Runway Group

The OCC just rescinded its interpretive letter outlining a supervisory nonobjection process for banks to engage in the crypto activities outlined in prior interpretive letters (such as custody and holding reserves backing stablecoins). The OCC reiterated that banks must conduct all crypto-asset activity in a safe and sound manner. I think it is a smart move, even if it was 100% expected.

Like many in the industry, I assume people have been both (1) surprised at the speed at which the Trump administration is looking to dismantle the CFPB and (2) unsure of what exactly is happening. So, I wrote an FAQ designed to help answer questions I've had or thought about plus questions people have asked me. Please read it here: https://lnkd.in/e2N9zEZ6 Overall, I should have taken Project 2025 at their word when they said they wanted President Trump to dismantle the CFPB, and that Trump CFPB 2.0 would not merely be a variation on the first term. These questions range from: ?? ???????? ?????? ???????? ?????????? ??????????? Yes - created by Congress; can only be undone by act of Congress. ?? ???? ?????? ???????? ????????????, ???? ???? ??????????????????????? No. Even the complaint system is down. ?? ???? (???????????????? ?????????????????? ????????????????) ?????????? ??????????? No! ?? ?????? ???????????? ?? ???????????? ???? ?????? ???????? ???? ?????? ??????????????????????? Many reasons - political winds shift quickly; see-sawing back-and-forth can be more expensive; states can enforce federal consumer protection laws, etc. With that said, states rely on receiving access to consumer complaints; that database appears to not be working, and even if it is turned back on, there's no guarantee this administration will share with states. ?? ?????? ?????? ?????????? ???????????????????????????? ???????? ???????????????? ?????????? ?????? ???????? ?????????? ???? ???????? ????????????? Yes - it alleges the CFPB uses a "slush fund" to fund "radical advocacy groups," that it targeted "a Chicago small business after it complained about the city's rampant crime," and that it issued rules during lame-duck status. Some thoughts: 1?? The Civil Penalty Fund has directed over 98% of its funds to victims, with no financial literacy spending since 2016 (per the latest audit). 2?? ???????? ?????????????? ???????? ?????? ?????????????????? ??????????????????, ?????????? ?????? ?????????? ?????????? ???????????????????????????? ??????????! 3?? The Congressional Review Act exists for a reason, and the CFPB--assuming it has staff--can initiate APA rulemakings to repeal rules not otherwise repealed by Congress. ?? ???????????? ?????????? ?????? ???????? - ???????? ?????????? ?????????? ?? ?????????????? ????????? Sponsor banks still need to ensure that they are adequately managing fintech providers. But sponsor banks may soon be faced with either (or both) more junior examiners or fewer examiners as FDIC buyouts and other reductions in force impact the bank regulators. Plus, the Trump administration has signaled a desire to "combine" regulatory functions, including doing so outside an express grant of power by Congress. So, a lot TBD on this point. I'll update this document as events change -- and they certainly will!

Obviously, in the financial services world, the recent moves at the CFPB have been garnering significant attention. But last week, two stablecoin bills were published (one in the Senate and a discussion draft in the House): The GENIUS Act (Senate) and STABLE Act (House) represent comprehensive attempts to regulate USD-pegged stablecoins. While both bills aim to bring stability and oversight to the market, and they align on many key concepts, they take different approaches to state regulation, bankruptcy protection, and algorithmic stablecoins. Read the full analysis here: https://lnkd.in/eitP6Jhz Key highlights from my analysis: ?? Who can issue stablecoins ?? Reserve requirements ??? Federal vs state oversight ?? International coordination ?? Consumer protections Curious to hear your thoughts! What aspects of stablecoin regulation do you think are most crucial for the industry?

I’m thrilled to share that I’ll be attending NMLS 2025, and I couldn’t be more excited! I look forward to seeing both old friends and new faces, and sharing all the wonderful things the team and I are working on over at Runway! If you’re going to be there, let’s connect! Drop a comment or send me a message – I’d love to meet up; Let’s make this year’s event unforgettable!

Yesterday was the states, today, the CFPB - CFPB orders Block to pay $175M because of weak security protocols and "woefully inadequate" investigations into unauthorized transactions. The below language from the press release is important as it ties into the CFPB's recent rulemaking on boilerplate contractual language that the CFPB alleges is designed to evade legal obligations. (While I expect the new CFPB to be less robust when it comes to rulemakings and similar policy pronouncements, I would be surprised if they stop enforcing for fraud and other scenarios where consumers lose money, so the concept of contractually limiting liability or legal obligations where not legally able to is the type of component that the new CFPB may still focus on): "Cash App attempted to avoid many of its investigative obligations through tricking consumers with its Terms of Service. For example, many Cash App users link their bank account to the app. When a transaction occurs, the money is pulled from the user’s bank account and sent to the transaction recipient. In Cash App’s Terms of Service, consumers are led to believe that disputes are the responsibility of their linked bank. The Electronic Fund Transfer Act generally requires that peer-to-peer platforms, including Cash App, investigate disputes of unauthorized transactions, and a company cannot simply use fine print to escape these legal requirements. When it did conduct investigations, Block used intentionally shoddy investigation practices to close reports of unauthorized transactions in the company’s favor." See full order here:

