Protiviti Director Tom Giltrow, from our Risk and Compliance practice, offers a deeper perspective on some of the topics covered in a recent edition of Protiviti’s Compliance Insights newsletter. Listen below. Full transcript follows.
Compliance Insights Podcast
September 27, 2018 at 11:36 AM
Kevin Donahue: Hello, and welcome to a new installment of Powerful Insights. This is Kevin Donahue, a Senior Director with Protiviti’s marketing group, and I’m pleased to be talking today with Thomas Giltrow. Tom is a leader and Director with our Risk and Compliance practice, and he and I are going to be talking a bit about some of the topics covered in the latest issue of Compliance Insights, our monthly newsletter covering key topics around regulatory compliance for primarily the financial services industry. Tom, it’s great to speak with you today.
Thomas Giltrow: Hey, thanks Kevin. Glad to be here today.
Kevin Donahue: Tom, to kick things off, we lead off our newsletter with information that the OCC will start to accept charter applications from fintech companies. This comes despite some concerns among state regulators and traditional financial institutions. What does this mean for fintechs?
Thomas Giltrow: Well, that’s a great question. I’d say this has really been a couple of years in the making. The opposition or the resistance from those state regulators still hasn’t gone away completely, although the OCC did announce that they’d start to accept these applications for the special charter. In fact, I’d also note that they’re on their way to court currently as the New York Department of Financial Services has filed a lawsuit based on this charter specifically. I’d say a few things, in considering just the special purpose applications, fintech firms have generally operated a bit more of the Wild West environment. They haven’t been subject to the same level or regulatory scrutiny as some of their traditional banking peers. It’s allowed them some flexibility and innovation, and it allows them to bring unique products to market, but this new charter would bring them into the same fold as their traditional banking peers and subject to really a new level of scrutiny, and some of those traditional banking requirements and expectations. I think for the application process itself, the OCC did issue a licensing manual supplement, which helps to outline the specific steps and the expectations that they’re going to look for for these institutions. I’ll note that they say they’re going to tailor their expectations accordingly, based on the complexity, size, and nature of the operations of those institutions that apply for the charter. At the same time, any fintechs that are applying for this charter have to come prepared and be ready for a new level of scrutiny of their business plans, their contingency plans, or financial stresses – that includes capital, liquidity, risk management. They need to be able to demonstrate a commitment to financial inclusion and really be prepared to expose themselves to a whole new level of regulatory scrutiny. We’ll see where the courts land on this. We do expect more lawsuits to be filed and for the OCC’s authority in this space to be challenged going forward. The one thing that I would note is that fintechs applying for this special charter going forward, the application process is part of the work but if it’s accepted it’s going to be a whole new work stream altogether. Definitely changes the face of how they’re regulated going forward.
Kevin Donahue: Tom, another related question regarding fintechs again. The Treasury came out with a number of recommendations to ease the regulatory burden and allow innovation in banking. What do you see these activities or these recommendations encouraging among fintechs and other financial services organizations?
Thomas Giltrow: More than anything, that report is really geared towards encouraging innovation in general, and they highlight a few specific themes, Kevin. I’d say more than anything, they want to re-align the regulatory framework and they actually promote and recommend that the OCC continue to pursue the special purpose charter that we just spoke about, but really making sure that for fintechs in general that the regulatory framework today is better aligned and that we’re not inhibiting innovation within the financial services sector. They highlighted a few areas that we’ll talk about it here today – I think more than anything, as we think about the nature of fintech innovation today in the space of artificial intelligence, machine learning, the advent of digital identities, these could pose entirely new wrinkles to what’s been a pretty traditional regulatory model that was built on and really designed to govern regulatory risks and consumer protection within a traditional banking space. As we think about how the current regulatory environment applies and perhaps, in some cases, inhibits financial innovation, the Treasury’s recommendations were really centered on “How do we roll back, or adjust, or tailor those specific requirements to make this environment more palatable and encourage financial innovation across the board?” They suggested the idea of a regulatory sandbox, which would help to allow institutions to experiment with new technologies, programs, products and services, that would provide a bit of a safe harbor and help to partner with the regulatory agencies in bringing those to market. I would add that they make the comment in a few cases, there are a few spaces that they want to revisit – what they see as potentially burdensome regulatory requirements, and those tend to fall in credit modeling, so using advanced analytics, machine learning in that space to come to predictive decisions. Debt collection is another one they brought to bear, student lending. It’s interesting because all of those areas today are definitely an area of heightened regulatory scrutiny in general and pose significant risk to consumers. All you have to do is read the headlines to know that an entire generation is struggling with student lending and claims in some cases to have unfair loan servicing or origination practices. It’ll be interesting to see how the Treasury’s recommendations actually take hold, and what agencies take heed in these recommendations and actually make legislative changes as a result of them. Today, they are exactly what they are in the report, just recommendations, but it’s a great indicator and a meter in terms of where the Treasury is headed that could result in further regulation by the OCC down the road.
Kevin Donahue: Interesting, Tom. Thanks. Let’s switch gears a little bit and talk about some of the sanctions that have been placed on Iran. The re-imposing of these sanctions by the U.S. government complicates transactions with countries that continue to do business with Iran, for example, under European Union law. How critical of an issue is this for financial institutions to address?
