So you're a fintech startup, buying a fintech company, or expanding the technical capabilities of your financial business. Or you're a tech company that is getting into the payments space. Where do you start when it comes to figuring out what consumer protection laws apply to you? You should be aware that, for the past several years, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have been actively enforcing consumer protection laws in the fintech space. For example, the FTC has recently brought cases involving an online lender that allegedly charged undisclosed fees, a mobile banking app that falsely promised high interest rates and 24/7 access to funds, promoters of cryptocurrency money-making schemes, and tech platforms offering in-app purchases. The CFPB most recently shuttered a VC-backed online lender for false advertising related to interest rates and loan amounts. Earlier last year, the CFPB had obtained refunds and a civil penalty against a fintech company for enabling merchants to obtain loans for consumers without their authorization.
Of late, one of the key concerns driving regulators' interest in fintech companies is how these companies will use and protect consumers' data. Here are some regulatory developments fintech companies should be watching:
The bottom line for fintech companies: Think about why you collect personal data, how you collect, use, and store it, and whether and how you share or provide access to it. Do you use this data to facilitate decision-making about consumers? If so, consider application of the FCRA. In general, the less data you collect and share, the lower your regulatory exposure. If you need additional assistance with regulatory compliance regarding privacy, security, and consumer protection laws, contact Wilson Sonsini attorneys Laura Ahmed, Maneesha Mithal, or Libby Weingarten.