On April 23, 2020, the Office of the Comptroller of the Currency (“OCC”) filed its opening brief defending its special purpose fintech charter in the U.S. Court of Appeals for the Second Circuit.

The special-purpose charter, initially proposed by former Comptroller Thomas Curry in December 2016, would permit vetted non-depository fintech companies to operate under a federal charter overseen by the OCC without the burdens of state-by-state regulation and licensing. However, the program faced criticism and lawsuits from state regulators.   Click here for our prior coverage on this lawsuit.

The New York Department of Financial Services (“DFS”) led the challenge against the fintech charter in Lacewell v. Office of the Comptroller of the Currency in federal district court action in the Southern District of New York.  In May 2019, Judge Victor Marrero ruled against the OCC, denying its motion to dismiss and holding that the DFS had Article III standing to show that OCC’s charter was a threat to DFS’s authority over the nearly 600 non-depository fintechs. In October 2019, Judge Marrero entered a final judgment in favor of DFS and set aside the OCC’s regulations with respect to any fintech charter applications.

On appeal to the Second Circuit, the OCC urges in its opening brief for a reversal of Judge Marrero’s decision.  The OCC first argues that the DFS lacks standing since its alleged injuries are not ripe, premised only on hypothetical because the OCC has not yet received or taken any steps toward approving an fintech charter application.  According to the OCC, a “mere announcement” it will entertain applications “does not cause any concrete harm to DFS.”  The OCC also maintains that the DFS claims fail because the OCC’s interpretation of its authority to issue charters is reasonable and entitled to Chevron deference.  The OCC argues that the National Bank Act (“NBA”) is ambiguous as to whether the “business of banking” requires deposit taking. Finally, the OCC argues that that any relief sought by the DFS should be “geographically limited to New York,” since the DFS “only asserts harm with a nexus to New York.”

While the industry awaits a decision on whether the OCC fintech charter will survive, fintech companies have sought alternative charters.  In March 2020, Square, Inc. became the first U.S. fintech company to receive conditional approval from the Federal Deposit Insurance Corporation’s (FDIC) Industrial Loan Company (ILC) charter to pair with Square’s prior state charter from the Utah Department of Financial Institutions.  Unlike the challenges plaguing the OCC fintech charter, the FDIC’s decision signals an alternative banking pathway for fintech companies. Click here for our prior coverage of Square’s ILC charter.

The case is Lacewell v. Office of the Comptroller of the Currency, case number 19-4271, in the U.S. Court of Appeals for the Second Circuit.

With the help of McGuireWoods, Funding Circle, the leading online small business loan platform in the United States, joins fintech companies Intuit, PayPal, and Square, to participate in the U.S. Small Business Administration’s (SBA) Paycheck Protection Program (PPP), which was enacted as part of the CARES Act last month. To recap, the PPP provides aid in the form of potentially forgivable loans to eligible small businesses. The loans may be used to cover qualified payroll costs, rent, utilities, and interest on mortgage and other debt obligations in order to allow borrowers to maintain pre-COVID-19 employment numbers and compensation levels to their employees.

The coronavirus response landscape is shifting daily, and sometimes hourly, as regulators fight the clock to roll out aid fast enough to help keep small businesses afloat. For example, as we have previously reported, there was initial uncertainty about whether nonbank fintech companies would be able to participate, as the Treasury and SBA were in a time crunch to get the program up and running, and the lender application did not initially include fintech lenders – only federally insured depository institutions, federally insured credit unions, and certain farm credit institutions.

Although fintech lenders have now been approved, the SBA announced last week that the initial $349 billion allocated for the program had already been drained, with many small businesses still without funding.

On Tuesday April 21, the Senate reached an agreement to replenish the PPP with another $310 billion, and the House passed the measure today. While $250 billion of the $310 billion is added without limit, the remaining $60 billion is reserved for small and midsize banks, credit unions and community development finance institutions.

Many fintech lenders already have established relationships with small businesses and sole proprietorships, the intended beneficiaries of the PPP. Also, these fintech companies often have streamlined systems and online platforms in place to efficiently extend loans remotely. Notably, Funding Circle announced it will be providing support to applicants in four languages — English, Spanish, Mandarin, and Hindi, exemplifying just one of the ways that fintechs can make sure money gets to minority communities and smaller businesses, and reach customers that some traditional banks don’t.

Fintech companies Intuit, PayPal and Square have officially been approved to participate in the U.S. Small Business Administration’s (SBA) $349 billion Paycheck Protection Program (PPP), which was enacted as part of the CARES Act last month. To recap, the PPP provides aid in the form of potentially forgivable loans to eligible small businesses, which loans may be used for payroll and other expenses. These fintech companies are now accepting loan applications.  Other fintech companies, including Funding Circle, are awaiting approval to follow suit.

