On July 31, 2018, the U.S. Department of the Treasury (“Treasury”) released a report on “Nonbank Financials, Fintech, and Innovation,” its fourth and final report on the U.S. financial system pursuant to Executive Order 13772 (the “Report”). At over 200 pages long, with 80 separate recommendations, the Report addresses products and services ranging from payments and marketplace lending to debt collection and wealth management. While many of Treasury’s recommendations would have a positive impact on creating a national and state regulatory environment to foster innovation in financial services, the Report is ambitious, and implementing many of its recommendations will be a massive effort in legislation, policy-making and regulatory oversight.  Continue Reading Fintech-Forward: U.S. Treasury Department’s Report on Nonbank Financials, Fintech, and Innovation

Not long ago, financial technology (FinTech) startups were all seeking to disrupt the market for financial services and compete directly with financial institutions (FIs) for customers. But as these startups have grown into more mature companies, cooperation with FIs has come to replace disruption for many FinTech firms. These companies have realized that FIs can help scale their technology to larger bases of potential users, and can also help FinTechs raise capital by showing strong partnerships and FI distribution channels.

In turn, FIs now recognize that FinTech firms offer more than competition, representing potentially valuable partnerships with better technology and an improved user experience. By collaborating with FinTechs, FIs can improve product offerings and increase efficiency, all without the FIs committing significant resources to create new solutions themselves. Continue Reading Access vs. Security: Takeaways For U.S. Financial Institutions from the European PSD2 Open API Framework

2018 has a tough act to follow, after a 2017 full of momentous developments—starting with a new Administration and wrapping up with a showdown over the right to serve as Acting Director of the Consumer Financial Protection Bureau (CFPB) (a fight that continues as of this writing, as discussed below).

But 2018 is unlikely to be a quiet year. In addition to developments in the CFPB leadership battle and other litigation, the year is expected to bring developments such as effective and compliance dates for major regulations on data protection, Bank Secrecy Act/anti-money-laundering (BSA/AML), mortgage servicing, and other topics, and could bring changes in supervisory focus at multiple federal agencies.  Continue Reading Fasten Your Seatbelts: Are You Ready for Another Eventful Year?

The SEC’s recent settlement with Morgan Stanley highlights the agency’s continued focus on enforcing cybersecurity measures. On June 8, 2016, Morgan Stanley agreed to pay a $1 million penalty to settle charges relating to its alleged failure to adopt written policies and procedures reasonably designed to protect customer records and information, a violation of the “Safeguards Rule.”

Continue Reading SEC’s Focus on Enforcing Data Security Safeguards Continues: Lessons Learned from Its $1M Fine of Morgan Stanley

The FTC’s focus on data security appears to be expanding, with the agency now investigating the processes by which private industry measures data security compliance. On March 7, 2016, the FTC ordered nine different companies who are “Qualified Independent Assessors” to provide detailed information about how they assess their clients’ compliance with the Payment Card Industry Data Security Standards (“PCI DSS”). The nine companies receiving orders range from large accounting firms such as PricewaterhouseCoopers, LLP, to security-focused companies such as Foresite MSP, LLC. They must respond to the Commission within 45 days (absent any extensions that the Commission might grant). The FTC did not state that the orders were issued in connection with any apparent breach or other specific problem, and the agency’s ultimate goal for this inquiry remains to be seen.

Continue Reading QUICK REVIEW—Watching the Watchers: FTC Orders Investigation Into Third Party PCI DSS Qualified Independent Assessors