Legal Update September 4, 2018 If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech Introduction Regardless of whether its recommendations are achievable in whole or in part or merely aspirational, the US Department of Treasury’s (“Treasury”) report issued on July 30, 2018—A Financial System That Creates Economic Opportunities, Nonbank Financials, Fintech and Innovation (“Report”)—is an ambitious, well-thought-out, comprehensive compendium of proposals to foster innovation in our financial system. Treasury deserves kudos for organizing and analyzing a disparate set of potential reforms to help synchronize old laws with new ways to conduct business. The question is whether this laudable blue-print for reform can serve as the impetus for real change given our current state of affairs. The Report is the fourth report issued by Treasury in response to President Trump’s February 2017 Executive Order No. 13772 (“Executive Order”) setting forth certain core principles for the US financial system. The three prior reports generally identified laws, treaties, regulations and other government policies that promote or inhibit federal regulation of the US financial system and included recommended changes consistent with the core principles set forth in the Executive Order.1 While some of the recommendations require action by federal regulators, others require changes to federal or state laws and most require public funds. This fourth report explores the regulatory landscape for nonbank financial companies with traditional “brick and mortar” footprints not covered in other reports as well as newer business models employed by technologybased firms (“fintech”). As part of the Report, Treasury explores the implications of digitalization and its impact on access to clients and their data. The Report includes limited treatment of blockchain and distributed ledger technologies as these technologies are being explored separately in an interagency effort led by a working group of the Financial Stability Oversight Council (“FSOC”). Treasury’s preparation of the Report included discussions with entities focused on data aggregation, nonbank credit lending and servicing, payments networks, financial technology, and innovation. It also consulted with trade groups, financial services firms, federal and state regulators, consumer and other advocacy groups, academics, experts, investors, investment strategists and others with relevant knowledge, and it reviewed a wide range of data, research and other published material from both public and private sector sources. Nobody should expect every one of the Report’s recommendations to be implemented efficiently and immediately, if at all. Some recommendations can be implemented through regulatory fiat, others can be implemented by regulators but only through a formal rulemaking process, and still other recommendations will require congressional action. Some of the recommendations are concrete, and others simply outline principles to inform policymakers. Some in theory could be implemented right away, and others are longer-term in nature. Some recommendations surely at some point will be enacted, and 2 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech others may never see the light of day. To fully implement all of the recommendations in the Report, federal agencies will need to crisply coordinate their initiatives in a strategic way, states will need to realize that a patchwork of inconsistent “solutions” to the same problems is counter-productive, and Congress will need to seize the initiative to legislate in order to promote rather than to prohibit. Nevertheless, the immense barriers to implementation should not diminish the importance and usefulness of the Report. This Legal Update provides a high-level summary of the Treasury recommendations set forth in the Report, along with a brief analysis of the key areas and some thoughts regarding the prospects for successful implementation of the pertinent recommendations. Some of the key areas covered in this Legal Update include data aggregation, challenges presented by the state and federal regulatory frameworks, marketplace lending, mortgage lending, shortterm lending, small-dollar lending, payments, regulatory sandboxes and international approaches and considerations. Digitalization, Data and Technology Digital Communications TELEPHONE CONSUMER PROTECTION ACT (“TCPA”) The Report explains that the TCPA has constrained the ability of financial services providers to use digital communication channels despite consumers’ increasing reliance on text messaging and email communications through mobile devices. The financial services industry likely will welcome the Report’s recommendations with respect to easing such constraints. The Report recommends that regulators mitigate the risk of liability for calling a reassigned number—a telephone number formerly belonging to a consenting consumer that is subsequently given to another person— by creating a database of reassigned numbers and a broader safe harbor for calls to reassigned numbers so that a caller who had consent from a previous subscriber has a sufficient opportunity to learn that the number has been reassigned. The Report also suggests that updated TCPA regulations should provide clarity on what types of technology constitute an “automatic telephone dialing system” for TCPA purposes given the TCPA’s restrictions on the use of autodialers.2 Finally, the Report notes the importance to the industry of clear guidance on reasonable methods for consumers to revoke consent under the TCPA, including through congressional action if necessary. The Report’s TCPA recommendations align with the Federal Communications Commission’s (“FCC”) rulemaking agenda. In March 2018 the FCC sought comment on how to address the reassigned numbers issue.3 FAIR DEBT COLLECTION PRACTICES ACT (“FDCPA”) Treasury recommends that the Bureau of Consumer Financial Protection (“Bureau”) promulgate regulations under the FDCPA to codify that reasonable digital communications, especially when they reflect a consumer’s preferred method, are appropriate for use in debt collection. Consumers increasingly prefer to communicate with their financial services providers digitally, such as through text messages and email, but the potential litigation risk from inadvertently disclosing information regarding debts to an unauthorized third party discourages debt collectors from digital communications with consumers. The Federal Trade Commission (“FTC”) had noted in 2009 that it was unaware of information demonstrating that unauthorized third parties were more likely to have access to debt collection messages conveyed through digital means than through letters and phone calls and that it did not believe in imposing restrictions on debt collectors’ use of email and instant messages in the absence of such data.4 Industry 3 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech stakeholders have argued in favor of an automatic “opt-in” that is deemed to constitute consent in the event that a consumer provides an email address or other digital communications method in connection with his or her financial services agreement. The industry is likely to favor such "opt-in" consent method because it could be implemented through consumer contracts. Data Aggregation CONSUMER ACCESS PROTECTIONS The Report discusses how data aggregators and fintechs should be able to access a consumer’s financial information only with informed consumer consent following receipt of adequate disclosures. To achieve that goal, the Report recommends that the Bureau work with the private sector to develop best practices and consumers be given adequate means to revoke prior authorization. If implemented in a thoughtful manner, these principles-based protections should give consumers a meaningful opportunity to control use of and access to their financial information. DATA SHARING BARRIERS The Report discusses how data aggregation in general, and APIs5 in particular, face operational and regulatory barriers. The Report recommends that the private sector develop a solution to allow financial services companies and data aggregators to establish data sharing agreements that use secure and efficient methods of data access and banking regulators revise their third-party guidance to remove ambiguity related to regulatory authority over fintechs’ use of APIs. These recommendations, while generally appearing to be noncontroversial, seem unlikely to be achieved in the near-term because it will be difficult to build consensus among market participants and a variety of resourceconstrained regulators. DATA SECURITY AND BREACH NOTICE The Report recommends that Congress enact a federal data security and breach notification law. The current fragmented regulatory regime results in gaps in data security requirements and duplicative costs for institutions that service consumers located in multiple states with inconsistent breach notification laws. While proposals similar to the Report’s recommendation have previously failed, in part because of state opposition to federal preemption of the existing state breach notification laws, the frequent occurrence of major, nationwide data breaches may mean that the situation is at a tipping point where such a federal law becomes a reality. DIGITAL LEGAL IDENTITY To combat the difficulties of identity proofing that have increased with the growth of customers’ preferences for online or mobile financial transactions and with the disaggregation of financial services, the Report recommends that public and private sector stakeholders work together to develop trustworthy digital legal identity services and products in the financial services sector that are portable across governmental agencies and unrelated financial institutions. In particular, the Report highlights existing initiatives by the Office of Management and Budget and under the REAL ID Act of 2005 as potential foundations for a digital legal identity framework. However, we expect that the viability of a digital legal identity will be driven more by congressional willingness to fund the public portion of the public-private initiatives and an interest on the part of regulators in providing legal certainty to those relying on such initiatives than willingness by the private sector to act independently. CLOUD TECHNOLOGY AND FINANCIAL SERVICES The Report recommends that regulators modernize requirements and guidance to better provide for appropriate adoption of new technologies such as cloud computing, including formally recognizing independent 4 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech US audit and security standards that sufficiently meet regulatory expectations and set clear and appropriately tailored chain outsourcing expectations. The Report recommends that regulators establish a cloud and financial services working group to develop cloud policies that reflect the interests of key industry stakeholders, including providers, users and others impacted by cloud services. Financial regulators should seek to promote the use of cloud technology within the existing US regulatory framework to help financial services companies reduce the risks of noncompliance and compliance costs associated with meeting multiple and sometimes conflicting regulations. The Report also recommends that regulators be wary of imposing requirements that data must be stored within a particular jurisdiction (e.g., data localization) and should instead seek other supervisory or appropriate technological solutions to potential data security, privacy, availability and access issues. BIG