As we reported last week, initially there was uncertainty about whether nonbank fintech companies would be able to participate in the PPP, as the Treasury and SBA were in a time crunch to get the PPP up and running, and Treasury’s application for lenders did not initially include fintech lenders – only federally insured depository institutions, federally insured credit unions, and certain farm credit institutions. The rules that Treasury issued on April 2, 2020  preapproved traditional banks to make PPP loans as long as they were in good financial condition and not in trouble with any federal regulators. The rules stated that non-banks were required to meet other standards, including compliance with the Bank Secrecy Act.

These three fintech approvals are a step in the right direction, as many fintech lenders are well-positioned to extend loans to the small businesses with which they have relationships, as well as to new borrowers.  The approvals come several days after incumbent SBA lenders were able to start processing applications, which could reduce the pool of funds available for new lenders entering the PPP market, given the $349 billion cap on the funds available for this first-come, first-served program.  But some traditional banks have limited their own participation in the PPP, which may leave a lot of borrowers in need of alternative sources of funding through fintechs.  Further, there is talk of increasing the funds available for the PPP through additional legislation.  We will continue to provide updates as the PPP is expanded to other non-bank lenders, as well as any increases in funding available for this vital small business loan program.

The latest regulations coupled with the Treasury Department guidance have left many scratching their heads as to whether fintech companies will be able to provide small business loans under the recently enacted Paycheck Protection Program (PPP), a crucial part of the U.S. legislature’s latest attempts to address the serious economic impacts of the COVID-19 pandemic.  While the landscape is shifting daily, and sometimes hourly, as regulators fight the clock to roll out the program fast enough to help keep many small businesses afloat – regulators should not lose focus on the important role that fintech lenders can play. Given their existing relationships with sole proprietorships and smaller-business customers along with their strong ability to deliver services through robust online platforms, fintech lenders are particularly well placed to fill emerging gaps arising from the overextension of many traditional lenders’  and their resulting reluctance to extend PPP loans to new customers, particularly smaller business and sole proprietors.

On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) into law. Title I of the CARES Act establishes the PPP which is tasked with providing up to $349 billion in funding for loans to small businesses and other qualified applicants, using the existing Small Business Administration (SBA) 7(a) loan guaranty program, but with key differences intended to expedite the intended relief. The loans may be used to cover qualified payroll costs, rent, utilities, and interest on mortgage and other debt obligations in order to allow borrowers to maintain pre-COVID-19 employment numbers and compensation levels to their employees.

On March 31, 2020, the U.S. Department of the Treasury released guidance on various aspects of the PPP, including guidance relevant to lenders under the program.  And on April 2, 2020, the SBA enacted interim final rules.

The guidance explicitly provides that the PPP loans may be made by existing section 7(a) SBA qualified lenders, federally insured depository institutions, federally insured credit unions, and farm credit system institutions.  According to the guidance, loans can also be made by “Additional Lenders” that the Administrator and Secretary of the Treasury determine are qualified. Treasury has announced that a “broad set of additional lenders can begin making loans as soon as they are approved and enrolled in the program.”  Along with their announcement, Treasury included an Application for New Lenders.  According to the Application, however, eligible applicants appear to be limited to:

  • A federally insured depository institution; OR
  • A federally insured credit union; OR
  • A Farm Credit System institution (other than the Federal Agricultural Mortgage Corporation) that applies the requirements under the Bank Secrecy Act and its implementing regulations as a federally regulated financial institution or functionally equivalent requirements.

Requiring a new lender to fit into one of these three categories – without offering another category for qualification – would exclude a host of potential fintech companies, who are very well positioned to provide PPP loans to a pool of customers that may not be reached by traditional 7(a) SBA lenders.

The CARES Act generally directs the Administrator and Secretary of the Treasury to designate as Additional Lenders those that have the “necessary qualifications to process, close, disburse and service loans” made with the guarantee of the SBA.  The Act also provides that “the Department of the Treasury, in consultation with the Administrator, and the Chairman of the Farm Credit Administration shall establish criteria.”  Generally, a lender may not participate in the PPP if doing so would affect its safety and soundness, as determined by the Secretary of the Treasury. In addition, nonbanks must meet certain other standards, including requirements surrounding compliance with the Bank Secrecy Act, a federal anti-money laundering law.  However, the CARES Act does not include any other specific limiting criteria for Additional Lenders which might exclude fintech companies.

Many fintech lenders already meet the general standards and have established relationships with small businesses and sole proprietorships, the intended beneficiaries of the PPP. These fintech companies often also have streamlined systems and online platforms in place to efficiently extend loans remotely.

