- Three tracks. There are three viable options for implementing a payment service: partnering with an existing financial institution, becoming a money transmitter, or obtaining a fintech charter.
- Partnering. Partnering with an existing financial institution is the quickest option. However, it comes with extensive compliance obligations and provides you with less control as the partner provides the payment service.
- Money transmitter. As a money transmitter, you are in control of the entire service and data. However, obtaining the licenses in each jurisdiction and complying with the relevant regulations can be challenging and expensive.
- Fintech charter. Obtaining a fintech charter can take a year or more and is a relatively new option. A benefit of this option is that companies completely control funds and data and can operate on a national scale without the need for multiple licenses.
As general counsel for a social networking company, you have a lot on your plate. And now, your CEO is asking you to find a way to allow your users to send money to other users, in an effort to stay competitive with platforms that have already implemented this feature. The CEO wants the project ready for launch next year. A little worried about the proposed timeline but undeterred, you begin to research whether you can do this and, if so, what would you need to do to make it happen?
You realize you have three reasonable options to implement this payment service: partnering with an existing financial institution (such as a bank or state-licensed money transmitter) that would provide the service to your users, or obtaining the regulatory authority to offer the service yourself, either by becoming licensed as a money transmitter or obtaining a special-purpose national bank charter (also known as a fintech charter). The last option — obtaining a fintech charter — is the newest option, with perhaps the greatest potential to transform the abilities of your company. Yet this option comes with the greatest uncertainty.
Partnering with an existing financial institution
If time is of the essence, partnering with an existing financial institution is often the most attractive option, as it can be set in motion reasonably quickly. However, it has its drawbacks. As the partner would be the one providing the payment service to your users, the partner’s regulators will expect it to (1) maintain the legal relationship with each user with respect to the service, (2) control the structure of the service and determine all terms and conditions, policies, and procedures (though you would generally be permitted to provide input), and (3) handle all associated funds. Hence, this option will generally provide you with much less control over the service.
Given the highly regulated nature of financial services, provision of the payment service will trigger a wide range of compliance obligations in various areas, including privacy, cybersecurity, anti-money laundering, consumer protection, and others. While the partner will bear the vast majority of these, it may, depending on the structure of the relationship, be necessary for you to perform certain functions to satisfy some of these obligations, such as those related to customer identification. Also, many of the applicable laws and regulations may provide very limited options for data sharing and usage beyond providing the payments service to users.
Needless to say, the continued availability of the payment service will depend upon the partner’s willingness (and ability) to continue the relationship, making it essential to choose a partner that will not only work well, but that will also avoid regulatory issues that may force it to limit or exit the relationship. In addition, the economics of the service will need to be sufficient to adequately compensate the partner after taking into account any costs and/or revenue-sharing with your company or others.
Becoming a money transmitter
If being in control of the entire service, as well as the valuable data that accompanies it, is paramount, you may consider becoming a money transmitter by registering with the Financial Crimes Enforcement Network (FinCEN) as a Money Services Business (MSB) on a federal level, as well as obtaining money transmission licenses in those states where your users are located. The downside of choosing this option is that obtaining these licenses and complying with the relevant state and federal requirements can be fairly challenging, tim-consuming, and expensive.
Money transmission on the federal level
FinCEN is the bureau of the US Department of the Treasury that administers federal regulation of money services businesses (MSBs) pursuant to the Bank Secrecy Act and its implementing regulations (BSA), which serve as the United States’ principal anti-money laundering (AML) and counter-terrorist financing (CTF) regulatory regime. A money transmitter, one of several forms of businesses within the MSB category, is defined to as one engaged in accepting currency, funds, or other value that substitutes for currency from one person and transmitting it to another person or location by any means, including wire, facsimile, electronic transfer, or payment instrument. Those falling within the definition of an MSB are, unless eligible for an applicable exemption, required to register with FinCEN as an MSB, implement and maintain an AML/CTF compliance program, and comply with certain other obligations. The AML/CTF compliance program must, among other things, include policies and procedures related to the verification of customer identity, monitoring for suspicious activity, filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN, compliance training for personnel, and performance of an independent audit of the compliance program.
Similar regulatory schemes in other countries
To be able to provide the same service to the members of your network in the United Kingdom and Australia, the following options would be available to your social networking company:
There are eight different regulated payment services in the United Kingdom, one of which is the activity of “money remittance.” Under European payments law (Payment Services Directive, or PSD, replaced by PSD 2), “money remittance” is considered to be a simple payment service that is usually based on funds provided by a payor to a payment service provider, which remits the corresponding amount, for example via a communication network, to a payee or another payment service provider on behalf of the payee.
To carry out the regulated activity of “money remittance” in the United Kingdom, an entity will need to be authorized or registered by the Financial Conduct Authority (FCA). The entity can apply for authorization as either: (1) a registered small payment institution, (2) an authorized payment institution, (3) a registered small electronic money institution, or (4) an authorized electronic money institution. All of these types of entities can carry out the regulated activity or money remittance, but registered/small firms can provide no services throughout the European Economic Area (EEA). There are caps on the monthly amount of payment activities that can be undertaken. Authorized entities have no caps and can provide services throughout the EEA but are required to maintain higher levels of regulated capital and comply with more stringent conduct of business rules.
All payment institutions and electronic money institutions, whether registered or authorized, must comply with UK money laundering regulations. Broadly speaking, the Financial Conduct Authority (FCA) is the designated supervisory authority under the UK money laundering regulations for all types of payment institutions and electronic money institutions (including banks and authorized payment institutions and electronic money institutions) other than those that have authorization to provide only money remittance services, in which case Her Majesty’s Revenue and Customs (HMRC) will be the supervisory body. Such entities will need to register with HMRC as well as be authorized or registered by the FCA. Applicants that are required to be registered with HMRC under the Money Laundering Regulations will either need to be registered before FCA can authorize them or will need to provide evidence that they have submitted the appropriation application with HMRC. Where the FCA is responsible for money laundering supervision of the applicant, no separate HMRC registration is required which is the case for all electronic money institutions and all payment institutions (unless the application only relates to the provision of money remittance services).
Most importantly, all of these application processes are paper-based processes that usually take no more than three months to complete and once an appropriate license is obtained, while there are certain filings that must be made on a quarterly basis and capital requirements that must be maintained, FCA conducts no annual examinations.
Companies that provide money remittance services in Australia are required to apply for registration with Australian Transaction Reports and Analysis Centre (AUSTRAC) Remittance Sector Register as either an independent remittance dealer, remittance network provider, or an affiliate of a remittance network provider. To apply for enrollment and/or registration with AUSTRAC, a company must complete the AUSTRAC Business Profile Form available on AUSTRAC’s website. This is a paper-based process that usually takes three months to complete. Once enrolled/registered, there are certain filings that must be made (such as Suspicious Matter Reports and Threshold Transaction Reports). AUSTRAC conducts no annual examinations.
Money transmission on the state level
State money transmission laws, which similarly regulate money transmissions but are instead principally focused on consumer protection (i.e., the protection of consumer funds in the hands of an intermediary), generally impose licensing requirements on those engaging in the business of, or holding themselves out as engaging in the business of, receiving money or monetary value from one person for the purpose of transmitting that money or monetary value or making it available at a different time or place. States will generally impose their licensing requirements on any business servicing or soliciting customers in their state, even if the business has no physical presence in the state.
At the moment, money transmission is regulated in 49 US states (currently, Montana is the only US state that does not regulate money transmission). Some US territories have their own licensing requirements as well. While the requirements vary somewhat between the states, common requirements for money transmitters include the following:
- Filing a comprehensive license application, which includes detailed information regarding the business, officers, directors, and owners;
- Paying fees (initial application fee, initial license fee, and annual license renewal fee);
- Complying with minimum capital requirements; and
- Filing a form of security (often a surety bond) whose amounts range widely, from as little as US$25,000 to over US$1 million.
Once licensed, money transmitters are required to comply with a variety of requirements, including those related to the safeguarding of consumer funds, recordkeeping, and reporting of certain information to the state regulators on an ongoing basis. In addition, most licensed money transmitters are subject to periodic examinations by either multi-state teams or individual states to ensure licensees operate in a safe and sound manner and adhere to state and federal laws and regulations. During the course of an examination, state examiners review a money transmitter’s operations, financial condition, management, anti-money laundering program, compliance function, and compliance with the Bank Secrecy Act.
Until recently, this option did not exist. Now that it does, it is the option that would likely take the longest to accomplish — perhaps a year or more — though this is unclear, as no fintech charters have been issued as of this writing.
The Office of the Comptroller of the Currency (OCC) is a bureau of the US Department of the Treasury and one of the three federal banking regulators (along with FDIC and the Federal Reserve). In March of 2017, the OCC proposed a supplement to its licensing manual that would allow financial technology (fintech) companies to apply for, and obtain, a special limited purpose bank charter (also known as a fintech charter). On July 31, 2018, the OCC announced that it was moving forward with this proposal and that it will start accepting applications for a fintech charter.
