Fintech Regulatory Compliance Happenings - 8/17-24
Looking at the AML Act, small business UDAAP, the SEC and Titan, ATM developments, and a new Fed division.
Before we kick off this week's edition of our newsletter, I wanted to ask a huge favor to all of you who are loyal subscribers - if you've enjoyed our content, I would like to kindly request if you can pass along this newsletter to at least one of your contacts who you think might benefit from reading this. No strings attached, just forward the Substack or Linkedin email and encourage others to subscribe to us, on either platform. Thank you so much, and I hope to continue to deliver this type of material for a long time to come.
~~~~~
This week, we're playing around with a slightly different format. There's no real deep dive or investigation or major analysis we have planned this week, so instead we are going to power through some of the biggest regulatory compliance-related stories in the industry that caught our attention and provide our quick take on them. I encourage you to read the full article from the sources we got these stories from. Let's jump in:
American Banker - AI expectations from FinCEN's AML Act of 2020 - A webinar covering the current state of fraud and AML, and how FinCEN's mandate to essentially update all federal AML-related laws at will could include incorporating AI-related guidance and techniques. The webinar will feature speakers from CSI (Computer Services Inc), a tech-heavy consultancy that has specialized in fintech, regtech and cybersecurity for over 50 years. Scheduled for one hour on Tuesday, Sep 19, 2023 at 02:00 pm ET / 11:00 am PT.
American Banker - California bars unfair, deceptive practices in small business lending (paywall) - "A new California regulation will bring consumer-style protections to small businesses seeking loans, giving regulators in the state the ability to go after unfair, deceptive and abusive practices." Few things worth noting - this regulation has been in the works for years, and passed as part of a larger bill passed in 2020. It goes into effect this month and while it exempts banks, credit unions, and some other very niche lenders (all described at the link if you're interested in the minutia), it does not exempt other lenders, which presumably will include some big names like OnDeck, Funding Circle US, Bluevine, and others. In other words, non-bank fintechs. While the article seem to suggest that what "unfair and deceptive" means in the context of small business lending, I think using the criteria established in the consumer version entitled UDAAP is probably a good reference point. Most of consumer UDAAP enforcement over the years has focused on marketing and servicing, with customer confusion as the main impetus for regulatory action.
Reuters - Fintech firm Titan to pay over $1 mln to settle US SEC charges - "Titan, a New York-based registered investment adviser, misled investors with statements made on its website about hypothetical returns from August 2021 to October 2022, the SEC said in a statement. That included touting annualized crypto performance results as high 2,700% without telling investors they were extrapolated from a "purely" hypothetical three-week period, the SEC said in a charging document." - We've added the SEC's 16-page document summarizing their case against the company. I think both are pretty straightforward and thorough (I like that the SEC's document includes screenshots, which are always helpful in getting an idea of the offending type of content). What I think is pretty shady is the fact that while many news outlets have picked up this story, Titan itself has not acknowledged this settlement in any way, shape or form on any of their online presences. Nothing on their website, nothing on their Linkedin (Titan), nothing on their Twitter. Usually, when banks or fintechs enter a public settlement with a regulator, they will put out some kind of a statement acknowledging it and then making a commitment to do better. The SEC seems to give Titan credit by acknowledging they've hired a Chief Compliance Officer and a Chief Legal Counsel, and built out their staff in both areas but they do not mention that the CCO and CLO is one person, and they do not mention that per their Linkedin page which can show the roster of employees, it seems like there is only one other Compliance professional in the company. Furthermore, the SEC references internal audits that are performed, but these would appear to be conducted by a third party, while I am of the belief that they could really benefit by hiring a permanent internal auditor given the issues are probably not just temporary (yes, perhaps I'm a bit biased). I could go on, but I think you all get the point.
Finextra - FCA to take ‘balanced’ approach in access to cash regime - Jumping across the pond - "Through the Financial Services & Markets Act 2023 (FSMA), the UK parliament has given the FCA the power to seek to ensure reasonable provision of cash deposit and withdrawal services for personal and business current accounts in the UK or part of the UK. Under the FCAs assessment, the accessibility of cash remains good." - Reading this article and seeing not only the current state of ATMs in the UK with easy access to free withdrawals, but also the FCA's commitment to maintaining this via regulation, gave me major FOMO. Not only is there no such regulation in the US, but I'm fairly certain the statistic cited by the FCA that "95.1% of the UK population is within one mile of a free-to-use cash withdrawal point, such as cash machines, Post Office branches, or bank/building society branches, and 99.7% of the UK population is within three miles of a free-to-use cash access point" is significantly more than what is available in the US. On top of that, the average ATM surcharge has gone from $0.89 in 1998 to $3.08 by 2021. While I do understand cash is no longer a preferred mechanism of payment, I'm always going to have an issue with the ATM surcharges. I shouldn't need to pay someone to get access to my own money as quickly as possible, just because I am far away from a branch or a first-party ATM.
Finextra - Fed extends remit to cover 'novel' technology-driven risks - "The US Federal Reserve is setting up a new supervisory unit to cover 'complex' technology partnerships between banks and non-banks, crypto activities, and the implementation of blockchain technologies. The Fed says the goal of the 'novel activities supervision program' is to foster the benefits of financial innovation while addressing risks to ensure the safety and soundness of the banking system." - The full SR Letter can be found here. When seeing this, the first reaction I had was that this unit has spun out from the updated interagency guidance on third party risk management that was issued earlier this year (that we also commented on). The crypto and blockchain activities pieces are obviously important, but I'd argue the broader impetus of this is from the increasing oversight over these relationships. Interestingly, the American Fintech Council, which is comprised of a significant number of fintechs including Chime, Avant, Cross River, SoFi, and others (a number of whom have been called out by the regulators) issued a press release in support of the regulation. Not sure if the strategy is to be good citizens rather than to rail against it, but perhaps this is their way of trying to get on the regulators' good side well in advance. In any case, it remains to be seen if the creation of this unit is just a way to better organize and delineate existing regulatory activity including exams and consents/enforcements, or if this announcement will be followed by additional hires for this new division and incremental oversight.
While there are a ton of other stories that we could cover, these items caught my attention the most this week. Thanks for reading and once again, if you liked what you read, please pass this along to your contacts!