Moreover, many traditional banks, concerned about risk and the time and expense of underwriting PPP loans for new customers, may limit their PPP offerings to current clients, which will leave a host of small businesses unable to participate in the program absent the ability of other lenders, including fintechs, to participate.

With the $349 billion pool of PPP loans set to be distributed on a first-come, first-serve basis, time is of the essence. Small businesses and sole proprietorship applicants began applying for loans from participating lenders starting Friday, April 3, 2020. Independent contractors and self-employed individuals can begin applying for PPP loans on April 10. Early reports indicate that $38 billion in loan applications have already been approved by the SBA.

Given the scale of the loan program and the pressure that regulators have been under to expedite its launch, it comes as no surprise that there are still kinks to iron out. Based on our work on the PPP since the CARES Act was enacted, we are optimistic that there will be a path forward for fintechs to participate in the program and we will continue to provide guidance on this new law as updates emerge.

McGuireWoods has published additional thought leadership analyzing how companies across industries can address crucial business and legal issues related to COVID-19.

On March 18, 2020, Square Inc., became the first U.S. fintech company to receive conditional approval of an Industrial Loan Company (“ILC”) charter from the Federal Deposit Insurance Corporation (“FDIC”), to pair with its prior charter approval on March 17, 2020 from the Utah Department of Financial Institutions.  It became the first new de novo ILC charter to be approved by the FDIC in over a decade.  This comes just one day after the FDIC codified its approach to managing ILCs generally.  The ILC charter allows non-bank owned companies to provide various deposit and lending services to customers without being subject to federal bank holding company regulations.

Square Inc. was formed in 2009 as a payment services provider enabling businesses to accept card payments.  Since then, the platform has expanded its suite of services to include software and hardware products related to point-of-sale payments, merchant services, money transmission, and business financing.

With the ILC charter approval, in 2021, Square is expected to launch Square Financial Services, Inc., as an independent and direct subsidiary industrial bank, which will provide small-business loans and deposit products to Square’s customers.  According to the company, Square Financial Services will be headquartered in Salt Lake City, Utah.

The road to ILC charter approval has not been easy or swift.  ILCs are required to obtain FDIC deposit insurance.  Applications for deposit insurance are evaluated under a framework of seven factors, including the applicant’s financial history and condition, capital structure, future earnings prospects, general character and fitness of the management, as well as any risks to the Deposit Insurance Fund, the convenience and needs of the community to be served by ILC, and whether the institution’s corporate powers are consistent with the purposes of the Federal Deposit Insurance Act.

While Square received conditional approval of an ILC charter, the decision of the FDIC board was not unanimous, with one dissenter noting Square’s inconsistent profitability since its initial founding in 2009, and potential vulnerability to an economic downturn.

Given that the FDIC last approved a de novo ILC application over a decade ago, the decision signals a potential easing of regulatory resistance towards fintech companies and their mission to increase access to financial services to traditionally underserved consumers.

There are widespread expectations that the Supreme Court, following an oral argument last week, may rule that part of the law that created the CFPB is unconstitutional.  As a result, many business executives, in particular, have been asking their lawyers about the likely impact of such a ruling.  These questions have included ones like:  Could a prior CFPB action, including a settlement punishing the target of an investigation, somehow be annulled and unwound?  And what would need to happen in order to bring a lawsuit (or to take some other action) seeking an annulment like that?

These are a valid questions.  In our view, the analysis to answer them begins by focusing on what, exactly, is claimed to be unconstitutional about the CFPB.

What is the Constitutional Problem with the CFPB?

The parties challenging the CFPB’s constitutionality are focused specifically on one provision of the Dodd-Frank Act, which created the agency.  That provision insulates, to a large degree, a Senate-confirmed Director of the CFPB from removal by the President.  It does so by permitting removal only “for inefficiency, neglect of duty, or malfeasance in office,” a legal term of art often abbreviated as “for cause,” which as a practical matter makes removal by the President very unlikely.  This protection from removal makes the CFPB Director different from Cabinet secretaries, for example, whom the President may terminate at will and for any reason.

The Supreme Court has historically allowed Congress to similarly insulate the members of multi-member, staggered commissions that run agencies (like the FTC), largely on the theory that if a President disapproves of such an agency’s policy direction, he or she can soon influence the agency when the next commission spot opens up, and in any event can often designate who chairs the commission.  But challengers to the CFPB have pointed out that, where a regulator is run by a single person — which is the case with the CFPB’s Director — Congress has never tried to insulate that individual from removal at the will of the President.  And they argue that Congress’ decision to do so is an unconstitutional infringement on the President’s authority under the Constitution to direct the operations of the Executive Branch.  That is, in the case of any President who dislikes the policy or enforcement positions of a CFPB Director, the law would unduly inhibit the President’s power to influence the agency.

