TILA and Regulation Z (to the fullest extent permitted by section 130(f) as to any act done in good faith compliance with the order). The company’s product allowed employees access to their earned but unpaid wages prior to payday and granted employees of a participating employer the ability to download the company’s app and agree to the company’s terms prior to engaging in an EWA program. The Bureau said in its announcement that it had informed the company earlier in June “that it was considering terminating the approval order in light of certain public statements the company made wrongly suggesting a CFPB endorsement of its products.” According to the Bureau, the company then requested termination of the order in order, citing the need to make changes to its fee model that would have required modifying the existing approval order. The Bureau noted that the company “requested termination of the order so it could make fee model changes quickly and flexibly.” The Bureau’s announcement indicated that it plans to issue guidance “soon” regarding earned wage access products and the definition of “credit” under TILA and Regulation Z.
On May 24, the CFPB launched the Office of Competition and Innovation, which will focus on competition and explore ways to “create market conditions where consumers have choices, the best products win, and large incumbents cannot stifle competition by exploiting their network effects or market power.” The new office will be housed under the Bureau’s Research, Markets and Regulation division, providing “greater access to resources to look at market-structure problems that create obstacles to innovation.” It replaces the Bureau’s existing Office of Innovation, which was established in 2018 and focused on allowing companies to apply for no-action letters and regulatory sandboxes in order to test specific product offerings. According to the Bureau, the agency will no longer offer these programs after a review established that the initiatives “proved to be ineffective and that some firms participating in these programs made public statements indicating that the Bureau had conferred benefits upon them that the Bureau expressly did not.”
The new office will focus on competition and explore ways to stop large banks and fintech lenders from “squeezing out smaller players” in the consumer finance market. It will also explore ways to ensure that consumers have their “walking rights” and can easily switch service providers. Additionally, the new office will research “structural problems” that create obstacles to innovation, examine dynamics between large and small players related to competition, identify ways to address commonplace obstacles such as access to capital and talent, examine financial data-sharing to ensure large financial institutions are not hoarding large volumes of digital data, and host events that explore barriers to entry and other obstacles, the Bureau said.
On February 11, the UK Competition and Markets Authority (CMA) issued a decision accepting a multinational technology company’s offer to provide more transparency and oversight to its privacy sandbox proposals. The purpose of these proposals is to remove cross-site tracking of certain users through third-party cookies and alternative tracking method such as fingerprinting, and replace these methods “with tools to provide selected functionalities currently dependent on cross-site tracking.” A replacement technology has not yet been selected. CMA conducted an investigation centered around competition concerns related to the impact the privacy sandbox proposals may have if they are “implemented without sufficient regulatory scrutiny and oversight, in terms of third parties’ unequal access to the functionality associated with user tracking.” CMA’s decision requires the company to work closely with the agency when developing and testing its proposed replacements for third-party cookies. Additionally, the company is barred from making changes that give it an advantage over competitors when third-party cookies are removed and from developing replacements that give the company a competitive advantage over third parties. The company is also required to provide CMA with at least 60 days’ notice before removing support for third-party cookies and may not “combine user data from certain specified sources for targeting or measuring digital advertising on either [company] owned and operated ad inventory or ad inventory on websites not owned and operated by [the company].” CMA stated that it will continue to consult with the UK Information Commissioner’s Office on aspects of the privacy sandbox proposals related to privacy and data protection measures to ensure these concerns are addressed as the proposals are more fully developed.
On January 18, acting CFPB General Counsel Seth Frotman sent a letter to consumer advocates responding to their concerns that the Bureau’s November 2020 advisory opinion on earned wage access (EWA) products was being misused as justification for passage by proponents of a pending New Jersey bill that would permit third-party earned wage access companies to charge fees or permit “tips” for their products without having to abide by the state’s 30 percent usury cap. As previously covered by InfoBytes, the Bureau issued an advisory opinion on EWA products to address the uncertainty as to whether EWA providers that meet short-term liquidity needs that arise between paychecks “are offering or extending ‘credit’” under Regulation Z, which implements TILA. The advisory opinion stated that “‘a Covered EWA Program does not involve the offering or extension of ‘credit,’” and noted that the “totality of circumstances of a Covered EWA Program supports that these programs differ in kind from products the Bureau would generally consider to be credit.” In December 2020, the Bureau approved a compliance assistance sandbox application, which confirmed that a financial services company’s EWA program did not involve the offering or extension of “credit” as defined by section 1026.2(a)(14) of Regulation Z. The Bureau noted that various features often found in credit transactions were absent from the company’s program, and issued a two-year approval order, which provides the company a safe harbor from liability under TILA and Regulation Z, to the fullest extent permitted by section 130(f) as to any act done in good faith compliance with the order (covered by InfoBytes here).
