Compliance Covenants in Fintech Investment Side Letters

Mike Whalen
Goodwin
Contact
LinkedIn
Facebook
X
Send
Embed

Goodwin

Fintech companies that partner with banks to deliver financial products and services can be among the most compliance-fortified financial services companies. A fintech with a lending solution can operate with at least seven lines of compliance defense:

Seven Lines of Compliance Defense
First: The fintech’s own internal compliance function, which does the lion’s share of the compliance work: the work-up of the program’s products and services and ongoing compliance.
Second: The fintech’s outside counsel, which provides compliance support to the fintech and is often called on to advise on complex legal questions presented in the fintech’s development of program products and services
Third: The compliance function of the fintech’s partner bank, which collaborates on, reviews, monitors, and controls all aspects of the program compliance-wise, including product and service development, customer-facing agreements and disclosures provided to users, fees charged, marketing materials used, and compliance reports submitted by the fintech.
Fourth: The partner bank’s outside counsel, which supports the bank’s program compliance reviews, providing another take on complex legal questions.   
Fifth: The compliance consultants engaged by the partner bank to perform annual compliance audits on the fintech and the program, including audits of the fintech’s compliance management system and anti-money laundering program, and the entire program’s credit model from a fair-lending perspective.
Sixth: The fintech’s investors and the compliance due diligence they and their outside counsels conduct before investing; more on this in the next section.   
Seventh:    When a third party or the fintech acquires program loans, receivables, or some other interest in the loans, the lender that provides the loan facility drawn down on to acquire the loans, receivables, or other interest will, with the help of its outside counsel, perform its own compliance due diligence on the program and the loans made to users before closing the facility.

That’s seven different trained, long-compliance eyes on a loan program’s products and services. At each level, there will be any number of compliance enhancement suggestions made by the bank, investor, or lender, or their counsels or consultants, that are ultimately incorporated into the program. This compliance gold plating results in a compliance-reinforced fintech.

The remainder of this Flash focuses on the synergies created by the convergence of the first and sixth lines of defense, which are bolded above for ease of reference. 

Management Side Letters

Lead investors are not only a financial source of strength for the fintechs they invest in but can also be a source of compliance knowledge and benchmarking, having considerable institutional compliance awareness gleaned from their portfolio fintechs and deals due diligenced but passed on. Indeed, a number of our investor clients have general counsels who were leading fintech regulatory lawyers in private practice.

Compliance can be complicated and costly. Investors understand that a fintech’s compliance can be on a continuum. As the business scales and becomes more complex, funds raised in early rounds are often deployed to obtain state licenses, hire a chief compliance officer, or establish or enhance a compliance management system.

Significant investors sometimes enter into management side letters with fintechs in connection with their investments. These letters cover things such as board seats (or observation rights) and information rights (e.g., sharing of financial statements). If funds raised are earmarked for compliance enhancements, the investor may look to include a compliance covenant in the side letter that serves as a guidepost for the enhancements. The trick with covenants like this is to not be overly prescriptive. Investors make investments as much for the capabilities of senior management as the prospects of the business. Not wanting to get in the way of management operating the business and understanding that initiatives such as hiring the right compliance officer and building a comprehensive compliance management system take time, compliance covenants should be reasonable as to time and business judgment.

Here's a sample compliance covenant for a side letter:

Compliance Covenant

  1. The Company will use commercially reasonable efforts to hire and maintain a chief compliance officer with at least five (5) years of experience in (i) compliance with federal, state, and local [insert areas of law most implicated by the business, e.g., consumer lending/loan broker and debt collection laws] laws and (ii) developing and administering compliance management systems (“CMS”) within one hundred and eighty (180) days of the Closing.
  2. The Company will use commercially reasonable efforts to develop, implement, and maintain a CMS consistent with guidance provided by the Consumer Financial Protection Bureau (“CFPB”), including the CFPB Supervision and Examination Manual, within three hundred and sixty (360) days of the Closing. The Company’s CMS will have two interdependent control components: (i) board and management oversight, and (ii) a compliance program, including policies and procedures, training, monitoring and audit, and consumer complaint response. The monitoring and audit component of the compliance program will begin within one hundred and eighty (180) days following the implementation of the CMS and will include periodic internal compliance with law audits and an annual external compliance with law audit. The annual external compliance audit will be completed by an experienced third party that conducts such audits as one of its primary services. Any findings made by such internal or external audits will be promptly addressed by the Company.
  3. Within sixty (60) days of the Closing, the Company will engage a nationally recognized law firm or state licensing consultant that conducts licensing analyses as one of its primary services to perform a formal, written fifty (50) state (including the District of Columbia) and local [insert subject matter, e.g., consumer lender, loan broker, debt collector] licensing analysis. The Company will use commercially reasonable efforts to cause the firm or consultant to provide its final, written analysis to the Company within one hundred and twenty (120) days of the Closing, indicating licensing risk by jurisdiction. The Company will use commercially reasonable efforts to apply for such licenses it reasonably deems necessary or appropriate within one hundred and eighty (180) days of the Closing.

Naturally, you should work with your attorney when drafting a compliance covenant, and its content will vary on its underlying facts and circumstances. Again, the hallmark of a workable compliance covenant is sufficient leeway for management to run the business in a manner that appreciates the complexities of compliance.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Goodwin

Written by:

Goodwin
Goodwin
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Goodwin on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide