Policy on the Compliance Assistance Sandbox

AGENCY:

Bureau of Consumer Financial Protection.

ACTION:

Policy guidance and procedural rule.

SUMMARY:

The Bureau of Consumer Financial Protection (Bureau) is issuing its final Policy on the Compliance Assistance Sandbox (Policy), which is intended to carry out certain of the Bureau's authorities under Federal consumer financial law.

DATES:

The Policy is applicable on September 10, 2019.

FOR FURTHER INFORMATION CONTACT:

For additional information about the Policy, contact Paul Watkins, Assistant Director; Edward Blatnik, Deputy Counsel; Albert Chang, Counsel; Thomas L. Devlin, Senior Counsel; Will Wade-Gery, Senior Advisor; Office of Innovation, at officeofinnovation@cfpb.gov or 202-435-7000. If you require this document in an alternative electronic format, please contact CFPB_Accessibility@cfpb.gov.

SUPPLEMENTARY INFORMATION:

I. Background

On December 13, 2018, the Bureau proposed a Policy on No-Action Letters and the BCFP Product Sandbox (Proposed Policy). The Proposed Policy had two parts. The first concerned No-Action Letters exclusively. The resulting No-Action Letter Policy (NAL Policy) has been finalized and published elsewhere in this issue of the Federal Register. The second part concerned the Sandbox (Proposed Sandbox Policy). This document finalizes the Proposed Sandbox Policy as the Compliance Assistance Sandbox Policy (CAS Policy or Policy). It reflects adjustments to the Proposed Sandbox Policy that the Bureau is making in response to comments on that proposal. The differences between the Proposed Sandbox Policy and the CAS Policy are discussed in detail in section IV below, which reviews the Bureau's consideration of comments received on the Proposed Sandbox Policy.

In section 1021(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), Congress established the Bureau's statutory purpose as ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive. Relatedly, the Bureau's objectives include exercising its authorities under Federal consumer financial law for the purposes of ensuring that markets for consumer financial products and services operate transparently and efficiently to facilitate access and innovation, and that outdated, unnecessary, or unduly burdensome regulations are regularly identified and addressed in order to reduce unwarranted regulatory burdens.

Congress has given the Bureau a variety of authorities under title X of the Dodd-Frank Act and the enumerated consumer laws that it can exercise to promote this purpose and these objectives. These authorities include the authority to implement the Federal consumer financial laws through rules, orders, guidance, and interpretations, and to establish general policies with respect to such functions. As discussed in the Proposed Sandbox Policy and explained further below, three of the enumerated consumer laws describe the safe harbor effect of Bureau approvals issued to a particular entity or entities.

II. Summary of the Compliance Assistance Sandbox Policy

The primary purpose of the CAS Policy is to provide a mechanism through which the Bureau may more effectively carry out its statutory purpose and objectives by better enabling compliance in the face of regulatory uncertainty. One of the Bureau's core statutory functions is to issue guidance implementing Federal consumer financial law, and the Director is authorized to issue such guidance as may be necessary or appropriate to carry out that law and to prevent regulated entities from evading it. To that end, Congress has instructed courts to treat Bureau determinations on the meaning and interpretation of such law as those of an agency with exclusive authority to interpret it.

The Bureau uses the Official Interpretations (Commentary) as its primary means of fulfilling its interpretive mission. Like other forms of guidance that the Bureau uses, the CAS Policy is intended to supplement the Commentary. The Policy does this by helping regulated entities better understand, in conditions of regulatory uncertainty, how Federal consumer financial law applies to specific aspects of particular products and services. It is for this reason that the Bureau is finalizing the Policy as the Compliance Assistance Sandbox Policy. The Policy, as finalized, provides for the issuance of approvals. Approvals offer a regulated entity that confronts regulatory uncertainty the binding assurance that specific aspects of a product or service are compliant with specified legal provisions. (Applicants to the Sandbox can also apply for a No-Action Letter under the Bureau's NAL Policy. As discussed in the Bureau's NAL Policy published in this issue of the Federal Register, No-Action Letters provide an entity with the Bureau's discretionary determination not to exercise supervisory or enforcement activity against specific aspects of a product or service.)

The Bureau expects that approvals will usually be time limited, typically to two years, but recipients may apply for extensions under specified procedures. A given approval may ultimately be used to help support an amendment to a regulation or Commentary, negating the need for further extensions of one-off assistance. The Policy commits approval recipients to specified forms of data sharing with the Bureau.

Applicants for compliance assistance under the Policy follow a streamlined application and review process. The Bureau expects to grant or deny an application within 60 days of notifying the applicant that its application is deemed complete. The Policy also lays out mechanisms for Bureau coordination with other regulators that maintain similar programs designed to facilitate innovation.

The Bureau plans to propose further forms of assistance that may be of value to innovators. The Proposed Sandbox Policy would have provided for the issuance of exemptions by order from regulatory and certain statutory requirements. As explained further below, the final CAS Policy does not include such exemptions, but the Bureau does intend to propose a legislative rule providing for the issuance, by order, of exemptions from regulatory requirements, as well as other categories of exemptions, as an additional form of assistance. The Bureau also intends to issue a proposal regarding the issuance of interpretive letters, and other forms of interpretive guidance. These developments have been informed by comments received in response to the Proposed Sandbox Policy.

III. Overview of Sandbox-Related Comments

The Bureau received 29 unique comments covering the Proposed Sandbox Policy. Industry associations and individual financial services providers together submitted 17 of these. Consumer and civil rights organizations submitted five comments covering the Proposed Sandbox Policy. Government actors submitted three such comments. The remaining Proposed Sandbox Policy comments were provided by law firms (one), research centers (two), and members of the public (one).

Industry commenters uniformly supported the Proposed Sandbox Policy. One of two groups of State Attorneys General also did so. These supporters generally agree that legal and regulatory uncertainties pose a barrier to innovations being developed in the marketplace. In their view, the Proposed Sandbox Policy, along with other Office of Innovation policies and programs, can help lower that barrier. Industry stakeholders made a number of comments intended to improve the functioning of the Proposed Sandbox Policy in that respect.

Some of the most significant such comments, in the Bureau's view, requested that the Bureau add interpretive guidance to the available forms of compliance assistance. For example, one industry think tank called for the Bureau to further compliance by issuing interpretive legal opinions in circumstances warranting further legal clarity on a particular practice or activity. The commenter noted that other regulatory agencies—including the Office of the Comptroller of the Currency, the FTC, the Securities and Exchange Commission, and the Commodity Futures Trading Commission—provide for opinions of this kind. Another group of industry commenters requested that, to bring the proposal closer into line with similar programs offered by other regulators, issuance of compliance assistance under the Policy should represent the Bureau's conclusion that the proposed product or service does not violate applicable Federal consumer financial law. A trade association commenter suggested that the Bureau should use its authority to issue advisory opinions under the Fair Debt Collection Practices Act (FDCPA) to clarify regulatory expectations by providing clear legal interpretations for debt collectors that want to use newer technologies. Another commenter called for the Bureau to clarify the interpretive activity associated with approvals, in part so that third parties would better understand what reliance they could place on Bureau action under the Sandbox. These kinds of comments on the importance of interpretive guidance build on earlier comments submitted in response to the Bureau's 2018 Request for Information on Guidance and Implementation Support (Guidance RFI).

This feedback is informing the Bureau's present consideration of a proposal to implement an interpretive letter program that could benefit innovators and other regulated entities confronting regulatory uncertainty. The Bureau agrees with these commenters that the present lack of an interpretive letter or advisory opinion policy represents a gap in the Bureau's plans for providing compliance assistance to stakeholders under the Federal consumer financial laws. Because the Bureau did not propose an interpretive letter or advisory opinion program in the Proposed Sandbox Policy, and because of the significant public interest in how such a program might be structured, the Bureau believes it would be appropriate to provide an opportunity for public comment before establishing an interpretive letter or advisory opinion program. Accordingly, the Bureau intends to separately propose an interpretive letter program as soon as practicable.