In the case before the Supreme Court (Seila Law), the target of a CFPB investigation has argued — and the CFPB under the Trump Administration agrees — that the limit on removal is indeed unconstitutional.  We and many other observers agree that their argument is strong.

How is the Supreme Court Likely to Remedy this (Claimed) Violation?

To date, the only appellate opinion to find the CFPB’s removal provision unconstitutional (authored by now-Justice Brent Kavanaugh) went on to hold that the proper remedy was simply to strike the provision — making the Director removable at will — without otherwise disturbing the law or the agency.

We find the reasoning of that opinion to be persuasive.  Justice Kavanaugh (then a federal appeals court judge) explained that in deciding the remedy for a constitutional violation like this, courts should begin by asking:  Is there an alternative that Congress would have preferred if it had known that the passage at issue was unconstitutional?  Justice Kavanaugh reasoned that, in the case of the Dodd-Frank Act, Congress effectively answered that question by including a “severance” provision.  The “severance” provision states that if a court finds any passage of the law to be unconstitutional, it should leave the rest of the law in place.

We think that this same remedy is the most likely outcome at the Supreme Court, if the Court in fact finds that the removal provision is unconstitutional.  The target of the CFPB investigation has argued for broader remedies — such as striking the entire law creating the CFPB and putting the agency out of business — but we think the chance the Court will do something like that is rather low.  As Justice Kavanaugh has pointed out, courts have preferred narrow remedies for constitutional violations like these, even when the law does not contain a “severability” provision.  And it is unlikely that Congress would have preferred no CFPB at all to a CFPB with a Director removable at will.  In the prior case before Justice Kavanaugh, his opinion allowed the CFPB to continue the enforcement action that generated the constitutional challenge, albeit after correcting several errors in the agency’s interpretation of an important consumer-financial law.

But What About Past CFPB Actions?

If the Supreme Court’s remedy is merely to strike the removal clause, it is fair to ask whether that result still calls into question the validity of past CFPB actions.  After all, in this scenario, prior actions would have been directed and finalized by a CFPB Director who was unconstitutionally protected from dismissal by the President.

There have been cases where courts ruled, after striking part of a law as unconstitutional, that the proper result was to invalidate prior agency actions.  However, this has not yet happened where the constitutional problem involved only the President’s power to remove an official.  And we think it unlikely that such a result would obtain here.

Cases invalidating prior agency actions have generally involved two other types of constitutional violations.  First, there have been cases where the law gave power to a government official who did not have the constitutional authority to exercise that power in the first place.  The best example is a law that directed an official under Congress’ control to exercise Executive Branch functions.

The second type of violation involved actions by government officials who were appointed to their jobs in a manner inconsistent with the Constitution.  Examples include officials appointed without Senate confirmation where the Constitution required confirmation.

What these cases have in common is that actions were taken by officers who never should have had the power to take those actions.  But that is not the case where the flaw is in a removal provision like the one involving the CFPB.  Moreover, as a practical matter, most CFPB enforcement actions – and subsequent settlements – have taken place during periods when the CFPB was led by a Director selected by the then-current President, with no indication that the President was unhappy with the Director he chose.  Thus, in opposing an argument to invalidate one of these settlements, the government would argue that the President had as much control over the CFPB Director as the Constitution provides for.

Indeed, one court remarked, in considering a similar issue involving an invalid removal provision, “We should not invalidate” the actions of a President’s own nominee by invoking that President’s “need to exercise executive authority.”  However, there was a period of about 10 months in 2017, following President Trump’s inauguration, when the CFPB was led by an Obama appointee, Richard Cordray, whom President Trump no doubt would have promptly dismissed (or whom would have resigned early) if not for the obstacle of the removal provision.

Nonetheless, the government would also have other, more basic arguments for opposing the invalidation of a past settlement, including ones based on policies against disturbing agreements on which parties have relied.  In the case of many CFPB settlements, the affected parties would include the consumers who received restitution.

In sum, we think that even if the Supreme Court finds a constitutional violation, it is unlikely that the decision will provide a basis for disturbing past agency actions (especially those from periods other than the window of Director Cordray’s work during the Trump Administration).  But we are closely monitoring the case and, in the event that the Court’s opinion does open a window to challenge prior actions, our consumer-finance and appellate teams stand ready to assist.

