OCC FinTech Efforts in Legal Crosshairs, While GDPR Still Lags

The battle over FinTechs and national banking charters is about to get a bit more heated.

New York state is suing the United States.  Or to put it a bit more specifically, the Conference of State Bank Supervisors sued the Office of the Comptroller of the Currency.

The suit is one alleging that the OCC does not have the authority to provide such licenses under the FinTech charter that has been proposed. A national charter would allow FinTech firms to sidestep current practices which mandate they gain regulatory approval from each state where they operate.

As reported by Bloomberg, the suit by Maria Vullo, superintendent of the Department of Financial Services, alleges the move by the OCC is “lawless” and “ill conceived” with the possibility that it will destabilize financial markets.  The banking sector, argues the suit, is more efficiently regulated at the state level.

The OCC has been accepting applications since the end of July.  The Conference had issued a legal challenge earlier this year, now since abandoned.  Some opponents of the charter contend that it would open the door to non-traditional finance companies holding deposits, according to reports.

In response, the OCC said by e-mail, “the agency is confident in its authority to grant national bank charters including special purpose national bank charters to companies that are engaged in the business of banking, meet the qualifications for becoming a national bank, and apply to conduct business as part of the federal banking system. The agency will vigorously defend that authority, but will not comment on pending or potential litigation.”

The GDPR’s Compliance Laggards

The data continues to show a lagging effect when it comes to compliance with the General Data Protection Regulation.

This time around, research from Talend, a firm that develops cloud data integration solutions, shows that 70 percent of businesses worldwide have failed to address the requests made from individuals who have asked for a copy of their personal data. As widely reported, providing that data on requests is a mandate of GDPR, which took effect in May of this year.

The research stems from personal data requests that had been made to 103 companies with presence in Europe.  As reported by, those firms operate in verticals as far flung as travel, media and tech, as well as the public sector.   The research was conducted between June and September of this year and found that just 35 percent of Europe-based firms provided the data that had been requested.

Breaking down the data a bit more, compliance rates were better for firms that were not based in Europe.  But by vertical, an eye-opening 76 percent of retail companies failed to provide the data requested, said Talend.

Of those companies that did respond, about 65 percent of them took more than 10 days to provide the requested data, and the average response time was 21 days.  Of the quickest responses, with a single day turnaround, media and tech-centered companies shone.

The Talend data, of course, follows reports seen last month that had estimated compliance rates to be a dismal 20 percent.

Separately but still in the GDPR arena, Brave, a blockchain browser developed by Mozilla co-founder Brendan Eich, has filed privacy complaints against Google in the U.K. and in Ireland, charging that the tech giant and some of its peers are sharing consumer browsing data with advertisers without consumers’ consent.  That should trigger article 62 of GDPR, said the complaint, and launch an investigation spanning the EU into such digital ad industry practices.

“Every time a person visits a website and is shown a ‘behavioral’ ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies,” Brave wrote in a blog post. “Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website.”

Google’s own response to Brave’s charges state, “We build privacy and security into all our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation. We provide users with meaningful data transparency and controls across all the services that we provide in the EU, including for personalized advertising.”

Upon an investigation, if the EU finds against Google, there might be fines of as much as four percent of the company’s total global turnover.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.