How Regulators are Responding to FinTech

This post is the fifth and final in a series that highlights various elements of a new online course titled “FinTech Law and Policy.” The course is available to all on the Coursera platform (it can be audited for free) and covers the key legal and regulatory issues confronting the FinTech industry today. You can view all previous posts in the series here.

The FinTech industry is still young and has grown at an exceptional speed. This has placed pressure on financial regulators around the world to understand these new technologies and how they fit within the current regulatory framework. The pace of technological change necessitates a rethinking of current regulatory structures. These structures are largely premised on a model of banking that preceded the digital revolution, when you conducted your banking at your local branch and balanced your checkbook every week. Regulations built for this model of banking are simply not conducive to fostering and promoting new innovations in financial services.

But how should regulators respond? Well, that depends on the jurisdiction. There are a variety of financial ecosystems around the world, all with varying degrees of complexity and regulatory frameworks. Given this diversity, there is not going to be a one-size-fits all approach that will work in every country or satisfy all stakeholders in each country. Different regulatory agencies may also have different mentalities when it comes to innovation and these mentalities will play a large role in how they respond to FinTech. In some countries, like the U.K. for instance, regulators are tasked with promoting competition and these regulators may view FinTech firms as being better situated to meet the needs of market segments that are not currently being served by traditional banks. Many regulatory agencies also recognize that technology is, and will remain, a part of life and that if consumers are utilizing financial services in new and innovative ways, it is incumbent upon them to adjust and accommodate these new technologies. Regulatory agencies are also responding on the basis of inquiries from industry stakeholders. Many new FinTech firms have begun asking how they are regulated, placing the regulator in the position of having to determine what adjustments in current frameworks are needed, if any, to accommodate the various changes occurring in the business operations and models within the financial services space.

The US Regulatory Response

Complicating the US response to FinTech is a fragmented regulatory system, with FinTech activity often being supervised by two or more regulatory agencies. Each of these agencies has a different statutory mandate and internal culture, and may not see eye to eye on many issues, including FinTech.

Absent a comprehensive national FinTech strategy, several US federal regulatory agencies have adopted their own initiatives that are primarily designed to facilitate communication between FinTech innovators and financial regulators. For instance, the Consumer Financial Protection Bureau (CFPB) has launched Project Catalyst, which is an initiative to encourage consumer-friendly developments for consumer financial products and services.[i] Through Project Catalyst, the CFPB has launched several research collaborations with companies that are testing financial products or services. Through these projects, the CFPB gains insight into how consumers make financial decisions and improve their understanding of new consumer friendly innovations in the marketplace.  According to the CFPB, as of August 2017, they had met with approximately 150 companies in four project catalyst events in New York and San Francisco.

The Commodity Futures Trading Commission launched Lab CFTC to be the hub for the agency’s engagement with the FinTech innovation community.[ii] It is designed to make the CFTC more accessible to FinTech innovators, and serve as a platform to inform the commission’s understanding of new technologies. Lab CFTC’s core components include “Guidepoint” – a dedicated point of contact for FinTech innovators to engage with the CFTC, learn about the CFTC’s regulatory framework, and obtain feedback and information on the implementation of innovative technology ideas for the market; and “CFTC 2.0” – a program to foster and help initiate the adoption of new technology within the CFTC’s own mission activities through collaboration with FinTech industry and CFTC market participants.

The Office of the Comptroller of the Currency, or OCC, launched the office of innovation to be the central contact and clearinghouse for requests and information relating to innovation in the federal banking system.[iii]  The Office of Innovation has four core components: 1) Outreach and technical assistance to establish open and continuing dialogue with banks, financial technology companies and other non-bank parties and technical assistance; 2) Coordination and Facilitation to implement a process to streamline and coordinate innovation related decisions to ensure transparent and timely responses to inquiries; 3) Awareness and training that improves the skills and knowledge of OCC staff; and 4) Research that assess the landscape and trends in financial innovation.

In addition to launching their own initiatives, US regulatory agencies have also opened new channels to share information with one another in effort to provide a more coordinated response to FinTech innovations. For example, in 2010, the Federal Reserve banks of Atlanta and Boston created the Mobile Payments Industry Working Group, to facilitate discussions among industry stakeholders about how a successful mobile payment system could evolve in the United States.[iv] This group also functions as an inter-agency collaboration mechanism, through bi-annual meetings between industry stakeholders and relevant regulators.

In 2016, the Treasury Department created the Interagency Working Group on Marketplace Lending, which met three times over the course of fiscal year 2016.[v] The purpose of the working group was to share information, engage industry participants and public interest groups, and evaluate where additional regulatory clarity could protect borrowers and investors.

In March of 2017, the Federal Reserve convened the Interagency Fin Tech Discussion forum, which is an informal group that meets approximately every four to six weeks and aims to facilitate information sharing among consumer compliance staff from the federal banking regulators on Fin Tech consumer protection issues and supervisory outcomes.[vi] Discussion topics have included account aggregation, alternative data, modeling techniques, as well as third party oversight.

In addition to these domestic interagency working groups, there are a number of FinTech collaboration efforts between regulators from different countries. Sharing information across regulatory agencies, both domestic and foreign, allows regulators to stay abreast of the latest FinTech developments and can promote a common understanding and consistent application of laws and regulations.

Regulatory Sandboxes

Regulators abroad have addressed the emergence of financial innovation through various means, including establishing innovation offices, establishing mechanisms for allowing FinTech firms to conduct trial operations, holding innovation competitions, providing funding for firms through business accelerators, and using various methods to coordinate with other regulators domestically and internationally.

One of the more common approaches that has emerged is what’s known as a regulatory sandbox, which exist in over a dozen countries and can be thought of as a safe space in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in these activities. At a basic level, a sandbox works through the following four steps: 1) FinTech firms apply to participate 2) If accepted by the regulator, the firm agrees with the regulator on the parameters of how products or services will be tested, such as the number of consumers or transactions included in the test, or the timeframe of the test 3) The firm secures the appropriate licenses, if applicable, and begins testing their product and 4) the firm and regulators interact regularly throughout the testing process.

The first regulatory agency to launch a FinTech sandbox was the United Kingdom’s Financial Conduct Authority (FCA). The FCA is the conduct regulator for financial services firms and financial markets in the UK and they have a specific mandate to promote effective competition in the interest of consumers, which is what drove their decision to launch the sandbox. The FCA stated they launched the sandbox in order to: reduce the time and cost of getting innovative ideas to market; enable greater access to funding for innovators; allow more products to be tested and introduced into the market; ensure appropriate consumer protection safeguards are built into new products and services; and facilitate better outcomes for consumers.[vii] The FCA was also concerned about national competitiveness, and launched the sandbox to help the UK maintain its status as Europe’s leading FinTech Hub.

In order for a firm to be admitted into the FCA’s sandbox, they must prove that their product is a genuine innovation that would offer an identifiable benefit to consumers and is ready to be tested. Firms admitted into the sandbox may receive several possible benefits. The most sought after is a restricted authorization to operate. Any firm seeking to provide consumer financial services in the U.K. must be authorized or registered by the FCA, unless certain exemptions apply. The FCA created a tailored authorization process for firms accepted into the sandbox, whereby any authorization or registration will be restricted to allow firms to test only their ideas as agreed upon with the FCA.

Sandbox firms may also receive individual guidance, whereby the FCA clarifies rules and regulations that apply to the product being tested, or, a waiver or modification to existing rules if the firm is concerned that their product being tested may breach one of the FCA’s rules. The FCA would only grant a waiver or modification if they felt the rule is unduly burdensome or not achieving its purpose.

The final possible benefit for sandbox firms is referred to as a no enforcement action letter, which is an agreement between the firm and the FCA that provided the firm kept to the agreed upon testing parameters and treated customers fairly, the FCA accepts that unexpected issues may arise and would not expect to take disciplinary action.

The US’s fragmented regulatory structure makes implementing a FCA type of sandbox impossible – there are ten federal agencies involved in the regulation of FinTech in some capacity in the United States. Furthermore, unlike the FCA, most US financial regulators do not have a mandate to promote competition or the authority to initiate a sandbox program.

Despite these hurdles, some federal agencies have adopted various elements of a regulatory sandbox. For instance, in 2017, the Consumer Financial Protection Bureau issued a No Action Letter to Upstart Network, a company that uses alternative data to assess creditworthiness and underwrite loans.[viii] As part of the Letter, the CFPB agreed they would not recommend initiation of supervisory or enforcement action against Upstart with respect to the Equal Credit Opportunity Act provided that Upstart regularly reports lending and compliance information to the CFPB to mitigate risk to consumers and informs the CFPB about the impact of alternative data on lending decisions.  The Securities and Exchange Commission and the Commodity Futures Trading Commission have also issued no action letters to FinTech firms.

While the hurdles to implementing a national FinTech regulatory sandbox are high, several states have debated launching their own form of sandbox, and in March of 2018, Arizona became the first US state to do so. At the time, Arizona’s governor, Doug Ducey said that “FinTech is going to fundamentally transform banking, finance and technology. We’re going to be the first in the state to embrace it.”[ix]

Arizona’s sandbox is going to be administered by the state Attorney General’s Office and will be open to businesses bringing new products to market for activities that would normally require licenses issued by Arizona’s Department of Financial Institutions, such as mortgage lending, consumer lending, and money transmission. FinTech companies in the Arizona sandbox will be able to test their products for up to two years, and serve as many as 10,000 customers before needing to apply for formal licensure.[x] Expect more states to follow Arizona’s lead.



[i] “Project Catalyst.” Consumer Financial Protection Bureau,


[iii] “Responsible Innovation.” OCC: Truth in Lending, 3 Mar. 2017,

[iv] Federal Reserve Bank of Boston. “Mobile Payments Industry Workgroup.” Federal Reserve Bank of Boston, 17 Nov. 2017,

[v] “U.S. Department of the Treasury.” Ukraine-/Russia-Related Designations and Identification Update; Syria Designations; Kingpin Act Designations; Issuance of Ukraine-/Russia-Related General Licenses 12 and 13; Publication of New FAQs and Updated FAQ, 1 Dec. 2016,

[vi] “FINANCIAL TECHNOLOGY Additional Steps by Regulators Could Better Protect Consumers and Aid Regulatory Oversight.” GOA.GOV, Mar. 2018,


[vii] Regulatory Sandbox. Financial Conduct Authority, Nov. 2015,

[viii] “CFPB Announces First No-Action Letter to Upstart Network.” Consumer Financial Protection Bureau, Sept. 14AD, 2017,

[ix] Stanley, Aaron. “Arizona Becomes First U.S. State To Launch Regulatory Sandbox For Fintech.” Forbes, Forbes Magazine, 24 Mar. 2018,

[x] “Arizona Becomes First State in U.S. to Offer Fintech Regulatory Sandbox.”, Mark Brnovich, 23 Mar. 2018,

3 thoughts on “How Regulators are Responding to FinTech

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *