Weekly Fintech Focus

  • FDIC releases a guide about the risk assessment and due diligence frameworks required when fintechs partner with banks.
  • Revolut valued at $5.5 Billion after new funding round.
  • FATF blacklists Iran for failing to improve its terrorist financing safeguards.
  • FTC provides annual letter to CFPB on the agency’s ECOA activities.
  • FTC releases a report on its small business financing forum, with emphasis on unfair and deceptive practices.
  • CFPB commits to meet certain deadlines for issuing its small business loan data rule as part of a settlement.
  • The European Insurance and Occupational Pensions Authority (EIOPA) published its guidelines on outsourcing to cloud service providers, following closely the guidance provided recently by the European Banking Authority.
  • SEC Charges Settled Against Actor Steven Seagal in Bitcoiin2Gen ICO

FDiTech Releases a Guide for Fintechs to Partner with Banks

The Federal Deposit Insurance Corporation’s technology lab, known as FDiTech, released a 6-page guide to help fintech companies partner with banks. The goal of the guide’s release is to help third parties understand the regulatory environment in which banks operate and to highlight the requirements unique to the banking industry.

The guide details the risk assessment and due diligence frameworks that banks use when considering working with third parties like fintech companies. Additionally, the guide provides general considerations that help these third parties prepare for the banks’ processes including (i) understanding the legal and regulatory frame that applies to banks, (ii) maintaining a well-managed and financially strong business, (iii) preparing for bank inquiries and remediating identified concerns, and (iv) demonstrating that the business appropriately monitors its activities. Lastly, the guide sets forth a detailed list of materials and terms that banks may request as part of its process.

The guide dedicates one section to models, algorithms, or other types of automated decision-making systems used by banks and provided to banks by third parties because these types of modeling systems may have unique risk management requirements. Specifically, the guide notes that a bank’s model risk management framework for these types of modeling systems may require (a) a disciplined and knowledgeable development of the model that is well-documented and conceptually sound; (b) controls in place to ensure proper implementation of the model; (c) effective model validation processes; and (d) strong model governance, policies, and controls. Further, for banks working with third parties, both parties must understand the outcome and justification for decisions of the model used.

Revolut Valued at $5.5 Billion After New Funding Round

Revolut raised $500 million in a new round of funding that valued the British company at $5.5 billion. The investment round brings the total amount raised up to $836 million and roughly triples Revolut’s last funding valuation of $1.7 billion in April 2018. According to data from CB Insights, Revolut is now tied with Klarna as the most valuable fintech start-up in Europe.

Revolut holds a European banking license from the Lithuanian central bank and is looking into obtaining a U.K. banking license. Moreover, Revolut stated that it intends to launch its services in the United States in 2020. This coincides with its mission to build a global financial platform according to its CEO, Nik Storonsky.

FATF Blacklists Iran for Failing to Improve its Safeguards Against Terrorist Financing

Financial Action Task Force (FATF), an intergovernmental agency, blacklisted Iran and requested that its members apply counter-measures against Iran, including enhanced customer checks and safeguards to protect their finance sectors from the risk of money laundering and terrorist financing. FATF also recommended that members do not allow Iran to establish branches in their countries and to limit business relationships.

Specifically, FATF found that Iran failed to enact the Palermo and Terrorist Financing Conventions in line with the FATF Standards. FATF stated that they will remain concerned with the terrorist financing risk emanating from Iran and the threat this poses to the international financial system until Iran implements the measures required to address countering the terrorism-financing deficiencies identified.

FTC Provides Annual Letter to CFPB on ECOA Activities

The staff of the Federal Trade Commission (FTC) provided the Consumer Financial Protection Bureau (CFPB) with an annual summary of its activities in enforcing the Equal Credit Opportunity Act (ECOA). Among other things, the FTC is responsible for ECOA enforcement and education regarding many non-bank financial service providers.

The annual summary detailed the FTC’s research and policy development and educational initiatives, which addressed the FTC’s approach to consumer privacy, hearings regarding state attorneys general enforcement and policy relating to consumer protection and the impacts of big data, accuracy in consumer reporting, protecting military consumers, and fair lending education for consumers and businesses.

FTC Publishes Report on its Small Business Financing Forum

The FTC published a report on a small business financing forum that it held in May 2019. The report consolidates FTC staff views on the ideas discussed during the forum as well as information gathered through law enforcement and the FTC’s research.

