<ul class="font_8"> <li> <div class="font_8">The lowdown on regulators' efforts to coordinate fintech rules, establish the "fintech charter"</div></li> <li> <div class="font_8">Do's and don'ts in payment technology, artificial intelligence, data security and more</div></li> <li> <div class="font_8">Balancing regulatory demands with the innovation imperative</div></li> </ul> [toggle title="TRANSCRIPT"] <div class="transcript-scroll-box">00:00With me today I have Robert some law partner and the goofy Stafford and Chris Willis practice group leader, consumer financial services litigation group at Ballard Spahr LLP. Welcome, gentlemen. It's an honor to be here with you. And thanks a lot. You guys want to just take a minute in telling everyone kind of the main responsibilities at the firm would be 00:21 on a partner regulatory compliance group. And my specialization is consumer financial services, regulatory compliance work, or I help financial institutions of all stripes and have a particular specialization in FinTech companies, where I work with a broad range of FinTech companies to build out products and expand products across the country in a compliant manner and understand the scope of the ability to gentleman's financial services laws, as well as fewer laws that have been tailored specifically to the various FinTech operations and also for the large, established companies and established clients that are around for a little bit longer understand how to work with Intel. How to build successful partnerships while minimizing regulatory risk. Yeah, Joey. as Julie mentioned, I'm the head of our consumer financial services litigation practice. But that doesn't mean I just do litigation, I manage a whole group of people. And we handle litigation. But we also deal with regulators all the time. We support clients in regulatory examinations by the CFPB, or the federal banking regulators or people like the New York Department of Financial Services. And then we also handle enforcement investigations by all of them and state attorneys general in the Trade Commission, etc. And so as a result of sort of dealing with regulators day in and day out, we find ourselves in a position to help advise clients on how to structure programs and make compliance decisions in a way that minimizes regulatory risk, given whatever environment we may find ourselves in. So I tried to think of myself not just as a litigator, but as a litigation presenter. 01:53 So it almost goes without saying that FinTech such as big data, artificial intelligence have gained quite a bit of popular In the auto finance industry when it comes to their like practical, actionable applications, they've almost graduated from being more than simply buzzwords. In this session, we're going to attempt to glean some insight into regulators efforts to coordinate FinTech rules and establishment, the FinTech charter, the do's and don'ts and payment technology, artificial intelligence and data security, as well as balancing regulatory demands with innovation imperatives. So to start us off, I'm interested in the potential impact and compliance issues associated with the use of big data and AI at all stages of the credit product lifecycle. cristiani insight on that? 02:42 Yeah, sure. I really think that we're seeing the very beginning stages of a real revolution in the consumer financial services industry and auto finance, in particular, through the use of as Joey says, big data and artificial intelligence. Of course, you've heard all about artificial intelligence in the last presentation, and the point about it being used at all aspects of the product lifecycle is one that I want to underline. And because people think about it first of like, well, this is a better way to model somebody use it for underwriting. And of course, there is a lot of room to have a better, more accurate underwriting model that's more inclusive of people. If you use big data and machine learning or artificial intelligence, you can underwrite people who wouldn't be able to be underwritten under traditional standards. But there are other aspects of the product lifecycle where it can be just as valuable. So on the advertising side, which isn't as important for auto finance, but which is very important for things like credit cards and personal loans, you can use data sets and machine learning algorithms to target advertisements to people who are most likely to want a product and be able to qualify for the product if you solicit them. And so it makes that marketing spin much more effective and much more efficient. for fraud detection. We all know that fraudsters are very inventive, and they come up with ever more creative ways to fool us into extending credit. to people who aren't real or who they're impersonating, and machine learning models can take in large amount of data and quickly recognize patterns and can serve the purpose of preventing fraud much more rapidly detecting those patterns more rapidly and accurately, then we might do it intuitively just from sort of watching our loss experience on early payment defaults. And then of course, there's collections and services. There is a lot of efficiency to be gained for targeted collection efforts towards people who are most likely to pay. But even beyond that, when you are engaging in collections to approach someone in a way they're most likely to respond to this consumer prefer email or phone or letter. Is there a particular time of day that he or she responds, do we think that they're going to this person will be more or less likely to respond to a settlement offer for example, what are the signs that this person may be about to fall into the delinquency even though they haven't yet, and so we can use both big data sets and artificial intelligence to help not only in collections scoring a traditional sense, but also segmenting our collection strategy with respect to consumers, again for the purpose of efficiency and given what the CFO dropped on us last week, I think we are all going to be very, very mindful of efficiency in the collection process going forward, especially if you can contact frequency limits that appear to be poised to come into play in a couple of years. 