Banks’ data collection efforts lacking; CFPB, JPMorgan offer advice

Register now

Banks have to get more sophisticated in delivering the data regulators need to assess compliance with banking rules, according to officials of the Consumer Financial Protection Bureau and JPMorgan Chase.

“We tend to rely on data to determine risk and where there are violations,” Kristen Donoghue, the CFPB's enforcement director, said at SourceMedia’s RegTech 2018 conference in New York. “Companies are having trouble pulling the data we need. That’s an area where technology can be helpful and it’s exciting to us.”

Relying on new regtech to provide that kind of data could be especially useful for the bureau at a time when the regulator is making changes in an attempt to collaborate better with startups to help them understand the regulatory environment, as well as test products in controlled environments.

Paul Watkins, who joined the bureau in July to lead the Office of Innovation, is attempting to replicate some of the success from Arizona’s Fintech Sandbox, Donoghue said. Watkins managed Arizona’s Fintech Sandbox, the first such one in the country, for the Arizona Office of the Attorney General.

Donoghue also pointed to the bureau’s recent effort to revamp its disclosure sandbox proposal, the first proposition from the Office of Innovation. The proposal, which is a revision of the bureau’s original 2012 policy, is designed to help companies test product disclosures for a two-year period with the ability to apply for an extension.

Banks such as JPMorgan Chase, meanwhile, described the extra measures they were taking to develop their expertise in regulation and compliance technology.

During a separate panel, Paul Margarites, head of fintech engagement within the treasury services innovation team at JPMorgan, said his team’s efforts are a break from traditional approaches to digital compliance.

“You need full-time teams thinking about this every day, knowing the landscape, knowing who’s out there, having relationships and being able to work within your own organization to be able to demonstrate tests and say this is how we’re going to take this live and how we’re going to scale it,” Margarites said.

“How do you run a proof of concept and what is that going to look like a year and a half from now? You can’t start that job at 8 o’clock at night,” he said.

In the past, banks have had small innovation teams that tried to address tech initiatives across multiple different business lines, said David Choi, the U.S. regtech leader for PwC. Innovation teams have to be ready to introduce new skills to other employees, but finding the talent to staff those innovation teams is difficult for large, slow-moving banks.

“They’re going to ask, ‘What are those capabilities this organization is going to provide me and what does my career track look like?’ ” Choi said. “All of that stuff is changing. You’ll look at an organization and job opportunity and ask if that organization is ready to future-proof my career.”

As bank-fintech partnerships blossom, banks need to vet how data flows in those partnerships, said Margarites, who came to JPMorgan from PwC about 10 months ago. He said to consider two factors in regtechs: how they use internal as well as external data sources to extract insights for their institutional partner, and if they can use both data sets together in a way that makes sense to bankers.

“Give me a look at a clean dashboard, chop up the data, and say this is what the data says and this is why I made this decision,” Margarites said. “If they can produce that to me cleanly, I know that’s a firm I should do a proof of concept with.”

Of course, the use of data can be thorny, even for regulators.

The CFPB’s disclosure sandbox proposal has not been without controversy. Fifty consumer groups last week submitted a joint letter against the plan during the public comment period that ended Oct. 10.

Those groups argued the legal safe harbors afforded to fintech companies participating in the sandbox would put consumers’ data at risk, and such a proposal exceeds the bureau’s statutory authority.

“The proposed policy is far outside the consumer bureau’s authority and would allow entire industries to ignore consumer protection requirements for an unlimited time period with no showing of consumer benefit and no public input,” the groups said in the letter.

Donoghue did not address those concerns Monday, but said the bureau “received a lot of comments that our policy needed to be more streamlined. The bureau is evaluating the comments.”

Donoghue was also asked whether the bureau’s renewed focus with the Office of Innovation changes enforcement priorities. “I wouldn’t say there have been changes in that we’re looking at one market more than another,” she said.

However, Donoghue did give the audience some general advice on how they can avoid running into any future issues with the bureau.

The CFPB looks to make sure banks are complying with relevant rules from many state and federal agencies, and that they be familiar with all of those. Donoghue also said companies should keep tabs on the bureau’s Consumer Complaint Database, which tracks a person’s original issue and how a company responded.

“The acting director" — Mick Mulvaney — "views this as a valuable resource,” she said. “Companies should really pay attention to those consumer complaints so that you can see where the problems are.”

For reprint and licensing requests for this article, click here.
Regtech Fintech regulations Data governance Mick Mulvaney CFPB JPMorgan Chase RegTech Conference