This week, my colleague in Washington, D.C., Mercedes Kelley Tunstall discusses the Consumer Financial Protection Bureau’s announcement (some may say shot across the bow) of a new proposed rule where providers of digital wallets and payment apps would be defined as “Larger Participants” and what laws and regulations they would need to comply with. 

I dive into an update on the long-awaited report from The Federal Housing Finance Agency on its review of the Federal Home Loan Bank System and its two main objectives.

Mercedes also releases the third installment of her analysis on the CFPB’s proposed rule on personal data financial rights, this week focusing on examining the obligations that are applicable to all entities subject to the rule.

Partner Peter Malyshev provides an analysis on the Commodity Futures Trading Commission proposal to significantly amend the rules on investment of customer funds by futures commission merchants and derivatives clearing organizations. Partner James Frazier covers a new proposed rule by the U.S. Department of Labor pertaining to the definition of “fiduciary” under ERISA and Section 4975 of the Code and what the proposed rule would replace if adopted.

Reporting from London, my colleague, Alix Prentice, discusses the UK’s Treasury consultation response on “Financial promotion exemptions for high net worth individuals and sophisticated investors.” Finally, my colleagues, Peter Malyshev and Sukhvir Basran discuss how the Australian Department of Climate Change, Energy, the Environment and Water solicited feedback on proposed amendments to the Australian Carbon Credit Unit Scheme.

We're always here for comments and questions. Just drop me a note here. 

Daniel Meade 
Partner and Editor, Cabinet News and Views

By Mercedes Kelley Tunstall

Partner | Financial Regulation

On November 7, 2023, the Consumer Financial Protection Bureau (“CFPB”) announced a new proposed rule wherein providers of digital wallets and payment apps would be defined as “Larger Participants” and would become subject to supervision by the CFPB, as well as need to comply with consumer financial services laws and regulations. Comments to this Larger Participant rulemaking are due by January 8, 2024.

Any entity that will be submitting comments to this rulemaking should also carefully review the CFPB’s proposed rule regarding Personal Financial Data Rights (“PFDR”) and consider submitting comments to that rulemaking, as well, which comments are due on December 29, 2023. We have covered the PFDR rule in several articles – the first providing an overview is available here, the second regarding the entities that would be covered by the rule is available here, a third regarding the obligations of the entities and some of the technology aspects of the PFDR is in this Cabinet issue, and a fourth installment addressing issues not already covered and that summarizes the areas of likely greatest conflict will be published in the Cabinet issue next week. 

The Consumer Financial Protection Act (“CFPA”) contains provisions that allow the CFPB to identify markets of consumer financial products and services that are deemed to be significant enough that the CFPB should be able to supervise and examine the large participants in those markets. To this end, the CFPB has engaged in five Larger Participant rulemakings (aside from the original three identified in the CFPA) defining the credit-reporting markets, auto finance markets, student-lending markets, international transfers markets, and the debt-collection markets, to name a few. Prior to these rulemakings, non-bank companies that provided the consumer financial products and services were not subject to supervision by the CFPB. Further, after these rulemakings, only those entities that meet the definition of being a “Larger Participant” in the market become subject to CFPB supervision.

In this rulemaking, the CFPB emphasized that part of its authority to supervise providers in the digital wallet and payment app market also rested upon another section of the CFPA giving them authority to supervise any non-bank covered person that it “has reasonable cause to determine by order, after notice to the covered person and a reasonable opportunity . . . to respond . . . is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.” Further, although the CFPB protests that all participants in the digital wallet and payment app space are already covered entities, subject to CFPB enforcement, some of the companies that could be defined as larger participants may not consider themselves to be covered entities to date.

Simply, the scope of this Larger Participant rulemaking intends to cover, “providers of funds transfer and wallet functionalities through digital applications for consumers’ general use in making payments to other persons for personal, family, or household purposes.” These functionalities include digital wallets of all kinds, as well as person-to-person (or P2P) apps. Exclusions from the proposed market include payments made through retailer apps, extensions of credit through apps, and purchases or leases that are made through an app for transportation, lodging, food, an automobile, a dwelling or real property, a consumer financial product or service, to pay a debt, or to split a charge.

Larger Participants would be defined as those entities that are not deemed to be small businesses under the Small Business Act and that provide at least five million covered consumer payment transactions annually through a general-use digital consumer payment application.  When it comes to payment volumes, five million transactions annually is not a very high bar, which is presumably why small businesses had to be specifically excluded. 

By Daniel Meade

Partner | Financial Regulation

On Wednesday, the Federal Housing Finance Agency (“FHFA”) released a long-awaited report on its review of the Federal Home Loan Bank (“FHLB”) System. The FHFA first announced its FHLB System at 100 initiative in August of 2022, but the bank failures of spring 2023 added additional interest in the report given the heavy reliance on some of the failed banks on FHLB advances as they faced liquidity challenges. 

As the FHFA reiterated in the report, the mission of the FHLB system are two objectives: (1) providing stable and reliable liquidity to members; and (2) supporting housing and community development. The report noted that “the role of the FHLBs in providing secured advances must be distinguished from the Federal Reserve’s financing facilities, which are set up to provide emergency financing for troubled financial institutions confronted with immediate liquidity challenges.” The report went on to note that “[t]he FHLB System does not have the functional capacity to serve as the lender of last resort for troubled members that could have significant borrowing needs over a short period of time.”

In addition to covering the FHLB System’s mission and provision of liquidity, the report covered two other themes – housing and community development, and FHLB System operational efficiency, structure and governance. The report noted that certain suggested increased contributions to the Affordable Housing Programs would likely require Congressional action. The report also notes that the FHLB districts have changed little since 1932, despite many changes impacting the FHLBs. 

Especially after the banking  stress events around March of this year, the FHLBs have faced some criticism over not fulfilling their housing mission and just acting as “mini-FRBs.” The report represents an early but substantial step in evaluating the system as it approaches its 100th anniversary.

By Mercedes Kelley Tunstall

Partner | Financial Regulation

In our continuing series on the proposed rule introduced by the Consumer Financial Protection Bureau (“CFPB”) regarding Personal Data Financial Rights, this week’s installment examines the obligations that are applicable to all entities subject to the rule. For an overview of the proposed rule, please see our first post, and to understand the entities that are subject to the rule, please see our second post.

Also, consider the CFPB’s new proposed rule involving a Larger Participant rulemaking wherein the CFPB defines the “digital wallet and payment app” space (e.g., Apple Pay, Google Pay, Cash App) as a financial market and thereby seeks to declare that providers of such services, including BigTech firms, as being subject to CFPB supervision and, of course, all consumer financial services laws and regulations. There is an accompanying article in this week’s Cabinet issue, providing further details on that Larger Participant rulemaking.

For reference, the Personal Data Financial Rights proposed rule is available here and the overall Federal Register notice is available here. Comments are due December 29, 2023.

As we discussed last week, there are three groups of entities that are subject to separate sets of requirements under this proposed rule (again, see more discussion about the details of these groups in our post from last week): 

• data providers, which are entities that have covered data in their control or possession concerning a covered consumer financial product or service that the consumer obtained from that entity;
• authorized third parties, which are those entities who “seek access to covered data from a data provider on behalf of a consumer” so that they can provide a product or service the consumer requested; and
• data aggregators, which are those entities that are “retained by and [that provide] services to the authorized third party to enable access to covered data.”

Two definitions are important to understand the obligations discussed below. First, a covered consumer financial product or service includes all payment cards, whether the cards are debit cards, credit cards or prepaid cards, as well as all electronic payment accounts and transfers that are governed by Regulation E, and all products or services that “facilitate payments from a Regulation E account or Regulation Z credit card.”

Second, “covered data” includes all of the following: transaction data; account balance; information needed to initiate payment to or from a Regulation E account (which can be tokenized or non-tokenized); terms and conditions governing the covered consumer financial product or service; upcoming bill information; and basic account verification information (name, address, email address and phone number associated with the covered consumer financial product or service).

There are some exceptions for the provision of covered data: The data provider need not provide such data (1) when it includes information that is “confidential commercial information,” meaning that it is a custom credit score or other kind of risk or predictive designation; (2) when the information is “collected by the data provider for the sole purpose of preventing, or detecting, fraud or money laundering, or making any report regarding other unlawful or potentially unlawful conduct”; (3) when the information is confidential according to other provisions of law, but not when it is deemed confidential due to privacy policies; or (4) when the data cannot be retrieved in the “ordinary course” of business. 

Most entities providing comments upon the proposed rule will likely address the elements of covered data, asking for more clarification on the scope of each element of the covered data definition, and particularly focusing upon the third exception, which seems incongruent with the purpose of many privacy laws in effect that incorporate open-ended definitions of data that may be deemed sensitive and confidential, leaving each entity to define in its privacy policy that data that should be deemed sensitive and confidential based upon the industry and circumstances of the generation, collection and use of that data. 