With one exception, consumer and civil rights organizations—together with a second group of State Attorneys General, and a group of State financial regulators—opposed the Proposed Sandbox Policy. Their predominant objection was that it would permit regulated entities to evade their legal responsibilities. The Bureau believes this objection is ultimately misplaced, but acknowledges that the proposal may not have been sufficiently clear on this point. Approvals are intended to facilitate compliance in the face of regulatory uncertainty. The relief they provide is from regulatory uncertainty, not from regulatory obligation. This central purpose is why the Proposed Sandbox Policy is being finalized as the Compliance Assistance Sandbox Policy. It is also why the Policy refers to assistance rather than relief. Plainly, Congress gave the Bureau authority to issue orders to advance this compliance goal.

To the extent that some stakeholders continue to disagree with the Policy, the Bureau believes that their differences will primarily be about the practical importance of resolving specific regulatory uncertainties for regulated entities that seek to innovate and improve access to financial services, consistent with the requirements of Federal consumer financial law. Other agencies show steady demand for their interpretive and No-Action Letter programs and there is no reason to believe the Bureau's experience will be any different.

IV. Summary of Comments, Bureau Responses, and Resulting Policy Changes

This section provides a summary of significant comments received on the Proposed Sandbox Policy. It covers the Bureau's assessment of such comments by subject matter and, where applicable, describes the resulting changes that the Bureau is making in the Compliance Assistance Sandbox Policy. Comments addressed to the Bureau's proposed issuance of No-Action Letters have been addressed in the process of finalizing the NAL Policy published elsewhere in today's issue of the Federal Register. That review is incorporated herein by reference.

A. Liability Protection

Section II.A of the Proposed Policy provided a high-level description of the types of compliance assistance available under the Proposed Sandbox Policy. Section II.A.1 explained that an approval issued under the Proposed Sandbox Policy would be based on one or more of three statutory safe harbor provisions, and would include a statement that, subject to good faith compliance with specified terms and conditions, the Bureau approves the recipient's offering or providing the described aspects of the product or service in question. It further explained that, by operation of the applicable statutory provision, the recipient would have a safe harbor from liability under the applicable statute to the fullest extent permitted by the applicable provision as to any act done or omitted in good faith in conformity with the approval.

Section II.A.2 of the Proposed Policy explained that an exemption issued under the Proposed Sandbox Policy would include a statement that, subject to good faith compliance with specified terms and conditions, the Bureau exempts the recipient from complying with or deems it to be in compliance with specified statutory or regulatory provisions in connection with its offering or providing the described aspects of the product or service in question. The exemption would be based on authority to grant exemptions by order: (i) From statutory provisions (as well as provisions of regulations implementing the statute in question) under statutory exemption-by-order provisions (statutory exemptions); or (ii) from regulatory provisions that do not mirror statutory provisions under rulemaking authority or other general authority (regulatory exemptions). Section II.A.2 further explained that, where the Bureau provides such an exemption, the recipient would be immune from enforcement actions by any Federal or State authorities, as well as from lawsuits brought by private parties, based on the relevant statutory or regulatory provisions and on the recipient's offering or providing the described aspects of the product or service.

The Bureau received a number of comments about State-level effects of these two sections. They fall into two categories: (1) Comments regarding the effect of an approval or exemption on the ability of States to enforce Federal consumer financial law under section 1042(a) of the Dodd-Frank Act; and (2) comments about the effect of an approval or exemption on State law. The CAS Policy, as finalized, no longer includes statutory or regulatory exemptions by order. As a result, comments on exemptions are addressed further below rather than in this section.

1. Dodd-Frank Act Section 1042(a)

A group of State financial regulators, a group of State Attorneys General, and a group of consumer advocates asserted that the approvals available under the Proposed Sandbox Policy would exceed the Bureau's authority under title X of the Dodd-Frank Act. Specifically, they argued that the Bureau cannot provide this degree of liability protection because section 1042(a) of the Dodd-Frank Act gives the States authority to enforce Federal consumer financial law. The Bureau disagrees.

The basic operation of the statutory provisions that describe a safe harbor for Bureau approvals and Bureau interpretations is straightforward. For example, section 130(f) of TILA provides that various liability provisions of TILA do not apply to any act done or omitted in good faith in conformity with any approval or interpretation by an official or employee of the Bureau duly authorized by the Bureau to issue such interpretations or approvals under such procedures as the Bureau may prescribe. The CAS Policy prescribes such procedures for approvals (and the Bureau's planned interpretive letter proposal will propose to prescribe them for interpretations). Under those procedures, the Assistant Director, Office of Innovation, is authorized to issue approvals with respect to specific provisions of—for example—TILA and Regulation Z. At that point, no party, including a State, can override the statutorily conferred safe harbor.

State authority to enforce Federal consumer financial law does not invalidate the Bureau's exclusive authority to give meaning to that same law. The Dodd-Frank Act is clear that the Bureau has such authority. Thus, the Commentaries for Regulations Z, E, and B inform regulated entities that they can be relied upon for safe harbor effect. They do not observe any exception for State enforcement actions that purport to rely on contrary interpretations of TILA, EFTA, and ECOA, and no State has ever suggested that they should. Similarly, the Bureau has also used its authority to grant exemptions by rule from various statutory or regulatory provisions. For example, section 1026.41 of Regulation Z requires mortgage servicers to provide periodic statements. Using its authority under TILA to grant exemptions by rule, the Bureau exempted small servicers from the periodic statement requirement. No one would suggest, however, that States could now state a claim under TILA against exempted small servicers for failing to provide periodic statements.

2. State Law

A group of State Attorneys General observed that the Proposed Sandbox Policy appears not to contemplate the preemption of State law. One consumer group urged the Bureau not to preempt state regulators until sufficient time has passed for states to establish their own financial services regulatory sandboxes. A research organization stated that the Bureau has a strong case for preemption under the Proposed Sandbox Policy. The compliance assistance available under the Policy, however, concerns Federal consumer financial law, not State law, and the Bureau does not foresee that such assistance would preempt State law.

B. Approvals

The Bureau received a number of comments specific to approvals. A consortium of consumer groups made several points. Their main concern was that the Bureau might issue de facto exemptions as approvals. This concern appears to derive from the Bureau's description of an approval as a form of “relief” from statutory and regulatory provisions. The Proposed Sandbox Policy used the term “relief” as a generic term that encompasses exemptions, but also other actions that are designed to reduce regulatory uncertainty and facilitate compliance. The Bureau did not—and does not—intend to issue approvals that are de facto exemptions. The Bureau intends to provide approvals with respect to products, services, and practices that are compliant with identified statutory and regulatory provisions. To avoid further confusion on this point, the Bureau is finalizing the proposal as the Compliance Assistance Sandbox Policy, which now refers to compliance assistance rather than relief.

Second, the consumer groups pointed out that the Commentary applicable to regulations implementing TILA, EFTA, and ECOA include statements indicating that, except in unusual circumstances, Bureau interpretations that trigger the safe harbor provisions of the respective statutes will be included in the Commentary. The commenters stated that the Proposed Sandbox Policy did not mention these statements or purport to change them. The main reason it did not do so is that these statements concern interpretations, not approvals that apply to specific entities. In addition, the Bureau has already issued several standalone interpretations that offer safe harbor protection even though they did not follow the general practice of being issued after notice-and-comment as part of the Commentary.

