The Director of the Financial Crimes Enforcement Network (FinCEN), Kenneth A. Blanco, delivered prepared remarks at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference this week. Mr. Blanco spoke on five key topics: (1) how FinCEN uses Bank Secrecy Act (BSA) data, (2) the status of the BSA Value Project, (3) the importance of beneficial ownership information, (4) the federal banking agency working group efforts, and (5) the realignment of FinCEN’s organizational structure.
- Use of BSA Data. Blanco presented several statistics relating to FinCEN personnel, searches, and queries of BSA data and suspicious activity report (SAR) filings. He noted the drastic increase in SAR filings from convertible virtual currency (CVC) entities following FinCEN’s May 2019 Guidance besides commenting on the increase in filings from exchanges identifying potential unregistered, foreign-located money services businesses, specifically identifying Venezuela-based peer-to-peer exchangers. Mr. Blanco also noted that exchanges have increased their reporting of customers conducting transactions with CVC addresses linked to darknet marketplaces as well as CVC kiosk operators increasing their reporting on activity indicative of scam victims.
- BSA Value Project. FinCEN is reviewing the BSA data that it receives to make it more effective and the collection of it more efficient. It plans to develop metrics to track and measure the value of its use on an ongoing basis with regard to each type of stakeholder (e.g., FinCEN, law enforcement, regulators, financial institutions). Mr. Blanco stressed that FinCEN intends to be as transparent and public facing as possible about the results.
- Beneficial Ownership Information. Blanco stated that the importance of beneficial ownership information from a national security perspective “cannot be understated” and that the “secrecy behind shell companies … is a clear and present danger.” Rules pertaining to customer due diligence seek to address this, but Mr. Blanco believes that there is still work to be done.
- Interagency Working Group Efforts. Blanco highlighted several accomplishments of the working group that was established among FinCEN, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve, and the National Credit Union Administration (NCUA). A key highlight was the group’s joint statement on how banks can enter into collaborative arrangements to share resources to effectively manage their BSA and anti-money laundering obligations. Additionally, Mr. Blanco identified a joint statement where the agencies encourage the use of innovative approaches to better combat money laundering, terrorist financing and other illicit financial threats, even if such approaches do not succeed.
- Realignment at FinCEN. FinCEN’s Liaison Division has been realigned as the Strategic Operations Division (Strategic Ops) and is responsible for designing and implementing FinCEN’s strategic partnerships across the industry with government colleagues, both foreign and domestic. Additionally, FinCEN’s new Global Investigations Division (GID) has enabled FinCEN to more effectively use financial authorities to counteract actors involved in several criminal acts.
On December 9, 2018, the Financial Stability Board (FSB) published two reports reviewing the financial stability implications of the growing involvement of emerging technology and large technology firms in the offering of financial services. These reports discuss the benefits and risks associated with the provision of financial services by BigTech firms and the adoption of cloud computing and data services by financial institutions. Both reports acknowledge the benefits and discuss the risks associated with these developments in financial services. BigTech and cloud services can provide benefits including lower costs, diversity of financial offerings, speed, scalability, and security. The FSB also notes growing risks related to the stability of the financial system due to concentration among BigTech and cloud services providers.
Although there are laws in most jurisdictions applicable to financial institutions’ use of third-party service providers, the FSB recommends that financial regulators consider the efficacy of those laws and whether the unique risks posed by BigTech’s involvement in financial services and the use of cloud services by financial institutions are adequately addressed by current legal frameworks. Together with regulatory considerations, in its reports, the FSB often discusses the risks to both the technology companies and financial institutions resulting from quickly developing advancements and interconnection between technology and financial services. In particular, the FSB warns that there is a lingering skills-disconnect that may lead to risks being ignored or overlooked and problems going misdiagnosed or addressed improperly. To remedy this, the FSB encourages the development of employees and management so that they will understand and have the technical skills necessary to manage these quickly developing technologies.
BigTech in Finance
The FSB refers to BigTech firms as large companies with established technology platforms. As examples, the FSB references BigTech firms like Alibaba, Amazon, Apple, Baidu, eBay, Facebook, Google, Microsoft, and Tencent. These BigTech firms have grown quickly, have large customer bases, huge amounts of customer data, and significant financial resources that can provide access to capital at lower costs than their competitors. BigTech firms leverage their size and strengths to offer a wide variety of financial services both to their own customers and in partnership with traditional financial institutions.
