Regulatory Innovation - Fintech Law Report May/June 2016

REPORT

May/June 2016 ▪ Volume 19 ▪ Issue 3

REGULATORY INNOVATION

FINTECH LAW

E-Banking, Payments & Commerce in the Mobile World

By Jo Ann S. Barefoot Jo Ann Barefoot is CEO of Jo Ann Barefoot Group, LLC (www.jsbarefoot.com), and a Senior Fellow in the Mossavar-Rahmani Center for Business and Government in the Harvard Kennedy School of Government, where she is writing a book on nancial innovation and regulation. A former Deputy Comptroller of the Currency, she is the host of the podcast show Barefoot Innovation (ww w.BarefootInnovation.com) and the video brie ng series Regulation Innovation (www. RegulationInnovation.com), and speaks and writes extensively about FinTech.

Last June, the FCA sought public input on two core questions: (1) what regulations are impeding innovation and (2) whether there is a need for new regulations to enable it. This

Financial regulators in the United Kingdom (“UK”) are innovating about innovation in ways that may reshape government thinking around the world.

IN THIS ISSUE:

The UK has adopted a national strategy aimed at establishing itself as the global capital of Financial Technology (“FinTech”). This policy is being driven from the top with active leadership by the prime minister, chancellor, and nancial regulators. It includes an explicit regulatory mandate to foster innovation that promotes both consumer bene t and industry competition -a challenging mission added to, and balanced with, the traditional regulatory role of managing risk.

Online Lending Faces a Hangover

13

FinTech Law Report: May 2016 Regulation and Litigation Update

16

From the Editors

25

The lead agency in this e ort is the Financial Conduct Authority (“FCA”) which, along with the Prudential Regulatory Authority, oversees the UK’s nancial industry. Beginning in 2014, the FCA launched a series of bold initiatives under the banner Project Innovate, including an Innovation Hub1 that nurtures startups. The Project Innovate website explicitly states that the program “promote[s] competition through disruptive innovation-innovation

41844461

that o ers new services to customers and challenges existing business models.”2 This embrace of disruption is not typical regulatory language. It re ects a belief (which I share) that today’s innovation has the potential to bring vast improvements in consumers’ nancial wellbeing by making services more inclusive, understandable, and empowering - but only if wisely regulated.

Regulatory Innovation

1

The Future is Now: Driverless Cars and the Insurance Landscape

8

May/June 2016 | Volume 19 | Issue 3 spring, the agency announced a memorandum of understanding, described as a rst-in-the-world agreement, with the Australian Securities and Investments Commission to share information about their respective startups, in order to open both markets more readily to them. Another milestone came May 11, 2016, with the establishment of the UK’s “ rst ever FinTech Bridge,” which included an arrangement with Singapore to “help UK FinTech rms and investors access the Asian market and expand to Singapore, as well as [to] attract Singaporean FinTech companies and investors to the UK.”3 The FCA describes the bridge as being “in line with the government’s commitment to ensure the UK remains the global FinTech capital of the world,” noting that its industry generated £6.6 billion revenue in 2015 and employs over 60,000 people. The most innovative step to date, however, is the April 2016 launch of a “regulatory sandbox,”4 which is a laboratory-type safe space in which innovators that face potential regulatory hurdles can experiment with products that could bene t consumers and competition. The Regulatory Sandbox The sandbox idea has been under discussion in the United States(“U.S.”) as well.5 It has potentially huge leveraging power in shaping how FinTech evolves be-

FinTech Law Report cause it could tilt the entire innovation landscape toward new solutions that are pro-consumer. This is because the uniquely pervasive regulation of the nancial sector creates high costs and uncertainties that deter incumbents from innovating and discourage new capital from entering. If governments can begin to create an easier regulatory path for innovation that clearly bene ts consumers, then that path is likely to become a thoroughfare. If FinTech innovations then successfully demonstrate their commercial superiority, they will remake the nancial sector as a whole over time. The FCA issued its sandbox concept proposal last November. The FCA sought public comment and conducted roundtable meetings in which I participated. On the April 11, 2016, the FCA announced its plan for the sandbox program,6 inviting innovators to apply between May 9 and July 8, 2016, to join the rst cohort of companies. The sandbox is described as a “world- rst for nancial system regulators.”7 While the UK’s nancial industry and regulatory structure di er sharply from those in the U.S. and other countries, the sandbox concept is being watched closely by regulators and innovators throughout the world (more on this below). The sandbox has several highly unusual elements. First, the FCA explicitly recognizes that its regula-

Fintech Law Report West LegalEdcenter 610 Opperman Drive Eagan, MN 55123 K2016 Thomson Reuters For authorization to photocopy, please contact the West’s Copyright Clearance Center at 222 Rosewood Drive, Danvers, MA 01923, USA (978) 750-8400; fax (978) 646-8600 or West’s Copyright Services at 610 Opperman Drive, Eagan, MN 55123, fax (651) 687-7551. Please outline the speci c material involved, the number of copies you wish to distribute and the purpose or format of the use. This publication was created to provide you with accurate and authoritative information concerning the subject matter covered; however, this publication was not necessarily prepared by persons licensed to practice law in a particular jurisdiction. The publisher is not engaged in rendering legal or other professional advice and this publication is not a substitute for the advice of an attorney. If you require legal or other expert advice, you should seek the services of a competent attorney or other professional. Copyright is not claimed as to any part of the original work prepared by a United States Government of cer or employee as part of the person’s o cial duties. One Year Subscription E 6 Issues E $ 752.04 (ISSN#: XXXX)

2

K 2016 Thomson Reuters

FinTech Law Report tions may be impeding desirable innovation. In announcing the sandbox, the agency’s Director of Strategy and Competition, Christopher Woolard, said that, “[f]inance is an established industry with many rules that pre-date smartphones, let alone blockchain or biometric identi ers.”8 The acknowledgement that regulations intended to help consumers might now be harming them or might be back ring is breakthrough thinking in itself. The announcement also directly confronts the likelihood of public mistrust. Mr. Wollard stated: The key question for us was how does a regulator create a sandbox that gives industry the freedom to break new ground and encourage creative solutions when there is a limited public appetite to accept business failure if things go wrong, particularly in nancial services?9

The plan is also remarkable in its embrace of uidity and agility. Regulators are not known for these traits. To the contrary, normal regulatory processes are designed to be deliberate and, frankly, slow. Those are virtues in many regulatory situations, but are illsuited to overseeing the fast-emerging FinTech world, much less fostering it. The FCA has undertaken a conscious move toward acting with greater speed and exibility (note the remarkable pace involved in proposing the sandbox in November, launching it in April, and announcing two international agreements by May). As part of this rapid decision-making, and equally important, the agency is explicitly saying it plans to learn by doing, as opposed to learning by studying. Speaking, myself, as a former bank regulator, this seems nothing less than revolutionary. The Sandbox’s Dual Challenges The FCA identi ed two main challenges in designing its sandbox. The rst is how to lower barriers to testing within the existing regulatory framework. The second is how to assure that risks from testing novel solutions are not transferred to consumers. The issuance addresses both questions at length.

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 Challenge One: How to lower barriers to testing within the current regulatory framework On the rst challenge, the FCA will use four kinds of approaches. First, it will craft individual guidance, speci c to each test, to address concerns that may arise around interpretation of rules. Mr. Woolard says: We recognise that there may be regulatory uncertainty if something is not established market practice. We also recognise that rms are interested in dialogue with us to get greater clarity about how we might apply our rules.10

This individual guidance will provide a “limited safe space.” If the rm acts within it, the FCA will view it as having complied with the rules. Citing its experience with Project Innovate, the agency expresses con dence that it can provide this kind of useful and practical guidance case-by-case. Second, the FCA has some power to waive and modify its own rules, although not statutory requirements or rules of the European Union. Mr. Woolard stated this is “meant for rules which have become unduly burdensome or are not achieving their objectives”11 (another explicit recognition that some regulations are obsolete and even counterproductive). Third, the FCA may issue “no enforcement action letters” in cases where general guidance and waivers are not su cient. This parallels the approach taken in the U.S. by the Consumer Financial Protection Bureau’s (“CFPB”) Project Catalyst. For the FCA, it would be a new tool and would only apply to the test. As with the CFPB’s letters, this would not protect against liability beyond the agency’s own domain. Mr. Woolard says they want to give companies “comfort” that as long as the provider deals openly with the FCA and follows the rules of the test “[the FCA] accepts that unexpected issues may arise and will not take disciplinary action.”12 Fourth, the agency speci cally wants to help start-

3

May/June 2016 | Volume 19 | Issue 3 ups with early-stage e orts by tailoring a regulatory framework in proportion to the scale of the innovator, both initially and as it grows. The FCA recognizes that rms face barriers in the form of “signi cant costs before they can meaningfully explore consumer appetite or if there are any signi cant risks posed to consumers.”13 For these rms, the FCA will create a customized authorization14 process that allows them only to test the idea for which they apply. After successful testing, the rm could move into the mainstream authorization process (which generally parallels the licensing system in the U.S.). Interestingly, the FCA actually considered simply removing the requirement that these early-stage sandbox rms become authorized at all, but instead adopted this two-step process. The agency envisions that rms graduating from the sandbox will be ready to operate within the regulatory framework and that this will, among other things, help them win consumer con dence.

Challenge Two: Protecting consumers in testing situations Regarding its second core challenge, the FCA is taking three steps. First, it will only consider sandbox applications that clearly o er direct or indirect consumer bene t. Second, it will establish tailored safeguards on a case-by-case. These could range from mandating speci c disclosures to requiring the company to return consumers to their pre-test state if the test does not turn out as hoped. The agency grappled with the applicability of “informed consent” standards and wants to assure that people do not lose any legal rights. At the same time, it may consider building tests that limit the company’s liability to the customers, especially for business-to-business (“B2B”) approaches. Finally, every sandbox company will have to spell out the exit strategy for its customers. These might

4

FinTech Law Report range from simply ending the test to transferring the customers to another provider. Design of the Program The FCA sees the program as an experiment through which, again, it will learn by doing. It expects a high level of customization as its sta interacts with the innovative initiatives. It plans to select two cohorts of innovators per year, as it has done with its Project Innovate accelerator program. The second round of sandbox applications will open in January 2017. The application process requires explaining the proposal and how the proposal meets the following criteria: E Genuine innovation; E Bene t to consumers, either direct or indirect; E That the rm is in scope for the FCA; E The need for testing in the sandbox; and E Readiness to conduct a live test. The agency emphasizes that the rst cohort will be small and will be chosen based heavily on how “doable” the testing is. It will consider any testing that has already been conducted; how the test will be designed and will meet the applicant’s objectives; length of the test and key milestones; types and numbers of consumers to be tested and how they will be identi ed; risks raised for consumers and how people will be protected; how to measure progress and to de ne success; exit plans if the test fails; and next steps if the test works well. For rms subject to regulation by the Prudential Regulation Authority (including banks) the FCA will coordinate and agree on appropriate sandbox permission. The two agencies have in place a memorandum of understanding to cover these situations,

K 2016 Thomson Reuters

FinTech Law Report thus assuring regulatory consistency, which is a key issue. Each sandbox rm will have a bespoke monitoring process, normally involving weekly reporting to the FCA on progress under the elements of the test plan. The agency can end tests for failure to report or noncompliance with core principles. At the completion of the tests, the sandbox rms will have four weeks to submit a report. The FCA will provide feedback but will not endorse products or business models. To the extent appropriate, the FCA will report results to the public. More Mold-breaking The sandbox announcement has two other unusual features. First, the FCA will also work toward creating a “virtual sandbox,” led by the industry. The idea is to use public and pooled data to test ideas without live consumers being a ected. This approach might be structured with a focus on certain sectors of innovation. Second, the agency is encouraging the industry to create a private “umbrella” entity that could be empowered by the FCA to conduct tests. This is seen as a possible way to reduce burdens on smaller companies and on the regulators as well. London is home to a global FinTech trade association, Innovate Finance,15 that has been exploring this concept. Both of these ideas have longer development trajectories than the main sandbox, but both demonstrate, again, the innovativeness of the regulators’ vision. Reg-Tech Importantly, a speci c focus of the sandbox is to explore innovative use of technology to ease regulatory compliance, or “Reg-Tech.” This eld is attracting numerous startups in the UK and beyond.

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 Global Context The UK regulators’ initiatives are catching attention worldwide but are not isolated. As noted earlier, Australia has a similar focus on fostering innovation and has entered into a mutual agreement with the FCA to ease cross-market operation for each other’s approved companies. Another example is Singapore, which has embarked on a multi-layer program of attracting innovators from throughout the world in areas like blockchain technology and which, as noted above, has joined in a Fin-Tech Bridge with the UK. In April I moderated a panel at Massachusetts Institute of Technology during which Sopnendu Mohanty, Chief Fintech O cer for Singapore’s Monetary Authority, described the country’s strategy as “learning by doing, rather than studying.” Extensive work is also underway by nancial regulators in the developing world to de ne regulatory principles and best practices as we move toward digital access to nancial services for everyone on earth. This universal access is coming fast, thanks to rapid adoption of cell phones (the World Bank reports that as of 2013, more people have access to mobile phones than to toilets16). India has undertaken a project to gather biometric data-ten ngerprints and two retina scans-from each of its 1.25 billion people, as part of an ambitious e ort to bring everyone into the digitized world. Entities like United States Agency for International Development (USAID) are exploring how best to protect consumers from harm as these shifts occur, as is the Alliance for Financial Inclusion, the association of the nancial regulators of the global south. These enormous trends are driving rapid technology and commercial innovation in nance which will, again, inevitably force change upon existing regulatory systems. The United States U.S. regulators are addressing these trends as well.

5

May/June 2016 | Volume 19 | Issue 3 On March 31, Comptroller of the Currency (“OCC”) Thomas Curry unveiled his agency’s white paper on Responsible Innovation, the work of a task force he appointed last summer.17 The OCC outlined its thinking on how to become adept at permitting positive innovation while still assuring consumer protection and nancial system stability. It is seeking public comment, holding a symposium, and weighing options such as creating an innovation unit and a sandbox-style innovation laboratory. The OCC has also been approached by at least one FinTech company seeking a charter to become a national bank, and has said it will explore the concept. It has the power to issue both full-service and limited charters. Also, in April, Federal Reserve Board Governor Lael Brainard made a speech18 describing similar work underway at the Federal Reserve Board to think through the regulatory issues raised by nancial innovation. Meanwhile, the CFPB has the oldest of the sandbox-type initiatives, in Project Catalyst. In recent months it has issued guidance on plans to use “no-action letters” to provide a partial regulatory safe harbor for approved experiments. The U.S. is facing unique challenges, even handicaps, in maintaining global leadership in FinTech innovation. First, the U.S. lacks a proactive national competitive strategy of the kind that has fueled the UK’s rise to the forefront of regulatory innovation. This may be appropriate and skeptics may fear that the UK’s proactive e orts will ultimately bring excessive risk and other problems into the system. Nevertheless, the difference between a proactive national leadership strategy and a traditional reactive strategy con ned to the nancial sector will mean dramatic di erences in countries’ competitiveness in FinTech innovation. It will also probably mean di erences in how quickly and fully a country’s consumers gain the bene ts of

6

FinTech Law Report innovations that make nancial services more a ordable, transparent, empowering, and easy to use. Again, nance is subject to higher and more complex regulation than any other sector that has undergone technology-driven disruption, which inevitably means that nonstrategic, piecemeal, and reactive regulation will chill it, for good or ill. Second, the U.S. nancial industry, especially banking, is far larger and more diverse than in most countries, creating a much more daunting set of regulatory challenges. Third, the U.S. regulatory structure is uniquely fragmented too. Five federal agencies directly supervise nancial institutions.19 At least 20 more impact consumer nancial products in various ways. In addition, fty states regulate banks and most also license and regulate nonbank lenders and money transmitters. Nonbanks normally must start with a state license and then, to scale up, must apply state-by-state for additional licensing, a complex, slow, and expensive process that is impossible for many young enterprises. Most banks, meanwhile, face supervision by several federal and sometimes state regulators. This can impede innovation because the bank normally cannot know whether an initiative approved by one regulator might ultimately be disapproved by another. More broadly, all of these agencies’ jurisdictions overlap extensively, creating complexity, inconsistency and uncertainty for providers and consumers. Furthermore, their domains will increasingly leave gaps between them, in which important issues have no e ective regulator at all. This is especially true because the drivers of FinTech innovation are more about new technology than about nancial products in that they are fundamentally more “tech” than “ n”, and are shaped by huge technology trends like big data, machine learning, blockchain technology, and expanding use of mobile smartphones. This means that regulation of many issues will occur largely outside of the realm of nancial policy. The U.S. leg-

K 2016 Thomson Reuters

FinTech Law Report

May/June 2016 | Volume 19 | Issue 3

acy regulatory structure is rooted in old industries and issues and creates numerous potential (and often competing) problems, including consumer protection failures, inadvertent choking o of innovation, and fueling of industry growth outside the banking system rather than in it, which in turn raises potential concerns about systemic stability and regulatory e ectiveness.

credit and debit cards that readily connect them to the electronic payments system, and to telephone landlines. As a result, they have been slower to adopt the fully-mobile nancial tools that are revolutionizing nance elsewhere. This is creating a leapfrog effect in which other countries have the potential to innovate faster and better.

Fourth, U.S. regulators also have di erent powers from those of the FCA and would probably need statutory authority to waive or suspend most regulatory requirements for test situations. The agencies generally do have discretion in interpreting whether a given product or activity raises concerns about Unfair and Deceptive Acts and Practices (“UDAP”),20 but that very discretion can, again, lead to interagency inconsistency.

Toward Better Regulation

If the U.S. wants to adopt a sandbox-style innovation program beyond the CFPB’s current Project Catalyst, all of these di culties will have to be resolved, especially the need for interagency consistency of interpretations and streamlining of approvals. Again, rms in the UK face not only an innovationfriendly regulatory climate, but also the ease of working with a single agency (and, if they are banks, knowing that it is coordinating with their prudential supervisory agency). Once approved, they can also currently “passport” their authorized activities throughout the European Union (“EU”) (and, as noted above, probably Australia). This opens up an enormous consumer market without the equivalent of the U.S. state-by-state authorizations.21 These advantages are already attracting U.S. innovators to London. To be e ective, any expanded U.S. sandbox e ort will have to function as an interagency body, perhaps through a task force or through cooperation with a credible outside entity. Ironically, the U.S. is in some ways a victim of its own success. In comparison to most of the world, American consumers have enjoyed relatively high levels of access both to nancial services, including

K 2016 Thomson Reuters

Most dialogue about sandboxes stops short of articulating the logical next question: if testing nds that current regulations are obsolete and even counterproductive, shouldn’t the rules be changed? It is premature to envision potential revisions with any speci city, of course. Nevertheless, the sandbox concept could create something that has been largely absent from regulatory e orts to protect nancial consumers, namely a clear articulation of desired outcomes and methodical ways to test and measure whether they are being achieved. One can imagine old disclosures replaced by hightech tools that leverage the huge information and easy interface everyone has available in the little supercomputer in their pockets. One can envision unprecedented democratization of nancial access as mobile delivery channels demolish old cost structures, and as lenders adopt smart but fair use of new kinds of underwriting data. Possibly new anti-money laundering rules will eventually leverage technology to catch more crime, at lower cost, with less unintended harm to innocent people. Maybe banks and nonbanks will be able to build powerful new business models that merge their respective strengths. Perhaps companies o ering transparent, simple, well-priced products that demonstrably perform as promised will ultimately operate with greatly reduced regulatory burden. All such changes will of course create new risks. The challenges ahead are enormous for innovators, traditional nancial companies, regulators, and consumers. Nevertheless, in the words of the FCA’s Mr. Woolard, “The prize is there.”

7

May/June 2016 | Volume 19 | Issue 3 ENDNOTES: 1 Financial Conduct Authority, Innovator businesses: Project Innovate, https://innovate.fca.or g.uk/ (last visited May 17, 2016). 2Financial Conduct Authority, Project Innovate: Next Steps, https://innovate.fca.org.uk/innovation-hu b/project-innovate-next-steps (last visited May 17, 2016) (emphasis added). 3GOV.UK, First ever FinTech bridge established between Britain and Singapore, https://www.gov.uk/g overnment/news/ rst-ever- ntech-bridge-establishe d-between-britain-and-singapore (last visited May 17, 2016). 4Financial Conduct Authority, Regulatory Sandbox, https://innovate.fca.org.uk/innovation-hub/regul atory-sandbox (last visited May 17, 2016). 5See Jo Ann Barefoot Group, LLC, The Regulatory Sandbox: BMO’s Nitish Pandey, http://www.jsba refoot.com/podcasts/2016/1/16/the-regulatory-sandbo x-bmos-nitish-pandey (last visited May 17, 2016). 6 Financial Conduct Authority, Default standards for sandbox testing parameters, http://www.fca.org.u k/your-fca/documents/default-standards-for-sandboxtesting-parameters (last visited May 26, 2016). 7Financial Conduct Authority, Speech by Christopher Woolard delivered at the Innovate Finance Global Summit, http://www.fca.org.uk/news/innovat e- nance-global-summit (last visited May 17, 2016). 8 9

Id. Id.

10

Id.

11

Id.

12

Id.

13

Id.

14

The UK’s legal framework is di erent from the U.S. system. Generally the term “authorized rm” parallels the U.S. system of state licensing of businesses engaging in nancial activities like lending or money transfer. 15Innovate Finance, FCA Regulatory Sandbox and What it Means for UK’s FinTech Sector, http://innova te nance.com/our-voice/fca-regulatory-sandbox-andwhat-it-means-uk%E2%80%99s- ntech-sector (last visited May 17, 2016). 16The World Bank, Mobile Phone Access Reaches Three Quarters of Planet’s Population, http://www.w

8

FinTech Law Report orldbank.org/en/news/press-release/2012/07/17/mobil e-phone-access-reaches-three-quarters-planets-popula tion (last visited May 17, 2016). 17 O ce of the Comptroller of the Currency, OCC Shares Its Perspective on Responsible Innovation, Announces June 23 Forum on Innovation, http://www.oc c.gov/news-issuances/news-releases/2016/nr-occ2016-39.html (last visited May 17, 2016). 18 Board of Governors of the Federal Reserve System, Speech by Governor Lael Brainard at the Institute of International Finance Blockchain Roundtable, http://www.federalreserve.gov/newsevents/spe ech/brainard20160414a.htm (last visited May 17, 2016). 19 Those agencies are The O ce of the Comptroller of the Currency; the Federal Reserve Board; the Federal Deposit Insurance Corporation; the National Credit Union Administration; the Consumer Financial Protection Bureau. 20The federal prudential bank regulatory agencies and state authorities generally have UDAP powers, while the CFPB has an additional power to address “abusive” acts and practices, as well. 21At this writing, the UK has not yet voted on the proposal to exit the EU. A decision to exit would eliminate or at least impact this passporting capability.

THE FUTURE IS NOW: DRIVERLESS CARS AND THE INSURANCE LANDSCAPE By Bridget Hagan Bridget Hagan is a Principal at The Cypress Group, a lobbying rm in Washington, D.C. specializing in nancial services. www.CypressGroupDC.com.

Once merely the province of science ction, driverless cars are now poised to become a reality. In this article, I will explore the current state of auto technology and insurance law, and discuss the potential e ect of driverless cars on the insurance landscape. Current Technology and a Vision of the Future Since the dawn of the automobile, automakers have been introducing features in cars to improve safety and driver experience. Over the last several years,

K 2016 Thomson Reuters

FinTech Law Report automakers have introduced “active safety” technological features, including backup cameras, blind-spot monitoring, adaptive cruise control, forward obstruction warning systems, and lane departure warning systems. Since the 2012 model year, the Department of Transportation’s National Highway Safety Administration (NHSTA) electronic stability control systems in vehicles1 has incorporated active safety features into its ve-star rating system. For example, NHTSA currently recommends that consumers purchase vehicles with rearview video systems, forward collision warnings, and lane departure technologies.2 These technological advances are already automating some functions that used to be performed by human drivers. As one auto executive remarked, “We call it a revolution by evolution.”3 Yet even as the “evolution by revolution” continues, technology companies and automakers have set their sights on introducing driverless cars to market as quickly as possible. Google has been on the cutting edge of the driverless car movement, and currently has 57 driverless cars on the roads being tested in Texas, Arizona, Washington, and California.4 Tesla is also testing driverless cars and Tesla CEO Elon Musk has said he expects the rst fully autonomous Tesla to reach the market by 2018.5 In addition, BMW’s CEO has said that the company will launch a self-driving electric vehicle in 20216; Ford is currently testing a eet of autonomous vehicles in three states.7 Toyota plans to bring its rst autonomous cars to market by 20208 and most major automakers have announced plans to follow suit. In the longer term, beyond the rst driverless car being commercially available, experts estimate that driverless cars could literally take over the roads. The Institute of Electrical and Electronics Engineers (IEEE) predicts that 75% of the cards on the roads in the world will be autonomous by 2040.9 One likely

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 next step in that transition is controlled ride-sharing projects. Manufacturers of driverless cars are already partnering with ride-sharing companies such as Uber and Lyft to pilot on-demand driverless cars. This could help consumers adapt to driverless cars without having to actually purchase one. In January of this year, Lyft and GM announced a partnership to build a network of on-demand driverless cars.10 Media reports indicate that Uber is also seeking to buy a eet of selfdriving cars.11 In April, Google, Uber, Lyft, Ford, and Volvo announced the creation of the Self-Driving Coalition for Safer Streets, a lobbying organization to accelerate the regulatory changes necessary to facilitate driverless cars.12 Tort Liability, Insurance and the Regulatory Landscape The Current Regulatory Landscape To date, seven states and the District of Columbia have passed laws permitting the testing of driverless cars.13 Interestingly, it is not clear that legislation is necessary in every state as some states’ laws do not explicitly state that cars must have a human driver. At least one commentator has argued that driverless cars could be introduced in those states without any change of law.14 However, driverless car manufacturers and advocates have been reluctant to push the envelope and are likely to continue to seek legal clarity in all states. In addition to accommodating the existence of driverless cars on the road, policymakers will need to anticipate changes in the legal liability and insurance framework. Failure to do this could signi cantly impede the use of driverless cars. Currently, tort law and insurance law underpin the use of automobiles in the U.S. Generally speaking, owners of vehicles are required to certify that they have third-party liability insurance at a minimum or that they have the means to self-insure.15 In the event of a car accident, drivers can be liable under traditional

9

May/June 2016 | Volume 19 | Issue 3 negligence, no-fault liability, or (less commonly) strict liability theories. Throughout the country, the reasonableness standard is applied in the determination of whether a driver has been negligent and therefore liable for all or a portion of damages (depending on which of the various state laws, of either contributory or the various forms of comparative negligence, are applicable) resulting from the breach of the duty of care. The overwhelming majority of claims never reach the courts, with insurance companies and their adjusters being well aware of the applicable “rules of the road� (relevant motor vehicle tort case law and legislation) in assessing fault and whether there was a breach of duty and causation which resulted in damages.16 Under a no-fault system, drivers are not permitted to sue in the tort system unless their injuries in an accident reach a certain threshold. Below that threshold, victims are compensated by their own insurer, not the putative tortfeasor’s insurer. There are currently twelve no-fault states.17 Lastly, under the theory of strict liability, a driver engaging in an ultra-hazardous activity is held strictly liable for injuries caused. This would only be relevant in the case of driverless cars if courts found that the operation of a driverless car constituted an ultrahazardous activity. This is not a likely outcome, given the focus of driverless car advocates on ensuring a friendly legal requirement before mass deployment of driverless cars. However, it is not outside of the realm of possibility.

Current Auto Insurance Policy Coverage In terms of insurance coverage today, as noted above, most states mandate at least third-party liability coverage for drivers. Auto insurance policies typically include rst-party coverage (including collision coverage, to cover the costs of vehicle damage in the event of an accident), and third-party liability coverage, to indemnify the driver in the event he/she is sued in

10

FinTech Law Report tort.18 Manufacturers of automobiles and auto parts also self-insure or purchase product liability insurance for indemni cation in the event of litigation.

Effect of Driverless Cars on Insurers and Insurance Coverage The transition to driverless cars will have several important implications for insurers and insurance coverage. Most experts agree that on a macro level, introducing driverless cars will decrease accidents and drive insurance claims down. In 2014, according to the NHTSA, 32,675 lives were lost in auto accidents in the U.S. in 2014. This is equivalent to a 747 aircraft crashing every week. Even beyond fatalities, over 90 percent of auto accidents are caused by human error.19 Thus, the argument goes, if all vehicles on the road were driverless, auto accidents would be signi cantly reduced. In terms of the type of insurance purchased, it seems clear that owners of driverless cars, whether corporations or individuals, will need rst-party coverage for collision damages, some amount of medical payments coverage, and uninsured motorist coverage. This is particularly true because driverless cars are likely to be more expensive (and the cost of repair/replacement will be more expensive) than current cars on the road. There may also be a challenge for insurers initially in setting rst-party insurance rates for driverless cars, because of a lack of claims experience and di culty in establishing likely future losses. Because experts anticipate that driverless cars will cause fewer accidents, rst-party auto insurance coverage rates should go down.20 The more interesting question in the auto insurance space is with respect to the potential role for product liability coverage. As noted above, liability with respect to auto insurance and tort law is linked to negligence of a human operator of a vehicle. The issue is typically whether an operator breached a duty of care, which often means a violation of tra c laws. As legal scholars have noted, if no human is legally

K 2016 Thomson Reuters

FinTech Law Report responsible for an auto accident by virtue of his/her actions as operator of the vehicle, legal outcomes become murky, and under current insurance policies, it is not clear that liability coverage would be triggered.21

Product Liability Insurance If no fault is found on the part of an owner of a driverless car in the event of an accident, this raises a question regarding liability of the manufacturer. Third-party liability coverage in auto policies does not extend to product manufacturers. Today, in the event of an accident involving equipment malfunction, auto manufacturers are typically joined in lawsuits (often by insurers) as defendants. There is a paucity of data thus far as to how this blend of insurance coverage ( rst-party coverage plus product liability insurance) will function in the event of an accident caused by a driverless car. Because the technology is so new, to date, there have been no court cases involving a driverless car hitting a pedestrian or a human-operated car. As noted above, I believe that the basic insurance question (who will purchase insurance and against what risk?) will be settled before driverless cars are widely commercially available. However, during the transition period when driverless cars share the road with human-driven cars, insurance claims will likely be more complicated. Insurance claims adjusters will have to sort out whether the human driver or driverless car was at fault, and thus whether rst-party coverage, third-party coverage (for the human driver), or product liability coverage is implicated. At least one state has anticipated this issue. Nevada’s regulations on driverless cars require that such cars save data for at least 30 seconds before any collision and subsequently save the data for at least two years after the date of the collision (the statute of limitations for personal injury cases).22 Regulations of this type should be considered in other jurisdictions to reduce uncertainly around auto insurance claims and

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 litigation. If product liability becomes the main form of relief in the tort system in accidents caused by driverless cars, any data requirements should also be linked to product liability statutes, including statutes of limitation. Another consideration for insurers anticipating the transition to driverless cars is how to accurately set product liability rates. Auto insurance rates vary based on the particular characteristics of drivers (age, gender, typical driving patterns, including miles per week). Such factors are irrelevant in current product liability policies for other products. However, miles driven, where, and under what conditions are still relevant in trying to set rates for claims for driverless cars, even when no human is operating the vehicle. Cars that are on the road more often, driving more miles, are simply more likely to get into accidents. Particularly in the case of a eet of vehicles owned by ride-sharing companies or other corporations, it might be di cult for insurers to accurately underwrite purely using product liability underwriting practices. Insurers will have to anticipate and adjust to this blend of factors. The E ect on The Business of Insurance As noted above, the transition to driverless cars will likely mean fewer accidents and lower rates for rstparty coverage. In the long term, experts expect that driverless cars could signi cantly disrupt the auto insurance business model. KPMG estimates a “precipitous fall� in auto premiums as driverless car stock increases and, within 25 years, their model suggests that the personal automobile insurance sector could shrink less than 40 percent of its current size.23 KPMG believes that personal auto insurance will be replaced by commercial insurance (purchased by car-sharing services) and product liability insurance. 24 Their report does not estimate (and it may be di cult to estimate) whether the increase in commercial insurance and product liability insurance will fully o set reduced rates and the expected decline in personal

11

May/June 2016 | Volume 19 | Issue 3 auto policies. Regardless, forward-leaning property and casualty insurers should anticipate a dramatic shift in what has been aptly deemed the industry’s “Napster moment.”25 Conclusion The future is here. Within the next decade, driverless cars will start to transform the mobility of the American population, and within two decades, driverless cars will likely dominate American roads. This sea change in technology and transportation will be accompanied by a sea change in insurance. The transition period will likely mean more complicated auto claims and litigation in which the courts will have to step in to decide who is at fault and which type of insurance coverage (third-party liability or product liability) is implicated. In the longer term, the insurance legal and regulatory landscape, and the insurance business itself, will likely be transformed as individual auto ownership shifts and commercial and product liability insurance replace personal auto policies. Policymakers, driverless car advocates, and the insurance industry should work together to ensure the smoothest transition possible.

ENDNOTES: 1

49 C.F.R. Parts 571 & 585 National Highway Tra c Safety Administration, U.S. DOT Brings 5- Star Safety Ratings Into a new Safety era (Dec. 8, 2015), http://www.nhtsa.gov/Abou t+NHTSA/Press+Releases/2015/nhtsa-proposes-new5-star-safety-ratings-12082015. 3 See Alex Davies, I Rode 500 Miles in a SelfDriving car & saw the Future. It’s Delightfully Dull, WIRED (Jan. 7, 2015), https://www.wired.com/2015/ 01/rode-500-miles-self-driving-car-saw-future-bor ing/ (quoting Thomas Ruchatz, Audi’s head of driver assistance systems and integrated safety). 4 Google, Google Self Driving Car Project Monthly Report April 2016, https://static.googleuserc ontent.com/media/www.google.com/en//selfdrivingca r/ les/reports/report-0416.pdf (last visited May 19, 2016). 2

12

FinTech Law Report 5 Levi Tillemann & Colin McCormick, Will the Tesla Model 3 be the First Truly Self-Driving Car?, THE NEW YORKER (April 14, 2016), http://www.n ewyorker.com/business/currency/will-the-tesla-mode l-3-be-the- rst-truly-self-driving-car. 6 Statement by Harald Kruger, Chairman of the Board of Mgmt of BMW AG, 96th Annual General Meeting of BMW AG at Olympiahalle in Munich on 12 May 2016, BMW GROUP (May 12, 2016), https:// www.press.bmwgroup.com/global/article/detail/T 0260006EN/statement-harald-krueger-chairman-of-th e-board-of-management-of-bmw-ag-96th-annual-gen eral-meeting-of-bmw-ag-at-olympiahalle-in-munichon-12-may-2016. 7 Alan Hall, Ford Tripling Autonomous Vehicle Dev. Feet, Accelerating On-Road Testing of Sensors & Software, BUSINESSWIRE (Jan. 5, 2016), http://w ww.businesswire.com/news/home/20160104006564/ en/Ford-Tripling-Autonomous-Vehicle-Developmen t-Fleet-Accelerating. 8Yoko Kubota, Toyota Aims to Make Self-Driving Cars by 2020, THE WALL ST. JOURNAL, Oct. 6, 2015, http://www.wsj.com/articles/toyota-aims-to-ma ke-self-driving-cars-by-2020-1444136396. 9Francine Tardo & Monika Stickel, IEEE News Releases (Sept. 5, 2012), https://www.ieee.org/about/ news/2012/5september 2 2012.html. 10Lyft, Lyft Raises $1 Billion, Partners With GM on Future of Transportation (Jan. 4, 2016), https://blo g.lyft.com/posts/lyft-1billion-gm. 11Edward Taylor & Harro Ten Wolde, Uber Seeking to buy Self-Driving Cars: Source, REUTERS, July 15, 2015, http://www.reuters.com/article/us-daimleruber-idUSKCN0WK1C8. 12Bill Vlasic, Ford and Google Team up to Support Driverless Cars, NEW YORK TIMES, Apr. 27, 2016, http://www.nytimes.com/2016/04/28/business/f ord-and-google-team-up-tosupport-driverless-cars.ht ml? r=0. 13 See Autonomous Self-Driving Vehicles Legislation, NATT’L CONFERENCE OF STATE LEGISLATURES (April 8, 2016), http://www.ncsl.org/resea rch/transportation/autonomous-vehicles-legislation.as px#Enacted%20Autonomous%20Vehicles%20Legisl ation (listing each of the seven state’ autonomous vehicle bills). 14Bryant Walker Smith, Automated Vehicles are Probably Legal in the U.S., 1 TEX. A&M L. REV. 411 (2014). 15 Robert W. Peterson, New Technology—Old

K 2016 Thomson Reuters

FinTech Law Report Law: Autonomous Vehicles and California’s Ins. Framework, 52 SANTA CLARA L. REV. 1341, 1345-46 (2012) [hereinafter Peterson]. 16 James M. Anderson et al., The U.S. Experience With No-Fault Auto. Ins., RAND INSTITUTE FOR CIVIL JUSTICE 7-9, http://www.rand.org/content/da m/rand/pubs/monographs/2010/RAND MG860.pdf (last visited May 19, 2016). 17Gary Wicker, Commentary: The Failure of NoFault Ins., CLAIMS JOURNAL (May 12, 2016), htt p://www.claimsjournal.com/news/national/2016/05/ 12/270759.htm. 18Peterson, supra note 15, at 1362. 19Bryant Walker Smith, Human Error as a Cause of Vehicle Crashes, THE CTR. FOR INTERNET AND SOC’Y (Dec. 18, 2013), http://cyberlaw.stanfor d.edu/blog/2013/12/human-error-cause-vehicle-cras hes. 20

Noah Buhayar & Peter Robinson, Can the Ins. Indus. Survive Driverless Cars?, BLOOMBERG (July 30, 2015), http://www.bloomberg.com/news/arti cles/2015-07-30/can-the-insurance-industry-survivedriverless-cars- [hereinafter Buhayar]. 21

Peterson, supra note 15 at 1353.

22

Sandra Chereb, Nev. OK’s Regulations for SelfDriving Cars, NBCNEWS (Feb. 16, 2012), http://ww w.nbcnews.com/id/46419453/ns/business-autos/t/nev ada-oks-regulations-self-driving-cars/#.Vz5Chsdl nq0. 23 Automobile Ins. in the era of Autonomous Vehicles: Survey Results: June 2015, KPMG, https:// www.kpmg.com/US/en/IssuesAndInsights/ArticlesPu blications/Documents/automobile-insurance-in-the-er a-of-autonomous-vehicles-survey-results-june2015.pdf (last visited May 19, 2016). 24

Id. at 8.

25

Buhayar, supra note 20, at para 2.

ONLINE LENDING FACES A HANGOVER By Donald N. Lamson Donald Lamson is a partner in the Washington, D.C. law rm of Barnett Sivon & Natter, P.C. (www.bsnla w rm.com) and serves as counsel in the international law rm of Squire Patton Boggs (www.squirepattonb oggs.com). Don is a former partner in a Wall Street

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 law rm and spent 30 years as a senior lawyer with the O ce of the Comptroller of the Currency, the regulator of national banks. During his last year in government, Don was seconded to the Treasury Department to assist in the drafting of a number of titles in what later became the Dodd-Frank Act, including Title VII (swaps and derivative reforms) and Title IX (securities regulation reforms), and the Volcker Rule.

What do these data points have in common? E LendingClub loses 43% of its share value in a week following revelations of its lending practices and a proposed investment in a fund that in turn would purchase more LendingClubgenerated loans.1 E Small companies are expected to gain greater access to investors through crowd funding portals due to rule changes implementing the 2012 Jumpstart Our Business Startups Act (JOBS Act).2 E Private lenders are stepping up to invest in loans that banks reject.3 E Bank regulators call the height of the banking cycle in their shared national credit or “SNC” report issued in autumn 2015. (Their precise and prescient language was “O&G [oil and gas] related credits are in the initial stage of a downturn.”)4 E President Obama signs into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) in July 2010. The answer is that when unregulated businesses rush in to take the place of highly regulated commercial banks reacting to even more stringent regulation, the unregulated should not be surprised if they and their investors are left holding the bag. Financial Technology (“FinTech”) and marketplace lending have both seen rapid growth in the last few years. The growth has been strong enough that some

13

May/June 2016 | Volume 19 | Issue 3 observers have worried that the rate of growth is excessive or frothy and that, as a result, some speculative element of that growth may ultimately lead to loss. Analogies have been drawn to the “Dot Com” boom that died an ignominious death around 2000.

The new net stable funding ratio will regulate and lengthen the maturities of liabilities banks issue to fund their asset purchases, to further reduce strain on balance sheets in times of stress. Longer maturities, of course, tend to translate into higher costs for the issuer.

Setting the Stage - Dodd-Frank

Even the bank income statement has been under siege. All that additional capital and liquidity make a bank look muscle-bound. Margins become compressed. Ironically, these safer banks may be tempted to reach for yield on the lending side to help compensate for the drag on earnings that the new governors have created. The only way a banker can hope to make a decent return is on the lending side, yet regulators anticipated and criticized bankers’ forays into “leveraged lending,” a direct descendant of highly leveraged transactions for those who observed the trend in the 1980’s. A very high percentage of syndicated commercial loans held by the largest banks (known as “SNCs” or shared national credits) were criticized as substandard or specially mentioned, a precursor to charge-o in the event of a credit quality downturn.