05:23 Robert, yeah. 05:24 No, I just I think it's very interesting and looking at what people are doing applying machine learning and in touch on seeing specific instances to tease out a couple of things like when somebody is inputting an application for credit, machine learning models will show you that hesitate for a certain number of seconds over particular fields, the risk that is either goes up dramatically, right? If someone hesitates for 10 510 seconds on 05:50 putting in their address, their social security number and all these things 05:53 not conclusive. But if you think about it in indicates All right. The This person doesn't know their social security number because that person and they're flipping over to the other screen in reading it from a dataset that they stole. And they're going to try to take out a loan and it's gone to the funds, and things of that nature. I think that what's been so fascinating to see is when the engineers build these models, that they're able to tease out things that can be sort of automatically included that that embed right within the application world, increase fraud detection protocols that can ask original questions and put people's and decrease the verification, whereas maybe the normal flow of applications don't have to go through you know, question setting at it. Very interesting to see you I think was the great job you can go anywhere else. 06:42 So as we've seen during the late this morning, and yesterday, lenders are using, you know, big data AI. So 06:53 as these technologies are in use, what compliance pitfalls should lenders be looking out for? Christina starts off. 07:01 Yeah, sure, I'll try to highlight them. And then Robert Ross and I will split up talking 07:07 about four primary areas to be cognizant of when implementing these technologies. These aren't showstoppers, these aren't things that will stop you from doing. It shouldn't stop you from doing it. And in fact, I think the business necessity would prevent them and stopping you from doing that there are four areas to be aware of. One is fair lending, that is the equal credit Opportunity Act, we're not going to worry about the Fair Housing Act today because we're not dealing with housing credit. So it's the equal credit Opportunity Act and similar state laws. There's privacy considerations associated with what data you're using and how you're using it and where it came from. And then there are two issues under the Fair Credit Reporting Act. One is when you take in big data and use it for particular purposes, has someone magically become transformed into a consumer reporting agency. And although most magic is fun, this kind of magic would not be fun. And then the fourth one has to do with adverse action notices which are required both by the Credit Opportunity Act and the Fair Credit Reporting Act, and populating the reasons for decline when you use a machine learning or AI model that may be very clear about why and makes a decision. So this was for topic. So as I said, Robert and I are going to split them up. So Robert, you want to start off with fair lending and privacy? Sure. That sounds great. So the the funding issues that come up when you deploy AI, ml approach intelligence and machine learning are that you're prohibited at a high level. Basically, federal law prohibits you from discriminating against certain protected classes based on race, and other protective factors. So what comes up when you build a machine learning model, particularly when you build a true deep learning model, where it's really running on its own is you don't necessarily have a fully complete understanding of the factors upon which you're rendering your credit decision. So why are you declining? And this is the issue the date and we'll get to this a little bit later, but the only no action letter issued was relating to this issue. It was for a FinTech company called About stored network. And the issue was automated underwriting and looking at that data and the trade off was that gave them you know, actual positions three years on this exact issue in exchange or giving CMDB live access to all the data to monitor it for discrimination. And the issues has got to look off Look, look forward in the presence of prior presentations talks about careful curation of data. And that's exactly it. You have to understand the inputs that are going into your underwriting model, and understand how they could be a proxy for a discriminator limited basis. And so the issue would be that you may not be conducting disparate treatment, or you're explicitly treating something differently on the basis of race or age or something like that. But you could be indirectly doing it and causing a disparate impact. And once you do that, you enter into a different legal framework where you have to demonstrate that, that you've satisfied