McGuireWoods’ CFPB and consumer-finance practitioners provide risk-based advice to large and small financial industry clients on a wide range of legal and compliance matters, defend clients subject to investigations and lawsuits, and guide FinTech and other innovators as their products and services approach the market.

McGuireWoods’ appeals and issues team works with all of the firm’s litigation and investigations departments to shape appeal strategies and responses government investigations and submissions. We develop innovative approaches to appeals and develop broader efforts to shape the law to benefit our clients over the long term.

For the first time, a U.S. fintech company is acquiring a regulated U.S. bank, which will give it access to a stable and cheaper source of funding – as well as a national bank charter.

On February 18th, LendingClub, one of the largest providers of personal loans in the U.S., announced that it will pay $185 million in cash and stock to acquire Radius Bancorp, an online bank with about $1.4 billion in assets.  The deal will allow LendingClub to offer an array of new products and diversify its revenue stream, by combining one of the leading digital loan providers with one of America’s fastest growing digital banking platforms.

LendingClub is the first fintech company to acquire a chartered bank as an entry into banking, instead of applying for a national bank charter.  Given the murky regulatory landscape, it may be a smoother path.

On July 31, 2018, the OCC announced that it would start accepting applications for special purpose national bank charters (“SPNB Charters”) from non-depository fintech companies engaged in the business of banking. The goal was to streamline the licensing process, by allowing the OCC to regulate fintech companies with a SPNB Charter.  That way, fintech companies would not have to opt between existing in the gray area where it is unclear whether they need a license, or being bogged down by the process of obtaining licenses from regulators in every state where the company operates.

State regulators responded to the OCC’s announcement with litigation.  The Conference of State Bank Supervisors and the New York State Department of Financial Services both filed lawsuits against the OCC, arguing that the SPNB Charters were beyond OCC’s statutory authority.  In May of 2019, the New York federal district court denied the OCC’s motion to dismiss the lawsuit.  In doing so, the court found that the term “business of banking,” as used in the National Banking Act, meant that only depository institutions were eligible to receive national bank charters from the OCC, and thus the OCC could not issue SPNB Charters to non-depository fintech companies.  In October of 2019, the parties stipulated to entry of final judgment in favor of the New York Department of Financial Services, and agreed to set aside the OCC regulation that would allow non-depository fintech companies to seek a SPNB Charter.  The OCC has appealed the decision, leaving an uncertain federal regulatory future for non-depository fintech companies.

By acquiring Radius Bancorp, LendingClub should be able to avoid the murky waters and sail smoothly into a new position in the marketplace, as an online lender and bank.

California and New York are taking the lead to expand consumer financial protection, in part to smooth out the ebb and flow of federal policy and enforcement at the CFPB.  Within a few days of each other, Governor Gavin Newsom of California and Governor Andrew Cuomo of New York announced proposals to expand regulatory oversight in the financial consumer protection space.

A.  California

On January 10, 2020, California Governor Newsom sent the California Legislature his 2020-21 budget, which includes a proposal to overhaul the state’s Department of Business Oversight (“DBO”), and rename it the Department of Financial Protection and Innovation (“DFPI”). The DFPI, which some observers are describing as a “mini-CFPB,” would have enhanced regulatory powers, as well as responsibility to pursue now-unsupervised financial services providers. The Governor’s Budget Summary cited the reason for the expansion as “[t]he federal government’s rollback of the CFPB,” which leaves Californians vulnerable to predatory businesses and leaves companies without the clarity they need to innovate.” Specific new activities would include, among others:

  • Licensing and examining new industries that are currently unregulated or under-regulated;
  • Protecting consumers through enforcement against unfair, deceptive, and abusive acts and practices (“UDAAPs”);
  • Establishing a new Financial Technology Innovation Office that would cultivate the responsible development of new consumer financial products.

The budget also would provide funding to administer the California Consumer Financial Protection Law. The California Legislature will now begin a detailed review of the budget, a version of which must be passed before June 15, 2020.

B. New York

On January 8, New York Governor Cuomo released his 2020 State of the State address and announced several important measures relevant to fintech and other financial services companies:

  • License requirement for debt collection companies: The Governor will propose legislation giving the New York Department of Financial Services (“NYDFS”) authority to license debt collection entities, and to examine suspected abuses via information requests and books-and-records examinations. The new oversight authority would allow the NYDFS to bring punitive actions against unscrupulous debt collectors, potentially resulting in fines or lost licenses.
  • Strengthen NY’s Consumer Protection Laws: Governor Cuomo also proposed a broad consumer protection agenda aimed at enabling New York to intervene in the absence of federal enforcement in order to protect consumers from new and predatory financial products. The agenda includes:
    • Expanded protection for NY Consumers from UDAAPs: current state law protects consumers from intentional fraud or material misrepresentations regarding financial products or services. The Governor’s proposal would enhance New York law to the level of federal law, which allows enforcement actions for a broader range of UDAAPs.
    • Elimination of exceptions: Although current NY law allows for enforcement actions, many consumer products and services are exempted. The Governor’s proposal would eliminate these exceptions.
    • Closing loopholes: Currently, entities licensed under New York’s Financial Services Law (“FSL”) are not required to pay assessments covering the cost of examinations. The Governor proposed amending the FSL to match the Insurance and Banking Law, which would require these entities to pay for examinations.
    • Fines: To deter illegal conduct, the proposal would amend the state’s law to increase fines. Instead of the current penalty of $5,000 per violation, Governor Cuomo proposed capping penalties at the greater of $5,000, or two times the damages or economic gain attributed to the violation. The FSL would also be updated to include authority for collecting restitution and damages.

*          *          *

Blending our firm’s nationally recognized financial services practice with our corporate and technology practices, McGuireWoods’ fintech practice provides practical, business-minded counsel on legal and regulatory matters relevant to financial services companies and fintech vendors alike.

FINRA’s examination program has undergone its most significant reorganization in decades. As stated in a press release, Oct. 1, 2018, FINRA’s goal for the reorganization was to “consolidate its Examination and Risk Monitoring Programs, integrating three separate programs into a single, unified program to drive more effective oversight and greater consistency, eliminate duplication and create a single point of accountability for the examination of firms.” The new look of the examination program was released, along with new management, on Dec. 12, 2019.

FINRA launches its revamped examination program with its release of its 2020 Risk Monitoring and Examination Priorities, issued on January 9th.

In 2020, FINRA is prioritizing risk monitoring, surveillance, and examination programs to further its mission of investor protection and market integrity.  The examination priorities are organized around four themes, which build on FINRA’s priorities from prior years:

  1. Sales practice and supervision;
  2. Market integrity;
  3. Financial management; and
  4. Firm operations.

One significant change in this year’s priorities letter is FINRA’s focus on providing guidance to firms – practical considerations and questions that firms should be focused on as they review their program for compliance with regulatory requirements. In the past, the letters have traditionally been a detailed description of issues and requirements. Providing practical guidance is far more valuable to firms and will aid their compliance efforts.

Sales Practice and Supervision

FINRA will continue to focus on areas it has discussed in previous annual priorities letters, including complex products, variable annuities, private placements, fixed income mark-up/mark-down disclosures, representatives acting in positions of trust or authority, and senior investors.  In addition to these areas, FINRA will evaluate firms’ compliance with obligations related to several new or emerging areas, discussed below.

Regulation Best Interest (Reg BI) and Form CRS

The SEC adopted Reg BI in June 2019, which establishes a “best interest” standard of conduct for broker-dealers.  The SEC also adopted a new form – Form CRS – which requires broker-dealers to provide a brief relationship summary to retail investors.  Firms must comply with Reg BI and Form CRS by June 30, 2020.

During the first half of 2020, FINRA plans to review firms’ preparedness for Reg BI.  After June 30, 2020, FINRA will focus on firms’ compliance with Reg BI, Form CRS, and related SEC guidance.  FINRA will work with the SEC to ensure consistency in evaluating broker-dealers and their associated persons for compliance with Reg BI and Form CRS.  FINRA’s 2020 Risk Monitoring and Examination Priorities Letter includes a list of factors FINRA may consider when reviewing firms for compliance with Reg BI.

Two of the questions posed by FINRA bear particular consideration: (1) Do your firm and your associated persons consider the express new elements of care, skill and costs when making recommendations to retail customers? (2) Do your firm and your associated persons consider reasonably available alternatives to the recommendation?  Both FINRA and the SEC have been explicit in their guidance that the Best Interest standard does not always mean the cheapest option available. That said, cost is a factor and the specific question regarding whether “reasonably available alternatives” will be an important consideration for firms. The regulators will be looking at what alternatives were available to firms to offer their customers and, if a firm chooses not to make those available, it will be important to ensure that there their review, assessment, and determinations are fully documented.

Communications with the Public

FINRA will continue to focus on firms’ compliance with obligations relating to FINRA Rule 2210 (Communications with the Public), as well as related supervisory and recordkeeping requirements.  In 2020, FINRA will expand its focus to private placement retail communications, by reviewing how firms handle retail communications regarding private placement securities via online distribution platforms, as well as traditional channels. As the SEC looks to expand retail access to private placements, firms will need to be vigilant in the manner in which these products are offered to customers.

