Contributed By Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates
'FinTech', the intersection of finance and technology, is a term that has enduringly entered the financial services lexicon. The term originally referred to the back-office operations of established financial institutions, but now refers to a broad range of activities designed to change and improve the delivery of financial services through the use of technology and encompasses every subsector of finance, including banking, non-depository lending, insurance, and broker-dealer and investment adviser activities.
Deal-making activity in the FinTech space increased in 2018, building off a strong 2017. Volume in venture capital investing and M&A activity reached new highs. RegTech, which covers a broad span of services that aim to reduce regulatory compliance costs for financial institutions, proved to be an increasingly relevant and maturing industry sector. Money also flowed into FinTech blockchain projects, with venture capital firms and traditional financial services firms investing more heavily in this space. As many expected, the market for so-called initial coin offerings (ICOs), in which tokens are sold to individuals to raise money for blockchain projects, effectively collapsed as a result of increased regulatory scrutiny and enforcement activity.
Venture/Growth Equity Investments
Venture capitalists continued to invest heavily in FinTech in 2018. The roughly USD8 billion of venture investment in US FinTech firms in the first three quarters of 2018 alone exceeded all venture investment in 2017. Venture deal volume and median deal size likewise surpassed 2017 results in all stages of venture investment (angel/seed, early stage and late stage). The surge of investment was driven by a maturation in the broader FinTech space, a strong FinTech M&A market (ie, exit opportunities) and the abundance of new investment opportunities in emerging FinTech segments. These factors have led to an increase in the amount and types of firms making venture investments in FinTech, making investment-side activity more competitive. As competition to invest in FinTech firms has increased, investors have generally softened their positions on the economic and governance rights of the ownership interests obtained in a financing round of a FinTech firm, leading to a financing environment that is relatively favourable to FinTech firms.
But the market’s outlook is not entirely rosy. Given the active 2018 venture capital investment environment and rise in median valuations, concerns exist that some FinTech firms may not increase their already high valuation in their next financing round and could be forced to raise funds at a lower implied equity value than in prior rounds (a 'down round'). The economic and governance rights of existing investors become of paramount importance in a down round because existing investors seek to avoid economic dilution and maintain their pre-existing governance rights. Anecdotally, this firm is aware of several FinTech companies at risk of down rounds during 2019, which may impact the continued trajectory of FinTech investment.
M&A in the FinTech sector similarly continued to grow. Through the end of the third quarter of 2018, the USD106.5 billion in FinTech M&A activity already surpassed 2017’s record USD87.7 billion in volume. Large financial services firms continued to be active acquirers in the FinTech M&A market. Through the third quarter of 2018, there were already more deals valued at USD1 billion or more (23), than in all of 2017 (21).
2018 also saw a marked increase in activity from mid-tier banks, and insurance and wealth management companies. Acting on a strategy that their larger competitors adopted several years ago – embracing FinTech as a way to drive innovation – this class of acquirers has helped to diversify the exit opportunities for FinTech firms.
There are several factors that suggest that M&A activity in the FinTech sector will continue to be robust in 2019. Early in 2019, Fiserv, Inc and First Data Corporation announced a USD22 billion mega-merger. The deal may pressure other large and established FinTech players, in particular in the payments space, to explore the M&A market, creating a deal environment for large FinTech M&A transactions.
There is also evidence suggesting that activity at the middle and lower end of the market is likely to remain strong in 2019. According to one survey, 31% of senior executives that made a FinTech acquisition or investment in the past two years stated they plan to allocate at least USD500 million to FinTech investments over the next two years. Another third stated that they are likely to allocate between USD200 million and USD500 million over that same period. With the billions of venture capital and growth equity dollars that have flowed into the sector over the last few years, it is likely that FinTech firms will continue to seek exits through M&A transactions and established financial institutions appear ready to re-engage in meaningful buy-side M&A activity.
RegTech, a segment of FinTech focused on utilising technology to improve regulatory processes, has recently been one of the fastest-growing FinTech segments and an area where investment and M&A activity may be expected to grow in 2019. The growth of RegTech is largely driven by increasingly demanding, complex and costly regulatory regimes, which organisations seek to address through increasing automation and the use of technology solutions.
