QUESTION
We are a fintech
that is growing quickly. I am the company’s General Counsel. Our President is a
bit arrogant and cavalier. He is only interested in attracting investors and
clients. Regulation takes a distant second place. I’ve had enough of the non-compliance.
I’ve tried unsuccessfully to get him to recognize the legal exposure. I’m done.
I’m resigning. My last day is the end of the week.
Before I go, I
am sending this message to you. The President reads your MortgageFAQs
newsletter and quotes it all the time. I have read your writing for years, and
I know you do not condone workarounds, short-term fixes, and non-compliance
with appropriate regulations. I hope you will consider telling your readers why
Fintechs must comply with the CFPB’s expectations.
The CFPB has
been increasingly active in its review of fintech activities. It is flexing its
supervisory and enforcement authority more and more. The litigation is piling
up. I was hoping you could let the fintechs know they can expect considerable
examination and enforcement initiatives by the CFPB.
Why is it
important for fintechs to comply with the CFPB’s rules?
ANSWER
I’m sorry you
have been so frustrated. Your message notes that you are going into private
practice. Working for a difficult President can burn out even the most
resilient staff. I hope you will stay alert to fintech rules and regulations.
These companies need people like you as a beacon for compliance.
Fintech
compliance is relatively new. Recently, AI is getting integrated into fintech
technologies. Most people in the financial services community think of fintech
as applications (or “apps”) involved in financial transactions. There are
fintech apps that run quite a spectrum of services, including apps involved in
payments, crypto, investments, advisories, and so-called P2Ps (viz.,
peer-to-peer).
The fintech
categories are very broad, all in some way connected to financial services
transactions. Examples include mortgage banking, various types of unsecured
lending, payments, money transfers (domestic and international), equity
finance, and consumer banking.
For instance,
you can go to your non-bank, bank, or credit union for a loan or apply online
and, in many cases, apply using an app. Fintech’s automated systems and AI
speed up the approval process to minutes or seconds. This is done using
software to determine a borrower’s creditworthiness, advancing the results to
an automated underwriting process, and producing an approval at dazzling speed.
PayPal is an example
of a fintech company – one of the largest. It has a global reach and many
platform configurations, and it offers instant transactional opportunities to
individuals and businesses worldwide. You may not realize it, but Visa,
Mastercard, Intuit, Square, Robinhood, Binance, and Venmo are fintech
companies.[i]
There are hundreds of fintech companies, and many more are proliferating rather
quickly.
The Consumer
Financial Protection Bureau (CFPB or Bureau) is mandated to ensure consumers
have access to fair, transparent, and competitive markets for consumer
financial products and services. Importantly, the CFPB’s supervisory and
enforcement requirements pertain to fintechs.
Let’s get to your
question about why fintechs should comply with the CFPB’s rules.
I suggest there
are at least three reasons why fintech enterprises should comply with CFPB
requirements, beginning with the CFPB’s jurisdiction and power to
investigate fintechs. Congress granted the CFPB the authority to police
markets for consumer financial products or services,[ii]
including consumer credit products, deposit-taking activity, payment
processing, and debt collection, to name just a few.
The policing is
done by supervising subject institutions and enterprises and enforcing
violations of law against those that offer or provide consumer financial
products or services or provide a material service to a consumer financial
services provider. And, to be sure, this includes fintechs.
The Bureau has
been increasingly active in supervision, enforcement, and rulemaking involving
the fintech industry, many non-bank financial services providers. The CFPB will
continue to develop rulemaking to expand its purview to large non-depository
lenders.
Indeed, whether
partnered with banks or acting alone, fintech companies are subject to the
CFPB’s supervision.
In connection
with the foregoing, tangling with the Bureau could engender a risk of
penalties and injunctive relief. Several administrative consent orders
come to mind. For instance, the CFPB entered into a consent order with two
payment processors and their owners, requiring them to pay $3 million in
penalties and refund over $8 million in fees.[iii]
The CFPA has
also sought injunctive relief in enforcement actions. The Bureau’s Director,
Rohit Chopra, has said that it is seeking to enforce “limits on activities or
functions of a firm” to promote “structural” changes at financial services
firms to prevent future violations.[iv]
If the law will
not constrain your President, maybe reputational harm would mean
something to him. When the CFPB conducts a public enforcement action or just publicly
discloses an investigation, the harm to the fintech’s reputation can be
enormous, perilous, and perhaps fatal.
If an app or
online application is going to replace the traditional means of banking, consumers
will want to trust the fintech’s brand – which, from a marketing perspective,
is critical to its survival! Reputational damage due to adverse findings issued
by the CFPB could also affect a fintech’s relationships with its investors,
which will surely impair future fundraising efforts.
Such CFPB
actions would tend to impact a fintech’s relationship with other regulators –
federal or state agencies – and could hinder the fintech’s efforts to obtain necessary
state licenses, among other things.
Now, I realize
that you are parting with the fintech enterprise. However, your President is
doing a disservice to his fintech company and other similarly situated
companies by not hiring a compliance professional familiar with fintech
business, customers, stress and risk points, and compliance requirements. What
the President thinks about compliance will be of no consequence if the company cannot
mitigate legal and regulatory risks. A fintech operating without an
understanding and respecting the CFPB’s guidelines is exposed to considerable
CFPB scrutiny.
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director Lenders Compliance Group
[ii]
Title 12 – Banks and Banking, Chapter 42, Wall Street Reform and Consumer
Protections, Subchapter V, Bureau of Consumer Financial Protection, see also USC
edition, Supplement 2
[iii] In
the Matter of: RAM Payment, LLC, inter alia, and Gregory Winters, and Stephen
Chaya, Administrative Proceeding No. 2022-CFPB-0003, May 11, 2022
[iv] “Reining
in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University
of Pennsylvania Law School, Speech, Chopra, Rohit, March 28, 2022
Comments
Post a Comment