Weekly Fintech Focus
- The CFPB intends to provide flexibility in its supervisory and enforcement activities related to parts of the Remittance Transfer Rule in response to COVID‑19.
- The CFPB provides an interpretive rule that paves the way for the government to distribute impact relief payments via prepaid card.
- The FTC publishes a blog post on consumer protection issues related to AI models and algorithms, reiterating the FTC’s focus on fairness and explainability.
- FinCEN re-publishes a FAQ for customer due diligence for PPP loans.
- Fintech lenders approved to provide PPP loans.
- S. warns of North Korea cyber threat to financial industry.
- Stripe raises $600 million at a valuation of $36 billion.
CFPB Announces a Flexible Approach to Upcoming Changes to the Remittance Transfer Rule
On April 10, 2020, the Consumer Financial Protection Bureau (CFPB) issued a Policy Statement on the expiration of the Regulation E Remittance Transfer Rule’s temporary exception allowing financial institutions to provide estimated remittance disclosures. This temporary exception was set to expire on July 21, 2020. Estimated remittance disclosures are currently permitted under the Remittance Rule when the financial institution does not know the exact third party fees or exchange rates for the remittance transfer.
The Policy Statement states that to reduce the impact of the COVID‑19 pandemic on remittance transfers, the CFPB will not cite supervisory violations or initiate enforcement actions against some remittance transfer providers in connection with this exception until at least January 1, 2021, for remittances that occur on or after July 21, 2020. Because of the challenges of this pandemic, the CFPB states that it will be flexible in its supervision and enforcement activities even when the exception expires. This flexibility will help those institutions that must come into compliance with the CFPB’s upcoming final rule, anticipated to be published in May 2020, which intends to make permanent this exception for certain financial institutions. We discussed the proposed rule in December 2019, here.
Flexibility is important to the remittance business, especially now as remittance companies are responding to changing conditions as a result of COVID‑19. Numerous changes to the remittance business exist due to the spread of the coronavirus. Rapidly changing employment conditions change the frequency and volume of remittance transfers to families abroad. Additionally, closed brick-and-mortar locations for remittance transfers, fears of leaving the house, and concerns about the use of cash have also led to growth for digital remittance companies. For example, a digital remittance company, Remitly, based in Seattle, facilitates remittance transfers around the world by way of mobile technology. In response to COVID‑19, Remitly is reporting a customer growth of 100% and a transaction volume growth of 40%. The long-term effect of this crisis on financial services is not yet clear, but it would not be surprising if the movement towards digital and mobile solutions continue to increase.
CFPB Provides Interpretive Guidance on Pandemic-Relief Payments on Prepaid Cards
Under the CARES Act, the government is aiming to deliver economic impact relief payments to consumers that have varying access to banking services. As a result, methods of payment such as direct deposit or paper check may not be available or expedient. The CFPB recognizes that government agencies may need to provide relief payments through alternative means, and so released an interpretive rule to remove barriers under Regulation E so payments can be made quicker to recipients.
Under Regulation E, government agencies may not require that consumers establish an account to receive an electronic fund transfer in order to receive a government benefit. The interpretive rule provides certain conditions that, if met, will make certain relief payments exempt from the restrictions on government benefits under Regulation E. The interpretive rule states that government benefits do not include payments from federal, state, or local governments if those payments: (1) are made to provide assistance to consumers in response to the COVID‑19 pandemic or its economic impacts; (2) are not part of an already-established government benefit program; (3) are made on a one-time or otherwise limited basis; and (4) are distributed without a general requirement that consumers apply to the agency to receive funds.
The interpretive rule notes that it is limited to interpreting the term “government benefit” under Regulation E. Accordingly, these payments may still be “prepaid accounts” under Regulation E. The CFPB further notes that the definition of “prepaid account” under Regulation E excludes accounts established to load qualified disaster relief payments.
The FTC Director Publishes a Blog on AI and Algorithmic Fairness
On April 8, 2020, the Federal Trade Commission’s (FTC) Director, Andrew Smith, published a blog post on the use of artificial intelligence and algorithms as they relate to consumer protection risks. Director Smith considers this blog post as a follow-up to the FTC’s 2016 report titled “Big Data: A Tool for Inclusion or Exclusion?” and the hearing the FTC held in November 2018 on AI and algorithms. He also notes that the FTC’s enforcement actions, studies, and guidance have all emphasized that companies using AI tools should be “transparent, explainable, fair, and empirically sound, while fostering accountability.”
