CEI Comments to the Bureau of Consumer Financial Protection Proposed Policy on No-Action Letters and Product Sandbox

Docket No. CFPB-2018-0042

View Full Document as PDF


On behalf of the Competitive Enterprise Institute (“CEI”), we are pleased to provide the following comment letter on the Bureau of Consumer Financial Protection’s (“Bureau,” “BCFP,” or “CFPB”) Proposed Policy on No-Action Letters and Product Sandbox (“the proposal”).

Founded in 1984, CEI is a non-profit research and advocacy organization that focuses on regulatory policy from a pro-market perspective. A strong focus of CEI is on removing regulatory barriers to innovation that inhibit access to capital for businesses and consumers.


The Bureau of Consumer Financial Protection is often assumed, by its supporters and its critics, to be a regulator with a narrow mission: to protect consumers through heavy-handed regulations and enforcement actions. It is a view that consumer protection is a zero-sum game, that industry is made better off only at the expense of the consumer, and inversely, that a consumer’s benefit will come only when government can protect them from predatory institutions.

Given this view, one would be forgiven for thinking that the regulator lacked any kind of mandate to pursue pro-market reforms, such as prioritizing competition and innovation. But that would be mistaken. 12 U.S. Code § 5511(b)(3), (5), for example, states that the Bureau’s objectives include:

(3) outdated, unnecessary, or unduly burdensome regulations are regularly identified and addressed in order to reduce unwarranted regulatory burdens;

(5) markets for consumer financial products and services operate transparently and efficiently to facilitate access and innovation.[1]

The purpose of the Bureau in pursuing consumer protection is not only to enforce the law but to also facilitate innovation and competition. Indeed, innovation is an essential element of any consumer protection framework.

Innovation – particularly the exciting development of various types of financial technology commonly referred to as “fintech” – can solve many consumer protection problems. Take the example of small dollar lending and a new fintech product called “Dave.”[2] Dave is a mobile application that synchronizes with a customers’ financial accounts and analyzes their spending habits. Dave then builds the customer a budget in order to better predict when they are at risk of overdrawing their account. If a customer is indeed going to overdraw their account, Dave will advance up to $75, interest-free, to cover the shortfall – a small dollar loan to be paid back from the consumers next paycheck. Rather than charging relatively high interest rates, as done by a typical payday lender, Dave is a subscription-based service charging merely $1 per month.[3] Dave is an example of many fintech firms that are replacing loan officers with algorithms and brick and mortar stores with iPhone applications.

Contrast the innovative business model of Dave with the Bureau’s payday lending rule under the previous director.[4] The Bureau’s original rule was incredibly strict, imposing an underwriting standard that threatened to make between 75 to 91 percent of all loans unprofitable.[5] CEI has written extensively on the drawbacks of the rule,[6] and we support its revision.[7] Nevertheless, even assuming that the Bureau’s original rule was both necessary and effective, it is still an inferior form of consumer protection as compared to an innovative, market-driven solution like Dave. Where strict regulation merely takes away choices from the consumer, innovation can give consumers more and better choices. Dave is a cheaper, better quality, and easier to use platform than a traditional payday lender. This improvement in the lending market is something that the Bureau by itself could never achieve, no matter how many regulations are promulgated or lawsuits are filed. Innovation is a crucial aspect of improving consumers’ lives, and it deserves an equal place amongst the Bureau’s consumer protection priorities.

It is encouraging to see the Bureau finally embrace this aspect of its mission. To date, the Bureau’s actions have fallen far short of what was hoped for when its flagship innovation agenda, “Project Catalyst,” was launched. Beyond a failure of Project Catalyst to produce any meaningful results,[8] the Bureau has actively created more regulatory uncertainty for innovative firms through its rulemaking and enforcement actions, such as fair lending liability.[9]

A new, innovation-friendly consumer protection framework can be to the benefit of all – consumers, firms, and the regulatory agencies that oversee them. It is far from a zero-sum game. CEI strongly supports this new direction for the Bureau. We now turn to the specifics of the proposal. 

No-Action Letter Policy

No-action letters play an important part in a regulatory system. Statutes, and to a lesser extent regulations, are by their nature “blunt” instruments, pronouncements that govern a broad range of actors and actions. They are not “sharp” instruments, in the sense that they are not often applied to specific facts and circumstances.

In the United States, much regulation of financial markets derives from statutes that were drafted many decades ago. The National Bank Act – a major, enduring piece of legislation – even hails from the Civil War years.[10] While they have occasionally been modified over time, these decades-old laws are often an uneasy fit for innovative financial firms. Fintech companies are often faced with ambiguity as to which laws, regulations, and agencies govern them.[11] Companies trying to do the right thing may find themselves on the wrong side of the law – or rather, dated interpretations of the law – as a result.