The FSB acknowledges both benefits and risks to BigTech’s involvement in financial services. Benefits include innovation, diversification, and efficiency in the provision of financial services, as well as greater financial inclusion promoted by BigTech platforms. However, the FSB warns that BigTech firms’ activities could also pose risks to stability in the financial services space due to the rapid scaling of BigTech firms’ financial platforms and the complexity of linkages between BigTech and traditional financial institutions. Given the nascent stage of development of BigTech firms’ financial offerings, the FSB is concerned that regulators have not considered enough the risks posed by a single firm or a small group of BigTech firms controlling or being integrated into financial services.
Third-Party Dependencies in Cloud Services
Cloud services are quickly becoming integrated into the operations of financial institutions. To date, most of this integration is centered on financial institutions’ IT and other non-core functions. However, the use of cloud services for core banking functions is growing quickly. The FSB notes that most jurisdictions have longstanding regulations and supervisory policies that address the use of third-party service providers by financial institutions. Although such regulation already exists and has provided adequate oversight of cloud services, the FSB notes that adopting cloud computing across a broader swath of functions of financial institutions may raise new financial stability implications.
The FSB notes that cloud services provide many benefits over existing technology. For example, cloud services can provide geographically dispersed infrastructure and better security than existing technology such as on-premises networks. Cloud services thereby improve resiliency and promote scale quickly and flexibly at lower costs. Yet cloud services also present risks including concentration risks much like those discussed in the FSB’s paper on BigTech. The FSB notes that it does not currently see immediate financial stability risks posed by financial institutions’ current use of cloud services, but that as cloud services are integrated into more core banking functions, the risk increases.
In anticipation of the potential risks, the FSB recommends that regulators consider (1) the adequacy of regulatory standards and supervisory practices for the oversight of outsourcing arrangements with third-party service providers; (2) the ability of regulators to coordinate and share information related to the development of cloud services; and (3) how to promote standardization efforts to ensure interoperability and data portability in cloud environments.
The FDIC issued a proposed rule that would modify the brokered deposit rule, 12 C.F.R. Part 337 (“Brokered Deposit Rule”). The proposed rule would modernize the Brokered Deposit Rule, including changing the brokered deposit framework to address collaborations between banks and fintech and other technology companies. Many fintechs today offer their customers products and services that incorporate deposits or facilitate deposits to banks. These fintechs partner with banks to offer these deposit services, but this type of partnership is not always straightforward due to concerns under the Brokered Deposit Rule that the FDIC will consider most deposits collected or facilitated through the fintech company to be brokered deposits. Under the Brokered Deposit Rule, a company is a deposit broker if it is engaged in the business of placing or facilitating the placement of deposits with banks for the purpose of selling interests in those deposits to third parties. There are numerous exemptions to this, but they have so far been interpreted narrowly. When fintechs enter into these bank partnerships to offer deposits, they must find a bank willing to accept the deposits facilitated through the fintech or must prove to the bank that the deposits are not actually brokered deposits.
Under the Brokered Deposit Rule, a brokered deposit is considered riskier than core deposits that the bank takes in directly. The FDIC may charge higher deposit insurance premiums to banks with certain levels of brokered deposits. Furthermore, small banks under $10 billion in assets and banks that are not well capitalized are subject to higher FDIC assessment rates if brokered deposits make up greater than 10% of the bank’s total deposits.
The proposed rule redefines one aspect of the deposit broker definition – what it means to “facilitate” deposits. Under the proposed rule, a person is in the business of facilitating the placement of deposits with banks if they engage in sharing third-party information with the bank, if they have the authority to close the account or move the funds to another bank, if they are involved in setting the terms of the deposit account, or if they are acting, directly or indirectly, as an intermediary between the depositor and the bank, other than in a purely administrative capacity.
Importantly, a bank or fintech company may apply with the FDIC for a determination of whether the fintech meets an exception from being considered a deposit broker. If adopted, this process will add greater clarity to the classification of deposits than current guidance does.
Additionally, the proposed rule establishes a new category of deposits that the FDIC will deem to meet the primary purpose exception – deposit placements that enable transactions. The primary purpose exemption, which exempts a company from being a deposit broker if its primary purpose related to the deposits is not the placement of funds, has been subject to many questions over the years. This new category of deposits includes deposits from a company that places all of its customer funds into transaction accounts at a bank and for which the bank does not pay for the deposits. Accordingly, settlement accounts and accounts enabling payments held at banks would be exempted from the brokered deposit definition.