the test and that there, there wasn't a better way to do it grossly oversimplified But those are the issues that you have to work through. And so think about coming back. Just put into a machine learning algorithm for credit underwriting, you can use it. Well, zip codes correspond to redlining, which was an old school prohibited act, that you couldn't just exclude this zip code. Because you didn't think those people were credit worthy. Well, that's the code happens to be majority populated by a protected class. And so you're functionally discriminating, you're just using a different factor to conduct that discrimination. And that's the kind of issue where you have to look carefully at what the data points are that you're using, and how the machine learning algorithm is processing them to make sure that you're not going to inadvertently discriminate and cause disparate impact. I'm a big believer in technology. And I think there are certainly ways to do it. But when we work to clients, you have to do it in a thoughtful way. You have to confront the issue to its face, and you have to walk through the analysis and show what's happening so you can show how the data is being borne out and what's actually happening or outcomes and that huge screen All the data points for these issues 11:03 was to brighten the 11:04 flow paths. Before you get to privacy, we just highlight that another couple of things related to fair lending. You know, Robert was making comments about underwriting models, but we have a lot of unanswered questions about how fair lending principles might be applied to other stages of the product life cycle by advertising fraud or collections. And so there's a lot of unanswered questions about what variables are okay, and which ones are not which ones are predictive and which ones are proxies for a protected class. And there's a lot of judgment calls having to be made. And I'm sure that you invite me to, in working with clients on these models. And that only becomes magnified when we leave the underwriting context. And we may feel ourselves to be more free to use variables in, for example, a thought story model, and then we would an underwriting model or for advertising, like there's 11:49 nothing to equal credit Opportunity 11:50 Act about advertising. It's not even in the statute, and the statute protects applicants. So when you're being advertised so you're not an applicant. But nevertheless, we have this enforcement activity going on with Facebook that makes us think, well, maybe target advertising might be addressable under the Fair Lending laws. So there's tons of other legal and factual judgments to be made at using these variable selection sorts of the criteria. And I think they're different at different stages of the product lifecycle. 12:17 Yeah, for sourcing was a great point. Because it absolutely is something that you have to look at to see as you're underwriting. 12:24 underwriting, again, is your machine learning model that you build in to to reach out to people for early stage loss mitigation? Is it reaching out to why and it's the same application that you're lending, be fair servicing is certainly something that regulators are looking at? Absolutely. 12:43 With respect to privacy, and then we're trying to move on to other topics. I want to give Chris plenty of time to talk, you know, but at a high level, you need to understand 12:53 how the privacy rights provided under federal and state law are being forged. Are they given opt in and opt out? opt in rights are you providing privacy notice what's happening to their data? How are you protecting it isn't secure. As companies get access to more and more and more amounts of data, the consequences of things like data breaches become more significant, because companies will require more data to do identity verification, but then you have more data that is subject to exposure, and can create significant additional risk. So the the broad themes are to ensure that you are treating consumers in an appropriate manner that they actually have informed consent to give you about what information we're giving and collecting and what you're doing with that data. And then secondarily that you're treating that data in an appropriate way and appropriately protecting it. And we've seen consent decrees about a related point to that, which is if you're making representations and warranties about vt, we treat your data. This well. We keep it secure. We have this level of encryption all the way through, you better be doing it CFPB and other regulatory agencies will take action if even if there's not a hard department to do what you said you'd make a representation, and you have to honor them. And there have been consent decrees on that point. So you need to be careful about what you do, but also that whatever you say you're doing, actually do. Well, the other thing that I would add on the privacy front is there's observing your own privacy responsibilities, as Robert said, which is giving disclosure and notice of like, we're collecting this data, and here's what might do with it. But it also really comes into play when you acquire data from another source. If you acquire data from one of the big three credit reporting agencies, this isn't much of consideration. But when you start to look at acquiring sets of alternative data, then you have to really ask yourself, how did this data get collected? What notice was given to consumers that was being collected? What opportunity did they have to understand and agree