Bureau of Consumer Financial Protection Issues Final Rule Creating an Exception to Regulation P’s Annual Privacy Notice Requirement

On August 10, 2018, the Bureau of Consumer Financial Protection (the “Bureau”) issued a final rule implementing a December 2015 amendment to the Gramm-Leach-Bliley Act (“GLBA”), titled “Eliminate Privacy Notice Confusion,” which created an exception to Regulation P’s annual notice requirement for financial institutions that meet certain conditions.

The GLBA and Regulation P generally require that financial institutions provide customers with annual notices that, among other things, identify the institutions’ privacy policies and provide customers with an opportunity to opt out of the financial institutions’ sharing of the customers’ information with certain nonaffiliated third parties.  As part of the Fixing America’s Surface Transportation Act (“FAST Act”) that became law in 2015, Congress amended the GLBA to create an exception to the annual privacy notice requirement in new subsection 503(f).  A financial institution must meet two conditions to qualify for the exception and to therefore not provide privacy notices to customers each year:  (1) it must provide customers’ nonpublic personal information (“NPI”) only in accordance with certain GLBA exceptions that do not trigger consumer opt-out rights; and (2) it must not have changed the policies and practices with respect to disclosing NPI that were described in the institution’s most recent disclosure to customers.  The FAST Act amendment to GLBA was effective upon enactment in December 2015.

The Bureau’s proposed rule to implement the amendment was published on July 15, 2016.  After considering comments, the Bureau’s final rule updates Regulation P to establish an annual privacy notice exception consistent with the amendment to the FAST Act.  In addition, the final rule establishes timing requirements for financial institutions obligated to resume delivery of annual privacy notices because the financial institutions have changed practices or otherwise ceased to qualify for the exception.  If a financial institution no longer qualifies for the exception because of a change in privacy policies or practices and that change requires delivery of a revised privacy notice, the financial institution must treat the revised privacy notice as an initial privacy notice and provide an annual privacy notice in accordance with the timing requirements for annual privacy notices in 12 C.F.R. §1016.5(a).  If a financial institution no longer qualifies for the exception because of a change in privacy policies or practices but is not required to send a revised privacy notice, the financial institution must provide an annual privacy notice within 100 days of the change in policies or practices.

Arizona Fintech Sandbox Begins Accepting Applications

Arizona recently became the first state in the U.S. to create a “regulatory sandbox” program to facilitate the development of innovative financial products and services. Such products would either incorporate new or emerging technology or reimagine uses of existing technology. The program would exempt participants from certain state financial regulations, but not federal requirements.

On August 3, 2018, the Arizona sandbox went live and began accepting applications.

The sandbox is the result of legislation signed into law in March 2018 that authorizes the state’s attorney general to create and administer the program. The Arizona Attorney General will allow approved fintech companies to engage in the testing of products and services on up to 10,000 state residents (and as many as 17,500 residents in some instances) and for up to two years (with the possibility of an additional one-year extension) without additional licensing.

According to the attorney general, eligible products or services may include “most types of credit extending services, such as peer-to-peer lending and online marketplace lending,” “innovative products and services for money transmission and investment management,” and certain blockchain or cyptocurrency products or services. Ineligible products or services include securities trading, insurance products, and services that provide “solely deposit-taking functions.” Applicants must submit to Arizona jurisdiction but are not required to be Arizona residents or businesses.

The state’s enabling statute includes trade secret protection for participants, including a provision stating that records obtained by the attorney general’s office as part of administering the sandbox are not public records nor open for inspection by the public.

Although the sandbox is a first among U.S. states, the Arizona statute notably includes a reciprocity feature that would allow sandbox participants to participate simultaneously in similar programs in other jurisdictions, with the Arizona Attorney General’s permission.

Several foreign jurisdictions have begun experimenting with regulatory sandboxes for fintech innovation, including the United Kingdom, Canada, and Singapore. Bureau of Consumer Financial Protection Acting Director Mulvaney announced in May 2018 that the Bureau is developing its fintech regulatory sandbox in coordination with the U.S. Commodity Futures Trading Commission. On July 18, 2018, Acting Director Mulvaney announced his selection of Paul Watkins to lead the Bureau’s Office of Innovation. Watkins previously served in the Office of the Arizona Attorney General, where he led the office’s fintech initiatives, including the creation of the state’s fintech regulatory sandbox.