In an effort to reduce costs and ease companies’ compliance burdens, RegTech firms have sought to develop platforms and programs that utilise technology to streamline and enhance compliance, monitoring, reporting and data protection processes. The efficacy and cost-saving potential of such services has spurred greater demand for RegTech solutions, particularly in financial services. RegTech, however, is a relatively young FinTech segment. Most of the RegTech investment activity in 2018 was early-stage venture financings, rather than late-stage financing or M&A. But there are important exceptions, including the September 2018 Series C financing of Enigma, a software-as-a-service platform used for compliance and risk management purposes by, among others, banking organisations and pharmaceutical firms. Enigma raised USD95 million in that transaction, representing nearly 25% of the global investment activity in RegTech in the third quarter of 2018. Another important exception is Morgan Stanley’s reported USD900 million acquisition of Solium Capital, which provides cloud-enabled administration, financial reporting and compliance services for global equity-based incentive plans.
Traditional forms of investment in blockchain projects ramped up considerably in 2018, as venture capitalists and financial services firms began investing heavily in the space. Most of this investment has been to fund development projects for the underlying blockchain technology, but companies are also backing so-called stablecoin projects (in which a crypto-currency currency is pegged to a fiat currency or other digital assets to stabilise its value) as well as projects to 'tokenise' non-digital tangible assets such as real estate and securities. According to some reports, blockchain and crypto-related firms raised over USD4 billion from venture capitalists in 2018, a 280% rise compared to 2017. The median investment amount of these deals increased to USD2.5 million from USD1.5 million a year earlier. In the M&A space, there was approximately USD559 million in crypto-currency-related deals in 2018, which set a record. The 54 M&A deals during the year represented a 170% increase from the 20 deals that occurred in 2017.
The market for ICOs in the USA collapsed in 2018 as a result of increased SEC pronouncements and enforcement actions, and it is likely that this phase of investment in blockchain projects will, over time, become a footnote in the history of this space. For further discussion of the blockchain and digital asset regulatory environment, see 8 Blockchain. It also remains to be seen which, if any, of the hundreds of available crypto-currencies will survive and become true mediums of exchange.
Robo-advisers use algorithms based on a variety of inputs, such as the investor’s age, investable assets, investment horizon, risk tolerance and other factors combined with modern portfolio theory-based investment strategies to provide wealth and investment management services without the human element of, and typically at a lower cost than, a traditional financial adviser. Traditional financial advisers and robo-advisers provide similar types of services, and therefore both (to the extent that they provide advisory services in the USA) are typically registered as investment advisers with the SEC or one or more state securities authorities. Both must also comply with the securities laws applicable to SEC or state-registered investment advisers. The staff of the SEC’s Office of Compliance Inspections and Examinations has provided guidance that, as a statutory fiduciary, when an investment adviser has the responsibility to select broker-dealers and execute client trades, each has an obligation to seek to execute securities transactions for clients in such a manner that the client’s total costs or proceeds in each transaction are the most favourable, taking into account the circumstances of the particular transaction.
As a general matter, many robo-advisers tend to focus on ETF investments, which reflects the increasing preference among the next generation of investors for low-cost, passive, diversified investments. The clients of robo-advisers tend to be younger, cost-conscious, hands-off investors who may initially have less capital available to invest. Because of the increased online presence of this next generation of investors, robo-adviser business models focus more on addressing the needs of their clients primarily through a greater online and social media presence. Many legacy players themselves are building their own robo-advisers, so they are able to offer a comprehensive set of products and services that appeal to a wide variety of investors.
Many online lenders are organised as non-bank entities. Lending activities by non-banks are governed not only by federal laws, but also significantly by state laws. Non-bank lenders must be mindful of the jurisdictions where their borrowers and applicants are located, as this factor significantly affects the legal and regulatory requirements applicable to the lender.
It is understandably difficult for regulators to keep pace with the rapid changes in online lending technologies. As such, the manner in which regulatory regimes are applied to online, mobile and other innovative delivery channels is evolving and often uncertain. Some states and federal authorities have amended their laws or regulations in this area, but those changes have often been incremental. The principal objective of these changes is the protection of borrowers and other customers. Although some laws apply only to consumer-purpose or residential mortgage lending, some key provisions generally apply to all types of lending, albeit sometimes with different specific parameters. For example, most types of non-bank lending are subject to maximum interest rates established under state law (usury rates), fair lending laws, data security requirements and the federal prohibition on engaging in unfair or deceptive acts or practices (UDAP).
State laws include non-bank licensing requirements that vary significantly from state to state. Even within a single state, the licensing requirements tend to vary based on the type of lending and the type of activity (eg, lending, servicing, brokering, collections). In many states, licensing of non-banks is required only for consumer or real estate-oriented lending activities. However, there are a smaller number of states (including California) that require licensing even for business-oriented, non-real estate lending.
Licensed non-bank lenders are generally subject to supervision, examination and enforcement jurisdiction of the state regulator where they conduct business, which is typically the state banking authority. The regulatory regime for such non-bank lenders differs from that applicable to banks. For example, licensed non-bank lenders are generally not subject to bank-like regulations regarding capital and liquidity, service to the community under the Community Reinvestment Act and deposit insurance assessments.
Many online lenders in the USA that are organised as non-bank entities have partnered with an unaffiliated bank. This bank partnership model seeks to take advantage of certain regulatory advantages (eg, federal pre-emption of state-by-state licensing and usury limits) and operational features (eg, access to traditional card and payment systems) available to banks. The specifics of each bank partnership vary and must navigate risks related to a complicated and fact-sensitive interplay of federal and state laws (eg, 'true lender' risk).
In recent years, online lenders and other industry participants have begun to employ a growing variety of underwriting models. Lenders are implementing advanced algorithms and artificial intelligence (AI) in their underwriting processes to evaluate the credit of consumers, small businesses and other borrowers. These processes rely on a variety of data, such as FICO credit scores, bank transaction data, model-based income, social media, rent history, employment history, phone-number stability, browsing history and behavioural data. Federal and state laws have been slow to keep pace with technological developments used in the underwriting credit models.
Lenders (particularly when lending to consumers) should be mindful that the application of many federal and state laws to new and innovative types of underwriting inputs is evolving and uncertain. For example, the use of non-traditional data sources or automated processes could result in an unforeseen or unintentional 'disparate impact' on a protected class of borrowers or applicants and create a potential risk under fair lending laws or a risk of UDAP.
Lenders rely on a variety of funding sources for loans, including deposits, peer-to-peer, lender-raised capital and securitisations.
Non-bank entities are not permitted to accept deposits. Therefore, banks are unique in their ability to accept deposits as a source of funding. Because they are generally insured by the Federal Deposit Insurance Corporation, deposits are generally viewed as a stable and low-cost source of funding. Banks are subject to extensive supervision, regulation and enforcement from the applicable federal and state banking regulators. Nonetheless, non-bank lenders have been exploring bank charters, such as the Office of the Comptroller of Currency’s so-called FinTech charter and industrial bank charters, which may provide benefits to their specific business models that outweigh the costs associated with being a regulated bank.
As compared to banks, non-bank lenders generally have more limited balance sheet capacity and may rely more on funding from sources like equity raises, long-term debt, secured borrowing, securitisations and peer-to-peer funding. Marketplace lenders have historically employed a peer-to-peer funding model, where specific loans are funded mostly by individual investors. Securitisation is also a significant source of funding for non-bank lenders. Securitisation requires an assessment of applicable federal and state securities law, and generally requires extensive disclosure to prospective and existing investors.
Marketplace lenders generally serve as an intermediary for individuals, institutional investors and others to providing funds for a loan. The processes vary and continually evolve but generally are facilitated by an online platform that connects the potential borrower with investors. These platforms allow the loan funding process – from customer acquisition to underwriting and origination, and through servicing – to be entirely digitised. Borrowers may have reduced borrowing costs, more seamless customer experiences and shorter lead times to closing as a result of electronic delivery channels. As noted above, lending is regulated by a number of federal and state regulators in the USA and the nature of regulation varies across the bodies, and depends on the type of lender. This regulatory environment was generally developed in the context of traditional lending through physical delivery channels and has not necessarily kept pace with electronic or other innovative delivery channels.
Fund administrators typically assist with fund accounting, calculating net asset value, monitoring risk and investor onboarding, although the scope of services offered can vary significantly. Fund administrators are also typically involved with assisting their clients with regulatory compliance, such as with respect to the US Foreign Account Tax Compliance Act and US 'know your customer' and anti-money laundering compliance. Recent SEC charges against a fund administrator appear to focus on a failure to fulfil 'gatekeeper' responsibilities. These responsibilities, including the need properly to address accounting issues, reflect the SEC’s view that in such situations fund administrators may be a cause of their clients’ violations under the Investment Advisers Act of 1940, as amended. This type of action by the SEC suggests that, at least in certain circumstances, fund administrators have an affirmative duty to address unlawful or suspicious behaviour.
