Consumer and investor protections challenges in financial services

Anti-Bias and Fairness. Financial institutions will need to demonstrate the upfront business justification and ongoing monitoring of consumer-impacting COVID-19-related activities (e.g., closing accounts, reducing credit lines, accommodations). The regulators will be focused on governance, controls, and testing for bias in models and AI, inclusive of on-premises builds and use, as well as appropriate third-party oversight. Potential enhancements to the ECOA are under consideration, including:

• CFPB proposals to require data reporting on applications for credit by women-owned, minority-owned, and small businesses
• efforts by State insurance regulators to prohibit certain factors, such as education, occupation, and credit scores, in underwriting algorithms
• Congressional efforts to expand prohibitions to a larger group of financial services companies and financial services products.

Investor protections. The SEC moved forward with the June 2020 compliance date for its Regulation Best Interest and Form CRS. Supervisory examinations, initially focused on assessing firms’ good faith efforts to comply (policies, procedures, training), are expected to become more robust throughout 2021. FINRA has aligned its Reg BI compliance and examination expectations with SEC. DOL reinstated its five-part test for determining investment advice fiduciaries to ERISA plans and coincidentally proposed a new class exemption intended to align with Reg BI. 

With the focus on ESG, SEC is expected to move toward standardized definitions/disclosures. Investment advisers and broker-dealers continue to work through the interplay between regulatory requirements for KYC, Suitability, and Reg BI (refer to the Climate and ESG section within this document). Adding some complication, a DOL rule requires ERISA plan advisers to execute their fiduciary responsibilities based on financial factors rather than non-financial goals such as sustainability and ESG goals.

Know-your-customer. States are likely to focus on escheatment and associated practices; FINRA and other regulators are likely to take a renewed focus on deceased practices as part of investor protections. 

Divergent regulations. A variety of laws and regulations put forth by federal and state authorities will influence the expectations of consumers and increase the challenges faced by financial services institutions:

• Community Reinvestment Act: The debate on revisions to the CRA regulations continues even as the federal banking agencies agree they would prefer a common set of requirements. OCC is the only agency yet to finalize a rule and differences in approach exist between OCC and FRB.
• Data privacy: California voted in a new law, the California Privacy Rights Act (CPRA), that will expand, beginning 2023, the consumer protections under the CCPA to more closely resemble the EU’s GDPR. It will also establish a new regulatory agency dedicated to privacy protection. California’s rules remain the most stringent data privacy rules in the U.S.; CFPB is expected to release an NPR on consumer data access, including consumer control and privacy, and data security and accuracy during 2021.
• Anti-trust: Regulatory (DOJ, FTC) and legislative focus on anti-trust compliance in the technology sector and digital markets is gaining momentum, especially with regard to the potential to derive market power through the data made available from large online platforms and user networks, and efforts to control innovation/competition through acquisitions of nascent companies or future competitors.
• State “mini-CFPBs”: Like multiple other states, California established a regulatory body closely modeled after the CFPB; it has authority over all providers of financial products and services to California consumers, including nonbanks and FinTechs (though with notable exemptions.)