DATA, MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE As the Report points out, the artificial intelligence (“AI”) revolution is here. Treasury offers insight into the problems it anticipates from the use of AI in the financial services ecosystem. The Report notes a laundry list of uses of AI in the financial services industry, including surveillance and risk management, fraud identification, AML monitoring, investment/quant trading opportunities, chat bots and certain loan underwriting tasks. Although absent from the Report, machine learning (“ML”) and alternative data can be used to reach vast untapped markets of “credit invisibles” (persons without traditional FICO scores), which is a huge opportunity. AI presents pros and cons for financial services companies and consumers. Competition fosters innovation and may lead to better consumer products and services. The Report mentions that competition may present challenges as well. What if, Treasury worries, the firms with the strongest AI win a monopoly or duopoly? Perhaps a vicious cycle develops: consumers flock to the industry leader, so the leader gets more data, which makes its AI smarter, so it pulls further into the lead; repeat. Smart machines can detect fraud, but can also be used to promote fraud, e.g., through more realistic-looking sham phishing methods. Treasury does not mention it, but you could easily envision an AI arm’s race, e.g., ML that spots problematic conduct pitted against ML that conceals such conduct. There is some debate as to whether AI and ML will elevate biases in the provision of financial services. On one hand, ML underwriting may take biased humans out of the loop. But, ML systems may learn their own biases, for example, by using proxies for protected classes (e.g., determining that purchasers of high heeled shoes should be denied credit). The Report further notes that ML is notoriously opaque. This is often unhelpful, for example, when the law requires reasons for adverse credit decisions, or where regulators are trying to predict how a portfolio management tool will react in times of stress. Finally, big data raises privacy issues. Big data drives AI, thus generating a need for more and more data to feed the AI machine, which can lead to data vulnerabilities. On top of which, ML will be using that data in new ways that may reveal more than people anticipate. An example that Treasury does not mention occurred not long ago—smart machines reviewing purchasing patterns alerted marketers that certain women were pregnant before those women publicly disclosed their pregnancies. The Report makes a number of recommendations that are entirely correct but often not so easy to implement. Treasury offers the following advice: First, regulators should refrain from layering “unnecessary burdens” on the use of AI and ML. The issue is that “unnecessary burdens” is not a clear standard and may be interpreted in different ways by financial services providers and regulators. Second, regulators should be clear 5 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech in their guidance. This is a laudable goal. Sometimes lack of clarity is a regulatory stratagem, but not always—sometimes it reflects a complex and unclear reality. The latter is harder to solve. Third, regulators should coordinate when it comes to developing AI and ML policy. This is an ambitious goal, especially given what Treasury wants to accomplish (i.e., address when humans should be accountable, address when humans should have primary decisionmaking authority, ensure that the work force is ready for digital labor, ensure that AI is transparent for consumers and ensure that AI is robust against manipulation). Finally, the Report notes that the government should invest in AI. This is likely a good idea, so long as government supports, rather than displaces or tramples upon, industry. Aligning the Regulatory Framework to Promote Innovation The Report emphasizes the need for a regulatory framework that supports innovation in financial services, including by harmonizing state regulatory and supervisory regimes, allowing special purpose bank charters and encouraging bank partnership models with fintech firms. Harmonizing State Licensing and Regulatory Efforts While the Report pays passing homage to the longstanding regulation of consumer financial services by the states, it is overly critical of the manner in which states license financial services companies. Although consumer protection is recognized as being the primary reason for the regulation of nonbank consumer lenders at the state level, the Report notes that state-specific regulatory regimes are expensive and duplicative, chill economic growth of money transmission activities and limit financial products available to consumers because lenders and fintech firms are hampered by various state-law requirements. The Report emphasizes the need to allow nonbank firms (including start-ups) to focus on innovation and growth based on a national framework, rather than being bogged down with pesky state requirements. State regulatory agencies may take issue with this position, including (most notably) the New York State Department of Financial Services (“NYDFS”). The Report notes that harmonization may streamline examinations of money transmitters and money services businesses through multi-state examinations conducted in accordance with an examination protocol developed by the Conference of State Bank Supervisors (“CSBS”). Some states are already participating in such multi-state examinations, but it will be interesting to see how willingly states further embrace this suggestion of national examination procedures. The Report also supports a national regulatory framework applicable to nonbanks and sees great hope in “Vision 2020,” a CSBS effort to develop a 50-state licensing and supervisory system by 2020. This effort includes redesigning the existing Nationwide Mortgage Licensing System (“NMLS”) platform through further automation and enhanced data and analytical tools to create an NMLS 2.0 and harmonizing a multi-state supervision process through adoption of best practices and the development of comprehensive state examination systems. The highlighted feature of Vision 2020 in the Report is the concept of “passporting” and reciprocity of state licenses. While certain limited reciprocity is recognized by state regulators today with respect to certain state licenses, reciprocity is far from common and may be difficult to implement administratively, absent a clear legislative directive. If the above efforts do not lead to increased harmonization within a three-year period, the Report encourages Congress to take action to encourage greater uniformity in rules governing lending and money transmission. While, in response to the Report, CSBS has stated that it does not support the “creation of 6 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech new federal rules or unauthorized federal charters that would seek to compromise the ability of state officials to apply and enforce state laws,”6 it is presently unclear how state regulators will react to this invitation for congressional action on the horizon. Moving Forward with the OCC’s Special Purpose National Bank Charter The Report characterized the OCC’s special purpose national bank (“SPNB”) charter, which was initially proposed in 2016, as potentially providing fintech firms with a more efficient, and at least a more standardized, regulatory regime, than the current statebased regime in which they operate. The Report notes that the OCC has the ability to tailor compliance requirements under a SPNB charter to better suit the safety and soundness risks of SPNBs, which may include: (i) addressing insured deposit-related differences between SPNBs and national banks; (ii) providing safety and soundness rules on capital and liquidity for SPNBs that would be different than those for national banks; and (iii) identifying state laws that would be preempted and those that may apply to SPNBs. The Report suggests that in the case of SPNBs, there should be more limited preemption of state consumer protection laws, including with respect to foreclosures, than is the case for national banks. Additionally, the Report recognizes that clarification is needed as to whether SPNBs should be given access to the Board of Governors of the Federal Reserve System’s (“Federal Reserve”) payment system and whether new activities incidental to the business of banking would be permissible for SPNBs. The Report also notes that a SPNB charter should not provide an undue advantage to newly chartered SPNBs relative to chartered banks but does not opine as to any unfair advantage over nonbanks, such as industrial loan companies (“ILCs”), that have operated in the existing state regulatory system for years. The OCC announced that it would begin accepting SPNB charter applications the same day the Treasury Department released the Report. By taking this step, the OCC was the first federal agency to execute on a recommendation contained in the Report. In addition to eliminating the barrier of individual state licensing requirements, a SPNB charter enables companies currently operating under a patchwork of state supervisory requirements to standardize their compliance systems and operational functions under one supervisory regime. The National Bank Act (“NBA”) broadly preempts state law, such that national banks do not need to comply with state laws that conflict, impede, or interfere with national banks’ powers and activities.7 State laws that purport to govern checking and savings accounts, disclosure requirements, funds availability, escrow accounts, credit reports, terms of loans, and state licensing or registration do not apply to national banks and as currently contemplated would not apply to SPNBs.8 As part of its initiative to encourage fintech companies to apply for a national bank charter, the OCC stated that it would consider the permissibility of any activities for a SPNB charter on a caseby-case basis, indicating potential flexibility in terms of allowing activities to be conducted in conjunction within an existing banking business.9 Perhaps (not surprisingly) certain state regulators regarded the OCC’s initial proposal for the establishment of the SPNB charter as a competitive threat to their licensing and supervisory authority and both the CSBS and the NYDFS initiated litigation to block the OCC initiative. Those challenges were dismissed in December 2017 on the basis that the NYDFS claims were not ripe as the OCC had not yet decided whether to accept applications or issue any charters. However, now that the OCC has announced it will be accepting applications, it is likely state regulators and the CSBS will seek to reinstate their litigation. It should be noted that the concept of a limited purpose national bank is not new or necessarily novel. The OCC has issued limited 7 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech purpose charters for banks that offer only a small number of products, that are targeted to a limited customer base, that incorporate nontraditional elements, or that have narrowly targeted business plans. To date, special purpose charters have been issued for banks whose operations are limited to credit cards, fiduciary activities, community development, or cash management activities (including banker’s banks). While a SPNB charter offers benefits in terms of preemption as well as greater regulatory certainty and consistency, potential applicants should be aware of the costs and other requirements that apply to national banks. As a general rule, OCC supervisory assessments are significantly