Third, the consumer groups took issue with the Bureau's description of the safe harbor effect of an approval. They objected, in particular, to the term “immunity” as overstating the impact of an approval because: (i) An entity must have relied on the approval in good faith; (ii) a court must find that the approval was issued prior to the time of the entity's action; (iii) the entity is not protected from liability for future acts in conformance with the approval after a court invalidates the approval; and (iv) an approval only protects a recipient from liability, and does not prevent a plaintiff from obtaining declaratory or injunctive relief. Similarly, a group of State Attorneys General objected that the safe harbor provisions do not confer “absolute immunity,” but instead provide entities an affirmative defense to liability when entities can demonstrate they acted in good faith and in conformity with the approval in question.

This objection reflects a semantic difference. The legislative history of the TILA safe harbor provision uses the term “immunity” from civil liability. In addition, the Bureau's statements on the safe harbor made clear that the liability protection provided by an approval depends on the recipient's good faith conformity with its terms. As a result, the Bureau believes that immunity from liability is a reasonable description for the protection against liability that Congress provided under section 130(f) of TILA, section 706(e) of ECOA, and section 916(d) of EFTA. By the same token, however, the Bureau has no objection to referring to safe harbors from liability rather than immunity from liability, and the CAS Policy has been adjusted accordingly.

C. Exemptions

Section II.A.2 of the Proposed Policy indicated that exemptions by order would be available in two forms: (1) Exemptions from statutory provisions (as well as provisions of regulations necessitated by the statute in question) under statutory exemption-by-order provisions (statutory exemptions); or (2) exemptions from regulatory provisions that are not specifically necessitated by statutory provisions under rulemaking authority or other general authority (regulatory exemptions). The Bureau received comments about both types.

1. Statutory Exemptions

Consumer groups and one group of State Attorneys General observed that the Bureau has limited authority to provide statutory exemptions by order. In light of the comments received, the Bureau has concluded that the purposes of the specific statutory exemption by order provisions described in the Proposed Sandbox Policy are sufficiently distinct from the purposes of the Compliance Assistance Sandbox Policy that they do not need to be included in it. The exclusion of statutory exemptions from the Policy does not affect the Bureau's authority to issue such exemptions pursuant to these specific statutory provisions.

2. Regulatory Exemptions

A number of industry and trade association commenters, among others, supported the Bureau's proposal to provide regulatory exemptions, generally arguing that regulatory exemptions would allow companies and service providers to test innovative products and services in a controlled environment, without incurring the risk of a lawsuit or enforcement action.

Consumer groups and a group of State Attorneys General asserted that the Bureau lacks authority to provide regulatory exemptions. In their view, apart from the very limited authority to grant statutory exemptions by order, the Bureau only has authority to grant exemptions by rule. These commenters contend that such exemption-by-rule provisions typically include standards that the Bureau must satisfy when prescribing such exemptions, and that the Proposed Sandbox Policy impermissibly sought to circumvent what they asserted was the Bureau's obligation to grant regulatory exemptions only through a rulemaking process.

The Bureau believes that regulatory exemptions—i.e., exemptions from regulatory provisions that are not specifically necessitated by statute—would be an important component of the CAS Policy. Regulatory exemptions would enable the Bureau to learn, from real-world experience, whether technological or other developments since current rules were issued warrant a change in discretionary aspects of Bureau rules. As contemplated in the Proposed Sandbox Policy, regulatory exemptions would allow the Bureau, in a controlled environment, to learn whether a new aspect of a product or service that was not fully contemplated when existing rules were promulgated nonetheless advances the purposes and objectives of the underlying statute.

The Bureau appreciates the comments emphasizing the value of additional public feedback before proceeding with an exemption program. Thus, the Bureau will at a later date issue a proposal to establish a program for exemptions by order through a separate notice-and-comment rulemaking.

D. Administrative Procedure Act Requirements

Consumer groups and one of the State Attorneys General groups contended that the Proposed Sandbox Policy fails to comply with the Administrative Procedure Act (APA) in various respects. The Bureau disagrees.

1. The Policy Is Not a Legislative Rule

A number of commenters asserted that the Proposed Sandbox Policy, if finalized, would be a legislative rule and accordingly subject to notice-and-comment (and other) requirements under the APA. The Policy is intended as a policy statement and procedural rule that provides the public with information regarding the Bureau's plans to exercise its discretion to issue approvals under the Policy, and to describe the procedural components of such discretion. It does not purport to impose on any regulated entity any legally-binding obligations or prohibitions. It does not create substantive rights in any party, but rather describes procedures for how compliance assistance can be sought under the Policy and how the Bureau intends to resolve such applications. Whether an individual approval impacts substantive legal rights is a separate question that is addressed in subsection D.3 below. But the fact that such compliance assistance may change substantive rights does not convert into a substantive legislative rule the procedures that describe how the Bureau intends to exercise its discretion to provide compliance assistance.

2. The Policy Is Not Arbitrary and Capricious

Consumer groups claimed that the Proposed Sandbox Policy, if finalized, would be arbitrary and capricious for several reasons. The Bureau notes that a determination of whether the Policy is arbitrary or capricious would be based on the content of the final Policy, not the proposed Policy. Accordingly, the discussion below references the final Policy as well as the proposed Policy.

First, consumer groups characterized the Proposed Sandbox Policy as arbitrary and capricious for not considering impacts on consumers. The Bureau believes this characterization is incorrect. The proposed Policy advised applicants for compliance assistance to describe consumer benefits and risks associated with the product or service. It also stated that the Bureau intends to place particular reliance on those elements of an application when assessing the merits of any application for assistance. The final Policy confirms the point. Moreover, under the Proposed Sandbox Policy, regulated entities granted an approval were to: (i) Report information about the effects of the described aspects of the product or service on complaint patterns, default rates, or similar metrics that will enable the Bureau to determine if such aspects are causing material, tangible harm to consumers; and (ii) compensate consumers for any material, quantifiable, economic harm caused by the described aspects of the product or service. As described further below, these provisions have been adjusted in the final Policy to track more established standards of consumer injury, but their core focus on detecting and mitigating consumer risks remains.

Second, consumer groups claimed that the Bureau failed to give adequate reasons for developing the Proposed Sandbox Policy. As explained further above, the Bureau's immediate aim here is to better enable compliance in circumstances of regulatory uncertainty—and thereby serve a number of the Bureau's statutory objectives. Building new mechanisms to improve adherence to consumer protection laws benefits consumers directly—by improving compliance—and indirectly—by lowering compliance costs and helping innovators to provide new products and services to compete for consumer demand. In addition, the Bureau explained in the Proposed Sandbox Policy how it expected information obtained thereunder to inform the Bureau's exercise of related authorities, such as market monitoring and rulemaking.

3. Approvals Are Not Legislative Rules

Commenters opposed to the Proposed Sandbox Policy made two broad arguments that approvals would amount to legislative rules. One group of State Attorneys General suggested that the Bureau lacks authority to issue approvals absent notice-and-comment rule-making. However, the case they cite to support this proposition discusses whether a generally applicable policy document is a legislative rule that requires notice-and-comment rulemaking. It does not address particularized determinations like the approvals contemplated by the Policy.

Some consumer groups asserted that particular approvals could be legislative rules requiring notice-and-comment rulemaking—even as the procedures specified in the Proposed Sandbox Policy for providing approvals do not contemplate such rulemaking. Particular approvals could be legislative rules, they contend, because they could change, in a binding manner, and broadly, whether or how consumer protection laws apply in the future, and affect the future action and future rights of consumers and other State and Federal agencies, as well as the Bureau.

Approvals issued under the Policy will be based on one or more of three statutory safe harbor provisions. These state that approvals will be issued by duly authorized Bureau officials or employees. The provisions do not indicate that such personnel must do so by rule or regulation. The Bureau acknowledges that simply labeling a Bureau action as an approval does not render it immune from challenge as a de facto legislative rule; the question is one of substance, not form. But the Bureau's intention under the Policy is that approvals will be particularized determinations based on the application of existing law to specific factual scenarios. Approvals will issue only when they are a rational product of existing law, and they will be expressly limited to the particularized facts and circumstances of the described aspects of the product or service identified by the applicant. As such, they are not subject to notice and comment requirements under the APA.

E. Application Elements and Bureau Assessment of Applications

Section II.B of the Proposed Policy listed nine items that should be included in an application under the Proposed Sandbox Policy, as appropriate, including: (1) The identity of the applicant; (2) a description of the product or service at issue; (3) the requested duration of participation; (4) any other limits on participation; (5) explanations of the potential consumer benefits and risks of the application; (6) an identification of the relevant statutory and regulatory provisions; (7) a description of data that would be shared with the Bureau; (8) any request for confidential treatment of information; and (9) an identification of any regulators the applicant wished the Bureau to coordinate with. Section II.C of the Proposed Policy stated that the Bureau would consider the quality and persuasiveness of the application in deciding whether to grant the application, with a particular emphasis on the potential risks and benefits, as well as an analysis of the relevant statutory and regulatory provisions. Section II.C also stated that the Bureau intended to grant or deny an application within 60 days of notifying the applicant that the Bureau deemed the application to be complete.

A coalition of consumer groups argued that the application and assessment procedures described in the Proposed Sandbox Policy were inadequate, for a variety of reasons. Specifically, these commenters argued that: The information to be included in an application was insufficient for the Bureau to properly evaluate applications; certain specific items (such as a showing of the product or service's compliance with existing State and Federal law) proposed to be deleted from the application requirements were necessary for the Bureau to provide an adequate review; and that the Bureau should add certain evaluation criteria from the prior NAL policy to the Proposed Sandbox Policy.

The Policy finalizes the application requirements largely as proposed. The Bureau appreciates these commenters' concern about the importance of adequately reviewing applications for compliance assistance. The Bureau intends in many cases for the issues raised by these commenters to be addressed as part of the Bureau's assessment of applications. However, as discussed in the preamble to the Proposed Policy, the Bureau's experience with the initial 2016 version of its NAL policy suggests that those application criteria were so burdensome as to deter potentially meritorious applications. By replacing the previous prescriptive application requirements with more flexible mechanisms (which can be tailored based on pre-application discussions between an applicant and relevant Bureau staff), applicants will be able to provide the Bureau with information necessary to evaluate an application without unduly burdening potential applicants. Ultimately, the Bureau believes that the most effective and efficient means of handling the concerns raised by consumer groups is to clarify that the Bureau expects its assessment of applications to include due diligence regarding the applicant, its principals, and the product or service in question.

With specific respect to concerns about removing requirements to show compliance with State and Federal law more generally, and to certify that all information in the application is true and accurate, the Bureau believes that these requirements are either unnecessary or redundant. As stated in the final Policy, compliance assistance provided under the Policy will be limited to specific applications of Federal law, as well as limited to the facts stated in the application. To the extent that a product or service violates a provision of law outside the scope of the Bureau's compliance assistance, it will be unaffected by the Bureau's compliance assistance. Similarly, if an applicant misstates or misrepresents to the Bureau material facts about the product or service at issue, it will not obtain the benefit of the Bureau's compliance assistance. The final CAS Policy reflects revisions intended to make clear that each form of compliance assistance attaches only to specifically described aspects of a given product or service and only to the legal provisions encompassed under that form of assistance.

As described in the Policy, in assessing applications the Bureau will place a particular emphasis on the potential consumer benefits and risks of the product or service at issue. The Policy makes clear that the Bureau will focus on the nature of the ambiguity or uncertainty identified in the application, and the manner in which the requested approval would resolve that ambiguity or uncertainty. The final Policy indicates that an approval granted under the Policy will include a statement of the Bureau's basis for providing the compliance assistance at issue.

Several trade associations requested that the Bureau clarify that the proposal was not limited to “emerging” or “fintech” firms, but extend to any firm interested in testing innovative products and services. The Bureau agrees that compliance assistance should be generally available to entities offering (or contemplating offering) an innovative product or service that is subject to regulatory uncertainty, and the final Policy reflects that intent. Thus, the application procedures, as finalized, call for the applicant to describe how an intended product or service may further innovation, but they do not restrict the kinds of providers that may apply for compliance assistance.

Several commenters expressed concern about the Bureau's intent to grant or deny an application within 60 days of the application being deemed complete. These commenters believed that a 60-day review period would be insufficient for the Bureau to evaluate the application adequately, conduct appropriate due diligence, and coordinate with other regulators, among other things. Under the final Policy, potential applicants are strongly encouraged to discuss their application with the Bureau prior to filing a formal application; the Bureau understands that this is common practice among other Federal agencies with similar programs. This pre-application period typically will allow Bureau staff to conduct a preliminary evaluation of an application (and the applicant) before its formal submission to the Bureau. Thus, the final Policy retains language stating that the Bureau intends to grant or deny an application within 60 days of notifying the applicant that the Bureau has deemed the application to be complete. The final Policy also notes that while the 60-day review period will be the Bureau's general expectation, particular circumstances—in particular the potential need to coordinate with other regulators—may lengthen that timeline.

F. Scope, Duration, Extension, Termination and Modification

Sections II.A and II.B of the Proposed Sandbox Policy described the particularized scope of approvals to be issued under the Policy. Section II.D.7 noted that approvals would normally be limited to two years. Section II.E described extension procedures and stated that extensions would be based on the quality and persuasiveness of the data provided to the Bureau under Section II.D. Section D.10 described potential revocation grounds and procedures.

Several commenters noted that compliance assistance is made more valuable when generally applicable. As noted above, however, approvals are intended to be particularized determinations based on the application of existing law to specific factual scenarios. The Bureau recognizes that there is some tension between the value of generally applicable assistance and the practicality of particularized assistance. It believes that the best way to resolve that tension is by reevaluating an approval after an appropriate period of time to determine whether: (a) It should be confirmed in the Bureau's regulations or incorporated in the Commentary (or other generally applicable interpretative guidance); (b) it is of sufficiently narrow applicability that maintaining it as a particularized approval is appropriate; or (c) data received from the recipient indicates that the approval should be modified or terminated. Accordingly, the Bureau is not changing the Policy to make approvals of broader applicability.

The Bureau continues to believe that two years will generally be an appropriate length of time to gather and analyze data to determine appropriate follow-on action. Several commenters objected to this time period as too long. They also objected to the potential for extensions, particularly in the context of follow-on rulemaking. The Bureau believes, however, that this concern does not fully take into account that approvals are used to provide compliance assistance to recipients. The Bureau is not waiving licensing requirements or taking similar steps to enable innovators to operate outside of the regulatory environment for some start-up period. Rather, it is providing assistance, beyond the existing Commentary and non-rule guidance offered, to innovators to comply with legal requirements in conditions of regulatory uncertainty. Any time limits would be calculated to enable the Bureau to make a considered decision about how to tackle that uncertainty over the longer term.

Industry commenters generally supported the proposed procedures for revocations of assistance, although some objected that the Bureau's focus on material, tangible harm to consumers was an unclear standard for revocation and compensation. Some consumer group commenters argued that the proposal's revocation procedures failed to reserve to the Bureau sufficient discretion to modify or end assistance without notice or an opportunity to respond or cure any failure to comply with the terms under which the Bureau provided assistance. Consumer groups also saw the standards for revocation as too limited. In particular, they objected to the Bureau's focus on material, tangible harm to consumers as too narrow a ground for revocation and compensation.

In response to these comments, the Bureau is revising the Policy's termination procedures in part. The Bureau agrees that it retains authority to end an approval when it deems that necessary in light of the purposes of the Policy. The Policy identifies the three circumstances in which it intends to effect termination on that basis: (i) The recipient fails to substantially comply in good faith with the specified terms and conditions of the approval; (ii) the described aspects of the product or service do not perform as anticipated in the application; or (iii) a statutory amendment or Federal judicial holding cause the Bureau to conclude that the recipient can no longer rely in good faith on the Bureau's approval as the safe harbor provisions require. At the same time, precisely because it retains the authority to end approvals, the Bureau believes that it is important to provide notice of an intended termination, explaining the grounds for that proposed action, providing an opportunity to respond, and, in appropriate circumstances, take corrective action to address the stated grounds for termination.

The Bureau is revising the Policy to refer to termination rather than revocation because the effect of approvals for the period that they are provided by the Bureau cannot be revoked. The Bureau is also revising the Policy to use standards for consumer harm that come directly from the Dodd-Frank Act and accordingly reflect well-understood and established legal norms. Finally, the Bureau is adding procedures under which recipients of compliance assistance can apply for modifications to an approval to address unanticipated changes in circumstances, such as potential changes to the described aspects of a product or service.

G. Confidentiality

Section II.G of the Proposed Policy listed types of information that the Bureau intended to publicly disclose about entities receiving compliance assistance, including the identity of the recipient and the subject matter, rationale, and legal authority for the compliance assistance provided. It also noted that the Bureau intended to publish certain information about denials. Section II.G identified a number of legal authorities—including the Freedom of Information Act (FOIA) and the Bureau's rule on Disclosure of Records and Information (Disclosure Rule)—that would govern the disclosure of any other information about applications for compliance assistance, and noted that much of the information submitted by applicants and recipients would be protected from disclosure under these authorities.

Industry commenters were broadly supportive of this approach. One trade association objected, however, to the proposed publication of denials. The Bureau is finalizing the statement about denials as proposed. The Bureau notes that the final Policy, as did the proposal, includes two related statements about denials: First, that the Bureau intends to publish denials only after the applicant is given an opportunity to request reconsideration of the denial; and second, that upon request, and if disclosure is not required by 5 U.S.C. 552(a)(2) or other applicable law, the Bureau does not intend to release identifying information from published denials, and to instead redact such information from denials published on its website. More generally, the Bureau expects denials to be relatively unusual. The Policy strongly encourages potential applicants to contact the Office of Innovation for informal, preliminary discussion of a contemplated proposal prior to submitting a formal application. If it appears during such discussions that an application is not likely to be granted, the potential applicant may choose not to submit an application in the first place. Applicants are free to withdraw applications at any time prior to denial.

A number of consumer groups and a law firm commenter saw the described disclosures as too limited. However, the Bureau merely intends to redact or withhold information to the extent that it is protected from disclosure by the FOIA. While the Bureau anticipates that much information submitted by applicants would be exempt from disclosure under the FOIA, it will disclose information consistent with the FOIA's requirements. In light of a recent Supreme Court opinion concerning FOIA Exemption 4, the Bureau is adding a statement in the final Policy making clear that where information submitted to the Bureau is both customarily and actually treated as private by the submitter, the Bureau intends to treat it as confidential in accordance with the Disclosure Rule.

H. Third-Party Applications

Section II.B of the Proposed Policy stated that the Bureau invites applications from trade associations, service providers, and other third-parties; however, the Proposed Policy noted that such third parties might not be able to submit a complete application. In such cases, the Proposed Policy stated that the Bureau may grant provisional assistance, subject to the submission of additional information and the Bureau's subsequent grant of non-provisional assistance. The Proposed Policy further stated that additional entities identified by the third-party may be granted assistance at the same or later time by informing the Bureau that they wish to be granted admission and providing the necessary information.

Trade association commenters generally supported the Bureau's proposal to allow third parties to apply for compliance assistance under the Policy. These commenters stated that allowing third parties to facilitate applications would increase access to compliance assistance, in particular for smaller entities that might otherwise lack the resources to obtain compliance assistance.

Consumer groups and a group of State Attorneys General opposed the proposal to allow applications from third parties. These commenters raised concerns that the Bureau's granting of an application from a trade association in particular could amount to rulemaking by the Bureau that would require notice and comment under the APA. These commenters also expressed concerns that under the Proposed Policy the Bureau would not be able to adequately evaluate applications from individual applicants that might seek compliance assistance under the auspices of previously-granted compliance assistance.

The Bureau continues to believe that in some cases it will be valuable for a third party to apply for a version of compliance assistance on behalf of another entity. To cite two examples: (1) A service provider may need preliminary compliance assistance from the Bureau before the service provider is able to find a partner willing to test an innovative product or service, and that partner could in turn apply for compliance assistance under the same terms; or (2), as noted by commenters, a trade association could facilitate participation in the Policy by smaller entities that otherwise would lack the resources to obtain compliance assistance directly from the Bureau.

In response to concerns about the Bureau's assessment of such applications, however, the Bureau has revised the structure of such third-party applications under the Policy. The final Policy contemplates that a third party (such as a service provider, trade association, or consumer group) could apply for and receive a “template” approval. The template itself is non-operative, meaning that no party can rely on it to trigger the statutory safe harbor, and the Bureau retains discretion at any time thereafter to reevaluate preliminary factual or legal findings reflected in the template. But as a statement of how the Bureau plans to interpret the law under certain circumstances, entities may use the template as a basis to apply for compliance assistance under substantially the same terms as those contemplated in the template. The Bureau would evaluate each application on an individual basis. The Bureau believes that this approach will still allow the benefits of third-party facilitation, while ensuring sufficient review of additional applicants.

The Bureau has also made provision for a third party to apply for compliance assistance based on offering a consumer financial product or service that has substantial similarity to an aspect of another product or service, offered by a first-party, that is already the subject of Bureau compliance assistance under the CAS Policy. This procedure closely resembles the procedures for “template”-based applications, but is adjusted to reflect the fact that the first party did not apply for any form of assistance on behalf of the third-party.

I. Regulatory Coordination

Section II.F of the Proposed Policy stated that the Bureau is interested in entering into agreements with State authorities that issue similar forms of assistance that would provide for an alternative means of receiving assistance from the Bureau. Some consumer advocacy group commenters read this statement as implying that a company that obtained assistance from a State would “automatically” receive compliance assistance from the Bureau. That is not the Bureau's intent. The Bureau anticipates that such agreements would include provisions designed to ensure that the Bureau's provision of compliance assistance in such circumstances would be consistent with its legal authority and duty to protect consumers, as well as with other applicable law. Approvals issued under the Policy will conform with the Bureau's statutory obligations regardless of how the application is presented to the Bureau.

The Proposed Policy also permits applicants to request that the Bureau coordinate with other regulators with respect to the application. A group of trade associations commented that the Bureau should not put the onus on the applicant to identify other governmental authorities with which the Bureau may coordinate. Rather, the Bureau should lead the coordination among Federal and State regulators, as it is better positioned to do so than the applicant. More broadly, these commenters urged the Bureau to ensure that other regulators understand the Policy and to request that other regulators defer to actions taken under its terms. These comments were seconded by an industry policy organization.

As evidenced by the inclusion in the Policy of a separate section headed Regulatory Coordination, the Bureau fully appreciates the need for coordination with other regulators for purposes of administering the Policy. However, such coordination must be balanced against other considerations. For example, as the Policy notes, if an applicant wishes the Bureau to coordinate with other regulators, the Bureau may need more time to process the application, depending on the degree of coordination requested. Moreover, the degree of coordination needed likely will vary from case to case. The Bureau intends to use its best efforts to find the optimal balance between coordination and other considerations for each approval issued under the Policy. For the reasons discussed above, the Bureau is finalizing the section on regulatory coordination largely as proposed.

