The Consumer Financial Protection Bureau is revising its no-action letter policy to entice more financial services companies to test out new products and services without fear of enforcement action.
The agency is giving stronger reassurances that it won’t take enforcement action under broad-reaching consumer finance laws against firms that win approval under the no-action policy, according to a proposal obtained Dec. 7 by Bloomberg Law.
Obtaining no-action letters can help startups attract investors or partners. More established players in the financial services industry can use them to experiment with technologies like machine learning and artificial intelligence with less fear of triggering penalties.
Among the proposed changes, senior CFPB officials with the Office of Innovation, rather than lower-level agency staff, would give approval for no-action letters.
The agency also would do away with the three-year time limit for companies to be protected from potential enforcement actions when testing out products. That change would effectively grant companies an unlimited enforcement reprieve for products or services permitted through the no-action letter process.
The policy revision would also do away with data-sharing obligations under the existing program. Industry groups have previously said the data-sharing provisions create “burdensome” volumes of information requirements.
Companies may be able to get greater protection from violations of unfair, deceptive and abusive practices (UDAAP) through the program, according to the proposal. Such protection was expected to be rare under the existing policy.
Knocking Down Barriers
The proposed changes would remove or minimize some of the roadblocks to granting no-action letters, Eric Goldberg, a partner with Akerman LLP’s consumer financial services practice in Washington, told Bloomberg Law by e-mail.
Just one company, Upstart Network, has received a no-action letter under the existing policy. That letter was approved by the assistant director of Supervision and Enforcement, whose mandate is focused on compliance with CFPB rules, said Goldberg, former managing counsel for regulations at the agency.
Shifting those decisions to the Office of Innovation “changes the perspective from which applications will be reviewed and approved” Goldberg said. The end result will be more no-action letters, he added.
The agency’s openness to granting more relief from UDAAP is likely to raise eyebrows, but is “a critical factor” to the no-action letter policy, Jo Ann Barefoot, CEO of Barefoot Innovation Group, LLC, a fintech consulting firm, told Bloomberg Law by e-mail. “Since UDAAP is highly subjective and discretionary, it’s one of the main sources of uncertainty that prevents innovation,” she said.
The new policy also would speed up the time it takes CFPB staff to make decisions on no-action applications to 60 days or less.
Under existing policy, the CFPB allowed itself room to reverse its no-action relief at any time, which critics of the policy said kept all but one firm from applying for and obtaining a no-action letter.
The goal of the revised policy proposal is to give companies greater certainty about the level of enforcement and supervisory relief they can receive from an agency once cast as one of the most aggressive enforcers of consumer finance laws.
The no-action proposal is part of a broader effort by the CFPB’s Office of Innovation to improve dialogue between industry and regulators and to encourage the adoption of new technologies in the consumer finance space.
“This policy is designed to advance the Bureau’s statutory objective to facilitate innovation for the purpose of enhancing competition in financial markets and consumer access to those markets,” an agency spokesman told Bloomberg Law by email.
The bureau is also moving forward with a proposal for a federal regulatory sandbox.
The program shares many similarities with the proposed no-action letter policy, including the 60-day decision shot-clock. However, it would require information sharing with the bureau.
The CFPB’s sandbox proposal would be open to a broader pool of businesses than typical regulatory sandboxes, which are more often geared toward startups. Sandboxes generally allow companies to bring a new product or service to market with fewer regulatory barriers, in exchange for staying in close contact with regulators about its progress and limiting testing to a smaller market.
The agency plans 60 days of public comment on the plan after it is published in the Federal Register.