Law360, New York

The past few years have been boom times for financial technology (fintech), with investments in fintech companies rising from $1.8 billion in 2010 to $19 billion in 2015 according to one study.1 Will recent regulatory interventions in fintech change this trend?

Innovations by nonbanks in mobile payments, peer-to-peer lending and market infrastructure are putting pressure on banks and other regulated financial institutions to develop similar capabilities. The industry is concerned that excessive barriers to innovation risk depriving consumers of valuable financial services or pushing financial activity into unregulated corners of the market, and regulators are increasingly weighing how to strike that balance.

Federal financial regulators have recently released a number of policies and proposals that touch on the fintech sector. These proposals include the Office of the Comptroller of the Currency’s white paper on supporting reasonable financial innovation, the Federal Deposit Insurance Corporation’s guidance on deposit insurance applications and article on marketplace lending, the Consumer Financial Protection Bureau’s no-action letter policy, and the Federal Trade Commission’s forum on marketplace lending.

The securities and commodities regulators are also on the fintech beat, with the Commodities Futures Trading Commission taking steps last year to treat virtual currencies as commodities, and the U.S. Securities and Exchange Commission undertaking initiatives focused on balancing capital formation for fintech companies and consumer protection. In 2015 the U.S. Treasury Department sought public input on the online marketplace lending industry through a request for information, and globally, the international Basel Committee on Payments and Market Infrastructures and the World Bank Group published a joint report encouraging “financial inclusion,” that is, meeting the needs of the world’s unbanked. More fintech guidance is on the horizon.2

Together, these proposals suggest that regulators are approaching fintech regulation through the lens of the existing functional regulatory structure: each regulator is addressing fintech as it relates to the institutions and activities it regulates without close coordination with other regulators, even as to supervision of the same technology. Compounding the regulatory challenge, fintech business models and the traditional bank regulatory framework overlap and interact in ways that are novel or unclear, and early indications are that regulators will assert examination and enforcement authority where possible. 

Banks, venture funds, fintech companies and their representative associations should engage with regulators as the regulators grapple with how to adapt. Those developing business strategies should also be mindful of the risks of closer regulation, looking forward to a time when regulators exert more influence over which fintech companies succeed. 

OCC’s Innovation White Paper

Comptroller of the Currency Thomas J. Curry has repeatedly stated that innovation “has been a hallmark of the U.S. banking system since it was created in 1863 at the behest of President Lincoln.”3 Curry has also said, however, that some innovations, like “subprime mortgages and financially engineered securitizations ... [,] had disastrous consequences for individuals, communities and our economy.”4 The OCC’s recently released white paper presents a vision for a framework that attempts to balance the rewards and risks of innovation, what it calls “responsible innovation.” The OCC defines responsible innovation as:

The use of new or improved financial products, services and processes to meet the evolving needs of consumers, businesses, and communities in a manner that is consistent with sound risk management and is aligned with the bank’s overall business strategy.

The OCC’s proposed framework follows other efforts, such as the Financial Conduct Authority’s (FCA) Project Innovate, launched in October 2014 to promote financial innovation (the FCA is one of the financial regulators in the U.K.). The framework is directed at the OCC as much as industry: the white paper says the OCC is trying to change its perception as having a “low-risk tolerance for innovative products” and is reforming itself “to improve its process for understanding and evaluating innovative financial products, services and processes.”

The white paper solicits comments on the OCC’s approach to financial innovation and describes eight principles it will use to guide the development of its framework:

