Home > Insights > Blogs > Bank Check > Fintech: Internet banking across state borders triggers compliance challenges for state banks

Fintech: Internet banking across state borders triggers compliance challenges for state banks

January 20, 2017

Banks of all sizes have been using Internet delivery systems since the 1990s to interact with customers in the marketing and delivery of banking products and services.

However, with the current explosion in financial technology – or “fintech” – regional and community banks are now often presented with opportunities to use fintech online delivery systems to market their banking products and services to customers outside the banks’ geographic branch footprints.

For example, a community bank may use such Internet systems to target employees or patrons of an organization based in the bank’s home area, even though those employees or patrons may reside in other states. 

This ability to reach customers outside a bank’s physical branch network area raises the question: What compliance hurdles does a bank face when it markets products and services to customers in states in which the bank has no branches?

Types of interstate compliance issues

Every state has a variety of compliance laws that may require banking products, like loans or deposits, to be offered in certain ways, for example, by:

  • requiring certain customer disclosures,
  • prohibiting certain loan or deposit agreement terms or fees,
  • requiring mandatory terms in certain types of agreements, and
  • requiring advertisements to be made in certain ways.

These laws can also require registration or licensing, depending on the state, type of customer and the type of banking product or service being offered.

A bank is typically aware of applicable laws like these in its home state, but may be unfamiliar with these types of restrictive laws in other states where the bank’s Internet customers may reside. However, when a bank offers its products and services via the Internet to a customer residing in another state, the laws of that other state may require compliance by the out-of-state bank.

As noted below, national banks can rely on federal preemption to avoid certain out-of-state laws, but state banks do not benefit from the broad-based preemption available for national banks.

State vs. Federal Charter: Preemption and exemptions

The applicability of the law of a bank customer’s home state varies depending on the charter type of the bank. Federally chartered banking institutions (national banks and federal savings associations) benefit from broader federal preemption over those state laws than state-chartered banks, particularly in the area of Internet operations in which no bank branch is involved in delivering the product to the customer.

The applicability of the home state law of a customer will also depend on whether that law includes a built-in exemption for out-of-state banks. Some of those customer state laws have such an exemption, but many do not.

Limited preemption available for state-chartered banks

Federal banking law does preempt certain customer state laws from applying to a state-chartered bank from another state. This preemption authority mirrors similar preemption authority available to national banks.

Interest rate preemption. When making loans via the Internet, state-chartered banks, national banks and federal savings associations can all “import” interest rates from one state to apply to a loan made to a customer in another state, provided they follow certain operational rules regarding how the loan is made. The operational rules include designation of where certain key functions related to the making of the loan are actually conducted. The preemption only applies to “interest” and not to other types of fees and charges.

Branch-based activity preemption. A state-chartered bank may have a branch in the home state of a customer. In this case, there is additional legal authority to preempt the laws of that customer’s home state, if the bank conducts the activities from the branch in the customer’s home state to provide that customer with the specific banking product.

Under this branch-based activity preemption authority, if the customer’s home state law is preempted, the state-chartered bank must comply with the law of the bank’s home state.

However, in the context of Internet banking by a state-chartered bank, this type of preemption may not be applicable to preempt the law of a customer’s home state, because the bank may conduct the Internet activities from the bank’s charter state, rather than from the branch in the customer’s home state.

Non-branch-based activity preemption – federally chartered banks only

Unlike state-chartered banks, national banks and federal savings associations also benefit from preemption authority that applies to out-of-state banking activity that is not conducted from a branch, such as interstate Internet delivery of products and services to customers.

According to federal regulations, this type of authority can preempt, for example, legal requirements of a customer’s home state on topics such as:

  • disclosures;
  • fees;
  • limitations on the terms of credit, disbursements, access and use of credit reports;
  • escrow accounts;
  • advertising;
  • loan-to-value ratios;
  • PMI requirements; and
  • licensing.

This federal preemption authority also covers the laws of the home state of a national bank or federal savings association.

Preemption and fintech service providers

Banks are commonly approached by nonbank fintech companies who are offering an Internet-based “platform” through which banks can reach customers to offer certain banking products – often products developed or marketed by the fintech company.

Depending on business model and jurisdiction, such fintech companies may be licensed under state law as loan companies, loan servicers, loan brokers, money transmitters or prepaid card companies, or they may be unlicensed. Some fintech companies may be registered as money services businesses with the federal Financial Crimes Enforcement Network.

However, there is no financial services law authority for federal preemption of applicable state laws that apply to nonbank fintech companies.

In 2010, the Dodd Frank Act eliminated the federal bank regulatory doctrine authorizing nonbank service providers, including fintech companies, to claim federal preemption for acting as agents of national banks or federal savings associations.

The Office of the Comptroller of the Currency is currently considering the possibility of authorizing fintech companies to become chartered as national banks, including as non-depository national banks. If the OCC were to authorize such a charter, the agency has stated that the preemption authority available to other national banks would be available to a fintech chartered national bank. This preemption is one of the most significant benefits that such a federal charter would offer.

However, until such a national bank fintech charter comes to fruition, fintech companies that are not banks will not be able to claim federal preemption authority over applicable state laws.

Certain state regulatory agencies have indicated they may contest the ability of the OCC to issue a fintech national bank charter to a nondepository bank and that they may contest the applicability of federal preemption authority over state laws for such a fintech bank.

It is important to note that, as the agent of a state-chartered bank, or even as the agent of a national bank, a fintech company would not benefit from the preemption applicable to the bank acting as principal. So, for example, a state lending law might be preempted in connection with a loan made by a national bank or inapplicable to a loan made by an out-of-state, state-chartered bank, but a fintech company acting as agent for that national or state bank could be subject to the requirements of that state law, for example, a requirement to register as a loan servicer or loan broker.


State-chartered banks offering financial products via the Internet to out-of-state customers, either directly or through a nonbank fintech arrangement, should be careful to consider the potential compliance pitfalls of the applicable laws of the customer’s home state. A failure to manage the risk associated with these issues could have serious consequences for the bank and the fintech company service provider.