Fintech Regulations and What You Need to Know

Enjoy the tacos and drinks! We’ll start the presentation at 7pm.

#CommerceInnovated

2

Commerce.Innovated. Program Overview

• Joint accelerator program run by SVB and MasterCard

oSeed stage startups innovating in commerce, payments, and fintech

oTwo classes annually (fall/spring)

o4-6 companies selected per class

• Program offering consists of operational mentorship and consulting – fully customized for each startup

• Unique ‘golden phone’ access

3

What We Look For In Companies

1) Innovating in the commerce, payments, and fintech ecosystem oSolution makes life easier, safer or better for a consumer or business

2) More than just a simple idea oHas live or planned beta of an initial solution, have seed funding secured, and

plan to raise Series A

3) Putting the bottom line first o First paying customer is locked in or being on-boarded

4) Strong team foundation oAssembled a core team with the vision and rock star brain trust you’ll need for

success

4

Past Commerce.Innovated. classes

Spring 2014 Fall 2014

Simplified marketplace selling (SF)

Mobile point of sale solutions (NYC)

Digital wallets (NYC)

Group payments (SF)

Digital wallets (NYC)

Expense sharing (BOS)

Digital commercial banking (SF)

Gift card conversion (NYC)

B2B referral network (NY)

Card adaptive controls (SV)

Spring 2015

Simplified marketplace selling (SF)

B2B eCommerce (MN)

B2B referral network (NY)

Card adaptive controls (SV)

5

Current Class – Spring 2016

An API to Know Your Customers, simplifying customer data for financial services companies Based in NYC

Compliance Solutions Location Analytics

On a mission to map the world and enable next generation commerce

Decentralized authentication platform for the post-password era and Internet of Things Based in SF

Authentication Solutions Consumer Credit

Instant access to digital consumer credit without a traditional credit report Based in LA

6

Next Class – Fall 2016

Applications open for the next

Commerce.Innovated. class in

April 2016

7

Andy Lorentz Partner, Financial Services, Prepaid and Emerging Payments

Davis Wright Tremaine LLP

Washington, D.C.

March 21, 2016

Business of banking / Deposit-Taking

Truth in Lending Act / Reg Z

Reg

ulat

ion

B

Bank Secrecy Act

OFAC Reg D

Truth in Savings Act

Regulation II

Gramm-Leach-Bliley Act Fair Credit Reporting Act

Data breach/security FDIC Deposit Insurance

E-SIGN Act

Unfair, Deceptive or Abusive Acts and Practices Laws

State Money Transmitter Laws

State Privacy and Security Statutes

Card brand rules Gift

car

d

Anti-Money Laundering Compliance

OFAC

TISA/Reg DD

Reg CC

Escheat

Durbin Amendment Identity-Theft Red Flags

Check 21

Truth in Billing Electronic Fund Transfer Act / Regulation E

Regulation DD

Navigating the financial services maze

8

9

What Activities Trigger Regulation in Fintech?

Some Key Product & Service Scenarios: 1. You’re touching money intended for others. 2. You provide services to (or partner with) a bank. 3. You extend credit to consumers or small businesses. 4. You collect or share personal financial information. 5. You offer funds transfer, gift cards or remittance services to

consumers. 6. You hold other people’s property.

10

6 Product and Service Scenarios

1. You’re touching money intended for others.

11

State Money Transmitter Laws

Issue: Transmitting money or selling or issuing open-loop payment instruments requires a license in each state in which that activity is conducted. Sweeping scope:

Very broad statutory provisions and (sometimes) interpretations

Uniform Money Services Act: Are you offering a “medium of exchange”?

12

State Money Transmitter Laws

California: “If you are taking money from A to give to B” “Payment processor”/ “payee-agent” exception Federal money transmitter regulation does NOT preempt state money transmitter laws Price of working in payments: (almost) every solution involves a depository institution or a licensed institution or a licensed money transmitter – somewhere! May act as agent of licensed money transmitter

13

6 Product and Service Scenarios

2. You provide services to (or partner with) a bank.

14

Bank Outsourcing Guidance

Issue: Innovation frequently involves outsourcing or partnering with other parties. Financial institutions are accountable to their regulators for the acts of their service providers. Fintech companies may, in some cases, be viewed as service

providers as they perform critical functions for financial institutions

Key Takeaway: Critically examine relationships and assess whether a party is providing a critical service to a financial institution. If so, analyze which regulatory requirements may be implicated and would need to be addressed operationally and/or in agreement.

15

6 Product and Service Scenarios

3. You extend credit to consumers or small businesses.

16

Federal and State Lending Laws

Issue: Extending credit to consumers is among the most heavily regulated areas of retail financial services Truth in Lending Act/Regulation Z- disclosures and limitations on

cardholder liability Equal Credit Opportunity Act/Regulation B – credit discrimination

based on prohibited factors [applies to businesses too!] State licensed lending laws – licensing for high-interest loans State loan broker laws – negotiating or facilitating loans; fee

regulation State and federal credit repair laws Usury laws and exportation of maximum interest rates State Retail Installment Sales Acts Bank Secrecy Act regulations

17

6 Product and Service Scenarios

4. You collect or share personal financial information.

18

Gramm-Leach-Bliley Act (GLBA)

Issue: GLBA regulates the collection, disclosure and safeguarding of “nonpublic personal information” by any “financial institution” that is “significantly engaged” in providing a “financial product or service” to consumers

Are you a “financial institution”? Section 4(k) of the Bank Holding

Company Act of 1956: (A) Lending, exchanging,

transferring, investing for others, or safeguarding money or securities.