Thomas Giltrow: It’s absolutely critical. The sanctions environment, as I’m sure you’re aware, has been anything but dull lately. There seem to be changes on a monthly basis these days based on this administration’s foreign policy, but as soon as these sanctions become effective, institutions must immediately comply with them. In this case, what’s interesting about the Iranian sanctions is that there are effectively two waves of sanctions that were implemented. The first wave, which became effective shortly after the executive order that announced them, related to transactions occurring in the U.S. Then secondly, forthcoming in early November is another wave of sanctions that relate to transactions that occur with companies that do business with Iran or do business in Iran. It’s really a secondary level of sanctioning here that can be complex for financial institutions to come up to speed with, and it requires financial institutions to really do their due diligence and to understand for their customers which of them may be processing financial transactions with Iran, maybe doing business there, and understanding that ownership structure and the nature of those transactions in a greater level of detail than a more straightforward sanctions requirement would entail. Absolutely critical, Kevin, to answer your question in short, and I think institutions should be highly prioritizing these changes and making sure that they have the right information available to comply with these sanctions effective November 4.
Kevin Donahue: Tom, I also wanted to ask you about online lending. Specifically, the New York Department of Financial Services recently issued its report of online lending and its recommendations appear to be targeting some of the online lending practices that circumvent the state’s usury laws. What are the Department’s key concerns here?
Thomas Giltrow: It’s a great question. I think it’s really interesting, actually. The NYDFS issued a survey that informed the result of this report. One of the key facts that came out of that survey is that they were identifying institutions that were making loans to consumers or small businesses in the amount of APRs up to 25% and 62% respectively – much higher than the usury caps within the State of New York. Now, there’s an interesting loophole today that allows online lenders that may be based out of New York to partner with out-of-state banks and import the allowable interest rates from those other states, which may be a lot higher than what New York state permits within its borders. In many of those cases, the institutions are doing those partnerships simply to take advantage of that rate, and even the online lenders themselves still carry the bulk of the marketing, processing, account origination activities today. The NYDFS has targeted that practice and it’s not the only one in their report that they’ve highlighted, but one that I thought was particularly interesting is an area that they seek to better enforce and look to have expanded supervisory authority going forward. So really, that report is a bit of a call to the state legislators to say, “Expand our authority. Give us the chance to prevent these practices going forward because it’s creating an uneven playing field within our state borders and for institutions that aren’t taking advantage of this loophole today. They’re circumventing some of our state requirements.”
Kevin Donahue: Thanks, Tom. I want to remind our audience that you can find the latest issue of our Compliance Insights newsletter as well as prior editions at protiviti.com/compliance-insights. Tom, to close out our discussion today, I want to bring up a final question regarding a recent announcement or news from the Bureau of Consumer Financial Protection. The Bureau recently settled with a large multinational institution regarding failures to comply with interest rate re-evaluation requirements, or Regulation Z. My question is, what lessons should other financial services firms take away from this?
Thomas Giltrow: That’s a good question. There are a number of key lessons here, and I think one really important one in terms of how the Bureau heeds self-reported activity that I’d like to address. I would say, first of all, the unique circumstances of this enforcement action are that the institution itself actually came forward to the Bureau, having identified a deficiency of their own. Specifically, this relates to requirements that became effective back in 2010, and they identified that they took over a year to implement those effectively and that they hadn’t, as a result, revisited certain APRs for consumers that had been increased based on market and other standards. There was some consumer impact involved. They identified that in 2016, brought it to the regulators’ attention, and what we see overall is a bit more favorable treatment from the Bureau based on the fact that they self-reported that. There’s still a large dollar amount associated with the remediation that is required to make whole the interest rate reduction they didn’t make available to consumers. I believe that tallied to the amount of $335 million, so certainly not small by any means, but what is notable is that the Bureau didn’t impose also an additional similar monetary penalty and simply required them to make good those consumers that were harmed and to improve their policies and practices in the space.
The number one lesson that I highlight for financial institutions is it’s important to have a second and third line of defense that can help you to identify those internal deficiencies, and more importantly, to be forthcoming with regulatory agencies. Those issues are going to come to light, eventually. By proactively disclosing those, you can put yourself in a position to more favorably remediate those, and in some cases with lower or no civil monetary penalties at all. I think the other thing that just bears repeating but is likely pretty obvious is that change management practices are critically important. As new regulatory changes come to bear, institutions need to proactively plan for it, make sure they have the right resources, appropriate technology teed up to address those changes. In this case, the institution was a full year behind in implementing the changes that came to light in 2010, and anytime you fail to address regulatory change timely, you’re exposing yourself on all fronts. Change management plays a critical role in identifying those upfront and making sure the right controls, right personnel, and the right technologies are in place to implement.
Kevin Donahue: Tom, it’s been great to speak with you today. Thanks for sharing your insights on some of the topics we covered in our latest edition of our Compliance Insights newsletter. Again, I want to remind our audience to visit protiviti.com/compliance-insights where you can find the latest copy of this newsletter as well as prior editions.