Last week, federal and state lawmakers took significant steps toward specific regulations targeting digital financial technology, mobile banking and cybersecurity, signaling the possibility of wholesale changes to the legal landscape. The federal and state legislative proposals follow significant vertical market development and industry investment in financial technology, including an industry-wide consortium of banks’ investment in blockchain technology; the use of robotic process automation (RPA) by financial institutions to streamline operations and to enhance customer service; and increases in FinTech investment from $1.8 billion in 2010 to $19 billion in 2015. Given the increasing connectivity between technology and finance–an intersection that often does not naturally fit within the confines of existing regulatory schemes– these proposed regulations have the potential to transform the financial services sector.
On September 12, 2016, the U.S. House of Representatives passed a nonbinding resolution, House Resolution 835 (HR 835), calling on the government to establish a national policy for technology to promote consumer access to financial tools and online commerce. HR 835 specifically expresses a legislative desire to:
- Develop a national policy to encourage the development of tools for consumers to learn and protect their assets in a way that maximizes the promise customized, connected devices hold to empower consumers, foster future economic growth, and create new commerce and markets;
- Prioritize accelerating the development of alternative technologies that support transparency, security, and authentication in a way that recognizes their benefits, allows for future innovation, and responsibly protects consumers’ personal information;
- Recognize that technology experts can play an important role in the future development of consumer-facing technology applications for manufacturing, automobiles, telecommunications, tourism, healthcare, energy, and general commerce; and
- Support further innovation and economic growth and ensure cybersecurity and the protection of consumer privacy.
The focus of HR 835 on prioritizing acceleration of the “development of alternative technologies that support transparency, security and authentication” signals national support for the further development of blockchain technology, while underscoring the need for a national policy and legislative framework under which this technology can operate.
Similarly, on September 13, 2016, the state of New York proposed new regulations which would require financial institutions to take steps to “protect consumer data and financial systems from terrorist organizations and other criminal enterprises.” If adopted, financial institutions regulated by the New York Department of Financial Services will be required to (1) establish a cybersecurity program; (2) adopt a written cybersecurity policy; (3) designate a Chief Information Security Officer; and (4) implement policies and procedures designed to ensure the security of information systems.
These recent legislative and regulatory developments are the latest in the fast-changing legal landscape related to digital financial services, data privacy and cybersecurity. To be sure, in light of the regulatory focus on the use of financial technology and customer harm, financial institutions should comprehensively evaluate current and emerging regulatory frameworks for consumer and data protection concerns. As regulatory agencies continue to place an emphasis on the way digital financial systems interact with consumers, it is critical for financial institutions to evaluate the development and operationalization of verticals, emerging technologies and business goals within the context of current and anticipated consumer protection, data privacy and cybersecurity regulations.