To understand why FinTech and marketplace lending have grown and are growing so rapidly, one need not look farther back than July 21, 2010. It was then that President Obama signed into law the Dodd-Frank Act. Regulators crowed that “never again” would the polity see another panic or bust as we had seen following the failure of Lehman Brothers and AIG. Among the provisions of Dodd-Frank, large banks and their holding companies are subjected to more stringent capital requirements should they fail to adopt su ciently robust “living wills” or resolution plans that would ensure an orderly breakup in the event of bankruptcy or nancial disaster. The fate of bank plans over the last few years, at best, has been mixed. Most recently, headlines were lled with banks that “failed” their tests and were given yet another chance to revise and re le. Several banks have had to curtail dividend and share repurchase plans as regulators sni ed at bank capital plans for the coming year. In tandem with the regulations adopted by regulators to implement international capital accords, the so-called “Basel III rules,” large banks in e ect doubled their capital over a short period of time. On top of that, G-SIFIs, or globally signi cant nancial institutions, face an additional capital surcharge. Other parts of the bank balance sheet have been subject to stress and reform. The requirements of the new liquidity coverage ratio force banks to invest in highly liquid, and therefore lower-yielding, assets (think government securities) in order to be able to operate under stressed conditions for a year and meet liquidity demands of customers.

14

FinTech Law Report

Also reducing revenue, banks and their a liates may no longer invest in hedge funds or engage in proprietary trading, due to the Volcker Rule, a late addition to Dodd-Frank. As a result, banks su er from a loss of trading income. This also can add to market volatility, which, incidentally, we recently have observed in increasing increments. Congress seems to have forgotten that regulators had previously encouraged banks to engage in proprietary trading as alternative revenue sources to help smooth earnings, given the di culties presented by the rises and dips that are inherent in the lending cycle. Banks have su ered a number of enforcement actions, in particular in securitization activities and Anti-Money Laundering compliance, accompanied by exorbitant penalties, and in one case a criminal conviction, resulting in more hits to income and reputation. Banks react to these constraints logically. They

K 2016 Thomson Reuters

FinTech Law Report

May/June 2016 | Volume 19 | Issue 3

raise capital in one or more of three ways: organically, through retained earnings; by issuing new capital, which can be dilutive; and through deleveraging, or shrinking. We have seen banks engage in combinations of all three methods. To de-lever, banks reduce lending and that creates an opening for nonbank lenders. Banks de-risk by ceasing correspondent bank activities with entities in entire countries in some instances.

ees and increasing regulatory burden had the e ect of pricing banks out of the market. When it becomes easier for micro-issuers to come to the securities market, these trends will only intensify further. It also is understandable that mom and pop private lenders are happy to enter the marketplace. But sometimes, as here, those entrants may be late to the party and may be hurt as many lenders race for the exits to cut their exposures.

An optimist may smile and say, hurrah, these are the changes we want to see. Dodd-Frank and regulators have reduced risk in the system. Others have suggested going even farther, by breaking up banks. A more pessimistic sort may wonder whether these efforts have resulted simply in shifting risks, sometimes to parties that are not as well able to assess and manage risks as banks are. After all, growth in the economy depends in part on credit and when such demand is constant and banks are reducing exposures to demands for credit, others may rush in.

As students of the credit cycle know, when there’s an excess of supply, some lenders are willing to bend on credit standards and other credit terms. Others must follow suit. It’s not surprising then that some wellknown online lenders have recently run into trouble. What is more surprising is that it’s taken six months since regulators announced the top of the market for those conditions to trickle through the market to less regulated lenders. Some might object to the data point I choose related to energy loans as that is only one segment in an otherwise vibrant market.

Nature Abhors a Vacuum

The response is that in diversi ed portfolios, when faced with incidents of increased stress, correlations will verge towards one. That means portfolio assets have correlations to each other that range from zero (well diversi ed) to one (no diversi cation e ect by adding that asset to the portfolio). In times of stress, diversi cation e ects can disappear quickly. At the time the regulators addressed SNCs, oil was priced at more than $100 per barrel. Now oil is cheaper than bottled water. That stress is percolating through entire portfolios. Nonbank lenders are not immune to the fallout. Online lenders are seeing those stresses, in addition to the stress brought on by increased competition. Should credit quality continue to su er, online lender losses will only get worse.

Against this background it is easy to understand the rise of both marketplace lending and similar nonbank lending solutions. With low cost structures and automated underwriting, nonbank lenders were able to offer low cost solutions that still made money. It was fairly easy to nd credit worthy customers, lend at rates below those that regulated banks charge, and nance those loans either with cheap money or securitization, narrowing the spreads that banks had been able to impose. Hedge funds and others also saw the opportunity and piled in. Banks even bought up loans that online lenders had originated! What could go wrong? Plenty. First, there’s competition. At the beginning, marketplace lenders could assess credit and maintain certain lending standards, claiming that they were not taking undue risks. They were simply serving the marketplace better than banks. And they had a point. Bank cost structures were high. Thousands of employ-

K 2016 Thomson Reuters

Looking Around the Corner Given the increased regulation that traditional lenders are facing, it is not surprising that alternative sources of credit and other nancial services are popping up everywhere. Also not surprisingly, regulators

15

May/June 2016 | Volume 19 | Issue 3 have recognized the emergence of “shadow banking” and have been threatening increased supervision over those alternative providers. In a game of cat and mouse it is inevitable that when a clever alternative to a regulated activity is discovered (what the creator of that alternative will characterize as innovation), the regulator will attempt to impose rules on that activity. As an example, the Consumer Financial Protection Bureau recently has proposed e orts to regulate private lenders on the theory that certain borrowers have been harmed in obtaining loans from such sources. Not to be outdone, the Treasury Department has just issued a report calling for Congress to consider new legislation that would address the oversight and borrower protection issues arising when online lenders generate small business loans. New regulation may result, but others will enter the scene and create even newer credit alternatives.

FinTech Law Report laws of supply and demand, are a constant. E orts to prevent the cycle will only result in larger and unintended consequences.

ENDNOTES: 1

Justin Baer et al., LendingClub’s Ties to Fund Under Fire, WALL ST. JOURNAL, May 11, 2016, ht tp://www.wsj.com/articles/lendingclubs-ties-to-fundunder- re-1463011193. 2 Ruth Simon, New Rules Give Startups Access to Main Street Investors, WALL ST. JOURNAL, MAY 11, 2016, http://www.wsj.com/articles/new-rules-giv e-startups-access-to-main-street-investors1462995761. 3

Kirsten Grind, Private Lenders Remodel the Mortgage Market, WALL ST. JOURNAL, MAY 11, 2016, http://www.wsj.com/articles/private-lenders-re model-the-mortgage-market- 1462984898. 4

What type of regulation might legislators and regulators apply to marketplace lenders at the moment? The closer the business model replicates a bank, the closer that regulatory structure will resemble bank regulation. A principles based approach has traditionally been favored by bank regulators. Keep in mind that there are any number of market participants who already operate in the U.S. without any form of bank license and who are actively lending to corporations. The fact that marketplace lenders are dealing with retail customers will prompt regulators to be more aggressive in imposing regulation on the model. We’re already seeing a patchwork of responses at the state level. It’s hard to characterize this evolution on a wholesale basis. As a general matter, blue states tend to impose more regulation than do red states. This diversity in regulation will force industry players to consider whether to promote self-regulation or even a modi ed federal charter that could bene t from the preemption of state law that national banks enjoy and that consumer groups most likely will oppose. Where does this all end? It doesn’t. Cycles, like the

16

Board of Governors of the Federal Reserve System, Shared National Credits Program 2015 Review (November 2015), https://www.federalreserve.g ov/newsevents/press/bcreg/bcreg20151105a1.pdf.

FINTECH LAW REPORT: MAY 2016 REGULATION AND LITIGATION UPDATE By Duncan Douglass and Colin Richard Duncan Douglass is a partner and the head of the payment systems practice at the law rm Alston & Bird, LLP. Colin Richard is a senior associate in the same rm. www.alston.com.

Regulatory Developments Interagency Guidance for Issuing Banks Regarding CIP Requirements for Prepaid Cards Section 326 of the USA PATRIOT Act established customer identi cation program (“CIP”) requirements, which require nancial institutions to establish procedures to verify the identities of their customers and maintain certain records of the information used to verify customers’ identities. See 31 U.S.C.

K 2016 Thomson Reuters

FinTech Law Report § 5318(l). With regard to prepaid access products, there may be uncertainty, depending on the program, as to which party (i.e., the cardholder or third-party program manager) should be considered the issuing bank’s “customer” for CIP purposes. On March 21, 2016, the Board of Governors of the Federal Reserve System (the “Federal Reserve Board”), the Federal Deposit Insurance Corporation (the “FDIC”), the National Credit Union Administration, the O ce of the Comptroller of the Currency (the “OCC”), and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published guidance to issuing banks on applying the CIP requirements to prepaid cards. This guidance seeks to clarify that nancial institutions should apply their CIP procedures to the “cardholders of certain prepaid cards” and provides guidance for applying this requirement to particular cases. Note, while the guidance refers to “prepaid cards,” it explains that the guidance “is applicable to other prepaid access products” that meet the criteria in the guidance, including mobile and internet prepaid access products. To determine if CIP requirements apply to a purchaser of a prepaid access product, the guidance explains, the “bank should rst determine whether the issuance of a prepaid card to a purchaser results in the creation of an account; and if so, ascertain the identity of the bank’s customer.” First, for CIP purposes, a prepaid access product should be treated as an account if it provides the cardholder with the ability to (a) reload funds or (b) access credit or overdraft features. Second, if the prepaid access product is considered an account for the purposes of the guidance (i.e., it permits the cardholder to “conduct transactions evidencing a formal banking relationship,” such as reloading funds or accessing credit or overdraft features), the cardholder should generally be considered the bank “customer” even if not the named accountholder (e.g., because the card was provided by a

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 program manager that uses a pooled account at the bank), and the program manager should be considered the bank’s agent. If the prepaid access product does not meet the guidance’s criteria for an account, the program manager should generally be considered the bank’s customer. The agencies also provided speci c guidance with regard to payroll cards, government bene t cards, and health bene t accounts: E Payroll Cards - “If the employer (or the employer’s agent) is the only person that may deposit funds into the payroll card account, the employer should be considered the bank’s customer for purposes of the CIP rule . . . [However,] if the employee is permitted to access credit through the card, or reload the payroll card account from sources other than the employer, the employee should be the customer of the bank and the bank should apply its CIP to the employee.” E Government Bene t Cards - “If the government bene ts card program permits only government funds to be loaded onto the card and does not provide access to credit, no customer relationship is established between the bank and the bene ciary-cardholder for purposes of the CIP rule. In addition, since the term ‘customer’ does not include a department or agency of the United States, of any state, or any political subdivision of any state, a bank that issues such a government bene t card is not required to apply its CIP to the government agency establishing the bene t card account. If, however, the card allows non-government funds to be loaded onto the card or provides access to credit, then a customer relationship is established between the bank and the bene ciary-cardholder and the bank should collect CIP information from the bene ciarycardholder.” E Health Savings Account - “Because the employee establishes the account, the employee is

17

May/June 2016 | Volume 19 | Issue 3 the issuing bank’s customer for purposes of the CIP rule.” E Flexible Spending Arrangements and Health Reimbursement Arrangements - “Because no person other than the employer (or employer’s agent) establishes an FSA or HRA, makes deposits into the FSA or HRA, and distributes funds from the FSA or HRA, the employer should be the issuing bank’s customer for purposes of the CIP rule.” The OCC Publishes “Responsible Innovation” Paper

Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”)], we can ensure a more level playing eld and protections for customers of non-banks. Certainly, they deserve no less.”

