Fintech and the U.S. Regulatory Response

Remarks at the 4th Bund Summit on Fintech

Shanghai, China

By Gerald Tsai, Director, Fintech and Applications, Financial Institutions Supervision and Credit, Federal Reserve Bank of San Francisco

Delivered on July 9, 2017

Download PDF Version (128.86 kb)

Introduction

Good afternoon. I greatly appreciate the opportunity to share with you my perspectives on U.S. financial regulatory developments related to fintech. Before I begin, I’d like to congratulate the Shanghai Financial Institute and the other sponsors for hosting such a successful event, and also express my thanks for inviting me to join you. In addition, I’d like to preface my remarks by noting that the views and opinions I express today are solely my own, and do not necessarily reflect the views of the Federal Reserve Bank of San Francisco or any other part of the Federal Reserve System.

I am sure that many of us share the view that technology is a dynamic and increasingly important part of the financial system in the United States and throughout the world. Through advances in mobile technology, cloud computing, data aggregation and other fields, fintech presents opportunities to expand and improve the way financial services are delivered. While entrepreneurs, traditional banks, and tech companies are at the forefront of fintech, financial regulators also have an important role in fintech development. As regulators, I believe our principal responsibility is to ensure that supervised institutions are operated safely and soundly and comply with applicable laws, including treating consumers fairly. Within that framework, however, we also have a strong interest in permitting socially beneficial innovations to flourish, and also in ensuring that the risks are appropriately managed. In this vein, financial authorities in the U.S. and many parts of the world are developing ways to appropriately adapt regulatory and supervisory structures relative to changing technologies and business models.

To help put the U.S. regulatory response in context, I will first provide a brief overview of the U.S. fintech industry, and outline the U.S. financial regulatory structure. Afterwards, I’ll discuss some of the steps that U.S. regulators have taken to address fintech matters. Finally I’ll conclude with some thoughts on continuing opportunities and challenges in U.S. fintech regulation.

U.S. Fintech Industry

There are three kinds of fintech business models and structures in the United States today. The first model involves technology firms that provide financial services directly to customers through the use of mobile platforms and other innovations. They can be attractive to some customers because they often have comparatively faster decision times for certain financial products. They are also attractive in many cases because of their emphasis on convenience and the overall customer experience. These fintech firms do not rely on banks to deliver their products and services, and often compete directly with banks and other traditional financial institutions. In many ways, I think of this model as the “original concept” behind fintech, but as I’ll explain further, the number of U.S. fintech firms that operate under this model is low and seems to be decreasing.

The second model covers banks and other traditional financial services providers which have adapted and developed fintech solutions to improve the delivery of their financial services. Some of these banks are offering products comparable to those found at fintech firms. Some banks are researching and developing financial technologies themselves, while others find it more convenient and cost effective to turn to their core processors, software providers and other firms for such services.

The third model involves partnerships and similar relationships between nonbank fintech firms and traditional banks to deliver financial services. This model often combines the innovation and user experience focus of fintech firms with the risk management skills, deep customer relationships and other strengths of traditional banks. For example, many fintech marketplace lenders handle the consumer-facing loan application process and investor-facing funding process, but rely on a bank partner to handle loan decisions, originations and initial loan funding. Likewise, digital payment and wallet firms have designed attractive and convenient mobile applications for customers to transfer funds as well as pay for goods and services. Such firms ultimately rely on banks to clear and settle payments on traditional bank payment systems, including the automated clearing house (referred to as ACH) and the credit and debit card networks. This partnership model has taken on increased prominence in recent years in the U.S. as many fintech firms move away from emphasizing disruption and towards greater collaboration with banks.

U.S. Regulatory Structure

So, now that we’ve talked a little about the structure of the fintech industry, I’ll turn to the structure of U.S. financial regulation. As with many countries, the U.S. does not have a single fintech license or regulatory agency. Rather, fintech activities fit within the broader framework of financial regulation and thus can be conducted by companies subject to a variety of regulators, either at the state or federal level. 

The U.S. model of financial regulation spans both functional and consolidated supervisors and balances elements of centralized and federated authority. In this regard, many nonbank financial activities like lending, money transmission and insurance are primary regulated by the 50 individual states for prudential and licensing matters. The securities and banking industries are jointly regulated by multiple federal agencies and the 50 states (and in the securities industry, industry self-regulation plays an important role as well). Cutting across multiple industry types, the federal government has taken a leading role in regulating and supervising for consumer financial protection matters, although many states also play an important role. Finally, while the U.S. doesn’t have an explicit payment systems regulatory structure, the Federal Reserve through its role in operating and setting standards for certain major payment systems plays an important role too.

So how does this regulatory structure work in real life? Let’s take a hypothetical fintech company that wants to engage in lending and money transmission. Lending companies and money transmitters are regulated at the state level—so a non-bank fintech company that chooses to engage in either activity will generally need to get a separate license for and be subject to differing rules in each state in which it conducts business. Many fintech and other nonbank financial services companies have expressed concern about the operational and legal challenges associated with having up to 50 different simultaneous regulators. 

