September 8, 2020

The State-Federal War Rages On: The Colorado Safe Harbor for Bank-Fintech Models

Dowse Bradwell Rustin, IV, Elizabeth Donaldson, Craig Nazzaro

+ Follow Contact

Send

Embed

Nelson Mullins Riley & Scarborough LLP

In early August an Assurance of Discontinuance (the “AOD”) was entered into by all parties in the actions brought by the Colorado Attorney General and the Colorado Uniform Consumer Credit Code Commissioner against Avant of Colorado, LLC and Marlette Funding, LLC.[1] While the AOD resolved the specific underlying issues and allegations raised in the matter, the AOD importantly establishes a conclusive “safe harbor” framework to apply when determining who is the “true lender” in a partnership between a bank and a non-bank lender/fintech in Colorado.

Though not law or formal regulation, the AOD creates a safe harbor for other banks and FinTechs operating FinTech partnerships in Colorado. The settlement comes on the heels of a June 9, 2020 Colorado District Court Order that had determined that Marlette was the “true lender” of the loans and disregarded federal rate preemption. The Court similarly rejected the concept of “valid when made” finding that assignees of loans are not allowed to collect the same interest rate as the original lender. The Defendants in the original case filed a parallel case in federal court, however the federal courts abstained from weighing in on the matter until the state concluded its investigation. In parallel, the State of Colorado brought in numerous trustees and trusts containing the loans. In its opinion, the Colorado courts have expressly denied any application of the “valid when made” doctrine and chose to ignore (then) pending FDIC and OCC[2] rulemaking in support of the “valid when made” concept. This decision and the settlement are part of an overall, ongoing fight between state regulators and federal banking regulators over bank-FinTech partnerships.[3]

This settlement is likely another step in the ongoing battle between federal banking regulators seeking the expansion of banking partnerships and the role of banks in modern, technology-driven financial services and the state financial regulators fighting to maintain powers over non-bank entities that were previously subject to a fragmented, disjointed state regulatory regimes. Both banks and FinTechs will likely continue their efforts to find workable, nationwide lending and payment platforms that avoid 50 statutes, 50 regulatory regimes, dozens of annual exams, and the inability to unify and market product offerings 21st century consumers that seek financial products online or through mobile devices. If anything, the current COVID-19 pandemic has reinforced the need for modernization and unification in lending and payments in a digital economy—an ongoing problem faced by state-licensed lenders and payment providers (setting aside the extreme compliance costs of operating a multi-state lending or payments platform).

If you are a party to a bank partnership serving consumers within the state of Colorado and wish to fall within the safe harbor, it is imperative that you review your program for compliance with these elements. The AOD breaks down the mandatory requirements for safe harbor into five sections: (1) Oversight Structure (2) Disclosures and Funding (3) Licensure (4) Limitations on Consumer Terms and (5) Structural Requirements.

1. Oversight Structure

Loans must be subject to oversight by bank’s prudential regulators.
The bank must provide its regulators with access to examine, review, and audit the FinTech.
The bank maintains approval authority over all loan origination services provided by the FinTech.
The bank maintains approval authority over all marketing content related to the loans.
The FinTech must retain all bank marketing approvals for a reasonable period of time (but at least as long as required by the bank’s applicable regulators).
The bank maintains approval authority over all content displayed on websites.
The bank maintains control of all terms of credit either: (i) through a written credit policy or (ii) other approval mechanisms. This includes:
- The bank has the absolute right to approve, deny, or modify the credit policy.
- Changes to the credit policy must only be effective once approved.
- All credit decisions must comply with the policy unless subject to bank-communicated exception.
- All exception approvals must be maintained by the FinTech for a reasonable period of time.
- The bank oversees any credit models (except third-party models like FICO).
The bank may change marketing or credit approvals at any time.
The bank may require the FinTech to revise or implement new policies or procedures at any time.
The bank approves the FinTech’s third-party risk management and oversight programs.
The FinTech must retain these approvals for a reasonable period of time.
The FinTech must maintain a Compliance Management System (CMS) approved by the bank.
The bank (or the bank’s third-party agent) conducts an annual compliance audit of the FinTech.
The FinTech must maintain a complaint management system that:
- Provides reporting to the bank of complaints.
- Institutes a process for the FinTech and Bank to respond to complaints as directed by the bank.
The FinTech discloses to the bank compliance gaps and the bank approves and oversees corrective action, as appropriate.

2. Disclosures and Funding

The loan must identify the bank as the lender.
Website content and consumer disclosures must identify the bank as the lender.
The bank must fund loans from its account. Funds may not be provided to the bank by the FinTech for the purpose of funding loans.
The bank may require the FinTech to maintain a deposit account at the bank to secure the FinTech’s obligations (subject to the restrictions on security interests, below).

3. Licensure

If the program: (i) offers supervised loans in Colorado and (ii) the FinTech takes assignment of the loans and undertakes direct collection of the loans, the FinTech must obtain a license from the Colorado Credit Administrator.
A FinTech subject to this licensure must submit an annual compliance report as part of its Supervised Lender Annual Report containing:
- A list of every loan originated under the authorization;
- A statement of compliance and explanation of compliance with this determination.
The bank must cease originations if it is notified that the FinTech has not provide this compliance report to the Administrator.
The Administrator cannot refuse to renew a supervised lender license based on participation in these safe harbors.

