In the fall of 2016, three financial services regulators—the US Consumer Financial Protection Bureau (“CFPB” or “Bureau”),1 the US Office of the Comptroller of the Currency (“OCC”)2 and the UK Financial Conduct Authority (“FCA”)3—released information about recent developments in their respective efforts to facilitate responsible financial innovation. First, on October 23, the CFPB released a report describing its accomplishments since the launch of its development initiative, “Project Catalyst,” four years ago this month. Three days later, on October 26, the OCC announced that it is establishing an Office of Innovation and implementing “a formal framework to improve the agency’s ability to identify, understand and respond to financial innovation” in the banking industry. Finally, on November 7, the FCA marked the second anniversary of its financial innovation program—Project Innovate—by releasing the initial list of companies approved to participate in the agency’s regulatory sandbox, i.e., a “safe space” in which businesses can test innovations in an environment designed to protect consumers. This update summarizes these developments and offers predictions on what the industry can expect in this space during the coming months.4 CFPB Project Catalyst Report and Richard Cordray’s Money 20/20 Speech on Innovation On October 23, 2016, the CFPB released its firstever report on Project Catalyst, the Bureau’s initiative to support responsible financial innovation. Project Catalyst was launched in November 2012, and to date has consisted of four components: (i) “Office Hours” where the CFPB meets with interested parties; (ii) a Trial Disclosure Waiver Policy implemented in 2013 and intended to allow companies to test alternative consumer disclosures; (iii) a NoAction Letter Policy announced earlier this year and intended to provide a limited safe harbor from CFPB enforcement; and (iv) research projects conducted in coordination with industry. The report first discusses each of these initiatives, and then discusses eight “marketplace developments that may hold the potential for consumer benefit.” The report lauds the CFPB’s Office Hours program as the centerpiece of the CFPB’s efforts to stay current with trends in the evolving marketplace. The Office Hours program invites interested parties to engage directly with subject-matter experts from the Bureau so that the Bureau can stay up to date with marketplace developments and industry can “benefit from 2 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations the Bureau’s knowledge of the regulatory environment and other considerations.” While the program clearly offers the CFPB an important window into developments in the fintech space, the CFPB does not purport to provide participants with binding or other legal guidance regarding proposed innovations. According to the report, the CFPB has engaged with hundreds of companies “at Office Hours and other meetings.” The report also describes what the CFPB refers to as “policies to foster consumer-friendly innovation”—namely, the Trial Disclosure Waiver Policy and the No-Action Letter Policy. These two policies could provide companies with concrete legal protections. Unfortunately, neither has been used to date. The Trial Disclosure Waiver Policy recognizes that paper-based disclosures may not be wellsuited to digital delivery channels and that digital disclosures can be made interactive in potentially helpful ways. The Trial Disclosure Waiver Policy is intended to support pilot programs that test new disclosure approaches that may increase transparency, improve consumer understanding or decrease costs of providing disclosures. Under the Policy, a company may apply to the CFPB to test new disclosure methods for a limited time, during which the Bureau deems the test disclosure to be compliant with any applicable regulatory requirement. The trials are intended to provide information about consumer comprehension and decision-making processes. Notwithstanding the Policy’s implementation over three years ago, to date the CFPB has yet to approve any trial disclosure programs for a waiver. The Policy on No-Action Letters is similarly intended to promote the development of new consumer financial products and services. The No-Action Letter Policy is narrowly focused on instances where substantial regulatory uncertainty exists with respect to a proposed product or service. The Policy allows companies to apply for a No-Action Letter from the CFPB, which would indicate that “the Bureau staff has no present intention to recommend enforcement or supervisory action with respect to particular aspects of the company’s product and under the provisions and applications of statutes or regulations that are the subject of the letter.” A No-Action Letter, however, does not bind other regulatory agencies or prevent private litigation. In addition, such letters may be conditioned on a company implementing particular safeguards to mitigate consumer harm. No-Action Letter applications must contain substantial supporting information, and the CFPB has estimated that it is likely to receive only one to three “actionable applications” for no-action letters per year. As with the Trial Disclosure Waiver Policy, the CFPB has yet to issue a noaction letter. As discussed below, CFPB Director Richard Cordray’s remarks at the recent Money20/20 conference, however, appear to invite applications for no-action letters for “big data”-based underwriting. The