The Federal Reserve Board announced that it will hold a series of fintech innovation office hours across the country to meet with fintech companies and banks. The office hours present an opportunity to meet one-on-one with Federal Reserve staff members to discuss fintech developments and ask questions.
The first office hours will be held in Atlanta, Georgia on February 26, 2020. Please see here for registration information.
The Federal Reserve Board also launched a new section on its website that is focused on fintech innovation and intends for it to serve as the central hub of information to learn about innovation-related matters.
California Assemblymember Monique Limón sent letters to the CEOs of three online lenders warning them that they stand to be deemed the true finance lender when leveraging bank partnerships to evade California’s new statutory interest rate cap that takes effect on January 1, 2020, and that she “will work with the Attorney General and Commissioner of Business Oversight (DBO) to ensure that the intent is carried out.” In each letter, Assemblymember Limón noted separate comments made by each of the respective CEOs during earnings calls that they were considering alternative structures that may enable the issuing of loans to consumers in excess of the new rate cap.
Subsequently, the Commissioner of Business Oversight, Manuel Alvarez, said in a written statement to The Sacramento Bee, “[w]hen a California-licensed lender openly tells shareholders that it plans to pivot loan-origination from its California license to a third-party bank partner, there is concern the licensee may still be the true lender.”
Earlier this year, the passage of California Assembly Bill 539 established, among other things, the maximum allowable annual interest rate of 36% plus the federal funds rate for loans with principal amounts between $2,500 and $10,000.
PayPal recently sued the Consumer Financial Protection Bureau (CFPB), challenging the CFPB’s Prepaid Rule’s application to digital wallets. PayPal alleges that the promulgation of the Prepaid Rule violated the Administrative Procedure Act because the CFPB ignored PayPal’s comments on the Prepaid Rule, and arbitrarily and without justification applies the same disclosure requirements to digital wallets as it does to other prepaid cards. As stated in the complaint, PayPal alleges that the CFPB “seized on an occasional and incidental feature of digital wallets [(that some digital wallets may allow a consumer to store funds in them directly)] to impose on digital wallets a sweeping regulation designed for GPR [(general purpose reloadable)] cards.”
Particularly concerning for PayPal are the requirements that a digital wallet, like PayPal’s, provide the mandatory short form disclosure and abide by the 30-day waiting period for linking credit products to prepaid accounts. PayPal argues that the disclosure is confusing to consumers as the mandatory disclosure does not reflect the actual costs and terms of PayPal’s digital wallet, and actually prevents PayPal from disclosing certain necessary terms to digital wallet users. PayPal also argues that the waiting period to link credit products does not make sense in the context of digital wallets as many consumers acquire the credit product before obtaining the digital wallet.
Europe’s regulatory environment favors open finance innovation. Regulators in Europe are still exploring how to ensure that open banking protocols are beneficial to the industry and the consumer. To that end, the United Kingdom’s Financial Conduct Authority (FCA) has published a call for input to explore the benefits and risks of open finance to better understand the development of open finance, the interests of consumers, and the role the FCA should play in facilitating the development of open finance. Comments are due to the FCA by March 17, 2020.
The FCA believes that “[o]pen finance has the potential to transform the way consumers and businesses use financial services,” and that it has the “potential to improve competition among financial services providers, spurring innovation, development of new services and increased demand. It could boost access to commercial lending and increase business productivity.” The FCA notes that the development of the General Data Protection Regulation (GDPR) as well as regulatory initiatives in other countries prompt important questions for the FCA, which wishes to be a leader in this space. The FCA notes that it does not assume that FCA intervention into open banking is necessary, but it does want to better understand what role it should play as open finance develops.
The call for input provides a wider discussion of open finance issues and questions, but generally seeks responses to the following questions:
- Is open banking on track to achieve its potential?
- What are the potential benefits of open finance in the markets we regulate and to our operational objectives? And will those benefits materialize without intervention?
- Could open finance pose any risks to our operational objectives? And would our current rules be sufficient to mitigate them?
- Under what conditions would open finance develop in a way that delivers the best outcomes?
- Given the above, what role should the FCA play? Does the FCA need to intervene, and if so, in what way?