A fact of business today is that customers – both consumers and other businesses – and employees expect to transact digitally. To remain competitive, companies find themselves increasing their efforts to digitally transform their businesses.

Successfully implementing this transformation requires careful planning to ensure regulatory compliance, a smooth integration with existing business technology and a positive customer experience.

This is our twelfth bulletin for 2019, again aiming to help companies identify important and significant news and legal developments impacting digital offerings. Each issue will feature in-depth insight on a timely and important current topic.

In this issue, we provide an analysis of the requirements and expectations financial institutions and tech vendors face when striving to safeguard customer information. In addition, we will cover recently enacted federal and state laws, federal and state regulatory activities, fresh judicial precedent and other important news.

For related information regarding blockchain and digital assets, please see our monthly bulletin Blockchain and Digital Assets News and Trends.

INSIGHT

Artificial intelligence software tools tested for demographic impact

On December 19, the National Institute of Standards and Technology (NIST), a federal agency within the Department of Commerce, released a study titled “Face Recognition Vendor Test (FRVT) Part 3: Demographic Effects, describing and quantifying demographic differentials for nearly 200 face recognition algorithms from nearly 100 developers. The study describes and quantifies demographic differentials for contemporary face recognition algorithms. Essentially, the purpose of the study was to measure how accurately face recognition software tools identify people of varied sex, age and racial backgrounds. Read more.

REGULATORY DEVELOPMENTS

FEDERAL

Alternative data

  • Interagency statement on use of alternative data in credit underwriting. The Board of Governors of the Federal Reserve System, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Office of the Comptroller of the Currency released an interagency statement on the use of alternative data in credit underwriting. The agencies noted the benefits of using alternative data, such as its potential to expand access to credit. The agencies noted that many factors associated with the use of alternative data may increase or decrease consumer protection risks, and the agencies specifically highlighted the use of cash flow data as one area that may present lower risks than other data. The agencies concluded that a well-designed compliance management program can provide a thorough analysis of the relevant consumer protection laws to ensure that firms understand the risks, opportunities, and compliance requirements before using alternative data.

Virtual currency

  • Treasury department expresses concerns with privately issued virtual currencies. On November 21, Deputy Secretary of the Treasury Justin Muzinich discussed the challenges posed by virtual currencies in a speech, saying, “We value innovation and welcome efficiency improvements. However, decentralized privately-issued digital currencies are not simply a means of payment, but, depending on their structure, can shift some functions traditionally performed by government to the private sector. Digital currencies at scale raise not only concrete questions about money laundering, monetary policy, and other topics, but also very abstract questions about self-government. Those engaged in digital currency markets should therefore expect that policymakers, in pursuing the public interest, will take a very hard look at these issues.”

Electronic Payments

  • CFPB issues Notice of Proposed Rulemaking regarding the Remittance Transfer rule. On December 3, 2019, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking (NPRM) that proposes to allow certain banks and credit unions to continue to provide estimates under certain conditions where it could be economically infeasible for these institutions to provide exact disclosures. Further, the CFPB is proposing to increase the safe harbor threshold that determines whether a company makes remittance transfers in the normal course of its business and is subject to the Remittance Transfer rule.

FinTech

  • Federal Reserve Board announces "fintech innovation office hours". On December 17, 2019, the Federal Reserve Board announced that it will hold a series of "fintech innovation office hours" across the country to meet with banks and companies engaged in emerging financial technologies, popularly known as fintech. The “office hours” will allow banks and fintech firms to meet one-on-one with Federal Reserve staff members with relevant expertise to discuss fintech developments and ask questions.

TCPA

  • Federal Communications Commission rules that faxes sent as email over the internet are not faxes under the TCPA. On December 9, 2019, the Federal Communications Commission (FCC) issued a Declaratory Ruling stating that “an online fax service that effectively receives faxes ‘sent as email over the Internet” and is not itself “equipment which has the capacity . . . to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper’ is not a “telephone facsimile machine” and thus falls outside the scope of the statutory prohibition.”

