The successful growth of fintech within a region depends on myriad factors, but an unquestionably material one is the regulatory environment. Regulatory regimes that foster innovation and exercise oversight in a purposeful, but fair and reasonably transparent fashion, tend to attract fintech industry participants.
Balancing these goals, however, is hard, and regulators in the US are understandably approaching the task of doing so cautiously. Here, Ben Saul, Matthew Bornfreund and Josh Garcia of White & Case LLP discuss some UK regulatory efforts to encourage bank and fintech company innovation that have seen initial success in the UK and could translate well to the US system.
Disruptive innovation has come to banking, and regulators in the US, UK and globally are balancing the needs to promote innovation and maintain safety and soundness. As the focus on innovation intensifies, companies developing and selling financial technology ('fintech') products and services are being funded at record levels. Although bank views towards fintech companies are evolving and exist across a spectrum, initial caution and concern about the sector appear to be waning as fintech-focused strategic partnerships and investments by banks increase. Numerous incubators and innovation labs, many bank-backed, nurture fintech startups. Meanwhile, cities around the globe seek to position themselves at the epicentre of the burgeoning fintech sector.
As the fintech story unfolds, regulators in the US seek to determine how best to oversee the sector. In March 2016, the Office of the Comptroller of the Currency ('OCC'), the US banking regulator that supervises national banks (as opposed to state banks), published a white paper on responsible innovation ('White Paper') in an effort to position itself at the fintech regulatory vanguard in the US. The OCC's efforts, however, followed those of the relatively newly created Consumer Financial Protection Bureau ('CFPB'), a separate US regulator with a comparatively narrow mandate to ensure consumer financial protection. Specifically, in November 2012, the CFPB created Project Catalyst, an ongoing effort to create policies designed to encourage consumer-friendly innovation.
Translating the success of UK fintech measures to the US
The most notable of these, the agency's No-Action Letters ('NAL') policy (announced in October 2014 and finalised in February 2016) is intended to provide innovators with a qualified mechanism to apply for (and if appropriate receive) a letter from the CFPB indicating that the agency will not take any supervisory or enforcement action in connection with a newly developed, innovative, consumer-facing product. Also, members of Congress have introduced legislation intended (among other things) to promote the fintech industry's growth.
Given the somewhat fractured structure of the US financial services regulatory system, a fully coordinated oversight approach in the US may prove elusive. However, in the fintech-related actions of UK regulators, which have developed a relatively coordinated initial approach to their fintech sector oversight, US regulators have a useful blueprint to aid them. For example, the UK's Financial Conduct Authority ('FCA'), Prudential Regulation Authority ('PRA'), and HM Treasury, have acted in relative concert to develop a series of well-received advancements in government-industry collaboration. Such initiatives include: Project Innovate, the resulting Innovation Hub, new licensing for challenger banks, lighter registration regimes for payment services and e-money industries, and support for open APIs in banking.
The UK, similar to the OCC in its White Paper, has expressed a desire to promote innovation and competition in a manner that takes into account the associated risks. Likewise, both US and UK regulators are well attuned to the specific risks advanced technologies pose. The UK Government Chief Scientific Adviser, for example, has identified possible "dystopian scenarios" that could be wrought by advancements in fintech: "increased financial exclusion and exploitation of large numbers of people, new opportunities for financial crime, and destablisation of existing mechanisms that provide monetary policy and stability."
Banking regulators in the UK are likely to be particularly focused on stability over the next few years as they struggle to identify, track, and resolve issues stemming from Brexit, the result of the referendum in which the UK voted to leave the EU. Brexit clearly adds substantial uncertainty to the banking system and fintech sector. Indeed, a Brexit may (or may not) create several adverse market conditions for the fintech sector in the UK that could override the benefits of the fintech-related regulatory system now in place. However, the UK's prior work to develop a robust fintech framework surely leaves it - from a purely bank regulatory perspective - better positioned to navigate the current uncertainty vis-à-vis fintech.
US agencies remain quite cautious, having witnessed a prior generation of financial product innovations lead to the 2008 financial crisis. Although today's fintech innovation is different in kind from the innovation that propelled the US mortgage and consumer credit markets, US regulators appear to need more time and encouragement before they can become comfortable incorporating active, public promotion of fintech innovation into their oversight framework. In this regard, much like the EU's adoption of bail-in provisions having learned lessons from US actions during the credit crisis, the US has an opportunity to draw on the UK's fintech framework for guidance in implementing a coordinated approach to promoting responsible fintech innovation. Below are certain aspects of the UK approach that US regulators might consider adapting for incorporation into future innovation proposals.
Limited purpose charters
When the OCC sought public input on its White Paper, a frequent industry comment was the suggestion to create a new, limited purpose charter to resolve some of the difficulties fintech companies face when coming to market.