higher than those imposed by states. When it announced that it would begin accepting SPNB charter applications from fintech companies, the OCC did not indicate whether it would implement a more favorable fee structure. In terms of capital requirements, the OCC did indicate, that as it has done for other limited purpose banks, it would consider tailoring capital requirements for fintech SPNBs to the bank’s size, complexity and risk profile. In addition to holding capital and paying supervisory fees, a SPNB would have to become a member of the Federal Reserve System, which entails the acquisition and holding of stock in a Federal Reserve Bank. If the SPNB is a subsidiary of the fintech company and the bank engages in commercial lending and certain deposit-taking activities, the parent company would have to qualify as a bank holding company under the Bank Holding Company Act (“BHCA”),10 which, among other things, entails restrictions on the types of activities in which the parent holding company can be engaged as well as on transactions between the subsidiary bank and its nonbank affiliates. Limited purpose banks, including a SPNB, that hold deposits (a concept criticized by Treasury in the Report) must also obtain deposit insurance from the Federal Deposit Insurance Corporation (“FDIC”) and satisfy the Community Reinvestment Act (“CRA”)11 requirements. The OCC has indicated that SPNBs, which are not subject to the CRA, will be expected to commit to meeting an ongoing financial inclusion standard that would be specified as part of their charter approval, although in the Report the Treasury took a dim view of this requirement. Fintech companies have options to consider in addition to a national bank charter. For example an ILC charter, while not preempting state consumer protection laws, avoids other requirements and restrictions that apply to owners of banks under the BHCA. Furthermore, an ILC can export interest rates and fees permitted by its home state to borrowers located in others states to the same extent as a national bank and other FDICinsured state chartered banks. The ultimate choice a company makes is likely to turn on the range of financial services options the fintech seeks to bundle with other services. Regardless of the licensing option that is ultimately chosen the greatest challenge for fintechs may be adopting to the highly regulated environment that applies to banks and bank-like entities. The quickly adaptive low friction philosophy of technology companies tends to stand in stark contrast with the safety and soundness philosophy that predominates at financial services regulators at both the state and federal levels. Achieving a workable balance between these conflicting philosophic approaches may ultimately determine whether fintechs will supplant traditional banks in the provision of consumer and B2B services or remain tethered to them in some form of shared service relationship. Regulatory Oversight of Third-Party Relationships The Report emphasizes the need to manage risks associated with third-party providers to SNPBs, such as fintech partners and support services, while recognizing that technological innovations, specialization, costs and the competitive business environment contribute to a financial institution’s increased 8 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech outsourcing to third parties. The Report notes that both banking organizations and others have raised concerns regarding the compliance costs and burdens associated with regulatory oversight of third-party service providers to banking organizations. As financial institutions become more reliant on thirdparty providers, they must be aware of changing risk factors created by the need to outsource certain functions and manage such risks appropriately. The Report recounts how existing third-party risk management guidance from the prudential bank regulators has created market uncertainty around several key issues, including the scope and categorization of vendors and other third parties subject to the US bank regulators’ risk management guidelines, including subcontractors, and the appropriate level of scrutiny. The Report also emphasizes that standards for third-party risk management oversight are not always applied consistently in the examination context, as well as recurring industry concerns regarding the “trickle down” effect of best practices for higher-risk providers to other, less risky thirdparty relationships. The Report emphasizes that many of these concerns are most acute for community banks and other smaller banking organizations as well as smaller/start-up nonbank fintech firms. REGULATION OF THIRD-PARTY/VENDOR MANAGEMENT The Report sets out certain recommendations that federal banking regulators should consider, but also states that banking regulators should be prepared to adapt their third-party risk relationship framework to emerging technology developments in financial services. In order to address the regulatory burdens associated with third-party oversight and vendor management of fintech relationships, the Report states that the US bank regulators should, on a coordinated basis, review and amend existing guidance through a formal notice and comment process, with a view to harmonizing and tailoring standards and fostering innovation. IMPACT OF BANK ACTIVITIES’ RESTRICTIONS ON FINTECH INVESTMENTS AND PARTNERSHIPS The Report describes various regulatory impediments to fintech and other “innovation investments” flowing from restrictions on the permissible activities of banks and saving associations and their holding companies. With respect to the types of fintech activities and investments that are permissible for banks and savings associations, the Report is mainly descriptive rather than prescriptive, noting that this is driven primarily by federal statute and, thus, not especially amenable to regulatory action. Nevertheless, the Report notes approvingly of the OCC’s authority and historic willingness to interpret the “business of banking” over time in a way that fosters innovation and meets consumer needs. With respect to bank holding companies, the Report reiterates various formal and informal comments and recommendations made over the past year by Federal Reserve officials regarding the need for a reassessment of the BHCA definition of “control.” As bank and financial holding company investors and their nonbank fintech partners will appreciate, the question of whether a particular fintech company is “controlled” by a bank or financial holding company investor can often be a difficult question, lacking complete legal certainty absent protracted engagement with Federal Reserve legal staff. Given the complexity of the existing control rules and the significant consequences of a control determination for both parties to a fintech partnership, the Report calls on the Federal Reserve to take another look at the BHCA definition of control in an attempt to create a simpler standard that supports innovation. While the Report does not provide a timeframe for this review, we expect the Federal Reserve to undertake this process through formal notice and comment rulemaking in the coming months. 9 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech Updating Activity-Specific Regulations Marketplace Lending Treasury makes three recommendations expressly regarding marketplace lenders, each of which appears intended to clarify the regulatory environment and ease conflicting regulatory pressures for marketplace lenders relying on a particular business model—the “bank partnership”—that currently does not fit neatly into a particular federal or state regulatory treatment. Treasury advocates for regulatory certainty across three issues of import for marketplace lenders relying on a bank partnership model. First, bank partnership models require that each loan be lawful when made, but caselaw regarding when the bank will be treated as the “true lender” has generated multiple, ambiguous standards, some of which threaten to recharacterize the non-bank platform as the lender whenever the platform has the “predominant economic interest” in the program. Accordingly, the Report recommends that Congress codify true lender standards, including noting that a commercial relationship between a bank and third party would not affect the bank as the true lender.12 This recommendation reflects the approach already taken in H.R. 4439, the “Modernizing Credit Opportunities Act,” which is currently under consideration by the House Financial Services Committee, but which is currently stalled in committee as it is opposed by, among other relevant entities, the CSBS. Second, bank partnership models involving the sale of loans to the nonbank platform and/or other non-bank third parties require that the non-bank entity be able to enforce the loan pursuant to its terms upon acquisition. The 2015 Second Circuit decision in Madden v. Midland Funding, LLC13 has called into question the longstanding “valid when made” doctrine calling into question an acquiring party’s ability to charge interest at the contracted for rate if that rate had been permissible only because federal banking laws preempted otherwise-applicable usury limits. While subsequent developments have called into question the scope and validity of Madden’s holding, states and private plaintiffs have begun to raise Madden-based challenges to marketplace lending programs. The Report recommends that the Madden issue be stemmed through congressional codification of the “valid when made” doctrine into the federal banking laws.14 Finally, bank partnership models require that lending platforms have sufficient authority to engage in the range of ancillary activities they conduct to support the origination of loans by their bank partners. In many cases, this issue comes down to the applicability of state licensing regimes to the activities in question. The Report expresses concern over the role that one set of licenses for this type of activity may have in inhibiting the viability of bank partnerships. It supports revisions to credit services laws that would exclude origination activities on behalf of a federal depository institution in connection with a bank-partner program. This recommendation may gain more support than other recommendations that are more onerous on state regulatory authorities. With respect to marketplace lending, the Report makes recommendations regarding harmonization of state oversight and licensing regimes and encouragement of the OCC’s SPNB charters designed to permit fintechs to operate on a more uniform basis nationwide, each of which we previously discussed in this Legal Update. The marketplace lending industry has flourished over the past several years and is now garnering substantial regulatory attention. Some of that attention—primarily by state regulators—has generated legal issues that threaten the vitality of certain marketplace lending business models, but the Report suggests that marketplace lenders have an ally at the federal level in this political climate. The recommendations promoted by the Report are not guaranteed to be enacted. Were one or more pursued by Congress and/or 10 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech state regulators, however, the resulting regulatory easing could further accelerate an already growing industry. Mortgage Lending and Servicers The Report also discusses the challenges and identifies specific recommendations aimed at improving the regulatory approach to a key financial service area for consumers: mortgage lending and servicing. ELECTRONIC MORTGAGES The Report recommends that (i) the Government