Remarks by Thomas J. Curry, Comptroller of the Currency, before the BITS Emerging Payments Forum, Washington, D.C. (June 3, 2015). The OCC de nes “responsible innovation” in the March 2016 paper as: “The use of new or improved nancial products, services, and processes to meet the evolving needs of consumers, businesses, and communities in a manner that is consistent with sound risk management and is aligned with the bank’s overall business strategy.”

On March 31, 2016, the OCC published a paper, entitled “Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective.” On the same date, Comptroller of the Currency Thomas J. Curry (“Comptroller Curry”) presented remarks on the topic before the Harvard Kennedy School’s New Directions in Regulation Seminar. Comptroller Curry provided additional remarks on innovation and its impact on retail banking on April 7, 2016, at the American Banker Retail Banking Conference in Las Vegas, Nevada.

The OCC formulated eight guiding principles for its approach to responsible innovation:

The March 2016 paper presents “the OCC’s vision for responsible innovation in the federal banking system and discusses the principles that will guide the development of [the OCC’s] framework for evaluating new and innovative nancial products and services.” The OCC observes in the paper that “[m]any of these innovations are taking place outside the banking industry, often in unregulated or lightly regulated ntech companies.” In discussing this issue previously, Comptroller Curry asserted in June 2015

E Further safe and sound operations through effective risk management;

“that regulation adds signi cant value in the areas that we’re discussing today [emerging payment systems technology, innovation, access, and cybersecurity in banking]. For example, e orts are well underway to bring e-commerce and emerging payments systems deployed by non-bank players under greater regulatory scrutiny. Using authority granted by the [Dodd-Frank

18

FinTech Law Report

E Support responsible innovation; E Foster an internal culture receptive to responsible innovation; E Leverage agency experience and expertise; E Encourage responsible innovation that provides fair access to nancial services and fair treatment of consumers;

E Encourage banks of all sizes to integrate responsible innovation into their strategic planning; E Promote ongoing dialogue through formal outreach; and E Collaborate with other regulators. The OCC’s approach to nancial innovation is also referenced in its Enterprise Risk Appetite Statement published on April 12, 2016. With regard to strategic risk, the OCC explains in this document that it “has a moderate appetite for responsiveness to changes in the external operating environment such as support for responsible innovation.”

K 2016 Thomson Reuters

FinTech Law Report FinCEN Issues Guidance on Anti-Money Laundering Compliance with Respect to Agent Monitoring The Bank Secrecy Act requires each money service business (“MSB”) to “develop, implement, and maintain an e ective anti-money laundering program” that is “commensurate with the risks posed by the location and size of, and the nature and volume of the nancial services provided by, the [MSB].” 31 C.F.R. § 1022.210. On December 14, 2004, FinCEN published guidance regarding anti-money laundering (“AML”) program requirements for MSBs with respect to foreign agents or foreign counterparties, which clari ed that MSBs must establish adequate and appropriate AML policies, procedures, and controls commensurate with the risks posed by their relationship with foreign agents. Interpretive Release 2004-1 (Anti-Money Laundering Program Requirements for Money Services Businesses with Respect to Foreign Agents or Foreign Counterparties), 69 Fed. Reg. 74,439 (Dec. 14, 2004). FinCEN published guidance on March 11, 2016, which it describes as reiterating MSB principals’ AML obligations “to understand and appropriately account for the risks associated with their agents, as broadly set forth by FinCEN in 2004 guidance primarily focused on foreign agents and counterparties” (the “2016 Guidance”). The 2016 Guidance states that it is also intended “to complement recent guidance from states addressing MSB principal-agent relationships, and consistent with the purposes of the Money Remittances Improvement Act to encourage coordination between Federal and state regulators on such issues.” The 2016 Guidance cites the Money Remittances Improvement Act of 2014, Pub. L. 113-156 (Aug. 8, 2014), in support of this statement, but does not further explain or cite to “recent guidance from states.” The 2016 Guidance explains that it is “intended to provide clarity so that MSB principals and their agents can more easily understand how to comply with AML

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 requirements while providing important nancial services.” To reduce MSB principals’ exposure to risks from agents, the guidance states that MSB principals must: E “have procedures in place to identify those agents conducting activities that appear to lack commercial purpose, lack justi cation, or otherwise are not supported by veri able documentation”; E “implement risk-based procedures to monitor the agents’ transactions to ensure that they are legitimate [, and] . . . that, if the agents’ transactions trigger reporting or recordkeeping requirements, the principal handles the information in accordance with regulatory reporting and recordkeeping obligations”; and E “implement procedures for handling noncompliant agents, including agent contract terminations.” The 2016 Guidance further advises that MSBs must periodically reassess risks and update programs, and must take corrective action upon becoming aware of AML program de ciencies. Federal Reserve Board Publishes 5th Annual Consumer Mobile Financial Services Report The Federal Reserve Board’s Division of Consumer and Community A airs (“DCCA”) published the Consumer and Mobile Financial Services 2016 report on March 30, 2016. DCCA has conducted a survey annually since 2011 of consumers’ use of mobile nancial services. The report summarizes ndings from the most recent survey, conducted in November 2015. The ndings re ect continued growth in the use of mobile banking and mobile payments: 43% of mobile phone owners with a bank account, and 53% of smartphone owners with a bank account, have used mobile banking in the past year. The report notes that the use of mobile payments has been less common than the

19

May/June 2016 | Volume 19 | Issue 3 use of mobile banking, though 24% of all mobile phone owners, and 28% of smartphone users, have made a mobile payment in the past year. A common reason provided for not using mobile banking or payments, however, is concern about the security of the technology. Consumer Financial Protection Bureau Proposes Arbitration Rule On May 5, 2016, the Consumer Financial Protection Bureau (“CFPB”) issued a proposed rule that would prohibit certain provisions that presently are common in pre-dispute arbitration clauses in contracts for consumer nancial products and services. Section 1028(b) of the Dodd-Frank Act provides the CFPB with the authority, by regulation, to “prohibit or impose conditions or limitations on the use of an agreement between a covered person and a consumer for a consumer nancial product or service providing for arbitration of any future dispute between the parties, if the Bureau nds that such a prohibition or imposition of conditions or limitations is in the public interest and for the protection of consumers.” The Dodd-Frank Act requires that any such regulation must be consistent with an arbitration study conducted by the CFPB. Section 1028(a) of the Dodd-Frank Act provides that the CFPB “shall conduct a study of, and shall provide a report to Congress concerning, the use of agreements providing for arbitration of any future dispute between covered persons and consumers in connection with the o ering or providing of consumer nancial products or services.” The CFPB published its arbitration study report, in which the CFPB described the arbitration study as “the most comprehensive empirical study of consumer nancial arbitration carried out to date,” on March 10, 2015. The report summarizes the debate regarding the issue as follows: “The advantages and disadvantages of pre-dispute arbitration provisions in connection with consumer nancial products or services—whether to consumers

20

FinTech Law Report or to companies—are ercely contested. Consumer advocates generally see pre-dispute arbitration as unfairly restricting consumer rights and remedies. Industry representatives, by contrast, generally argue that pre-dispute arbitration represents a better, more cost-e ective means of resolving disputes that serves consumers well. With limited exceptions, however, this debate has not been informed by empirical analysis. Much of the empirical work on arbitration that has been carried out has not had a consumer nancial focus.”

On April 27, 2016, more than 150 organizations signed a letter to Director of the CFPB, Richard Cordray (“Director Cordray”), stating that “the ndings of the CFPB arbitration study o er concrete proof that forced arbitration is causing widespread harm to the consumers, and therefore, that it is in the public interest and in the interest of consumer protection to prohibit or strictly curtail the use of forced arbitration clauses in consumer nancial contracts.” Section VI of the preamble to the CFPB’s proposed rule presents the CFPB’s preliminary ndings that the proposal is in the public interest and for the protection of consumers, and provides the CFPB’s reasoning for its belief that the proposed rule is consistent with the results of its March 2015 arbitration study. The proposed rule would create two sets of limitations on the use of arbitration agreements. First, the proposed rule would prohibit agreements with consumers that prevent the consumer from ling or participating in a class action regarding the covered consumer nancial product or service. See proposed 12 C.F.R. § 1040.4(a). The CFPB is proposing this provision pursuant to Section 1028(b) of the DoddFrank Act, discussed above. The proposed rule would apply to pre-dispute arbitration agreements for the following products or services when they constitute consumer nancial products or services as de ned by 12 U.S.C. § 5481(5): E consumer lending and related activities (e.g.,

K 2016 Thomson Reuters

FinTech Law Report providing referrals, servicing, credit monitoring, debt relief, and debt collection services); E automobile leasing and brokering such leases; E debt management or debt settlement services; E providing consumer reports directly to consumers; E storing funds or other monetary value (e.g., deposit accounts); E providing money movement or money conversion services (e.g., payment processing, fund transferring, and check cashing); and E debt collection related to the above products or services. See proposed 12 C.F.R. § 1040.3(a). Second, the proposed rule would require a covered provider that uses an arbitration agreement to submit certain records to the CFPB regarding any arbitration proceedings. See proposed 12 C.F.R. 1040.4(b). The CFPB is proposing this provision pursuant to Sections 1022(b) and (c) of the Dodd-Frank Act, which both relate to the CFPB’s rulemaking authority and required monitoring duties in support of rulemaking and other functions. CFPB Publishes Online Payday Lending Report On April 20, 2016, the CFPB issued a report regarding online payday lending, which “analyze[d] [Automated Clearing House] payment requests by a number of lenders that make (or made) online payday or other high-cost online loans with payments scheduled on a borrower’s payday.” The report’s key ndings in an analysis of the 18-month period include: E “[A]ccounts with one or more loans from at least one of the identi ed online lenders make payments totaling on average $2,164,” and “are