STATE

Virtual currency

  • NYDFS issues virtual currency license to student lending company. On December 3, New York Department of Financial Services announced its grant of approval to a subsidiary of San Francisco-based Social Finance (SoFi) of its applications for virtual currency and money transmitter licenses. The approval will allow trading in the state of digital currencies including Bitcoin, Ethereum and Litecoin on the SoFi Invest platform.
  • New Jersey grants approval to digital assets custodian and depositary. On November 22, the New Jersey Financial Services Commission website indicated that the Commission has granted regulatory approval for Komainu, a joint venture for cryptocurrency custody and depositary services, to operate as a fund services business in the state.
  • NYDFS announces updated guidance for crypto listings. On December 11, the NYDFS announced proposed guidance modifying the approval process for listing new cryptocurrencies by evaluating how an exchange approaches a coin’s governance, risk, and monitoring, and allowing for potential self-certification. NYDFS seeks public comment on the following and submissions are due by January 27, 2020:
    • A proposed DFS web page that will contain a list of all coins that are permitted for the Virtual Currency Business Activities of the VC licensees, without the prior approval of DFS, which list may be updated from time to time, as long as such listed coins have not been subject to any modification, division, or change after their listing on the DFS web page; and
    • A proposed model framework for a coin-listing or adoption policy that can be tailored to a VC licensee’s specific business model and risk profile to create a firm specific coin listing or adoption policy (a “company coin-listing policy”) that, if approved by DFS, will enable the licensee to self-certify the listing or adoption of new coins in addition to those listed under 1 above, without DFS’s prior approval.

Digital assets

  • Wyoming announces custody rules for blockchain banks. In November 2019, the Wyoming Banking Division finalized rules governing banks that elect to opt into enhanced regulatory requirements for digital asset custodial services under Wyoming’s recently enacted Digital Assets law (previously covered here). As explained in the Statement of Principal Reasons in the proposed regulation, these rules “provide flexible legal standards that will enable custodial services relationships; cover the legal nature and quality of digital assets; and address the rights and duties of both the bank and its investors and customers; technology requirements; auditing standards; execution of transactions; customer disclosure/protection; and the need for market transparency.”

Remote online notary

  • Three states enact Remote Online Notary (RON) regulations:
    • Effective November 1, Utah enacted RON regulations (Utah Admin. Code R623-100) which include an application process for RON solution providers to be approved for use in the state, as well as requirements for credential analysis, authentication, identity proofing, audiovisual and journal storage.
    • Oklahoma enacted RON regulations (OK Admin. Code 655:25-1-1.1 et seq.) which, among other things, require the RON notary to identify to the state the technologies and vendors the notary intends to use, as well as an attestation that such technologies comply with state requirements. Additionally, the regulations prohibit the audiovisual recording from including images of any document on which the principal applied their electronic signature.
    • Nevada’s RON regulations (LCB File No. R065-19) became effective on December 13 and require the notary to include with the RON application a copy of his/her electronic signature that is “an exact representation of the handwritten signature of the person on file with the Secretary of State” in a file format that can be “compared for authentication purposes to the person’s handwritten signature on file with the Secretary of State.”

CASE LAW

FEDERAL

Electronic signatures

  • Court upholds electronic signature in arbitration agreement, which parties contemplated in underlying sales agreement. In Rogers v. Clayton Homes Florence, 2019 WL 6608728 (D. S.C. Dec. 5, 2019), the court upheld an electronically signed arbitration agreement − which was accomplished by use of a checkbox − in part because the underlying sales agreement between the plaintiff and defendant allowed the use of electronic signatures.

TCPA

  • Class members lack standing under TCPA because they did not request to be put on defendant’s internal do-not-call list. In Cordoba v. Directv, LLC, 942 F.3d 1259 (11th Cir. Nov. 15, 2019), the court held that class members lack standing to maintain a TCPA claim based on allegations that the defendant failed to institute appropriate procedures to maintain an internal do-not-call list because the plaintiffs did not ask to put on such list.

STATE

Online contract formation

  • Court declines to enforce agreement entered into electronically because defendant did not provide sufficient evidence to authenticate plaintiff’s electronic signature. In Fabian v. Renovate America, 2019 WL 6522978 (Cal. Ct. App. Nov. 19, 2019), the court upheld the trial court’s finding denying the defendant’s petition to compel arbitration because the defendant provided no evidence concerning how the electronic signature platform verified that it was the plaintiff who accessed the platform, how the plaintiff signed the contract on the platform and returned it to the defendant, and how it was the plaintiff who received the contract to sign. The court also found that the declaration provided by the defendant, stating that the signature was authentic, was also insufficient because it offered little more than a bare statement that the plaintiff entered into the contract.