How To Best Regulate Fintech

August 6, 2018

On Tuesday, the Office of the Comptroller of the Currency (OCC)—one of the nation’s banking regulators—announced that it will allow non-bank financial technology companies (fintechs) to apply for national bank status. This may sound like a plain-vanilla regulatory move, but it is a move in the wrong direction from regulation that would truly protect consumers and small businesses from predatory practices in the fintech industry.

Fintechs, like Lending Club and Kabbage, are new lending platforms that rely on algorithmic decision-making processes rather than traditional credit scores and income verifications, and they operate exclusively online. Small businesses and consumers are increasingly reliant on fintech borrowing; it’s fast and easy, and in the 21st century economy, Americans would increasingly prefer to conduct finances from their smartphones than stand in line at the bank. And it’s a rapidly growing industry: The Treasury Department predicts that by 2020, the volume of new loans could reach $90 billion.

But what most borrowers may not realize is that fintechs are not regulated like banks. As discussed below, the protections that we count on for clear and transparent financial borrowing terms and equal protection currently do not apply to fintechs. Absent robust financial rules, the OCC fintech charter has the potential to give fintechs even more power over borrowers. Fintechs will be able to charter in states with nonexistent limits on interest rates, and the charter agreements made between the OCC and a fintech will remain secretive, shielding companies from accountability.

There is a better way to regulate fintech: combine state licensing and regulation with the inclusion of small business borrowers into federal consumer protection laws.

In a recent draft paper that is forthcoming in the Fordham Journal of Corporate and Financial Law, I propose a regulatory framework to appropriately regulate this fast-growing industry while protecting borrowers from predatory behavior by fintechs. Below, I describe how fintech works and why regulating it appropriately is crucial for America’s financial health.

How Fintech Works

The scope of the fintech industry is loosely defined by the Government Accountability Office (GAO) as the “use of technology and innovation to provide financial services.” Fintechs offer speed (most fintech lenders provide lending decisions within 48 to 72 hours) and an innovative decision-making process—they use data-rich algorithms with unconventional data sources rather than the standard variables that traditional retail banks use, such as credit scores and income verification. In other words, the innovation of fintech is that its use of nontraditional data allows new borrowers or traditionally unqualified borrowers to access credit.

Most fintech lending is to consumers, who are covered by federal consumer protection statutes. But small businesses have been more deeply affected by consolidation in the banking industry, and thus are more dependent on fintechs.

Historically, small businesses have relied primarily on community banks to support their borrowing needs. Following the 2008 financial crisis, however, the world has seen a decline in community banks—the number of surviving community banks has fallen from 14,000 in the 1980s to just 5,000 remaining today—and big banks are less interested in offering small loans.

Enter the fintech response: As traditional banks reject borrowers’ applications, these platforms provide a quick alternative for small business owners and are growing in prevalence.

The convenience of fintechs, however, easily masks the risks that unregulated lending to small businesses could be predatory and unsustainable. These platforms are not accompanied by standardized disclosure requirements or loan terms, and several studies have shown interest rates to be higher than those for comparable bank loans. Risky credit that small companies cannot afford, or do not understand the terms of, can be devastating, and high interest payments can drive small businesses into bankruptcy. Despite the risks, small business owners have limited options for financial services and are forced to turn to fintech operators that offer higher rates and little to no transparency.

Though documentation is sparse, there is some evidence that fintech borrowers are less satisfied, and receive worse terms, than if they had borrowed from a traditional bank. According to the Federal Reserve’s survey of small business borrowers, fintech lenders earned just a 35 percent net satisfaction score from successful small business borrowers, mainly due to high interest rates and confusing loan terms. Small banks, meanwhile, earned a 74 percent satisfaction score.

Anecdotal evidence suggests that small business borrowers pay fintech operators a higher interest rate than consumers. The largest fintech lender to both private consumers and small businesses, Lending Club, reports that its small business borrowers paid 19 percent interest on average in 2013 compared to the 14.5 percent that consumers paid. Small businesses have paid higher interest rates every year since.

Regulatory Proposals to Support Borrowers

The lack of regulation has opened the door for potentially predatory practices, such as high interest rates and confusing loan terms. The OCC’s proposal is an even bigger step in the wrong direction. State licensing of fintechs combined with inclusion of small business borrowers in federal consumer protection statutes would be a far better approach.

The regulatory framework that the Trump administration has chosen to move forward with will likely cause increased harm to fintech borrowers. The proposal from the OCC is to issue a special purpose bank charter for fintech companies that the OCC claims would “harmonize” the entry of these new unregulated firms into the marketplace—but would also shield fintechs from state regulation. It’s been written with the interests of fintechs in mind, not borrowers.

One key problem with this proposal is that fintech companies would be able to act like national banks and import interest rates from their home state to all states where they do business. Presumably, fintechs would therefore incorporate in states where interest rate limits are nonexistent. Federal preemption of state law would prevent state agencies from directly licensing or otherwise regulating fintechs. A second key problem is that the agreements that the OCC would make with a chartered fintech would remain private, excluding the fintech from public accountability.

Fintech lending companies will continue to grow and dominate the market. We propose that consumers would be far better served if the fintech industry was regulated in the following ways:

First, regulation and licensing of fintech lending companies should be handled at the state level. All states already require lending licenses for consumer lenders and have oversight over nearly 5,000 chartered banks as well as non-depository financial institutions. Many states have laws that cap interest rates and provide fair-lending protections that are proven to protect borrowers from unaffordable loans.

State laws provide greater fair-lending protection than federal law, and there are several marked examples of this superior level of oversight.

Illinois, led by the City of Chicago Treasurer’s office, has proposed licensing small business lenders, including through Senate Bill 2865, which—mimicking the federal requirements under the Truth In Lending Act (TILA)—would require lenders to disclose the annual percentage rate (APR) of any prospective loan as well as the fees they charge. The bill would also require lenders to determine the borrower’s ability to repay before approving the loan. Chicago found that there were no preexisting regulatory solutions for small business lending, so the city took the initiative to draft regulations for business-to-business products that focused on transparency. New York has proposed similar licensing legislation, which would amend Section 340 of the Banking Law to add the requirement that a lender must be licensed to lend to either an individual or business for loans of $50,000 or less and expand the licensing requirement to entities that acquire loans from others.

In response to the OCC’s charter proposal, the Conference of State Bank Supervisors (CSBS)—the nation’s association of state banking regulators—has issued Vision 2020: a series of initiatives intended to streamline the process for regulating fintech lending across states. The stated goal is that by 2020, “state regulators will adopt an integrated, 50-state licensing and supervisory system, leveraging technology and smart regulatory policy to transform the interaction between industry, regulators and consumers.”

The CSBS’s redesign of the Nationwide Multistate Licensing System (NMLS) is an attempt to streamline the multistate registration process and work toward uniformity in regulatory requirements. The NMLS will allow for one point of entry for registration and equip states to rely on the analysis from other states to more quickly assess and engage with a fintech firm, all while licensing and regulatory oversight are kept within state control.

Second, to better regulate small business lending particularly, consumer statutes that regulate lending at the federal level should be amended to cover small business borrowers, with oversight by the Consumer Financial Protection Bureau (CFPB). Small business owners largely do not have the financial expertise or professional support to do a thorough and appropriate analysis of their lending options. The vast majority of small businesses apply for loans under $250,000, with the majority of those loans under $100,000. And 87 percent of small business owners are relying on their personal credit scores and are using personal collateral to finance their small businesses, further blurring the line between consumer borrowing and business borrowing and also demonstrating why equal protection is essential.

Congress should enact protections for small business borrowers by expanding the core federal consumer protection statutes to cover small business loans. This entails expanding the CFPB’s jurisdiction over small business lending and amending TILA to cover all borrowers under a certain dollar threshold, regardless of the purpose of such borrowing. Other key statutes to amend include: the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA), and the Credit Practices Rule of Section 5 of the Federal Trade Commission (FTC) Act. With the exception of the Equal Credit Opportunity Act (ECOA), the laws do not cover commercial borrowers—whether small or large businesses—because commercial borrowers are presumed to be “sophisticated” borrowers.

The TILA is essential to amend, as it requires lenders to provide fair and accurate loan cost information (so borrowers can compare loan terms), bans deceptive advertising, and ensures borrowers have the right to cancel a loan within three days. The 2017 Federal Reserve Small Business Credit survey highlights the need for transparency in fintech lending: 15 percent of successful applicants who were dissatisfied with their experience cited lack of transparency, and 33 percent pointed to unfavorable repayment terms.

Currently, the TILA covers home loans, student loans, and credit cards but excludes business credit. The Dodd Frank law grants the CFPB rule-making authority over TILA, which should be amended to provide explicit authority of the small business lending marketplace. This could happen in two ways: the scope of the CFPB’s jurisdiction could expand to include any transaction for which a borrower is personally liable—regardless of the purpose of the loan—or it could be defined to cover small businesses taking out small loans by creating a threshold based on the number of employees or the size of the loan.

The ECOA prohibits discrimination in business credit transactions, but it is the CFPB that is charged with collecting the data on credit applications by women-owned, minority-owned, and small businesses that is necessary to determine if discrimination exists. This data includes statistics on the type, purpose, and amount of loans applied for as well as what was approved; the type of action taken with respect to such applications; and other demographic information about prospective borrowers. Section 1071 of the Dodd Frank Act mandates that the CFPB collect this data, though despite promises to act “expeditiously,” no real progress has been made. It is crucial that the CFPB finalize the data collection process mandated under Section 1071.

The Credit Practices Rule, found in the FTC Act, should be amended to cover small business, as well. This rule prohibits “unfair and deceptive acts or practices in or affecting commerce” and applies to both consumer and business transactions, though the FTC has not yet taken steps to bring small business borrowers under the coverage of the Credit Practices Rule. The rule should be amended to cover loans made to consumers for business purposes that are secured by personal collateral or that are under a certain size threshold.


Fintech will continue to grow, and in order to avoid potential harm to consumer and small business borrowers, fintech should be appropriately regulated at the state level. Small businesses are essential to American economy, and they, along with consumers, must be protected when they seek access to credit. Like in so many other policy areas, the Trump administration’s OCC fintech charter is a step in the wrong direction, and it should be reversed before its effect is felt by millions of fintech borrowers. To curb predatory practices and foster inclusive economic growth, small business borrowers must also be included in federal consumer protection statutes and supported by robust, state-level fintech regulation.