National Mortgage Association (“Ginnie Mae”) pursue acceptance of eNotes and more broadly develop its digital capabilities; (ii) Congress appropriate funding for FHA for technology upgrades to improve digitization of loan files; (iii) the Federal Housing Administration (“FHA”), US Department of Veterans Affairs (“VA”), and US Department of Agriculture (“USDA”) explore development of shared technology platforms; and (iv) the Federal Home Loan Banks (“FHLBs”) establish as a goal the acceptance of eNotes on collateral pledged to secure advances. Any such efforts will require funding. While FHA is limited by its congressional budget, it is in need of broader technology overhauls beyond the narrower issue of digital mortgage capabilities and could designate a portion of its 2019 budget (and beyond) to develop those digital mortgage capabilities. If past is prologue, there might not be great hope for interagency cooperation occurring any time soon. Perhaps, however, Ginnie Mae and FHA will focus on this point, since that is within their control, at least to a degree. And it would be in their best interests to adopt eMortgage capabilities. The FHLBs’ development of processes for accepting eNotes as pledged collateral to secure advances would help free up mortgage capital. The question is whether the FHLBs have an impetus to do so. The good news is that Ginnie Mae, FHA, VA, USDA and the FHLBs do not need to reinvent the wheel. The federal Electronic Signatures in Global and National Commerce Act (“ESIGN”) and state adoptions of the Uniform Electronic Transactions Act (“UETA”) have been in place for as long as two decades in some instances. These laws authorize the use of eNotes and eMortgages. And SPeRS (Standards and Procedures for Electronic Records and Signature) and MISMO (Mortgage Industry Standards Maintenance Organization) have developed and maintain, respectively, a robust data dictionary and SMART Doc® standards which provide formats for electronic formatting of documents and a technologyneutral set of guidelines and strategies for use in designing and implementing systems for electronic transactions. These are readily available to lenders, government-sponsored enterprises (“GSEs”) and secondary market investors should they decide to heed Treasury’s recommendations. ELECTRONIC CLOSINGS AND NOTARIZATIONS The Report calls for states that have not authorized electronic and remote online notarization to authorize the interstate recognition of remotely notarized documents and standardize eNotarization practices. The Report also emphasizes the need for Congress to enact a minimum uniform national standard for remote, online electronic notarizations. Completing the mortgage process through digital notarization offers borrower convenience. However, it remains one of the key impediments to the digital process. While ESIGN and UETA establish the validity of electronic signatures in consumer credit transactions, notarizations of mortgages are subject to state notary laws, many of which do not authorize digital notarization but instead require a physical signature and notarization. Nonuniform state laws pose a cost barrier for eNotarization system vendors and create uncertainty for investors who would like to purchase digital mortgages. 11 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech The same is true of eRecordings of deeds and security instruments. While 33 states and territories have enacted a version of the Uniform Real Property Electronic Recording Act (“URPERA”), it is up to each county to implement eRecordings. As of May 31, 2018, just over half of the 3,600 recording jurisdictions in the United States offered electronic recording. There are numerous hurdles to electronic notarization and recordation. First, while UETA (adopted in all but three states) authorizes notaries to use electronic signatures, many state regulatory agencies and legislative bodies insist that state laws expressly authorizing remote, online notarizations, must first be put in place. The legislative process takes time, not to mention that there needs to be an appetite for change. Recent attempts in some states have not succeeded (e.g., California). Second, laws for electronic notarization are not standard from state to state. It is difficult, and costly, for vendors to develop solutions without standardization. Trust is another issue. Many participants in the notary community fear fraud if notarizations are performed without the signer being physically present. And some are concerned that data breaches of consumer personal information will compromise knowledge-based authentications. Also, the interests of all players in the mortgage industry are not the same. Clearly consumers, lenders and investors would benefit from nationwide, standardized electronic notarization and recording laws. The same is not necessarily true of land records offices, which could see a reduction in staffing and control over the notary process. Lenders and investors might be less likely to require title insurance policies if mortgages are registered electronically (e.g., through MERS or a blockchain technology). Similarly, if enough states authorize nationwide, remote notarization, local notaries may realize there is the potential to lose business and revenue to national notaries. Finally, cost is an issue. Technological solutions must be in place for counties to participate in electronic recordation. This requires new hardware, software and programming—all of which costs money that many localities do not have. APPRAISALS The Report acknowledges the exhaustive efforts of federal and state regulators and industry organizations to delineate minimum licensing requirements for appraisers, articulate clear appraisal standards and ethical rules and ensure appraiser independence and freedom from coercion, extortion, intimidation, or other improper influence. However, citing research published by the National Association of Realtors, the Report notes that appraisals are criticized as a frequent source of loan closing delays. To address this concern, the Report recommends that Congress update the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 to allow for the use of automated and hybrid appraisal practices in a defined and limited subset of loan transactions with stringent provisions for monitoring their use. The Report recommends that government loan programs develop enhanced automated appraisal capabilities and explore the possibility of using new industry technologies in the government sector, as well as support standardized appraisal reporting, proprietary electronic portals to submit appraisal forms, limited appraisal waivers, and the easing of appraiser education requirements in favor of on-the-job training or other types of education credits. The recommendations raise a number of industry questions. For example, will automation ultimately eliminate individual appraisal jobs? Do the Uniform Standards of Professional Appraisal Practice (“USPAP”) apply to automated systems and artificial intelligence? Do automated systems always contain up-todate information and consider all of the important factors that go into a valuation? Nevertheless, the recommendations in the Report underscore the value of new and impending appraisal technologies and, if 12 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech adopted, may be successful in reducing costs and increasing turnaround times. FALSE CLAIMS ACT The Report highlights the rise in the Department of Justice’s (“DOJ”) and US Department of Housing and Urban Development (“HUD”) Office of Inspector General’s use of the False Claims Act (“FCA”) since the financial crisis and the residual impact of multimillion dollar FCA liability in reducing access to credit. This exposure and financial risk has reduced the number of mortgage participants willing to lend in this space and increased credit overlays. In this context, the Report largely adopts many industry recommendations made previously by mortgage industry participants that are designed to increase predictability in the government-insured mortgage origination marketplace and reduce liability for clerical origination errors. Treasury recommends the following: • Material Defects: To assist DOJ in evaluating which mortgage origination defects to pursue under the FCA, HUD should establish standards to determine which program requirements and violations are considered “material.” Additionally, DOJ should link its materiality standard to agency standards. For qui tam actions regarding nonmaterial errors, DOJ should exercise its statutory authority to dismiss those cases. • Remedies: HUD should clarify potential remedies and liability for both servicers and lenders, including the use of indemnification or premium adjustments, and ensure that the remedies correlate with the existing FHA Defect Taxonomy. • Safe Harbor: HUD should establish a safe harbor from claim denials and forfeited premiums for errors that (1) are immaterial to loan approval and (2) have been cured pursuant to FHA requirements (and absent indicia of systemic issues). • Other Factors: FHA should consider other factors in determining potential liability for errors, including the systemic nature of the problems, role of senior management, overall loan quality and correlation of the errors with default. These recommendations are welcome perspectives to a mortgage industry that has struggled to grow in the face of unpredictability and substantial liability for seemingly non-material loan origination errors. Although the recommendations are a positive step in the right direction, additional recommendations could further the Treasury’s goal of creating certainty to governmentinsured lending. Most importantly, in addition to clarifications regarding HUD’s standards of materiality, additional amendments to both the loan-level and annual certifications are needed to reflect the subjective realities of FHA lending and assure lenders that they will be held accountable only for their knowing and material errors that directly impact the insurability of loans. On remedies, the Defect Taxonomy should provide express guidance regarding the penalties HUD will pursue for each tier within the defect categories, including whether all unmitigated findings in the Tier 1 designation will result in indemnification. HUD should also expand the Defect Taxonomy to include defect categories for FHA servicing and claim requirements to increase lenders’ certainty with regard to those areas. The recent confirmation of the new FHA Commissioner gives HUD and the DOJ an opportunity to incorporate these and the Report’s recommendations, many of which could be accomplished without amendment to the National Housing Act or implementing regulations. As noted in the Report, if such efforts prove unsuccessful or fail to stimulate increased lender and servicer participation in federally insured mortgage programs, legislative changes to the FCA, such as those discussed in our Legal Update15 on that topic, would be ripe for pursuit by Congress. 