report also highlights the CFPB’s collaboration with industry on various research projects. The Bureau’s research collaborations include: (i) a program with a large credit card issuer that encouraged users of prepaid accounts to set aside savings, (ii) a study with a tax preparation company to examine what informational materials and incentives encourage consumers to save a portion of their tax refunds, and (iii) a study with another credit card issuer and a consumer credit counseling service provider on the effectiveness of early intervention counseling for consumers at risk of credit card default. The report discusses the previously-released results of the first credit card issuer study. All of the above was already known to those who follow the CFPB. In that respect, the report was simply packaging of summary information about Project Catalyst to date. One aspect of the report that offered potentially helpful insight into the CFPB’s thinking, however, was the section of the 3 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations report that highlights certain marketplace developments that may present potential for consumer benefit. The developments are: 1. Cash flow management—The report identifies various products intended to assist consumers who face financial challenges from irregular income streams or unexpected changes to expenses. For example, some services allow consumers to put aside income from above-average pay periods to supplement below-average pay periods, and others deduct wages for recurring payments. 2. Improved credit assessment (“big data” underwriting)—The report highlights innovators seeking to expand access to credit for “credit invisibles” or those with thin credit files by “incorporating non-traditional data sources and employing machine learning techniques in their underwriting methods.” Echoing Cordray’s comments, discussed below, the report notes that innovators are concerned about implementing new methods of underwriting that comply with consumer protection laws. 3. Consumer financial data access (“screen scraping”)—The report also highlights new financial products and services that rely on access to consumers’ financial account data (so-called “screen scrapers”). The report notes that improving the reliability and security of consumerpermissioned data access is key to developing such financial products and services, and also warns that “the loss of appropriate access to consumers’ account data could cripple or even entirely curtail the further development of such products or services.” As discussed below, Cordray strongly echoed in his remarks these concerns about limiting access to consumer account data. 4. Student lending and refinancing—The report highlights fintech companies offering borrowers with high interest rate student loans the opportunity for refinancing. It also notes problems that these companies report in obtaining accurate payoff balances and in directing payoff payments to individual loans. Student loan servicers should heed these warnings and ensure they have systems in place to provide accurate payoff amounts upon request, as well as the ability to apply payoff payments to one or more of multiple loans they service on behalf of a borrower. 5. Mortgage servicing platforms—The report notes that many mortgage servicing companies are considering methods for developing technology platforms to provide more flexibility, scalability and systems integration capacity. 6. Credit reporting accuracy and transparency—The report highlights the fact that some fintech companies are developing tools to help consumers understand their own credit score and history. Some have attempted to streamline the process for consumers to dispute information on their credit reports, and others offer information on actions consumers may take to improve their credit score. 7. Peer-to-peer payments—The report notes that several fintech companies are working to enable consumers to more easily send money to friends or family both domestically and abroad. Some are developing services that rely on digital channels and bypass existing products’ reliance on bank accounts. Notably, the report does not express any concern with these companies’ compliance with the remittance transfer rule. 8. Savings—Finally, the report notes that some companies are offering new services to encourage consumer savings, which include tools for helping consumers determine how much they can afford to save, as well as applications that include features for automatically transferring funds into savings accounts. 4 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations While this laundry list does not provide clear guidance to industry, it does provide a window into the CFPB’s thinking about innovation. This is particularly true with respect to the big-data underwriting and screen-scraping, which also figured prominently in Cordray’s speech. The day before the Bureau issued its Project Catalyst report, Cordray delivered a speech at the Money 20/20 conference, emphasizing the Bureau’s objective of protecting consumers in the financial marketplace while facilitating access and innovation. While Cordray recognized that the Bureau has taken several enforcement actions against fintech companies, he sought to reassure the audience by noting that such actions were not taken simply “to punish anyone merely for raising novel issues that present unsettled points of law or questions that fall into unforeseen cracks in the