Institutions subject to government regulation must ensure that their operative policies and procedures align with applicable regulatory frameworks and remain informed of any anticipated regulatory changes. One key mechanism for managing compliance risks is to be alert to key changes to the global regulatory environment which may inform potential modifications to domestic policy.
In this article, we outline the regulation of financial institutions and entities, setting out notable changes within the US regulatory spectrum and acknowledging their similarities and distinctions against the current and proposed Australian regulatory systems.
The past few years have seen an increase in regulatory action in the United States (US), which appears to be driven by a focus on increasing consumer protection and equality within the financial market.
Various US regulators have released guidance or begun enforcement action covering a range of evolving areas, including climate change and related risks, and the management of third party relationships, notably, in the Fintech space.
Importantly, given the interconnectedness of the global financial landscape, it is often possible to anticipate the likely focus of local regulators by looking at the recent developments in foreign jurisdictions.
Drawing on the US experience, we expect our local regulators will sharpen their focus on the following five key areas in the coming year:
||1. Disparate impact or discriminatory practices in credit access;
||2. Managing Bank/Fintech partnerships and other third party relationships;
||3. Best interests obligations of certain financial services providers;
||4. Climate-related risks; and
||5. Exploitative or “Junk” Fees.
It is recommended that both multijurisdictional and Australian entities analyse regulatory trends in the market globally to best prepare themselves for any shifts in attitude and enforcement by the Australian regulators.
Disparate impact or discriminatory practices in credit access
Regulatory focus on fair lending practices in the US continues to grow. The Consumer Financial Protection Bureau (CFPB) continues to step up its enforcement efforts against discriminatory practices, including taking lenders to court for violating the Equal Credit Opportunity Act (ECOA).1 The ECOA is arguably a key piece of US legislation protecting consumers against discrimination by lenders, based on attributes including race, religion, national origin, sex or marital status, age, or the fact that the applicant receives income from any public assistance program.2
CFPB’s recent ongoing efforts include:
- doubling its examiner capacity for supervisory work relating to fair treatment and equitable access to credit, with particular focus on racial discrimination;3
- focusing on the growing reliance on machine learning models in the lending process and to continue to ‘root out all forms of redlining, including algorithm redlining’;4 and
- issuing a proposed rule under section 1071 of the Dodd-Frank Act in September 2021 for consultation. To facilitate the implementation of fair lending laws, this proposal requires certain financial institutions to collect and report to CFPB relevant data on credit applications for small businesses. Data proposed to be reported to CFPB include demographics of the applicant’s principal owners or ownership status, including whether they are women-owned businesses or minority-owned businesses.5 CFPB is currently reviewing the comments received.
In October 2021, the CFPB, the Office of the Comptroller of the Currency, which regulates US federally chartered banks (which includes most of the large US retail banks), federal savings associations and federally licensed foreign bank branches and agencies, and the Department of Justice jointly announced a nationwide initiative to combat redlining by both bank and non-bank lenders.6
On the legislative front, Senator Elizabeth Warren and Representative Maxine Waters have introduced the Racial and Economic Equity Act, which would require the Federal Reserve System to support the elimination of racial and ethnic disparities when carrying out its responsibilities, including the implementation of monetary policy. Although the bill has not been enacted into law, it reflects the potential scope of new policy initiatives to address racial inequality and disparities in economic outcomes.7
The regulatory focus in the US is, perhaps, indicative of a global trend aimed at reducing systemic discrimination embedded within credit processes and systems at financial institutions and financial product providers.
Despite the widespread deployment of AI in the lending process, Australia appears to be lagging behind in regulating any potential discriminatory practices resulting from the use of algorithms, known to be susceptible to bias. The extent to which those who received government support payments during the pandemic are affected by discriminatory lending practices is yet to be discussed in great detail in Australia.
Responsible lending has been a key focus in the industry since the Banking Royal Commission. A pressing question is how institutions can meet their responsible lending obligations, while eliminating any potentially discriminatory practices that may result from the use of AI in lending practices. A related question is how government support payments ought to be considered, in deciding whether credit would be offered to an applicant.