Unlike in the UK, the US bank regulatory regime is highly decentralised; not only are there multiple federal (or national) regulators, but also there are various regulators in every state. Within each state, there are typically separate chartering or licensing regimes for banking, money transmission, various types of lending, insurance, and even (as of late) digital currency. Therefore, a company conducting any of these activities nationwide potentially faces over 50 different regulators. In an effort to minimise exposure to the various licensing regimes and regulatory oversight in the US, fintech companies often partner with banks, which already have charters that authorise engaging in a range of financial activities. However, the appetite of US banks, particularly those with significant assets, for such partnerships (while increasing) remains, if not tepid, then insufficient to meet fintech-side demand.
A regulatory regime in the US that continues to promote bank de-risking is, in part, one reason many banks operating in the US continue to grapple with how to get comfortable with the risks associated with fintech partnerships. Indeed, whereas the UK has recently discouraged de-risking, US counterparts like the Federal Deposit Insurance Corporation ('FDIC'), the regulator that oversees deposit insurance for both state and national banks in the US, has indirectly contributed to de-risking through initiatives such as Operation Chokepoint. (A complicated series of events initiated by US prosecutors in an effort to block internet-based scams and frauds from accessing the payments system that ultimately caused banks to close the accounts of whole categories of customers the FDIC labeled 'high risk.') fintech companies also rely on partnerships with established financial institutions to provide their customers with access to payment systems. Even so-called 'mobile banks' such as Simple and Moven were not banks when they started; both required bank partnerships to onboard consumers. (Simple has since been purchased by BBVA.)
A limited purpose fintech charter could aid fintech startups in two ways. First, as chartered institutions, fintech companies could have direct access to the US payment system infrastructure. Second, bank charters granted by a federal agency are exempt from many state regulations under a US legal doctrine known as federal preemption. An OCC chartering option for fintechs would provide these startups with a true alternative to the expensive and time consuming process of state-by-state licensing.
Although there is support among both fintechs and (to a lesser extent) banks, they are at odds as to the policy rationale that should undergird a limited purpose fintech charter. Some believe that such a charter should only help fintechs to obtain direct access to payment systems. Others believe the charter should act as a true alternative to the state licensing regimes for both lending and payments. Still others believe such a charter should exist as a means to move financial innovators under the auspices of a federal regulator that could monitor the industry for safety and soundness.
The framing of the policy goals for a limited purpose charter will determine what such a charter would ultimately provide for (and require from) fintech companies. In June 2016, the OCC hosted a public forum on financial innovation where it heard directly from key players in the industry the reasoning for each policy position. However, the OCC gave no indication as to which policy goal it favoured or as to whether a limited fintech charter would be forthcoming at all.
What is clear is that any new charter option or relaxation of chartering of de novo banks would certainly attract an influx of applications from fintech startups seeking to be their own bank. The immense costs (both time and resources) of obtaining licences in all 50 states have been cited repeatedly as a major obstacle facing fintech startups. In addition, several digital currency companies and trade groups requested direct access to payment systems via a fintech charter in their comments to the OCC.
Among fintech companies operating in the UK, there is also desire for bank charters. After the FCA and PRA expressed willingness to charter new banks, they received a surge of applications from challenger banks. For perspective, before 2010, it had been almost 150 years since the UK approved a new banking licence; between 2010 and 2015, the UK granted eight licences; and now there are dozens of pending applications, with the government's stated goal of 15 new licences by 2020. It is difficult to say exactly how strong the demand for such a charter is in the US, but given the existing US regulatory structure, it seems safe to assume US demand would exceed demand to date in the UK.
A new chartering option supportive of fintechs would meet the OCC's stated goals of promoting innovation. In the UK, challenger banks have prompted long-standing banks to be more competitive and innovative in their offerings, and consumers as a whole have benefited. The US, with its robust banking system, should welcome such a dynamic and the innovation it begets.
The FCA has proposed a regulatory sandbox regime that would permit financial innovators to launch pre-screened trial versions of their products or services without fear of government enforcement. Should the experiment fail, consumers will be protected by either capital requirements or other arrangements to remedy consumer harm.
The OCC has suggested it would be interested in creating similar means for innovators to pilot new products or services. The CFPB's Project Catalyst, including its NAL policy, already represents a step towards encouraging innovation by reducing concern over unfavourable government responses. There are, however, important differences between the FCA's approach and the US approach with respect to NALs.