BCFP Enters Consent Order with Hydra Group

On August 10, 2018, the Bureau of Consumer Financial Protection announced that a federal district court in the Western District of Missouri approved a consent order in a case against a set of twenty corporate entities and two individual principals (collectively, “Hydra Group”). The BCFP alleged violations of the Consumer Financial Protection Act of 2010 (“CFPA”), the Truth in Lending Act (“TILA”), the Electronic Fund Transfer Act (“EFTA”), and implementing regulations.

According to the Bureau, Hydra Group used third parties to obtain personal and financial information that enabled the defendants to access consumers’ bank accounts without authorization.  Hydra Group would then deposit loans into the accounts and debit purported finance charges indefinitely.  Some consumers received loan documents, but those allegedly misrepresented the cost and terms of the loans.

The order bans the defendants from further business, requires a forfeiture of approximately $14 million in assets, and a suspended judgment for $69.6 million in restitution.  Due to defendants’ inability to pay, the order requires a $1 civil money penalty.

Consumers who cannot obtain relief from the defendants may be able to receive compensation from the Bureau’s Civil Penalty Fund.

Bureau of Consumer Financial Protection Announces Participation in the Global Financial Innovation Network

The Bureau of Consumer Financial Protection announced earlier this week that it would join ten non-US financial regulators in an alliance, called the Global Financial Innovation Network (GFIN), to encourage the growth of fintech — and, potentially, create a “global sandbox” for financial innovation.

The alliance was initially proposed, in February 2018, by the UK’s Financial Conduct Authority (FCA).  Yesterday’s announcement revealed that, in addition to the FCA and the Bureau, nine other regulators had signed on — including financial regulators in Singapore, Hong Kong, Dubai, and Canada.  (Notably, no EU regulators are participating and none of the other US federal bank regulators appear to be involved.)

The functions of the alliance are still under development, but are expected to include:

  • acting as a network of regulators to collaborate and share experience of innovation in respective markets, including emerging technologies and business models;
  • providing a forum for joint policy work and discussions; and
  • providing firms with an environment in which to trial cross-border innovative solutions.

A Consultation Document released yesterday outlines these functions in more detail, and also solicits comments and reactions from financial services firms and other stakeholders.  Comments must be provided by October 14, 2018, and comments from US stakeholders may be submitted to officeofinnovation@cfpb.gov.

While still very much under development, the GFIN could in the future help address the balkanized nature of local financial innovation sandbox arrangements allowing, for example, the easier testing of innovative solutions for cross-border consumer financial services (such as remittances).

Treasury Releases Report on Nonbank Institutions, Fintech, and Innovation

On July 31, 2018, the U.S. Department of the Treasury released a report identifying numerous recommendations intended to promote constructive activities by nonbank financial institutions, embrace financial technology (“fintech”), and encourage innovation.

This is the fourth and final report issued by Treasury pursuant to Executive Order 13772, which established certain Core Principles designed to inform the manner in which the Trump Administration regulates the U.S. financial system.  Among other things, the Core Principles include:  (i) empower Americans to make independent financial decisions and informed choices; (ii) prevent taxpayer-funded bailouts; (iii) foster economic growth and vibrant financial markets through more rigorous regulatory impact analysis; (iv) make regulation efficient, effective, and appropriately tailored; and (v) restore public accountability within federal financial regulatory agencies and rationalize the federal financial regulatory framework.

Treasury’s lengthy report contains over 80 recommendations, which are summarized in an appendix to the report.  The recommendations generally fall into four categories:  (i) adapting regulatory approaches to promote the efficient and responsible aggregation, sharing, and use of consumer financial data and the development of key competitive technologies; (ii) aligning the regulatory environment to combat unnecessary regulatory fragmentation and account for new fintech business models; (iii) updating a range of activity-specific regulations to accommodate technological advances and products and services offered by nonbank firms; and (iv) facilitating experimentation in the financial sector.

Continue Reading

The OCC Will Move Forward to Accept Applications for Special Purpose National Bank Charters for Fintech Companies

The Office of the Comptroller of the Currency (“OCC”) announced yesterday that a nondepository financial technology (“fintech”) company that engages in a core banking activity, such as paying checks or lending money, can now apply for a special purpose national bank (“SPNB”) charter. This announcement followed shortly after the release of the Treasury Department’s report on nonbank financials, fintech, and innovation, which recommended that the OCC move forward with the charter.

Comptroller of the Currency Joseph M. Otting stated that allowing fintech companies to apply for special purpose national bank charters “helps provide more choices to consumers and businesses, and creates greater opportunity for companies that want to provide banking services in America.”  Comptroller Otting concluded that “companies that provide banking services in innovative ways deserve the opportunity to pursue that business on a national scale as a federally chartered, regulated bank.”

The OCC stated that its decision is consistent with broader government efforts to promote economic opportunity and supports innovation in financial services.  The OCC has made clear that fintech companies with SPNB charters will not be authorized to accept FDIC-insured deposits.  The OCC emphasized that every application by a fintech company for a SPNB charter will be evaluated on the basis of its facts and circumstances and that fintech companies that become special purpose national banks initially will be subject to heightened supervision initially, similar to any de novo bank.

A SPNB charter would be useful in providing a more uniform regulatory framework instead of the current patchwork of state licensing and rate cap regulation that applies to many fintech companies.  The charter also may enable a fintech company to gain direct access to the payment system, subject to the Federal Reserve’s willingness to grant such access.  A company that obtains a SPNB charter also may have less of a need to enter into a partnership with a bank depending on its business model.

Continue Reading

The European Parliament publishes a study on financial technology and competition law

On July 9, 2018, the Economic Affairs Committee of the European Parliament (the “EP”) published a study identifying potential competition law concerns in the financial technology (“FinTech”) sector (the “Study”).

This Study follows the Consumer Financial Services Action Plan launched by the European Commission in March 2017, which aimed to promote greater choice and better access to financial services across the EU, with a particular focus on technology. Also in March 2017, the EP launched a consultation on FinTech, and received over 220 responses.

According to the Study, FinTech could offer significant benefits to consumers, such as cost reduction, improvements in efficiency, greater transparency and increased financial inclusion.

That said, the Study concludes that the complexity, novelty and interconnectedness between FinTech and more traditional financial services makes it challenging, if not almost impossible, to defining either the exact scope of, or turnover generated by, FinTech services.

Despite these difficulties, the Study finds that the increasing number of FinTech services, stakeholders and new business practices could possibly raise competition challenges in the future, even though competition authorities have not yet detected such concerns. Accordingly, the Study could have implications for potential competition investigations as well as for policy.

Because of the specificity of FinTech, the application of the traditional concepts of competition law is likely to raise a number of new challenges, which are addressed in the Study. These include (1) relevant market definitions and assessing market power, (2) possible network effects, (3) concerns raised by access to data, (4) interoperability and standardization and (5) algorithms. The Study also provides (6) some recommendations as to next steps.

  • Relevant market definitions in FinTech services

The first challenge the Study identifies is defining relevant markets in the FinTech sector. According to the authors of the Study, a FinTech service is characterised by (i) technology-driven features (ii) which provide a new solution, a new business model or an alternative to what already exists in the financial sector and (iii) which offer a significant added value to at least one stakeholder involved in the value chain. While there is a number of possible categorizations of the various FinTech services, the Study identifies seven types of FinTech services, namely (i) banking (deposits and lending); (ii) payments, transfers and forex; (iii) digital currencies; (iv) wealth and asset management; (v) personal finance; (vi) insurance; and (vii) enabling technologies and infrastructures.

Further, a significant portion of the FinTech services is based on multi-sided online platforms in which users usually generate the value (rather than suppliers). Therefore, it would be inappropriate to apply traditional market definition tools, according to the authors of the Study. For instance, in various merger cases on mobile payments, the European Commission has left the exact product market definitions open. In the UK MCommerce case, the European Commission concluded that while online and offline mobile payments were not likely to be part of the same relevant product market, the situation could evolve in the short to medium term, illustrating the difficulty of defining FinTech markets. Against this background, the authors refer to another Study from the European Commission relating to digital economy that suggests analysing web-based business models and interdependencies between multiple platforms in order to define relevant markets and identify potential anticompetitive behaviour.

  • Network effects

Multi-sided platforms are the cornerstone of FinTech, raising potential network effect concerns that the authors believe must be addressed under competition law because FinTech providers are not regulated as financial trading platforms.