13 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech LOSS MITIGATION STANDARDS AND FHA SERVICING REGULATIONS The Report notes that, although most mortgage loan investors share “guiding themes” for loss mitigation, there is no national loss mitigation standard. GSEs, agencies, banks and private-label servicers offer differing loss mitigation programs based on business models, regulatory mandates and borrower segments served. These differences create challenges for servicers, including reduced efficiency, increased costs and lack of scalability, particularly for delinquent and defaulted loans. Additionally, consumers generally cannot choose their investor or servicer (with the exception of choosing government-insured loans at origination) and face uncertainty when facing loss mitigation options that are dictated by investors. Treasury’s recommendations focus on these challenges in the context of federally supported mortgage programs. Treasury recommends standardizing federal loss mitigation programs, including establishing certain parameters regarding application packages, affordability standards, loss mitigation waterfalls and referrals to financial counselors. However, the Report is careful to note that the government should not prescribe particular loan modification products, nor does the Report recommend a national standard that would apply to private investors. Treasury also recommends that HUD review and reduce burdensome regulatory requirements under FHA servicing standards. Specifically, the Report recommends amending FHA’s unique foreclosure timeline regulations to change how penalties are assessed when incremental foreclosure milestones are missed but the overall foreclosure timeline is not negatively impacted and to better align with the Bureau’s existing regulations regarding default servicing activities. Treasury also recommends that HUD revisit the property conveyance process to explore changes that would reduce costs, inefficiencies and delays that occur under the current process. As the Report notes, another recommendation to help reduce costs and conveyances to HUD would be to expand the use of alternatives to the conveyance claim process, including Note Sales and the Claims Without Conveyance of Title process. These are welcome recommendations in light of the industry’s continued challenges with conflicting and burdensome servicing requirements for federally insured mortgages. The FHA loss mitigation, foreclosure, property preservation and unique claims processes are governed by detailed regulations, as well as substantial agency guidelines. While progress can be made through policy change for certain issues, many of the recommendations in the Report will require amendments to FHA servicing regulations. The arrival of a new FHA Commissioner and a strong housing market may create the conditions required to pursue an overhaul to these regulations with the goal of aligning federal servicing standards and replacing outdated and unduly burdensome rules presently governing FHA servicing. DEBT COLLECTION The debt collection industry continues to struggle with conflicting court opinions, “regulation through enforcement,” and pervasive consumer complaints despite the Bureau’s ability to establish debt collection rules under the FDCPA. Treasury accordingly recommends that the Bureau establish standards for third-party debt collectors, including standards for the type of information that must be transferred to other debt collectors or to debt buyers, and determine whether the content of validation of debt notices required under the FDCPA should be expanded. Notably, the Report does not support applying the FDCPA to first-party debt collectors and suggests that Congress explore this option. These recommendations are not surprising and come nearly two years after the Bureau released its outline of debt collection proposals,16 which included proposals for data transfers and expansion of validation of debt 14 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech notice content (among other practice-related proposals), and nearly five years after the Bureau’s original Advance Notice of Proposed Rulemaking on debt collection. However, the Bureau has yet to issue a proposed rule. Hopefully the Bureau will heed the recommendation and bring more certainty to the debt collection and debt buying industries. STATE FORECLOSURE PRACTICES Since the housing crisis, the average length of the foreclosure process has increased exponentially in both judicial and nonjudicial states. Extended foreclosure timeframes have affected the housing market through increased interest rates for borrowers and negative pressures on home pricing. For federally supported housing programs where national pricing is a factor, this can also result in additional costs being passed on to borrowers in states with shorter foreclosure timelines. As a result, the Report recommends that states standardize their foreclosure statutes to align with a model foreclosure law. The Report suggests that pivoting away from a judicial review foreclosure process may reduce the time and resources associated with foreclosures without sacrificing state and federal borrower protections. Additionally, to account for added costs of longer foreclosure timelines, the Report recommends that federally supported housing programs consider a guaranty fee and insurance fee surcharges in states where foreclosure timelines are substantially longer than the national average. NON-DEPOSITORY COUNTERPARTY TRANSPARENCY Since the financial crisis, the secondary mortgage market supported by Fannie Mae, Freddie Mac and Ginnie Mae has provided nondepositories with a willing purchaser or guarantor and enabled nondepositories to expand their market share. Ginnie Mae, in particular, has offered a reliable market for nondepositories, with nondepositories providing approximately 70 percent of the new Ginnie Mae originations. The Report points out certain risks in a housing market propped up by nondepository lenders. Of particular concern is liquidity and the capacity of nondepositories to survive a large-scale market downturn. For instance, if a nondepository faced a financial meltdown and significant borrower delinquencies, the concern is that it may not have access to capital sufficient to meet Ginnie Mae’s requirement to make advances. The Report also suggests ways to mitigate such risks. First, the Report mentions increased transparency and reporting requirements, ideally standardized across Ginnie Mae, Fannie Mae, Freddie Mac, FHA and the CSBS (important as nondepositories are chartered and regulated at the state level), which will provide such investors with information necessary to assess nondepository counterparty risk. Second, the Report recommends that Ginnie Mae be allowed to assess higher guaranty fees in the event of perceived counterparty risk. Finally, the Report recommends a review and evaluation of Ginnie Mae’s current staffing and contracting policies to address its changing workforce needs. Although the foregoing recommendations would be beneficial, some would be difficult to implement. For instance, standardized reporting requirements for Fannie Mae, Freddie Mac and Ginnie May would be a substantial undertaking, require compromise to harmonize various investor requirements and likely take years to implement. Similarly, revising the Ginnie Mae charter to allow for increased guaranty fees would require congressional action.17 The most likely area of change would be revisions to Ginnie Mae’s policies to address staffing needs, but note that Ginnie Mae is still dependent on congressional appropriations for funding any such policy changes. Student Lending and Servicing As the size and nature of this market continues to grow and shift, student lending and servicing is an emerging area of focus for 15 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech federal and state regulators.18 The Report recommends enhancements related to school accountability, servicing standards for federal student loans, borrower communication and data quality. Many of the student lending and servicing issues highlighted in the Report are issues that are well-known in the industry, but some of the Report’s recommendations involve the novel use of technology to increase efficiencies, decrease costs and improve consumers’ experience in connection with federal student loans. SCHOOL ACCOUNTABILITY The Report indicates that Treasury is concerned about the lack of school accountability in student lending, particularly schools that do not offer a good value for their tuition and therefore lead to student loan debt that borrowers struggle to repay. There have been a number of enforcement actions brought by federal and state agencies in recent years against for-profit institutions related to deceptive marketing and other perceived predatory behavior by schools.19 As the Report points out, schools have few metrics or requirements related to the performance of federal student loans. To increase school accountability, the Report supports the implementation of a risk-sharing model that would require schools with consistently low loan repayment rates to repay some amount of federal funds. Risk-sharing models have been used by some companies in the private student lending space, but using it in connection with federal student loans would be a novel approach. Because the implementation of a risk-sharing model would require the passage of legislation, it is unlikely that such changes would occur in the near future. The Report also acknowledges that a risk-sharing model would pose some thorny issues, such as how to account for schools with consistently low loan repayment rates, but high percentages of disadvantaged students. SERVICING STANDARDS The Report acknowledges that servicing federal student loans is a complicated endeavor. First, there are myriad different federal student loan types (including legacy vintages) with different loan features and parameters. In addition, there are eight different repayment plans that may be available to federal student loan borrowers, all of which have different eligibility requirements and plan features. There also are certain features such as delayed repayment and interest capitalization that are unique to the student loan product and which complicate the servicing process. Despite the complex nature of servicing federal student loans, the Report highlights the lack of useful guidance provided to student loan servicers, resulting in inconsistency in servicing practices across servicers. The complexity of servicing federal student loans also hinders the ability of borrowers to understand the terms of their loans and available benefits. As a result, servicing personnel often shoulder the responsibility for explaining nuanced terms and servicing processes to consumers without standardized guidance from the US Department of Education (“ED”). To increase consistency and decrease servicing costs, the Report recommends that the ED establish minimum servicing standards for federal student loan servicers. The Report suggests that any minimum servicing standards focus on providing guidance for transactions with significant financial implications for borrowers (e.g., choice of repayment plans, application of lump sum payments across multiple loans), creating minimum contact requirements and implementing timelines for certain activities, such as correcting identified account-specific issues. The Report’s recommendations echo many of the recommendations made in the Joint Principles on Student Loan Servicing published by the Treasury, the ED and the Bureau back in September of 2015.20 Almost three years later, meaningful progress still has not been made toward developing regulations or other guidance that would formalize these concepts. With the ED recently suggesting 16 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech that state laws that purport to regulate student lenders are preempted by the federal Higher Education Act,21 it may be prudent for the ED to act more quickly to consolidate its authority and dissuade states from creating their own regulatory frameworks for student loan servicing. BORROWER COMMUNICATION The Report also makes recommendations