Panelists and participants in the forum discussed the benefits and concerns surrounding various forms of small business financing. The major concerns raised included finance providers using widely-differing methods for calculating and describing key features of the financing products making it challenging for small business owners to compare products. Most importantly, financing companies differ in how they discuss the cost of these products, with some referring to interest in terms of APR, others expressing it as the “total cost of capital,” and still others using other metrics such as fees or factor rates. Panelists also noted that financing companies used many different types of disclosures as no specific type of disclosure is required under federal law.

Of particular concern to the FTC are aggressive and misleading marketing and collection practices. The FTC’s report noted repeatedly that the FTC has engaged in significant law enforcing actions against companies that engage in deceptive or unfair practices, including small business financing companies and their brokers or lead generators.

CFPB Faces Deadline for Small-Biz Loan Data Rule

The CFPB recently settled a case that alleged the CFPB had failed to act on its Dodd-Frank mandate to collect small-business lending data. We previously discussed this case in a blog post here. In the settlement, the CFPB agreed to a detailed timeline to initiate rulemaking activities and to engage in reviews and studies. The settlement requires the CFPB to release an outline of proposals under consideration and alternatives by September 15, 2020, and to convene a Small Business Advocacy Review (SBAR) panel by October 15, 2020. The SBAR report must be completed within 60 days of the panel’s convening, and the CFPB will notify the plaintiffs in this case about the completion of the report. After completion of the report, the parties will convene to mutually agree to a deadline by which the CFPB will issue a notice of proposed rulemaking on this issue. The parties will meet again after the comment period to mutually agree on a deadline to issue the final rule.

EIOPA Publishes Cloud Computing Outsourcing Guidelines

Earlier this month, and as part of the European Union Fintech Action plan (COM(2018) 109 final), the European Insurance and Occupational Pensions Authority (EIOPA) published its guidelines on outsourcing to cloud service providers (EIOPA Guidelines). The EIOPA Guidelines are closely aligned with the European Banking Authority’s final guidelines on outsourcing arrangements, published in July 2019. The EIOPA Guidelines will apply to all cloud outsourcing arrangements with insurance and reinsurance undertakings (Undertakings) entered into or amended on or after January 1, 2021. Undertakings must also review and amend existing cloud outsourcing arrangements by December 31, 2022.

The EIOPA Guidelines require that Undertakings include certain contractual clauses in written agreements with cloud service providers to ensure that rights and obligations are clearly allocated between the parties. The EIOPA Guidelines also recommend that Undertakings have access and audit rights to cloud service provider data centers, and ensure that cloud service providers are meeting applicable data security legal requirements. For cloud services outsourcing arrangments that are considered critical outsourcing, the EIOPA Guidelines impose stricter requirements.

SEC Charges Settled Against Actor Steven Seagal in Bitcoiin2Gen ICO

On February 27, the Securities and Exchange Commission announced that it had settled charges against actor Steven Seagal for failing to disclose payments he received for promoting an investment in an initial coin offering (ICO) conducted by Bitcoiin2Gen (B2G). Seagal found himself Under Siege for failing to disclose that he was promised $250,000 in cash and $750,000 worth of B2G tokens in exchange for his promotions. Specifically, posts on his public social media accounts encouraging the public not to “miss out” on Bitcoiin2Gen’s ICO and a press release titled “Zen Master Steven Seagal Has Become the Brand Ambassador of Bitcoiin2Gen,” as well as a Bitcoiin2Gen press release quoting Seagal stating that he endorsed the ICO “wholeheartedly,” placed him On Deadly Ground and left him Marked for Death by the SEC Enforcement Division’s Cyber Unit and New York Regional Office, which have been Out for Justice in their pursuit of securities violations involving cryptocurrency tokens.

In announcing their Executive Decision, the SEC found that Seagal violated the anti-touting provisions of the federal securities laws. Without admitting or denying the SEC’s findings, Seagal agreed to pay $157,000 in disgorgement, which represents his actual promotional payments, plus prejudgment interest, and a $157,000 penalty. In addition to these Exit Wounds, Seagal agreed not to promote any securities, digital or otherwise, for three years.

The SEC’s press release reminded celebrities that they are not Above the Law and that they must disclose the nature, scope, and amount of compensation received in exchange for the promotion of any virtual token or coin that is a security.