V. Regulatory Requirements

The Bureau has concluded that the Policy constitutes an agency general statement of policy and a rule of agency organization, procedure, or practice exempt from the notice and comment rulemaking requirements under the APA, pursuant to 5 U.S.C. 553(b). Because the Policy relates solely to agency procedure and practice, it is not substantive, and therefore is not subject to the 30-day delayed effective date for substantive rules under section 553(d) of the APA. Because no notice of proposed rulemaking is required, the Regulatory Flexibility Act does not require an initial or final regulatory flexibility analysis.

VI. Congressional Review Act

Pursuant to the Congressional Review Act (5 U.S.C. 801 et seq.), the Bureau plans to submit a report containing this Policy and other required information to each House of Congress and the Comptroller General prior to the Policy's applicability date. The Office of Information and Regulatory Affairs has designated this Policy as not being a “major rule,” as defined by 5 U.S.C. 804(2).

VII. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C 3501 et seq.) requires that Federal agencies may not conduct or sponsor, and notwithstanding any other provision of law, a person is not required to respond to a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. The information collection requirements as contained in this final Policy and identified below have been approved by OMB and assigned the OMB control number 3170-0059. OMB's approval will expire on September 30, 2022.

The information collections contained in this Policy include Application for an Approval and Data Provided Pursuant to an Approval.

The Bureau's Proposed Policy, published December 13, 2018, 83 FR 64036, sought comment on these information collection requirements. While the Bureau received numerous comments on the Proposed Policy, which are addressed above, the Bureau received no comments specifically regarding the burden estimates for these information collections, utility or appropriateness. Additional details on comments received can be found in the Supporting Statement for the related 30-day notice published as required under the PRA.

A complete description of the information collection requirements, including the burden estimate methods, is provided in the information collection request (ICR) that the Bureau submitted to OMB under the requirements of the PRA. The ICR submitted to OMB requesting approval under the PRA for the information collection requirements contained herein is available at OMB's public-facing docket at www.reginfo.gov.

VIII. Compliance Assistance Sandbox Policy

The text of the final CAS Policy is as follows:

Compliance Assistance Sandbox Policy

In section 1021(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), Congress established the Bureau of Consumer Financial Protection's (Bureau's) statutory purpose as ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive. Relatedly, the Bureau's objectives include exercising its authorities under Federal consumer financial law for the purposes of ensuring that markets for consumer financial products and services operate transparently and efficiently to facilitate access and innovation, and that outdated, unnecessary, or unduly burdensome regulations are regularly identified and addressed in order to reduce unwarranted regulatory burdens.

Congress has given the Bureau a variety of authorities under title X of the Dodd-Frank Act and the enumerated consumer laws that it can exercise to promote this purpose and these objectives. These authorities include the authority to implement the Federal consumer financial laws through rules, orders, guidance, and interpretations, and to establish policies with respect to such functions. Three of the enumerated consumer laws describe the safe harbor effect of Bureau approvals issued to particular entities. Providing compliance assistance of the type described in this Policy may not only benefit consumers and entities that offer or provide consumer financial products or services, but it may also inform the Bureau's exercise of other authorities with respect to such products or services, such as market monitoring and rulemaking.

The Compliance Assistance Sandbox Policy (CAS Policy or Policy) sets forth the Bureau's policy and procedures regarding compliance assistance. The Bureau's policy and procedures regarding No-Action Letters (NAL Policy) are also incorporated by reference. The Policy's main purpose is to provide a mechanism through which the Bureau may more effectively carry out its statutory purpose and objectives by better enabling compliance in the face of regulatory uncertainty.

The Policy consists of eight sections:

• Section A describes the compliance assistance available under the Policy;
• Section B describes information to be included in an application for compliance assistance;
• Section C describes factors the Bureau intends to consider in deciding whether to grant an application for compliance assistance;
• Section D describes the standard procedures the Bureau intends to use in providing compliance assistance;
• Section E describes procedures the Bureau intends to use for granting extensions of, modifying, and terminating compliance assistance;
• Section F describes alternative application, assessment, and issuing procedures that the Bureau may use for certain circumstances;
• Section G describes how the Bureau intends to coordinate with other regulators with respect to compliance assistance; and
• Section H describes the Bureau's intentions regarding disclosure of information relating to approvals.

A. Types of Compliance Assistance Available

1. Approvals

An approval is provided by the Bureau to a particular entity under one or more of three statutory safe harbor provisions, based on the application of existing law to particular facts and circumstances. An approval issued to a particular entity will state that, subject to good faith compliance with specified terms and conditions, the Bureau concludes for the reasons stated therein that offering or providing the described aspects of the product or service complies with the Federal consumer financial law identified therein. By operation of the applicable statutory provision, the recipient has a safe harbor from liability under the relevant statute, to the fullest extent permitted by these provisions, as to any act done or omitted in good faith in conformity with the approval.

2. No-Action Letters

No-Action Letters available to recipients of compliance assistance under the Policy will be issued in accordance with the NAL Policy. Applicants for compliance assistance under the CAS Policy may use a single application to cover their request for compliance assistance and any accompanying request for a No-Action Letter. (If an applicant wishes to receive only a No-Action Letter, no application should be submitted under the CAS Policy.)

B. Submitting Applications for Compliance Assistance

Potential applicants are strongly encouraged to contact the Office of Innovation at officeofinnovation@cfpb.gov for informal, preliminary discussion of a contemplated proposal prior to submitting a formal application. An application for compliance assistance under the Policy should include the following:

1. The identity of the applicant;

2. A description of the consumer financial product or service to be offered or provided, including (a) how the product or service functions; (b) the terms on which it will be offered; (c) the manner in which it is offered or provided, including any consumer disclosures; and (d) an identification of how the product or service, or the manner in which it is offered or provided to consumers, may further innovation;

3. An explanation of the potential consumer benefits associated with the product or service, and suggested metrics for evaluating whether such benefits are realized, such as consumer utilization numbers;

4. An explanation of the potential consumer risks associated with the product or service, and how the applicant intends to mitigate such risks, including plans for addressing unanticipated consumer harms;

5. (a) An identification of the described aspects of the product or service as to which the applicant seeks an approval; an identification of the statutory and regulatory provisions as to which the applicant seeks that approval; an identification of the potential uncertainty or ambiguity that such approval would address; and an explanation of why the requested approval is an appropriate resolution of that uncertainty or ambiguity, including an explanation of why the described aspect of the product or service complies with the applicable statutory and regulatory provisions;

(b) If the applicant also seeks a No-Action Letter, it should consult the NAL Policy for information about what to include for that aspect of its application;

6. The requested duration of compliance assistance, and a description of other limitations on the scope of such assistance, such as limits on the volume of transactions, the number of consumers to which the product or service is to be offered or provided, or geographic scope;

7. A description of data on consumer impacts associated with the described aspects of the product or service that the applicant possesses or intends to develop and that will be shared with the Bureau if the application is granted, and a proposed schedule for sharing this data with the Bureau;

8. If the applicant wishes to request confidential treatment under the Freedom of Information Act (FOIA), the Bureau's rule on Disclosure of Records and Information (Disclosure Rule), or other applicable law, this request and the basis therefor should be included in a separate letter and submitted with the application. The applicant should specifically identify the information for which confidential treatment is requested, and may reference the Bureau's intentions regarding confidentiality under section H of the Policy; and

9. If the applicant wishes the Bureau to coordinate with other regulators, the applicant should identify those regulators, including but not limited to those that the applicant has contacted about offering or providing the product or service in question.

Applications may be submitted via email to: officeofinnovation@cfpb.gov or through other means designated by the Office of Innovation. Submitted applications may be withdrawn by the applicant at any time.

