Fintech 2025

USA Law and Practice Contributed by: Margo H. K. Tank, Michael Fluhr, Deborah Meshulam, Kristin Boggiano, David Stier, Liz S. M. Caires, Adam Dubin, Emily Honsa Hicks, Meghan Carey, Kathleen Birrane and Eric Hall, DLA Piper LLP

2025 It is possible that the upcoming year will result in fewer new federal enforcement cases. Some courts have already shown a tendency toward decreasing enforcement support. Recently, the SEC was ordered by a federal appellate court to explain why it denied a rulemaking petition filed by a major exchange. As of March 2025, the SEC has withdrawn major actions against prominent digital asset companies. 2.11 Implications of Additional, Non- Financial Services Regulations While privacy, cybersecurity, social media, and software development regulations apply broad - ly across financial entities and services, legacy financial institutions, and fintechs have different regulatory frameworks and enforcement risks. For example, banks are subject to direct super - visory oversight, whereas fintechs may be obli - gated through contractual arrangements with partners, vendors, or technology providers. Where strict privacy rules apply to banks under the federal Gramm-Leach-Bliley Act, and strict data rules also apply, fintechs are subject to state privacy and data laws – a much less oner - ous framework. 2024 saw a significant uptick in enforcement and litigation matters related to privacy claims under various state Biometric Information Privacy Acts and under the Califor - nia Invasion of Privacy Act. Fintechs are exposed to other marketing and consumer engagement regulations and policies due to their dependence on technology. Prohi - bitions against the use of “dark patterns” is one such example. “Dark patterns” is a set of prac - tices using electronic interface design that may manipulate, mislead, or deceive a consumer into providing consent that they would not otherwise,

or otherwise steer consumers into decisions that they may not truly intend or understand. 2.12 Review of Industry Participants by Parties Other than Regulators Entities like self-regulatory organisations (SROs) and accounting firms or accountants may have responsibilities to review activities of industry participants. SROs are not regulators, but are overseen by federal regulators, such as the CFTC and the SEC. SROs can impose fines and suspend or revoke licenses. There is currently no SRO for digital assets. Accounting and auditing firms play an important role in ensuring compli - ance with financial reporting standards. 2.13 Conjunction of Unregulated and Regulated Products and Services Offering an unregulated product or service in conjunction with regulated products and ser - vices could put the offeror at risk of regulator scrutiny for both products. Companies may want to set up separate entities to streamline compliance of regulated products. 2.14 Impact of AML and Sanctions Rules AML, countering the financing of terrorism (CFT), and sanctions rules impact fintechs in a meaningful and often resource-intensive way. Developing thoughtful, risk-based compliance programmes pre-launch and assessing the ade - quacy of such programmes are important steps to avoid facilitating criminal conduct and mini - mise the risk that a company will become the target of a regulatory or criminal investigation. FinCEN, OFAC, the State Department, the Com - merce Department, and various components of the DOJ regulate and/or prosecute AML and sanctions or export control violations. Additionally, banking and money transmission regulators at the state level have their own

971 CHAMBERS.COM

Powered by