United States: If Only: US Treasury Department Report Creates A Wish Tree Of Financial Reform For Fintech

INTRODUCTION

Regardless of whether its recommendations are achievable in whole or in part or merely aspirational, the US Department of Treasury's ("Treasury") report issued on July 30, 2018—A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech and Innovation ("Report")—is an ambitious, well-thought-out, comprehensive compendium of proposals to foster innovation in our financial system. Treasury deserves kudos for organizing and analyzing a disparate set of potential reforms to help synchronize old laws with new ways to conduct business. The question is whether this laudable blue-print for reform can serve as the impetus for real change given our current state of affairs.

The Report is the fourth report issued by Treasury in response to President Trump's February 2017 Executive Order No. 13772 ("Executive Order") setting forth certain core principles for the US financial system. The three prior reports generally identified laws, treaties, regulations and other government policies that promote or inhibit federal regulation of the US financial system and included recommended changes consistent with the core principles set forth in the Executive Order.1 While some of the recommendations require action by federal regulators, others require changes to federal or state laws and most require public funds.

This fourth report explores the regulatory landscape for nonbank financial companies with traditional "brick and mortar" footprints not covered in other reports as well as newer business models employed by technologybased firms ("fintech"). As part of the Report, Treasury explores the implications of digitalization and its impact on access to clients and their data. The Report includes limited treatment of blockchain and distributed ledger technologies as these technologies are being explored separately in an interagency effort led by a working group of the Financial Stability Oversight Council ("FSOC"). Treasury's preparation of the Report included discussions with entities focused on data aggregation, nonbank credit lending and servicing, payments networks, financial technology, and innovation. It also consulted with trade groups, financial services firms, federal and state regulators, consumer and other advocacy groups, academics, experts, investors, investment strategists and others with relevant knowledge, and it reviewed a wide range of data, research and other published material from both public and private sector sources.

Nobody should expect every one of the Report's recommendations to be implemented efficiently and immediately, if at all. Some recommendations can be implemented through regulatory fiat, others can be implemented by regulators but only through a formal rulemaking process, and still other recommendations will require congressional action. Some of the recommendations are concrete, and others simply outline principles to inform policymakers. Some in theory could be implemented right away, and others are longer-term in nature. Some recommendations surely at some point will be enacted, and others may never see the light of day. To fully implement all of the recommendations in the Report, federal agencies will need to crisply coordinate their initiatives in a strategic way, states will need to realize that a patchwork of inconsistent "solutions" to the same problems is counter-productive, and Congress will need to seize the initiative to legislate in order to promote rather than to prohibit. Nevertheless, the immense barriers to implementation should not diminish the importance and usefulness of the Report.

This Legal Update provides a high-level summary of the Treasury recommendations set forth in the Report, along with a brief analysis of the key areas and some thoughts regarding the prospects for successful implementation of the pertinent recommendations. Some of the key areas covered in this Legal Update include data aggregation, challenges presented by the state and federal regulatory frameworks, marketplace lending, mortgage lending, short term lending, small-dollar lending, payments, regulatory sandboxes and international approaches and considerations.

DIGITALIZATION, DATA AND TECHNOLOGY

Digital Communications

TELEPHONE CONSUMER PROTECTION ACT ("TCPA")

The Report explains that the TCPA has constrained the ability of financial services providers to use digital communication channels despite consumers' increasing reliance on text messaging and email communications through mobile devices. The financial services industry likely will welcome the Report's recommendations with respect to easing such constraints.

The Report recommends that regulators mitigate the risk of liability for calling a reassigned number—a telephone number formerly belonging to a consenting consumer that is subsequently given to another person— by creating a database of reassigned numbers and a broader safe harbor for calls to reassigned numbers so that a caller who had consent from a previous subscriber has a sufficient opportunity to learn that the number has been reassigned. The Report also suggests that updated TCPA regulations should provide clarity on what types of technology constitute an "automatic telephone dialing system" for TCPA purposes given the TCPA's restrictions on the use of autodialers.2 Finally, the Report notes the importance to the industry of clear guidance on reasonable methods for consumers to revoke consent under the TCPA, including through congressional action if necessary. The Report's TCPA recommendations align with the Federal Communications Commission's ("FCC") rulemaking agenda. In March 2018 the FCC sought comment on how to address the reassigned numbers issue.3

