Fintech appears to be the next industry set to benefit from the Trump administration's ongoing deregulatory push. The Bureau of Consumer Financial Protection's ("Bureau") long-gestating update to the Obama era no-action letter policy was announced as one of the final acts of outgoing Acting Director Mick Mulvaney. Though no-action letter policies and product sandboxes (jurisdictions where new business models may be tested with decreased regulatory oversight) have existed for some time in concept and in action, the new policy proposal would dramatically expand the scope of such programs - to the consternation of many consumer advocates.

A number of state, federal, and international regulators already have begun to experiment with their own sandboxes, despite the fact that the Bureau has only issued one no-action letter on the topic since the original policy was published in 2014. The draft proposal, set to be published in the Federal Register with a 60 day period for comment, not only would catch the Bureau up to these other regulators, it would move the Bureau considerably beyond them.

Background

The Bureau's initial 2014 no-action letter policy, finalized in February 2016, allowed for the Bureau to issue no-action letters in cases "where there is substantial uncertainty whether or how specific provisions of statutes or regulations implemented by the CFPB would be applied (for example if, because of intervening technological developments, the application of statutes and regulations to a new product is novel and complicated)." The policy also noted that even once issued, a no-action letter would not be binding on the Bureau. The Bureau acknowledged at the time that the policy would likely only be used "rarely and on the basis of exceptional circumstances."

In addition to the limitations described above, areas of concern with the original policy included the high threshold for a substantive showing necessary to qualify for a no-action letter, confidentiality issues, a required demonstration that there is no better way to address the uncertainty for which the no-action letter is requested, and timing issues regarding when a product is ripe for assessment. Perhaps as a result of these limitations, the Bureau issued only one no-action letter under the original policy. This no-action letter, issued to a company called Upstart Network, Inc., allowed for the testing of a credit-underwriting model involving the use of artificial intelligence and machine learning to supplement traditional credit scoring techniques.

During the same period, a few state governments and international regulators were moving ahead with sandboxes in their own jurisdictions. The United Kingdom created a fintech regulatory sandbox in 2015, Arizona became the first U.S. state to create a sandbox in 2018, and the Illinois legislature is currently considering a proposal mirroring Arizona's. Arizona's legislation includes a "passporting" provision, allowing for participants in Arizona's sandbox to operate in other jurisdictions with similar programs. Although this provision is currently ineffective as there are not yet other U.S. jurisdictions with similar programs, its inclusion likely presages the enactment of such laws in other states around the country. Meanwhile, the SEC and CFTC have been considering their own versions of regulatory sandboxes, and the OCC is working on a proposed fintech bank charter.

New Proposal

The Bureau's new no-action letter and product sandbox proposal purports to carry out five major goals: "(1) Streamlining the application process; (2) streamlining the Bureau's processing of applications; (3) expanding the types of statutory and/or regulatory relief available; (4) specifying procedures for an extension where the relief initially provided is of limited duration; and (5) providing for coordination with existing or future programs offered by other regulators designed to facilitate innovation." Below is a bit more detail on the two programs that the CFPB hopes to redesign with its new policy.

  1. Part I: No-Action Letters.  In keeping with the above goals, the Bureau plans to eliminate data sharing requirements, time-period limitations for product testing, and barriers to UDAAP-focused no-action letters. In addition, the Bureau will now stand behind the no-action letters it issues, meaning that recipients who comply with the terms of a no-action letter will not face Bureau enforcement. Under the 2016 policy, a no-action letter was considered only a staff recommendation. Following from the Bureau's push to stand more firmly behind no-action letters, a section will be included in the policy calling for Bureau coordination with other regulators that offer similar forms of relief. Finally, the Bureau plans to radically overhaul the application process – the Bureau expects that it will now grant or deny an application within 60 days after it has deemed the application complete.
  2. Part II: CFPB Product Sandbox.  Unlike Part I, Part II of the proposal, relating to sandboxes, will maintain time-period limitations on product testing – two years in most cases, though with the possibility of extension. Also in contrast to Part I, Part II will maintain data sharing requirements. The Bureau's product sandbox would include similar no-action relief to Part I; however, relief would also be available through safe harbor provisions and exemptions by order from statutory or regulatory provisions. Like the Bureau's new proposal for no-action letters, the policy for the sandbox also calls for a review of completed applications within 60 days.

It is notable that, while the 2016 policy specifies that no-action letters were "intended to facilitate consumer access to innovative financial products" (emphasis added), the 2018 policy removes such language. "Innovation" had been a key concept for prior iterations of no-action letter policies and sandboxes. Arizona's regulation in this area requires that a product approved for its sandbox contain an "innovation," which it defines as "the use or incorporation of new or emerging technology or the reimagination of uses for existing technology to address a problem, provide a benefit or otherwise offer a product, service, business model or delivery mechanism that is not known by the Attorney General to have a comparable widespread offering in this state." By removing such requirements from its new 2018 policy, and by not scoping its policy specifically for fintechs, the Bureau has opened up its programs to entities and products not contemplated in prior attempts at regulatory sandboxes.

Consumer Advocate Concerns

As was the case with the Bureau's 2016 policy and the Arizona legislation, consumer advocates have expressed concerns about the use of no-action letters and regulatory sandboxes. Due to the potential for expanded use of such programs at the federal level as a result of these policy changes, however, consumer advocates are expressing even more concerns than they have before. Laura Saunders, the Associate Director of the National Consumer Law Center, argues that not only will the Bureau's new policy create a "consumer protection desert," but also that the proposal is "unlawful, outside [the Bureau's] authority, and undoubtedly will face a legal challenge." The new policy has also drawn the ire of incoming House Financial Services Committee Chair Maxine Waters (D-CA), who called the proposal "another step to weaken the Consumer Bureau and curtail its enforcement tools." The Bureau's explicit de-emphasizing of UDAAP concerns in the granting of no-action letters is unlikely to calm such fears.

For her part, new Bureau Director Kathy Kraninger has indicated that she is "not deeply briefed on the topic at the moment," yet believes "innovation does provide opportunities to consumers for access."

Conclusions

While the Bureau's new no-action letter and sandbox policy proposal is excellent news for the fintech industry, many consumer advocated contest the consumer benefit of such programs. Whatever one's view on the new policy, however, it must be acknowledged that the overhaul has the potential to upend consumer financial regulations as they apply to fintechs, allowing for increased access to multi-year trial runs for financial products with a guarantee of no regulatory action. Whereas the Bureau granted one no-action letter under the 2016 policy, the proposed new policy provides that the Bureau will take action within 60 days of receipt of a completed application. This, in addition to the expansiveness of the new federal sandbox and no-action letter policy created by this proposal, augurs a significant uptick in fintech applications. Because the proposal does not include a concrete call for "innovative" products only, like in the Arizona legislation, it remains to be seen how the Bureau will choose to manage these new programs and the expected rise in applications.

DWT will continue to monitor developments throughout the proposal's comment period, and upon final publication.