  • Support reasonable innovation: The OCC solicits feedback on how it can improve its internal processes for evaluating financial innovations. One proposal is to create a centralized office on innovation, another, to assign innovation evaluation to an existing OCC unit. The OCC is also considering permitting banks to test innovations on a small scale before committing significant bank resources, but it does not plan to provide any safe harbor from compliance requirements in these tests.
  • Foster an internal culture receptive to responsible innovation: The white paper cites a “common perception” that the OCC has a “low-risk tolerance” for innovation. The OCC says it is working to change that by forming internal groups on payment systems and marketplace lending, and by augmenting existing training to reinforce the agency’s receptiveness to innovation.
  • Leverage agency expertise and experience: The OCC intends to rely heavily on existing resources to implement its innovation framework, but is also considering designating “lead experts” on innovation and regularly evaluating whether it is devoting appropriate resources to supervise innovation.
  • Encourage responsible innovation that provides fair access to financial services and fair treatment of consumers: The OCC intends to encourage innovations that provide fair access to financial services by issuing guidance on its expectations related to services for low- to moderate-income individuals and communities and by clarifying which activities could qualify for Community Reinvestment Act credit.
  • Further safe and sound operations through effective risk management: The OCC will consider how banks identify and address risks resulting from emerging technologies. The OCC will also continue to improve its ability to understand and monitor risks emerging from innovation, perhaps by leveraging the work of the National Risk Committee.
  • Encourage banks of all sizes to integrate responsible innovation into their strategic planning: The OCC reminds banks that traditional strategic planning criteria apply to innovation (i.e. the inclusion of realistic financial projections, consistency with the bank’s corporate governance, business plan and risk appetite, consideration of all applicable risks, etc.).
  • Promote ongoing dialogue through formal outreach: The OCC intends to host forums, workshops and “innovator fairs” to discuss regulatory requirements and supervisory expectations with respect to financial innovation. The OCC also intends to provide innovation resources on its website.
  • Collaborate with other regulators: The white paper says bilateral memoranda of understanding between the banking regulators foster interagency collaboration. It also says that collaboration could be bolstered by providing other agencies with advance notice of innovation activities and by using best efforts to avoid inconsistent guidance from different agencies.

The white paper closes by posing nine questions and by soliciting feedback “on all aspects of this paper.” Comments are due May 31, 2016, and the OCC will host a forum on innovation on June 23, 2016, at its D.C. headquarters. During the event, the agency will discuss comments received on the white paper and lead discussions regarding financial services innovation.

The OCC’s position on support for innovation was incorporated into their recently released enterprise risk appetite statement (“Where consistent with the OCC mission and vision, the agency supports responsible innovation that allows supervised institutions to remain competitive in a dynamic industry”), and the OCC’s revised civil money penalty policy contains material revisions that could impact fintech companies that are bank service providers. For more information, see WilmerHale’s Client Alert, OCC Revises CMP Policy.

FDIC Guidance on Deposit Insurance Applications

While many finTech companies partner with a national bank regulated by the OCC, or with a state-chartered depository institution, some fintech companies want to become banks themselves in order to directly offer banking services. Such a strategy generally involves applying for a banking license or purchasing an existing bank. But starting a new bank has proven difficult as of late — from 1990 to 2008, more than 2,000 new banks were formed, compared with only seven new banks formed between 2009 and 2013.5 Purchasing a bank can be no less difficult, often requiring coordination with multiple federal and state regulators on approval status. These regulatory hurdles are one major reason fintech companies have opted to partner with existing banks.

But this trend might be changing. fintech companies interested in starting a new bank or acquiring a banking charter should review recent guidance released by the FDIC on business plans submitted as part of the application for deposit insurance. The FDIC requires a thorough, well-developed business plan that is “tailored to the institution’s size, complexity and risk profile” and that “present[s] a sustainable franchise.” Weaknesses in previous business plans have included, according to the guidance, “strategies that are lacking, overly broad or undefined”, “weak underlying analyses or inadequate/unsupported assumptions,” and “the lack of adequate execution strategies.” In a speech accompanying the release of the guidance, FDIC Chairman Martin J. Gruenberg announced a reversion from seven years to three years of the period of heightened supervisory monitoring for de novo institutions.6 Together, these developments could signal relaxation of the FDIC’s stance on de novo institutions.

FDIC Marketplace Lending

One of the most active corners of the fintech sector has been so-called “marketplace” lending, a small but growing alternative to traditional bank lending. While many marketplace lenders are nonbanks, some banks have entered the market, either as investors in loans originated by nonbanks or as loan originators themselves. If a bank participates as an investor, it is exposed to the credit risk of the underlying loan. If a bank participates as a loan originator, significant thirdparty and compliance risk management issues may arise.

