Weekly Fintech Focus

  • FDIC discusses its fair lending activities in the most recent edition of its Consumer Compliance Supervisory Highlights.
  • US and EU engage in a joint regulatory forum to discuss international coordination on financial regulation and operational resiliency.
  • BCBS publishes its principles for operational resilience for banks, including a focus on third-party outsourcing relationships with financial technology companies.
  • Financial regulators seek comment on model risk management guidance.
  • CSBS seeks comment on a revamp of the nationwide licensing system.

FDIC Consumer Compliance Supervisory Highlights Fair Lending Risks

The Federal Deposit Insurance Corporation (FDIC) has issued the March 2021 edition of its Consumer Compliance Supervisory Highlights. The publication was established to highlight consumer compliance issues identified in 2020. This publication consists of a summary of supervisory observations related to consumer protection laws and best practices that may be useful in mitigating risks for financial institutions, among other things.

The federal fair lending laws of the FDIC prohibit discrimination in credit transactions. As part of every consumer compliance examination, the FDIC conducts a fair lending review to evaluate financial institutions’ compliance with the fair lending and antidiscrimination practices of the FDIC. In 2020, the FDIC reported three fair lending violations to the U.S. Department of Justice as required by law. These reported violations are referenced below.

  • The FDIC identified an instance involving an institution that originated unsecured loans through a third party, which allowed applicants to apply for credit directly on its website. Examiners found that the underwriting criteria included the prohibited bases of age and receipt of public assistance income. Specifically, an applicant who was under the age of 30 would be denied. Any applications that included a source of public assistance income would similarly be denied.
  • Next, the FDIC identified an institution using a third-party credit-scoring model to offer consumers unsecured lines of credit. This credit-scoring model scored younger applicants more favorably than elderly applicants, and the model similarly scored applicants that noted they were on maternity leave less favorably than non-maternity leave applicants.
  • Lastly, examiners of the FDIC identified a policy that provided a different pricing model for married joint applicants compared to unmarried joint applicants. If the applicants were married, the policy instructed the loan officer to use the highest credit score of the two applicants to price the loan. If they were unmarried, the loan officer was to use the credit score of the primary applicant (which, in the institution’s view, was the person listed first on the credit application). The FDIC noted that this policy led to unfavorable pricing for unmarried applicants. The effect of the policy was to price applicants differently based on their marital status, which is prohibited.

To mitigate violations, financial institutions may consider maintaining a strong compliance program and reviewing fair lending laws regularly to ensure compliance with such antidiscrimination laws. Financial institutions may also require the maintenance of policies and procedures to shield creditors from making these violations.

US and EU Participate in Joint Financial Regulatory Forum

Recently, financial regulators from the United States and the European Union participated in a Joint Financial Regulatory Forum to discuss topics of mutual interest related to the financial regulatory landscape. The forum focused on (1) COVID-19 recovery and mitigating financial stability risks; (2) sustainable finance; (3) multilateral and bilateral engagement in banking and insurance; (4) regulatory and supervisory cooperation in capital markets; (5) regulatory and supervisory developments regarding financial innovation; and (6) anti-money laundering and countering the financing of terrorism issues.

Particularly relevant to fintech, the regulators discussed improving resilience in the financial sector in the context of financial innovation, supported by the promotion of responsible innovation and international cooperation for supervisory activities. Resilience in the financial sector as a whole as well as within the nonbank financial sector has become a greater focus for regulators. Additionally, the regulators discussed new forms of digital payments, including cryptocurrencies, stablecoins (referred to by the regulators as “so-called stablecoins”), and central bank digital currencies.

BCBS Publishes Its Principles for Operational Resilience for Banks

Just days after the Joint Financial Regulatory Forum, the Basel Committee on Banking Supervision (BCBS) published its Principles for Operational Resilience. The BCBS defines “operational resilience” as the ability of a bank to deliver critical operations through disruption. The publication promotes a principles-based approach to improving operational resilience and encourages transnational and cross-sectoral cooperation in the shadow of both the financial crisis of 2008-2009 and the recent COVID-19 pandemic. The BCBS notes that there is still further work to do to strengthen banks’ ability to absorb and respond to operational risks, including pandemics, cybersecurity incidents, and technology failures.

The publication highlights the banking sector’s rapid adoption of third-party outsourcing and new financial services technology. The new principles explain that prior guidance related to banks’ adoption of third-party technology services does not adequately capture all elements regarding operational resiliency in one place. It therefore encourages banks to ensure that their existing risk management frameworks, business continuity plans, and third-party dependency management are implemented consistently, with an eye toward harmonization across the institution. Further, when engaging with a third party for outsourcing services, a bank should ensure through its diligence that the third party has at least an equivalent level of operational resilience to safeguard the bank’s critical operations. And, banks should consider how to manage the sustainability of such third-party services in the event of disruption, including transitioning critical services to viable alternatives or bringing such services back in-house.

Financial Regulators Seek Information on Bank Model Risk Management

On April 12, 2021, federal financial regulators issued a request for information (RFI) and an interagency statement regarding industry questions on model risk management under the agencies’ “Supervisory Guidance on Model Risk Management” (the model risk management guidance, or MRMG). The MRMG is a principles-based framework for the sound development, implementation, and use of models for bank risk management and compliance.

The agencies support efforts by banks to engage in innovative practices and technologies to update their Bank Secrecy Act/anti-money laundering (BSA/AML) systems and models to adapt to evolving threat environments. The agencies recognize that not all banks use models as described in the MRMG or have formalized model risk management frameworks. The interagency statement is provided as a resource for banks when developing a model risk management framework using the MRMG.

The request for information seeks suggestions for changes to current guidance and regulations about model risk management and discussion of the benefits and drawbacks of the MRMG for BSA/AML and Office of Foreign Assets Control compliance purposes. The RFI also sets forth a series of questions seeking information about how banks use models in their compliance efforts, what policies and procedures banks have in place for such models, and how the MRMG can be changed or better understood to facilitate bank innovation.

CSBS Seeks Comment on Modernizing Licensing Framework

The Conference of State Bank Supervisors (CSBS) issued a request for public comment regarding a standardized approach to the licensing process in the Nationwide Multistate Licensing System (NMLS). Comments may be submitted until May 31, 2021.

The proposed developments include the following:

  • A Networked Licensing Model based on the recent Multistate MSB Licensing Agreement Program that allowed state regulators to share information to eliminate duplicative tasks in the licensing process.
  • A Licensing Requirements Framework that is intended to standardize data collection and segment licensing requirements into three categories: Core Requirements, Business-Specific Requirements, and License-Specific Requirements.
  • A Core Requirements Proposal that aims to standardize certain information requirements that all nonbank entities, regardless of industry, would have to provide.
  • An identity verification solution to streamline user logins.

The request for public comment provides a detailed overview of the proposed changes, which will be worthy of review by fintech companies that have found nonbank licensing to be a challenging and time-intensive process. The CSBS has been working hard with the industry to improve licensing processes, and the proposed changes should continue to improve NMLS functionality and licensee ease of use of the system.