The CFPB's Winter 2024 Supervisory Highlights was notable for a few reasons, including its inclusion of BNPL and income advance products (EWA), as well as for the CFPB's continued focus on NSF fees and overdraft fees. But it also contains themes and areas of focus that are applicable to all entities in the financial services ecosystem: 1?? ?????????????? ???????????????????????????? ???????????? Service providers offering harmful default settings face regulatory risk—even if the system can be reconfigured. Review your systems and those of your providers. If the default could harm consumers, fix it. 2?? ?????????????????????? ???????????????????????? = ???????????????????? ?????????? BNPL lenders blocked payments under $1, harming consumers and triggering denials for additional credit. Test for edge cases in your systems; even small issues can snowball. 3?? ?????? ?????? ?????????????????? ?????????????? You’re accountable for partner advertisements. Ensure all consumer-facing materials are accurate, even if they’re hosted elsewhere. 4?? ??????????-?????????? ???????? ???? ?????????? ???????? ???????? If your service provider’s configuration or oversight leads to harm, you’re on the hook too. Audit, configure responsibly, and document everything. Below is my article addressing these topics. Have insights or questions? Share your thoughts below—I’d love to hear them! https://lnkd.in/eScN-8bG

???????? ????????????????????: ?????? ???????????????????? ?????? ???????????????? ?????? ?????????????? ?????????? As the?1033 rule?takes shape, it introduces unique challenges for fintechs and their sponsor banks—particularly around?staggered compliance timelines. ?? Specifically, what happens when the fintech must grant access to developer interfaces when its sponsor bank either (a) is not (yet) required to have set up a developer interface, or (b) it has different standards governing access than the fintech does for its interface. Under 1033, the fintech ???????? make its developer interface accessible. However, the bank has the underlying account relationship with the customer (and banks expressed significant concern during the rulemaking and in the subsequent lawsuit about liability ???????? ???????? ?????????????? ?????? ??????????????????). This raises questions about liability, risk management, and contractual obligations that the CFPB did not directly address in the rule or the commentary. ?? Key issues include: ? How can banks manage risks when they don’t control developer interfaces? ? Should MSAs evolve to address new responsibilities? ? Can both parties align on standards that ensure?compliance?and?trust? The solution??Proactive communication. Open dialogue between fintechs and banks can help bridge gaps and ensure a seamless path to compliance. ? Check out my article below for further thoughts on this topic.

Introducing: ?The Expert Interview Series? - a segment of the COMPLY Podcast where we shine a spotlight on the industry leaders who are truly making a difference in the marketing compliance landscape. We’ll chat with these compliance experts as they share their real-world experiences, expertise, and practical insights. In this inaugural episode, we sat down with Andrew W. Grant, Partner at Runway Group, where we talked about his extensive experience in financial services law and how companies can operationalize compliance effectively. Listen here: https://lnkd.in/eCRvRpxr

Psyched to share I'll be working with the brilliant team at Runway Group, supporting their clients on all things product and privacy legal. I love the team and the holistic, nimble model of service they provide, I love the roster of clients building cool stuff in new directions, and getting to work with Andrew W. Grant again lights up a dark little corner of my heart.

As I look forward to participating in a panel tomorrow with OpenFinity for its 1033 Expo, I wanted to share some thoughts regarding what I like and don't like about the final rule. While the rule isn’t perfect, it’s a very good and necessary step towards formalizing open banking standards in the U.S. Yes, the U.S. has done relatively well without regulations, but the regulations will provide necessary standardization and make open-banking compliance mandatory, both of which are prerequisites for a genuinely open banking ecosystem. https://lnkd.in/eRR-itFD ???????? ?? ????????: ? Liability not shifted onto authorized third parties ? Anti-evasion provision for data providers ? Expanded time frame for data provider compliance ? Data providers are not furnishers under FCRA ? No express ban on screen scraping – required development of developer interfaces means that screen scraping will be difficult to deploy compliantly (but not expressly prohibited) ???????? ?? ??????’?? ???????? ? No Official Commentary (this is the lawyer in me, I admit, but I think it’s helpful for non-lawyers too) ? Consumers’ data-sharing authorizations must be a separately signed document ? Lack of clarity on FCRA treatment of data aggregators (entities that act on behalf of the authorized third parties to receive data from multiple data providers) ? Covering pass-through payments The rule is obviously complex and contains more elements that I like and don't like, but I thought the above categories represent a good starting point for discussing the rule. I address these more completely in my article link above. I would love to hear where people think I'm right and where they think I'm wrong!