The blog post explores each of these priorities:
- Be Transparent – The blog recommends that companies that use AI tools to interact with customers (e.g., chatbots) or to collect sensitive information should be transparent about the use of the AI tools, so that the customer knows that he or she is interacting with AI or is providing data to the company. Additionally, the use of AI tools often brings third-party vendors into the relationship, such as in using AI or algorithms to make credit decisions. The company must know how this technology works, and be able to tell the customer about it. If using a third-party vendor, the company likely has duties under the Fair Credit Reporting Act (FCRA) related to adverse action notices and a duty to correct information that is inaccurate.
- Explain your decisions – A company that uses AI or algorithms to make credit decisions must understand the data and the model used in order to explain to consumers how it reached its decision. The same is true if a company uses algorithms to assign risks scores to consumers, as this risk score may affect credit decisions. Consumers must also be able to access and correct information used to make decisions about them, making it all the more important that companies are able to explain AI and algorithmic decision making.
- Be Fair – Using AI could result in violations of the Equal Credit Opportunity Act by discriminating on the basis of race, color, religion, national origin, sex, marital status, age, or because a person receives public assistance. Rigorous testing of AI models will help the company to ensure that biases are not coded into the model and that a disparate impact is not occurring as a result of the use of the model.
- Use Robust and Empirically Sound Data and Models – A company that uses or provides AI models to others to compile and sell consumer information is likely subject to FCRA, resulting in an obligation to ensure accuracy of consumer reports and to provide consumers with access to their information and to correct errors. AI models and algorithms should be “empirically derived, demonstrably and statistically sound.”
- Be Accountable for Compliance – Companies that use AI models and algorithms need to hold themselves accountable to high standards so the company and the models are ethical, fair, and nondiscriminatory. This means, protecting and securing technology and implementing accountability mechanisms and testing.
FinCEN re-Publishes FAQs for Customer Due Diligence for PPP Loans
The Financial Crimes Enforcement Network (FinCEN) republished the Small Business Administration’s (SBA) frequently asked questions (FAQs) that address how lenders can meet certain Bank Secrecy Act (BSA) requirements when issuing a Paycheck Protection Program (PPP) loan.
Therein, FinCEN clarified that if a PPP loan is made to an existing customer and the necessary information was previously verified, lenders do not need to re-verify the information. Additionally, if federally insured depository institutions and federally insured credit unions have not yet collected beneficial ownership information on existing customers, they do not need to collect and verify that information for those existing customers that are applying for PPP loans, unless the lender’s risk-based approach to BSA compliance mandates that they do.
When issuing PPP loans to new customers, the lenders must collect the following information from all natural persons with a 20% or more ownership stake in the applicant business to satisfy BSA requirements and other FinCEN regulations: name, title, ownership percentage, TIN, address, and date of birth. This requirement also applies to beneficial owners of legal entities that own 20% or more of the applicant as well.
Fintech Lenders Approved to Provide PPP Loans
The Small Business Administration (SBA) announced that PayPal, Intuit Quickbooks, and Square were approved to take part in the Paycheck Protection Program (PPP) to help small businesses survive the economic downturn caused by COVID‑19.
PayPal CEO Dan Schulman stated that “this is a race to save jobs in the present and for the future. We are eager to deploy our capital and expertise to do our part in helping small businesses survive this challenging period.”
Other fintech lenders are waiting for approval from the SBA, but it appears that the PPP loans have run out of funding and Congress has been unable to agree on an increase to the funding.
U.S. Warns of North Korea Cyberthreat to Financial Industry
In a joint statement, the U.S. Department of State, the Department of the Treasury, the U.S. Department of Homeland Security, and the Federal Bureau of Investigation warned of North Korean plots against financial institutions worldwide and cautioned that disruption of critical infrastructure systems in the United States was possible.
The U.S. noted that North Korea has the capability to steal from financial institutions and has demonstrated a pattern of disruptive and harmful cyber activity. Such activities include cyber-enabled theft and money laundering, extortion campaigns, and cryptojacking.
The joint statement discusses several high-profile examples, including the 2014 Sony Pictures hack in retaliation of the film “The Interview.” The U.S. reiterated the consequences for engaging in prohibited or sanctionable conduct and is offering a reward of up to $5 million for information about illicit North Korean cyberspace activities.
Stripe Raises $600 million in New Funding at a Valuation of $36 Billion
Stripe raised $600 million in new funding at a valuation of $36 billion. This new funding is an extension of the Series G round that raised $250 million last September. Stripe said that it plans to use the new capital to continue investing in product development and to further global expansion and strategic initiatives. As John Collison, president and co-founder of Stripe, put it, “We believe now is not the time to pull back, but to invest even more heavily in Stripe’s platform.”
This recent funding, which is the largest thus far in Stripe’s existence, came from several existing investors including Andreessen Horowitz, General Catalyst, GV, and Sequoia.