Challenges in Expanding Financial Services to the U.S. Market

11 min

As in other countries, the financial services sector in the U.S. is a heavily regulated industry. But financial regulation in the U.S., owing in part to a history of federalism, and to a series of government agencies with overlapping jurisdictions, is particularly complicated. International companies seeking to expand their financial services operations to the U.S. face a number of regulatory hurdles that may have presented minor issues, or complete non-issues, in their home countries or regions.

This article summarizes several major regulatory challenges that foreign fintech and financial services companies need to understand when entering the U.S. market.

Federalism and Bank Preemption

Without engaging in an extended historical discussion, the doctrine of federalism in the U.S. means that financial services are regulated not only under U.S. federal laws, but potentially also by the laws of every U.S. state, the District of Columbia, and the U.S. territories. The additional application of state laws depends on several factors, including the type of entity through which the financial services are offered, the types of services offered, and the geographic scope of the entity's customer base.

Within the federal structure, U.S. national law overrides, or preempts, state law whenever there are conflicting terms. Banks and other types of insured depository financial institutions are subject to federal banking laws, and therefore are not subject to many state laws, including state licensing requirements and caps on interest rates. The effects of federalism are profound in banking, where the U.S. has developed what is called a dual banking system.

Depository institutions can be licensed and chartered by any state or by the U.S. government. National banks are charted by the Office of the Comptroller of the Currency (OCC), a federal regulatory agency, and their activities and operations are prescribed by national law. With the exception of certain consumer protection laws, federal preemption allows national banks to effectively disregard individual state laws. State banks, on the other hand, are (as the name implies) chartered by a particular state, and their permissible activities are defined by their home state. Most state banks are required to obtain insurance from the Federal Deposit Insurance Corporation (FDIC) and, therefore, are also subject to national banking laws and regulations. Further, because of parity laws, most state banks are exempt from other states' laws to the same extent that a national bank would be exempt because of preemption. The upshot is that despite federalism and the dual banking system, as result of preemption and parity laws, both national and state banks are largely exempt from the requirements of all but their home states.

As discussed further below, non-bank entities by contrast are potentially subject to licensing requirements and other applicable laws in every state and territory where their customers reside, in addition to federal law.

Regulatory Authorities

Whereas some jurisdictions may have a single financial regulatory authority to consider, financial services in the U.S. are regulated by a wide array of government agencies.

  • Bank Regulators: At the national level, banks are regulated by one of three agencies, depending on the institution's charter type. As noted above, national banks are regulated by the OCC. State charted banks are regulated by either the FDIC or the Board of Governors of the Federal Reserve System (the FRB), depending on whether the bank is a member of the Federal Reserve System. If a bank has a parent company, that company would also be regulated by the FRB. Each state also has a financial regulator that supervises the banks chartered by that state. For example, the New York Department of Financial Services and the California Department of Business Oversight each regulate the banks chartered by their respective states, in addition to either the FDIC or FRB as the national regulator. Note that the U.S. system also has multiple other bank-like entities, including credit unions, savings and loan associations, and mutual thrift companies, each of which is subject to a similar patchwork of regulations.
  • FinCEN: The Financial Crimes Enforcement Network (FinCEN) is responsible for interpreting and enforcing U.S. anti-money laundering and terrorist financing laws. In addition, companies engaged in non-bank money transmission, prepaid programs, check cashing, and other activities are required to register with FinCEN.
  • OFAC: The Office of Foreign Assets Control (OFAC) enforces U.S. sanctions laws. All U.S. persons are prohibited from doing business with any individual or entity identified on OFAC's list of specially designated nationals (SDN List). Overseas companies that set up a U.S. affiliate to offer services, obtain licenses, and enter into U.S. partnerships must comply with these requirements, including screening customers and counterparties against the SDN List.
  • CFPB: The Consumer Financial Protection Bureau (CFPB) is the federal agency responsible for interpreting and enforcing federal consumer financial protection laws. In addition to broad enforcement powers, the CFPB has supervision and examination authority over larger participants in certain defined consumer finance industries (mortgages, payday lenders, etc.), as well as depository financial institutions with over $10 billion in assets and their affiliates.
  • State Financial Regulatory Agencies: State agencies have broad authority to regulate non-bank entities that provide financial services to residents of their state, including under state licensing and conduct laws that may impose even stricter requirements than federal law.


For non-bank financial services companies, state licensing requirements can pose a significant impediment to offering services on a nationwide basis. Unlike, for example, in the European Union, where holding a financial services authorization in a company's home country permits that company to offer services across the EU, there is no passporting regime in the U.S. In the U.S., a non-bank company often needs a license in every state where it offers services, particularly where it offers services to individuals for a consumer (personal, family, or household) purpose. For example, in the EU, a U.S.-based payments company could register in one country as an Electronic Money Institution, potentially permitting it to offer services in over thirty countries. By contrast, the same company may be required to hold as many as fifty separate licenses to offer money transmission services in the U.S. alone.

In the U.S., unless an exemption applies, licenses are required for the following categories of services, among others:

  • Money Transmission: Receiving money for transmission, selling or issuing payment instruments, or selling or issuing stored value.
  • Mortgage: Making, brokering, buying, selling, and servicing loans secured by real property.
  • Unsecured Lending: Making and brokering unsecured loans.
  • Lead Generation: Soliciting, generating leads for, arranging, and assisting borrower in applying for various types of credit.
  • Debt Collection: Collecting debts owed to others or purchasing debts.

The process of obtaining licenses can be expensive and time-consuming. The company to be licensed is required to submit application information, business plans, policies and procedures, management and organizational charts, surety bonds, financial statements, and other materials. In addition, the officers, directors, and primary owners of a company are required to submit application information, which may include personal employment histories, financial information, credit reports, and fingerprints for background checks, among other submissions.

Interest Rate Restrictions

With few exceptions, there is no general federal law imposing limits on the amount of interest, fees, or other finance charges a lender may charge in the U.S. Rather, usury and other limits on finance charges are governed by state laws and are generally based on the state of residence of the borrower. Moreover, there is significant variation in the types of limits imposed by various states, with some states having few limits for any type of credit, some other states imposing limits only on credit extended to consumers, and still other states imposing limits on all types of credit. The amount of interest rate caps varies as much as the types, with some states as low as 7% (with a written agreement) and other states with no cap for certain types of credit. A lender's failure to comply with state interest limitations carries serious consequences, including the potential forfeiture of all profit on the loan.

As discussed above, because of federal preemption, banks and other depository financial institutions are generally permitted to export and impose any rate of interest permitted under the laws of their home state. However, non-bank entities making loans to U.S. residents must comply with the usury limitations in each state where its borrowers reside. This patchwork approach to interest rate limits often makes it difficult for a non-bank entity to apply a uniform pricing approach on a nationwide basis.

Bank Partnerships

Due in part to the challenge posed by state law issues, the U.S. financial services market has seen a significant increase in partnerships between banks and fintech companies. By partnering with a bank, fintech companies are able to focus on their core competencies—developing innovative processes for the delivery of financial services, improving the user experience, reducing the time required to underwrite and onboard customers—while the bank partner handles the regulated financial activities, such as extending credit and taking custody of customer funds. If structured appropriately, this type of partnership allows the bank and fintech company to offer a more uniform service on a nationwide basis, often without the application of state licensing laws or, in the case of credit products, state usury laws.

Moreover, based on a combination of U.S. law and the major payment network rules, only depository financial institutions can access and offer certain payments and credit products. In the U.S., non-bank entities are unable to directly access the federal wire system, submit entries directly to the national automated clearinghouse (ACH) system, acquire and process credit and debit card transactions, or issue network-branded credit and debit cards. While numerous structures exist for non-bank entities to participate in these systems—including third-party sender and third-party service provider arrangements for ACH transactions; payment processor, payment facilitator, and digital wallet arrangements for processing card transactions; and partnerships for card issuing—none are possible without the involvement of a depository institution.

Foreign companies looking to develop such relationships should be aware that partnering with a U.S. bank will come with its own challenges, including supporting the bank partner with its own compliance obligations. Among other requirements, the non-bank partner will be expected to develop its own anti-money laundering compliance program consistent with U.S. laws, including customer identification and transaction monitoring procedures. The non-bank partner will likely be subject to audit by the bank partner and, depending on the structure of the relationship, by the bank partner's regulator as well.

True Lender and Madden Issues

In addition to contractual compliance obligations imposed by a bank partner, foreign fintech entities looking to form partnerships with banks to issue credit products should be aware of certain legal risks specific to that model. Under the bank partner lending model, the fintech company typically acts as a service provider to the bank by developing the software platform through which potential borrowers apply for credit, supporting and streamlining the bank's underwriting process, or enabling electronic delivery of disclosures and credit agreements. Although the loans in these partnerships are issued by the bank, the fintech company often contracts to purchase and take assignment of the issued loans or to purchase an interest in payments made on the loans.

  • True Lender: Bank partner lending models in the U.S. have faced legal challenges in recent years based on "true lender" theories, which argue that the fintech company (and not the bank) is the true lender in the transactions, and therefore bank preemption of state lending laws should not be available. In reviewing such arguments, courts look to which party had the "predominant economic interest" in the transaction, based on factors such as (i) the length of time the bank held the loans on its books; (ii) whether the fintech took assignment of some or all of the loans; and (iii) whether the bank had a material risk of loss on the loans or if its risk was mitigated or guaranteed by the non-bank partner. If the fintech company were found to be the true lender and bank preemption does not apply, the fintech company may be in violation of state licensing and usury laws in connection with the loans.
  • Madden: In addition to the bank partner model, numerous first and secondary market transactions rely on the ability of banks to sell or assign loans and other credit products. The ability of an assignee to continue charging the interest rate that was legal when the bank originated the loan is called "valid-when-made." In May 2015, the Court of Appeals for the Second Circuit, covering New York, Connecticut, and Vermont, ruled in Madden v. Midland that a secondary market purchaser of bank credit card debt could not continue to charge the contract rate of interest imposed by the bank that initially extended credit. The Second Circuit held that the interest rate, which was permissible for the bank under preemption laws, was not permissible for the non-bank debt buyer because it exceeded New York usury laws. The Madden case has been criticized for its invalidation of the long-standing valid-when-made doctrine, and federal bank regulators have proposed rules to resolve the issue, but for now, it remains the law in states covered by the Second Circuit.

Overseas fintech companies interested in forming arrangements with banks to issue credit in the U.S. should structure their partnerships so as to minimize these risks.

* * * * * * * * * *

Foreign financial services companies looking to expand should carefully consider these and other potentially applicable legal and regulatory issues under U.S. law.

If you have any questions or would like to discuss these issues further, please contact the authors.