This option has several advantages. It potentially allows fintech companies to completely control the funds and data being transferred within its network (unlike when partnering with financial institutions). As distinct from the state money transmission construct, fintech allows the companies to operate on a national scale (like other national financial institutions) without having to obtain and maintain 49 state licenses within each state’s unique regulatory scheme.
A fintech charter is available to companies that engage in one of two traditional banking activities: paying checks, and/or lending money. The OCC fintech charter would appear to permit fintech companies to engage in these traditional banking activities in novel and new ways. For example, facilitating payments electronically may be considered by the OCC to be the modern equivalent of paying checks, meaning that transferring funds between members within your network may be covered. Those fintech companies planning to engage in taking deposits would be required to obtain FDIC insurance, which is not available to those holding a fintech charter, and instead requires a full-service national bank charter.
As a national bank, a company with a fintech charter would be subject to the laws, rules, regulations, and federal supervision that apply to all national banks. In addition, it would be subject to the same high standards of safety, soundness, financial inclusion, fairness, and other areas that all federally chartered banks must meet.
The OCC’s application process for a fintech charter consists of four phases:
- A pre-filing phase;
- The filing phase;
- The review phase; and
- The decision phase.
A pre-filing phase
The OCC strongly encourages all potential fintech charter applicants to engage with the OCC well in advance of filing an application for this charter to fully understand the application process and the OCC’s requirements and expectations.
If the fintech company decides to pursue this charter, the OCC will determine whether one or more meetings will be needed. At these meetings, a fintech company should be prepared to discuss:
- The proposed business plan, including a description of the proposed activities;
- The underlying marketing analysis supporting the business plan;
- The capital and liquidity needed to support the business plan;
- A contingency plan to remain viable under significant financial stress; and
- How it proposes to demonstrate a commitment to financial inclusion.
These meetings will give a fintech company valuable feedback on the proposal and on any legal, policy, or supervisory issues that may need to be resolved in connection with the final application.
Once the fintech charter application is complete and contains all information required by the OCC, it must be submitted to the OCC for review and approval. In addition, the charter application must be published in the community in which the proposed bank will be located and made available to the public for comment for a minimum of 30 days after publication. Because many fintech companies operate online and nationally, the OCC will consider and discuss with the fintech company alternative locations or methods where publication would be appropriate.
The OCC will consider several factors in its review of the application, including whether the proposed chartered fintech company:
- Has a reasonable chance of success;
- Will operate in a safe and sound manner;
- Will provide fair access to financial services;
- Will promote fair treatment of customers;
- Will ensure compliance with laws and regulations;
- Will foster healthy competition; and
- Can reasonably be expected to achieve and maintain profitability.
The OCC will thoroughly review an application, including the business model and proposed risk profile, and consider whether a fintech company has adequate capital and liquidity to support the projected volume and business and whether its management has appropriate skills and experience. Key considerations of the OCC’s review include:
- Organizers, management, and directors;
- Business plan;
- Capital and liquidity;
- Financial inclusion; and
- Contingency planning.
Organizers, management, and directors
The OCC expects chartered fintech company’s organizers, managers, and directors to be well qualified with diverse experience in relevant areas. Although the OCC would expect some members of the organizing group, the proposed board of directors, and management to have experience in banking or broader financial services, other relevant experience will depend on the specific products or services offered by the fintech company and may include experience in other highly regulated industries and technical knowledge, skills and experience that is crucial to a technology-driven enterprise.
The OCC expects a company seeking any type of national bank charter to articulate why it is seeking a national bank charter and to provide significant detail about its proposed activities. Proposals from companies without an established business record will be subject to a higher degree of scrutiny. The business plan should spell out the fintech company’s written goals and objectives. The plan should explain how the company will organize its resources to meet those goals and objectives and measure its progress, clearly define the market that it plans to serve and the products and services it will offer. It should contain realistic forecasts regarding market demand, economic conditions, competition, and financial projections, under normal and stressed conditions.
A fintech company should also provide a risk assessment with its business plan, as well as describe its risk management framework for identifying, measuring, monitoring, and controlling those risks. The risk assessment should demonstrate a realistic understanding of risks and describe company’s assessment of all risks inherent in the proposed business model and products and services, including risks related to third-party service providers, cybersecurity, Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements, Office of Foreign Assets Control (OFAC) economic sanctions obligations, consumer protection, and fair lending. The risk assessment should set out the company’s risk appetite and how it would manage the identified risks. A description of its risk management framework should describe its proposed internal system of controls for ensuring data integrity, security, and auditability, as well as overviews of the operational architecture, security framework, and resiliency structures. Independent testing of the business activities, systems, and controls, which may be performed internally or be outsourced, should also be addressed.