related to two discrete areas of federal student loan servicing involving borrower communications—the use of email communications with borrowers and the lack of E-SIGN capability. With respect to the use of emails, the Report recommends providing borrowers with earlier email communication (servicers often do not have borrowers’ email addresses until a loan enters repayment) and more substantive email messages (rather than simply notifying borrowers that a message is available in the servicer’s online portal). The Report highlights the unnecessary costs and inefficiencies associated with servicers’ inability to obtain e-signatures from federal student loan borrowers. The Report recommends that the ED provide secure ESIGN software and technology to federal student loan servicers in order to increase efficiency and decrease servicing costs associated with obtaining wet signatures from borrowers on all required forms. DATA QUALITY A recurring theme of the Report is that the federal student loan market is often driven by private servicers, rather than the ED. At present, servicers maintain the majority of loan-level data about their federal student loan portfolios. Because this data comes from different servicers and is in different formats, it hinders the ED’s ability to monitor trends and address potential portfolio-wide issues. Given the increasing size of the federal student loan portfolio, the Report recommends that the ED include on its Office of Federal Student Aid management team individuals who have expertise in managing large consumer loan portfolios. The Report also recommends that the ED increase transparency by publishing more data regarding performance and costs on its website to provide taxpayers with more insight into how the federal student loan portfolio is performing The Report’s recommendations appear to be designed to enable student loan servicers to leverage technology in order to more efficiently and effectively deliver services to student borrowers. Although many of these recommendations seem unlikely to come to fruition (e.g., risk-sharing model with schools), other recommendations that have the potential to significantly increase efficiencies (such as providing E-SIGN software to student loan servicers) may gain enough traction to result in meaningful changes to the market. Short-Term, Small-Dollar Lending reasury makes two recommendations regarding short-term, small-dollar lending: first, that the Bureau rescind its Payday Rule; and second, that regulators encourage banks to make (prudently) short-term, small-dollar loans. The Report recommends that the Bureau rescind, rather than amend, its Payday Rule. Treasury’s primary argument for rescinding the Payday Rule is that the states already highly regulate short-term, small-dollar lending. The Report suggests that the extensive state action is unnecessary. Treasury also argues that the Payday Rule restricts consumer access to credit and decreases product choices. Rescinding the rule, Treasury says, would lead to additional credit opportunities for under-banked consumers who otherwise may be left with few alternatives, such as turning to unscrupulous or illegal lenders. The Report does not address consumer protection concerns previously expressed by the Bureau about debt traps, though omission of that concern may have resulted from Treasury’s treatment of payday lending as the “lesser of two evils” when compared with the possible alternative of loan sharking and its belief that states know best 17 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech when it comes to their citizens’ credit and consumer protection needs. Since the Bureau already indicated its intent to reconsider the rule in a political environment seemingly aligned with Treasury’s positions, its recommendation may succeed—an outcome that the industry would likely welcome. While lenders frequently prefer uniform federal regulatory regimes over a 50-state hodgepodge of requirements (the Report itself notes that state-level differences can in some cases create uncertainty, increase costs and inhibit wider adoption of innovations),22 Treasury’s view is that the Bureau’s Payday Rule is too restrictive. The Report also recommends that federal banking regulators encourage banks to return to small-dollar lending. Specifically, Treasury recommends that the FDIC follow the OCC’s lead in rescinding some small loan guidance from 2013, which identified risks associated with offering direct deposit advance products in a way that chilled banks’ appetite for offering such products. The Report frames the OCC’s change in guidance as a move to ensure that consumers did not run to less-regulated nonbanks. Treasury’s two recommendations indicate that it would prefer that federal and state regulators take steps to encourage sustainable and responsible short-term, small-dollar installment lending by banks. Treasury would like to see barriers to such lending removed. It does not, however, provide any specific framework for supporting the goals of sustainability and/or responsibility. Presumably, those are discussions best had within the federal banking regulators, the Bureau, and state legislatures and regulators, rather than the Treasury itself. IRS Income Verification Income verification is an integral part of most credit inquiries. Mortgage lenders must ensure that borrowers have the means to make their monthly mortgage payments. Investors, along with Fannie Mae, Freddie Mac and government insured and guaranteed loan programs such as the FHA and VA, impose rigorous income verification requirements, including a requirement to obtain copies of the borrower’s tax returns dating back two years for certain types of financing. However, the Internal Revenue Service (“IRS”) delivers tax data to lenders using outdated technology that often results in closing delays and increased costs. The Report recognizes that IRS methods are out-of-sync with real-time information transfers that have become increasingly common throughout the lending industry. To address this challenge, it recommends that Congress fund IRS modernization, including electronic upgrades to support more efficient and timely income verification. Such modernization presumably would, among other things, facilitate lenders’ receipt and use of historical income data earlier in the credit process, eliminate paperwork and delays and lower operational costs. However, as the Report acknowledges, it would require extensive and expensive enhancements to IRS systems, including acquisition of e-signature capability and additional borrower authorization protocols to ensure the IRS delivers only tax data approved by the consumer. Were Congress to fund such improvements, it would be critical for the IRS to ensure its current system remains operational during the interim period and that further delays do not abound. New Credit Models and Data Recognizing that new credit models and data sources have the potential to significantly expand underserved consumers’ access to credit, Treasury recommends that regulators facilitate testing of and experimentation with new models and data and that regulators enable increased use of new modeling and data by reducing regulatory uncertainty, preferably through interagency coordination. With respect to industry participants, Treasury recommends that they continue efforts to capture telecom, utility, and rental payments, as well as more granular credit card usage information, through regular reporting to consumer credit bureaus. 18 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech The Report explains that US financial institutions historically have relied on standardized credit data and models, such as the widely used FICO score, for extending consumer credit. However, fast moving developments in data availability and modeling methods are yielding innovative approaches to credit underwriting. Some of these new techniques involve applying newer data, such as rental and utility payments, to existing modeling approaches, while others use new modeling techniques (e.g., machine learning) combined with unexpected types of data, such as social media usage, Internet browsing history, shopping patterns, etc. The Report emphasizes the importance of balancing the potential benefits of these advances—including expanded credit opportunities for underserved consumers and improved loss rates for creditors—with important policy considerations, such as compliance with consumer protection requirements, regulatory model validation expectations, and data quality and privacy issues. Although the United States is somewhat behind other countries in formalizing a regulatory framework for incentivizing fintech innovation, significant developments to implement the Report’s recommendations are emerging. For example, in July of this year, the Bureau established a new Office of Innovation,23 and the OCC announced that it will begin accepting applications for its much anticipated fintech charter.24 This month, the Bureau announced that it has joined with 11 financial regulators and related organizations to create a Global Financial Innovation Network.25 Also, as discussed later in this Legal Update, Arizona became the first state to establish a fintech regulatory sandbox.26 On the other hand, establishing an infrastructure for reliably capturing new types of data will require significant effort and collaboration, and applying outdated consumer protection statutes such as the Fair Credit Reporting Act (“FCRA”) to new data sources raises challenging compliance questions that will likely need to be addressed by new legislation. Credit Bureaus Treasury focused on two main issues regarding credit bureaus: data security and the application of the Credit Repair Organizations Act (“CROA”). The Report recommends that the FTC, which has significant privacy and data security expertise, retain its Gramm-Leach-Bliley-Act rulemaking and enforcement authority over nonbank financial companies. In addition, the applicable agencies should coordinate efforts to protect consumer data held by credit bureaus, and Congress should evaluate whether further data protection authority is needed. While the FCRA regulates how credit bureaus collect, use and share consumer credit data, and the FTC’s Safeguards Rule requires credit bureaus (among others) to employ data security measures to safeguard consumer information from unauthorized access, currently there is no data security supervisory authority over credit bureaus. In 2017, one of the three largest US credit bureaus experienced a massive security breach involving extremely sensitive data about nearly 150 million consumers, which breach underscored the need for more robust supervision of credit bureaus’ information security practices.27 The Report also recommends that Congress amend the CROA to exclude the national credit bureaus and credit scorers from coverage. Congress enacted the CROA in 1996 to protect consumers against predatory credit repair organizations that falsely claimed to be able to improve consumers’ credit ratings for a fee. In 2014, the Ninth Circuit held28 that credit bureaus seeking to provide legitimate credit and financial education services to consumers qualified as credit repair organizations under the CROA. The Report observes that this decision combined with the strong remedies under the CROA has deterred credit bureaus from providing valuable credit education and 19 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech counseling services and therefore recommends that Congress amend the CROA to exclude credit bureaus from coverage. Whether Congress will enact legislation to authorize information security supervision over credit bureaus and/or exempt credit bureaus from CROA coverage remains to be seen, but it is unlikely that either measure would face serious opposition. Payments The Report makes three recommendations regarding payments. First, the Bureau should provide more flexibility for Electronic Fund Transfers Act (“EFTA”)/Regulation E disclosures related to remittance transfers and raise the threshold for a de minimis exemption (currently 100 transaction per year). Second, the Federal Reserve should move quickly to facilitate faster retail payments, such as through the development of real time settlement service, that would allow for more efficient and universal access to innovative payment capabilities. Finally, the Federal Reserve and Secure Payment Task Force continue their work regarding payment security, including next steps and actionable deadlines and ensuring that security solutions do not include specific technical mandates. REMITTANCE TRANSFER RULE REFORM The Report says that Section 1073 of the DoddFrank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) created a “particular regulatory inefficiency” for international remittance transfers. Section 1073 of the Dodd-Frank Act amended the EFTA29 by adding a new Section 919.30 Section 919 requires remittance transfer service providers (“RTSPs”) to give various disclosures to consumers at different points in the remittance transfer process and provides a right to cancel a remittance transfer within a 30-minute window (subject to some exceptions). The Bureau adopted the “Remittance Transfer Rule,” or the “RTR” as directed by Section 919. Both Section 919 and the RTR define “remittance transfer” broadly. The term generally includes any electronic transfer of funds from a US-based consumer to a person in a foreign country, regardless of the method used for the transfer or the type of institution effecting the transfer. According to the Report, compliance with the RTR has been made challenging because the disclosure requirements are inflexible (e.g., the paper disclosures requirement). The Report recommends that the Bureau provide for more flexible disclosures, but does not give any specific recommendations, other than for the Bureau to raise the threshold for a de minimis exemption (currently 100 transactions per year). The Report is correct that compliance with the RTR has been difficult for many companies. The RTR imposes prescriptive and precise rules for the timing, content and format of disclosures. These rules were developed with traditional remittance transfers in mind (e.g., simple fund transfers via casas de cambio or hawala systems). Thus, the requirements are tailored to that type of transaction. However, the definition of “remittance transfer” is broader. It may, for example, include bank transfers initiated from an account to a foreign payee and P2P transfers where the recipient is outside the United States. It may even include some payments to foreign merchants (although most transactions initiated through a card network are excluded). Applying rigid rules designed for a traditional remittance transfer to these other kinds of transfers can be challenging at best. Sometimes, it can be impossible, or result in disclosures that are confusing to consumers. It is not clear, however, how much the Bureau can do to solve this problem without congressional action. Many of the most problematic aspects of the disclosure regime are dictated by Section 919. The corresponding provisions of the RTR often largely track the language of the statute. Much of the “new” content in the RTR either fills gaps or interprets provisions in the statute. While there are a number of changes to the RTR that the Bureau could make that are 20 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech consistent with the statute, comprehensive reform of the remittance transfer disclosure regime may require statutory amendments. PAYMENTS INNOVATION The Report discusses various innovations in payment systems that the industry has recently adopted or that are in development, including P2P systems and digital wallets (FC, cloud-based, QR code, and so forth) and realtime clearing and payments. With respect to innovative payment solutions (e.g., P2P systems and digital wallets), the Report says that a wait-and-see approach is the best course. These systems are still in their nascent stages and there is intense competition. For faster payments, the Report recommends that the Federal Reserve act quickly to support these efforts. The Report in particular notes that the Federal Reserve should take steps to ensure that smaller institutions, such as community banks and credit unions, have access to these systems. The Report correctly notes that too much regulation, too soon, risks distorting fastevolving and innovative payments technologies. However, the Report misses the fact that these innovations often get caught up by existing regulations because some legacy rules are tailored to archaic systems and technologies. Freeing the payments industry from innovation-stifling regulation requires some action by both legislators and regulators. PAYMENTS SECURITY The Report recommends that the Federal Reserve continue to push for work product from the members of the Secure Payments Task Force (which disbanded in March 2018) with respect to security priorities applicable to mobile payments. It also recommends that the Federal Reserve stop studying the issue of payment security priorities and releasing reports with recommendations on principles— and to start taking concrete steps to implement those principles-based recommendations. Rationalizing the Regulatory Framework for Financial Planning As detailed in the Report, because financial planning is not itself a federally regulated activity, persons engaged in the business of financial planning are subject to a patchwork of regulation that may depend on other business activities of the provider (e.g., as an investment adviser under state or federal law, as a bank, or as a lawyer or accountant) and where the provider is located, based on local state law. In order to rationalize the fragmented regulatory framework, Treasury recommends that, rather than create a new centralized regulator, an appropriate existing regulator of financial planners (federal or state) would be tasked as the primary regulator with oversight responsibilities. For example, to the extent a financial planner was providing investment advice, the Securities and Exchange Commission or a state securities regulator would become the primary regulator. While the various state and federal regulatory agencies could presumably all voluntarily agree to abide by the deference suggested by Treasury, it seems inevitable for some “turf wars” to arise, which may necessitate additional legislation to grant authority to any such primary regulator to adopt regulations targeted to activities of financial planners. Enabling the Policy Environment Agile and Effective Regulation for a 21st Century Economy REGULATORY SANDBOXES Innovators frequently cite the number of financial regulators and the complexity of their regulatory and administrative regimes as unreasonably burdensome on innovation. To address these concerns, the Report recommends that federal and state financial regulators establish a “regulatory sandbox”31 to address innovative products, services, and 21 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech processes, or in the absence of such collaboration, that Congress take such action. While such a unified solution is ambitious, agencies such as the Bureau and Commodity Futures Trading Commission and states like Arizona have already announced an openness to creating regulatory sandboxes.32 Accordingly, we are cautiously optimistic that some form of regulatory sandbox will be created, particularly if Treasury provides diligent attention and coordination resources to the initiative. AGILE REGULATION AND PROCUREMENT Treasury determined that innovators and financial regulators have difficulty working together because federal appropriation and acquisitions requirements limit the speed and flexibility of agencies wishing to implement new technology. Some nonfinancial agencies, such as the US Department of Defense and NASA, have specialized “other transaction authority” that allows them to develop agreements that do not need to comply with government standards. Treasury believes that if this authority were granted to the financial regulators, they would be able to expeditiously engage with the private sector to better understand and apply new and innovative technologies. While the likelihood for adoption of this recommendation is low in light of congressional gridlock, we expect that some regulators will seek out creative solutions to achieve the same aims within the constraints of their existing statutory authority. REGTECH Regtech generally refers to fintechs that focus on providing innovative products and services to assist regulated financial services companies in meeting compliance requirements. Regtech has grown significantly in recent years, but remains constrained by legacy rules that are difficult to translate for automated solutions. The Report recommends that regulators tailor regulations to address regtech initiatives and partner with market participants in such efforts. While the types of change needed to implement these recommendations will require numerous rulemakings over an extended horizon, we expect that Treasury’s recommendations will be welcomed by the regtech industry as a touchstone for urging regulators to write and rewrite regulations with an eye toward providing the clarity and precision required for regtech solutions. ENGAGEMENT Financial services companies and fintechs remain wary of engaging with regulators because of enforcement risks and bureaucratic delays. To reduce this friction in innovation, the Report broadly recommends that regulators assess current regulations, reach out to the industry and establish clear points of contact for industry and consumers. We expect that efforts to break down such barriers will increase under the current administration. EDUCATION The Report does not make specific recommendations with respect to education, but encourages universities and regulators to explore ways to bridge the knowledge gap between regulators and educational organizations. This initiative seems unlikely in the current deregulatory environment, again with constrained regulatory budgets. CRITICAL INFRASTRUCTURE The Report addresses threats to critical infrastructure by encouraging regulators and the private sector to shift their collective focus from threat identification to vulnerability identification and remediation. Specifically, the Report emphasizes the need to focus on cybersecurity and consider establishing a technology working group to better understand current developments. The Report also encourages regulators to collaborate with the financial services industry to identify, properly protect, and remediate vulnerabilities. This is an area where the private sector is already rapidly advancing, and we expect to see further developments as 22 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech regulators gain greater experience with cyber risk management. International Approaches and Considerations The final section of the Report offers a sneak peek into how non-US nations are thinking about fintech products and how US regulators will work with foreign regulators. The section is a grab bag of non-US and international examples of technological innovation, efforts to foster such innovation, and progressive, forward-looking