OCC Wants Its Supervised Financial Institutions to Play In A Sandbox, Too! But Is It Worth It?
The Office of the Comptroller of the Currency (OCC) has opened its own “sandbox” through a Proposed Innovation Pilot Program (Program) designed to promote its innovation initiatives, add value through proactive supervision, and continue its objective to lead fintech innovation expansion. The comment period for the Program is open until June 14, 2019.
The Program follows the Consumer Financial Protection Bureau (CFPB)’s Product Sandbox proposal announced September 2018, but the material differences proposed by the OCC limit the potential benefit for participants of its Program. The CFPB’s Sandbox intends to allow participants to test innovative financial products or services without the need to comply with otherwise applicable or potentially applicable statutory or regulatory requirements. There was some initial confusion regarding whether the Sandbox was limited to innovative products or services, such as those typically labeled “fintech,” or offered by “fintech companies.” The CFPB updated its proposal in February to clarify that any covered entities, regardless of its categorization as FinTech, bank, credit union, or otherwise, could apply to participants in the CFPB Sandbox. The OCC’s Program is intended to provide “a consistent and transparent framework for eligible entities to engage with the OCC on pilots, which are small-scale, short-term tests to determine feasibility or consider how a large-scale activity might work in practice.” The OCC contemplates tailoring the terms of each participant’s engagement, including the parameters for each pilot, and allow participants to use other OCC tools and resources with their pilot.
The OCC Program. To “foster constructive innovative ideas to improve the industry,” OCC-supervised financial institutions (i.e., national banks) may submit an expression of interest and propose a pilot individually or as a collaborative effort among multiple banks. The Program is also open to OCC-supervised institutions that have engaged a third party to offer an innovative activity. The use of regulatory tools for the Program would be considered on a case-by-case basis, and the OCC contemplates tools such as interpretive letters, supervisory feedback, and technical assistance from OCC subject matter experts. But regulatory tools will only be considered if their use would not violate existing laws or cause an unsafe or unsound condition. The Program leaves the door open for the OCC to address the legal permissibility of a proposed activity, but requires this determination before any live test.
The Key Difference from the CFPB Sandbox: No Safe Harbor or Immunity. Other than eligibility referenced above, the critical difference between the proposals is the OCC Program’s refusal to provide a statutory or regulatory waiver. Indeed, there is no safe harbor from consumer protection requirements.
CFPB Sandbox participants (only entities subject to CFPB enforcement and jurisdiction are eligible; banks with less than $10 billion in assets are ineligible) receive (i) relief that is substantially the same as that provided in a “no-action” letter (i.e., a statement that the CFPB will not make adverse supervisory findings or bring a supervisory or enforcement action under its UDAAP authority or otherwise), (ii) approvals, as applicable, under the provisions of the TILA, ECOA, and EFTA that provide a safe harbor from liability in federal or state enforcement actions and private lawsuits for actions taken or omitted in good faith in conformity with CFPB approvals, and (iii) exemptions granted by CFPB order (a) from statutory or regulatory provisions as to which the Bureau has statutory authority to issue exemptions by order (such as provisions of the ECOA, HOEPA, and FDIA), or (b) from regulatory provisions as to which the CFPB has general authority to issue exemptions. Such an exemption provides immunity from federal or state enforcement actions and private lawsuits. To learn more about the background and objectives of the CFPB Sandbox, see our earlier blog post and listen to our discussion with Paul Watkins, Director of the CFPB’s Office of Innovation, on Ballard Spahr’s Consumer Finance Monitor Podcast.
Unlike the CFPB Sandbox, entities accepted under the OCC Program will receive no immunity from complying with applicable laws and regulations. Proposals involving consumers are expected to include controls and safeguards to protect consumers from harm. Such controls and safeguards could include consumer notification or consent, suitable processes for complaint handling, and mechanisms for remediation, including timely and fair compensation for any harm to consumers caused during the pilot. CFPB Sandbox participants, however, must commit to compensate consumers “for material, quantifiable, economic harm” caused by the participant’s offering or providing the product or service within the sandbox program. Both the OCC and CFPB have procedures for publishing certain information, but the OCC proposes to maintain confidentiality of proprietary information, including identification of participating entities “to the extent permitted by law or regulation,” while the CFPB intends to publish information about its participants, denials of applications, and reasons for the denial.
Comments to the OCC Program will shed light on whether the OCC’s proposal includes the appropriate scope, protections, and tools to facilitate innovative efforts and provide value for eligible entities, but the outlook is not promising. Without providing safe harbors or waivers for innovative and forward-looking products, the Program stifles creativity and distinguishes itself from the CFPB Sandbox. Without substantial changes to the Program’s proposal, it is unlikely to convince national banks and related entities that the Program’s alleged benefits are worth pursuing. The OCC will review comments after June 14, 2019, consider any refinements to the Program, and announce an effective launch date. Comments on the OCC Program can be submitted at firstname.lastname@example.org.