December 7, 2021

Volume XI, Number 341


December 06, 2021

Subscribe to Latest Legal News and Analysis

More Regulatory Clarity on the Horizon for FinTech

On September 21, 2021, the FinTech task force of the U.S. House Committee on Financial Services held a hearing on consumer privacy. The hearing was live-streamed and the archived webcast is available on the Committee website.

The hearing was called to address what Task Force Chairman Stephen Lynch called “serious gaps” in the current regulatory scheme, e.g. the Gramm-Leach-Bliley Act (GLBA), Dodd-Frank Act, and Fair Credit Reporting Act (FCRA), due to rapid developments in FinTech. The following highlights key issues discussed.

Changes to the Financial Services Industry

The hearing acknowledged the change in technology, as institutions try to keep up with consumer preferences and desire for convenience when accessing financial services. The industry has grown to now include various FinTechs, such as payment processors, neobanks who offer entirely online and mobile banking, financial management apps, and online investment services.

Data Aggregators

One concern discussed in the hearing is the rise of data aggregators who use APIs to facilitate data sharing between financial institutions. It remains unclear how current laws and regulations apply to the use of APIs for data sharing. The hearing also pointed to the issue of meaningful consent to data sharing when consumers engage an API and whether consumers have sufficient control over their data.

Proposed Rulemaking

The heart of the hearing was the proposed rulemaking by the CFPB under Section 1033 of the Dodd-Frank Act on “Consumer Access to Financial Records.” The proposed rulemaking intends to clarify standards around consumer-authorized access to financial information. The CFPB issued an Advance Notice of Proposed Rulemaking on November 16, 2020,  to solicit comments to assist in developing any new regulation. The period for comment submission closed on February 4, 2021. While the witnesses all appeared to be in favor of additional regulatory clarity in the space, several speakers cautioned against regulations that are technical in nature.

Putting it into Practice

It is clear that data privacy is top of mind for consumers, regulators, and legislatures alike. As we await regulatory guidance from the CFPB, FinTech businesses should pay attention to their consumer data collection and sharing practices. The following are some steps companies may wish to consider taking as they work through their existing compliance obligations:

  • Data mapping. An enterprise-wide data inventory and mapping exercise could help identify the types of personal information the business collects about consumers, the reasons for collection, and the entity’s information-sharing practices.

  • Vendor/service provider review. Robust vendor management compliance programs are essential to ensure that personal information of consumers is appropriately shared and restricted.

  • Privacy policy and disclosures. Privacy policies and disclosures mandated by various state and federal laws should be reviewed periodically.

  • Operational implementation. Companies may wish to consider how to operationalize certain proposed regulations being considered, particularly with respect to data aggregators.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 273

About this Author

Chelsea Staskiewicz Labor & Employment Attorney Sheppard Mullin San Diego, CA
Attorney, Provisionally Licensed

Chelsea Staskiewicz is an attorney in the Labor and Employment Practice Group in the firm's San Diego office. She is also a member of the Blockchain and Fintech Team.

While in law school, Chelsea was selected for the U.S. Securities and Exchange Commission’s Honors Intern Program and clerked for the Cyber Unit in the Division of Enforcement.

A.J. S. Dhaliwal Bankruptcy Attorney Sheppard Mullin Washington DC

A.J. is an associate in the Finance and Bankruptcy Practice Group in the firm's Washington, D.C. office. 

A.J. has over a decade of experience helping banks, non-bank financial institutions, and other companies providing financial products and services in a wide range of matters including government enforcement actions, civil litigation, regulatory examinations, and internal investigations.

With a diversified regulatory, compliance, and enforcement background, A.J. counsels financial institutions in matters involving...

Moorari Shah Bankruptcy Lawyer Sheppard Mullin Law Firm

Moorari Shah is a partner in the Finance and Bankruptcy Practice Group in the firm's Los Angeles and San Francisco offices. 

Areas of Practice

Moorari combines deep in-house and law firm experience to deliver practical, business-minded legal advice. He represents banks, fintechs, mortgage companies, auto lenders, and other nonbank institutions in transactional, licensing, regulatory compliance, and government enforcement matters covering mergers and acquisitions, consumer and commercial lending, equipment finance and leasing, and supervisory examinations,...