Lenders in Australia are advised to be proactive in identifying deficiencies in their lending practices, in particular any systemic issues, and making changes to address any potential discriminatory practices. This may involve conducting a holistic review of their fair lending programs and servicing practices throughout all phases of the credit lifecycle.
If you would like to read further on this topic, please click through to this previous article by Claudine Salameh, Helen Taylor and Nicole McKenzie, which discussed the spotlight placed on the role of AI in discriminatory mortgage lending practices – British and American banks put under spotlight for discriminatory mortgage lending practices – a cautionary tale for Australian banks.
Bank/Fintech partnerships and other third party relationships
The US is increasing its scrutiny of bank and fintech partnerships as it continues to emphasise the importance of risk management of third party relationships by banks.
With respect to fintech partnerships, a key concern is that various fintechs who partner with banks technically fall outside the remit of banking regulators and are not caught by legislation and rules that apply to traditional banks. There are views that these partnerships are ‘rent-a-charter’ arrangements, effectively allowing fintechs to avoid a number of rules at customers’ expense, particularly when they are, in essence, in the business of banking. It is unsurprising that the Office of the Comptroller of the Currency, has recently confirmed that it will be looking carefully at such partnerships.8
Similar to Australia, banks in the US regularly engage third parties to provide a range of products and services. With respect to risk management of third parties, proposed guidance was issued in July 2021 and it is expected that final guidance will be released in due course with respect to a framework that banks may adopt when managing their third party relationships. The framework proposed is formulated based on sound risk management principles, and may be scaled up or down depending on the level of risk and complexity of the relationship as well as the size of the bank.9
Apart from Australian Prudential Regulation Authority (APRA) Prudential Standard CPS 231 on the outsourcing of material business activities, there appears to be limited regulation of third party relationships in Australia.10 Local regulators appear to rely heavily on banks’ responsibility to comply with their Australian Financial Services Licence and/or Australian Credit Licence obligations, regardless of their outsourcing activities.
However, the Federal Government has indicated that there will be significant reform and regulation of Australia’s payments systems, including fintech operators in the digital wallet and Buy-Now-Pay-Later sectors.11 This follows the unprecedented level of engagement with digital technologies in the payments and crypto-assets segments, accelerated by the global pandemic.
Further guidance from local regulators, such as the proposed framework in the US, is likely to clarify regulators’ expectations on what steps a financial institution should take to manage its relationship with fintechs and other third parties at each phase of the relationship.
In this context, enhanced scrutiny and regulation are likely to be forthcoming. It is imperative that financial organisations review their current arrangements to identify and resolve any operational risks.
Regulation best interest rules
In June 2019, the US Securities and Exchange Commission (SEC) adopted the new Regulation Best Interest (RBI) rule, which required compliance by June 2020.12 The new rule imposes a requirement on securities broker-dealers and their associated persons to act in the best interests of retail customers at the time that they make a recommendation with respect to a securities transaction which is used primarily for personal, family, or household purposes. The RBI rule draws on the main principles of fiduciary obligations. 13
This standard is not satisfied by disclosure alone – it can only be met by complying with all four component obligations which relate to:
- making disclosures of material facts, including various specific disclosures mandated by the rule, before or at the time of the recommendation;
- exercising reasonable diligence, care and skill in making the recommendation;
- establishing, maintaining and enforcing written policies and procedures reasonably designed to identify and, at a minimum, disclose or eliminate conflicts of interest; and
- establishing, maintaining and enforcing written policies and procedures reasonably designed to achieve compliance with RBI as a whole.14
RBI does not contain a ‘safe harbour’ – failure to comply with any of the prescriptive component obligations constitutes a violation of the general obligation to act in the best interests of the customer.15 Assessing compliance with RBI has been one of the SEC’s examination priorities, thereby emphasising the importance for firms to ensure compliance with the rule.16
In response to recommendations made by the Banking Royal Commission, statutory reforms were introduced to require mortgage brokers to meet best interests obligations in relation to credit products provided to consumers for personal, domestic or household purposes or for the purchase or improvement of residential investment property.17
These reforms are aimed at improving customer outcomes, with compliance mandated from 1 January 2021. Mortgage brokers are now required to:
- act in the best interests of consumers when providing credit assistance; and
- avoid conflicts by prioritising the interests of the consumer ahead of those held by the mortgage brokers themselves, credit providers or third parties.