regulatory framework,” but instead, the actions have addressed what he described as basic deceptive conduct. Cordray also discussed the Bureau’s Project Catalyst to help encourage marketplace innovation, and commented that the Bureau has participated in several discussions with regulators in Europe and elsewhere regarding innovation. Cordray addressed two specific policy issues in his speech. First, after referencing the Bureau’s No-Action Letter Policy, he noted that the CFPB has met with several innovators seeking to expand consumer credit access by using machine learning to analyze nontraditional forms of data to assess creditworthiness. Cordray noted that companies seeking to do so are concerned with complying with consumer financial protection laws, including the fair lending laws, and suggested that the No-Action Letter Policy may address this concern. This was as close as the CFPB is likely to come to expressly inviting a no-action letter application. Second, Cordray strongly supported maintaining consumers’ access to their financial data, effectively taking the side of “screen scrapers” that automatically access consumer account information over the security and privacy concerns expressed by banks and other account-holding institutions. Cordray noted that the CFPB is “gravely concerned by reports that some financial institutions are looking for ways to limit, or even shut off, access to financial data rather than exploring ways to make sure that such access, once granted, is safe and secure.” Cordray indicated that the CFPB plans to discuss this issue with fintech companies, consumer advocacy organizations and other regulatory agencies. OCC Developments The OCC first addressed the issue of financial technology and related regulatory reform in late- 2015 when it launched an initiative to identify and understand trends and innovations in the financial services industry. Since the launch of this “Innovation Initiative,” the OCC has had discussions on innovation with dozens of stakeholders, including other domestic and international regulators, such as the FCA (discussed below). The OCC also issued a white paper in March 2016 that described its perspective on how the financial services industry could engage in responsible innovation, and in June 2016, the OCC held a full day conference to discuss how its initiative could better support responsible innovation.5 Most recently, on October 27, the OCC released a framework for its initiative (the “Framework”) that describes how the agency will work to “identify, understand, and respond to financial innovation affecting the federal banking system.” Finally, in November 2016, Thomas J. Curry, the Comptroller of the Currency (the “Comptroller”), discussed how the OCC is considering regulatory sandbox/pilot activities and whether to issue a special-purpose national bank charter for fintech companies. As part of the Framework, the OCC created an Office of Innovation headed by a chief 5 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations innovation officer and regional innovation offices in New York, San Francisco and Washington DC to facilitate industry outreach efforts. The OCC also announced its intention to revise/restructure its internal operations to support innovation through new agency training and guidance materials and develop internal expertise in identifying and supporting new trends. The Framework is noteworthy in that it will provide ways for external innovators to engage with the agency, an approach that the CFPB has used in its “Office Hours” and that the FCA has used in conjunction with its “regulatory sandbox.” In particular, the OCC has announced its intention to develop a “pilot program” that will allow external innovators to test innovative products, services and processes while still complying with consumer protection laws. As described by the Comptroller, this program will allow fintech companies to dialogue with regulators and design controlled pilot projects that comply with consumer protection laws and show how new products and processes will operate in a safe and sound manner. The OCC also intends to establish an OCC-led innovation information-sharing group consisting of domestic and international regulators, although it remains unclear how the OCC’s group will relate to existing efforts, such as the framework of MOUs created by the FCA or the established cross-border programs of the Financial Stability Board and Bank for International Settlements. While these efforts are certainly a step in the right direction, the true test of the OCC’s responsiveness will come when proposals and ideas are submitted by fintech companies to the Office of Innovation. In addition, coordination between the OCC’s Office of Innovation, other OCC units and other regulators will be important when responding to external innovators. As a prudential regulator for many of the largest US banks, the OCC remains concerned about the safety and soundness of those companies. At times, this mandate may conflict with or stifle innovation. The OCC has been quite vocal in saying that it is imperative for national banks to implement effective cybersecurity measures and manage risks associated with third-party service providers. Addressing these concerns may require certain limitations on access to customer data. These prudential restrictions may conflict with positions taken by other agencies. For example, as noted above, the CFPB has publicly indicated that consumers should control access to their data and the banks holding consumer accounts should allow customers to delegate access controls to innovators acting as third-party providers (e.g., the API vs. screen scraper debate). This illustrates the need for effective interagency coordination when addressing new technology. While the OCC has noted on numerous occasions that it is considering a special-purpose national bank charter for nonbank fintech companies, it has not provided any specific details (other than a brief discussion in a proposed rule regarding resolution of uninsured national banks). For many nonbank innovators, the primary appeal of engaging with the OCC’s Innovation Initiative is the possibility of obtaining a national bank charter. This charter would reduce the regulatory burden associated with the licensing and compliance obligations imposed by the laws of 50 different states and the District of Columbia. Of course, the supervision and examination imposed by the OCC on even limited-purpose national banks is quite extensive and imposes significant compliance obligations. The press release accompanying the Framework notes that the OCC is continuing to assess various aspects of a special-purpose charter and plans to publish a white paper later this year requesting comment on the topic. The Comptroller reiterated this point in a recent speech, noting that the agency is considering whether it makes sense to grant a 6 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations national bank charter to fintech companies, and if so, under what conditions. He went on to explain that if the OCC creates a special-purpose national bank charter for fintech companies, it will have the same safety, soundness and fairness expectations that it has for other national banks. The eventual publication of the OCC white paper will lead to significantly more interest and engagement from the fintech industry regarding responsible innovation and help determine whether the industry’s hopes align with the agency’s expectations. FCA Reveals the First Players in Its Regulatory Sandbox As regulators across the globe compete to provide support to innovative financial services providers, the UK’s FCA has revealed the names of the first cohort of firms to its regulatory sandbox. The regulatory sandbox is the UK regulator’s so-called “safe space” that allows businesses to test innovative products and services, business models and delivery mechanisms in a live environment without immediately being subject to all of the normal regulatory consequences of engaging in the specific activity. The list of 18 of the 24 companies included within the FCA’s first regulatory sandbox cohort has been published on its website. Six companies were not ready to begin testing at this stage and so will be included as part of the second cohort. Tests conducted on a short-term and small-scale basis will begin shortly for the other 18 firms. The FCA said it received 69 applications deemed to meet the eligibility criteria as part of the first cohort. Those companies selected by the FCA include large banks, government bodies and start-ups from a range of industries. However, there is a particular emphasis on those companies providing payment services, allowing consumers to find innovative ways of managing their finances and transferring money. Of particular note is that half of the sandbox projects plan to utilize distributed ledger/blockchain technology. The sandbox is one component of the FCA's wider “Project Innovate” initiative designed to provide support to innovators. Other aspects include: 1. an “Innovation Hub” which provides a concierge service to help start-ups navigate the FCA's authorization process and first year of operation–in September the FCA announced that it had now assisted over 300 firms; 2. an “Advice Unit” to provide guidance and advice to firms developing automated advice models and discretionary management services (robo advice); 3. the entry into cooperation agreements with other regulators (Australian Securities and Investments Commission, Monetary Authority of Singapore and Korean Financial Services Commission) to provide crossborder assistance to innovators; and 4. hosting “TechSprints” also known as “hackathons” bringing together financial services providers and technology companies to develop prototype solutions for various regulatory problems (such as finding solutions for consumers who have difficulties overcoming barriers to access for financial services). The sandbox enables companies that are currently unauthorized to obtain limited authorization to test their ideas. Companies must still meet the FCA’s threshold conditions to participate in the sandbox; the authorization process for companies is restricted and companies can only test ideas as agreed to with the regulator. For companies that are already authorized, the sandbox can help them by providing individual guidance on interpretation of rules and providing a safe space if the company acts in accordance with the guidance. In some cases, the 7 Mayer Brown | Three Financial Regulators Issue Reports on Product and Service Innovations FCA may waive or modify rules where they are unduly burdensome and the waiver would not adversely affect the FCA’s objectives. Fintech companies and other innovators in the financial services space should closely monitor the agencies’ regulatory and policy developments to ensure that they stay abreast of emerging opportunities and pitfalls.