Monthly Fintech 5 Newsletter - November 2024

1) California Announces Rulemaking Regarding Earned Wage Access Programs

On October 11, the California Department of Financial Protection and Innovation (DFPI) announced a Final Rule regarding earned wage access (EWA) programs that classifies them as loans under the California Financing Law (CFL). The rule requires that EWA providers register with DFPI although exempts registered entities from needing a CFL license. Importantly, the rule defines EWA advances as “loans” subject to significant limitations on express fees, tips, and subscriptions. EWA providers will need to evaluate their revenue models immediately to determine if they need to make changes; there may be a limited number of compliant methods for navigating the new fee caps. The rule will take effect in February 2025.

2) CFPB Issues Rulemaking on Personal Financial Data Rights

On October 22, the Consumer Financial Protection Bureau (CFPB) issued a Final Rule regarding personal financial data rights as established under the Consumer Financial Protection Act of 2010 (CFPA). The rule requires deposit account providers, credit card issuers, and digital wallet providers to make certain consumer financial data available through an API. To access the API, fintechs will need to provide specific disclosures to their users and obtain certifications from them, as well as meet certain compliance and information security standards. Additionally, fintechs accessing bank, wallet, or card data will need to limit the data they collect to only that necessary to provide the requested product or service and obtain standalone consent for any marketing use or data sale of consumer financial data. Finally, fintechs will need to get reauthorization for continued access each year, as well as providing users a way to revoke access. Forcht Bank, N.A., the Kentucky Bankers Association, and the Bank Policy Institute have filed a declaratory judgment action to invalidate the rule in the U.S. District Court for the Eastern District of Kentucky. Fintechs accessing consumer financial data should consider what operational changes they need to implement to obtain valid authorization/certification, limit data intake, and operationalize a revocation of access.

3)  Agencies Increase Scrutiny of Bank Contracts with Fintechs

On October 17, the Office of the Comptroller of the Currency (OCC) announced an enforcement action against Axiom Bank of Maitland, Florida related to Bank Secrecy Act/Anti-Money Laundering (BSA/AML) concerns stemming from its fintech partnerships. This comes after the Federal Deposit Insurance Corporation (FDIC) announced a similar BSA/AML consent order Sutton Bank, as well as a more generalized consent order with Piermont Bank related to third-party oversight earlier this year. The OCC has prohibited Axiom from making any new partnerships during this time. These enforcement actions come as part of the regulators’ greater interest in risk-monitoring involving multiple organizations.

4) Financial Technology Association Sues CFPB Over “Buy Now, Pay Later” Rule

On October 18, the Financial Technology Association (FTA) filed suit in the District Court for the District of Columbia against the CFPB over the “buy now, pay later” (BNPL) interpretative rule issued in May. The rule states that BNPL programs involving digital user accounts are credit cards, making BNPL providers card issuers under Regulation Z. FTA’s suit challenges the interpretative process, alleging that the CFPB skipped over the required notice and comment process under the Administrative Procedure Act. Additionally, the FTA argued that the rule is arbitrary and capricious, exceeds the CFPB’s authority because it contravenes the Truth in Lending Act’s (TILA) requirements and imposes obligations beyond the scope of TILA. If BNPL programs are considered Regulation Z cards, those programs will now have to provide notice for any changes in term, new disclosure requirements, payment cut-off times, and fee limitations. Operationally, this will require that the BNPL programs consider the consumer’s ability to pay, limitations of increasing APRs, fees, and charges, in addition to general Regulation Z compliance.

5) FTC Issues Final “Click-to-Cancel” Rule / Negative Option Rule

On October 16, the Federal Trade Commission (FTC) issued the final Negative Option Rule. This rule applies to all negative option programs which includes subscriptions or memberships that auto-renew or otherwise do not expire until affirmatively cancelled. While it is primarily touted as a rule requiring a “click to cancel” feature to make it easier for consumers to cancel their enrollment, the more significant aspect of the rule is likely the new disclosure requirements and expansion of liability associated with subscription services. The rule requires: (1) disclosures of all “material terms” of both the negative option feature and all products and services underlying the negative option feature before subscription sign-up; (2) specific pre-sign up disclosures for recurring payments, deadlines to stop charges, costs, billing dates, and cancellation methods; (3) unambiguous affirmative consent (i.e., a checkbox) for the negative option feature; and (4) a simple cancellation mechanism that must be “as easy as” sign-up and that immediately halts all recurring charges. The rule will allow the FTC to recover monetary redress for harmed consumers not just for issues with subscription fees, but also unfair or deceptive practices related to underlying products and services—an ability that had been previously hampered by relatively recent Supreme Court precedent. The Electronic Security Association, the Interactive Advertising Bureau, and NCTA – The Internet & Television Association have filed a petition for review in the U.S. Court of Appeals for the Fifth Circuit, challenging the rule’s validity.

This article is for general information purposes and is not intended to be and should not be taken as legal advice.

Download a PDF copy of our monthly Fintech 5 Newsletter here.

Questions?

If you’d like to discuss any of these issues or have any questions, please reach out to Partner and head of the Fintech group, Chris Napier.

SIGN UP FOR UPDATES

Never miss our news, insights or events.

FEATURED NEWS