Data providers have many obligations under the proposed rule, with the primary obligation being to “make available to a consumer and an authorized third party, upon request, covered data in the data provider’s control or possession concerning a covered consumer financial product or service that the consumer obtained from the data provider, in an electronic form usable by consumers and authorized third parties.” The covered data that must be made available should be the most recent covered data, including data regarding transactions that have been authorized, but that have not yet been settled.

The means by which the data provider must make this information available is through a “consumer interface” that provides consumers with “machine readable files” and a “developer interface” that presents the information in a standardized format. Data providers may not charge fees for access to, development or maintenance of, these interfaces.  The consumer interface is intended to allow consumers to request their own data, the developer interface is intended to allow the data to be accessed by authorized third parties. The proposed rule details the process around establishing the “standardized format” of covered data and appears to be encouraging the industry to work amongst itself to develop these standards. Until such time that a standard format has been defined by industry, then the data provider must benchmark with other data providers and provide information in a fashion similar to how its peers provide that data to be deemed in compliance with this obligation. Data providers must also maintain commercially reasonable “up times” for the interfaces and may not impose an “access cap” to prevent authorized third parties from checking on the data as often as they like. Despite that access-cap prohibition, the data provider may prevent access to the data for risk-related reasons and because there is insufficient information to ascertain which data is being accessed. These interfaces also must employ authentication protocols in keeping with the rule’s requirements, which on the developer interface includes not only authenticating the authorized third party, as well as the consumer, and the scope of the consumer’s authorization to the authorized third party, but also provides a mechanism by which consumers can inform the data provider that they no longer authorize access to their data by an authorized third party that had previously been given authorized access.

When combined with aggressive compliance dates targeted to the largest of financial institutions, which have the most complex and, often, the most intransigent systems, comments from data providers are likely to be very focused upon the operational, technological and practical aspects of these requirements in the proposed rule, as well as to make forceful cases regarding the need to have some number of years to implement these requirements in full. Under the provision of the CFPA that the CFPB is using to support this rulemaking, the CFPB is supposed to remain technology-agnostic and avoid imposing rigid technology requirements on the affected entities. Accordingly, the comments on these requirements are likely to also point out when the prescriptions are too rigid for a technology-agnostic stance.

Authorized third parties, as we discussed last week, are primarily required to obtain express informed consent from the consumer, pursuant to a defined authorization that designates the name of the authorized third party; the name of the data provider; a description of the product or service being requested by the consumer from the third party; a statement that the data accessed will only be collected, used and retained for the purpose of providing the product or services; the categories of covered data that will be accessed; a certification; and a description of the method for the consumer to revoke authorization from the third party. Authorizations must be renewed at least annually.  However, the biggest concern for authorized third parties is likely the prohibition on incorporating any form of targeted advertising or cross-selling of other products or services into the process of interacting with the consumer. 

Finally, data aggregators must work hand-in-hand with the authorized third parties, under the proposed rule. They must be named and included in the authorization provided to the consumer, and must certify to the consumer that the covered data being accessed will only be used for the purposes identified by that authorized third party. Practically speaking, many companies offering services that would typically be viewed as data aggregation will likely be deemed authorized third parties for purposes of this proposed rule.

Stay tuned next week for a final installment on the Personal Financial Data Rights proposed rule, which will address some topics not already discussed and will highlight the areas we think will face the most friction between actors in the industry and between the industry and the CFPB.

By Peter Y. Malyshev

Partner | Financial Regulation

On November 3, 2023, the Commodity Futures Trading Commission (“CFTC”) proposed to significantly amend the rules on investment of customer funds by futures commission merchants (“FCMs”) and derivatives clearing organizations (“DCOs”).

A primary objective of the the Commodity Exchange Act (“CEA”) and CFTC regulations is to establish a framework to safeguard customers’ funds, and a core component of this framework is the requirement for FCMs and DCOs to segregate customer funds from their own money by holding these funds in specially designated customer accounts regulated by Part 1, 22 and 30 of CFTC regulations. Amendments to this statutory framework aim at balancing the requirement of principal preservation and fostering liquidity for clients' funds against greater flexibility for FCMs and DCOs in managing and investing these clients’ assets.

Proposed revisions will apply with respect to customer funds deposited by customers to margin three distinct classes of derivative products: (1) futures and options on futures contracts (i.e., the Commodity Exchange Act (“CEA”) § 4d accounts); (2) the foreign futures and foreign options contracts (i.e., the CFTC Regulation § 30.7 accounts); and the cleared swaps (i.e., the CFTC Regulation § 22.2 accounts). 

The CFTC believes that the following changes are necessary: (a) addition of permitted investments to allow certain foreign sovereign debt and U.S. Treasury exchange-traded funds, limitation of investments in money market funds, and removal of corporate bonds, notes and commercial paper; (b) revision of capital charges relating to these new investments, the use of repurchase and reverse repurchase agreements, clarification of concentration limits of investments and revisions to certain reports as well as replacement of LIBOR with SOFR as a permitted benchmark; and (c) revision of template acknowledgement letters to be signed by the depositories holding customer funds and elimination of the read-only access provisions applicable to the CFTC pursuant to these depository acknowledgment letters. 

The CFTC is proposing these changes because in the 12 years since the last revision of these rules certain regulatory changes and market developments have occurred while a number of FCMs has decreased by a half. The public comment period for these rule amendments will be open until January 17, 2024.

By James Frazier

Partner | Executive Compensation, Benefits & ERISA

On Tuesday, October 31, 2023, the U.S. Department of Labor (the "DOL") issued a new proposed rule pertaining to the definition of “fiduciary” under ERISA and Section 4975 of the Code. If adopted, the proposed rule would replace the DOL’s long-standing regulation addressing when a person is a fiduciary under ERISA in connection with the provision of investment advice. As drafted, the proposed rule would meaningfully expand the number of persons that would be considered fiduciaries in connection with the provision of investment advice. This proposed rule is the latest attempt by the DOL to change the definition of an investment advice fiduciary under ERISA and the Code. In 2018, the Fifth Circuit Court of Appeals vacated the DOL's 2016 fiduciary regulation, its previous rulemaking effort to change this definition. 

Under the existing DOL regulation, originally issued in 1975, a person is an investment advice fiduciary if he or she meets all elements of a five-part test set forth in the regulation. Under this test, a person is an investment advice fiduciary only if (1) he or she renders investment advice as to the value of securities or other property, or makes recommendations regarding the advisability of investing in, acquiring or selling securities or other property, (2) on a regular basis, (3) pursuant to a mutual agreement, arrangement or understanding, (4) that the advice will serve as a primary basis for investment decisions with respect to plan assets and (5) such advice is individualized based on the particular needs of the plan.

The DOL proposes changing this to provide that a person will be an investment advice fiduciary under ERISA and Section 4975 of the Code if he or she provides investment advice or makes a recommendation to a retirement investor (including an employee benefit plan, IRA, plan fiduciary, plan participant or plan beneficiary) for a fee or other compensation (direct or indirect) in one of the three following contexts:

• the person directly or indirectly (e.g., through or together with any affiliate) has discretionary authority or control (whether or not pursuant to an agreement, arrangement or understanding) with respect to purchasing or selling securities or other property for the retirement investor;
• the person directly or indirectly (e.g., through or together with any affiliate) makes investment recommendations to investors on a regular basis as part of their business and the recommendation is provided under circumstances indicating that the recommendation is based on the particular needs or individual circumstances of the retirement investor and may be relied upon by such investor as a basis for investment decisions that are in such investor’s best interest; or
• the person making the recommendation represents or acknowledges that he or she is acting as a fiduciary when making such recommendation.

According to the DOL, the existing regulation is outdated and too narrow in application, and it believes the proposed rule “better reflects the text and purposes of [ERISA] and better protects the interests of retirement investors. . . .” 

In connection with this proposal and the contemplated changes to the investment advice fiduciary definition, the DOL is also proposing amendments to the following prohibited transaction class exemptions (PTCE) available to investment advice fiduciaries– PTCE 2020-02, PTCE 86-128, PTCE 84-14, PTCE 83-1, PTCE 80-83, PTCE 77-4 and PTCE 75-1, Parts III and IV.

Comments on the proposed rule and proposed class exemption amendments are due on or before January 2, 2024. The DOL also anticipates holding a public hearing.

By Alix Prentice

Partner | Financial Regulation

The UK’s Treasury has published its consultation response on “Financial promotion exemptions for high net worth individuals and sophisticated investors” alongside the draft Statutory Instrument making the relevant changes. 

The Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) (No. 2) Order 2023 reflects feedback on a previous Treasury consultation on the operation of exemptions from the financial promotion restriction to enable unauthorised businesses to communicate financial promotions without the approval of an authorised firm to: (a) certified high net worth individuals; (b) sophisticated investors; and (c) self-certified sophisticated investors (together, the Exemptions). The Exemptions enable small and medium-sized enterprises ("SMEs") to raise capital from high net worth individuals and business angels, and the original consultation arose out of concerns about both misuse of the Exemptions and their appropriateness in the light of substantial economic, social and technological changes (including inflation). As a result of the consultation exercise, the Treasury is setting out the following changes to the Exemptions, most of which have been in place since 2001:

1. increasing financial thresholds for eligibility for the high net worth individual exemption from £100,000 to income of at least £170,000 in the last financial year or net assets of at least £430,000 in the last financial year (up from £250,000) excluding primary residences. The use of the word ‘certified’ in that exemption is being removed;
2. amending eligibility criteria for self-certified sophisticated investor to remove the requirement to have made more than one investment in the previous two years, and increase the company turnover required to designate a ‘company director’ as a self-certified sophisticated investor to at least £1.6m;
3. requiring businesses raising funds through the Exemptions to make more disclosures in their communications to enable investors to undertake basic due diligence; and
4. updating the investor statements for high net worth individuals and self-certified sophisticated investors to facilitate greater investor engagement and understanding.

These changes will also be reflected in legislation on the promotion of collective investment schemes, and subject to parliamentary process, the intention is to bring the changes into force on 31 January 2024 for new promotions made from that date and with no transitional relief.

By Peter Y. Malyshev

Partner | Financial Regulation

By Sukhvir Basran

Partner | Financial Services

In August 2023, the Australian Department of Climate Change, Energy, the Environment and Water ("DCCEEW") solicited feedback on proposed amendments to the Australian Carbon Credit Unit ("ACCU") Scheme. This is the third step in the process of modernizing the ACCU, which was initiated in 2022, when an independent panel reviewed the Scheme with the goal of increasing its efficacy and transparency. The panel delivered 16 recommendations in December that year. The Australian Government accepted the recommendations in principle in January 2023, and began translating them into concrete and actionable updates. The ACCU Review Implementation Plan was released in June 2023.

ACCUs are a tradable financial product and have largely been purchased by the Australian Government. The market is also open to private parties, typically those motivated by compliance obligations or voluntary commitments, though ACCUs tend to be generated by land-based projects with “practice changes,” i.e., livestock removal, native plantings, or forest regeneration. Two industrial project methods also exist: landfill gas, which involves landfill methane being converted into biogas or electricity, and carbon capture and storage.

The DCCEEW sought feedback on a number of areas including:

• new ACCU Scheme principles;
• information publication requirements;
• the Commonwealth Government’s role as a purchaser of ACCUs;

• the functions of the Carbon Abatement Integrity Committee; and
• the requirements for native title consent to projects

Final Thoughts

As we discussed in our previous coverage of the ACCU Scheme, a key concern with Australia’s carbon credit market has been a lack of transparency regarding the basis for the carbon credits. Globally, there has been considerable scrutiny of carbon credit schemes, including by the United Nations and at COP27 in November 2022. Lack of transparency and effectiveness continue to be major concerns. We have frequently discussed the perceived drawbacks and criticisms of the use of carbon credit schemes here, here and here. In September, Reuters reported that, for the first time in seven years, voluntary carbon markets had shrunk, as large corporations retreated from previous commitments. For example, Shell stepped back from its spending and volume targets for carbon offsets after previously declaring an intent to invest $100 million a year in offsets and use credits equivalent to 120 million tons of CO2 per year by 2030.

Another concern with the lack of integrity in carbon credit markets is the greenwashing risk we discussed previously, particularly in high-emissions industries such as transportation and aviation. In the U.S., a group of Democratic senators last year called for better oversight of the market for carbon offsets. In an October 2022 letter to the Commodity Futures Trading Commission, senators pointed to the potential for companies to engage in greenwashing and the risk that carbon credits may in fact reduce incentives for corporations to actively work towards carbon reduction: “The purchase of offsets allows many of these multinational companies to make bold claims about emission reductions and pledges to reach ‘net zero,’ when in fact they are taking little action to address the climate impacts of their industry. Several studies have highlighted that carbon offset projects are frequently illegitimate, and those that do contribute to meaningful emissions reductions are often representative of broader ‘pay to pollute’ schemes that place profit over protecting frontline communities.” In response, the Whistleblower Office of the Division of Enforcement of the CFTC issued an alert on June 20 advising the public on how to identify and report potential violations connected to fraud or manipulation in the carbon markets.

(This article originally appeared in Cadwalader Climate, a weekly newsletter on the ESG market.)