that it's being used for whatever you're about to do with it, and how comfortable we feel about the accuracy of this information, because we may be making a pretty Significant decision based on like an underwriting decision? And is it something that's really reliable for that? So I think those are the questions we have to ask when we ingest data from sources other than our own operations. But I promised you guys a magic show. So now that Barbara's talking about fair lending and privacy, and we'll talk about the potential magic of someone turning into a consumer reporting agency when they didn't intend to be. So we have this statute called the Fair Credit Reporting Act, you've probably heard of it. But it doesn't just apply to credit reporting agencies. It applies to anybody who supplies what's called a consumer report under the statute. A report is basically any aggregation of data about a consumer about various aspects of consumer but all the things that you would want to know to make a decision on them that's used for particular purposes, one of which is qualifying someone for credit. And so the real danger here is that we will, as a business matter want to take in a set of data and use it for one of the FCRA permitted purposes like underwriting a credit application. And if we do that there's a good chance that whatever data source that we have used to get that information now has magically become a consumer reporting agency subject to the Fair Credit Reporting Act. And you may be sitting there thinking, well, maybe that's not fun to be a consumer reporting agency. But that's not my problem. Because I'm not the CRA. I don't have to do all that stuff. But the problem is, it's not just their problem. It's your problem. Because when you use information from a consumer report, as a lender, you're required to make certain disclosures to, for example, interest base pricing notices of credit score disclosures, credit bureau disclosures, adverse action notices and things like that. And if you unknowingly use information that our regulator later decides as a consumer report in your underwriting process, and you haven't made all those disclosures, well guess what? You just bought yourself, however many thousands of violations of the law and so the magic Have your data source being turned into a CRA isn't just unpleasant for them, which by the way, it totally is. But it's also very unpleasant for you. And so it's something to really watch for, and it particularly impacts you big data, alternative data and credit underwriting. 17:16 That's, that's pretty depressing. 17:19 I'm not gonna hire that for my children's next birthday party. Yeah, 17:21 I thought the last episode of Game of Thrones 1.11, I will add to that is that, if you look at the contracts with the data providers that you have, is that they will almost always address this. And what you need to be careful about is is the data providers will typically say, you know, we're we're going to give you this data, but we can't use it for underwriting because they're, they're acutely aware of the issue. And you're the task for companies that are pulling that data for other purposes is to make sure institutionally that you understand you're not going to use that because that that has to be honest with you. Actual agreement with credit for you. And there are, you know, the big three are not the only three credit bureaus, there are companies that can supply alternative data, that they acknowledge that there are credit bureaus and and fulfill those obligations. And you can do that knowingly. So it is certainly something that can happen in a perfectly compliant and professional manner. You just have to be careful, because typically your contracts will address that. And they'll either say, we all know what's happening, and we're doing it appropriately, or it's not happening in your contracts, it's not happening, you need to make sure it's not actually happening within your company. And then you're not feeding in the data to underwriting algorithm that you should. Yeah, and one of the ways that I think this could come up in the real world, is let's say you buy data to use in fraud detection, okay? And when you start you buy the data, you use it for fraud detection, but you don't use it to directly make credit decisions. You use it to trigger like additional identity verification or something like that on a manual basis. And then the business like goes along like that for a while. And then the business says you know what, it would really be better and require me to employ people More people, if I just put this data into a model, and if it's a high score, I'm just gonna decline. Okay, I'm just gonna decline the application. Well, guess what? Now you've moved away from using data not for qualifying for credit. And none of you directly are using it for qualifying for credit. And it's an easy way to slip off and turn your fraud data source into a consumer agency. That's to me like one of the most real world examples of how this can happen. 19:28 And you know, Chris, you mentioned adverse action notices, what what sort of issues and combines, excuse me come up with, you know, using machine learning in original? 