Data Breach. Yesterday, Equifax revealed that it incurred a massive data breach – impacting at least 143 million consumers. Equifax is reaching out to all of its clients – including many online lenders – to let them know what it is doing to mitigate the effects of this massive breach. Equifax’s official statement is that they are ensuring a breach like this never happens again, none of their core credit databases were penetrated, and they plan to offer every U.S. consumer free credit monitoring for a specified period of time.

What’s Next? There are already news reports that Equifax may not be handling the influx of concerned consumers well – requiring consumers to enter their last name and last six digits of their Social Security number (which has irked more than a few consumers). Interestingly, this request for “last six digits” seems to indicate that the typical requirement for last four is not enough to verify consumers’ identities after this breach.

Equifax, however, is doing the right thing by actively reaching out to their clients and consumers.  They have assured their clients that the breach related only to their consumer facing site and not to their core credit database, so consumers’ credit reports (detailing tradelines, etc.) were not exposed.

Lender Implications. Today, online lenders will review their third-party risk management protocols to better understand the nature of the breach and to develop a response to their impacted clients. Tomorrow, online lenders will have to get some comfort that Equifax has sufficiently handled this problem and, as they are handling this problem, online lenders need to ensure that Equifax is still able to handle other aspects of its relationship with these clients. Namely, Equifax has a large suite of fraud prevention products that the online lending industry relies on, among other related services.

Also of note, the long term effects of this breach may impact the integrity of the data that online lenders use for a variety of reasons (target marketing and prescreened offers, underwriting and pricing for instance).  If that impact is negative, it could hurt the operations of the online lenders and could also result in more fraud due to the speed of the process – online lenders will need to show how their security accounts for these highlighted risks.

OLPI will continue to monitor this story as it develops.  OLPI will also ensure that this issue – cyber security risks—is fully briefed at its 2nd Annual OLPI Policy Summit this month on September 25 in Washington, DC. For more information, please visit http://www.onlinelendingpolicysummit.com/

2nd Annual OLPI Policy Summit

Regular Admission Pass

2nd Annual OLPI Policy Summit in Washington, DC September 25. Be in the room where it happens, join key policy makers and industry experts as they discuss the regulatory policy considerations surrounding fintech and online lending. Visit the Summit site to learn more: http://www.onlinelendingpolicysummit.com/index.html

$750.00

The 2015 decision by the Second Circuit Court of Appeals in Madden v. Midland Funding, LLC precipitated uncertainty among financial services providers and the secondary market.  Many legal experts believed the decision cast doubt on and generally ignored the longstanding legal principle of “valid-when-made.”  That is, a loan or contract that was non-usurious when it was made remain non-usurious when it is subsequently transferred to another person.  In Madden, however, the decision found that the sale and assignment of a loan to a non-bank by a national bank did not necessarily transfer to the loan purchaser the right to charge interest at the rate allowed by the national bank and specified in the loan contract.  Critics of the decision (including President Obama’s US Solicitor General) claim the court’s conclusion is wrong and violates contractual principles of assignment as well as the long standing legal precedent that loans are “valid-when-made.” Read More

After a grueling three-day markup of the bill, the House Financial Service Committee favorably reported the Financial CHOICE Act to the House Floor by a strict party line vote of 34-26. Democrats pulled out all of their dilatory practices including offering 19 amendments to this bill (all failed to be adopted) and having the committee read approximately 350 of 600 pages of this bill aloud. Click here to see the 593-page text of the Financial CHOICE Act 2.0.

Read More

Comptroller Curry will leave his post as Comptroller of the Currency on May 5.  President Trump appointed Keith Noreika to serve as acting comptroller.  Mr. Noreika is a banking law expert and a partner at the law firm of Simpson Thacher & Bartlett LLP.  He will keep the OCC running until President Trump names a permanent replacement (and that proposed permanent replacement is confirmed by the Senate). Read More

The State of Colorado is challenging the marketplace lending model.  On February 15, 2017,  the Administrator of the Uniform Consumer Credit Code for the State of Colorado (“Colorado”) sued Avant and Best Egg (in separate actions), claiming in both actions that they violated Colorado’s usury rate and entered into loan agreements containing a governing law provision other than Colorado.  Click here to see the Complaint against Avant and hereto the see the Complaint against Best Egg.  Colorado sued Avant and Best Egg, but did not sue their partner banks, WebBank and Cross River, respectively.  The Complaints allege that Avant and Best Egg are the true lenders. Read More

States have taken their dislike over the OCC’s planned fintech charter a step further and sued the OCC in the US District Court for the District of Columbia.  The Conference of State Bank Supervisors sued the OCC and Comptroller Curry arguing, among other things, that the “business of banking” requires an institution to take deposits.  Strangely, this ignores existing national bank models: credit card banks, trust banks, and cash management banks.  All of this being said, CSBS also argues that the OCC violated the Administrative Procedure Act by publishing only a high-level white paper and supplement to the Comptroller’s Licensing Manual (which they did seek feedback on) — thereby avoiding publishing new rules that welcome the public vetting process.  This argument will likely have more teeth.

Read the Complaint here: 2017-04-26 – Complaint – CSBS v. OCC

LendIt USA 2017Cornelius Hurley Executive Director, OLPI, Thomas J. Curry of the OCC and Gilles Gade, CEO and President of Cross River Bank — LendIt USA 2017 (photo by Gabe Palacio)

On March 6, 2017, OLPI hosted a day of Policy & Regulation panels at LendIt USA 2017. The panels were the most popular of the day — standing room only. The popularity of the panels and the Q&A with Comptroller Curry shows the hunger for a robust dialogue about the policy and regulatory issues that face fintech (and the need for OLPI). Below are videos of the programming.

Read More