Data Breach. Yesterday, Equifax revealed that it incurred a massive data breach – impacting at least 143 million consumers. Equifax is reaching out to all of its clients – including many online lenders – to let them know what it is doing to mitigate the effects of this massive breach. Equifax’s official statement is that they are ensuring a breach like this never happens again, none of their core credit databases were penetrated, and they plan to offer every U.S. consumer free credit monitoring for a specified period of time.

What’s Next? There are already news reports that Equifax may not be handling the influx of concerned consumers well – requiring consumers to enter their last name and last six digits of their Social Security number (which has irked more than a few consumers). Interestingly, this request for “last six digits” seems to indicate that the typical requirement for last four is not enough to verify consumers’ identities after this breach.

Equifax, however, is doing the right thing by actively reaching out to their clients and consumers.  They have assured their clients that the breach related only to their consumer facing site and not to their core credit database, so consumers’ credit reports (detailing tradelines, etc.) were not exposed.

Lender Implications. Today, online lenders will review their third-party risk management protocols to better understand the nature of the breach and to develop a response to their impacted clients. Tomorrow, online lenders will have to get some comfort that Equifax has sufficiently handled this problem and, as they are handling this problem, online lenders need to ensure that Equifax is still able to handle other aspects of its relationship with these clients. Namely, Equifax has a large suite of fraud prevention products that the online lending industry relies on, among other related services.

Also of note, the long term effects of this breach may impact the integrity of the data that online lenders use for a variety of reasons (target marketing and prescreened offers, underwriting and pricing for instance).  If that impact is negative, it could hurt the operations of the online lenders and could also result in more fraud due to the speed of the process – online lenders will need to show how their security accounts for these highlighted risks.

OLPI will continue to monitor this story as it develops.  OLPI will also ensure that this issue – cyber security risks—is fully briefed at its 2nd Annual OLPI Policy Summit this month on September 25 in Washington, DC. For more information, please visit http://www.onlinelendingpolicysummit.com/

The 2015 decision by the Second Circuit Court of Appeals in Madden v. Midland Funding, LLC precipitated uncertainty among financial services providers and the secondary market.  Many legal experts believed the decision cast doubt on and generally ignored the longstanding legal principle of “valid-when-made.”  That is, a loan or contract that was non-usurious when it was made remain non-usurious when it is subsequently transferred to another person.  In Madden, however, the decision found that the sale and assignment of a loan to a non-bank by a national bank did not necessarily transfer to the loan purchaser the right to charge interest at the rate allowed by the national bank and specified in the loan contract.  Critics of the decision (including President Obama’s US Solicitor General) claim the court’s conclusion is wrong and violates contractual principles of assignment as well as the long standing legal precedent that loans are “valid-when-made.” Read More

Comptroller Curry will leave his post as Comptroller of the Currency on May 5.  President Trump appointed Keith Noreika to serve as acting comptroller.  Mr. Noreika is a banking law expert and a partner at the law firm of Simpson Thacher & Bartlett LLP.  He will keep the OCC running until President Trump names a permanent replacement (and that proposed permanent replacement is confirmed by the Senate). Read More

The State of Colorado is challenging the marketplace lending model.  On February 15, 2017,  the Administrator of the Uniform Consumer Credit Code for the State of Colorado (“Colorado”) sued Avant and Best Egg (in separate actions), claiming in both actions that they violated Colorado’s usury rate and entered into loan agreements containing a governing law provision other than Colorado.  Click here to see the Complaint against Avant and hereto the see the Complaint against Best Egg.  Colorado sued Avant and Best Egg, but did not sue their partner banks, WebBank and Cross River, respectively.  The Complaints allege that Avant and Best Egg are the true lenders. Read More

States have taken their dislike over the OCC’s planned fintech charter a step further and sued the OCC in the US District Court for the District of Columbia.  The Conference of State Bank Supervisors sued the OCC and Comptroller Curry arguing, among other things, that the “business of banking” requires an institution to take deposits.  Strangely, this ignores existing national bank models: credit card banks, trust banks, and cash management banks.  All of this being said, CSBS also argues that the OCC violated the Administrative Procedure Act by publishing only a high-level white paper and supplement to the Comptroller’s Licensing Manual (which they did seek feedback on) — thereby avoiding publishing new rules that welcome the public vetting process.  This argument will likely have more teeth.

Read the Complaint here: 2017-04-26 – Complaint – CSBS v. OCC

LendIt USA 2017Cornelius Hurley Executive Director, OLPI, Thomas J. Curry of the OCC and Gilles Gade, CEO and President of Cross River Bank — LendIt USA 2017 (photo by Gabe Palacio)

On March 6, 2017, OLPI hosted a day of Policy & Regulation panels at LendIt USA 2017. The panels were the most popular of the day — standing room only. The popularity of the panels and the Q&A with Comptroller Curry shows the hunger for a robust dialogue about the policy and regulatory issues that face fintech (and the need for OLPI). Below are videos of the programming.

Read More

OLPI Announces Formation and Appointment of Executive Director Boston University Professor Cornelius K. Hurley to Serve as Executive Director

cropped-cropped-winning-logo1.jpgWashington, DC—February 9, 2017—The Online Lending Policy Institute (OLPI) today announced its formation and the appointment of its first Executive Director, Professor Cornelius K. Hurley. OLPI will provide a one-stop resource for those interested in FinTech generally and marketplace lending specifically.  It will provide research and education to ensure informed policy and best practices.

“The formation of the Institute represents a milestone in the maturation of this rapidly advancing industry. We are committed to bringing a new and balanced voice to help address issues and communicate with regulators and the policy establishment,” said Professor Hurley.

Read More

During OLPI’s MPL Policy Summit this past September, Comptroller Curry spoke about the importance of the MPL Policy Summit and OLPI in promoting the continued conversation about the importance of responsible innovation.   Among other things, he asked various questions about whether existing laws were adequate in addressing and promoting responsible innovation.  He asked if the innovations seen in marketplace lending should be regulated, who should be responsible for regulating an organization or activity.  This is where he spoke of the possibility of a federal license or charger for marketplace lenders and fintech firms.

Read More

 

LendIt USA 2017

The World’s Biggest Show in Lending & Fintech

March 6-7, Jacob Javits Center, New York

OLPI will host the Policy and Regulation track.

LendIt USA 2017 is the largest annual gathering of the Lending and Fintech industry. The LendIt USA community is comprised of thousands of lending and fintech companies, investors, banks, services providers, educators, government officials, and journalists from around the world. Read More