That same fintech company might consider the regulatory structure for banks. Relatively speaking, U.S. banks have a more consolidated regulatory model—banks can elect between varying federal or state charters and supervisors but all banks will have a primary federal regulator and in the case of state banks a single state regulator as well. While some overlap still exists, the U.S. regulatory model for banks provides for a more uniform set of rules and supervisory processes for nationwide operations than compared to nonbank fintech firm. Moreover, banks have privileges unavailable to nonbank fintech firms including deposit insurance, nationwide lending powers, and access to bank payment systems. Of course, with such unified supervision and privileges comes a higher level of prudential, conduct and other regulation than a nonbank fintech firm may be ready for. Moreover, depending on the structure and size of the bank, a variety of other federal and state agencies may continue to regulate other activities of the bank or its affiliates including insurance, investment broker/dealer and advisory services as well as consumer protection compliance.

While not many fintech firms have opted to become or acquire banks, thus subjecting themselves to direct bank supervision, many banks and fintech firms (as I noted before) are partnering to offer financial services. In this model, the fintech firm is usually still required to obtain all necessary licenses and remain subject to supervision from state regulatory authorities. Meanwhile, the bank remains subject to supervision from federal and state banking authorities. In addition, if the fintech firm is providing any services to the bank or its customers, the bank in many cases remains responsible for the services the fintech firm is providing. U.S. federal banking regulators have enacted third-party risk management guidance for banks specifying due diligence, audit, ongoing monitoring and other standards to guide banks in such relationships. In addition, fintech firms that provide certain kinds of services to banks may in some cases also be subject to direct examination by the federal banking supervisors.

As you can imagine, the structure of the U.S. regulatory system impacts fintech firm operating models—there would likely be more nonbank fintech firms directly competing with traditional banks if not for the difficulties involved in 50-state licensing. The supervisory requirements for banks also likely limit the number of fintech firms considering bank charters. Moreover, the large and increasing number of fintech/bank partnerships seems to reflect industry efforts to leverage the latest developments offered by technology firms with the established customer base, regulatory compliance experience and lending and payment capabilities of banks. 

Likewise, I think it is also important to keep the U.S. regulatory structure in mind when considering the fintech steps taken by U.S. agencies. The distributed nature of U.S. regulatory authorities means that multiple agencies may have a stake in considering certain fintech matters. It also means that new guidance and programs will often come from multiple agencies and in some cases may have narrower application than comparable measures from jurisdictions with more centralized authorities.

U.S. Financial Regulatory Response

Now that I’ve given you a high-level summary of the U.S. fintech and regulatory structure, I’d like to focus on some of the fintech-related steps that U.S. financial supervisors have taken. Regulators and jurisdictions in many parts of the world have taken fintech-related actions, including the establishment of innovation hubs, sandboxes, new chartering and passporting measures, and clear regulatory authorities including direct guidance. We may not always use the same terminology, but fintech steps by U.S. regulators are generally proceeding along the same model. 

U.S. financial supervisors are establishing programs similar to “innovation hubs” to help answer regulatory questions raised by new applications of technology. Through programs like the Consumer Financial Protection Bureau’s Project Catalyst, the Office of the Comptroller of the Currency’s Office of Innovation, and the Commodity Futures Trading Commission LabCFTC program, these agencies provide channels through which fintech firms and traditional financial services firms can communicate with the agency on fintech matters including through “office hour” type meetings.1 These efforts usually include dedicated agency staff who are knowledgeable on and serve as points of contact for the fintech industry. In this vein, I’d also like to mention the SF Fed’s recently launched Fintech Navigate program.2 We welcome all opportunities to communicate with interested fintech firms, banks and related parties.

Second, U.S. financial regulators have also begun to address and consider some of the chartering and licensing considerations in the fintech space. One example is New York State’s “BitLicense” program which establishes a special licensing and oversight program for companies engaged in virtual currency activities.3 Highlighting the diversity of outcomes that can be explored in the U.S. regulatory model, the States of Texas and Illinois have exempted many virtual currency activities from state money transmission licensing requirements.4 Another example of action in the chartering space is the Office of the Comptroller of the Currency’s proposed fintech-oriented special purpose national bank charter.5 However, I won’t comment further on the proposal as it is the subject of ongoing litigation filed by state regulators against the Comptroller of the Currency. Finally, the state banking and other financial supervisors have announced their Vision 2020 initiative, one of the goals of which is to establish a 50-state integrated licensing and supervisory system—while still in its early stages, this measure seems aimed at addressing some of the same cross-jurisdictional issues that have, in part, given rise to fintech “passporting” efforts under consideration in the EU.6

At the same time, U.S. financial regulators have expanded upon current guidance, and are considering further measures to address matters of interest to fintech firms and their partners. One area of particular recent activity relates to vendor or service-provider type relationships between banks and third parties. For example, the Federal Deposit Insurance Corporation has issued proposed guidance on third party lending arrangements.7 The Office of the Comptroller of the Currency has recently clarified its Third Party Relationship Risk Management guidance which addresses the kinds of due diligence and other steps that national banks should take when they seek to obtain services from third-parties.8 Lastly, the Consumer Financial Protection Bureau has recently announced it has begun examining certain service providers to financial institutions, although this program seems to be initially focused on the home mortgage industry.9

