# Privacy and technology regulations

 - The regulatory landscape for fintechs operating in the US is extremely complex. 
 - There is no ‘fintech-specific’ regulatory framework in operation.
 - Fintech activities will almost certainly come within the purview of several regulatory bodies.
 - Requires the firms to register and comply with the obligations set out by one or (more likely) several regulatory bodies.

In this class we will go over a list of regulators and regulations that govern fintech industry in the US. However, it is by no means exhaustive.

## Fintech regulators

There is a wide range of fintech regulators in the US with some having extremely broad jurisdictions, while others focus on specific activities. Every fintech must register and comply with them.

Since there is a huge list of federal and state regulators, we will present the most prominent ones.

### Federal Trade Commision (FTC)

<img src="images/ftc.png" width=400>

The FTC protects consumers from “anticompetitive, unfair, or deceptive” practices amongst businesses that offer services, including fintech applications. 

It has developed a significant corpus of regulatory requirements for businesses operating in the US, including obligations regarding privacy and data protection.

You can find more information in the [FTC website](https://www.ftc.gov/news-events/media-resources/consumer-finance/financial-technology)

### Consumer Financial Protection Bureau (CFPB)

<img src="images/cfpb.png" width=500>

The Consumer Financial Protection Bureau (CFPB) helps consumer finance markets work by:
 - making rules more effective, 
 - consistently and fairly enforcing those rules, 
 - empowering consumers to take more control over their economic lives.



### Federal Deposit Insurance Corporation (FDIC)

<img src="images/fdic.png" width=500>

The mission of the FDIC is to maintain stability and public confidence in the nation's financial system.

### Securities and Exchange Commission (SEC)

<img src="images/sec.png" width=500>

The SEC has a three-part mission:
 - Protect investors
 - Maintain fair, orderly, and efficient markets
 - Facilitate capital formation

### Commodity Futures Trading Commission (CFTC)

<img src="images/cftc.png" width=500>

The CFTC mainly focuses on:
 - Protecting market users and the public from fraud, manipulation, and abusive practices related to the sale of commodity futures and options. 
 - Fostering open, competitive, and financially sound commodity futures and option markets.

### Office of the Comptroller of the Currency (OCC)



The OCC ensures that:
 - National banks and federal savings associations operate in a safe and sound manner, 
 - Provide fair access to financial services, 
 - Treat customers fairly, 
 - Comply with applicable laws and regulations.

In 2018 OCC announced that it would also begin accepting applications for special purpose charters from fintechs. The charter is restricted to fintechs that accept deposits, pay cheques, or carry out lending activities. Fintechs that receive the charter are required to comply with the same requirements imposed on national banks.

### Financial Crimes Enforcement Network (FinCEN)

<img src="images/fincen.png" width=500>

Responsibilities of FinCEN include:
 - Safeguarding the financial system from illicit use, 
 - Combat money laundering and its related crimes including terrorism, 
 - Promote national security through the strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.

### Financial Industry Regulatory Authority (FINRA)

<img src="images/finra.png" width=500>

FINRA is authorized by Congress to protect America’s investors by making sure the broker-dealer industry operates fairly and honestly.

### State governments

Fintech companies operating in the US are regulated not only by federal bodies but also at a state level. 

Laws can vary significantly between states and the compliance landscape is complex - but some measures are being taken to simplify and rationalise the state-level regulatory frameworks.

## Fintech regulations

As expected, there is no one-size-fits-all fintech regulation in the US. Specific regulations with which fintechs must comply will depend on their activities. 

However, there are some particularly common regulations that every fintech operating in the US should consider. 

### Gramm-Leach Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions, such as companies that offer consumers financial products or services like loans, financial or investment advice, or insurance, to explain their information-sharing practices to their customers and to safeguard sensitive data.

It is a federal law that includes rules that protect the privacy and security of personally identifiable financial information relating to said customers. 

### Fair Credit Reporting Act (FCRA)

The FCRA protects information collected by consumer reporting agencies such as credit bureaus, medical information companies and tenant screening services. Information in a consumer report cannot be provided to anyone who does not have a purpose specified in the Act.

It is the primary federal law that governs the collection and reporting of credit information about consumers. Its rules cover how a consumer's credit information is obtained, how long it is kept, and how it is shared with others—including consumers themselves.

### Anti-Money Laundering (AML)

There are two main AML regulations in the US:

<ins>**The Bank Secrecy Act**</ins>: The most important anti-money laundering law. Intends to combat money laundering and ensure that banks and financial institutions do not facilitate or become complicit in it. The BSA imposes a range of compliance obligations on firms operating within US jurisdiction, including a requirement to implement a risk-based AML program with appropriate customer due diligence (CDD) and screening measures and to perform a range of reporting and record-keeping tasks when dealing with suspicious transactions and customers. 

<ins>**USA Patriot Act**</ins>: This legislation targets financial crimes associated with terrorism and expands the scope of the BSA by giving law enforcement agencies additional surveillance and investigatory powers, introducing new screening and customer due diligence measures and imposing increased penalties on firms or individuals found to be involved in terrorism financing. The USA Patriot Act includes specific provisions and controls for cross-border transactions in order to combat international terrorism and financial crime.

### JOBS Act

Provisions of JOBS Act:
 - Lowers reporting and disclosure requirements for companies with less than one billion dollars in revenue,
 - Allows advertising of securities offerings,
 - Allows greater access to crowd-funding, 
 - Greatly expands the number of companies that can offer stock without going through SEC registration.

### Fund Transfer Act and CFPB Regulation E

The Electronic Fund Transfer Act (EFTA) and CFPB Regulation E are federal laws that:
 - protect consumers when they transfer funds electronically, including:
     * use of debit cards, 
     * automated teller machines (ATMs), 
     * automatic withdrawals from a bank account. 
 - provide guidelines for consumers and banks or other financial institutions in the context of electronic funds transfers.

### Securities and Exchange Act (SEA)

The SEA was created to govern securities transactions on the secondary market, after issue, ensuring greater financial transparency and accuracy and less fraud or manipulation.

The purpose of the requirements of this act is to ensure an environment of fairness and investor confidence.

### CAN-SPAM Axt

The CAN-SPAM Act requires the FTC to issue regulations “defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.” The CAN-SPAM Act applies almost exclusively to “commercial electronic mail messages”.

### The future for fintech regulation in the US

 - It is not surprising that US regulators have been slow to adapt to the meteoric rise of fintech companies.

 - There remains a knowledge gap between regulators and the businesses they are attempting to regulate.

*However, the regulatory landscape is changing*

Lawmakers are coming to understand the specific nature of the fintech sector, and there have been attempts to simplify the byzantine legal framework in order to encourage growth.

#### Better state cooperation

Several states have begun cooperating in an attempt to reduce complexity around state-by-state regulatory requirements. 

#### Regulatory sandboxes

 - Used to test environments in which fintech companies can carry out experiments under regulatory supervision.
 - In some countries (e.g. UK), fintechs are allowed to conduct those experiments with real customers.

**No such framework currently exists at the federal level in the US** 

There have been attempts to establish one, most notably in 2018 when the CFPB and Treasury both published reports including proposals for establishing sandboxes. 

These tools do exist in some states: 
 - Arizona passed a sandbox law in 2018
 - Wyoming in 2019
 - Washington DC is actively considering such a law.

## Comply with US fintech regulations

Although there is no single answer, since each business is subject to their own obligatory regulations, there are some simple steps that every fintech company should consider:

 1. Request independent legal counsel regarding compliance issues, before any concrete decisions are taken. 
 2. Compliance requires dedicated talent, so hiring must be done carefuly.
 3. They need to make sure they dedicate sufficient resource to compliance tasks.
 4. Consider partnerships.
 5. The regulatory landscape is shifting constantly, with laws governing fintechs in a constant state of flux
     - **Every fintech business should remain alert and prepared for changes to their obligations.**