III. California Settles Claims Against FinTech Company for Misrepresenting Banking Services
FinTech providers were also under scrutiny at the state level. In March 2021, the California Department of Financial Protection and Innovation (“DFPI”) entered into a settlement agreement with Chime regarding Chime’s use of the words “bank” and “banking” in marketing the company’s products. Chime is a FinTech that works with bank partners to offer consumer bank accounts online. It manages the programs on behalf, and with the oversight, of the bank partners. But Chime is not a bank, and according to the DFPI Chime was not clear enough about this fact. Its principal website domain was chimebank.com, and its marketing efforts contained language that, according to the DFPI, could lead consumers to think they were banking with Chime.
Chime escaped without financial penalty, but was required to make significant changes to its marketing efforts. Chime agreed to cease using its domain “chimebank.com,” beef up its internal marketing compliance program, and clearly disclose that it is not a bank and that banking services are being provided by Chime’s bank partners. Much has been written over the last few years about the rise of so-called “neobanks” and their disruption of the traditional consumer financial services market. However, these companies, like Chime, are often not banks at all. The Chime settlement agreement with DFPI is a good reminder that FinTech companies, in their quest to create a cohesive brand strategy, should be careful not to misrepresent their role.
IV. Regulatory Guidance and Challenges Related to Virtual Currency and the Adoption of Stablecoins for Payment Activity
A. OCC Issues Interpretive Letter Permitting the Use and Creation of Stablecoins by Banks, But for How Long?
In January 2021, the OCC issued an interpretive letter allowing banks to use Independent Node Verification Networks (“INVNs”) and stablecoins for payment activities. An INVN is “a shared electronic database where copies of the same information are stored on multiple computers.” Stablecoins are assets “designed to maintain a stable value relative to an identified fiat currency.” The letter expanded upon prior statements permitting banks to facilitate cryptocurrency and fiat currency exchange transactions, and encouraging them to hold “reserves” for stablecoins on at least a one-to-one basis.
The OCC drew on precedent authorizing a national bank to offer an electronically stored value (“ESV”) system, characterizing ESV as the electronic equivalent of paper payment systems and likening ESV’s functionality to services already provided by banks. The OCC observed that the distinction between stablecoins and cards with ESV used to facilitate cashless payments is merely “technological in nature.” The letter also noted stablecoins’ efficiency in the retention, transfer, transmission, and exchange of fiat currency value and their particular usefulness in cross-border transfers.
The OCC found that banks possess the requisite expertise to facilitate exchange, settle transactions, and manage their position as a financial intermediary. These factors, coupled with the demand for banks to use INVNs and stablecoins, led the OCC to conclude that banks may “validate, store, and record payments transactions by serving as a node on an INVN,” and to approve the use of INVNs and stablecoins for permissible payment activities. Finally, the letter permits banks to “buy, sell, and issue stablecoin to facilitate payments.”
The OCC acknowledged risks concomitant with stablecoins, including difficulty in verifying parties to a transaction and the need to safeguard reserve assets, maintained on a one-to-one ratio, to ensure satisfaction of liquidity needs and to cover potential losses. Moreover, it cautioned that cryptocurrency payment activities increase risks associated with Bank Secrecy Act and anti-money laundering compliance, and that stablecoin issuance requires conformity with applicable securities regulations.
Acting Comptroller Michael Hsu has asked OCC staff to review the agency’s cryptocurrency actions. Hsu expressed concern that the OCC’s cryptocurrency positions lacked “full coordination with all stakeholders” and were not part of a broader regulatory strategy.
B. New York Resolves Regulatory Action Against Stablecoin Issuer and Cryptocurrency Exchange
Demonstrating that concerns about stablecoin reserves are well-founded, the New York Attorney General (“NYAG”) investigated a cryptocurrency exchange platform, Bitfinex, and the issuer of the stablecoin Tether. The NYAG found that Tether’s disclosures about the reserves claimed to back the stablecoin were misleading. Specifically, the NYAG found that Tether included in its “reserves” money lent to Bitfinex, failed to announce changes made to its reserve disclosures (despite the disclosures’ referencing “other assets and receivables from loans” as a component of reserves), and failed to disclose Bitfinex’s capital liquidity issues resulting from its loss of control of approximately $850 million. While neither Bitfinex nor Tether admitted the findings, they agreed to pay the State of New York a penalty of $18.5 million, to publish the categories of assets backing its reserves for two years, and to discontinue future activities with New York residents and businesses.
C. FinCEN Issues Notice of Proposed Rulemaking to Track Cryptocurrency Transactions
To enhance the ability of law enforcement agencies to track the flow of money in convertible virtual currency (“CVC”) or digital assets with legal tender status (“LTDA”), the Financial Crimes Enforcement Network (“FinCEN”) issued a proposed rulemaking pursuant to the Bank Secrecy Act. Specifically, the proposed rule would require reporting, record keeping, and verification in connection with transactions greater than $3,000 involving either un-hosted wallets or wallets that are “otherwise covered.” The proposed rule would require banks and money services businesses to report transactions to FinCEN within fifteen days of their occurrence, and to keep records related to their customer, their customer’s CVC or LTDA transactions, and the counterparties to such transactions. FinCEN’s second notice of the proposed rulemaking identified additional authority under the Anti-Money Laundering Act and supplemented information on the reporting.
V. Bitcoin Is “Money” for Purposes of Money Transmission Laws in the District of Columbia
In 2019, Larry Dean Harmon was charged in federal court in the District of Columbia with engaging in money transmission without a license in violation of the D.C. Money Transmitters Act (“MTA”) and with money laundering and operating an unlicensed money transmitting business in violation of 18 U.S.C. §§ 1956 and 1960. The allegations against Harmon related to the operation of a Bitcoin “tumbler”—a service that for a fee would transmit Bitcoin through a series of transactions in an effort to mask the (illegal) origins of the virtual currency. Harmon moved to dismiss the two counts related to money transmission on the grounds that Bitcoin is not money for purposes of the MTA and, thus, his tumbler service was not engaged in money transmission. Although the MTA does not define the term “money,” the court held that the word is commonly understood to mean “a medium of exchange, method of payment, or store of value” and that Bitcoin fell within that definition. Defendant noted that the D.C. Department of Insurance, Securities and Banking (“DISB”), which has authority to enforce the MTA, had indicated on its webpage that virtual currencies were unregulated and consumers should be aware of the increased risks they pose. The court was not persuaded by the DISB webpage, which it viewed as a consumer alert and not an official interpretation of the law, and denied the motion to dismiss.
Subsequently, prosecutors made the court aware of a nonpublic letter DISB had sent to a company that had inquired about the need to obtain a money transmitter license for a virtual currency project. DISB informed the company that it would not need a money transmitter license because virtual currency services do not involve the transmission of money. Based on this new information, the defendant moved for reconsideration. The court denied the motion, holding that the DISB letter was legally not entitled to deference and, even if it was, the reasoning set forth in the letter was entirely unpersuasive. In particular, the court opined that the DISB letter misinterpreted and misapplied guidance on virtual currencies issued by FinCEN. The Harmon decision signals that courts are increasingly capable of sophisticated analysis of virtual currency issues and will not always defer to litigants or administrative agencies when applying the law to virtual currency businesses.
VI. CFPB Issues Advisory Opinion and Guidance on Earned Wage Access Products
On December 10, 2020, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion regarding Earned Wage Access (“EWA”) products. The advisory opinion primarily addresses the question of if and when an EWA program is covered by the Truth in Lending Act (“TILA”) and Regulation Z. EWA products provide workers with access to funds that they have earned but that have not yet been paid to them. The advisory opinion concludes that EWA programs that meet certain requirements are not an “extension of credit” and not subject to TILA or Regulation Z.
The advisory opinion builds upon commentary included in regulations regarding payday lending issued in 2017. Those regulations suggested that an EWA product that allows an employee to draw accrued wages ahead of a scheduled payday recoups the advance through payroll deduction, and does not provide recourse against the employee might not be a form of lending. Relying on the 2017 regulations, the CFPB concluded that EWA programs that “provide access to the consumer’s own funds” through transactions that are “limited to the accrued cash value of employee wages” are not an extension of credit for purposes of Regulation Z.
Under CFPB’s advisory opinion, an EWA product qualifies as a Covered EWA Program which is not an extension of credit and not subject to Regulation Z if it meets all of the following criteria:
- The provider contracts with the employer.
- The advance does not exceed the amount of earned wages verified by the employer.
- The employee pays no fee, voluntary or otherwise, for the service. The advance must be sent to an account of the employee’s choice. If the account receiving the advance is a prepaid account offered by the provider, then certain additional fee restrictions apply to the prepaid account.
- The provider recovers the advance only through payroll deduction from the next paycheck. One additional deduction may be attempted if the first deduction fails for technical reasons.
- If the advance can’t be collected through the payroll deduction, the provider can’t otherwise collect from the employee.
- The provider must make certain warranties to employee, including that there will be no fees, no recourse against the employee, and no debt collection activities.
- The provider may not conduct a credit assessment or credit reporting.
EWA products that do not verify an employee’s earned wages with the employer, do not recoup the funds through payroll deduction, or that otherwise do not meet these criteria would still potentially be subject to Regulation Z.