Similar to the RBI rule, there is no ‘safe harbour’ provided for mortgage brokers. This means that they are expected to take all necessary steps to ensure that they act in their customers’ best interests.18 This is unlike the best interest duty applicable to financial advisers, where ‘safe harbour’ provisions exist to assist financial advisers in proving that they have met their best interests duty.19
While the US and Australian versions of RBI are aimed at different things (the US one is aimed at protecting retail investors in securities and the Australian one is aimed at protecting borrowers under residential mortgage loans), it is clear that the “best interests” concept may be applied more and more to various different sectors within the financial services landscape.
Arguably, entities in both the US and Australia have had adequate time to implement the respective changes. Given recent statements from the Australian Securities & Investigations Commission (ASIC), it is likely that enforcement of measures to curb predatory lending practices will be a priority of the Australian regulator throughout 2022 and beyond.20 It is important that individuals and entities that are captured by the best interests obligations prioritise reviews of their current systems to ensure full compliance.
Climate change is an area that has gained a significant amount of traction in recent years, with the financial services industry playing an increasing role in driving behavioural changes across the globe.
Given the intensifying impacts of climate change, US regulators are expected to continue their increased focus on climate-related regulatory policies in 2022. For example, in March 2022, the SEC proposed various rule changes to make it mandatory for all registrants to include climate-related disclosures in their registration statements and periodic reports. This proposal is aimed at providing investors with ‘consistent, comparable, and decision-useful information for making their investment decisions’ while providing clarity to issuers on their reporting obligations.21
The SEC has also flagged the importance of:
- boards of directors having oversight in relation to climate and environmental, social, and governance risks and to factor those into the corporate disclosure process, as part of discharging their fiduciary duties;22 and
- ensuring that “green” or “sustainable” marketing claims are supported by objective data, given the lack of standardised meaning for sustainability-related terms.23
Separately, the Federal Reserve System is developing a climate scenario analysis to better understand the correlation between climate-related risks and economic outcomes, to identify the potential financial risks associated with climate change, and to assess how resilient individual financial institutions and the financial system are to these risks.24 Both the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation have issued proposed supervisory guidance to help large banks to measure, monitor and manage material climate-related risks.25 It is expected that the Federal Reserve System and the other banking agencies would eventually issue consistent guidance in this regard, which would be followed by more formal supervisory assessments of large banks’ climate risk management capabilities.
However, there are also contemporary indications that the Federal Reserve System (and other regulators) would be reluctant to go as far as setting rules requiring banks to avoid lending to certain borrowers based on climate risks.26 In this regard, consistent with current statutory authorisations (and unlike certain other jurisdictions), US banking regulators are generally focused on the impact of climate risks on banks rather than the impact of the activities of US banks on the climate.