FAIR DEBT COLLECTION PRACTICES ACT ("FDCPA")

Treasury recommends that the Bureau of Consumer Financial Protection ("Bureau") promulgate regulations under the FDCPA to codify that reasonable digital communications, especially when they reflect a consumer's preferred method, are appropriate for use in debt collection. Consumers increasingly prefer to communicate with their financial services providers digitally, such as through text messages and email, but the potential litigation risk from inadvertently disclosing information regarding debts to an unauthorized third party discourages debt collectors from digital communications with consumers. The Federal Trade Commission ("FTC") had noted in 2009 that it was unaware of information demonstrating that unauthorized third parties were more likely to have access to debt collection messages conveyed through digital means than through letters and phone calls and that it did not believe in imposing restrictions on debt collectors' use of email and instant messages in the absence of such data.4 Industry stakeholders have argued in favor of an automatic "opt-in" that is deemed to constitute consent in the event that a consumer provides an email address or other digital communications method in connection with his or her financial services agreement. The industry is likely to favor such "opt-in" consent method because it could be implemented through consumer contracts.

Data Aggregation

CONSUMER ACCESS PROTECTIONS

The Report discusses how data aggregators and fintechs should be able to access a consumer's financial information only with informed consumer consent following receipt of adequate disclosures. To achieve that goal, the Report recommends that the Bureau work with the private sector to develop best practices and consumers be given adequate means to revoke prior authorization. If implemented in a thoughtful manner, these principles-based protections should give consumers a meaningful opportunity to control use of and access to their financial information.

DATA SHARING BARRIERS

The Report discusses how data aggregation in general, and APIs5 in particular, face operational and regulatory barriers. The Report recommends that the private sector develop a solution to allow financial services companies and data aggregators to establish data sharing agreements that use secure and efficient methods of data access and banking regulators revise their third-party guidance to remove ambiguity related to regulatory authority over fintechs' use of APIs. These recommendations, while generally appearing to be noncontroversial, seem unlikely to be achieved in the near-term because it will be difficult to build consensus among market participants and a variety of resourceconstrained regulators.

DATA SECURITY AND BREACH NOTICE

The Report recommends that Congress enact a federal data security and breach notification law. The current fragmented regulatory regime results in gaps in data security requirements and duplicative costs for institutions that service consumers located in multiple states with inconsistent breach notification laws. While proposals similar to the Report's recommendation have previously failed, in part because of state opposition to federal preemption of the existing state breach notification laws, the frequent occurrence of major, nationwide data breaches may mean that the situation is at a tipping point where such a federal law becomes a reality.

DIGITAL LEGAL IDENTITY

To combat the difficulties of identity proofing that have increased with the growth of customers' preferences for online or mobile financial transactions and with the disaggregation of financial services, the Report recommends that public and private sector stakeholders work together to develop trustworthy digital legal identity services and products in the financial services sector that are portable across governmental agencies and unrelated financial institutions. In particular, the Report highlights existing initiatives by the Office of Management and Budget and under the REAL ID Act of 2005 as potential foundations for a digital legal identity framework. However, we expect that the viability of a digital legal identity will be driven more by congressional willingness to fund the public portion of the public-private initiatives and an interest on the part of regulators in providing legal certainty to those relying on such initiatives than willingness by the private sector to act independently.

CLOUD TECHNOLOGY AND FINANCIAL SERVICES

The Report recommends that regulators modernize requirements and guidance to better provide for appropriate adoption of new technologies such as cloud computing, including formally recognizing independent US audit and security standards that sufficiently meet regulatory expectations and set clear and appropriately tailored chain outsourcing expectations.

The Report recommends that regulators establish a cloud and financial services working group to develop cloud policies that reflect the interests of key industry stakeholders, including providers, users and others impacted by cloud services. Financial regulators should seek to promote the use of cloud technology within the existing US regulatory framework to help financial services companies reduce the risks of noncompliance and compliance costs associated with meeting multiple and sometimes conflicting regulations. The Report also recommends that regulators be wary of imposing requirements that data must be stored within a particular jurisdiction (e.g., data localization) and should instead seek other supervisory or appropriate technological solutions to potential data security, privacy, availability and access issues.

BIG DATA, MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE

As the Report points out, the artificial intelligence ("AI") revolution is here. Treasury offers insight into the problems it anticipates from the use of AI in the financial services ecosystem.

The Report notes a laundry list of uses of AI in the financial services industry, including surveillance and risk management, fraud identification, AML monitoring, investment/quant trading opportunities, chat bots and certain loan underwriting tasks. Although absent from the Report, machine learning ("ML") and alternative data can be used to reach vast untapped markets of "credit invisibles" (persons without traditional FICO scores), which is a huge opportunity.

AI presents pros and cons for financial services companies and consumers. Competition fosters innovation and may lead to better consumer products and services. The Report mentions that competition may present challenges as well. What if, Treasury worries, the firms with the strongest AI win a monopoly or duopoly? Perhaps a vicious cycle develops: consumers flock to the industry leader, so the leader gets more data, which makes its AI smarter, so it pulls further into the lead; repeat. Smart machines can detect fraud, but can also be used to promote fraud, e.g., through more realistic-looking sham phishing methods. Treasury does not mention it, but you could easily envision an AI arm's race, e.g., ML that spots problematic conduct pitted against ML that conceals such conduct.

There is some debate as to whether AI and ML will elevate biases in the provision of financial services. On one hand, ML underwriting may take biased humans out of the loop. But, ML systems may learn their own biases, for example, by using proxies for protected classes (e.g., determining that purchasers of high heeled shoes should be denied credit). The Report further notes that ML is notoriously opaque. This is often unhelpful, for example, when the law requires reasons for adverse credit decisions, or where regulators are trying to predict how a portfolio management tool will react in times of stress.

Finally, big data raises privacy issues. Big data drives AI, thus generating a need for more and more data to feed the AI machine, which can lead to data vulnerabilities. On top of which, ML will be using that data in new ways that may reveal more than people anticipate. An example that Treasury does not mention occurred not long ago—smart machines reviewing purchasing patterns alerted marketers that certain women were pregnant before those women publicly disclosed their pregnancies.

The Report makes a number of recommendations that are entirely correct but often not so easy to implement. Treasury offers the following advice: First, regulators should refrain from layering "unnecessary burdens" on the use of AI and ML. The issue is that "unnecessary burdens" is not a clear standard and may be interpreted in different ways by financial services providers and regulators. Second, regulators should be clear in their guidance. This is a laudable goal. Sometimes lack of clarity is a regulatory stratagem, but not always—sometimes it reflects a complex and unclear reality. The latter is harder to solve.

Third, regulators should coordinate when it comes to developing AI and ML policy. This is an ambitious goal, especially given what Treasury wants to accomplish (i.e., address when humans should be accountable, address when humans should have primary decision making authority, ensure that the work force is ready for digital labor, ensure that AI is transparent for consumers and ensure that AI is robust against manipulation). Finally, the Report notes that the government should invest in AI. This is likely a good idea, so long as government supports, rather than displaces or tramples upon, industry.

To view the full article click here

Footnotes

 1 US Department of the Treasury, A Financial System that Creates Economic Opportunities: Banks and Credit Unions (June 2017); US Department of the Treasury, A Financial System that Creates Economic Opportunities Capital Markets (October 2017); US Department of the Treasury, A Financial System that Creates Economic Opportunities Asset Management and Insurance (October 2017).

2 Historically, the industry has argued that the definition of "autodialer" under the TCPA was too broad because it includes equipment that merely has the capacity to make an autodialed call, rather than being limited to equipment that actually is used by an autodialer.

3 https://transition.fcc.gov/Daily_Releases/Daily_Business/2018/db0301/DOC-349522A1.pdf

4 Collecting Consumer Debts: The Challenges of Change: A Federal Trade Commission Workshop Report, https://www.ftc.gov/reports/collecting-consumer-debtschallenges- change-federal-trade-commission-workshop report.

5 "Application Programming Interfaces" mean a program that links the aggregator's or fintech's systems to the financial services provider's systems, and uses predefined communication and data exchange protocols to transfer information.

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2018. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions