Banks that engage in payments-related activities are regulated on the federal level in the US by several federal agencies, including:

• Federal Deposit Insurance Corporation (FDIC);
• Office of the Comptroller of the Currency; and
• US Department of the Treasury.

Non-bank entities are regulated at the federal and state levels in the US. At the federal level, nonbank entities are overseen by several federal agencies, including:

• Financial Crimes Enforcement Network (FinCEN);
• Consumer Financial Protection Bureau (CFPB); and
• Office of Foreign Assets Control (OFAC).

Operative federal laws and regulations for bank and non-bank entities include:

• Bank Secrecy Act (31 USC §§ 5311 et seq.) and its implementing regulations;
• Electronic Fund Transfer Act (15 USC §§ 1693-1693r) and its implementing regulations;
• Truth in Lending Act (15 USC §§ 1601 et seq.) and its implementing regulations;
• Equal Credit Opportunity Act (15 USC §§ 1691 et seq.) and its implementing regulations;
• Fair Credit Reporting Act (15 USC §§ 1681 et seq.) and its implementing regulations; and
• Dodd-Frank Wall Street Reform and Consumer Protection Act (15 USC § 78o) and Regulation II (12 CFR §§ 235.1-235.10).

Entities engaging in payments-related activities should be keenly aware of all developments related to the Durbin Amendment, which expanded Regulation II. The Durbin Amendment extends the mandate that debit card transactions be processed on at least two unaffiliated payment card networks to card-not-present transactions. The final rule also provides that the debit card issuer is responsible for ensuring at least two unaffiliated networks have been enabled and standardized and specifies certain terms and phrases in the Federal Reserve Board’s Regulation II commentary. There has been quite a bit of volatility related to the Durbin Amendment impacting such entities.

On the state level, each US state (apart from Montana) regulates money transmitters and similarly situated payments companies under a state-specific licensing and regulatory regime. As a result, the regulatory framework applicable to such entities varies from state-to-state. The Conference of State Bank Supervisors (CSBS), with the help of a working group consisting of industry participants and state regulators, released the Model Money Transmission Modernization Act (MMTMA) to create a national standard to be adopted by the states. Arizona and West Virginia amended its money transmission laws in 2022 to incorporate substantial portions of the MMTMA. Arkansas, Georgia, Hawaii, Indiana, Iowa, Minnesota, Nevada, New Hampshire, North Dakota, South Dakota, Tennessee and Texas passed legislation based on the MMTMA in 2023.

Yes. Non-bank entities seeking to move money through products or services must consider how federal and state laws and regulations, including those pertinent to “money transmission” might apply to their business models. “Money transmission” is generally defined as the act of receiving currency or other value that substitutes for currency from one party for the purposes of sending it to another party. Examples of “other value that substitutes for currency” includes, but is not limited to, stored value cards, money orders, and, in some states, cryptocurrency.

On the federal level, a non-bank entity must register with FinCEN as a condition to commencing business.

On the state level, a non-bank entity must obtain a license from each state money transmission licensing agency in each jurisdiction in which it will operate as a condition to commencing business. There are various exemptions from state licensing requirements available to non-bank entities, so it is important to consult each jurisdiction’s laws and regulations to determine whether an exemption is available. Noteworthy exemptions include:

• Payment Processor Exemption: A non-bank entity that processes payments as its primary business activity may be exempt from federal and state licensing and registration requirements if they utilize regulated payment networks (e., ACH and Fedwire). In order to take advantage of this exemption, the non-bank entity must have a formal agreement with the seller or merchant to facilitate payments on their behalf for the goods or services they provide.
• Agent of the Payee Exemption: A non-bank entity that handles payments on behalf of a provider of goods or services (e., Uber and Airbnb) may be exempt from certain state licensing and registration requirements. In order to take advantage of this exemption, the non-bank entity must have a formal agreement with the payee to handle payments. Unfortunately, this exemption has not been uniformly adopted in all jurisdictions; however, the MMTMA includes an agent of the payee exemption. States adopting substantial portions of the MMTMA generally adopt the provision including an agent of the payee exemption.
• Authorized Delegate Exemption: The authorized delegate exemption allows a company to move money without obtaining a state money transmitter license if it is partnered with an entity that is (a) already a state-licensed money transmitter or (b) exempt from registration. The most common arrangement involves a non-bank entity operating under the money transmission exemption of the bank it is partnered with to handle payments via an FBO account. Unfortunately, this exemption has not been uniformly adopted in all jurisdictions.