U.S. regulators have also considered fintech-related policy and related matters besides third-party relationships. Many fintech firms and banks use consumer financial and other data to help design and provide financial services. In late 2016, the Consumer Financial Protection Bureau sought public comments on consumer access to financial account and account-related data, including access by entities acting with consumer permission, in connection with the provision of products or services that make use of that information.10 Aside from data access, some fintech firms and other institutions are considering potential uses of alternative data, by which I mean information beyond traditional factors like credit scores, in making lending decisions. In that vein, the Consumer Financial Protection Bureau also sought information from the industry and broader public about the use or potential use of alternative data and modeling techniques in the credit process.11 Finally, I’d also like to note that the Federal Reserve, outside of our role as a financial regulator, has taken steps in the payments space that may be of interest to the fintech industry, such as facilitating task forces on faster and more secure payments and separately conducting research on distributed ledger technology.12

Opportunities and Challenges

At this point, I’d like to turn to some areas where I see further opportunities and challenges for U.S. regulators and the fintech industry.

The first area is engagement. As I’ve mentioned, certain regulators have established programs or informal mechanisms to communicate and interact with the fintech industry. I would like to see greater expansion and use of such programs. Communication is key, and given the number of agencies involved, one of the most important steps for the fintech industry is to take advantage of the initiatives we already have underway or establish in the future. The reality of the U.S. regulatory model is that fintech firms and other industry players will often need active exchanges of information with multiple financial supervisors to smoothly employ new technology.

The second area that I’d like to see regulators devote some more thinking on, and the topic of an upcoming panel at this summit, is “Regtech,”—by which I mean exploring how regulators and the industry can use technological innovations in areas such as automation and machine learning to make regulatory compliance and oversight processes more effective and efficient. I’ve seen some promising developments in the area of anti-money laundering compliance, and believe that further opportunities exist in areas like risk management and consumer protection compliance. At least one agency, the Commodity Futures Trading Commission, has made exploring the use of innovation in supervisory processes a part of their fintech goals—I hope more U.S. regulators will take similar steps and look forward to discussing this topic at greater length at the upcoming panel.

Finally, I’d like to see regulators and industry focus on fintech considerations as they relate to traditional community banks and other smaller financial institutions. Community institutions are an important part of the American banking and financial system, especially in light of their role in providing small business credit. In some cases, community banks may face cost, operational or other challenges in adopting innovative technologies, especially when compared to larger institutions. As some bankers have noted, institutions slow to adopt digital offerings may find that they face longer-term challenges in light of changing customer expectations. While I recognize that not every community bank needs to immediately transform its offerings, I hope that institutions will continue to consider appropriate opportunities to adopt new technologies consistent with their business model and sound risk management practices. Given that many community banks and other institutions work with service providers to incorporate new technologies into their offerings, I hope that more U.S. regulators will consider appropriate clarifications to existing third-party risk management guidance to address measures which may be unintentionally impeding community banks from adopting beneficial technologies.

That concludes my prepared remarks. Thank you again for the opportunity to speak today, and I look forward to the remainder of this summit and your questions.


End Notes

1. Consumer Financial Protection Bureau Project Catalyst; Office of the Comptroller of the Currency’s Responsible Innovation; and Commodity Futures Trading Commission’s LabCFTC.

2. Federal Reserve Bank of San Francisco’s Fintech Web Page

3. New York Department of Financial Services: Revised BitLicense Regulatory Framework

4. Texas Department of Banking Supervisory Memorandum: Regulatory Treatment of Virtual Currencies Under the Texas Money Services Act; and Illinois Department of Financial and Professional Regulation: Digital Currency Guidance

5. Office of the Comptroller of Currency: Exploring Special Purpose National Bank Charters for Fintech Companies

6. Office of the Comptroller of Currency: Exploring Special Purpose National Bank Charters for Fintech Companies

7. Federal Deposit Insurance Corporation: Press Release Announcing the Beginning of the Comment Seeking Period for its Guidance on Third-Party Lending

8. Office of the Comptroller of the Currency: FAQs to Supplement OCC Bulletin 2013-29

9. Consumer Financial Protection Bureau: Supervisory Highlights, April 2017: (see page 24).

10. Consumer Financial Protection Bureau: Request for Information Regarding Consumer Access to Financial Records

11. Consumer Financial Protection Bureau: Request for Information Regarding Use of Alternative Data and Modeling Techniques in the Credit Process

12. Faster Payments Initiative of the Federal Reserve System; and Board of Governors of the Federal Reserve System Working Paper: Distributed Ledger Technology in Payments, Clearing, and Settlements

The views expressed are solely the author’s and do not necessarily reflect the views of the Federal Reserve Bank of San Francisco or of the Board of Governors of the Federal Reserve System.