Regulators, of course, cannot repeal or modify statutes in the face of innovative business models – only Congress can do that – but many have found an alternative to denying new firms the chance to get off the ground. Tools such as no-action letters and regulatory sandboxes have the benefit of specificity and flexibility until old statutes are modernized.

We agree with the proposal that the Bureau’s previous no-action letter policy was inadequate. It clearly did not serve the purpose it intended to. The policy required too much unrelated information to be filed, making it overly difficult to apply for.[12] Further, the relief that the Bureau has attempted to provide from such threats has been completely inadequate. To date the Bureau has issued one no-action letter, to Upstart, a fintech company that uses artificial intelligence to make credit decisions. However, the letter was “subject to modification or revocation at any time at the discretion” of the Bureau.[13] Even further, the Bureau’s letter was explicitly non-binding, stating that the Bureau may initiate a retroactive enforcement or supervisory action against the company if appropriate. To obtain uncertain benefits, Upstart was therefore required to hand over propriety data on its currently unapproved underwriting operations, notwithstanding the fact that the Bureau retained authority to enforce laws retroactively against the company, such as the Equal Credit Opportunity Act. This is no assurance at all. 

The new policy, by contrast, is a substantial improvement. In particular, one innovative feature of the policy – allowing trade associations to apply for no-action letters on behalf of one or more of their members, and allowing service providers to apply for a letter covering business relationships with third parties – is a constructive idea. Individual firms may understandably be reluctant to communicate openly with regulators who have, at least previously and maybe again in the future, taken a hostile attitude towards their industry. Allowing trade associations to be involved in the process will generate more interest from individual (and particularly smaller) firms due to both the cost savings and relative anonymity.

Another much-improved aspect is the change to retroactive liability. The proposal assures firms that even if a no-action letter is withdrawn, the Bureau will not pursue a penalty as long as the no-action letter is revoked for a reason other than a failure to comply with the terms and conditions of the letter. As described above, stronger assurances are required precisely because the Bureau under past management was so aggressive in going after the financial services industry.

Further, a major detriment of the previous policy was its exclusion of no-action letter relief for Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) under 12 U.S. Code § 5531.[14] This exclusion severely limited the usefulness of the policy, as the Bureau has relied upon UDAAP as its primary enforcement tool over the years, in part because there are a broad range of penalties for violating UDAAP, including civil penalties of up to $1 million per day.[15] Furthermore, the provision affords the Bureau wide latitude in enforcement, allowing it to challenge conduct it doesn’t like, even if that conduct is not in violation of any express legal requirement.[16] Even worse, however, is the fact that there is significant uncertainty as to what an “abusive” act or practice is. The provision is particularly confusing because it is both broad and vague. Further, it distinguishes abusive practices from those that are unfair and deceptive without explaining how they differ.[17] This has led to “abusive” being labeled “the most feared word in Dodd-Frank.”[18] It is therefore encouraging to see the Bureau’s new policy include no-action letter relief for UDAAP, as it is this provision from which firms need relief the most.

Product Sandbox

Another proposed tool to achieve the objectives described in § 5511(b)(3), (5) is a “product sandbox,” otherwise known as a “regulatory sandbox.” Sandboxes are a set of regulatory tools that enable innovative firms to test their business models without having to comply with the whole swath of financial regulations. They represent a “flexible” method of regulation that seeks to relax certain requirements for a period, while also maintaining the overarching regulatory framework.[19] Depending on how it is structured, the benefits of a regulatory sandbox can manifest in lowering administrative barriers that are obstacles to achieving scalability.[20]

According to the proposal, the Bureau’s sandbox would be built out of three tools, notably:

  • No-Action Letter relief;
  • Approvals by order under three statutory safe harbor provisions, the Truth In Lending Act; the Equal Credit Opportunity Act; and the Electronic Funds Transfer Act; and
  • Exemptions by order from statutory provisions or from regulatory provisions that do not mirror statutory provisions under rulemaking authority or other general authority.