19

Gramm-Leach-Bliley Act (GLBA)

What consumer data is covered by GLBA? (i) Personally identifiable financial information (PIFI); and (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any PIFI that is not publicly available.

Customer v. Consumer Distinction A customer has an ongoing relationship with the financial institution

Notice and Opt-Out Requirements Initial and annual privacy notices required for customers, possibly a revised notice too Opt-out is also required if a financial institution discloses nonpublic personal information to any non-affiliate outside of exceptions

20

6 Product and Service Scenarios 5. You offer funds transfer, gift card or remittance services to consumers.

21

Electronic Fund Transfer Act/Regulation E Issue: Consumer protection law covers many different types of consumer electronic fund transfers, including: Transfers to and from consumer asset accounts

Includes debit cards and ACH Doesn’t include pooled custodial

accounts Gift cards(both open- and closed-loop)and gift certificates International remittance transfers Proposed prepaid card rule Payroll and government benefits cards ATM transactions

22

Electronic Fund Transfer Act/Regulation E

Regulation E Requirements: Disclosures

May include periodic statements, receipts and/or pre-transaction disclosures or notifications

Limits on Liability Caps consumer liability for reported fraudulent, unauthorized or erroneous transactions Holder of account must investigate and determine if an “error” has occurred

Preauthorized transfers Special notice and consent requirements applicable to transactions authorized in advance

Transaction restrictions Fee and expiration date restrictions for gift cards

23

6 Product and Service Scenarios 6. You hold other people’s property.

24

Unclaimed Property Laws

Issue: State unclaimed property laws require a holder to report and pay abandoned property to the state after its “dormancy period” Purpose is to generate revenue for the state ***reunite lost property with its true owner*** Escheat priority rules and “Giftcos”

Rule 1: State of residence of owner Rule 2: State of domicile of holder Rule 3: Place of transaction Struck down by New Jersey Retail Merchants Association v. Sidamon-Eristof, verdict upheld by Third Circuit

25

Unclaimed Property Laws

Effect of anonymous property Accounting for “breakage” NJ law imposing “third priority” rule (place of transaction) was struck down as effectively overriding the second priority rule Also imposed zip code collection requirement on sellers of gift cards (which might bring the first priority rule into play), but backed down after major gift card distributors threatened to boycott NJ

Pending Delaware qui tam action against “Giftco” structure – seeks treble damages for unreported gift card balances.

26

What’s Next in Fintech Regulation?

Regulatory Scrutiny on Marketplace Lending: In July 2015, the Department of Treasury issued an RFI seeking information about marketplace lending In March 2016, the CFPB began to collect consumer complaints regarding marketplace lending, potentially signaling future enforcement activity In 2015, the CFPB issued a proposed framework for regulating installment loans

The proposed rule will obligate lenders to assess borrowers’ ability to repay for short term (<= 45 days) and longer term, high interest loans (> 36% APR)

27

Increase in UDAAP Actions

Regulators (CFPB, FTC, Fed and FDIC) have been especially active in this area in recent years CFPB brought approximately 40 UDAAP enforcement actions in 2015 60% increase from previous year

Detailed Survey of UDAAP Actions: http://www.paymentlawadvisor. com/2016/02/08/our-latest- survey-of-udaap-activity/

28

Resources for Fintech Compliance

The Payment Law Advisor: http://www.paymentlawadvisor.com/ The Consumer Financial Protection Bureau (CFPB): http://consumerfinance.gov OCC Risk Management Guidance on Third-Party Relationships (October 2013), OCC Bulletin 2013-29 FFIEC Handbooks FDIC Financial Institution Letter 44- 2008

29

Disclaimer

This presentation is a publication of Davis Wright Tremaine LLP. Our purpose in making this presentation is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Attorney advertising. Prior results do not guarantee a similar outcome. Davis Wright Tremaine, the D logo, and Defining Success Together are registered trademarks of Davis Wright Tremaine LLP. © 2014 Davis Wright Tremaine LLP.

29

30

Contact info

Andrew J. Lorentz Partner andrewlorentz@dwt.com Washington, D.C. 202.973.4232 @paymentLAWadv

31

Panelists

Moderator :

Tommy Nicholas, Co-Founder, Alloy.co

Panelists:

Wren York, Director High Risk Business Operations, SVB

Andrew Lorentz, Partner, Davis Wright Tremaine LLP

Dan Quan, Senior Advisor to the Director of the CFPB and Head of Project Catalyst

#CommerceInnovated

Questions?