Remember this time last year? It was all-hands-on-deck for GDPR. Everyone working overtime to resolve a myriad of deployment details. Luckily, we don’t anticipate a regulatory compliance event of that scale in 2019. However, it’s important to understand the impact of the new rules on your individual lending operation, because smaller enterprises may be exempt from many of the new guidelines.
Compliance will continue to be a challenge in 2019, especially for the small to midsize lenders who struggle just to keep up with the changes. Regulatory agencies publish a new alert every 7 minutes. That’s more than 200 notices per day. According to the Thomson Reuters report Cost of Compliance 2018, “Compliance practitioners identify managing and coping with continuing regulatory change as their biggest challenge.” Their survey found that the typical compliance officer spends 19% of their time analyzing regulatory developments and updating internal policies and procedures. That’s one full day of each and every week devoted to one single activity. And lenders who invest in regtech software or a lending-as-a-service (LaaS) platform gain substantial efficiencies in this area.
Worldwide most lenders will see calmer regulatory seas in the coming year. The exception is the United States where there is bipartisan Congressional support for a US version of GDPR. The two major political parties have finally found common ground in their reaction to the data privacy disaster that started with Facebook and continued with Google. Senator John Thune, the Commerce Committee Chairman (and second ranking Republican in the Senate) telegraphed their intentions in a Wall Street Journal article saying, “…industry self-regulation is no longer sufficient to protect users’ privacy.” On a positive note the US Congress has passed sweeping new legislation designed to reduce the regulatory burden on banks and lenders.
Two overarching themes emerge when we sift through all the individual regulatory compliance issues – cybersecurity and fintech. Cybersecurity because it’s the firewall that protects the enormous amount of sensitive personal information we collect, house and analyze. And fintech because it’s the technology we use to store this data, transfer it across digital platforms, analyze it for credit decisions, transfer funds across online platforms and mobile apps, and manage the data for payments processing as well as upsell/cross sell campaigns.
SEC Cyber Unit
Most Securities and Exchange Commission (SEC) rules are aimed at trading platforms and initial coin offerings (ICOs). However, there is a number of SEC rules governing digital assets that could impact alternative lenders. These are the rules governing cybersecurity, safe online storage of sensitive personal data, and digital funds transfers.
The new Cyber Unit at the SEC is a rather aggressive group that just completed its first full year of operation. As of early November they have already filed 20 standalone cases with an additional 225 active investigations in the pipeline. Their early casualty was Yahoo when they got hit with a $35 million fine. The penalty was imposed after the platform failed to protect user data during two separate data breaches in which personal information belonging to billions of users was compromised. In addition, Yahoo agreed to pay $50 million in damages to 200 million users in the US and Israel.
Fintech – double-edged sword
Fintech may be the single most important advancement the financial category has ever seen, but it’s a double-edged sword. The speed and machine learning that leads to faster, better credit decisions also creates systems vulnerabilities that hackers can and do exploit on a regular basis. Law enforcement has been ineffective when it comes to preventing breaches, which is why data protection will remain a top regulatory priority into the foreseeable future.
A new development when it comes to enforcement policy is personal liability. Steven Peikin, Co-Director, Enforcement Division at the SEC was quoted during a speech at New York University School of Law, “I view individual accountability as the most effective general deterrent…preventing misconduct before it starts.” This SEC position is especially troubling for alternative lenders. Their entrepreneurial business model makes them more vulnerable to this type of enforcement action compared to a big bank, because they tend to manage regulatory compliance with a small or outsourced staff.
[related-solutions]
Dodd Frank Act recalibrated
Conservative legislators in the US collaborated with bank industry analysts to develop a cost benefit analysis on the Dodd Frank Act. This act was passed in 2010, so they had 8 years of data to use for their analysis. They compared implementation costs with real world protections, and concluded that many provisions did not deliver consumer value commensurate with consumer cost. In theory it’s the banks that pay for regulatory implementation. In actuality it’s the customers who pay when increased operations expenses are passed along in the form of higher interest rates and account fees.
Dodd Frank has not been rolled back, but many provisions have been recalibrated. A major correction was to exempt small lenders, credit unions, and community banks. That’s one of the strongest reasons for lenders to invest the time and money to understand how changing regulations may or may not apply to their organization. Other provisions that were revised include: a simplified capital standard, Volcker rule exemption, reduced reporting requirements, and fewer safety and soundness exams.
Small-dollar rule revisited
Potential changes to the rules governing small-dollar loans are creating a bit of confusion. These new rules would impact payday loans, vehicle title loans, and some high-cost installment loans. In early November, the Consumer Financial Protection Bureau (CFPB) was granted a request to delay new rules on small-dollar loans that were scheduled to go into effect in August 2019. The CFPB requested this delay, because they are issuing an alternate set of rules in January 2019 that would change the direction of the proposed August rules. The January rules will focus on the ability-to-repay provision, because this clause affects far more consumers than the payment provision.
The final rules may have a limited impact on the lending industry. Big banks issue very few small-dollar loans, and credit unions may be exempted from the regulations. According to Ryan Donovan, the Chief Advocacy Officer at the Credit Union National Association (CUNA), “We hope the bureau (CFPB)…will consider a full exemption for credit unions…they are the safest and most affordable providers of short-term, small-dollar loans.” If the CFPB decides to exempt credit unions, then they may also exempt small local banks using the newly recalibrated Dodd Frank as the precedent. Ideally, the final rule will affect only those predatory lenders that were issuing high interest loans to borrowers who clearly could not make the monthly payments on a long-term basis.
How to manage the constantly changing regulatory environment
Alternative lenders are innovators who live to disrupt the status quo. Sometimes operational issues like regulatory compliance can take a back seat to pressing launch issues like technology design and investor relationships. This short sighted approach can lead to drastic consequences.
Regulatory agencies are unforgiving, and the penalties can be especially costly when civil courts award consumer damages on top of the initial regulatory fine.
It can be challenging to manage compliance without a full time regulatory team. This is especially true for small to midsize lenders, local banks, and not-for-profit credit unions who typically struggle with outdated technology.
That’s where a fintech solution like Turnkey Lender can help. Our award-winning, fully managed lending-as-a-service platform delivers built-in regulatory compliance.
Our clients gain four key advantages over their competition:
1. Built-in regulatory updates. Your lending program always complies with new rules as they’re published. And without a dedicated compliance team.
2. Easy deployment from our secure, cloud-based platform. Your team gets up-to-speed quickly with intuitive process flows, user-friendly training modules, and 24/7 support.
3. Automated processes. Your operation enjoys faster approvals, less human error, and cost savings from process efficiencies.
4. State-of-the-art alternative scoring methodologies, including a proprietary credit scoring algorithm with machine learning that continually optimizes the formula.