The first sandbox to be established worldwide was by the United Kingdom’s Financial Conduct Authority, part of far-sighted regulatory reforms to establish the UK as the “FinTech capital of the world.”[21] While the UK’s experiment has been largely a success, there are some concerns of which the Bureau should be aware. One such concern is the rate of acceptance, with less than a third of all applicants being accepted per round of application.[22] An associated concern is the “investment bump” that sandbox firms receive compared with those not chosen, with most participants in the UK sandbox reporting increased funding from investors due to participation.[23] This barrier to entry and subsequent investment bump may be a problem for sandboxes in general as the government is not adept at determining which firms are most “innovative” or “beneficial” to consumers – and are therefore picking winners and losers instead of letting the competitive process decide.[24]

A lesser known, but equally successful regulatory sandbox model is in Australia, administered by the Australian Securities and Investment Commission. ASIC’s model has a particular feature that overcomes the problem of picking winners and losers. Regulatory Guide 257, which establishes the sandbox, includes a provision for a fintech industry licensing exemption.[25] This component of Australia’s regulatory sandbox is different from other sandboxes, as eligible firms are not required to submit an application form and are able to commence testing without engaging with ASIC. The kind of firm and product eligible for the exemption is rather limited, including only those who provide advice or deal in or distribute products, but this may be expanded in the future.[26] Not only is this model less intensive to operate because it does not require the regulator to consider and approve each individual application, but ASIC’s exemption also does not require it to determine whether a particular offering is “innovative enough.”[27] If the firm meets the stringent criteria laid out by ASIC, it is given a time-limited period of regulatory relaxation to test their product, removing the acceptance bias of government regulators.[28]

For the Bureau, designing a sandbox for U.S. firms faces unique challenges.  The Bureau will have to navigate between nearly a dozen federal financial regulators and the regulators of 50 state governments (plus those of the District of Columbia.) An effective sandbox requires extensive cooperation, but policy disagreement may not always be that easy to iron out.

Further complicating the sandbox construction are the unusual provisions of § 1042 of the Dodd-Frank Act. These provisions give state attorneys general the power to bring suit in state and federal courts not just against those it deems violators of laws of their respective states, but of those it deems in violation of federal consumer financial statutes. There is no direct bar to a state official bringing such a suit even if his or her interpretation of the law stands in conflict with a no-action letter or regulatory exemption from the Bureau.[29]

Fortunately, § 1042(b)(2) of Dodd-Frank gives the Bureau the power to put some curbs on such actions by states. It can remove such suit from state to federal court. And should a court of law rule in favor of a state, the Bureau can directly appeal such a ruling. The Bureau should make an explicit policy statement that it will take such actions whenever a state takes pursues a suit against a firm to punish specific actions authorized by the sandbox. This would send a clear message that the Bureau has the proverbial “back” of legitimate fintech firms.

The Bureau should also help states that share the common goal of simplifying red tape for fintech firms. It should support states that are building regulatory sandboxes by self-limiting its enforcement actions against those that it deems are appropriately protecting consumers, potentially through Memoranda of Understanding (MOUs) with various state regulators.

Another consideration for the Bureau in promoting innovative financial products is the fact that there are likely, at times, to be setbacks. With all change comes risks, and the Bureau should be prepared for the possibility that some product, service, or firm will be a greater risk than they first thought. As CEI’s founder, Fred Smith, argued in the wake of the Enron corporate scandals, it is not always easy for anyone – government or business – to distinguish between legitimate entrepreneurs and frauds and miscreants, especially on the frontier of innovation.[30] However, as Smith continues, “Too often, the inevitable losses associated with the trial and error process lead to quixotic attempts to seek a trial without error approach.”[31] Trial without error, Smith concludes, “is a utopian fantasy… In effect, we address frontier risk by closing the frontier.”[32] Trial and error should not dissuade the Bureau from its attempts to promote innovation – it is only through this disruptive process of creative destruction that consumers are provided with better products at better prices.[33]

Flexible Regulation Should Not Substitute for Reform

As described above, the tools the Bureau seeks to utilize in achieving the statutory objectives laid out in 12 U.S. Code § 5511(b) are constructive and full of promise. However, while flexible regulation has its benefits, it should not replace substantive regulatory reform where it is needed. The Bureau should not succumb to simply issuing waivers and exemptions from certain statutes or regulations that are themselves in dire need of reform. It still needs to issue formal rules through the process governed by the Administrative Procedures Act.

One example is the Equal Credit Opportunity Act and alternative data sources in underwriting.[34] New data collection and analysis methods used by online lenders have allowed for faster, cheaper, and more widely available credit assessments. However, credit scores derived from alternative data that include no prohibitive characteristics as defined in 15 U.S. Code § 1691[35] may still be shown to have a statistically divergent outcome in certain instances regardless of whether actual discrimination has occurred. A small startup firm cannot weather the kind of regulatory risk that disparate impact liability entails.

Disparate impact liability under ECOA has been identified as one of the top risks for fintech firms that could be alleviated by the Bureau’s sandbox.[36] However, as a matter of law, the disparate impact standard has no basis in ECOA.[37] It is without foundation in the text, which the Supreme Court regarded as an essential element of disparate impact claims in the landmark fair-lending case, Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc.[38] Instead of simply issuing disparate impact no-action letters for firms, the Bureau should go to the heart of the matter and fix the ECOA and Regulation B by rescinding disparate impact liability altogether by rulemaking.

In designing the sandbox and issuing formal rules, the Bureau will inevitably find gaps that it cannot fill due to Congress’ statutory provisions. While the Bureau should always adhere to the law as written, as any regulatory agency should, it should feel free to offer constructive recommendations to Congress of certain statutory changes that the Bureau believes will be beneficial.


It is encouraging that the new leadership at the Bureau is committed to its statutory objectives of competition and innovation. To date, the Bureau’s actions have fallen far short of what was hoped for when its flagship innovation agenda, “Project Catalyst,” was launched. The proposed no-action letter and product sandbox tools are effective, common-sense tools to achieving these important objectives. CEI strongly supports this new direction for the Bureau and appreciates the opportunity to comment.

[1] Bureau of Consumer Financial Protection purpose, objectives, and functions, 12 U.S. Code § 5511(b)(3), (5), https://www.law.cornell.edu/uscode/text/12/5511.

[2] Dave Website, https://www.dave.com.

[3] Ibid. Dave also includes an optional tip.

[4] CFPB, Payday, Vehicle Title, and Certain High-Cost Installment Loans final rule, Nov. 17, 2017, 82 FR 54871.

[5] Rick Hackett, “Evaluating CFPB Simulations of the Impact of Proposed Rules on Store front Payday Lending,” NonPrime101.com, https://www.nonprime101.com/report-9-evaluating-cfpb-simulations-of-the- impact-of-proposed-rules-on-storefront-payday-lending.

[6] Daniel Press, “Comments Before the Bureau of Consumer Financial Protection in the Matter of Rulemaking Processes,” Comments of the Competitive Enterprise Institute, June 7, 2018, https://cei.org/sites/default/files/Rulemaking_Process_RFI_-_Competitive_Enterprise_Institute.pdf.

[7] Daniel Press, “CFPB Starts Rollback of Flawed Payday Loan Rule,” Competitive Enterprise Institute News Release, February 6, 2019, https://cei.org/content/cfpb-starts-rollback-flawed-payday-loan-rule.

[8] To date, the Bureau has only granted one no-action letter. See: “CFPB Announces First No-Action Letter to Upstart Network,” September 17, 2017, https://www.consumerfinance.gov/about-us/newsroom/cfpb-announces-first-no-action-letter-upstart-network/.

[9] Daniel Press, “The CFPB and the Equal Credit Opportunity Act,” Competitive Enterprise Institute, OnPoint, No. 244, 2018, https://cei.org/content/cfpb-and-equal-credit-opportunity-act.

[10] The National Bank Act of 1864, 12 U.S. Code § 38, https://www.law.cornell.edu/uscode/text/12/38.

[11] Luke Thomas, “The Case for a Federal Regulatory Sandbox for Fintech Companies,” North Carolina Banking Institute, Vol. 22, Iss. 1, March 01, 2018, http://scholarship.law.unc.edu/cgi/viewcontent.cgi?article=1462&context=ncbi.

[12] Eric J. Mogilnicki and Michael Nonaka, “No-Action Action: Steps Toward A Better CFPB Policy,” Covington & Burling, March 8, 2018, https://www.cov.com/-/media/files/corporate/publications/2018/03/no_action_action_steps_toward_a_better_cfpb_policy.pdf.

[13] CFPB, “CFPB Announces First No-Action Letter to Upstart Network,” September 14, 2017,  https://www.consumerfinance.gov/about-us/newsroom/cfpb-announces-first-no-action-letter-upstart-network/.

[14] Prohibiting unfair, deceptive, or abusive acts or practices, 12 U.S. Code § 5531, https://www.law.cornell.edu/uscode/text/12/5531.

[15] Joseph Barloon and Anand Raman,“CFPB Defines ‘Unfair,’ ‘Deceptive’, and ‘Abusive’ Practices Through Enforcement Activity,” Skadden’s 2015 Insights – Financial Regulation, January 2015, https://www.skadden.com/insights/publications/2015/01/cfpb-defines-unfair-deceptive-and-abusive-practice.

[16] Ibid.

