QUESTION
We are a fintech that is growing quickly. I am the company’s General Counsel. Our President is a bit arrogant and cavalier. He is only interested in attracting investors and clients. Regulation takes a distant second place. I’ve had enough of the non-compliance. I’ve tried unsuccessfully to get him to recognize the legal exposure. I’m done. I’m resigning. My last day is the end of the week.
Before I go, I am sending this message to you. The President reads your MortgageFAQs newsletter and quotes it all the time. I have read your writing for years, and I know you do not condone workarounds, short-term fixes, and non-compliance with appropriate regulations. I hope you will consider telling your readers why Fintechs must comply with the CFPB’s expectations.
The CFPB has been increasingly active in its review of fintech activities. It is flexing its supervisory and enforcement authority more and more. The litigation is piling up. I was hoping you could let the fintechs know they can expect considerable examination and enforcement initiatives by the CFPB.
Why is it important for fintechs to comply with the CFPB’s rules?
ANSWER
I’m sorry you have been so frustrated. Your message notes that you are going into private practice. Working for a difficult President can burn out even the most resilient staff. I hope you will stay alert to fintech rules and regulations. These companies need people like you as a beacon for compliance.
Fintech compliance is relatively new. Recently, AI is getting integrated into fintech technologies. Most people in the financial services community think of fintech as applications (or “apps”) involved in financial transactions. There are fintech apps that run quite a spectrum of services, including apps involved in payments, crypto, investments, advisories, and so-called P2Ps (viz., peer-to-peer).
The fintech categories are very broad, all in some way connected to financial services transactions. Examples include mortgage banking, various types of unsecured lending, payments, money transfers (domestic and international), equity finance, and consumer banking.
For instance, you can go to your non-bank, bank, or credit union for a loan or apply online and, in many cases, apply using an app. Fintech’s automated systems and AI speed up the approval process to minutes or seconds. This is done using software to determine a borrower’s creditworthiness, advancing the results to an automated underwriting process, and producing an approval at dazzling speed.
PayPal is an example of a fintech company – one of the largest. It has a global reach and many platform configurations, and it offers instant transactional opportunities to individuals and businesses worldwide. You may not realize it, but Visa, Mastercard, Intuit, Square, Robinhood, Binance, and Venmo are fintech companies.[i] There are hundreds of fintech companies, and many more are proliferating rather quickly.
The Consumer Financial Protection Bureau (CFPB or Bureau) is mandated to ensure consumers have access to fair, transparent, and competitive markets for consumer financial products and services. Importantly, the CFPB’s supervisory and enforcement requirements pertain to fintechs.
Let’s get to your
question about why fintechs should comply with the CFPB’s rules.
I suggest there are at least three reasons why fintech enterprises should comply with CFPB requirements, beginning with the CFPB’s jurisdiction and power to investigate fintechs. Congress granted the CFPB the authority to police markets for consumer financial products or services,[ii] including consumer credit products, deposit-taking activity, payment processing, and debt collection, to name just a few.
The policing is done by supervising subject institutions and enterprises and enforcing violations of law against those that offer or provide consumer financial products or services or provide a material service to a consumer financial services provider. And, to be sure, this includes fintechs.
The Bureau has been increasingly active in supervision, enforcement, and rulemaking involving the fintech industry, many non-bank financial services providers. The CFPB will continue to develop rulemaking to expand its purview to large non-depository lenders.
Indeed, whether partnered with banks or acting alone, fintech companies are subject to the CFPB’s supervision.
In connection with the foregoing, tangling with the Bureau could engender a risk of penalties and injunctive relief. Several administrative consent orders come to mind. For instance, the CFPB entered into a consent order with two payment processors and their owners, requiring them to pay $3 million in penalties and refund over $8 million in fees.[iii]
The CFPA has also sought injunctive relief in enforcement actions. The Bureau’s Director, Rohit Chopra, has said that it is seeking to enforce “limits on activities or functions of a firm” to promote “structural” changes at financial services firms to prevent future violations.[iv]
If the law will not constrain your President, maybe reputational harm would mean something to him. When the CFPB conducts a public enforcement action or just publicly discloses an investigation, the harm to the fintech’s reputation can be enormous, perilous, and perhaps fatal.
If an app or online application is going to replace the traditional means of banking, consumers will want to trust the fintech’s brand – which, from a marketing perspective, is critical to its survival! Reputational damage due to adverse findings issued by the CFPB could also affect a fintech’s relationships with its investors, which will surely impair future fundraising efforts.
Such CFPB actions would tend to impact a fintech’s relationship with other regulators – federal or state agencies – and could hinder the fintech’s efforts to obtain necessary state licenses, among other things.
Now, I realize that you are parting with the fintech enterprise. However, your President is doing a disservice to his fintech company and other similarly situated companies by not hiring a compliance professional familiar with fintech business, customers, stress and risk points, and compliance requirements. What the President thinks about compliance will be of no consequence if the company cannot mitigate legal and regulatory risks. A fintech operating without an understanding and respecting the CFPB’s guidelines is exposed to considerable CFPB scrutiny.
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
[i]
For a recent list of the largest fintech companies, see Top Fintech
Unicorns, 2021 Review, 2022 Update, Centre for Finance, Technology and
Entrepreneurship (CFTE), https://courses.cfte.education/wp-content/uploads/2022/01/Top-Fintech-Unicorns-in-2022.pdf;
and Largest Fintech Companies by Market Valuation, https://courses.cfte.education/ranking-of-largest-fintech-companies
[ii]
Title 12 – Banks and Banking, Chapter 42, Wall Street Reform and Consumer
Protections, Subchapter V, Bureau of Consumer Financial Protection, see also USC
edition, Supplement 2
[iii] In
the Matter of: RAM Payment, LLC, inter alia, and Gregory Winters, and Stephen
Chaya, Administrative Proceeding No. 2022-CFPB-0003, May 11, 2022
[iv] “Reining
in Repeat Offenders”: 2022 Distinguished Lecture on Regulation, University
of Pennsylvania Law School, Speech, Chopra, Rohit, March 28, 2022