In his letter, Frotman stated that “[i]t appears from your recounting of the legislative history that the advisory opinion has created confusion, as proponents of the bill seem to have misunderstood the scope of the opinion. The CFPB’s advisory opinion, by its terms, is limited to a narrow set of facts—as relevant here, earned wage products where no fee, voluntary or otherwise, is charged or collected.” Frotman acknowledged that the Bureau’s advisory opinion has also received pushback from consumer groups who sent a letter last year urging the Bureau to rescind the advisory opinion and sandbox approval and regulate fee-based EWA products as credit subject to TILA (covered by InfoBytes here). “Given these repeated reports of confusion caused by the advisory opinion due to its focus on a limited set of facts, I plan to recommend to the Director that the CFPB consider how to provide greater clarity on these types of issues,” Frotman wrote. He further stated that the advisory opinion did not purport to interpret whether the covered EWA products would be “credit” under other statutes other than TILA, including the CFPA or ECOA, or whether they would be considered credit under state law.
On January 13, the acting Director of FinCEN Him Das spoke at the Financial Crimes Enforcement Conference to discuss the transformation of the anti-money laundering/counter-terrorist financing regulatory regime as it relates to new threats, new innovations, and new partnerships. Das highlighted recent FinCEN rulemaking initiatives, including a proposed rule issued last December (covered by InfoBytes here) to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act. In particular, the proposed rule would require many U.S. and foreign companies to report their true beneficial owners to FinCEN and update that information when those beneficial owners change. Das explained that FinCEN is examining how a proposed beneficial ownership database would interplay with the Customer Due Diligence Rule, and stated the agency will share more information in the coming months. Das also discussed an Advance Notice of Proposed Rulemaking (covered by InfoBytes here), which sought comments on potential requirements under the Bank Secrecy Act to address vulnerabilities in the U.S. real estate market to money laundering and other illicit activity.
With respect to new innovation, Das noted that while FinCEN is exploring the idea of creating regulatory sandboxes to test new methods of transaction monitoring using artificial intelligence, the agency needs feedback from institutions on the potential use and risks of the program. Das also discussed other potential innovative ideas, including, among other things, “new approaches to customer risk rating and institutional risk assessment, digital identity tools and utilities, and automating the adjudication and filing of [suspicious activity reports] related to certain types of activity.”
On October 12, CFPB Director Rohit Chopra received a letter from “96 consumer, labor, civil rights, legal services, faith, community and financial organizations and academics,” which urged the Bureau to rescind its earned wage access (EWA) advisory opinion and sandbox approval, and requested that the Bureau regulate fee-based EWA products as credit subject to TILA. As previously covered by InfoBytes, last November the Bureau issued an advisory opinion on EWA products to address the uncertainty as to whether EWA providers that meet short-term liquidity needs that arise between paychecks “are offering or extending ‘credit’” under Regulation Z, which implements TILA. The advisory opinion stated that ““a Covered EWA Program does not involve the offering or extension of ‘credit,’” and noted that the “totality of circumstances of a Covered EWA Program supports that these programs differ in kind from products the Bureau would generally consider to be credit.” In December, the Bureau approved a compliance assistance sandbox application, which confirmed that a financial services company’s EWA program did not involve the offering or extension of “credit” as defined by section 1026.2(a)(14) of Regulation Z. The Bureau noted that various features often found in credit transactions were absent from the company’s program, and issued a two-year approval order, which provides the company a safe harbor from liability under TILA and Regulation Z, to the fullest extent permitted by section 130(f) as to any act done in good faith compliance with the order. (Covered by InfoBytes here).
The letter asserted that “[r]egardless of how they are structured, the essence of virtually all of these programs is that a third party advances funds to the consumer before the consumer’s regular payday and is repaid later in some fashion out of the paycheck. That is a loan. Methods to verify that the consumer has earned wages coming to them are simply a form of underwriting or security. . . . Similarly, the involvement of the employer or the use of payroll deduction does not mean that an advance is not a loan.” The letter raised several concerns, including that the Bureau’s position which views EWA products “as something other than loans leads to evasions of federal credit laws, such as [TILA], and of state laws, in particular usury laws.” Moreover, the letter stressed that this reasoning could have an impact on fair lending laws and “could be used in an attempt to weaken the scope of ECOA and its protections against discrimination against communities of color and other protected classes.” The letter stressed that asking for EWA products to be treated as credit does not mean they should not exist, but rather that the Bureau should examine fee-based EWA providers under its payday lending supervisory authority.
On October 15, the North Carolina governor signed HB 624, which creates a regulatory sandbox program and establishes the North Carolina Innovation Council (Council). Under the North Carolina Regulatory Sandbox Act of 2021, participants will have 24 months from the date an application is approved (unless granted an extension) to test an innovative product or service on consumers in the state without being subject to state laws and regulations that normally would regulate such products or services. The waiver “shall be no broader than necessary to accomplish the purposes” established under the Act. The Act notes that legislative findings determined that existing legal and regulatory frameworks restrict innovation because they “were established largely at a time when technology was not a fundamental component of industry ecosystems, including banking and insurance,” and that innovators would benefit from a flexible regulatory regimen to test new products, services, and emerging technologies. In addition, the Council will provide support for innovation, encourage participation in the regulatory sandbox, and set standards, principles, guidelines, and policy priorities for the types of innovations supported by the regulatory sandbox. The Council will also be responsible for admission into the regulatory sandbox and for assigning selected participants to the appropriate state agency. The program stipulates that innovative products or services may only be offered to state residents, with the exception of products and services associated with a money transmitter, “in which case only the physical presence of the consumer in the [s]tate at the time of the transaction may be required.” The program also allows participants and the applicable state agency to mutually agree to an extension or an increase in the numbers of consumers or dollar limits for a particular product or service. Among other things, participants may also request an extension of not more than 12 months to obtain a license or other authorization required by law to continue to market the product or service. The Act is effective immediately.
