The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take.
Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to consumer and investor protections.
Much like after the 2008 financial crisis, financial services companies should expect a high degree of scrutiny from regulators regarding their treatment of customers throughout 2020 and 2021. This scrutiny will be compounded by the attentions of customers themselves, both consumers and commercial businesses, who now have a heightened awareness of consumer protections, including fair access to financial products and services along with fair treatment.
Regulatory attention by the CFPB, SEC and other regulators, coupled with shifts in public policies resulting from an Administration change or agency leadership changes will likely increase regulatory supervision and enforcement overall. In addition, consumer protections may drive public policy and regulatory focus toward:
- select consumer protections areas such as access to services, retail fees, fair lending, student loans, overdraft and UDAAP
- Best Interest (BI) and Know Your Customer (KYC) application to wealth management, inclusive of ESG and sustainable investments
- housing finance reforms that address access and affordability
- possible new financial services policies, such as postal service banking, banking access for cannabis businesses, the central banking approach to payments, and creation of a public credit reporting agency.
Anti-Bias and Fairness. Financial institutions will need to demonstrate the upfront business justification and ongoing monitoring of consumer-impacting COVID-19-related activities (e.g., closing accounts, reducing credit lines, accommodations). The regulators will be focused on governance, controls, and testing for bias in models and AI, inclusive of on-premises builds and use, as well as appropriate third-party oversight. Potential enhancements to the ECOA are under consideration, including:
- CFPB proposals to require data reporting on applications for credit by women-owned, minority-owned, and small businesses
- efforts by State insurance regulators to prohibit certain factors, such as education, occupation, and credit scores, in underwriting algorithms
- Congressional efforts to expand prohibitions to a larger group of financial services companies and financial services products.
Investor protections. The SEC moved forward with the June 2020 compliance date for its Regulation Best Interest and Form CRS. Supervisory examinations, initially focused on assessing firms’ good faith efforts to comply (policies, procedures, training), are expected to become more robust throughout 2021. FINRA has aligned its Reg BI compliance and examination expectations with SEC. DOL reinstated its five-part test for determining investment advice fiduciaries to ERISA plans and coincidentally proposed a new class exemption intended to align with Reg BI.
With the focus on ESG, SEC is expected to move toward standardized definitions/disclosures. Investment advisers and broker-dealers continue to work through the interplay between regulatory requirements for KYC, Suitability, and Reg BI (refer to the Climate and ESG section within this document). Adding some complication, a DOL rule requires ERISA plan advisers to execute their fiduciary responsibilities based on financial factors rather than non-financial goals such as sustainability and ESG goals.
Know-your-customer. States are likely to focus on escheatment and associated practices; FINRA and other regulators are likely to take a renewed focus on deceased practices as part of investor protections.
Divergent regulations. A variety of laws and regulations put forth by federal and state authorities will influence the expectations of consumers and increase the challenges faced by financial services institutions:
- Community Reinvestment Act: The debate on revisions to the CRA regulations continues even as the federal banking agencies agree they would prefer a common set of requirements. OCC is the only agency yet to finalize a rule and differences in approach exist between OCC and FRB.
- Data privacy: California voted in a new law, the California Privacy Rights Act (CPRA), that will expand, beginning 2023, the consumer protections under the CCPA to more closely resemble the EU’s GDPR. It will also establish a new regulatory agency dedicated to privacy protection. California’s rules remain the most stringent data privacy rules in the U.S.; CFPB is expected to release an NPR on consumer data access, including consumer control and privacy, and data security and accuracy during 2021.
- Anti-trust: Regulatory (DOJ, FTC) and legislative focus on anti-trust compliance in the technology sector and digital markets is gaining momentum, especially with regard to the potential to derive market power through the data made available from large online platforms and user networks, and efforts to control innovation/competition through acquisitions of nascent companies or future competitors.
- State “mini-CFPBs”: Like multiple other states, California established a regulatory body closely modeled after the CFPB; it has authority over all providers of financial products and services to California consumers, including nonbanks and FinTechs (though with notable exemptions.)
6 actions to take
- Assess the Reg BI Compliance program including a review of customer complaints and surveillance tools to ensure financial services representatives are acting in the best interest of consumers and focus on fair consumer outcomes; execute change management as needed.
- Implement and evaluate technology-enabled surveillance, monitoring, and testing controls to provide real-time feedback and timely notification to business management and risk officers.
- Perform Design and Operational effectiveness reviews to assess whether operational controls are functioning effectively, particularly for high-risk and emerging regulatory requirements, such as fair lending and CRA requirements.
- Review existing policies, standards, procedures, and management reporting protocols and update as needed to ensure they comprehensibly cover all impacted business areas, are sufficiently detailed for first line employees to understand, and are appropriately revised to capture new and emerging regulatory requirements.
- Execute a gap assessment to evaluate whether all applicable new and revised COVID-19-related regulatory obligations were effectively identified and implemented across all impacted areas of an organization; focus on training, monitoring, testing, and reporting.
- Evaluate compliance with new and emerging data protection and consumer privacy rules, such as GDPR, CCPA, and HIPAA to evaluate readiness to meet requests from regulators and customers.