[17] Thomas Pinder, “Looking for Clues on “Abusive”: First CFPB Action Doesn’t Provide Much Clarity,” ABA Banking Journal, August 2013, https://www.questia.com/library/journal/1G1-343156140/looking-for-clues-on-abusive-first-cfpb-action.

[18] Martin Bishop, “Regulatory: Why is “abusive” the most feared word in Dodd-Frank?” InsideCounsel, April 3, 2013, https://www.foley.com/files/Publication/1f66d3a3-d07c-4066-85f9-65a7e0fe92c9/Presentation/PublicationAttachment/43968b19-7247-4e8a-84cb-65e252204a68/4-3-13InsideCounsel.pdf.

[19] Lev Bromberg, Andrew Godwin and Ian Ramsay, “Fintech sandboxes: Achieving a balance between regulation and innovation,” Journal of Banking and Finance Law and Practice, Vol. 28, No. 4, 2017, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3090844.

[20] The UK’s Project Innovate has been found to have lowered barriers to entry for Fintech companies. See: Accenture, “Fintech and the evolving landscape: landing points for the industry,” 2016, https://www.accenture.com/t20161011T031409Z__w__/us-en/_acnmedia/PDF-15/Accenture-Fintech-Evolving-Landscape.pdf.

[21] Jackson Mueller, “FinTech: Considerations on How to Enable a 21st Century Financial Services Ecosystem,” Milken Institute, August 03, 2017, http://assets1b.milkeninstitute.org/assets/Publication/Viewpoint/PDF/WP-080317-Considerations-on-How-to-Enable-a-21st-Century-Financial-Services-Ecosystem.pdf.

[22] Mekebeb Tesfaye, “The FCA’s fintech sandbox is already delivering value,” Business Insider, October 11, 2018, https://www.businessinsider.com/fca-fintech-sandbox-delivers-value-2018-10.

[23] Deloitte and Innovate Finance, “A journey through the FCA regulatory Sandbox: The benefits, challenges, and next steps,” Perspectives, https://www2.deloitte.com/uk/en/pages/financial-services/articles/journey-through-financial-conduct-authority-regulatory-sandbox.html?id=gb:2wb:3dn:4ECRSSandboxJourney:5eng:6fs:InnFin.

[24] Bromberg, Godwin and Ramsay, p. 15.

[26] Terence Wong, “Enhanced Regulatory Sandbox – Fintech 2.0 or Fintech 1.1?,” Legal Updates, Holley Nethercote, January 15, 2018, https://www.hnlaw.com.au/legal-updates/enhanced-regulatory-sandbox—fintech-2-0-or-fintech-1-1-.

[28] ASIC, however, does reserve the right to review and remove ineligible firms from the sandbox.

[29] “Meet the New Boss: State Attorneys General Likely to Increase Enforcement Actions Against Consumer Financial Services Companies,” Mayer-Brown Legal Update, February 15, 2017, https://www.mayerbrown.com/files/Publication/bf6647e2-d201-44c2-bc93-4a0219dbafc7/Presentation/PublicationAttachment/a26df12a-cb54-4884-a39c-4d7afb6aa9ba/170215-UPDATE-CFS-FSRE.pdf.

[30] Fred Smith, “Cowboys Versus Cattle Thieves,” in Corporate Aftershock: The Public Policy Lessons from the Collapse of Enron and Other Major Corporations (Cato Institute: 2003).

[31] Smith, p. 267.

[32] Smith, p. 288.

[33] Richard Alm and W. Michael Cox, ”Creative Destruction,” Library of Economics and Liberty, https://www.econlib.org/library/Enc/CreativeDestruction.html.

[34] Press, “The CFPB and the Equal Credit Opportunity Act.”

[35] Equal Credit Opportunity Act Scope of Prohibition, 15 U.S. Code § 1691, https://www.law.cornell.edu/uscode/text/15/1691.

[36] “Speech of Paul Watkins: Promoting Fintech Innovation and Consumer Choice: The Role of Regulatory Sandboxes,” Cato Institute, January 17, 2019, https://www.cato.org/events/promoting-fintech-innovation-consumer-choice-role-regulatory-sandboxes.

[37] Press, “The CFPB and the Equal Credit Opportunity Act.”

[38] Justice Kennedy: “antidiscrimination laws should be construed to encompass disparate-impact claims when their text refers to the consequences of actions and not just to the mindset of the actors, and where that interpretation is consistent with the statutory purpose.” See: Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc., 135 S. Ct. 2507, 2519, 2015, https://supreme.justia.com/cases/federal/us/576/13-1371/.