FINRA will  also continue to focus on the challenges that the increasingly broad array of digital communications (i.e., texting, messaging, social media, or collaboration applications) pose to firms’ ability to comply with obligations related to the review and retention of such communications.

Cash Management and Bank Sweep Programs

FINRA recognizes that as commission practices change, cash management services that sweep investor cash into firms’ affiliated or partner banks or money market funds have taken on a greater significance. Bank Sweep Programs are offering more services to retail investors (such as check-writing, debit cards, and ATM withdrawals.  These added features raise concerns about firms’ compliance with a range of FINRA and SEC rules.  FINRA will therefore focus on firms’ compliance with such rules in the context of Bank Sweep Programs. Further, to the extent that firms benefit from these programs and, with commissions dropping and or going away in some instances, regulatory review of fees involved in providing services will increase, reviewing such areas as conflicts, disclosure, fairness, etc.

Sales of Initial Public Offering (IPO) Shares

In light of the growth of the IPO market over the past year, FINRA will focus on firms’ obligations under FINRA Rules 5130 (Restrictions on the Purchase and Sale of Initial Equity Public Offerings) and 5131 (New Issue Allocations and Distributions).

Trading Authorization

This year, FINRA will also focus on whether firms maintain reasonable supervisory systems relating to trading authorization, discretionary accounts, and key transaction descriptors.  It will review whether these supervisory systems are designed to detect and address registered representatives exercising discretion without written authorization from the client.

Market Integrity

FINRA will continue to review compliance with the ongoing obligations related to market manipulation, Trade Report and Compliance Engine (TRACE) reporting, short sales, and short tenders.  Certain firms will be required to begin reporting to the Consolidated Audit Trail (CAT) in April 2020, and that FINRA will work with those firms as they prepare for reporting.  The FINRA Letter reminds firms to continue devoting resources to ensure accuracy in their Order Audit Trail System (OATS) reporting, because OATS remains a critical part of the audit trail data that FINRA uses to meet its regulatory obligations.

In 2020, FINRA expects to focus on the following additional areas to promote market integrity:

  1. Direct market access controls;
  2. Best execution;
  3. Disclosure of order routing information; and
  4. Vendor display rule.

Financial Management

Firms can expect FINRA to continue its focus on compliance programs relating to Exchange Act Rule 15c3-3 (Customer Protection Rule) and Exchange Act Rule 15c3-1 (Net Capital Rule), as well as firms’ overall financial risk management programs.  FINRA has identified the following new areas of focus for 2020:

  1. Digital assets;
  2. Liquidity management;
  3. Contractual commitment arising from underwriting activities; and
  4. London Interbank Offered Rate (LIBOR) transition.

Firm Operations

As firms increasingly rely on technology for business systems and customer-facing activities, cybersecurity has become a large operational risk.  As such, FINRA will focus on cybersecurity and technology governance in 2020.  Specifically, firms should expect FINRA to assess whether their policies and procedures are designed to protect customer information and whether they are implementing controls appropriate to their business model and scale of operations.  FINRA will also ensure firms’ compliance with FINRA Rules 4370 (Business Continuity Plans and Emergency Contact Information), 3110 (Supervision), and 4511 (General Requirements), as well as Exchange Act Rules 17a-3 and 17a-4.

In terms of technology governance, it continues to be important for firms to ensure that all of the right stakeholders are at the table when new technology is being implemented or current technology modified. Often technological solutions are implemented to address an issue and there are unintended consequences creating regulatory gaps. Having compliance and risk at the table as these decisions are being made can often go a long way to mitigating that risk.

Conclusion

FINRA’s examination priorities for 2020 will largely follow prior focus areas, emphasizing firms’ compliance in important areas such as systems for supervision, sales practice risks, anti-money laundering and fraud, insider trading, and manipulation across markets and products.  New this year is an emphasis on Reg BI and Form CRS, as well as issues related to communications with the public, cash management and bank sweep programs, direct market access controls, best execution, disclosure of order routing information, and cybersecurity.

To support firms in their efforts to comply with federal securities laws and regulations, as well as FINRA rules, the 2020 Risk Monitoring and Examination Priorities Letter includes a list of practical considerations and questions for each topic, which may be helpful to firms in evaluating the state of their compliance, supervisory, and risk management programs.

On January 7, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released its 2020 examination priorities.  OCIE is prioritizing practices, products, and services that it believes present heightened risks to investors or market integrity.  The examination priorities are organized around seven themes, many of which build on OCIE’s priorities from prior years:

  1. Retail investor protection, including seniors and those saving for retirement;
  2. Market infrastructure;
  3. Information security;
  4. Focus areas relating to investment advisers, investment companies, broker-dealers, and municipal advisors;
  5. Anti-money laundering programs (AML);
  6. Financial technology (Fintech) and innovation, including digital assets and electronic investment advice; and
  7. Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).

