In a clear message to FinTech start-ups, on September 27, 2016, the Consumer Financial Protection Bureau (CFPB) ordered online lender Flurish, Inc. to pay $1.83 million in refunds and a civil penalty of $1.8 million for failing to deliver the promised benefits of its products. Flurish, a San Francisco based company doing business as LendUp, offers small dollar loans through its website to consumers in certain states. In its consent order, the CFPB alleged that LendUp did not give consumers the opportunity to build credit and provide access to cheaper loans, as it claimed it would. LendUp did not admit to any wrongdoing in the order.

Just a few months ago, news headlines touted an opportunity for innovative, tech-savvy start-ups to fill a void in the payday lending space amidst increasing regulatory enforcement against legacy brick-and-mortar payday lenders. In fact, in a June 2016 article, CNBC reported on how online lenders could use technology to lower operating costs and fill the traditional payday loan void created by increased regulation. LendUp even issued a statement in June after the CFPB released proposed small-dollar lending rules, stating that the company “shares the CFPB’s goal of reforming the deeply troubled payday lending market” and “fully supports the intent of the newly released industry rules.”

With its order against LendUp, the CFPB made clear that despite the physical differences between brick-and-mortar lending operations and FinTech alternatives that may ultimately benefit underserved consumers—both are equally subject to the regulatory framework and consumer financial laws that govern the industry as a whole. Specifically, the CFPB alleged that LendUp:

• Misled consumers about graduating to lower-priced loans: LendUp advertised all of its loan products nationwide but certain lower-priced loans were not available outside of California. Therefore, borrowers outside of California were not eligible to obtain those lower-priced loans and other benefits.
• Hid the true cost of credit: LendUp’s advertisements on Facebook and other Internet search results allowed consumers to view various loan amounts and repayment terms, but did not disclose the annual percentage rate.
• Reversed pricing without consumer knowledge: For a particular loan product, borrowers had the option to select an earlier repayment date in exchange for receiving a discount on the origination fee. LendUp did not disclose to customers that if the consumer later extended the repayment date or defaulted on the loan, the company would reverse the discount given at origination.
• Understated the annual percentage rate: LendUp offered a service that allowed consumers to obtain their loan proceeds more quickly in exchange for a fee, a portion of which was retained by LendUp. LendUp did not always include these retained fees in their annual percentage rate disclosures to consumers.
• Failed to report credit information: LendUp began making loans in 2012 and advertised its loans as credit building opportunities, but did not furnish any information to credit reporting companies until February 2014. LendUp also failed to develop any written policies and procedures about credit reporting until April 2015.

In addition to the CFPB settlement, LendUp also entered into an order with the California Department of Business Oversight (DBO). In its order, the DBO ordered LendUp to pay $2.68 million to resolve allegations that LendUp violated state payday and installment lending laws. The settlements with the CFPB and DBO highlight the need for FinTech companies to build robust compliance management systems that take into account both federal and state law—both before and after they bring their products to market.

Despite levying hefty penalties against LendUp, the CFPB expressed to the marketplace that it “supports innovation in the fintech space, but that start-ups are just like established companies in that they must treat consumers fairly and comply with the law.” In a press release following the announcement of the settlement agreement, Lendup stated that the issues identified by the CFPB mostly date back to the company’s early days when they were a seed-stage startup with limited resources and as few as five employees.

In this action, as was the case in the CFPB’s enforcement action against Dwolla, the CFPB expresses a reluctance to grant start-up companies any grace period for timely developing compliant policies and procedures, even where those companies are seeking to develop products that could one day benefit millions of underbanked consumers. One of the key challenges for both new and existing tech-savvy lenders is being able to expeditiously bring innovative financial products to market, while ensuring that their practices are in compliance with the regulatory framework in which they operate. As is clear from the CFPB’s recent enforcement actions, FinTech companies need to create and implement thorough policies and procedures with the same zeal with which they are building their technology.