Weekly Fintech Focus
- The FFIEC issues a statement promoting financial inclusion and addressing racism and discrimination within financial services.
- The OCC issues a final rule codifying the valid-when-made rule.
- The CFPB issues FAQs about remittance transfer timeliness impacted by foreign government closures of nonessential businesses in response to COVID-19.
- The NY DFS and the French bank regulator enter an MoU to collaborate on fintech issues.
- FDIC extends comment period for proposed rule relating to approval of ILC deposit insurance applications.
- Cardholders propose class action of autopay options.
- The European securities regulator publishes a consultation paper on guidelines for cloud services provider outsourcing arrangements.
FFIEC Issues Statement on Issues of Racism and Discrimination in Financial Services
At a time of nationwide action urging systemic change to address racism and discrimination, on June 5, 2020, the members of the Federal Financial Institutions Examination Council (FFIEC) issued a press release addressing these issues in the financial system, stating:
“We, the prudential and consumer financial protection regulators of the U.S. financial system, are committed to financial inclusion. Racism and discrimination must not be tolerated. Everyone deserves the opportunity to participate in our financial mainstream. We remain steadfastly dedicated to ensuring that the financial institutions which we regulate provide fair access and fair treatment to everyone in America.”
OCC Issues Final Rule Codifying the Valid-When-Made Rule
On June 2, 2020, the Office of the Comptroller of the Currency (OCC) issued a final rule to resolve a lingering legal question created by a 2015 Second Circuit decision, Madden v. Midland Funding, and to codify the longstanding valid-when-made rule. The final rule clarifies that the OCC interprets Section 85 of the National Bank Act (and 12 U.S.C. § 1463(g) of the Home Owners’ Loan Act) to mean that an assignee of a loan made by a national bank can charge the same interest rate that the bank can charge under federal law. The final rule is short, simply amending 12 CFR part 7 and part 160 to provide that “Interest on a loan that is permissible under [12 U.S.C. § 85] [12 U.S.C. § 1463(g)(1)] shall not be affected by the sale, assignment, or other transfer of the loan.” The final rule will be effective on August 3, 2020.
The final rule documents the OCC’s reasons for this clarification, reaching back to case law from the early 1800s, saying that “a contract, which, in its inception, is unaffected by usury, can never be invalidated by any subsequent usurious transaction.” As a result, the OCC finds that “the usurious or non-usurious character of a contract endures through assignment.” This final rule, the OCC states, will facilitate national banks’ lending programs and will promote the safe and sound operations of national banks by enabling national banks to transfer loans for liquidity purposes.
Finally, while stating that its rule does not promote rent-a-charter arrangements, the OCC also reiterated its position in the proposed rule, which we discussed here, that the final rule does not address the “true lender” issue. Instead, the final rule only applies to bank loans that are permissible under Section 85 and the Home Owners’ Loan Act.
The Federal Deposit Insurance Corporation (FDIC) issued a nearly identical proposed rule as the OCC in November 2019 but has not yet moved to issue a final rule as the OCC has done.
CFPB Issues Remittance Transfer COVID-19 FAQs
The Bureau has issued FAQs explaining whether failure to deliver remittance transfer funds to the designated recipient by the disclosed date of availability due to certain government-mandated closures in response to the COVID-19 pandemic is an error under the Remittance Rule. The FAQs also include illustrative examples.
On June 1, 2020, the Consumer Financial Protection Bureau (CFPB) issued a set of FAQs addressing COVID-19’s potential impact on remittance transfers and how the CFPB will review such errors under Regulation E’s Remittance Transfer Rule. In general, the FAQs serve to clarify that failures or delays in delivering remittance transfer funds would not be considered in violation of the Remittance Transfer Rule, if such a failure or delay is the result of a foreign government’s mandated closure of commercial activity in response to the COVID-19 pandemic. Mandated closures by a foreign government would fit within the Remittance Transfer Rule’s exception for errors resulting from extraordinary circumstances outside the remittance transfer provider’s control that the provider could not have reasonably anticipated as stated in 12 C.F.R. § 1005.33(a)(1)(iv).
The FAQs also provide examples of covered government-mandated closures that may or may not be covered by the exemption for extraordinary circumstances that could not be reasonably anticipated. Whether the exception applied turns on the timing of the initiation of the transfer and the announcement of the closure, as well as the designation of remittance transfer businesses, as subject to the closure and the disclosed funds availability date. A government-mandated closure of nonessential businesses occurring after a sender sends a remittance transfer to the country in which the government deems remittance transfer services as nonessential would be subject to the exemption. Alternatively, had the foreign country announced an order closing nonessential businesses prior to the date the sender sent the remittance transfer, and the remittance transfer provider disclosed that the funds would be available on a certain date, then the closure would have been reasonably anticipated and the failure to deliver such funds would be in violation of the Remittance Transfer Rule.
NY DFS Cooperating with French Bank Regulator on Fintech
The New York Department of Financial Services (DFS) announced a memorandum of understanding (MoU) with the French banking regulator, the Banque de France’s Autorité de Contrôle Prudentiel et de Résolution (ACPR), to coordinate on fintech innovation, consumer protection, and competition issues. Under the MoU, the two regulators agree to respond to referrals from the other regulator, coordinate information sharing, and provide support to fintech companies across regulators.
The NY DFS oversees financial institutions, including banks and fintechs. The ACPR is responsible for ensuring the stability of the French financial system and supervising licensed financial institutions in France. The ACPR formed a Fintech Innovation Unit in June 2016 to facilitate the licensing process for financial innovation companies and to update regulations to address issues raised by such innovations. This is the first fintech cooperation agreement between the ACPR and a U.S. regulator. The NY DFS entered a similar MoU with Israeli regulators in 2019.
FDIC Extends Comment Period for Proposed Rule regarding ILC Deposit Insurance Applications
The Federal Deposit Insurance Corporation (FDIC) extended the comment period on its proposed rule setting forth the conditions it would impose and the commitments it would require to approve a deposit insurance application from an industrial bank or industrial loan company by 30 days. The new comment period deadline is now July 1, 2020.
Cardholders Propose Class Action Over Autopay Options
Credit card holders filed a proposed class action complaint alleging Bank of America credit card holders are tricked into choosing the highest interest option for monthly payments in violation of debt collection laws. Certain customers claim that the bank’s online autopay interface doesn’t make clear that the default option is actually the minimum amount due, which is the costliest repayment method for the customer. Other allegations include unjust enrichment and breaches of the implied covenant of good faith and fair dealing.
Specifically, the complaint alleges that Bank of America intentionally misleads customers by offering duplicative autopay options of “minimum amount due” and “amount due” when selecting and that reasonable consumers would expect these options to indicate something different since they exist independently. Bank of America has not yet responded to the allegations.
ESMA Publishes Consultation Paper on Guidelines for Cloud Services Outsourcing
On June 3, 2020, the European Securities and Markets Authority (ESMA) published its consultation paper on guidelines on outsourcing to cloud service providers. The guidelines in the consultation paper set forth guidance on financial market participants’ outsourcing arrangements with cloud service providers, and are in line with similar guidelines published by the European Banking Authority in February 2019 and the European Insurance Occupational Pensions Authority in February 2020. Comments on the consultation paper are due by September 1, 2020, and ESMA intends to publish the final report by Q1 2021. The guidelines will apply from June 30, 2021, to all cloud outsourcing arrangements entered into, renewed, or amended on or after this date. Firms are directed to ensure they review and amend existing cloud outsourcing arrangements to account for these guidelines by December 31, 2022. If firms are unable to bring into compliance those cloud outsourcing arrangements that apply to critical or important functions by December 31, 2022, then the firm should inform their competent authority.
When publishing the consultation paper, the ESMA Chair, Steven Maijoor, acknowledges the benefits of financial market participants use of cloud service providers in reducing costs and enhancing operational efficiency and flexibility, but also cautions that “[f]inancial markets participants should be careful that they do not become overly reliant on their cloud services providers. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary.”
In the consultation paper, ESMA cautions that firms must be vigilant when engaging in cloud outsourcing arrangements so the firms do not fail to undertake the proper governance approach, conduct the proper due diligence, understand the division of responsibility between the firm and the cloud service provider, address any information security risks raised by using cloud services, prepare properly for business continuity concerns, or consider the proper laws of contract and data location.
The proposed guidelines set out:
- The governance, documentation, oversight and monitoring mechanisms that firms should have in place;
- The assessment and due diligence which should be undertaken prior to outsourcing;
- The minimum elements that outsourcing and sub-outsourcing agreements should include;
- The exit strategies and the access and audit rights that should be catered for;
- The notification to competent authorities; and
- The supervision by competent authorities.