Retail Investor Protection, Including Seniors and Those Saving for Retirement

Continuing with the trend in recent years, OCIE will focus on recommendations and advice given to retail investors, with a particular focus on seniors and those saving for retirement.  The examinations will focus on intermediaries that serve retail investors—namely, registered investment advisers (RIAs), broker-dealers, and dually-registered firms—and on investments marketed to, or designed for retail investors, such as mutual funds and exchange-traded funds (ETFs), municipal securities and other fixed income securities, and microcap securities.  OCIE will also focus on higher risk products, such as those that:

  • are complex or non-transparent;
  • have high fees and expenses; or
  • where an issuer is affiliated with or related to the registered firm making the recommendation.

OCIE acknowledged the impact that Regulation Best Interest and Form CRS will have on retail investors.  In order to help broker-dealers with the June 30, 2020 compliance date for Regulation Best Interest and Form CRS, OCIE will engage with broker-dealers during the exam process to answer questions they may have concerning implementation of the new rules.

With regard to RIAs as fiduciaries, OCIE will focus on whether they have fulfilled their duties of care and loyalty by providing advice in the best interests of their clients and eliminating—or at least exposing—conflicts of interest.  Fees and expenses, as well as undisclosed—or inadequately disclosed—compensation arrangements, will likely continue as focus areas.

 Information Security

 In 2020, OCIE examiners will focus on:

  • Governance and risk management;
  • Access controls;
  • Data loss prevention;
  • Vendor management;
  • Training; and
  • Incident response and resiliency.

As in past years, these focus areas will allow OCIE to prioritize cyber and other information securities risks in each of its five examination programs.  Examinations will focus on proper configuration of network storage devices, information security governance generally, retail trading information security, and RIAs’ protection of clients’ personal financial information.  With respect to third-party and vendor risk management, OCIE will focus on oversight related to certain service providers.

 Fintech and Innovation, Including Digital Assets and Electronic Investment Advice

 Recognizing that advancements in financial technologies, methods of capital formation and market structures, and registered firms’ use of new sources of data warrant ongoing attention and review, OCIE has placed particular emphasis on Fintech and Innovation in 2020.

In the digital asset space, OCIE will continue to assess: (1) suitability; (2) portfolio management and trading practices; (3) safety of client funds and assets; (4) pricing and valuation; (5) effectiveness of compliance programs and controls; and (6) supervision of employee outside business activities.

With regard to “robo-advisers” or automated investment tools and platforms, OCIE will continue its focus on:

  • Registration;
  • Cybersecurity policies and procedures;
  • Marketing;
  • Fiduciary duty, including adequacy of disclosures; and
  • Effectiveness of compliance programs.

Additional Focus Areas Relating to Investment Advisers, Investment Companies, Broker-Dealers, and Municipal Advisors

 These registrants can expect OCIE to continue its risk-based examinations in 2020.

  • New RIAs and RIAs registered for several years that have yet to be examined should expect to become areas of focus for OCIE in 2020.
  • Investment companies can expect examinations focusing on mutual funds and ETFs, RIA activity, and oversight practices.
  • Broker-dealer examinations will focus on recent rulemaking and trading practices, and
  • Municipal advisor examinations will include registration and continuing education requirements, as well as fiduciary duty obligations.

 Anti-Money Laundering

 AML is a repeat priority for OCIE as it is for all regulators in the financial industry regulatory space.  In 2020, OCIE will examine whether broker-dealer and investment companies are complying with their AML obligations.  OCIE notes four areas of review:

  • customer identification programs and SAR filing obligations;
  • customer due diligence;
  • compliance with beneficial ownership requirements; and
  • timely and robust independent testing of AML programs.

 Market Infrastructure

 With respect to market infrastructure, OCIE will continue examinations of entities providing services critical to market infrastructure, including clearing agencies, national securities exchanges, alternative trading systems, and transfer agents.  Particular attention will be given to the security and resiliency of entities’ systems.

Conclusion

OCIE’s examination priorities for 2020 will largely follow prior focus areas, emphasizing the protection of retail investors with particular focus on fee disclosures, senior investors, and retirement accounts.  OCIE will also continue to examine firms’ abilities to manage risk associated with cybersecurity breaches, money laundering, and digital assets and electronic investment advice.  Finally, regulated firms are reminded that the examination priorities identified are not exhaustive and that OCIE will continue to conduct examinations determined through a risk-based approach that includes analysis of an entity’s history, operations, services, products offered, and other factors.