Again, state laws and regulations vary widely. It is very important to consult each jurisdiction’s laws and regulations to ensure operational and regulatory compliance prior to engaging in business.

In our experience, mobile applications and digital payments are the most popular payment methods in the US currently. Gift cards, cryptocurrency, and other tokenized assets are the growing in popularity as payment instruments; however, we most often work with entities that are facilitating the movement of fiat between users.

In June 2023, the CFPB released a blog post, “Laying the foundation for open banking in the United States”. In the blog post, Director Chopra stated that “[t]he CFPB is working to accelerate the shift to open banking through a new personal data rights rule intended to break down … obstacles, jumpstart competition, and protect financial privacy. To do this, the CFPB is formalizing an unused legal authority enacted by Congress in 2010. This authority gives consumers the right to control their personal financial data. These rights will become a practical reality after the CFPB implements a rule that sets expectations for the market. [The CFPB] expect[s] to solicit comments on [its] formal proposal in a few months and finalize in 2024.” As a result, we expect to see an increased focus on open banking in the US, which is unsurprising given the number of millennials and Gen Z-ers entering into the economy.

In the US, data regulation is primarily governed by the federal Gramm-Leach-Bliley Act (15 USC §§ 6801 to 6809) and its implementing regulations. Each state maintains its own data privacy and data security law and regulations. Knowledge of and adherence to all applicable federal and state privacy and data security laws and regulations is of paramount importance to fintechs. State data privacy and data security laws and regulations have been evolving rapidly over the past few years, so maintaining a robust regulatory change management program is essential for a fintech’s viability. In the past few years, for example, multijurisdictional fintechs have needed to adapt to changing (and, sometimes, conflicting) data privacy and cybersecurity requirements in California, Massachusetts, and New York.

Many regulators expect companies to have implemented “reasonable” security measures based, for example, on the sensitivity of data at issue. Companies in response have relied on cybersecurity standards (e.g., the NIST Cybersecurity Framework) to identify risks and establish data security protocols. However, certain states or regulators have been more prescriptive about required controls. For example, the New York Department of Financial Services Cybersecurity Regulation mandates that companies utilize certain controls, including annual penetration testing.  Similarly, the FTC’s revised Safeguards Rule (applicable to certain financial institutions) requires encryption, multi-factor authentication (or equivalent technology approved by the individual overseeing the applicable information security program).

Additionally, fintechs should maintain vendor management policies and procedures that contain requirements for vendors to report data breaches to the fintech on short order. Many states require fintechs to report data breaches by third-party vendors to consumers or risk regulatory enforcement actions for failure to notify consumers timely and in a specific format. For example, Arizona requires fintechs to notify consumers of a data breach under A.R.S. § 18-551 et seq., with certain limited exemptions for persons subject to GLBA or HIPAA. Many other states have similar requirements, as well.

Federal and state regulators appear to accept that innovation is here to stay. Regulatory sandboxes in the US currently only exist at the state level. A growing number of states are enacting a sandbox program, beginning in 2018 with Arizona and followed by Florida, Hawaii, Nevada, North Carolina, Utah, West Virginia, and Wyoming. Arizona’s Fintech Regulatory Sandbox Program (A.R.S. § 41-5601 et seq.) is arguably the most successful sandbox program in the US, and new states have been looking to Arizona’s precedent to create their own sandbox program. Federal attempts to implement a sandbox have been largely unsuccessful, with the CFPB expiring its Policy of No-Action Letters and Policy on the Compliance Assistance Sandbox in September 2022.

Because, again, such sandbox programs only exist at the state level, participants should ensure that their activities do not cross state lines. Once activities cross a state line, the activities become an “interstate” matter that may be subject to federal regulatory oversight.

We do not foresee any imminent risks to growth in the US fintech market. The federal and state governments appear to have accepted that innovation is the future of US financial services.

Notwithstanding the foregoing, the federal and state governments remain a bit distrustful of innovation, and too often view the foundational tenet of innovation to be circumventing laws and regulations aimed at consumer protection. New laws and regulations aimed at strengthening consumer protection are proposed and enacted frequently. As an example, state legislatures have been enacting new laws and regulations aimed at bank-model lending platforms, which limit interest rates that may be charged by non-bank partners, provide for predominant economic interest tests to determine who the “true lender” is, and place restrictions on the interest rates that may be charged by out of state-chartered banks. Specifically, with respect to payments law, federal and state regulators have been actively monitoring cryptocurrency business activities, proposing enhanced federal and state regulatory oversight of companies dealing with cryptocurrencies. Three states, with a possible fourth in 2024, have enacted virtual currency-specific licensing requirements for cryptocurrency companies.

In short, while we do not foresee any imminent risks to the growth of the US fintech market, the laws and regulations governing regulatory and operational compliance continue to grow and complicate, demanding robust operational and compliance programs from fintechs entering the market. We also expect new federal and state laws governing data privacy, cybersecurity, and the use of artificial intelligence that may change the US fintech landscape.

The Foreign-Derived Intangible Income (FDII) deduction is an incentive for domestic C-corporations to generate revenue from serving foreign markets. FDII is currently taxed at 13.125% (16.4% for tax years beginning after 2025) instead of 21% which is a U.S. federal corporate income tax rate. FDII includes, generally, income from (i) sales to non‐U.S. customers, (ii) services performed for non‐US persons or with respect to non‐US situs property, and (iii) royalties for IP used in non‐US markets. Our fintech clients that are domestic C-corporations should be able to avail themselves of the FDII rate on a substantial part of their FDII received from direct sales to foreign customers and royalties received for IP used outside the United States.

Our fintech clients in the clean energy and electric vehicle industries often require assistance with navigating federal and state tax incentives, as the US is focused on reducing its carbon footprint. As of November 2023, the IRS released the following non-exhaustive list of business tax credits that may be available to such clients:

• Energy Generation and Carbon Capture:
  • Production Tax Credit for Electricity from Renewables;
  • Clean Electricity Production Tax Credit;
  • Investment Tax Credit for Energy Property;
  • Clean Electricity Investment Tax Credit;
  • Low-Income Communities Bonus Credit;
  • Credit for Carbon Oxide Sequestration; and
  • Zero-Emission Nuclear Power Production Credit.
• Clean Vehicles:
  • Credit for Qualified Commercial Clean Vehicles.
• Manufacturing:
  • Advanced Energy Project Credit; and
  • Advanced Manufacturing Production Credit.
• Commercial Energy:
  • New Energy Efficient Homes Credit; and
  • Energy Efficient Commercial Buildings Deduction.
• Fuels:
  • Clean Hydrogen Production Tax Credit;
  • Clean Fuel Production Credit;
  • Biofuels Incentives;
  • Alternative Fuel and Alternative Fuel Mixture Excise Tax Credits; and
  • Sustainable Aviation Fuel Credit.

Many of these fintech clients also seek to provide their customers with assistance in navigating individual tax incentives, as well. Such incentives include, but are not limited to:

• Energy Efficient Home Improvement Credit for:
  • Exterior doors, windows, skylights and insulation materials;
  • Central air conditioners, water heaters, furnaces, boilers, and heat pumps;
  • Biomass stoves and boilers; and
  • Home energy audits.
• Residential Clean Energy Credit for:
  • Solar, wind, and geothermal power generation;
  • Solar water heaters;
  • Fuel cells; and
  • Battery storage.

This is a difficult question to answer for the US market. Over the past 10 years, technology and innovation have projected the fintech sector to the forefront of US financial services, strengthened by the robust growth of the US banking sector, rapid digitization, changing consumer preferences, and increasing support of investors and regulators. According to a recent report from McKinsey & Company, as of July 2023, publicly traded fintechs represented a market capitalization of $550 billion. In the same period, there were more than 272 fintech unicorns, with a combined valuation of $936 billion, a sevenfold increase from 39 firms valued at $1 billion or more five years ago.

With the economic downturn in the US, the past year has been turbulent for fintechs. Liquidity has dried up a bit, fintechs are going longer between funding rounds, and they are often turning to private markets for funding. B2B fintech segments have been more resilient than B2C, and BaaS and embedded finance continues to grow.

As further discussed in question 6 above, we believe that the US market is an attractive market for fintech entrepreneurs. A growing number of states are enacting a sandbox program, beginning in 2018 with Arizona and followed by Florida, Hawaii, Nevada, North Carolina, Utah, West Virginia, and Wyoming. Arizona’s Fintech Regulatory Sandbox Program (A.R.S. § 41-5601 et seq.) is arguably the most successful sandbox program in the US, and new states have been looking to Arizona’s precedent to create their own sandbox program.

We are not aware of any immigration rules in force or on the horizon that would limit a fintech’s ability to hire appropriate talent from around the world. The US fintech market thrives on global talent, making immigration a key component in hiring individuals with the appropriate talent and expertise.

Fintech professionals may qualify for a range of US immigration options tailored to their skills and expertise. These include:

• The O-1 Visa, available to individuals with extraordinary abilities;
• The H-1B Visa, available to individuals in highly specialized occupations; and
• Permanent residency pathways, such as the EB-1A, EB-2, and EB-2 NIW Visas.

An individual’s decision as to the appropriate immigration pathway typically hinges on the individual’s:

• Level of expertise;
• Professional accomplishments;
• Existing job offers; and
• Future career aspirations.

It is important for such an individual to consult with a US immigration attorney to navigate this process efficiently and seek the visa most appropriate for his or her individual needs.

We are not aware of any regulatory efforts to fill gaps in access to fintech talent, and it does not seem that the fintech industry is a driving force on influencing US immigration policy. The US is experiencing an influx of migrants at its borders, with several border states seeking to take action to limit the number of migrants crossing US borders. That seems to be the biggest driving factor behind immigration reform in the US at this time.

Fintech patents are crucial for any business seeking to protect its intellectual property. Patents within the fintech area are generally directed at a broad range of financial services, including, but not limited to:

• Internal banking systems;
• Investment technologies;
• Payment systems;
• Blockchain/cryptocurrency/NFT;
• Cybersecurity; and
• Financing (g., automated underwriting models).

Failing to secure patent protection from the US Patent and Trademark Office (“USPTO”) for technology leaves competitors with open opportunity to copy and release their own versions of the technology. Patents protect fintechs by allowing them to expand their market share without fear of competitors encroaching on their territory. A patent allows the fintech to exclude others from making, selling, using or otherwise commercializing products and services that are covered by the claims of the underlying patent for a specified period. During this period, the fintech may enforce its patents against third parties that have infringed any of the fintech’s patents and thereby both cease infringing conduct and recoup reasonable royalties, lost profits, or other appropriate damages.

As with immigration, it is important for fintechs to consult with US patent attorneys to ensure they are appropriately protected. Oftentimes, multiple patents are required to fully protect the company, as patents are highly specific and nuanced. Moreover, a skilled US patent attorney will assist the fintech in patenting the “right” technology. For example, recent Supreme Court decisions and subsequent case law have narrowed patent eligibility within the software field.  The USPTO has adopted a two-part test to determine patent eligibility of patent claims: (1) Are the claims at issue directed to an abstract idea, and (2) do the claims contain an “inventive concept” sufficient to “transform” the claimed abstract idea into a patent-eligible application.  Thus, for example, new data storage techniques, encryption techniques, machine learning models, and network security techniques may be patent eligible to the extent they go beyond a mere abstract idea and describe specific technical improvements.  The devil is in the details!

Although the FTX collapse dramatically changed the US crypto regulatory landscape, non-bank crypto companies have historically been regulated as money transmitters or money services businesses.

On the federal level, non-bank crypto companies generally need to file as money services businesses with FinCEN. There is presently no primary federal regulator tasked with overseeing the crypto industry. The CFTC, SEC, and FinCEN separately regulate crypto companies on the federal level, but they tend to disagree on the approach as to how cryptocurrencies should be regulated. Crypto activities also have been getting some attention from the CFPB, with the CFPB issuing a complaint bulletin in November 2022 that highlights complaints the CFPB received related to crypto assets. Additionally, the White House has made a concerted effort to regulate the digital asset industry, issuing the Executive Order on Ensuring Responsible Development of Digital Assets in March 2022.

For banking institutions, federal bank regulators issued a joint statement last year on crypto-asset risks to banking organizations and have issued guidance for banking institutions that engage in crypto-asset-related activities.

On the state level, each state’s laws and regulations include a defined term for “money” or a similar term. Some state definitions are narrow enough to expressly exclude cryptocurrency, and others are broad enough to encompass it. It is a bit of a regulatory patchwork quilt, and each company’s anticipated flow of funds and specific business activities (custody, transmission, exchange) must be viewed against the backdrop of state laws and regulations and formal/informal regulator determinations to ascertain any required state licenses. A handful of states have enacted virtual currency business licensing regimes. New York has its BitLicense and Louisiana has its Virtual Currency Business License, for example. Importantly, it seems that crypto companies may continue to be subject to money transmission licenses in these states, depending upon the company’s specific business activities. In short, this is more like an “added” regulatory requirement than an “in lieu of” regulatory requirement. Other states, like California and Illinois, are either newly regulating (California) or anticipate regulating (Illinois) cryptocurrency business activities under a separate license. Amidst all of the added regulation, one state (Hawaii) issued a release in February 2024 indicating that crypto companies will no longer require a Hawaii-issued money transmitter license to conduct business.