In the USA, blockchain-based assets, such as digital tokens and crypto-currencies, are currently characterised as 'securities' or, broadly speaking, 'something other than securities'. Blockchain-based assets that are securities (ie, security tokens) are, to the extent traded on an exchange, required to be traded on a SEC-registered national securities exchange or an alternative trading system (ATS). Conversely, blockchain-based assets such as bitcoin and other 'pure' crypto-currencies that are not currently characterised as securities are not subject to such a requirement. Therefore, trading platforms are subject to regulation based upon the type of asset that trades on such platform.
Based on recent estimations, there are hundreds of crypto-currency exchanges and trading platforms around the world (collectively referred to herein as 'trading platforms') and new ones seem to launch regularly. The explosion in number of these trading platforms has recently drawn significant attention from US regulators. Although standards vary, as a general matter, many trading platforms will not list any token that could potentially be viewed as a security, but will instead opt to list 'utility tokens' or 'pure' crypto-currencies. This allows trading platforms to avoid the regulatory requirements associated with securities.
Trading platforms that advertise themselves to be so-called peer-to-peer trading platforms may fall within the definition of an 'exchange' under the federal securities laws (which is broadly defined) and consequently such trading platforms may be subject to a variety of penalties, including monetary fines and orders to cease operations. The rules under the Securities Exchange Act of 1934, as amended (the Exchange Act), provide for a functional test to determine whether a trading platform is in fact operating as an exchange.
The SEC does not set listing standards; rather, the various trading platforms set their own standards for listing and continuing to trade securities. Trading platforms that are willing to list securities tokens will often require that the token be linked to a high-quality, differentiated and value-adding product or service; have high-quality code that is as much as possible not susceptible to hacking; and have detailed information regarding technical specifications and legal rights and restrictions.
High-frequency and algorithmic trading strategies (HFT strategies) are increasingly being utilised by proprietary trading shops and hedge funds (trading firms) as an enhancement to implementation of traditional trading strategies. At a high level, HFT strategies involve the application of software-based algorithms to trade in and out of high-volume positions of equities and other financial products at speeds faster than achievable by their human counterparts. HFT strategies vary significantly and can be used for exchange-based and OTC (or off-exchange) trades, as well as trades in currently unregulated markets such as the crypto-currency markets.
Depending on the role and activities of the particular trading firm utilising HFT strategies, different regulatory regimes may apply to such firm. Hedge funds using HFT strategies are generally treated the same as hedge funds using other strategies and therefore may be regulated as investment advisers and required to register with the SEC or one or more state securities authorities. Such hedge funds must comply with securities laws applicable to SEC or state-registered investment advisers.
Some trading firms employing HFT strategies operate as market makers or dealers, in which case such a firm would be required to register with the SEC as a broker-dealer. Certain broker-dealers rely on Rule 15b9-1 of the Exchange Act, which exempts them from the statutory requirement to become a member of the Financial Industry Regulatory Authority (FINRA). As a result of the exemption, FINRA has no jurisdiction over these broker-dealers and is therefore unable to enforce compliance with federal securities laws and rules. The SEC has recently proposed amending this exemption, as it prevents FINRA from being able to monitor use of HFT strategies and manipulative behaviour. Despite such trading firms being members of their respective exchanges, the exchanges are not able to regulate OTC activity as typically they only have access to the trade data for trades conducted on their own exchanges.
Trading firms operating as market makers often pay retail brokers in order to compete for retail order flow. Market makers that are willing to provide improved prices, made possible by utilising HFT strategies, may be better able to compete for such order flow. This leads to a potential conflict of interest for retail brokers, who are required to seek out the option that provides the best chance of execution, best speed of execution and best price, rather than selling their order flow to the highest bidder.
The term InsureTech covers a wide variety of technological innovations that aim to harness the power of technology to reinvigorate an age-old industry. Disruptors, like Oscar and Lemonade, seek to displace the traditional provider-customer relationship for a newer, app-based dynamic. Mature market players in turn have embraced innovations to fill a wide range of niches, ranging from policy pricing to fraud detection. Although the fractured regulatory environment insurance companies are subject to may stymie any one-size-fits-all solution, the inexorable march of progress nonetheless continues.
Underwriting processes often vary by product and industry participants. Innovative participants have begun relying on technologies such as big data, AI, wearables and telematics to improve underwriting and provide more accurate conclusions. That said, regulations in a particular jurisdiction may require that rates be filed with, and approved by, the appropriate insurance regulator. Such regulator may also prohibit specific factors from being considered, or may even prescribe the precise factors that must be considered, sometimes at odds with overall technical trends.
As the regulation of insurance in the USA is largely state-based, the regulations may vary significantly. For example, while some states expressly permit credit scores to be considered when rate-setting for property and casualty policies, numerous other states apply strong limitations. Some states expressly permit genetic data to be used in the life and disability space. Others expressly prohibit it. Other regulations, including those related to data privacy and anti-discrimination laws, may also impact the underwriting process. As a result, the process is often a bespoke one by necessity, taking consideration of the variances between jurisdictions.
Industry participants and regulators treat different types of insurance in significantly different ways. For example, they require different licences and different regulations governing the production of such business. This necessarily imposes impediments to any unified national solution. Instead, market participants often need to tailor their products and services to meet not one but 50 different approaches to insurance regulation.
Blockchain technology, which uses a distributed ledger system and a consensus protocol to verify transactions, has the potential to transform any industry that today relies on a single trusted third party. Nowhere is this more true than across the financial services sector. Over the last few years, numerous firms in the financial services sector have been building out proof of concept platforms that rely on blockchain technology, with some projects already active. This trend is likely to continue and expand. In most cases, financial services firms are using so-called private, permissioned blockchains when transacting amongst themselves because these ecosystems limit who can join and employing the power of public permissionless blockchains when exploring consumer-facing projects. Potential applications include global payments, clearing and settling, syndicated loans, trade finance, convertible bonds and proxy voting. A number of financial institutions have also filed, and in some cases been granted, US patents on different blockchain applications.
In the USA, regulators are coping with how existing regulations, drafted to apply to centralised ecosystems, apply to decentralised systems where the actors may not be readily identifiable. The concept of blockchain regulation is, of course, anathema to many proponents of the technology who believe that its transparency and decentralisation means that there is no need for regulation. Set forth below are some key developments in the US regulatory landscape, with the caveat that this is a quickly evolving field.
At the end of 2018 and start of 2019, there were a handful of bills introduced in the US Congress addressing blockchain technology. Two examples stand out. One seeks to codify that blockchain developers and providers of blockchain services would not be treated as money transmitters. Another, discussed in 1 FinTech Market, would exempt tokenised assets from securities law. While interesting, these bills are unlikely to become enacted.
Although federal laws are still in their relative infancy, over 20 states have enacted crypto-currency or blockchain-related legislation as part of efforts to become hubs for blockchain innovation. For example, some states have amended laws so that records or contracts secured through blockchain technology are deemed enforceable electronic records. The state of Delaware, where more than half of US companies are incorporated, is also exploring a blockchain-based business filing system that will allow corporations to employ smart contract technology to track stocks and collateral assets. It is likely that, from a legislative perspective, states – as opposed to the federal government - will continue to take the lead.
The SEC has indicated that it will release new guidance early in 2019 regarding how to determine whether crypto-currencies qualify as securities and steps for developers to work towards compliance with federal securities laws. The current regulatory framework that has been applied by the SEC is the so-called Howey Test, first articulated in SEC v WJ Howey Co, 328 US 293 (1946). Under the Howey Test, courts analyse whether the instrument or offering in question satisfies all three of the following prongs: (i) “an investment of money”, (ii) “in a common enterprise” and (iii) “with profits to come solely from the efforts of others.”
The SEC first applied the Howey Test to crypto-currency on 25 July 2018 in its so-called DAO Report, in which the SEC concluded that a particular crypto-currency called DAO Tokens were securities subject to regulation. Since then, there have been a number of SEC orders and court decisions applying Howey to analyse other ICOs; see Munchee Inc, Securities Act Release No 10445 (11 December 2017); Paragon Coin, Inc, Securities Act Release No 10574 (16 November 2018); CarrierEQ, Inc, D/B/A AirFox, Securities Act Release No 10575; SEC v Blockvest, LLC et al, No 18-CV-2287-GPC (11 October 2018). In some of these cases, crypto-currency developers have been required by the SEC to register under the Exchange Act, pay fines and offer rescission to investors. Most recently, on 20 February 2019, the SEC required Gladius Network LLC (Gladius) to compensate investors and register tokens it offered in an unregistered ICO in 2017 but did not impose a fine on Gladius; see Gladius Network LLC, Securities Act Release No 10608 (20 February 2019). The SEC's lenience with regard to the lack of a penalty was due in part to the fact that Gladius self-reported the ICO, which raised approximately USD12.7 million, to the SEC in 2018, took prompt remedial steps and co-operated with the SEC's investigation (id).
The SEC has also focused on trading platforms, seeking to have them register as exchanges and imposing fines; see, eg, Zachary Coburn, Securities Act Release No 84553 (8 November 2018). Beyond enforcement, the SEC has also encouraged developers to engage in voluntary discussions with staff regarding their projects and compliance issues. To that end, the SEC recently established FinHub, which is specifically designed to provide guidance to developers in this space.
Commodities Futures Trading Commission (CFTC)
The CFTC has taken the position that crypto-currencies are commodities. This position has been supported by multiple federal court decisions. For example, in CFTC v McDonnell, 287 F Supp. 3d 213 (EDNY 2018), a federal district court in New York held that the CFTC can regulate crypto-currencies as a commodity because they are “‘goods’ exchanged in a market for a uniform quality and value” and they also “fall well within the common definition of ‘commodity’ as well as the [Commodity Exchange Act’s] definition of ‘commodities.’” Similarly, in CFTC v My Big Coin Pay, 334 F Supp 3d 492 (D Mass. 2018), a federal district court in Massachusetts held that crypto-currencies are subject to CFTC regulation as a commodity class because futures trading exists on bitcoin, a subset of that class.
If a blockchain asset such as a crypto-currency is a commodity, the CFTC has enforcement authority to police fraud and manipulation in spot markets for the asset. If there are derivatives contracts on blockchain assets (ie, futures, swaps and options), the CFTC will have full regulatory authority over those contracts. For example, futures contracts on bitcoin currently offered on some exchanges are subject to the full regime of futures regulation under the Commodity Exchange Act.
Thus far, the CFTC has focused its enforcement authority on protecting retail customers engaged in unregulated spot transactions in crypto-currencies. However, the CFTC will face more complex questions with respect to the scope of its authority over blockchain as innovators begin exploring the use of smart contracts to facilitate decentralised trading in derivatives.
Investment Advisers Act of 1940
To the extent blockchain assets held by a fund are considered securities, the Investment Advisers Act of 1940, as amended, applies and, to the extent such assets are considered commodities, the Commodity Exchange Act applies. The investment advisers of such funds that invest in blockchain assets that are considered securities are typically registered with the SEC or one or more state securities authorities and must comply with the securities laws applicable to SEC or state-registered investment advisers. In this firm's experience, such funds are exclusively structured as 'Section 3(c)(1)' or 'Section 3(c)(7)' private funds. A trading platform on which blockchain assets that are securities are traded is required to be a SEC-registered national securities exchange or an ATS.
Blockchain technology has the potential to revolutionise how personal information is stored and processed. However, many of its fundamental concepts clash with the requirements of the EU's General Data Protection Regulation (GDPR). For example, a data subject’s right in certain cases to have their data deleted clashes with the 'immutability' of a blockchain where once data is stored, it cannot be erased or modified. US companies subject to the GDPR must be mindful of this evolving space. In addition, a new California privacy law, the California Consumer Privacy Act (CCPA), that goes into effect in 2020 presents many of the same issues as the GDPR. Additional guidance will be forthcoming as to how the CCPA will be applied, but as with the GDPR, US companies building out blockchain applications in the FinTech space must take privacy laws into account.
Open banking, an emerging space within FinTech, can be thought of as a system whereby financial institutions’ data can be shared with third parties, such as data aggregators and app providers, through application programming interfaces. Open banking may be a gateway to providing more services to customers and is generally considered a more secure method for sharing financial account and transaction data than so-called screen scraping, but it also introduces its own concerns.
Relative to Europe and certain Asian countries, the USA lags behind in its development of laws and regulations around open banking. Some have viewed the Balkanised nature of financial regulation in the USA as an impediment to the development of a comprehensive regulatory scheme. Some argue that the lack of an industry standard or regulatory framework in the USA for open banking is an obstacle to the development of its full potential. As with many emerging areas, there is a debate as to whether the private sector or the public sector should lead the pathway forward. While the US Treasury and others have advocated for a private sector-led solution to open banking, others have raised concern that a solution determined by financial services companies – rather than consumers – may adversely impact the types of services that FinTech data aggregators and consumer application providers may be able to develop. When entering into open banking relationships with financial institutions, data aggregators, app developers and others, it will be important to consider a multitude of data-related issues, including consumer protections, protections for data privacy and security, data ownership, allocation of liability in the event of breach and responsibilities for responding to any breach.