For nonbank providers of consumer financial services, one of the most challenging parts of doing business is the need to comply with the laws of multiple states. Entities like money transmitters and consumer lenders typically must obtain licenses in the states in which they do business, and comply with an array of varying state laws. And for entities that are online or mobile in nature, the “states in which they do business” can mean all fifty states—plus the District of Columbia and U.S. territories. This has been the source of many operational challenges and frustrations for fintech companies and startups in recent years. Continue Reading OCC’s Fintech Charter Proposal: The End of State Licensing As We Know It? Comments Due April 14
Erin Fonté assists clients with a broad range of matters related to payments/payment systems, digital commerce, banking and financial services (including related legal and regulatory issues), technology/Internet products, privacy and data protection laws, and general corporate matters. Erin regularly advises financial institutions and alternative payment providers regarding mobile banking, mobile payments and mobile wallet products and services. She has been involved in the creation of new payment networks and has worked extensively on products, services and network operating rules related to emerging and mobile payment systems.
As financial services innovators and financial technology (“FinTech”) have expanded over the last several years, a point of industry consensus is that the U.S. regulatory landscape in particular is challenging to, and in some cases poses a barrier to, innovation and new competition within the FinTech arena. Critics of the U.S. regulatory regime point to a confusing web of multiple federal functional regulators and state money transmission regulators. The sheer number of potential laws, rules, regulations and regulatory entities that can be involved in regulating a particular FinTech startup based upon the product and services provided are subject to increased scrutiny and criticism from the FinTech industry. Continue Reading U.S. FinTech Regulatory Landscape for 2017
Real estate lenders and agents struggling with the new TILA-RESPA Integrated Disclosure rules will have the opportunity to suggest improvements to the rules this summer. On April 28, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray sent a letter to eight financial industry trade groups stating that the agency intends to propose new amendments in late July 2016 to the rules synthesizing mortgage lending disclosures under the Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA). Issued pursuant to the Dodd-Frank Act, the rules are known as the TILA-RESPA Integrated Disclosures (TRID) rule, also referred to by the CFPB as the Know Before You Owe rules.
Federal regulators published guidance Monday regarding the application of customer identification program (CIP) requirements to holders of prepaid cards and other types of prepaid access. Although the guidance is meant to clarify longstanding CIP rules—issued in 2003 to implement USA PATRIOT Act amendments to the Bank Secrecy Act (BSA)—the guidance has the effect of setting new standards for banks that issue prepaid access. This includes prepaid cards that third-party program managers sell and distribute, as well as cards that are used to provide employee wages, healthcare, and government benefits. Continue Reading Federal Regulators Release BSA/AML Guidance for Prepaid Products
The FTC’s focus on data security appears to be expanding, with the agency now investigating the processes by which private industry measures data security compliance. On March 7, 2016, the FTC ordered nine different companies who are “Qualified Independent Assessors” to provide detailed information about how they assess their clients’ compliance with the Payment Card Industry Data Security Standards (“PCI DSS”). The nine companies receiving orders range from large accounting firms such as PricewaterhouseCoopers, LLP, to security-focused companies such as Foresite MSP, LLC. They must respond to the Commission within 45 days (absent any extensions that the Commission might grant). The FTC did not state that the orders were issued in connection with any apparent breach or other specific problem, and the agency’s ultimate goal for this inquiry remains to be seen.
As has been reported in the news recently, there is increasing litigation asserting that the websites of some commercial enterprises, including financial institutions, are not accessible to consumers with disabilities. The Americans with Disabilities Act was adopted before widespread adoption of the internet, but the Department of Justice and many courts have taken the position that the ADA’s prohibition of discrimination against anyone on the basis of disability in the use of “accommodations of any place of public accommodation” applies to websites as well as physical establishments. Continue Reading Watch for Litigation Concerning Website Accessibility to the Disabled to Rise
The Consumer Financial Protection Bureau (“CFPB”) made headlines last week by taking action against Dwolla, an online and mobile payments platform. The CFPB imposed a $100,000 penalty against Dwolla, and while the dollar amount of the penalty may appear to be small compared to other civil money penalties, the action is significant because it is the first action the CFPB has taken in the data security area and provides insight into future enforcement activities surrounding data security by the CFPB. It also serves as a notable reminder of the CFPB’s broad enforcement powers, which go beyond financial institutions to non-FI companies that deliver financial products and services to consumers. While the CFPB lacks authority over the substantive data security requirements that are enforced by the federal financial regulators, that poses no obstacle to the CFPB’s ability to take an action, like this, initiated under its authority to police “deceptive” acts or practices.