On December 30, the CFPB issued two compliance assistance sandbox (CAS) approval orders covering a dual-feature credit card and an earned wage access product. The first approval was issued to a federal savings bank regarding its proposal to develop a “dual-feature credit card,” which would be offered to consumers with limited or damaged credit history to help reestablish more favorable credit history. According to the approval order, the consumer would be required to provide a security deposit to be used with the secured credit card feature and after “at least one year” and meeting certain eligibility requirements, the consumer would be offered to “graduate” to unsecured use of the credit card. The three-year approval order, by operation of TILA section 130(f), provides the bank a safe harbor from liability under TILA and Regulation Z, to the fullest extent permitted by section 130(f), as to any act done in good faith compliance with the order.
The second approval order covers certain aspects of an earned wage access (EWA) payment program, which allows employees access to their earned but unpaid wages prior to payday. According to the CAS application, an employee of a participating employer can download the company’s app and agree to the company’s terms prior to engaging in an EWA program. Among other things, the company notes that it will not engage in any debt collection activities related to the EWA program or submit reports to a consumer reporting agency regarding the transactions. The two-year approval order, by operation of TILA section 130(f), provides the company a safe harbor from liability under TILA and Regulation Z, to the fullest extent permitted by section 130(f) as to any act done in good faith compliance with the order.
On July 17, the CFPB announced a new Compliance Assistance Statement of Terms Template (CAST Template) under its Compliance Assistance Sandbox (CAS) Policy issued to a company’s program designed to help employees build emergency savings. Specifically, under the approved template, known as “Autosave,” interested employers could help employees build emergency savings by directing a portion of the employee’s pay to an employee-designated account at a financial institution; or if an employee does not designate an account, directing the funds to an “Autosave” account at an employer-designated institution. The Bureau notes that a CAST Template is necessary for this program due to the legal uncertainty around the application of the “compulsory use” prohibition in the Electronic Fund Transfer Act (EFTA), and Regulation E. However, the applicants assert the Autosave program embodies a “reasonable default enrollment method,” which, according to the Bureau, can be consistent with the consumer choice requirements of the EFTA and Regulation E.
On July 7, the CFPB released a blog post discussing the use of artificial intelligence (AI) and machine learning (ML), addressing the regulatory uncertainty that accompanies their use, and encouraging stakeholders to use the Bureau’s innovation programs to address these issues. The blog post notes that “AI has the potential to expand credit access by enabling lenders to evaluate the creditworthiness of some of the millions of consumers who are unscorable using traditional underwriting techniques,” but using AI may create or amplify risks, including unlawful discrimination, lack of transparency, privacy concerns, and inaccurate predictions.
The blog post discusses how using AI/ML models in credit underwriting may raise compliance concerns with ECOA and FCRA provisions that require creditors to issue adverse action notices detailing the main reasons for the denial, particularly because AI/ML decisions can be “based on complex interrelationships.” Recognizing this, the Bureau explains that there is flexibility in the current regulatory framework “that can be compatible with AI algorithms.” As an example, citing to the Official Interpretation to Regulation B, the blog post notes that “a creditor may disclose a reason for a denial even if the relationship of that disclosed factor to predicting creditworthiness may be unclear to the applicant,” which would allow for a creditor to use AI/ML models where the variables and key reasons are known, but the relationship between them is not intuitive. Additionally, neither ECOA nor Regulation B require the use of a specific list of reasons, allowing creditors flexibility when providing reasons that reflect alternative data sources.
In order to address the continued regulatory uncertainty, the blog post encourages stakeholders to use the Trial Disclosure, No-Action Letter, and Compliance Assistance Sandbox programs offered by the Bureau (covered by InfoBytes here) to take advantage of AI/ML’s potential benefits. The blog post mentions three specific areas in which the Bureau is particularly interested in exploring: (i) “the methodologies for determining the principal reasons for an adverse action”; (iii) “the accuracy of explainability methods, particularly as applied to deep learning and other complex ensemble models”; and (iii) the conveyance of principal reasons “in a manner that accurately reflects the factors used in the model and is understandable to consumers.”
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Jeffrey P. Naimon to provide “An update on key fair lending cases and the CRA and UDAAP rules” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar
- James C. Chou to discuss ransomware at NAFCU’s Regulatory Compliance & BSA seminar