In November 2021, APRA introduced the final Prudential Practice Guide CPG 229, which was aimed at providing broad guidance to APRA-regulated institutions on managing climate-related risks in the context of existing risk and governance management and prudential requirements.27 APRA is also expected to shortly issue a voluntary, online questionnaire asking medium-to-large APRA-regulated entities to self-assess how their current practices align to CPG 229.28
In late 2021, ASIC confirmed that its core messages on climate-related matters remained unchanged from those set out in ASIC Report 593 of 2018, including the following key recommendations for listed companies:
- directors and officers need to continually assess existing and emerging risks that are potentially relevant to the company’s business, including climate-risks;
- companies need to develop and ensure that corporate governance with respect to these risks remain strong and effective in order to identify, assess and manage material risks;
- boards should reassess compliance with relevant statutory requirements relating to disclosures of material climate-related risks, for instance, within their operating and financial reviews;29 and
- companies should consider voluntarily disclosing material climate risks to investors.30
Additionally, the Climate Vulnerability Assessment (CVA), a Council of Financial Regulators initiative led by APRA, has been designed to better quantify the potential financial impact of climate change to the banking industry. The CVA is to be completed by Australia’s five largest banks, with the Australian Banking Association facilitating the consultation regarding its design with participating banks. The participating banks commenced their analysis in 2021. APRA intends to publish aggregated results in 2022.31
Similar to the US, ASIC has also issued a warning to the industry about ‘green washing’ and its potential for misleading and deceptive conduct and the making of false and misleading statements in relation to the provision of financial products.32 Additionally, the detailed guide issued by the Australian Competition and Consumer Commission (ACCC) sets out the applicable principles that businesses should consider when conducting ‘green marketing’, and how ‘green marketing’ interacts with the obligations under the Australian Consumer Law.33
We can expect substantial developments in the climate space over the coming year. Regulators in Australia and the US seem to be heading in the same direction. With an increased focus on climate-related risks regardless of jurisdiction, now is the time for financial institutions to review their current systems to better understand, capture and monitor these risks.
In early 2022, the CFPB issued a broad request for information, seeking public comment on the subject of ‘exploitative, back-end, hidden fees’, otherwise known as ‘Junk Fees’. These fees may be charged by banks, credit unions and other entities on financial products including deposit accounts, credit cards, mortgages and student loans.
The CFPB noted concerns about overly excessive fees that contribute to profit, rather than being simply used to cover the cost of providing a service. The CFPB expressed its concern about the widespread practice within consumer finance where fees are charged at a subsequent point after a consumer has decided to acquire the product or service on a front-end, lower price.
According to the CFPB, ‘junk fees’ do not align with principles of a fair, transparent and competitive market. These fees also potentially mask the true price of a product or service from competition, and may add up to disproportionate costs especially with respect to vulnerable customers.34
Overdraft fees have been a particular focus of the CFPB, and the CFPB has recently publicly noted trends among banks that the CFPB characterises as “encouraging.”35
In our view, local regulators may also seek to better understand customers’ experience relating to the true amount of fees that are being charged by financial institutions across a range of products (including credit cards and loans), and the actual impact on their lives, particularly during the pandemic.
Parallels can be drawn between the rationale for CFPB’s request and the recent developments in Australia, particularly with respect to ‘fees for no service’ misconduct in the context of wealth management, the selling of junk consumer credit insurance, conflicted remuneration, and the updated legislative safeguards against hawking.36
Additionally, the 2018 Productivity Commission's Inquiry Report into Competition in the Australian Financial System acknowledges that competition does not play a central role in the regulation of the industry.37 Despite the notable shift in the ACCC’s role in the scrutiny of the financial system, there are arguably gaps in ensuring that consumers get access to transparent price information upfront (including any ‘junk fees’). There is also arguably a need to build a solid understanding of how the structure of financial products may dis-incentivise consumer action based on competitive pricing.38
To drive strong customer outcomes, financial institutions should proactively disclose all fees upfront to consumers and conduct regular assessments of their fee structures to ensure ongoing justification for the fees being charged.
Regulators, locally and globally, are continuing to focus on driving strong customer outcomes. Regulators are expected to increasingly scrutinise financial institutions and credit providers in their servicing of customers going forward.
While the pandemic has arguably resulted in regulators deferring enforcement actions, it is anticipated that enforcement will now ramp up significantly. Entities and individuals likely to be impacted are urged to conduct appropriate reviews and assessments to ensure compliance with all applicable legislation and regulatory guidance.
If this article raises any concerns regarding the application to your circumstances, our global financial services regulatory team and risk advisory specialists are here to assist.
Thank you to Holly Stebbing, Kevin Harnisch, Steve Aschettino, Tim Byrne and Seth Kruglak for their expertise and assistance.