Third-party service providers to financial institutions have often taken the position that they are not “financial institutions” for purposes of federal law and thus are typically not subject to regulation in the same manner as traditional financial institutions. Indeed, Congress and the regulating agencies have taken a functional approach to defining financial institutions: narrowly in the context of examination and supervision, and more broadly when effecting, for example, consumer protection. Under Title XII of the United States Code in connection with the Federal Financial Institutions Examination Council, Congress defined a financial institution as a “commercial bank, a savings bank, a trust company, a savings association, a building and loan association, a homestead association, a cooperative bank, or a credit union[.]”1 Likewise, under the Federal Reserve’s Regulation S, financial institution is defined as “any office of a bank, savings bank, card issuer as defined in section 103 of the Consumers Credit Protection Act (15 U.S.C. 1602(n)), industrial loan company, trust company, savings association, building and loan, or homestead association (including cooperative banks), credit union, or consumer finance institution . . . .”2
In a potential divergence from Congress’s traditional approach to regulating financial institutions, Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”) defines “financial institution” broadly in the context of supervising payment and settlement activities of financial institutions. A liberal interpretation of “financial institution” by regulating agencies could ensnare service providers of banks and traditional financial institutions, thus subjecting entities not previously regulated as financial institutions to some of the same regulations applicable to banks and other traditional financial institutions under Dodd-Frank.
Title VIII of Dodd-Frank enacts the Payment, Clearing, and Settlement Supervision Act of 2010 (the “Act”) and provides for supervision of both “financial market utilities” and the payment, clearing, and settlement activities conducted by “financial institutions” to facilitate “financial transactions.” “Financial institution” includes not only banks and credit unions but also “any company engaged in activities that are financial in nature or incidental to a financial activity.” Similarly, the Act defines a “financial transaction” to include, among other things, funds transfers and “any similar transaction that the Council determines to be a financial transaction.” Therefore, depending on the interpretation of these defined terms, service providers could be reached by the broad scope of regulation under the Act.
The stated purpose of the Act is to monitor and stabilize systemic risk with regard to payment activities conducted by financial institutions and financial market utilities, but Congressional intent regarding broadening the scope of regulated financial institutions is obscure; neither the floor debates nor the Congressional reports directly address the issue. In fact, the Committee Report does not include any commentary regarding Section 803 (Definitions).3
Ultimately, the Act could be far-reaching. First, as it applies to service providers, the Act (1) mandates the Oversight Council (the “Council”) to determine whether a financial market utility or a Payment Activity constitutes a systemic risk to the financial system and (2) authorizes the Council to request documentation from any entity that it reasonably believes may be engaged in or may itself present a systemic risk. The systemic risk designation process will assess whether failure of the aforementioned entity or activity would cause substantial harm to the financial system (considering the volume of transactions, financial market exposure to the activity, and the potential effects of failure of the activity).
Second, the Act authorizes the Board of Governors of the Federal Reserve, any supervising agencies, and financial regulators to conduct annual examinations of any entity that has been deemed to be engaged in a systemic risk. This examination and audit process applies to financial institutions and those who provide services to those institutions where the services would be considered a systemic risk if performed on the financial institution’s premises.
Even if a service provider is acting only in a peripheral capacity to the payment or clearing transactions of a bank or traditional financial institution, a broad interpretation of financial institution or financial transaction by a regulating entity could subject the service provider to supervision under the “incidental to a financial activity” inclusion. The performance of settlement services or the transfer of account holder funds could also increase the likelihood that the provider is deemed a financial institution subject to regulation under the Act. Where the provider is not subject to direct examination as a financial institution, it may alternatively be subject to examination as a service provider of payment activities for financial institutions. While a service provider designation may entail somewhat less reporting and compliance responsibilities, the provider may still be required to demonstrate its compliance with the Act (and the subsequent regulations) to federal regulators.
As with many other aspects of Dodd-Frank, the rest of the story remains to be written based upon the regulations that are to be promulgated under the Act. The Council, the Board of Governors, and each Supervising Agency are authorized to create regulations implementing the Act. Therefore, the scope of the Act and the related regulations will be unclear until these supervising agencies release their proposed regulations (the Act provides no deadlines for publishing such regulations). For now, bank service providers should be cognizant of the possibility of regulation under the Act and plan accordingly.