By giving individualised guidance, regulation waivers, and no enforcement action letters, the FCA sandbox provides a great measure of certainty to innovators that other UK regulators will not take action against a participating company. In contrast, the CFPB's NAL policy offers comparatively little certainty. As noted above, the CFPB, unlike the FCA, is not a full scope bank supervisor, and the NAL policy cannot waive regulations administered by the banking regulators. Further, the policy specifically warns fintechs to 'be aware that [CFPB] staff may consult with other governmental agencies that may have enforcement, supervisory or licensing authority over the applicant.' Instead of providing certainty, the policy unintentionally increases the potential for negative treatment from other financial regulators that are not beholden to the CFPB's positions. Moreover, CFPB NALs remain subject to revocation or amendment by the CFPB at any time and are non-binding on the CFPB. Thus, while the FCA has power to create a programme that fully protects innovators, the CFPB's NAL policy offers only qualified protection to innovators in the area within the agency's jurisdiction - consumer financial services.
The UK's sandbox model, however, does present some complications. For example, the FCA has only partial jurisdiction over certain industries, and (at least until Brexit is effective) it is limited by EU law in the sort of waivers it can provide to innovators. For example, in many situations, fintech companies in the UK must still obtain authorisation to do business, which is a major startup cost.
Like its UK counterpart, the OCC also has limited jurisdiction, but as the first US regulator promoting a comprehensive framework to support responsible innovation, it has two key advantages over the FCA. First, the OCC authority is not subordinate to any transnational banking laws, and its regulations supersede (preempt) any conflicting authority in the 50 states. Further, many states explicitly exempt nationally chartered banking institutions from state licensing regimes. If the OCC created a sandbox programme, it would be in a strong position to promote financial innovation.
Second, the OCC is a full scope regulator that grants banks a range of authorities from payments to money transmission to lending. Because it covers traditional banking activities, its scope is potentially broader than that of the FCA. An OCC-sanctioned regulatory sandbox for banks or their partners could reach across many different fintech sectors, from lending to digital currency to mobile banking.
The sandbox approach works in the UK because it provides innovators with a high-degree of regulatory certainty. For it to work in the US, the OCC (or another federal agency) would have to demonstrate to fintech companies that sandbox participants would be largely exempt from regulatory action while they pilot a new product or service. As it stands, the CFPB's NAL policy on its face falls short of this measure.
Open banking APIs
The UK, and in particular HM Treasury, has shown tremendous support for banks to adopt open data and open application program interfaces ('APIs') that will permit consumers to share their data securely with third parties. The OCC has the opportunity to spearhead such an initiative in the US as part of its drive to promote innovation.
Several business reasons exist for why banks should open up banking APIs. First, banks that open up their APIs and show a willingness to partner with fintech companies may see more consumers using services offered by such partners. Where a bank's agreement with a fintech company provides for fees that scale with volume, this user increase would have the effect of driving more revenue to the bank. Second, some banks may be receiving too many requests from APIs that engage in screen scraping, thus overburdening bank servers. A more open API will obviate the need for screen scraping and would lessen the burden. Finally, as the consumer experience becomes more important for banks, it makes business sense to provide open APIs that will permit their consumers to take advantage of innovative services.
UK officials have begun discussions with industry about collaborating on regulatory technology ('RegTech') that would make compliance easier. As data collection and reporting requirements in the EU and UK increase in scope and complexity, so does the pressure to implement cost-effective, automated compliance solutions. In its November 2015 call for input, the FCA acknowledges the increased reporting requirements following the financial crisis and looks to RegTech to help firms better manage the burden. The FCA asked for not only information about technologies being developed in the industry, but also suggestions on how the FCA should focus its own efforts or modify its rules and policies in order to promote RegTech developments.
Banks in the US have seen a similar increase in data collection and reporting requirements. Non-bank mortgage lenders are also facing new compliance burdens from the CFPB, which recently finalised Regulation C (concerning collection of data related to mortgage loans) and is expected to propose new data collection rules applicable to small businesses.
There is already a large and growing potential for RegTech in the US. For example, machine learning can reduce inefficiencies in the securities and derivatives markets, compliance software that uses artificial intelligence to monitor trading activity and learn patterns can detect illegal activity, derivative trading can be recorded using distributed ledger technology, allowing officials to monitor derivatives exposure by national banks directly, and mobile applications can allow bank managers to identify and report suspicious activity in real-time.
However, US regulators have not yet made a focused, public effort to engage industry on RegTech issues or otherwise publicly endorsed RegTech solutions as acceptable compliance mechanisms. Particularly in areas such as anti-money laundering compliance, where RegTech solutions are relatively robust, US regulators have been comparatively slow to accept new methods and technologies. As the need for RegTech increases in the US, it can look to the UK's example for how government and industry can collaborate to produce efficient outcomes.
The current US financial services regulatory regime has yet to lay a clear path towards fostering government-industry collaboration and promoting fintech innovation. The OCC and CFPB have begun to mark the outlines of such a pathway, but they and other US regulators can benefit from the UK's more advanced-stage efforts to promote innovation while managing systemic and compliance risks. Although cultural and jurisdictional differences exist between the two countries, the fundamentals of the UK approach should be easily exportable to the US and offers clear benefits to industry and government stakeholders.