Maryland Legal Alert for Financial Services

In This Issue

FDIC Proposes Stricter Record-Keeping Rules for Fintech Partnerships

Issues Concerning Driver’s License/ID Copies

FDIC Proposes Stricter Record-Keeping Rules for Fintech Partnerships

The Federal Deposit Insurance Corporation (FDIC) proposed a new rule aimed at addressing risks associated with fintech partnerships. The proposed rule imposes stricter record-keeping requirements by mandating that federally insured depository institutions (IDIs) either maintain a ledger of beneficial owners of accounts accessed by third-party fintech providers or have unrestricted access to a ledger maintained by a third-party fintech provider to reconcile accounts each day and track end-user funds on a real-time basis. This rule would only apply to for-benefit-of (FBO) accounts with a “transactional feature” (i.e., accounts in which customers can make purchases or transfer funds). The FDIC exempted certain third-party FBO accounts, such as custodial trust accounts and accounts set up by broker-dealers.  

To ensure compliance with the proposed rule, the FDIC will mandate that IDIs establish and maintain written policies and procedures incorporating the rule’s requirements, complete an annual certification of compliance stating that the IDI has implemented and tested the record-keeping requirements, and submit an annual report that includes information regarding:

• Any material changes to the IDI’s IT systems relevant to compliance;
•  A list of account holders with custodial deposit accounts;
• Testing results of the IDI’s recordkeeping requirements; and
• Independent validation of any records maintained by third parties.

The proposed rule does not address how the FDIC expects IDIs to demonstrate that there is unrestricted access to the ledger or daily reconciliation of accounts, nor did the proposed rule address whether the FDIC would treat beneficial owners of pooled deposits as direct customers of the IDI under the Bank Secrecy Act.

The proposed rule seeks to address the delays that often occur when attempting to pass through deposit insurance to customers of third-party fintech providers in the event of an IDI failure (because the FDIC relies on the records of IDIs when making determinations regarding insurance coverage). Comments on the proposed rule will be open for 60 days once it is published in the Federal Register. 

For more information, contact Christopher R. Rahl or Tamia J. Morris.

Contact Christopher R. Rahl | 410-576-4222

Contact Tamia J. Morris | 410-576-4021

Back to In This Issue.

Issues Concerning Driver’s License/ID Copies

From a fair lending standpoint, it is a best practice not to maintain a copy of a driver’s license/ID in a loan file.  Separately, there are federal prohibitions on copying military IDs or other government-issued IDs.  In addition, a little-known federal law imposes restrictions on federally insured financial institutions in connection with copying and retaining copies of state-issued driver’s licenses and similar identification cards when accounts, products or services are requested through online applications. 

The statute, part of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018, applies to situations involving online requests by an individual to open an account or obtain any other financial product or service from a federally insured financial institution. The law (titled, “Making online banking initiation legal and easy”) permits a financial institution to copy and temporarily store an individual’s state ID card in an electronic format only for certain purposes. 

Under the law, financial institutions may use the information obtained from copying and storing a state ID card to:

• Verify the authenticity of the identification card;
• Verify the identity of the individual; and
• Comply with legal requirements related to opening an account or obtaining afinancial product or service, such as the requirements of the federal Bank Secrecy Act. 

The law further provides that upon copying and storing a state ID card for the permitted account opening or related product or service request, a financial institution must permanently delete any image of the ID card and any copies of the image. The law preempts any state law that conflicts with the above federal provisions.

Practice Pointer: The law does not specify how quickly a financial institution must delete state ID card images and copies. It is also important to point out that because federal “you’re your customer” identification requirements only permit retaining copies of customer-presented identification cards (such as a driver’s license) but do not require financial institutions to do so, financial institutions should review their online account opening procedures to verify that state ID cards are being destroyed within a reasonable period after an online account or product or service request has been completed. 

For more information, contact Christopher R. Rahl.

Contact Christopher R. Rahl | 410-576-4222

Back to In This Issue.