[co-author:  Samuel Klein, Summer Associate]

Weekly Fintech Focus

• A buy-now pay-later company faces a potential class action alleging it hid the risk of overdraft and NSF fees from its users.
• Leaders of the CFPB’s Fair Lending Office published an article encouraging the use of special purpose credit programs to effect racial justice.
• The FDIC is opening applications for a tech sprint to reach the unbanked.
• The FSB responds to comments on its recent discussion paper related to outsourcing and third-party service providers.

Buy-Now Pay-Later Company Faces Class Action Alleging It Hid Risk of Overdraft Fees

A buy-now pay-later (BNPL) company, faces a proposed class action lawsuit in California federal district court related to undisclosed non-sufficient funds (NSF) fees the plaintiff incurred as a result of the BNPL company’s automatic attempted debiting of the plaintiff’s bank account. The plaintiff alleges that the potential for the resulting NSF and overdraft fees charged by the plaintiff’s bank were not disclosed by the BNPL company in violation of California’s Unfair Competition Law’s prohibition against unfair and fraudulent business acts and practices.

The complaint alleges that the BNPL company “prominently markets” itself as a service that allows users to pay for purchases at a later date with “no interest, no fees, and no hassle” when in reality there are “huge, undisclosed fees and interest” associated with using its service. According to the complaint, such undisclosed fees include NSF and overdraft fees, which the plaintiff alleges are a “likely and devastating” consequence of the BNPL company’s service. The BNPL company’s service allows customers to repay the balance of their purchases by making four payments over the course of six weeks.

The plaintiff claims that she had no idea that small, automatic repayments could cause overdraft fees from her bank and that this risk was known to the BNPL company but omitted from its marketing. Although acknowledging that banks, not the BNPL company, assess such fees, the plaintiff alleges that the BNPL company “misrepresents (and omits facts about)” its service, thereby placing users “at extreme and undisclosed risk” of expensive bank fees. In the lead plaintiff’s situation, the BNPL company had made a $15.47 deduction from the plaintiff’s checking account as a partial repayment for one of plaintiff’s purchases, causing a $35.00 overdraft fee.

CFPB Looking to Encourage Special Purpose Credit Programs

Recently, in a journal focused on poverty and racial and economic equity research, two of the heads of the Consumer Financial Protection Bureau’s (CFPB) Fair Lending Office published an article (p. 52) about the use of Special Purpose Credit Programs (SPCPs) to promote racial and economic equity. We discussed a recent CFPB advisory opinion in a blog post at the beginning of the year, and this essay by members of the CFPB reiterates the CFPB’s encouragement for financial institutions and others to engage in administering SPCPs. The article is not guidance and has no force of law, but does provide insight into the CFPB’s positions on SPCPs, which the authors refer to as “a central priority for the CFPB’s efforts to ‘take bold and swift action on racial equity.’”

Under the Equal Credit Opportunity Act (ECOA) and its implementing Regulation B, a creditor may not discriminate against any applicant, with respect to any aspect of a credit transaction on the basis of race, color, religion, national origin, sex or marital status, or age. SPCPs act as a kind of exception to this prohibition by enabling creditors to provide an SPCP to respond to the special social needs of a class of persons and to benefit economically disadvantaged groups. To develop an SPCP, a creditor may consider prohibited bases when targeting these credit programs. In order to offer an SPCP, a for-profit creditor must establish and administer the program pursuant to a written plan that identifies the class of persons that the program is designed to benefit, and extend credit to a class of persons who, under the organization’s customary standards of creditworthiness, likely would not have received credit or would have received credit on less favorable terms than standard applicants. Non-profit creditors offering SPCPs have slightly less stringent requirements to offering the SPCP.

FDITECH Launches Tech Sprint to Reach the Unbanked

The Federal Deposit Insurance Corporation’s (FDIC) tech lab, FDITECH, is preparing to launch a tech sprint to challenge participants to identify and develop resources and tools to help banks get unbanked persons into the banking system. The tech sprint is specifically focused on improving the ability of community banks to reach the unbanked population. Interested participants should self-organize into teams before registering. The FDIC suggests that the teams include skillsets such as design, technology, project management, financial services, financial education, and financial inclusion. Registration opens early July 2021 and closes mid-July 2021. The FDIC will review the submissions, with a final demonstration by the teams in mid-August 2021.

FSB Publishes Responses to Discussion Paper on Outsourcing and Third-Party Relationships

On June 14, 2021, the Financial Stability Board (FSB) published an overview of comments it received in response to its discussion paper on regulatory and supervisory issues relating to outsourcing and third-party relationships. During the public consultation period, the FSB received thirty-nine responses from a wide range of stakeholders, including banks, insurers, asset managers, financial market infrastructures, third-party service providers, industry associations, individuals, and public authorities. The FSB also held a virtual outreach meeting to collect additional comments.

In general, the respondents welcomed the discussion paper, viewing it as a timely and balanced overview of the challenges and issues arising out of financial institutions’ outsourcing and third-party dependencies. The discussion paper identified several challenges and issues including: constraints on the rights to access, audit, and obtain information from third parties; concentration risks in the provision of certain services that are difficult to substitute; treatment of intra-group outsourcing; fragmentation of regulatory, supervisory, and industry practices; restrictive data localization requirements; cyber and data security; and resource constraints at financial institutions and supervisory authorities.

Respondents offered several measures to address these challenges and issues, which the FSB grouped into five categories:

• Developing actionable global standards for financial institutions’ outsourcing and third-party relationships to strengthen resilience and manage risk. Respondents noted that these global regulatory or industry standards should be principles-based, outcomes-focused, and proportionate to a financial institution’s complexity, size, nature, and risk profile, as well as the criticality of the functions, services, or technologies provided or supported by third parties;
• Clarifying or improving existing definitions (including for terms such as “outsourcing” and “third-party relationships”) and criteria for “criticality/essentiality/materiality” to make clear what activities fall within the scope of regulation;
• Using pooled audits as a form of risk management that not only promotes a consistent approach to oversight but also reduces the burden on relevant stakeholders. Pooled audits enable multiple financial institutions to conduct coordinated audits of third-party service providers that serve those financial institutions. Some respondents also suggested that supervisory authorities develop and encourage standardized certification and reporting for third-party service providers to indicate compliance with internationally-recognized standards;
• Mapping dependencies of financial institutions on third parties (such as by inventorying services and technologies provided by third parties), as well as enhancing existing regulatory and supervisory oversight (such as by periodically evaluating information received by third-party service providers, regularly updating the skills and training of employees responsible for monitoring dependencies, and sharing employees’ experiences with supervisory authorities); and
• Organizing an international forum or public-private global working group with relevant stakeholders (e.g., supervisory authorities, financial institutions, and third-party service providers) to exchange views and best practices on cross-border issues relating to outsourcing and third-party relationships.

Respondents also offered some lessons learned from the COVID-19 pandemic. While most respondents did not mention significant issues concerning financial institutions’ outsourcing or third-party relationships during the pandemic, they did highlight the benefits of outsourcing. Additionally, respondents acknowledged that the pandemic increased financial institutions’ dependencies on third-party technologies and services, which underscored the need to incorporate risks associated with such dependencies into overall risk management frameworks.

[View source.]