The authors of the Study acknowledge that network effects do not always imply anti-competitive behaviour. Rather, this is often driven by whether users choose only one provider (single-home) or several providers (multi-home). User single-homing could exacerbate network effects, if one platform is used by a majority of users, potentially insulating it from competition from smaller providers and creating barriers to entry. Such network effects could be a particular concern in the context of digital currency (or cryptocurrency) markets, which the authors identify as being concentrated.

  • Access to data

Data is a key element of FinTech services, given the data-intensive technologies used. The Study notes that data could improve the accuracy of predictions about user preferences, profitability and risk, and could enable FinTech providers to inter aliaadapt their pricing strategies to different types of users. This could occur in the context of personal finance management services and payment services, the Study notes.

Accordingly, the authors identify competition concerns raised by access to data in FinTech services. Reflecting the Commission’s precedents in the digital sector, the authors take the view that data could be a source of market power for service providers, in particular when a dataset is unique. Such a market power could be a relevant criterion when assessing a merger entailing the combination of datasets. The Study also mentions potential for FinTech service providers that do not have access to the relevant datasets to be foreclosed.

  • Interoperability and standardization

The Study notes that interoperability and standardization are of particular importance in a platform-driven environment. The authors advocate for interoperability between FinTech platforms and standardization, since this would provide a competitive playing field with low barriers to entry for potential competitors. However, the Study cautions that standardization might result in oligopolies if providers agree on the features of service and share markets. The Study observes that interoperability concerns could be significant in the digital currencies, since traditional banks may seek to block access on the basis of a lack of interoperability, enabling them to leverage market power in traditional banking services.

  • Algorithms

The authors of the Study suggest that the use of algorithms may lead to anticompetitive practice if they facilitate tacit collusion, especially through machine learning.


The authors recognise that the FinTech sector is generally too fluid, too fragmented and too fast moving to reach firm conclusions on the existence of competition concerns. The authors of the Study suggest that policy efforts be focused on research and monitoring rather than enforcement investigations. They note that the rapidly changing and evolving nature of the sector makes it difficult to identify competition issues that are durable over time. In addition, on the basis of the responses they have received, the Study expresses some doubt that competition law tools, rather than regulatory measures, are appropriate to address the possible concerns raised in the Study. In any event, the authors conclude, the FinTech sectors “offer a fertile ground to re-open the dialogue between regulatory and competition goals, principles and frameworks, which could help rebalance financial regulation policies towards a more pro-competitive stance”.

Market Trends 2017/18: Securities Regulation and Enforcement

The enforcement and regulatory priorities of the Securities and Exchange Commission (SEC) have begun to come into focus now that SEC Chairman Jay Clayton has been in office for over a year. Courts have also issued decisions that will significantly impact securities enforcement moving forward.

This practice note discusses the Supreme Court’s recent decision holding that the SEC’s longstanding process for appointing Administrative Law Judges (ALJs) was unconstitutional; the Commission’s current focus on cybersecurity, cryptocurrencies and initial coin offerings, retail investors, whistleblowers, and fiduciary rule reform; waivers of attorney work protection resulting from oral presentations to the SEC staff; and the statute of limitations for SEC enforcement actions.

The Lexis Practice Advisor article written by David Kornblau and Gerald Hodgkins can be found here.

Is the heat on in the syndicated loans market? Spanish Competition Authority fines banks for price fixing on interest rate derivatives

On 13 February 2018, the Spanish Markets and Competition Commission (“CNMC”) fined four major Spanish banks €91 million for colluding to fix the price of interest-rate derivatives (“IRDs”) attached to syndicated loans above market price.  The decision is an additional indication that syndicated loans are increasingly coming under the scrutiny of competition authorities, after the European Commission last year commissioned a study on competition issues in this market that will be completed by the end of the year 2018.

Continue Reading

European Data Protection Board Provides Clarification On PSD2

In response to questions from a Member of the European Parliament, the European Data Protection Board (EDPB) has provided much needed clarification on the overlap between the General Data Protection Regulation (GDPR) and the EU Payment Services Directive (PSD2) in an open letter.  As we identified in a previous blog post on this topic, the interaction between PSD2, aimed at increasing the seamless sharing of data, and the GDPR, aimed at regulating such sharing, raises complicated compliance concerns.  The EDPB’s letter aims to clarify some of these difficult compliance questions.

Continue Reading