and cooperative international studies and regulation of such innovation. This discussion is offset with counterexamples of efforts to curb the perceived excesses of emerging technologies, including data privacy efforts in Europe and protectionist national laws and policies. In addition to the United States, several countries are pursuing policies to foster innovation and growth in financial technologies (e.g., India, China, Hong Kong). Central banks across the globe are considering how to use Distributed Ledger Technology (“DLT”)—blockchain being the most wellknown form of DLT — to support commodities trading and securities settlement, among a raft of other financial products and services. Although new and emerging financial technologies have been embraced in many jurisdictions worldwide, they have also raised concerns with respect to privacy of personal and financial data. Some international data protections include requiring that data be stored and processed locally, putting caps on foreign ownership, forcing the formation of JVs, and enforcing discriminatory licensing requirements. Although Treasury politely refrains from naming names, China and its booming domestic fintech market is among those that remain relatively closed to US firms. The Report expresses a healthy skepticism about these restrictive measures, characterizing them as potentially damaging to cross-border regulatory cooperation and unnecessary barriers to trade. The Report details US engagement with international counterparts in a variety of forums focused on financial innovation. The United States participates in myriad international cooperation efforts including the G20, FSB, and IMF, to identify and mitigate the risks of new financial technologies with an eye toward US growth. The Report recommends that Treasury engage with international organizations and the private sector to advance US interests and domestic regulatory priorities. The Report notes that it is premature to develop international regulatory standards addressing fintech technologies. That said, there may be benefits in the future to the United States having a seat at the table in such discussions. Conclusion The succinct presentation and coherent organization of a long list of important public policy recommendations for reform of the financial system probably is the most important benefit of the Report. Like the proverbial “wish tree,” the Report is filled with wishes and offerings to help chop away legal and regulatory barriers to facilitate emerging technologies and new ways of conducting a financial business. It will not be easy to convert the recommendations into a comprehensive legal framework. But you have to start somewhere. For more information about the topics raised in this Legal Update, please contact any of the following lawyers. Costas “Gus” Avrakotos +1 202 263 3219 email@example.com David L. Beam +1 202 263 3375 firstname.lastname@example.org 23 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech Matthew Bisanz +1 202 263 3434 email@example.com Emily J. Booth-Dornfeld +1 202 263 3296 firstname.lastname@example.org Melanie Brody +1 202 263 3304 email@example.com Kathryn E. Civitello +1 202 263 3000 firstname.lastname@example.org Krista Cooley +1 202 263 3315 email@example.com Thomas J. Delaney +1 202 263 3216 firstname.lastname@example.org Francis Doorley +1 202 263 3409 email@example.com Anjali Garg +1 202 263 3419 firstname.lastname@example.org Jonathan D. Jaffe +1 650 331 2085 email@example.com Adam D. Kanter +1 202 263 3164 firstname.lastname@example.org Peter S. Kim +1 202 263 3422 email@example.com Kristie D. Kully +1 202 263 3288 firstname.lastname@example.org Alex C. Lakatos +1 202 263 3312 email@example.com Eric T. Mitzenmacher +1 202 263 3317 firstname.lastname@example.org Laurence E. Platt +1 202 263 3407 email@example.com Lauren B. Pryor +1 202 263 3205 firstname.lastname@example.org Brad A. Resnikoff +1 202 263 3110 email@example.com Stephanie C. Robinson +1 202 263 3353 firstname.lastname@example.org Phillip L. Schulman +1 202 263 3021 email@example.com Tori K. Shinohara +1 202 263 3318 firstname.lastname@example.org Christopher G. Smith +1 202 263 3421 email@example.com Jeffrey P. Taft +1 202 263 3293 firstname.lastname@example.org Joy Tsai +1 202 263 3037 email@example.com Donald S. Waack +1 202 263 3165 firstname.lastname@example.org Keisha L. Whitehall Wolfe +1 202 263 3013 email@example.com James K. Williams +1 202 263 3891 firstname.lastname@example.org Endnotes 1 US Department of the Treasury, A Financial System that Creates Economic Opportunities: Banks and Credit Unions (June 2017); US Department of the Treasury, A Financial System that Creates Economic Opportunities 24 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech Capital Markets (October 2017); US Department of the Treasury, A Financial System that Creates Economic Opportunities Asset Management and Insurance (October 2017). 2 Historically, the industry has argued that the definition of “autodialer” under the TCPA was too broad because it includes equipment that merely has the capacity to make an autodialed call, rather than being limited to equipment that actually is used by an autodialer. 3 https://transition.fcc.gov/Daily_Releases/Daily_ Business/2018/db0301/DOC-349522A1.pdf 4 Collecting Consumer Debts: The Challenges of Change: A Federal Trade Commission Workshop Report, https://www.ftc.gov/reports/collecting-consumer-debtschallenges-change-federal-trade-commission-workshopreport. 5 “Application Programming Interfaces” mean a program that links the aggregator’s or fintech’s systems to the financial services provider’s systems, and uses predefined communication and data exchange protocols to transfer information. 6 See CSBS Press Release, “CSBS Responds to Treasury, OCC Fintech Announcements,” https://www.csbs.org/csbs-responds-treasury-occfintech-announcements, viewed August 28, 2018. 7 Barnett Bank v. Nelson, 517 U.S. 25, 33-34 (1996). 8 12 C.F.R. §§ 7.4007(b), 7.4008(d). 9 The OCC has authority to define what activities are part of the business of banking or incidental to the business of banking. 12 U.S.C. § 24 (Seventh). 10 12 U.S.C. §§ 1841 et seq. 11 12 U.S.C. §§ 2901 et seq. 12 This recommendation reflects the approach already taken in H.R. 4439, the “Modernizing Credit Opportunities Act,” which is currently under consideration by the House Financial Services Committee, but which is currently stalled in committee as it is opposed by, among other relevant entities, the CSBS. Modernizing Credit Opportunities Act, H.R. 4439 (115th Cong., 2017-2018) available at https://www.congress.gov/bill/115th-congress/housebill/4439/text. “CSBS Opposes "True Lender" Bill (H.R. 4439),” Conference of State Bank Supervisors, https://www.csbs.org/csbs-opposes-true-lender-bill-hr4439 (May 18, 2018). 13 786 F.3d 246 (2d Cir. 2015). 14 As with the “true lender” issue, this recommendation reflects the approach already taken in an existing bill, H.R. 3299. That legislation has made more progress than the “true lender” bill, in that it has passed out of the House and is under consideration by the Senate, though it still faces an uphill battle if it is to be enacted. 15 https://www.mayerbrown.com/Thank-You-Sir-May-IHave-Another-Five-Fixes-to-Avoid-Unfounded-DOJClaims-under-the-False-Claims-Act-09-05-2017/. 16 View our previous coverage of the Bureau’s 2016 debt collection proposal here: https://www.mayerbrown.com/A-Debt-CollectionOverhaul-Is-Upon-Us-CFPBs-Proposals-Offer-a-Signof-Whats-to-Come-08-05-2016/. 17 The maximum guaranty fee is set at 6 basis points by 12 U.S.C. § 1721(g)(3)(A). 18 The federal student loan portfolio is composed of almost $1.4 trillion in outstanding student loans. Report, at 122. 19 See e.g., https://files.consumerfinance.gov/f/201409_cfpb_compl aint_corinthian.pdf. 20https://files.consumerfinance.gov/f/201509_cfpb_treasu ry_education-joint-statement-of-principles-on-studentloan-servicing.pdf. 21 Federal Preemption and State Regulation of the Department of Education’s Federal Student Loan Programs and Federal Student Loan Servicers, 83 Fed. Reg. 10,619 (Mar. 12, 2018). 22 Report at 97. Mayer Brown summarizes the rule in its Consumer Financial Services Review, https://www.cfsreview.com/2017/10/cfpbs-final-paydaylending-rule-the-long-and-short-of-it/#more-2433. 23 https://www.consumerfinance.gov/aboutus/newsroom/bureau-consumer-financial-protectionannounces-director-office-innovation/. According to the Bureau, the Office of Innovation will focus on creating policies to facilitate innovation, engaging with entrepreneurs and regulators, and reviewing outdated or unnecessary regulations. The Bureau’s Project Catalyst, an initiative under which the Bureau issued its first noaction letter regarding the use of alternative data in credit underwriting, will transition to this new office. https://www.consumerfinance.gov/aboutus/newsroom/cfpb-announces-first-no-action-letterupstart-network/. 24 https://www.occ.treas.gov/news-issuances/newsreleases/2018/nr-occ-2018-74.html. 25 https://www.consumerfinance.gov/aboutus/newsroom/bcfp-collaborates-regulators-aroundworld-create-global-financial-innovation-network/. 26 Arizona Rev. Stat. Title 41, ch. 55. 27 In response to this breach, the NYDFS has imposed additional cybersecurity and registration obligations on certain credit bureaus. 28 Stout v. FreeScore, LLC, 743 F.3d 680 (9th Cir. 2014). 29 15 U.S.C. §§ 1693 et seq. 30 Id. § 1693o-1. 31 A “regulatory sandbox” allows an innovator to test a new idea in a limited setting without having to definitively resolve or comply with all conceivable regulatory requirements. 32 Neil Haggerty, CFPB Looking to Hop On Fintech Sandbox Bandwagon, Am. Banker (May 29, 2018); Ariz. Att’y Gen., Arizona Becomes First State in U.S. to Offer Fintech Regulatory Sandbox (Mar. 22, 2018). 25 Mayer Brown | If Only: US Treasury Department Report Creates a Wish Tree of Financial Reform for Fintech Mayer Brown is a distinctively global law firm, uniquely positioned to advise the world’s leading companies and financial institutions on their most complex deals and disputes. With extensive reach across four continents, we are the only integrated law firm in the world with approximately 200 lawyers in each of the world’s three largest financial centers—New York, London and Hong Kong—the backbone of the global economy. We have deep experience in high-stakes litigation and complex transactions across industry sectors, including our signature strength, the global financial services industry. Our diverse teams of lawyers are recognized by our clients as strategic partners with deep commercial instincts and a commitment to creatively anticipating their needs and delivering excellence in everything we do. Our “one-firm” culture—seamless and integrated across all practices and regions—ensures that our clients receive the best of our knowledge and experience. Please visit www.mayerbrown.com for comprehensive contact information for all Mayer Brown offices. Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) (collectively the “Mayer Brown Practices”) and non-legal service providers, which provide consultancy services (the “Mayer Brown Consultancies”). The Mayer Brown Practices and Mayer Brown Consultancies are established in various jurisdictions and may be a legal person or a partnership. Details of the individual Mayer Brown Practices and Mayer Brown Consultancies can be found in the Legal Notices section of our website. “Mayer Brown” and the Mayer Brown logo are the trademarks of Mayer Brown. © 2018 Mayer Brown. All rights reserved. Attorney Advertising. Prior results do not guarantee a similar outcome.