19:41 Yeah, there's, there's two adverse exercises, one of them has to do with using alternative datasets and one with machine learning. So with alternative datasets, it's just a question of are you really ready to put that on your adverse action notice, because the adverse action notice requirements and equal credit Opportunity Act say that you have to provide the service most predominant reasons why an application was declined. And so do you really want to put in declined your application because you shopped online too much for you know backs? Or because you know, you hesitated on your application, you know, for 30 more seconds when we asked you for your address. If you want to say that on your adverse action, notice, that's fine. But it's really amazing how business people will sometimes get very excited about alternative data sources. And then when they think about making public disclosure of the use of that data on adverse action notices, it really dampened the enthusiasm because that's a communication to customers as well. And so that's the one issue like do you really want to put that in an adverse action. The other one dealing with the machine learning algorithm is, these algorithms can be so much more complicated than the traditional logistic regression models that we've used over the past however many years to make credit underwriting decisions. And one of the traditional models, we had a set number of variables and usually not very many, each one of them pointed in a particular direction all the time. Had a particular way, all the time for every application. So it's very easy to figure out what the predominant reasons for the client are based on a model built like that. But imagine, for example, like a gradient boosted tree machine learning model, where the different variables are analyzed in different combinations of edges of the tree. And on one branch of the tree, a variable can have one way in one direction, and another branch and another combination, it can have a different way and even pointed in different directions. 21:27 So the problem is, you have to have some way of figuring out why the model built using machine learning technology made the decline decision that it did. And some of the machine learning models don't do a good job of doing that. So I think you're guessing as a creditor, about the predominant reasons for the client are and there's a worry that regulators won't accept the gas as an adequate way of complying with regulation V in this regard. And so to try to deal with this problem, there's sort of a new innovation in making what's called explainable AI, where the AI doesn't sort of conduct itself in a blackbox walled off to the world and invisible to you, but actually will explain the reasons for its decision so that you know what the factors were that led to decline, which in turn allows you to put something truthful on your adverse action notice. 22:14 Right, you guys are also doing my job really easy. I want to switch gears just quickly. The CFPB has issued innovation proposals. And I'm curious as to how significant they are for auto lenders in particular. Yeah, my 22:29 own view, there's been so much as always about this, the CFPB has put out three proposals which had a public comment period earlier this year, one for a product sandbox, one for a disclosure sandbox and one for a new and improved no action letter process, the process that Robert was talking about with upstart a minute ago. And you know, the idea is, it's just to make it easier for innovation to occur in the Consumer Financial Services world by allowing companies to try out new things without the fear of regulatory repercussions. But honestly, I don't expect them to be that because number one, in order to get one of these things and sort of utilize it, you have to make all these public disclosures about what you're doing. And you know, then you've sort of outed yourself on whatever you're doing in a way that you know, has a significant risk associated with it. And when the CFP does allow someone to participate in these, we've had strong resistance by a number of the states, saying we don't like the CFPB proposals, we view them as licenses to violate the law and screw over consumers. And so you have a bunch of states who seem highly motivated to take anyone who participates in one of these CFPB programs, and then come after them under some state law and prove to the world that this isn't a license to violate the law. And so like participating in one of these programs not only carries this idea of massive public disclosure, and maybe monitoring by the CFPB, like what Robert talked about in the upstart, no action letter, but in addition, having a bunch of state regulators be highly motivated to come after you and prove that the CFPB was wrong by letting you participate in the program. So I think as a real world matter, this is going to generate a lot of fun, like news items and stuff for us to talk about at conferences. But the number of companies that I think will appeal themselves motivated on a risk benefit way to participate in these programs, I think would be vanishingly small. It's gonna say that the CFPB first proposes no action letter, you know, my my thought was, so you're going to tell 50 state regulatory agencies 15 State Attorney General's what you're doing and provide excessive detail and you have and as a condition of receiving no action letter, you have to highlight that there is a law that is uncertain, and that therefore it's a it's a written admission of fact that you don't know that what you're doing is compliant. So that that was always the risk, which was daunting. You know, I don't think anything is played out for upstart you know, the one who said yes, but I think those are the concerns that way of Kansas getting an election letter that Yeah, and the thing