4. Limitation on Consumer Terms

Specified Loans may not have an APR greater than 36%.
Under the Programs, a “Specified Loan” is a loan: (i) to a Colorado resident, (ii) through a Program between a bank and FinTech, and (iii) with an APR that exceeds the Supervised Loan Rate in Colorado (generally 21%, although some increase for smaller-balance loans). Thus, these restrictions will generally apply to loans between 21% and 36% APR.[4]
The loans must contain Colorado choice of law provisions except that the loans may reference that federal law will apply where it preempts Colorado law or where it would regulate “interest” in terms contemplated by the federal statutes addressing rate exportation.

5. Structural Requirements

The program must comply with at least one of the following requirements:

-->

	Specified Loans (21% to 36% APR)	Loans <21% APR	Indemnification	Collateral Restrictions
Uncommitted Forward Flow Option	The FinTech may not enter into an advance commitment to purchase the Specified Loans. The Bank may “offer up” loans for purchase or use randomization criteria. The FinTech must state which loans it will acquire. If the FinTech does not purchase the loans, the bank may: (i) keep the loan and outsource servicing (including to FinTech), (ii) sell the loan to a third party, (iii) contribute the loans to a securitization sponsored by the FinTech, or (iv) contribute the loans to a securitization sponsored by a third party. The bank does not have to retain any Specified Loans.	Terms and limitations do not apply to non-Specified Loans.	For Specified Loans, the FinTech may only indemnify the bank for: The services provided; by the FinTech; Fraud by the FinTech; or Representations and warranties of the FinTech. The FinTech may not indemnify the bank for: FinTech’s failure or purchase Specified Loans; or The performance of the Specified Loans.	The bank can require the FinTech to maintain a collateral account to securitize the obligations of the FinTech (including for non-Specified Loans). The collateral cannot be used to securitize purchase obligations for Specified Loans unless the FinTech has already agreed to purchase a loan. During the first 2 years of a program or if monthly originations are less than $10 million per month (a “New Program Period”), the bank can require the FinTech to post collateral for the purchase volume of Specified Loans. During the following year, the collateral may only be 75% of the volume and 50% in year four.
Maximum Committed Forward Flow Option	FIRST SCENARIO: The FinTech and its affiliates may not receive Specified Loans (or economic interests in Specified Loans) that exceed 49% of the total origination volume of the Program during any given year. Under this first scenario, the bank may not transfer any economic interests in other Specified Loans to the FinTech, even on an uncommitted basis. SECOND SCENARIO: The FinTech and its affiliates may not receive Specified Loans (or economic interests in Specified Loans) that exceed 25% of the total origination volume of the Program during any given year. Under this second scenario, the bank transfer additional economic interests in the Specified Loans only a non-committed basis in accordance with the “Uncommitted Forward Flow Option” The bank may transfer all or a portion of the loans or economic interests in loans to third parties. The bank may contribute loans into a bona fide securitization sponsored by the FinTech so long as the bank contributes on terms similar to other investors.	Restriction does not apply to non-Specified Loans.	The FinTech may indemnify the bank for loans committed under the Program. The FinTech may not indemnify the bank for loans that are sold under the “Uncommitted Forward Flow Option” except where permitted under that option.	The FinTech may collateralize the obligation to purchase loans committed under the program. The FinTech may not collateralize loans that are sold under the “Uncommitted Forward Flow Option” except where permitted under that program.
Maximum Overall Transfer Option	The FinTech may purchase loans or economic interests in all loans (Specified and non-Specified) of up to 85% of the program volume on an annual basis. No more than 35% of the total originated principal amount of Loans under the Program (on an annual basis) may be Specified Loans. (I.e., at least 65% must be non-Specified Loans). The bank may not transfer a pool of loans that has more than 35% Specified Loans. The bank may not transfer the economic interests in Specified Loans that would exceed 35% of the program volume on an annual basis. The bank may transfer all or a portion of the loans or Economic Interests in loans to third parties. The bank may contribute loans into a bona fide securitization sponsored by the FinTech so long as the bank contributes on terms similar to other investors.	The FinTech may purchase loans or economic interests in all loans (Specified and non-Specified) of up to 85% of the program volume on an annual basis.	The FinTech may indemnify the bank for loans committed under the program. The FinTech may not indemnify the bank for loans that are sold under the “Uncommitted Forward Flow Option” except where permitted under that option.	The FinTech may collateralize the obligation to purchase loans committed under the program. The FinTech may not collateralize loans that are sold under the “Uncommitted Forward Flow Option” except where permitted under that program.
Alternative Structure Option	Allows alternative structures approved by the Colorado Credit Administrator.

Scroll to see full table data

[1]Also included were financial institutions sponsoring the programs and financial institutes serving as trustees for certain loan trusts.

[2] The OCC rule had gone final prior to the issuance of the opinion, however, it is unclear if the court knew or (would have been swayed) by the final issuance of the rule.

[3] California [Illinois, and New York]. v. Office of the Comptroller of Currency et al., No. 20-cv-5200 (N.D. Cal. filed July 29, 2020). The Conference of State Bank Supervisors (CSBS) is similarly challenging OCC and FDIC efforts to broaden bank model partnerships and special charter classes. John W. Ryan [CSBS CEO], “Congress, Not the OCC, Decides What is and Isn't a Bank,” American Banker (Aug. 19, 2020).

[4] C.R.S. § 5-2-201. A lender may contract for a loan with an APR of up to 12% without being a supervised lender. A supervised loan is a loan with an APR greater than 12%. A Supervised loan cannot have an APR of: (i) greater than 36% on an amount financed of $1,000 or less; (ii) 21% on that part of the amount financed greater than $1,000 and up to $3,000 and (iii) 15% on that part of the amount financed greater than $3,000. Alternatively, a lender can charge 21% per year on the amount financed, regardless of the amount.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.