Treasury Issues Report on Nonbank Financials, Fintech, and Innovation, the Fourth Report in a Series of Financial Regulatory Reform

[31316]

August 6, 2018 TO: ICI Members
Investment Company Directors
ICI Global Members SUBJECTS: Investment Advisers
Operations
State Issues
Systemic Risk
Technology & Business Continuity RE: Treasury Issues Report on Nonbank Financials, Fintech, and Innovation, the Fourth Report in a Series of Financial Regulatory Reform

 

The Treasury Department recently issued a report titled, A Financial System That Creates Economic Opportunities:  Nonbank Financials, Fintech, and Innovation (Report).[1]  This is the last of four reports in response to Executive Order 13772, which identifies several “Core Principles” intended to guide financial regulation by the Trump Administration.[2]  ICI provided input to Treasury on certain issues relevant to the asset management industry during the engagement process for the Report.[3] 

The Report explores the characteristics of, and regulatory landscape for more traditional nonbank financial firms as well as newer business models employed by technology-based firms. It also addresses the ability of banks to innovate internally, as well as partner with such technology-based firms. In addition, it explores the implications of digitization and its impact on access to clients and their data, focusing on several thematic areas, including: (i) the collection, storage, and use of financial data; (ii) cloud services and “big data” analytics; (iii) artificial intelligence and machine learning; and (iv) digital legal identity and data security.

The Report includes a limited treatment of blockchain and distributed ledger technologies. It notes that these technologies, as well as digital assets, are being explored separately in an interagency effort led by a working group of the Financial Stability Oversight Council. The Report indicates that the working group is a convening mechanism to promote coordination among regulators as these technologies evolve.[4]

The aspects of the Report that are of most relevance to asset management are summarized below.

I. Embracing Digitization, Data, and Technology

1. Data Aggregation

The Report notes that as a result of digitization, vast amounts of data now exist in forms that allow consumers to view banking and other financial account information, often held at different financial institutions, on a single platform. Digitization also allows consumers to monitor performance of their investments in real-time, compare financial and investment products, and make payments or execute transactions. It also notes that consumers’ ability to realize the benefits of data aggregation is limited, in part due to the lack of agreement between data aggregators and financial services companies over access to consumer financial account and transaction data.

The Report recommends that regulators such as the SEC, FINRA, DOL, and state insurance regulators recognize the benefits of consumer access to financial account and transaction data in electronic form and consider what measures, if any, may be needed to facilitate such access for entities under their jurisdiction.[5]

2. Data Security and Breach Notification

The Report notes that the data security provisions of the Gramm-Leach-Bliley Act are enforced by the federal banking agencies for depository institutions, the SEC and the CFTC for entities under their jurisdiction, and the FTC for all other financial institutions. It also notes that vast amounts of consumer payment credentials and financial data are routinely stored on a nonfinancial company’s internal or third-party systems and, yet, nonfinancial companies are not subject to comprehensive federal data security standards or to routine examination for compliance with data security standards.

Treasury therefore recommends that Congress enact a federal data security and breach notification law to protect consumer financial data and notify consumers of a breach in a timely manner. The Report notes that such a law should be based on principles that protect consumer financial data; ensure technology-neutral and scalable standards based on the size of an entity and type of activity in which the entity engages; recognize existing federal data security requirements for financial institutions; and employ uniform national standards that preempt state laws.[6]

3. Cloud Technologies and Financial Services

The Report states that cloud computing is a key technology with the potential to allow financial institutions to significantly enhance their ability to innovate, better serve businesses and consumers, and compete both domestically and abroad. Treasury recommends that federal financial regulators modernize their requirements and guidance to better provide for appropriate adoption of new technologies such as cloud computing, with the aim of reducing unnecessary barriers to the prudent and informed migration of activities to the cloud. Treasury also specifically recommends, among other things, that the SEC address outdated recordkeeping rules like SEC Rule 17a-4.[7]

The Report further recommends that a cloud and financial services working group be established among financial regulators so that cloud policies can benefit from deep and sustained understanding by regulatory authorities. Financial regulators should support potential policies by engaging key industry stakeholders, including providers, users, and others impacted by cloud services.[8]

II. Updating Activity-Specific Regulations

1. Wealth Management and Digital Financial Planning

The Report notes that digital financial planning tools can expand access to advice for Americans to accumulate sufficient wealth, particularly as individuals have become more responsible for their own retirement planning. Under the current regulatory structure, financial planners may be regulated at both the federal and state levels. Although many financial planners are regulated by the SEC or state securities regulators, they may also be subject to regulation by the Department of Labor, the Bureau of Consumer Financial Protection, federal or state banking regulators, state insurance commissioners, state boards of accountancy, and state bars. This patchwork of regulatory authority increases costs and potentially presents unnecessary barriers to the development of digital financial planning services. Treasury recommends that an appropriate existing regulator of a financial planner, whether federal or state, be tasked with primary oversight of that financial planner. The Report notes that to the extent the financial planner is providing investment advice, the relevant regulator likely will be the SEC or a state securities regulator.[9]

III. Enabling the Policy Environment

1. Agile and Effective Regulation for a 21st Century Economy

The Report notes that the US historically has led the world in innovation in financial services but that it cannot take its leading position in innovation for granted.  The Report explains that many stakeholders in the engagement process expressed frustration with the sheer number of agencies at the federal and state levels that need to be consulted when bringing a new product or service to market.  Treasury therefore recommends that federal and state financial regulators establish a unified solution that coordinates and expedites regulatory relief under applicable laws and regulations to permit meaningful experimentation for innovative products, services, and processes. Such efforts would form, in essence, a “regulatory sandbox” that can enhance and promote innovation.[10]

The Report states that the ability of regulators to engage with the private sector to test and understand new technologies and innovations as they arise is equally important. Treasury therefore recommends that Congress pass legislation authorizing financial regulators to use other transaction authority for research and development and proof of concept technology projects. Treasury also encourages financial regulators to pursue robust engagement efforts with industry and establish clear points of contact for outreach.

Treasury recommends that financial regulators thoroughly consider cybersecurity and other operational risks as new technologies are implemented, firms become increasingly interconnected, and consumer data are shared among a growing number of firms, including third parties.  The Report also describes Treasury’s commitment to leading a multiyear program with the financial services industry to identify, properly protect, and remediate vulnerabilities.[11]

2. International Approaches and Considerations

The Report notes that the US engages with international counterparts on a bilateral and multilateral basis to advance U.S. interests abroad. Given the cross-border implications of financial technology, international bodies have established various groups focused on financial innovation.[12]

Treasury makes a number of statements regarding US engagement with international counterparts, including recommending that the US should continue to leverage international bodies to support the US domestic agenda, with domestic financial and regulatory priorities guiding the positions the US takes in international forums; and that Treasury and US financial regulators should engage with the private sector with respect to ongoing work programs at international bodies to ensure regulatory approaches are appropriately calibrated.[13]

 

Marty Burns
Chief Industry Operations Officer

Dorothy M. Donohue
Deputy General Counsel - Securities Regulation

 

Attachment

endnotes

[1] The Report is available at https://home.treasury.gov/sites/default/files/2018-08/A-Financial-System-that-Creates-Economic-Opportunities---Nonbank-Financials-Fintech-and-Innovation.pdf

[2] The executive order is available at https://www.whitehouse.gov/presidential-actions/presidential-executive-order-core-principles-regulating-united-states-financial-system/.

[3] See Letter to the Honorable Steven T. Mnuchin, Secretary, US Department of Treasury, from Paul Schott Stevens, President and CEO, ICI, dated March 23, 2018 (copy attached).

[4] Report at page 6.

[5] Report at pages 22-39.

[6] Report at pages 39-44.

[7] Rule 17a-4 under the Securities Exchange Act of 1934 requires any electronic media used by broker-dealers to be stored under the “Write Once, Read Many” or “WORM” format.

[8] Report at pages 44-52.

[9] Report at pages 159-164.

[10] Treasury also notes difficulties with establishing a formal sandbox overseen by a single regulator but recommends that if financial regulators are unable to work together for a unified solution, Congress consider legislation to provide for a single process.

[11] Report at pages 167-177.

[12] The Report also notes that Europe recently introduced its General Data Protection Regulation (GDPR) to address concerns with respect to protecting personal data, including the right to have personal data deleted. The Report states that the GDPR, however, has raised a number of questions about implementation for companies and that the uncertainties raised may create unnecessary barriers to trade.

[13] Report at pages 177-185.