Fintech 2025

USA Law and Practice Contributed by: Margo H. K. Tank, Michael Fluhr, Deborah Meshulam, Kristin Boggiano, David Stier, Liz S. M. Caires, Adam Dubin, Emily Honsa Hicks, Meghan Carey, Kathleen Birrane and Eric Hall, DLA Piper LLP

Consumer protection and privacy laws for banks are well established. Fintechs have less clarity, with less centralised regulatory oversight. 2.5 Regulatory Sandbox No US regulator has established a true regu - latory sandbox for fintech – instead opting for “innovation hubs” dedicated points of contact for fintech firms to raise enquiries and seek non- binding regulatory guidance. For example, the SEC’s fintech hub is the “SEC Strategic Hub for Innovation and Financial Technology” , and the CFTC’s fintech hub is the “CFTC Office of Tech - nology Innovation” . Some states have provided a limited-term regu - latory sandbox for fintechs in certain areas, such as money transmission. 2.6 Jurisdiction of Regulators All fintech verticals are subject to a patchwork of laws and regulations at both the state and fed - eral level, and of varying degrees of overlap and clarity. Additionally, non-governmental entities may also issue rules that are quasi-regulatory. Some of the many regulators and their jurisdic - tion include: • FDIC: insured depository institutions, includ - ing digital asset activities and partnerships with fintechs. • FinCEN: money transmission, money launder - ing, and the financing of terrorist activities; and regulates digital currency exchanges, including anti-money laundering (AML) and know-your-customer (KYC) compliance. • OCC: national banks, including digital asset activities and collaborations with fintechs. • OFAC: economic and trade sanctions. • IRS: tax matters. • SEC: activities in securities markets.

• CFTC: commodities and derivatives. • State level: licencing laws and regulations for securities, lending, and money transmission. See 6. Marketplaces, Exchanges and Trading Platforms and 10. Blockchain . 2.7 No-Action Letters Regulators provide “no-action” letters when their staff will not recommend enforcement action against particular persons based on spe - cific facts and circumstances presented in the request for a no-action letter. 2.8 Outsourcing of Regulated Functions Outsourcing by fintechs to a regulated entity can offer enhanced compliance. Regulated entities are already subject to stringent oversight and have established compliance programmes, which can reduce the risk of non-compliance in the outsourced functions. See 1.1 Evolution of the Fintech Market . Similarly, regulated entities can outsource to fintechs and other third-party providers. Often regulation requires certain due diligence related to the use of third-party providers. With respect to many regulators, the regulated entity remains responsible for compliance even if the entity outsources functions to fintechs. 2.9 Gatekeeper Liability Fintechs may become de facto gatekeepers when subject to US federal or state AML laws, required to detect and report suspicious activity to law enforcement. Unless a specific exemp - tion applies, fintechs must develop risk-based compliance controls designed to prevent laun - dering money, financing terrorism, and/or evad - ing sanctions.

969 CHAMBERS.COM

Powered by