Capital and liquidity
For a chartered fintech company, minimum and ongoing capital levels should be commensurate with the risk and complexity of the proposed activities, as determined by the OCC. In its business plan, organizers should analyze and support the minimum capital levels the company will adhere to until it can achieve and sustain profitable operations, as well as propose minimum capital levels it will adhere to after profitability that would be appropriate for its ongoing operations. Organizers should also discuss how the company would address adverse market conditions that could deplete capital, such as broad market volatility or volatility specific to a business line. If the OCC grants preliminary conditional approval for a fintech charter, that approval will include a condition specifying a minimum capital level the company must maintain or exceed at all times.
In addition to capital, organizers should address liquidity and funds management. Liquidity is a capacity to readily meet cash and collateral obligations at a reasonable cost without adversely affecting either daily operations or the company’s financial condition. Since chartered fintech companies will be uninsured and are likely to rely on funding that is potentially more volatile in certain environments, organizers should describe how it can be funded and maintain sufficient liquidity under stressed conditions.
Consistent with the OCC’s mission to ensure fair treatment of consumers and fair access to financial services, the OCC expects any entity seeking a fintech charter to demonstrate a commitment to financial inclusion. The nature of that commitment will depend on the proposed business model, and the types of products, services, or activities the company intends to provide. The description of the proposed chartered fintech company’s commitment to financial inclusion should include the proposed goals, approaches, activities, milestones, commitment measures, and metrics for serving the anticipated market and community consistent with its activities, business model, and product and service offerings.
Before receiving final approval for a fintech charter, a fintech company will be required to develop a contingency plan to address significant financial stress that could threaten its viability. It should outline strategies for restoring the company’s financial strength and provide options for selling, merging, or liquidating the company in the event the recovery strategies are not effective. The OCC’s final approval will require the fintech company to implement and adhere to this plan. The company will be expected to review its contingency plan annually and update it as needed.
The OCC will grant the approval of a fintech charter application in two steps: preliminary conditional approval and final approval. Granting preliminary conditional approval provides a fintech company with an assurance that the application has passed the first phase of OCC review before it expends additional funds to raise capital, hire officers, and employees, and fully develop policies and procedures. However, a preliminary conditional approval is not a guarantee that the OCC will grant final approval for a new fintech charter.
In its preliminary conditional approval, OCC may impose conditions that may be specific to a fintech charter or unique to the specific fintech company applying for it and may address a variety of issues such as:
- Guaranteeing maintenance of minimum capital levels commensurate with the prospective risk;
- Ensuring that the fintech company does not significantly deviate from the business model proposed in its application without obtaining the OCC’s prior non-objection;
- Developing a contingency plan that includes options to sell itself, wind down, or merge with a nonbank affiliate, if necessary;
- Requiring from the fintech company to demonstrate a commitment to financial inclusion under the Community Reinvestment Act or other statutes; and
- Submitting to periodic assessments and ongoing supervision by the OCC under a scheduled supervisory cycle, including on-site examination and periodic off-site monitoring.
- After the OCC issues final approval and the chartered fintech company opens for business, the OCC will supervise the fintech company, as it does all other national banks, under a scheduled supervisory cycle, including on-site examination and periodic off-site monitoring.
There are several potential issues and open questions that will require resolution in order to determine the ultimate viability of this option. For example, both the New York State Department of Financial Services (NYSDFS) and the Conference of State Bank Supervisors (CSBS) have pending lawsuits seeking to block the OCC’s efforts to issue the fintech charters, alleging that such action would exceed the OCC’s statutory authority. While it seems likely that the OCC will ultimately prevail on the merits in these suits, the legal process to resolve them could take quite a while, and the status of the fintech charter, and any charters that might be issued, would be in question until the cases are resolved. Further, the OCC has not yet expressly defined certain requirements, and will instead determine how chartered institutions must comply on a case-by-case basis, depending on the specific nature of the applicant’s business. This means that an applicant may need to expend a significant amount of time and resources through the chartering process before knowing exactly what all of its specific regulatory requirements may be.
In sum, there is no single solution that will work for every company. You may, like others, find it beneficial to pursue a partnership initially, both for purposes of speed and for educational and testing purposes, only to later pursue licensing or a charter. The best path will depend on your priorities and future ambitions, and your ability to tolerate any associated drawbacks. It is essential to carefully explore and understand all aspects and implications of any potential solution before proceeding.