Focus on Non-Bank Financial Firms, P2P Platforms, and Crypto Exchanges

Banks and non-banks should anticipate heightened regulatory attention

December 2022

KPMG Insight. Regulators are increasingly focused on the risks associated with non-bank, fintech, and exchange providers – both as independent entities and as interconnected parties to the broader banking and capital markets.  Spurred on by technological advancements, financial innovation, and regulatory arbitrage, the nonbank sector has experienced significant growth, both in terms of the number of participants and the volume of activities they provide, raising concerns regarding consumer/investor protections and financial stability. Regulators are actively using their existing authorities to address these concerns by “modernizing” current regulations, expanding reporting and disclosure requirements, and in certain cases seeking new authorities through Congressional action. Regulatory attention on the role of non-banks will not abate; banks’ relationships with non-banks entities (through third-party and affiliate relationships) and non-banks directly should anticipate heightened attention from regulators and the public, as well as increasing levels of oversight and enforcement. 


Recent legislative and regulatory developments in these key areas highlight the increasing focus on non-bank financial services firms:   

  • Oversight, Regulation, and Enforcement
  • Peer-to-Peer (P2P) Platforms
  • Crypto Assets and Exchanges  

Oversight, Regulation, and Enforcement

Regulators have demonstrated a growing interest in expanding oversight and pursuing enforcement of non-bank financial firms (including hedge funds, asset managers, insurance companies, mortgage companies, and cryptocurrency exchanges). This expansion of the regulatory perimeter is prompted in large part by the significant growth in the non-bank sector and the volume of traditional banking activities they offer as non-federally-regulated entities, raising both financial stability and consumer/investor protection concerns.

Examples of regulatory efforts to increase oversight of non-banks include:

  • Reports that the Financial Stability Oversight Council (FSOC) is considering easing or repealing previous guidance that imposed stringent requirements for designating certain non-banks as systemically important financial institutions (SIFIs) – a designation that would impose more extensive oversight by regulators.
  • A proposed rulemaking from the Consumer Financial Protection Bureau’s (CFPB or Bureau)that would require certain non-banks to report to the Bureau any final public written orders or judgements associated with violations of consumer protection laws, as well as annual attestations regarding compliance with each underlying order. Earlier this year, the CFPB announced that it would use its authority to “hold nonbanks to the same standards that banks are held to” by examining non-banks that the CFPB has reasonable cause to determine pose risks to consumers.
  • New oversight requirements proposed by the Securities and Exchange Commission (SEC) for investment advisers that retain a third-party service provider to perform certain functions and services. The SEC has also proposed amendments to the reporting requirements for investment advisers to private funds (Form PF) that would “enhance the FSOC’s ability to monitor systemic risk.”

Separately, it is notable that industry participants have petitioned the CFPB to adopt a larger participant rule for fintech (non-bank) consumer lenders. 

Examples of increased regulatory enforcement and other activities focused on non-banks are highlighted in the following tables.

 

Recent Enforcement Themes

SEC

FTC

CFPB

The SEC has been reviewing which crypto assets are determined to be securities under the Howey test along with the platforms that offer these products and related services, and pursuing enforcements for non-compliance or misconduct under federal securities laws. Example allegations include:

  • Misleading offerings
  • Fraud and scams
  • Unlawful promotion of crypto assets
  • Market manipulation of crypto assets
  • Investor harms from unregistered crypto asset offerings

The FTC has taken up numerous enforcement actions against non-bank firms in pursuit of various priorities. Examples include:

  • Enforcing antitrust laws by blocking M&A transactions that could harm consumers and competition, or lead to market consolidation or concentration
  • Enforcements around the proper use and handling of data, including cases addressing the sale of sensitive data and lax data security
  • Pursuing violations around unfair and deceptive acts and practices, including advertising and fake product or service reviews, among others

CFPB has also pursued non-banks’ violations and non-compliance around consumer protections. Examples include:

  • Fraud and claims processes
  • UDAAP
  • Consumer data privacy and security.

 

 

Example Actions, Reports, and Statements

Treasury

CFTC

CFPB

The Treasury published a report examining the impacts, opportunities, and risks of new, non-bank firms on competition in the consumer finance market, and recommends:

  • Regulators ensure that credit underwriting practices of all lenders are designed to increase credit visibility, reduce bias, and prudently expand credit to consumers.
  • Federal banking regulators implement a clear and consistently applied supervisory framework for an insured depository institution’s role in bank-fintech relationships to address competition, consumer protection, and safety and soundness concerns.
  • Government agencies increase consistency in supervisory practices related to small-dollar lending programs.
  • Federal banking regulators and CFPB take steps to help promote a more unified approach to oversight of consumer-authorized, secure data sharing.

CFTC Commissioner Goldsmith Romero gave a speech addressing multiple areas of emerging global threats posed by fintech firms that are priorities for regulators, in areas such as:

  • Cybersecurity, including considerations around third-party service providers, zero-day vulnerabilities, ransomware attacks, and promoting cyber resilience
  • Opportunities and risks associated with distributed ledger (blockchain) technology
  • Cryptocurrencies, including recommendations on redefining household, retail consumers (apart from professional and high-net worth individuals), and increasing supervision of cryptocurrency exchanges

The CFPB issued orders to:

  • Five companies offering “buy now, pay later” (BNPL) credit to collect information on the risks and benefits of the products, as well as concerns around accumulating debt, regulatory arbitrage, and data harvesting in a consumer credit market
  • Technology companies operating payment platforms and services to collect information on business practices related to data harvesting, use, and monetization, business practices’ alignment with consumer expectations, consumer expectations of protection from fraud and payment errors, protection of data and privacy, responsive customer service, and equal treatment

The CFPB published a Complaint Bulletin outlining an analysis of consumer complaints related to crypto-assets and platforms. The findings highlight:

  • Fraud, theft, hacks, and scams on crypto-asset platforms and wallets remain one of the top consumer issues, representing about 40 percent of analyzed complaints.
  • Transaction and service problems on the platforms are also common issues for consumers, representing 25 percent and 12 percent of analyzed complaints, respectively.
  • Loss complaints submitted by certain vulnerable populations have sharply increased, including a 74 percent increase by older consumers (age 60 or older) and a 42 percent increase by servicemembers.

 

Peer-to-Peer Platforms

Recently, a significant amount of attention from both legislators and regulators has focused on payments platforms, consumer protections, and associated risks, such as frauds and scams. In particular:

  • Congressional hearings have focused on P2P payments networks, including a payments network owned by several very large banks.
    • A report issued by Senator Elizabeth Warren’s office focused on the bank-owned network found that fraud, theft, and scams are “rampant” and increasing, and that banks, in most cases, do not repay customers that were fraudulently induced into authorizing/making payments.
    • The seven banks that own the P2P platform reportedly are considering an internal rule change that would shift some liability to member banks in certain instances of fraud on the P2P platform and could require a member bank to reimburse consumers.
  • Industry news indicates the CFPB is considering issuing guidance and/or a rulemaking to direct banks to cover more “fraudulently induced transactions” on digital payments platforms, potentially by clarifying and “modernizing” Regulation E (which implements the Electronic Funds Transfer Act, or EFTA) to include such types of fraud within the error resolution purview. Updates to the CFPB’s EFTA/Regulation E FAQs issued in December 2021 addressed P2P payments and payment providers, including with regard to error resolution.

Crypto Assets and Exchanges

While crypto assets and platforms were already a topic of legislative and regulatory focus and discussion, recent volatility in the market, including the collapse of a cryptocurrency exchange and associated market instabilities, have added to the number and urgency of calls to address the risks and regulatory gaps around them. Among these are:

  • CFTC testimony before the U.S. Senate Committee on Agriculture, Nutrition, and Forestry on the need for crypto legislation, noting that the agency currently lacks the direct authority to writes rules and regulate the cash digital commodity markets. The CFTC encourages Congress to “contemplate shared responsibility for the CFTC and the SEC, where the SEC would utilize its existing authority and reporting regime requirements for all security tokens, while the CFTC would apply its market-based rules for the more limited subset of commodity tokens, which do not have the same characteristics as security tokens.” Once authorized by statute, the CFTC stated its regulatory priorities around crypto would include transparency, accountability, stability, customer protections, and oversight.
  • The SEC’s release of a sample letter regarding companies’ disclosures regarding crypto assets. The illustrative comments “focus on the need for clear disclosure about the material impacts of crypto asset market developments,” including exposure to counterparties, liquidity risks, and risks related to investigations or regulatory impacts. 
  • The OCC’s Fall 2022 Semiannual Risk Perspective, which underscores key concerns around crypto assets, including risk management and governance practices, the stability of stablecoins, and “contagion risk.”

For more information, please contact

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100
Chad Polen

Chad Polen

Partner, Advisory, FS Risk, Regulatory & Compl, KPMG US

+1 412-208-6144