2020 Legal Insight
I. Regulation “Best Interest” (“Reg. BI”) is set to take effect this June
On June 5, 2019, the Securities and Exchange Commission (“Commission”) adopted Regulation Best Interest, which establishes a new standard of conduct under the Securities Exchange Act of 1934 (“Exchange Act”) for broker-dealers and associated persons (“BDs”) when recommending an investment strategy or securities transaction to retail investors. Reg. BI places a fiduciary responsibility on covered entities, requiring BDs to make recommendations for the best interest of the investors, ahead of its own financial interest.
The general obligation of acting in the best interest of clients is satisfied through four component obligations:
1) Disclosure: The BD must provide certain disclosures about the recommendation and relationship to customer
2) Care: Exercise reasonable diligence and skill in making a recommendation
3) Conflict of Interest: Establish, maintain, and enforce written policies and procedures designed to address potential conflicts of interest
4) Compliance: Establish, maintain, and enforce written policies and procedures designed to achieve compliance with Regulation Best Interest
Covered entities must also comply with recordkeeping requirements related to the above component obligations.
In addition to adopting Regulation BI, the SEC also adopted Form CRS, requiring BDs to record and disclose a “Client/Customer Relationship Summary” which outlines the scope of the firm’s services, fee structure, conflicts of interest, and the firms disciplinary history.
Regulation Best Interest is set to take effect June 2020; so covered entities should begin preparing, enacting, and enforcing Conflict of Interest and Compliance Policies prior to this looming compliance deadline.
II. The California Consumer Privacy Act (CCPA) goes into Effect
This January 1st, the California Consumer Privacy Act (CCPA) went into effect, requiring companies to be accountable to consumers they collect data on. After passing in 2018, privacy advocates hailed the new act as the US (albeit, State-level) counterpart to the EU’s General Data Privacy Regulation (GDPR), which would afford California resident-consumers with the ability to locate, secure, and remove any private data on the individual held by a covered entity.
Specifically, the CCPA gives California Consumers the following rights:
1) The Right to Know WHAT: Consumers have the right to know, either through request or public notification, what information a business is collecting, why the business is collecting that information, and how it is being used.
2) The Right to Know WHOM: Consumers have the right to know if the business is monetizing their personal data, to whom the data is being sold, and the ability to prevent the sale of their information (“opting out”).
3) The Right to Access: Consumers may request their personal information being collected by a business, including the details of the collected information, the parties that source the information, and the parties that receive the information.
4) The Right of Erasure: Consumers may demand a business which has collected personal information to delete that information – unless the business is legally obligated to retain that information.
5) The Right to Exercise Your Rights: A consumer may not be discriminated against for exercising any of their Rights provided by the CCPA, which includes being charged a higher fee or preventing access to consumers who do not wish to share their personal information.
While the CCPA only applies to California Consumers, it is likely the effects of this Act will reach all consumers, regardless of the State. This is likely due to the fact businesses are unlikely to develop separate technical solutions or offerings for different states, as well as the public push towards good corporate governance practices, which includes respecting the privacy rights of consumers.
Businesses that collect data, whether located in California, should be keeping up to date with these privacy protection laws as global consumer and government sentiment is moving towards recognition of privacy rights (albeit, in a piecemeal approach). Privacy-by-design should be the new standard in development and business operations and firms that are not ahead of this trend, will fall behind.
The OCC FinTech Banking Charter 2020 Update
For those of you following the exciting saga of the battle between the Office of the Comptroller of the Currency (OCC) and the New York Department of Financial Services (NYDFS) over the authority to grant “FinTech Charters” – we may have some exciting developments to look forward to in 2020.
This past December 2019, the OCC filed an appeal to the Second Circuit to reverse an earlier ruling in the Southern District of New York dismissing the case (for lack of ripeness and standing[NJ3] ). This will give the Second Circuit an opportunity to address the questions of Federal Preemption, as applied to the OCC’s FinTech Charter over state usury laws.
While this story is far from reaching a legal conclusion, market participants will be keeping a finger on the pulse of this lawsuit, as it will define who regulates these firms and how they will be regulated. If the OCC is successful, many non-traditional, non-depository FinTech service providers will be able to participate in certain aspects of the banking space, while avoiding some of the costly compliance requirements imposed by a multitude of state regulators.