C. Assessment of Applications for Compliance Assistance

The Bureau may grant or deny a compliance assistance application in its sole discretion. If it chooses to grant an application, the Bureau also has discretion to grant the application in whole or only in part. In deciding whether to grant an application for compliance assistance, the Bureau intends to balance a variety of factors in considering the quality and persuasiveness of the application, with particular emphasis on the information specified in sections B.2(d) through B.5, as well as information about the applicant and the product or service in question derived through Bureau due diligence processes. The Bureau intends to grant or deny applications for No-Action Letters pursuant to the NAL Policy. The Bureau intends to grant or deny an application within 60 days of notifying the applicant that the Bureau deems the application to be complete.

D. Procedures for Providing Compliance Assistance

When the Bureau decides to grant an application for compliance assistance, it intends to provide the recipient with a Compliance Assistance Statement of Terms (CAST) setting forth the terms under which compliance assistance is provided, including the types and scope of assistance provided to the recipient. The CAST will be signed by the Assistant Director of the Office of Innovation, and by an officer of the recipient. The Bureau expects that the CAST will:

1. Identify the recipient;

2. Specify the subject matter scope of the CAST, i.e., the described aspects of the product or service;

3. State that the CAST and the compliance assistance provided:

(a) Is limited to the recipient, and does not apply to any other persons or entities;

(b) Is limited to the recipient's offering or providing the described aspects of the product or service, and does not apply to the recipient's offering or providing different aspects of the product or service;

(c) Is based on the factual representations made in the application, which may be incorporated by reference; and

(d) Does not constitute the Bureau's endorsement of the product or service that is the subject of the CAST, or any other product or service offered or provided by the recipient.

4. Require the recipient to inform the Bureau of: (a) Material changes to information included in the application; and (b) material information indicating that the described aspects of the product or service are not performing as anticipated in the application;

5. Require the recipient to report information about the effects of offering or providing the described aspects of the product or service, including with respect to complaint patterns, default rates, or similar metrics that will enable the Bureau to identify material increase in any risk of injury to consumers;

6. Where appropriate, include a commitment by the recipient to compensate consumers for Dodd-Frank Act actionable substantial injury caused by the recipient's offering or providing the described aspects of the product or service;

7. Specify any other limitations or conditions, such as the duration of the compliance assistance, the nature and extent of the recipient's data-sharing, and the extent to which the Bureau intends to publicly disclose information about the recipient's participation;

8. With respect to any approval the Bureau is providing the recipient: (a) State that, subject to good faith compliance with the CAST, the Bureau approves the recipient's offering or providing the described aspects of the product or service under the relevant law identified therein; and (b) explain the Bureau's basis for issuing the approval;

9. State that: (a) the recipient may reasonably rely on any Bureau commitments made in the CAST; and (b) the Bureau may terminate any approval described in the CAST if: (i) The recipient fails to substantially comply in good faith with the specified terms and conditions of the CAST; (ii) the described aspects of the product or service do not perform as anticipated in the application; or (iii) a statutory change or Federal judicial holding causes the Bureau to conclude that the recipient can no longer rely in good faith on the Bureau's approval as the safe harbor provisions require; and

10. If the applicant also applied for a No-Action Letter using their application under the CAS Policy for compliance assistance, incorporate any No-Action Letter that the Bureau is issuing pursuant to the terms of the NAL Policy.

E. Procedures for Extension, Modification, and Termination

1. Extension Procedures

Recipients of compliance assistance may apply for an extension of a specified period of time. In considering applications for extensions, the Bureau expects to place particular weight on the extent to which the data provided to the Bureau under the terms of the CAST shows that the described aspects of the product or service are benefitting consumers, not causing unanticipated harms, and not materially increasing the risk of substantial injury. Such applications for an extension should include the proposed duration of the extension and should be submitted no later than 90 days prior to the expiration of the compliance assistance under the terms of the CAST. The recipient should explain the reasons for the requested extension, such as whether it is intended to last until a possible amendment to Bureau regulations or the Commentary, or is instead intended for more particularized compliance assistance purposes.

Upon the presentation of persuasive data, the Bureau anticipates granting such extension applications for a period at least as long as the period of the applicant's original receipt of assistance. The Bureau anticipates permitting longer extensions where the Bureau is considering amending applicable regulatory requirements or the relevant Commentary. During the time period pending a rule or Commentary amendment, the Bureau intends to consider means of providing similar assistance to other covered entities that engage in the same or similar conduct in offering or providing comparable products.

2. Modification Procedures

A recipient of compliance assistance may apply for a modification of the CAST. The recipient may seek modification to address an anticipated or unanticipated change in circumstances, such as iterations of the underlying product or service or changes to the information included in the application for assistance. Applications for a modification should include the following:

a. Any material changes to the information included in the original application;

b. The specific requested modification to the CAST;

c. The grounds for modifying the CAST; and

d. Any other information the recipient wishes to provide in support of the modification application.

In deciding whether to grant an application for modification, the Bureau intends to balance a variety of factors, including the quality and persuasiveness of the application. The Bureau expects to grant or deny such applications within 30 days of notifying the applicant that the Bureau has deemed the application to be complete. When the Bureau grants an application for modification, it intends to provide the recipient with a modified CAST in accordance with the procedures specified in Section D.

3. Termination Procedures

The Bureau intends that the recipient of compliance assistance should be able to reasonably rely on any Bureau commitments made in the associated CAST. The Bureau expects terminations prior to any pre-determined expiration date to be quite rare based, in part, on its knowledge of similar programs of compliance assistance operated by other Federal agencies. The Bureau expects that its practice with respect to termination will be in line with the practices of these agencies.

The Bureau expects that a CAST will state that: (a) The recipient may reasonably rely on any Bureau commitments made in the CAST; and (b) the Bureau may terminate any approval described in the CAST if: (i) The recipient fails to substantially comply in good faith with the specified terms and conditions of the CAST; (ii) the described aspects of the product or service do not perform as anticipated in the application; or (iii) a statutory amendment or federal judicial holding causes the Bureau to conclude that the recipient can no longer rely in good faith on the Bureau's approval as the safe harbor provisions require. By operation of law, no retroactive action premised on the described aspects of the product or service will lie under provisions within the scope of an approval. If the Bureau is also providing a No-Action Letter to the recipient, termination will be in accordance with the NAL Policy.

In accordance with principles of fair notice, before terminating any approval provided under the Policy, the Bureau intends to notify the recipient of the possible grounds for termination, and permit an opportunity to respond within a reasonable period of time. In appropriate cases, the Bureau intends to offer the recipient an opportunity to modify its conduct to avoid termination. The Bureau intends to allow the recipient to wind-down the offering or providing of the described aspects of the product or service during a period of six months before termination is effective, unless the described aspects of the product or service are causing Dodd-Frank Act actionable substantial injury to consumers, and a wind-down period would permit such injury to continue. If the Bureau terminates any approval provided under this Policy, it intends to do so in writing and specify the reasons for its decision. The Bureau intends to publish termination decisions on its website.

F. Alternative Application, Assessment, and Issuance Procedures

The Bureau recognizes that the process described in sections B, C, and D (Standard Process) may not be appropriate in certain circumstances. These include applications by service providers that develop products or services for use by covered persons that offer or provide consumer financial products or services; applications facilitated by trade associations, consumer groups, or other third parties that are not themselves covered parties; and applications involving a consumer financial product or service that is substantially similar to one that is the subject of an existing CAST.

1. Service Provider and Facilitated Applications

Service providers that develop products or services for use by covered persons that offer or provide consumer financial products or services may use the Standard Process if they have secured an applicant that intends to use the service provider's product or service in connection with offering or providing a consumer financial product or service. Similarly, compliance assistance applications facilitated by trade associations, consumer groups, or other third parties that are not covered persons that offer or provide consumer financial products or services may use the Standard Process if the third party has secured an applicant that intends to offer or provide the consumer financial product or service in question.

a. CAST Template. As an alternative to using the Standard Process, a service provider, trade association, consumer group, or other third party may apply for a CAST Template. A CAST Template is (i) non-operative, i.e., it does not provide compliance assistance to any party, and (ii) non-binding on the Bureau.

i. Application Information. Such applications should include the information specified in section B, as applicable and with appropriate adjustments given that the applicant itself will not be offering or providing the consumer financial product or service in question. In particular, for service provider applications the applicant should describe how it anticipates its product or service will be used by a provider of consumer financial products or services.

ii. Assessment. In deciding whether to grant an application for a CAST Template, the Bureau intends to balance a variety of factors, as described in section C, with appropriate adjustments given the alternative nature of the application. The Bureau intends to grant or deny an application within 60 days of notifying the applicant that the Bureau has deemed the application to be complete.

iii. Issuance. The Bureau expects that a CAST Template will include many of the elements specified in section D, with appropriate adjustments based, in part, on the non-operative, non-binding nature of a CAST Template. In addition, a CAST Template will include a statement that the Bureau intends to grant applications for a CAST based on the CAST Template, under subsection F.1.b, in appropriate cases.

b. CAST Based on a CAST Template. A covered person that intends to offer or provide a consumer financial product or service using the product or service covered by a CAST Template (whether using a service provider product or service, or otherwise) may apply for compliance assistance based on the CAST Template.

i. Application Information. Such applications should include the information specified in section B, with appropriate adjustments. In particular, the applicant should include: (i) A statement that the application is based on a CAST Template and an identification of the CAST Template on which it is based; and (ii) a statement identifying the aspects of the product or service for which a CAST is being sought describing how the applicant's offering or providing those aspects of its product or service is consistent with the framework described in the CAST Template. The application may cross reference any relevant information contained in the application for the CAST Template or the CAST Template itself.

ii. Assessment. In deciding whether to grant an application for such compliance assistance, the Bureau intends to balance a variety of factors, as described in section C, with appropriate adjustments. In particular, the Bureau intends to include in its assessment the additional factor of the degree to which the applicant's offering or providing the described aspect of its product or service is consistent with the framework described in the CAST Template. The Bureau anticipates being able to process such applications in a timeframe shorter than that specified in section C given that the underlying CAST Template has already been granted.

iii. Issuance. When the Bureau grants an application for such compliance assistance, it intends to provide the recipient with a CAST in accordance with the procedures specified in section D.

2. Applications for Substantially Similar Products or Services

If an applicant offers or provides a consumer financial product or service that it believes is substantially similar to an aspect of a consumer financial product or service that is the subject of an existing CAST, it may apply for compliance assistance based on public information about the existing CAST.

a. Application Information. Such applications should include the information specified in section B, with appropriate adjustments. In particular, the applicant should include (i) a statement that the application is based on an existing grant of compliance assistance and an identification of that grant; and (ii) a statement describing how the consumer financial product or service in question and the manner in which it is offered or provided is substantially similar to the described aspects of the product or service that are the subject of the existing CAST. The application may cross reference any relevant information contained in public disclosures on the existing grant.

b. Assessment. In deciding whether to grant an application for such compliance assistance, the Bureau intends to balance a variety of factors, as described in section C, with appropriate adjustments. In particular, the Bureau intends to include in its assessment the additional factor of the degree to which the consumer financial product or service in question, and the manner in which it is offered or provided, is substantially similar to these aspects of the existing CAST. The Bureau anticipates being able to process such applications in a timeframe shorter than that specified in section C given that the existing CAST has already been granted.

c. Issuance. When the Bureau grants an application for such compliance assistance, it intends to provide the recipient with a CAST in accordance with the procedures specified in section D.

G. Regulatory Coordination

Section 1015 of the Dodd-Frank Act instructs the Bureau to coordinate with Federal agencies and State regulators, as appropriate, to promote consistent regulatory treatment of consumer financial and investment products and services. Similarly, section 1042(c) of the Dodd-Frank Act instructs the Bureau to provide guidance in order to further coordinate actions with the State attorneys general and other regulators. Such coordination includes coordinating in circumstances where other regulators have chosen to offer assistance to entities offering innovative products and services. One method of providing such assistance is through a State sandbox, or group of State sandboxes, or other limited scope State authorization program (State sandbox). The Bureau is interested in entering into agreements with State authorities that operate or plan to operate a State sandbox, which may include a process to receive compliance assistance under this Policy in a coordinated manner with assistance from the State sandbox.

Furthermore, the Bureau is interested in coordinating with other regulators more generally regarding this Policy. To this end, the Bureau intends to enter into agreements whenever practicable to coordinate compliance assistance under the Policy with assistance offered by State, Federal, or international regulators.

H. Bureau Disclosure of Information Relating to Approvals

Public disclosure of information regarding approvals under this Policy is governed by applicable law, including the Dodd-Frank Act, FOIA, and the Disclosure Rule. The Disclosure Rule generally prohibits the Bureau from disclosing confidential information, and defines confidential information to include information that may be exempt from disclosure under the FOIA —including Exemption 4 regarding trade secrets and confidential commercial or financial information that is privileged or confidential. Relatedly, the Disclosure Rule defines business information as commercial or financial information obtained by the Bureau from a submitter that may be protected from disclosure under Exemption 4 of FOIA, and generally provides that such business information shall not be disclosed pursuant to a FOIA request except in accordance with section 1070.20 of the rule.

Consistent with applicable law, the Bureau intends to publish on its website its final disposition of applications for approvals processed pursuant to sections B, C, D, E.1, E.2, F.1.b, and F.2. If the Bureau decides to grant an application, it intends to publish an order regarding the decision on its website as soon as practicable. The Bureau expects that the order will overlap with the CAST provided to the recipient, but will contain other information and will not include information protected from public disclosure under applicable law. The Bureau expects the order to include: (i) The identity of the recipient; (ii) the described aspects of the product or service to which the approval applies; (iii) the approval's specified duration, basis, and legal authority; and (iv) in appropriate cases, a version of the summary of the application. The Bureau also intends to publish denials of applications on its website, including an explanation of why the application was denied in whole or in part. When the Bureau grants an application for a CAST Template under section F.1.a, the Bureau expects to publish on its website the CAST Template and a summary of the application.

Where information submitted to the Bureau is both customarily and actually treated as private by the submitter, the Bureau intends to treat it as confidential in accordance with the Disclosure Rule. The Bureau anticipates that much of the information submitted by applicants in their applications, and by recipients while operating pursuant to a CAST, will qualify as confidential information under the Disclosure Rule. In particular, the Bureau expects that information submitted that is responsive to subsections B.2, B.3, B.4, B.6, D.4, and D.5, and parallel information submitted pursuant to subsections E.1, E.2, F.1.a.i, F.1.b.i and F.2.a, will qualify as business information under the Disclosure Rule. Other information submitted by applicants or recipients may also qualify as confidential information.

Disclosure to other Federal and State agencies of information or data provided to the Bureau under the Policy is governed by applicable law, including the Dodd-Frank Act and the Disclosure Rule.

To the extent the Bureau wishes to publicly disclose non-confidential information regarding approvals, the Bureau intends to include the terms of such disclosure in the CAST. The Bureau intends to draft the CAST in a manner such that confidential information is not disclosed. Consistent with applicable law and its own rules, the Bureau does not intend to publicly disclose any information that would conflict with consumers' privacy interests.

Disclosure of information about No-Action Letters will be in accordance with section G of the NAL Policy.