We are expecting quite a bit of volatility in the regulation of cryptocurrencies on the federal and state levels after the FTX collapse. Unfortunately for crypto fintechs in the US, the FTX collapse pointed a spotlight on cryptocurrency-related activities, and many US regulators approach such activities with skepticism. It seems that increased regulation is on the horizon.

With respect to initial coin offerings, the US Securities and Exchange Commission (SEC) released an FAQ on initial coin offerings in June 2023. Under the heading “Five Things to Know About ICOs,” the SEC stated the following:

• ICOs can be securities offerings and fall under the SEC’s jurisdiction of enforcing federal securities laws.
• ICOs may need to be registered with the SEC.
• Merely calling a token a “utility” token or structuring it to provide some utility does not prevent the token from being a security. The SEC will look to the substance of the offering in determining whether the ICO should have been registered, even if the nomenclature does not otherwise indicate that the ICO is a securities offering.
• Consumers should be wary of ICOs, as they can be fraudulent and present substantial risks for loss or manipulation with little recourse for victims after the fact.
• Consumers should question and demand clear answers prior to investing.

Fintechs considering ICOs should work with skilled US securities attorneys prior to raising capital or participating in investment opportunities. Such an attorney will assist the fintech in navigating complicated federal and state securities laws to avoid issues of material non-compliance and enforcement actions down the line.

We generally work with state fintech sandboxes; however, we are aware that IBM offers programs for innovators seeking to utilize blockchain in their business ventures.

Automated Underwriting Models (AUMs) backed by AI have been utilized in the US for several years. Additionally, fintechs often utilize chatbots on their websites backed by AI to respond to consumer inquiries about financial products offered by the fintechs.

We do not expect regulation either to impede or encourage fintechs’ use of AI. Rather, we expect regulation to regulate its inevitable use by enhancing consumer protections. Setting aside concerns of malicious intent from users, federal and state regulators remain concerned about AI generating misleading information, reflecting biases, generating offensive content, and storing sensitive information.

In our experience, we have seen AUMs and chatbots utilized by insurtechs, as well. The use of AI is largely consistent with US fintechs.

Specifically, with respect to insurtech, insurtech companies are driving innovation, improving efficiency, and reshaping the insurance landscape. They have been impacting the insurance industry by leveraging technology and innovative approaches in the following ways:

• Customized Offerings: Insurtechs use technology to create tailored insurance products that cater to individualized needs and preferences. The customer-centric approach is attracting a new generation of tech-savvy customers.
• Accessibility and Efficiency: By embracing technologies like AI, blockchain, Internet of Things (IoT), mobile apps, and telematics, insurtech is making insurance more accessible, affordable, and efficient, improving the overall customer experience.
• Predictive and Preventive: The industry is shifting from its traditional focus on “detect and repair” to a more proactive approach of “predict and prevent.” Insurtech solutions enable insurers to anticipate risks, prevent losses, and enhance decision-making processes.
• Automation and Integration: Insurtech empowers traditional insurers by automating manual tasks, integrating data across the organization, and enhancing personalization. It also helps move away from legacy systems to modern cloud applications.

As an example of the rapid expansion and development in US insurtech, Amazon announced in November 2023 that it would be offering Prime members care from One Medical, including 24/7 on-demand virtual care nationwide and office visits at any of One Medical’s locations across the US for $9/month or $99/year. Additionally, CVS indicated in a February 2024 release that it would be continuing to invest in omnichannel health services, which provides consumers with accessible care options in-person, virtually, or at home.

Based on experience, the US market has not witnessed a degree of disruption resulting in displacement (or potential displacement) of incumbent financial institutions. It has been more of a collaboration process. That seems to be the future of fintech involvement in the US.

A good example of collaboration in the US is bank-model lending. Structures for bank-model lending programs vary but have certain core elements in common. Typically, the facilitator (a fintech) markets loans originated by a partner bank that is named as lender in the loan documents and provides the initial loan funding. The loans may be secured or unsecured, and borrowers may be consumers or business entities. Most often, loan disclosures are delivered online through a website created and managed by the facilitator, loan applications are taken on the website and loan documents are executed electronically on the website. However, in some cases, facilitators may take applications, deliver disclosures and/or arrange for document execution through brokers, retailers, or other offline channels.

The extent to which banks and other incumbent financial institutions carry out their own fintech development and innovation programs varies, with size and resources of the institution being determining factors. Based on experience, banks and incumbent financial institutions tend to collaborate with or acquire fintechs to expand their financial services products. In the case of an acquisition, the fintech generally maintains its independence to the public, but draws on the resources of the bank or financial institution operationally.

As previously noted, the US market typically sees collaborative efforts with incumbent financial institutions, rather than true disruption.