is, when upstart gets It's no action letter, it was under the cordrea CFPB, where the states were not motivated to sort of be contrary to the CFPB. But that motivation has changed now. You've seen this very public acrimony, repeated time and time, again, between the Bureau and the state regulators. And I think we're about to see a plan again with the debt collection rulemaking. But we also saw that the OCC FinTech charter, you know, when New York suing, for example, and so I think the risk level on the point that Robert made has gone up as a result of recent political developments, I would say, and I love her talking about Oregon Valley and a little bit 25:35 as everyone knows, the states are taking more regulatory action because of the CFPB kind of taking a step away. So what sort of reactions to fintechs are imposing from, you know, from sandbox to outright hostility 25:50 to you know, these new lending platforms? Sure. 25:54 So it's a mix. I mean, I think over the last years, I do surveys and kind of the fitness developments and innovation in financial services each year, last year was 26:08 groundswells, where the federal treasury report was very pro innovation. There were the CFPB proposals, which despite our inherent cynicism as lawyers about what may happen, was all positive generally in that the various regulatory agencies were very focused on innovation, very excited about it. The states were much more than that. I think three states Arizona was the first one that did a sandbox. I think there have been a couple more. Utah and Washington or Wyoming. It was a WC have done in sandboxes. And then CSV, of course, hire the architect of Arizona sandbox to free their sandbox, Paul Watkins. And so some of the states have been favorable and some of the states have since said still on that other states have been very hostile battle. You mentioned New York and opposing the OCC FinTech charter proposal and the OCC is motion to dismiss those actions was just denied. So that those actions are going to proceed despite the cut those these these comments that they were using as lawsuits and Associates, the former recently deported head of the New York home country services in a comment that my children claim sandboxes. We expect our licensees to follow rules. And it was it was a very hostile statement that she made publicly about it. And her point was that we will not be getting any variances or sandbox ability to not follow the laws. If you want to do a product, you need to follow them. And that reflects what Chris mentioned that that heightened reactiveness of the states to counteract what they see as a step back by the Bureau on under the new administration. So I think some other states have been equally hostile. Some states have gotten forcement action 27:48 on 27:50 innovative companies operating in new models. And so I think it's definitely mixed. And there is a degree of hostility and then something you have to be very careful about. Yeah, 27:58 and I think that my own view is That most states will try to pay lip service to the idea of supporting innovation. But where their head really is at is a lot of distrust and suspicion of FinTech and FinTech companies as being sort of outside the mainstream of financial services company, companies unaware or uncaring about compliance responsibilities or thinking that the laws don't apply to them. And so the sentiment that I detect them on many state regulators is not just that they're not giving FinTech companies a break, but they're affirmatively suspicious and hostile toward them. So like the Colorado litigation, which Robert or alluded to just a moment ago, where the Colorado Triple C Commissioner is suing the marketplace lending platforms, saying that they're the true lender under Colorado law, and therefore, they're subject to Colorado's usury laws. And there's been noise made about that concept by the New York department financial services as well. And so I think partnering with a FinTech or being a FinTech in the eyes of the state regulator isn't a good thing. It's something that starts you off on the side of suspicion in terms of your compliance, adherence, not something where you're welcome and saying, oh, you're making life better for consumers, 29:13 even if you are unsure. And you know, based on what you guys are saying what the states 29:20 would say next, but I'd 29:22 have to ask anyways, are there any best practices lenders can adopt to deal with the marianum changing regulations that we're seeing from state to state? 29:32 Well, the problem is, there's no quick stop. There's no one stop to explore because each state has the right to regulate things for basically any kind of market participant. There's some preemption for federally chartered banks, but they're still subject to some state laws. And then everybody else has to be subject to all state laws. And so I don't think there's any substitute for having to review and analyze the laws of every state as it relates to your operation. And we do lots of that we have FinTech clients who are starting Who have innovative business models and we have to do these surveys for them to go through and make these giant charts of state law so that they can figure out what operational changes they need to make in each state or what license they need or what bond they need to post or whatever. I don't think there's a way around that, honestly, unless you become a federally chartered bank, and then you're exempt from like state licensing and stuff, but you're still subject to state laws on labor. 30:24 So, maybe Roberts found the answer to this, and I just, 30:27 I'm sure I'll be I'll be in the bathroom I know. 30:31 So, I agree completely with you have to go state by state and and it varies, can we use this FinTech term and it includes so many different models, I mean, we don't deal with the tech clients who are, they're just lenders. They get saved on the bus where the directions is it's controversial, they get examined, and their their innovation is primarily in the form of incredible customer service in pro user interface and a streamlined business model. That, that customers love. And and it's not controversial, you need to have enough in the mortgage space where they're really just a mortgage broker. And it's a tried and true model and you know what to do and what they're doing or innovative things in those regards. And then you have have companies that, you know, work with lenders that are using a different model that that states are looking at, although it's existed for 30 to 40 years, you know, are looking at kind of for the first time in FinTech and evaluating it, and, and taking different approaches. So it varies considerably within the FinTech industry, you may have people building in API's or software that it's not a huge deal depending on what you're doing. But the other things that are doing materially different things that do create unique regulatory risks. And that's why you really have to think through it because the states vary tremendously on on what they capture, even in relatively homogenous areas, like servicing debt collection, which not a lot has changed in 40 years from guarding sort of what the laws capture and collect the payments. But But still, you still have an enormous variation on what people are doing and what it captured across state lines, and just just have a look into value. 32:13 And we are kind of rubbing hands and not so much. But I have one more question before we move to some of the audience questions that have been submitted. A lot of finance companies conduct due diligence on new technologies and the partners that come with those technologies. So, you know, as an executive, if I look one 32:34 What do I do when I have a pitch from a team 32:36 member or an outside FinTech provider, the product or service? 32:43 area? You know, when we look at that for or finance companies and other established players and examine a FinTech company, you know, we you have to get first and understand the core what it is that they're doing, and understand what is it that applies to them. You also need to look very carefully at how are they interfacing to your consumers? And what are they doing with your consumers data? Who has ownership of that data? What's going to happen with it? And how are they going to safeguard it? Sometimes, FinTech companies are extremely thoughtful. They have a great and robust planning system. And sometimes they don't. And you need to make sure that they understand the obligations that they have independently, but also the obligations that they have as a danger of yours in which your compliance obligations to these customers get passed on to them. And you have to conduct robust diligence. But the usual points are understanding, making sure that the company that you're looking to do business with understands who they are and what they do, and how they're going to be considered more particularly across state lines, because a lot of times they get it at the federal level. Not always but a lot of times Law, they don't think of themselves in that way they think of themselves as a software as a service provider or as a tech company, not a provider, consumer financial services. And so you gotta look at that data as a huge one, when you see these issues, and you'll see some CFPB consent decree about the reps on data protection, like we mentioned earlier, you just got to be very careful that they're protecting the data. And you also have to look under the hood at what they're doing, you know, there's a tendency to treat their information processes as proprietary. And there's a degree to which, you know, sort of nobody pulls it, but all the way that these are the what they're doing and what their operating or their operations are connected consumers, you really have to understand what they do, and make sure that you know, and they know what the laws are applies. And I want to pick up on the last point Robert made about pulling up the hood, because, as he alluded to, there are some tech companies that feel very protective of their algorithms or data sets or processes and will not want to let you open and will want to say well, that's our tree. Secret, we don't want to let you know that. And so when that situation happens, there could be pressure from a business standpoint to use it. And to say, well, it's proprietary. And you know, we just accept it when they say well except erupts in warranties that they're in compliance with law. So the hypothetical that I want you to consider when that situation happens, and it's a real hypothetical, what happens all the time is you have a choice, you can pull up the hood before you enter into an agreement with this company, and find out and figure out what your level of risk is, and whether it's anything that makes you uncomfortable or not. Or you can put yourself in for a surprise later, because the surprise later will happen when a regulator is doing an examination of you, or an enforcement investigation. And they say, oh, you're using this model from this company? Are you using this data for this company? Tell us all about the variables in their algorithm. And you'll say, Well, I don't know. They wouldn't tell us. And then the regulators say well, you are going to tell us now. So go Get it from them and give it to us right now. And I've had many instances where people were in the middle of a CFP exam. And they had to go to with a model provider and say, well, the CFPB is asking for the variables and attributes in your model. So please give them to me right now, when that happens, you get a surprise, it could be a good surprise or a bad surprise, but you get a surprise, because you will then for the first time in the middle of the CFPB exam, and at the same time as the regulator, find out what's in that month, and if it's all wonderful, then you breathe a sigh of relief, and you can sort of 36:31 kick back in the day and have, you know, whatever beverage of 36:33 your choice, but if there's something sort of problematic in the model, you had no opportunity to try to put yourself in a position to defend it beforehand. And you've exposed your operation to the risk of using whatever the regulator may not like. And now they're going to punish you for using retro actively and they don't care that the provider wouldn't tell you on the front end. They'll hold you responsible for what says in the model. So when you play out that potential for the fun or not fun, so In the middle of an exam, it sort of adds some additional color about why it's so important to pull up the hood, as Robert said, and to basically say to a provider of data or models. Look, you don't want to tell me that information. We're not going to do business for you, because we're not up to the surprise. And this whole 37:15 movement towards explainable models that was talking about earlier is a direct result of that is a direct result of 37:23 being able to answer these questions, and that's how it has arisen and the industry has adapted. 37:29 Moving on just to satellite 37:32 audience questions. We have one here for the credit lifecycle, which alternative data sets are your clients most interested in to better understand their consumers, financial circumstances, 37:45 financial circumstances in the sense of underwriting or maybe for advertising or for collections, because that collections Yeah, so we, we have a couple of clients that are data analytics providers for collections, one for creditors and one for debt collection agencies. The data that they seem most interested in using is they'll use a lot of information from credit bureau reports. They'll use data about the transaction with the creditor. And then they'll use data showing how the consumer responds to various debt collection communications, like what do they respond to, and when and how. And those are the predominant things that they use. And some of them have expressed an interest in using some census based information like census tract level, credit, bureau data or other sorts of financial type of information. We don't see a lot of interest, at least I haven't in using things like web browsing history or online shopping or social media type stuff for debt collection segmentation. And the clients that I have that I work with on that don't believe it's that predictive, they think the other datasets that I'm just talking about are more predictive. So that's what I'm seeing. Right, Robert? Yeah, I mean, I, I don't think that the number of friends you have on Facebook was making as many models as much as that time. You know, I think that about captures it on sourcing collections. You know, one of the things that's, it's really not unconventional, but is people seem to find enormous predictive value based on getting access to account information and a screen scraping through that and seeing somebody use comprehensive transaction history based on their record record accounts and things like that. Think about, like, somebody uploading all this data. That's to show the concept where you load in all your major thousand in a number of things, sources, riders will now work with providers like plaid and other companies to have access to data and say, you know, by logging in, and you have to do remote disclosure and provide information to log in and give access to it. But but that's been very interesting because it was decidedly less sexy than you would think, with us underwriting alternative data because it's really just core bank data. It's like, it's akin to 20 years ago, said Bring me in the last 12 months of your bank statements and print them out and fetch them. I mean, it's not super new, but it's what it is that the advantage is that through using machine learning, you can crunch that data in fascinating ways to really show a lot of predictive information about how someone's going to add. Yeah, and that's a very good point. And yeah, that's the whole premise, I think of the super FIFO proposed price is that it's FIFO plus bank account information. It's just that there's kind of a limitation in using it. Because unlike credit bureau data, which is available from many consumers, maybe 8% of consumers, the bank stuff is not because it sort of you have to opt into it and not, not that not 80% of the 40:43 customers have opted into it. Yeah. And it's limited because it doesn't help the unbanked to your point. If you think about the environment, about consumers and the promise of AI, you know, reaching those consumers and underwriting it's not gonna help you as much there. </div> [/toggle]