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 charged an average of $92 in overdraft and [nonsu cient funds (“NSF”)] fees by their institution on payment requests from online lenders”; E “Half of all accounts have at least one payment request that results in overdraft or failure due to NSF,” and “[t]hese accounts are charged an average of $185 in overdraft and NSF fees by their institution on attempted payment requests from online lenders”; E “After a failed ACH payment request by an online lender, subsequent payment requests to the same consumer’s account are unlikely to succeed”; E Of initial payment requests, “6% of payment requests fail” and “7% succeed only because the borrower’s depository institution covers the payment as an overdraft”; E “Many online lenders submit multiple payment requests on the same day”; and E “Accounts of borrowers who use loans from online lenders are more likely to be closed by the end of the sample period than accounts generally (23% versus 6%, respectively).” The report relied on checking account data during an 18-month sample period in 2011 and 2012 provided by several large depository institutions. In prepared remarks for an April 20, 2016, press call regarding the report, Director Cordray stated that the CFPB has “found that borrowers face steep, hidden costs to their online loans in the form of unanticipated bank penalty fees,” and that the April 2016 report “sheds further light on these practices to help us better formulate needed reforms in this market.” In March 2015, the CFPB announced that it was considering proposing rules regarding payday lending. The CFPB’s Fall 2015 regulatory agenda stated that the CFPB “is in the process of developing a Notice of

21

May/June 2016 | Volume 19 | Issue 3 Proposed Rulemaking to address concerns in markets for payday, auto title, and similar lending products,” which it expected to release in the rst quarter of 2016. During an April 7, 2016, Senate Banking Committee hearing, Director Cordray noted that the CFPB is “now on the verge of actually proposing the rule.” On May 18, 2016, the CFPB stated in its Spring 2016 Rulemaking Agenda that it expects to issue the notice of proposed rulemaking “[i]n the next several weeks.” Federal Financial Institutions Examination Council Adds Mobile Financial Services Appendix to Retail Payment Systems Booklet On April 29, 2016, the Federal Financial Institutions Examination Council (the “FFIEC”) published a new Appendix E, addressing mobile nancial services (“MFS”), to the FFIEC Information Technology Examination Handbook’s Retail Payment Systems Booklet. The members of the FFIEC include the Federal Reserve Board, the FDIC, the National Credit Union Administration, the OCC, the CFPB, and the State Liaison Committee. The Retail Payment Systems Booklet is one component of the FFIEC Information Technology Examination Handbook, which “provides guidance to examiners, nancial institutions, and technology service providers (“TSPs”) on identifying and controlling risks associated with retail payment systems and related banking activities.” Appendix E describes MFS as “the products and services that a nancial institution provides to its customers through mobile devices,” such as nancial services implemented and o ered through SMS/text messaging, mobile sites and browsers, mobile applications, and wireless payment technologies. The FFIEC states that “MFS can pose elevated risks related to device security, authentication, data security, application security, data transmission security, compliance, and third-party management. Customers are often less likely to activate security controls, virus protection, or personal rewall functionality on their mobile devices, and MFS often involve the use of third-party service providers.”

22

FinTech Law Report Accordingly, the new MFS appendix addresses MFS technologies; risk identi cation, measurement, and mitigation; and monitoring and reporting. Regarding risk identi cation, the FFIEC states that “[m]anagement should identify the risks associated with the types of MFS being o ered as part of the institution’s strategic plan,” and incorporate the identi ed risks into the institution’s existing risk management process. The appendix addresses strategic, operational, compliance, and reputation risks associated with MFS. After risks have been identi ed, the new MFS appendix advises that management should measure the level and types of risks involved in o ering MFS; the results should be prioritized, and the process should be ongoing. When implementing MFS, management should mitigate risks by implementing internal controls, including policies and procedures to ensure compliance with applicable laws and regulations, and internal controls regarding security and con dentiality. The appendix also identi es speci c actions that are intended to mitigate strategic, operational, compliance, and reputation risks. Finally, the FFIEC notes that nancial institutions should maintain appropriate performance monitoring systems, and reporting that facilitates management oversight. FFIEC Proposes Revisions to the Uniform Interagency Consumer Compliance Rating System The FFIEC issued a Notice and Request for Comment on May 3, 2016, which proposes revisions to the Uniform Interagency Consumer Compliance Rating System (the “CC Rating System”) to re ect regulatory, supervisory, and technological changes since the system was adopted in 1980, and to more fully align the CC Rating System with the FFIEC member agencies’ risk-based, tailored supervisory approach. 81 Fed. Reg. 26,553 (May 3, 2016). The FFIEC explains that the proposed revisions “were not developed to set

K 2016 Thomson Reuters

FinTech Law Report new or higher supervisory expectations for nancial institutions and their adoption will represent no additional regulatory burden.” The CC Rating System is a “supervisory policy for evaluating nancial institutions’ adherence to consumer compliance requirements,” which “provides a framework for evaluating institutions based on assessment factors to assign a consumer compliance rating to each institution.” The CC Rating System applies to any “ nancial institution,” which is de ned for this purpose as “a commercial bank, a savings bank, a trust company, a savings association, a building and loan association, a homestead association, a cooperative bank, or a credit union.” 12 U.S.C. § 3302(3). The Notice also explains that, “as a member of the FFIEC, the CFPB will also use the [CC] Rating System to assign a consumer compliance rating, as appropriate for nonbanks, for which it has jurisdiction regarding the enforcement of Federal consumer nancial laws.” The proposed CC Rating System would retain the current 1-5 numerical rating framework, and would include three categories of assessment factors: E Board and management oversight - this category would include the following assessment factors: (i) Oversight and Commitment; (ii) Change Management; (iii) Comprehension, Identi cation and Management of Risk; and (iv) Corrective Action and Self-Identi cation. E Compliance program - this category would include the following assessment factors: (i) Policies and Procedures; (ii) Training; (iii) Monitoring and/or Audit; and (iv) Consumer Complaint Response. E Violations of law and consumer harm - this category would include the following assessment factors: (i) Root cause, or causes, of any violations of law identi ed; (ii) Severity of any consumer harm resulting from violations; (iii)

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 Duration of time over which the violations occurred; and (iv) Pervasiveness of violations. The notice explains that “[w]hen assigning a rating under the proposed CC Rating System, examiners would consider each of the assessment factors in each category. Further, the categories would allow examiners to distinguish between varying levels of supervisory concern when rating institutions for compliance with federal consumer protection laws.” European Parliament’s Economic and Monetary A airs Committee Recommends Virtual Currency Task Force The European Parliament’s Economic and Monetary A airs Committee approved a report on April 26, 2016, that recommends the creation of a virtual currency task force “to provide the necessary technical and regulatory expertise to support the relevant public actors, at both [European Union] and Member State levels, in their e orts to ensure a timely and wellinformed response to the new opportunities and challenges arising with the introduction of [distributed ledger technology] applications.” The committee’s report will now be considered by the European Parliament. Litigation and Enforcement Developments Oral Arguments Held in PHH’s Appeal of $109 Million CFPB Penalty Oral arguments were held on April 12, 2016, in the appeal by PHH Corporation and its a liates PHH Mortgage Corporation, PHH Home Loans LLC, Atrium Insurance Corporation, and Atrium Reinsurance Corporation (collectively, “PHH”) of a June 4, 2015, $109 million CFPB penalty. In January 2014, the CFPB led administrative claims against PHH regarding activities related to the use of captive mortgage reinsurance arrangements. A November 2014 CFPB administrative enforcement decision by Administrative Law Judge Cameron Elliot recommended an injunction and disgorgement of more than

23

May/June 2016 | Volume 19 | Issue 3 $6 million. In June 2015, however, CFPB Director Cordray issued a decision upholding the recommended decision, but instead imposing a $109 million penalty. On June 19, 2015, PHH led a petition for review with the U.S. Court of Appeals for the District of Columbia Circuit, which stated that the company “seeks review of the CFPB’s nal agency action on the grounds that it is arbitrary, capricious, and an abuse of discretion within the meaning of the Administrative Procedure Act, 5 U.S.C. § 701 et seq.; violates federal law, including, but not limited to, the United States Constitution, [Real Estate Settlement Procedures Act], and the Consumer Financial Protection Act of 2010 [(“CFPA”)], as well as regulations promulgated under those statutes; and is otherwise contrary to law.”

PHH’s opening brief, led in September 2015, argued that Director Cordray’s liability determination is unlawful, including that the CFPB’s structural features violate the constitutional separation of powers. PHH asserted that “The CFPA places sweeping legislative, executive, and judicial power all ‘in the same hands’ of a single person who is entirely unaccountable to the democratic process,” explaining that the CFPB is not run by a commission and the CFPB “Director is not answerable to the President, as he is removable only for cause.” PHH further contended that Congress does not have a check on the CFPB’s power because the CFPB is funded from the Federal Reserve Board’s operating expenses,” and Congress is prohibited from reviewing the Director’s budget determinations.” In advance of the hearing, the court issued an order on April 4, 2016, asking the parties to be prepared to address the following issues: 1)

2)

24

“What independent agencies now or historically have been headed by a single person? For this purpose, consider an independent agency as an agency whose head is not removable at will but is removable only for cause; and” “If an independent agency headed by a single

FinTech Law Report person violates Article II as interpreted in Free Enterprise Fund v. PCAOB, 561 U.S. 477 (2010), what would the appropriate remedy be? Would the appropriate remedy be to sever the tenure and for-cause provisions of this statute, see 12 U.S.C. § 5491(c)? Cf. Free Enterprise Fund, 561 U.S. at 508-10. Or is there a more appropriate remedy? And how would the remedy a ect the legality of the Director’s action in this case?” At oral arguments, U.S. Circuit Judge Brett Kavanaugh described the CFPB structure as “novel” and asked counsel for the CFPB to provide precedents of federal agencies with structures similar to the CFPB’s structure. In response to the order’s second question (above), counsel for the CFPB noted that severing the “for-cause” provision would be the appropriate remedy. The case before the U.S. Court of Appeals for the District of Columbia Circuit is PHH Corp. et al. v. Consumer Financial Protection Bureau, case number 15-1177. Walmart Alleges Visa Promotes Signature Veri cation over More Secure PIN Veri cation Wal-Mart Stores, Inc. and certain of its a liates (collectively, “Walmart”) led a complaint for declaratory judgment against Visa U.S.A. Inc. (“Visa”) in the Supreme Court of New York on May 10, 2016, in an e ort to ensure that merchants retain the ability to determine the customer veri cation method that should apply. The complaint is heavily redacted, resulting in removal of many allegations, as well as all legal theories of the claims, from the published complaint. Walmart asserts that, in conjunction with the deployment of chip cards in the United States, it implemented a “chip-and-PIN” protocol for debit card transactions. This protocol required debit cardholders to enter a PIN as the cardholder veri cation method

K 2016 Thomson Reuters

FinTech Law Report (“CVM”) for each debit card transaction, which is consistent with global best practices for fraud prevention. Walmart also contends that an added bene t of requiring a PIN as the CVM for debit card transactions is preservation of Walmart’s ability to route debit transactions to any PIN debit network enabled on the debit card. Walmart alleges that Visa “believes that Walmart should be required to use the more fraud-prone mechanism of signature veri cation for certain debit card transactions, which in the case of a Visa-branded debit card would route debit card transactions across Visa’s debit network rather than competitor networks of Walmart’s choosing.” Walmart further alleges that “[t]he exclusivity of the Visa signature debit network has signi cant consequences for transaction routing,” and explains that the Durbin Amendment and Regulation II (both de ned below) prohibit network practices that inhibit merchant routing. The Durbin Amendment to the Dodd-Frank Act and the Federal Reserve Board’s Regulation II, which implements the Durbin Amendment, prohibit a card issuer or payment card network from “inhibit[ing] the ability of any person who accepts debit cards for payments to direct the routing of electronic debit transactions for processing over any payment card network that may process such transactions.” 15 U.S.C. § 1693o-2(b)(1)(B); see also 12 C.F.R. § 235.7(b). Notably, the Durbin Amendment and Regulation II do not provide for a private right of action. The ling is a complaint for declaratory judgment; much of the prayer for relief, however, is redacted, leaving only Walmart’s request for “[a]n award of the costs of the suit, including reasonable attorneys’ fees; and D. Such other and further relief as this Court deems just, equitable, and proper.” Section 3001 of the New York Civil Practice Law and Rules permits the Supreme Court of New York to “render a declaratory judgment having the e ect of a nal judgment as to the rights and other legal relations of the parties to a justiciable controversy whether or not further relief is

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 or could be claimed. If the court declines to render such a judgment it shall state its grounds.” The case before the Supreme Court of New York is Wal-Mart Stores Inc. v. Visa USA Inc., N.Y. Sup. Ct., No. 652530/2016.