As the primary or secondary regulator of many banks entering marketplace lending, the FDIC recently published an article on risk management of marketplace lending activities in its Winter 2015 supervisory insights. The article provides an overview of marketplace lending, elaborates on the risks of marketplace lending (e.g., third-party risk, compliance risk, transaction risk, servicing risk, and liquidity risk), and provides a supervisory perspective. According to the article, prior to engaging in marketplace lending, a bank “should ensure the proposed activities are consistent with the institution’s overall business strategy and risk tolerances.”7 The FDIC also said that its examiners will assess the management of marketplace lending risks and, address findings and recommendations in the report of examination, and, if necessary pursue formal or informal enforcement actions. The FDIC’s perspective is consistent with its role as a prudential regulator, focused on the safety and soundness of the institutions it regulates and the risks to regulated institutions posed by the development of marketplace lending.

The CFPB’s No-Action Letter Policy

The CFPB aims to make consumer financial markets work for consumers and responsible providers, and support for innovation has been a bureau strategic priority from its earliest days.8 In 2012, the bureau launched “Project Catalyst,” an initiative designed to encourage consumer-friendly innovation and entrepreneurship in markets for consumer financial products. Then, in October 2014 , the bureau proposed a no-action letter policy, finalized earlier this year. Under the final policy, bureau staff is permitted to issue no-action letters to applicants with proposals for innovative financial products that promise substantial consumer benefits, but that might face substantial regulatory compliance uncertainties.

It does not appear as if this new policy will have the same impact it has in the SEC context, as the number of carve-outs and limitations reduce its usefulness. The policy states that no-action letters “will not be routinely available” and that noaction letters “will be provided rarely and on the basis of exceptional circumstances and a thorough and persuasive demonstration of the appropriateness of such treatment.” Additionally, the letters are not binding on the bureau, are subject to modification or revocation at any time, and may be conditioned on certain undertakings by the applicant. Moreover, a no-action letter from the bureau is not binding on other federal or state regulators.

A no-action letter request should explain how the product is likely to provide substantial consumer benefits and should show why a no-action letter is necessary. If confidential treatment is requested, that request should be made and explained in a separate letter attached to the no-action letter. When issued, no-action letters will generally be public and state, like SEC no-action letters, that staff has no intention to recommend enforcement or supervisory action against the applicant with respect to the proposals. Responses to a request are at the sole discretion of the staff.

Staff may (1) grant the request; (2) deny the request; (3) decline to grant or deny the request, with or without explanation. The policy provides a list of circumstances where response type three may be the appropriate response:

  • The applicant is the subject of ongoing governmental law enforcement investigation, supervisory review or enforcement action respecting the product or a related or similar product.
  • The request concerns an area in which the bureau is engaged in ongoing or anticipated rulemaking, supervisory, enforcement or other initiatives.
  • The request concerns matter that the staff considers to be inappropriate for no-action treatment.
  • The staff has decided not to invest the bureau resources that appear likely to be necessary to address the request adequately.

When evaluating a no-action letter request, bureau staff will, according to the policy, take into account a number of factors, including whether the product’s structure and disclosures are clear and complete, whether the asserted benefits are available from other products, and whether the request could be better addressed through a rulemaking or other bureau action.

FTC Marketplace Lending Forum

Along with the prudential banking regulators and the CFPB, the FTC has long served an important consumer protection role in regulating the national economy. While many fintech companies will find that the OCC, FDIC and CFPB will become their primary regulator, the FTC is likely to fill gaps in the federal regulatory scheme or, in some circumstances, exercise shared jurisdiction over fintech companies, much as it has done historically by leveraging its UDAP authority to protect consumers.

If there was any doubt the FTC would continue this trend with the fintech sector, in June, the FTC will begin a series of events on consumer protection across different areas of emerging financial technology, with the first event dedicated to marketplace lending.9 The half-day forum will bring together marketplace lending industry participants, consumer groups, researchers and government representatives to examine the various models used by companies in this area, the potential benefits to consumers, and possible consumer protection concerns. In addition, the forum will look at how existing consumer protection laws might apply to companies participating in the marketplace lending space. The forum will be held at the FTC’s offices in Washington, D.C., on June 9.

The forum series is among the first steps the FTC has taken to focus on consumer protection risks in the fintech industry. It remains to be seen whether and how the FTC will deploy its powerful law enforcement tools against emerging financial technology companies, but given the FTC’s broader jurisdiction, this initiative could impact numerous companies not regulated by the CFPB or the banking regulators.


Not to be left out, the SEC is also exploring issues within its jurisdiction raised by the growth in fintech. Two high-profile initiatives in this area are the SEC’s crowdfunding regulations and the revisions to Regulation A.

The crowdfunding regulations were finalized in November 2015 and will become effective May 16, 2016. In contrast to an internet service like Kickstarter, which permits investors to invest funds in exchange for the promise of goods or services, “regulation crowdfunding” will permit the purchase and sale of debt and/or equity securities. Unlike certain other securities offering exemptions, such as Rule 506 of Regulation D, there are no restrictions under regulation crowdfunding on participation by unaccredited investors.

However, regulation crowdfunding includes a number of provisions intended to protect investors who engage in these transactions, including investment limits, required disclosures by issuers, and a requirement to use regulated intermediaries. Generally under regulation crowdfunding, an issuer may raise up to $1,000,000 in a 12-month period through crowdfunded offerings. An issuer engaging in a crowdfunded offering must complete and file the newly created Form C, which requires the public disclosure of certain business and financial information of the issuer, including financial statements prepared in accordance with U.S. Generally Accepted Accounting Principles. For more information, see WilmerHale’s Client Alert, New Crowdfunding Rules for Issuers: Opportunities or Landmines?

Regulation A amendments (sometimes called Regulation A+) became effective June 19, 2015. Regulation A+ creates two tiers of offerings that are exempt from registration under the Securities Act of 1933 — tier 1 and tier 2 — with different offering caps, disclosure requirements and ongoing reporting obligations, thus allowing issuers increased flexibility depending on their financing needs.

Several aspects of Regulation A, including the absence of preemption of state “blue sky” laws and a $5 million maximum offering size, historically limited the utility of the exemption. From 2009 to 2014, only 158 issuers filed offering statements (only 36 of which were qualified by the SEC) under current Regulation A. In contrast, Regulation A+ increases the maximum offering size to $50 million per 12-month period and preempts state securities law registration requirements for certain offerings. As an alternative to privately placed venture and other institutional capital, Regulation A+ offers a mechanism to raise capital publicly from both accredited and unaccredited investors while assuming relatively limited public disclosure and reporting obligations. For more information, see WilmerHale’s Client Alert, SEC Adopts Rules to Implement Regulation A+, Providing New Avenue for Capital Formation.

These issues and more were covered in a recent speech at Stanford University, where SEC Chairwoman Mary Jo White discussed balancing the promise of fintech and investor protections. White discussed that crowdfunding portals hold the promise of developing into a “vibrant market” for small equity stakes in new companies, but will be monitored “through rigorous inspections and examinations as well as close coordination with FINRA.” She also acknowledged the promise of blockchain, saying the technology has the potential “to modernize, simplify or even replace, current trading and clearing and settlement operations,” and that the SEC is exploring “how to best regulate these new innovations.” White also addressed robo-advisors, which offer discretionary asset management services based on algorithms, offer relatively lowcost investment advice, and are examined by staff from the SEC’s national exam program. Marketplace lending, White said, is also something that the SEC is closely monitoring “through the lens of the federal securities laws."


Not since the late 1990’s has the pace of technological change in the financial sector been so brisk. Now, as in the dot-com boom, regulators are rushing to adapt. It remains to be seen whether regulation can keep pace with change, and whether regulators will succeed in striking a productive balance between innovation on the one hand and consumer protection, investor protection, and institutional safety and soundness on the other. In the best version of events, prudently