CFPB also issued an approval order for an EWA program. Through this type of order, CFPB grants an entity a safe harbor from legal liability regarding a certain product or practice if it follows certain conditions prescribed in the order. The approval order describes one of the entity’s EWA programs and concludes that the EWA product at issue is not an extension of credit. The approved EWA program differs from criteria for a Covered EWA Program in some respects. The EWA program does provide a method to access the EWA payment without a fee, but it also offers other methods of accessing EWA funds that do involve a fee. In addition, while the advisory opinion allows an EWA provider to make a single additional attempt at recoupment if the first attempt fails for technical reasons, the approval order permits the provider to re-present the deduction in the two subsequent paychecks if the initial recoupment fails. CFPB does not explain why the approval order varies from the criteria set forth in the advisory opinion. We expect CFPB will issue additional approval orders or other forms of guidance regarding EWA products in the future.
VII. PayPal Succeeds in Invalidating Parts of the CFPB’s Prepaid Account Rule
The D.C. District Court sided with PayPal in its challenge to two provisions of the CFPB’s Prepaid Account Rule (“Rule”). The provisions, effective on April 1, 2019, were: (i) the highly prescriptive short-form disclosure requirement and (ii) the prohibition on linking credit features to an account for thirty days.
Under the Rule, financial institutions that offer prepaid accounts must generally provide certain pre-acquisition disclosures to consumers. One such disclosure is a tabular short form disclosure that lists the most common fees assessed in connection with the account being issued. The Rule prescribes use and location of disclaimers, pixel and font size, color, and content, among other things. According to PayPal, following the prescriptive tabular format caused confusion and led many customers to believe that PayPal had begun to assess fees for services that were performed for free.
The Rule also requires card issuers to wait thirty days after a consumer registers a prepaid account before linking certain credit features to that account. As applied to PayPal, this prohibited PayPal from allowing consumers to attach their own separate credit products that they’ve had for years to PayPal’s digital wallets for the first thirty days after they have acquired the digital wallet product. The court concluded the CFPB had exceeded its statutory authority with regard to both challenged provisions, granted PayPal’s motion for summary judgment, and vacated both provisions. The CFPB has filed an appeal, so the longer-term status of the Rule is unknown.
The court, however, did not consider PayPal’s argument that the Rule violated PayPal’s First Amendment rights, which is unfortunate. There is growing interest in the intersection of financial disclosure regulations and freedom of speech, and we have previously covered how courts apply First Amendment principles to the “the pervasive and extremely detailed disclosure requirements that regulators frequently impose on electronic financial products and services.”
VIII. FTC Issues Warning Related to the Sale and Use of Artificial Intelligence
The FTC staff announced through an April 2021 blog post that selling or using algorithms that are biased on the basis of race or other protected classes violates federal law. Citing the agency’s experience in enforcing the FTC Act, the Fair Credit Reporting Act, and the Equal Credit Opportunity Act against developers and users of artificial intelligence (“AI”), the FTC offered guidance on how to use AI in a compliant way. When developing algorithms, businesses should ensure that data that the algorithm is built on does not exclude information from particular populations. Once the algorithm is developed, it should be tested, both before initial use and periodically thereafter, to identify and avoid discriminatory outcomes. The blog post also advised businesses to consider using transparency frameworks and independent standards so biases may come to light, and cautioned against making untruthful statements about what the algorithm can do and how the data is used. New technology is never perfect, but the FTC reminds businesses that a practice is unfair if it causes more harm than good.
Financial institutions and FinTechs heavily rely on AI, such as to authenticate customer identity, detect suspicious transactions, prevent fraud, enable better and more efficient customer service, and for many other purposes. This FTC blog post is a good reminder for electronic payment companies to examine existing AI systems to evaluate their risk of noncompliance. After all, as the FTC warned, companies need to hold themselves accountable “or be ready for the FTC to do it for you.”
IX. Conclusion
As in past years, we continue to see regulators struggle to deal with new and evolving financial products. We anticipate that federal and state agencies will continue to fight over which should have primary authority over the FinTechs. Business lawyers should also expect to see additional regulations and enforcement actions in the area of virtual currency. We note that Federal Reserve Chair Jerome Powell has already announced that in the near future the Federal Reserve Board will publish a paper discussing use of new technology in payments, including the possibility of issuing a central bank digital currency. The Board has also issued proposed rules governing the use of FedNow, its new instant payment system which it expects to be available in 2023. As the regulatory framework for real-time payment networks evolves, we expect to see additional actions from CFPB and states with regard to new financial products like Earned Wage Access which are made possible by these new payment networks.