FROM THE EDITORS By Jim Sivon, Aaron Klein, and Katie Wechsler This issue of the FinTech Law Report features articles by Jo Ann Barefoot, Donald Lamson, Bridget Hagan, Duncan Douglass and Colin Richard. The rst two articles discuss the role of regulation in FinTech. Jo Ann Barefoot provides a unique and cutting edge comparison of the United Kingdom’s proactive regulatory approach of seeking out FinTech with a goal of fostering disruption versus the United States’ regulatory fragments and reactive regulatory structure. The contrasts are striking as she highlights the UK’s stated regulatory approach to “promote competition through disruptive innovation,” against the United States, which “lacks a proactive national competitive strategy.” Using the United Kingdom as a foil, Ms. Barefoot goes through a series of structural impediments and rationales for why the American regulatory system is not handling nancial invocation and FinTech nearly as well as the British, ending with key conclusions and recommendations for a way forward. Highlighting a variety of potential regulatory barriers, from fragmentation, to outdated anti-money laundering rules, to lack of existing legal authority, her analysis is a must read for anyone in the FinTech space, especially nancial those seeking to improve nancial regulation for FinTech. Donald Lamson’s article begins with one of the most newsworthy events in FinTech over the past two months, the sudden decline in the value of LendingClub. He moves through a series of legal changes, from enactment of the Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank) to the Jumpstart Our Business Startups Act of 2012

25

May/June 2016 | Volume 19 | Issue 3 (JOBS Act), to regulatory changes focusing on tightening the availability of credit through the traditional nancial system, to argue that the growth of marketplace lending is a natural and expected outcome. Reasoning that, “[b]anks react to these constraints logically” he articulates a narrative as to why capital and lending are owing through these alternative channels. Intriguingly, Mr. Lamson peers around the corner to consider how this emerging industry will handle its rst experience through an economic downturn and a credit cycle. As is the case with any new form of nancial intermediation, it is, by de nition, untested through a downturn. Mr. Lamson’s prediction that, “[s]hould credit quality continue to su er, online lender losses will only get worse” should give those with exposure to this industry and others in the FinTech space who will be a ected, directly or indirectly, a reason to pause and re ect on alternatives. Much like the common refrain that “winter is coming,” we do know with certainty, that eventually, there will be another recession. How that will manifest itself through FinTech is anyone’s guess. Reading Mr. Lamson’s article will make that an educated guess. Bridget Hagan’s article is a fascinating exploration of a topic that has not yet gotten the attention that it deserves: the interplay between the rise of driverless cars and the business of insurance. In ‘The Future is Now’ Ms. Hagan explores both the current and future legal and regulatory structure as it relates to the driverless or computer driven, autonomous motor vehicle. Among the interesting points that she explores is the likelihood for a decrease in normal car insurance due to the decrease of accidents resulting from the shift to autonomous vehicles, but also the rise of new liability for product coverage, a feature currently non-existent in the auto insurance space. She concludes her analysis by moving to the natural laboratory for experimentation in America, and the home of insurance regulation: the states. She highlights some of the cutting edge state regulatory requirements, such as what is happening in Nevada and extrapolates where we

26

FinTech Law Report may be headed in terms of insurance regulation in a world where technology is behind the wheel. Finally, Duncan Douglass and Colin Richard provide a thorough review and analysis of key activities in regulation and litigation regarding FinTech. Senators Tom Carper (D-DE), Gary Peters (DMI), and Chris Coons (D-DE) Request a GAO Report on Emerging Issues in Mobile Payments The non-partisan GAO, headed by the Comptroller of the United States of America, Gene Dodaro, prepares reports as mandated by law or requested by members of Congress. These Senators, who are leaders in the Congressional Payments Technology Caucus, have formally requested that the GAO report on “ongoing e orts at the state and federal levels related to mobile payments.” The request includes nine speci c questions that focus on a range of topics, including: E Legal or regulatory barriers to payments innovation, including duplicative compliance and enforcement regimes; E Federal agency adoption of new payment technologies in a variety of areas ranging from the Federal Election Commission’s recent approval to allow campaign donations in bitcoin to the use of electronic payments for Supplemental Nutrition Assistance Program (SNAP or as it is commonly referred to, Food Stamps) at farmers markets; E The state of consumer protections for payments across the FinTech spectrum; E Security of the payment system as it relates to new payment methods and adoption of FinTech; E Data collection by the government on fraud; and E Strategies, if any, that are being devised or implemented by the government to address

K 2016 Thomson Reuters

FinTech Law Report regulatory duplication, fragmentation, or barriers to better coordination. The report was just requested and typically GAO can take many months to complete a report. However, this report may well provide the basis for a Congressional hearing and potential legislation in the next Congress as it relates to FinTech and innovation in the payment system. The full letter can be found at: http:// www.peters.senate.gov/imo/media/doc/160516 GA OPaymentsRequestLetter.pdf. Hackers Steal $81 Million From Central Bank of Bangladesh Through Breaking into SWIFT and the Federal Reserve Bank of New York Details continue to emerge from one of the largest cyber crimes in nance on record which occurred in February when the Federal Reserve Bank of New York moved $81 million from the Central Bank of Bangladesh to a bank in the Philippines as a result of a computer hack that came through the SWIFT system. While the core SWIFT computer system itself was not hacked, the ability of hackers to enter into the system through member banks and e ectively move large funds between nations is unprecedented.

K 2016 Thomson Reuters

May/June 2016 | Volume 19 | Issue 3 In May, o cials from Bangladesh, SWIFT, and the New York Fed met in Basel Switzerland to discuss the matter, work on the investigation, and attempt to settle disputing claims as to who is at fault. Legal action is possible and the incident is likely to trigger broader scale reviews of existing technology and security as it relates to interbank transfers. Global FinTech Study Produces Interesting Results The World Retail Banking Report of 2016, prepared by Efma and Cap Gemini, contained a focus on FinTech with new global data on both customers and nancial institutions’ views on FinTech. The report nds that FinTech adoption is higher in Europe, Asia, and Latin America, than in North America, which is surprising. Possibly more surprising is that bankers are deviating signi cantly from consumers in terms of the value proposition of FinTech. While only 4 out of 10 bankers believe that FinTech provides ‘a good experience’ for customers and slightly fewer that ‘FinTechs o er faster services’ than banks, 8 out of 10 customers agree with those statements. An infographic from that report highlights many of the key ndings on the next page.

27

May/June 2016 | Volume 19 | Issue 3

28

FinTech Law Report

K 2016 Thomson Reuters

FinTech Law Report

May/June 2016 | Volume 19 | Issue 3

Editorial Board EDITORS-IN-CHIEF: JAMES SIVON Of Counsel Squire Patton Boggs AARON KLEIN Fellow, Economic Studies & Policy Director, Initiative on Business and Public Policy Brookings Institution KATIE WECHSLER Of Counsel Squire Patton Boggs CHAIRMAN: DUNCAN B. DOUGLASS Partner & Head, Payment Systems Practice Alston & Bird LLP Atlanta, GA MEMBERS: DAVID L. BEAM Partner Mayer Brown LLP DAVID M. BIRNBAUM Financial Services Consultant (Legal Risk & Compliance) San Francisco, CA JEANETTE HAIT BLANCO Senior Regulatory Counsel PayPal San Jose, CA ROLAND E. BRANDEL Senior Counsel Morrison & Foerster LLP San Francisco, CA RUSSELL J. BRUEMMER Partner & Chair, Financial Institutions Practice Wilmer Hale LLP Washington, DC

K 2016 Thomson Reuters

CHRIS DANIEL Partner & Chair, Financial Systems Practice Paul Hastings LLP Atlanta, GA

C.F. MUCKENFUSS III Partner Gibson, Dunn & Crutcher LLP Washington, DC

RICHARD FRAHER VP & Counsel to the Retail Payments O ce Federal Reserve Bank Atlanta, GA

MELISSA NETRAM Senior Public Policy Manager and Counsel Intuit Washington, DC

GRIFF GRIFFIN Partner Sutherland Asbill & Brennan LLP Atlanta, GA

ANDREW OWENS Partner Davis Wright Tremaine New York, NY

PAUL R. GUPTA Partner Reed Smith LLP New York, NY

BIMAL PATEL Partner O'Melveny & Myers LLP

ROB HUNTER Executive Managing Director & Deputy General Counsel The Clearing House Winston-Salem, NC MICHAEL H. KRIMMINGER Partner Cleary, Gottlieb, Steen & Hamilton Washington, DC JANE E. LARIMER Exec VP & General Counsel NACHA—The Electronic Payments Assoc Herndon, VA KELLY MCNAMARA CORLEY Sr VP & General Counsel Discover Financial Services Chicago, IL VERONICA MCGREGOR Partner Hogan Lovells US LLP San Francisco, CA

R. JASON STRAIGHT Sr VP & Chief Privacy O cer UnitedLex New York, NY DAVID TEITALBAUM Partner Sidley Austin LLP Washington, DC PRATIN VALLABHANENI Associate Arnold & Porter LLP Washington, DC RICHARD M. WHITING Executive Director American Association of Bank Directors DAMIER XANDRINE Senior Counsel Wells Fargo & Co San Francisco, CA

29