Subscribe to our blog
Get ahead with our award-winning insights on the latest developments in the fraud and compliance landscape. Enter your email below to receive our blog posts directly to your inbox.

Post Written by

Peer-to-Peer (P2P) lending in the U.S. is in “regulatory purgatory”, according to Morrison & Foerster. There is no federal regulation specifically targeting P2P lending- instead the industry is regulated by legislation from 1933 that categorizes P2P notes as securities on the grounds they signify an “investment contract” with lenders.

It can be difficult to navigate through and identify all applicable legislation. To help clarify, we’ve created an introduction to the U.S. regulation P2P lending companies should be aware of.

1.) Bank Secrecy Act of 1970:

The Bank Secrecy Act requires financial institutions, including P2P lending companies and their banking partners, to adopt policies and procedures to:

  1. Verify the true identities of users (both borrowers and lenders)

  2. Reject any users on the Office of Foreign Assets Control (OFAC) lists

  3. Implement an anti-money laundering (AML) program in compliance with the 4 Pillars of AML (Section 352):

      • Develop internal policies, procedures, and controls

      • Designation of a compliance officer

      • Ongoing employee training program

      • Independent audit function to test programs

2.) Securities Act of 1933:

All securities, including P2P notes, must be registered with the Securities and Exchange Commission (SEC), which is a time-consuming and costly process. Securities can be filed and registered individually, or combined into generic categories and filed as a “shelf” registration in larger numbers. With “shelf” registrations, the issuer files the amount of securities sold and applicable terms with the SEC in a prospectus supplement after an agreement has been met with the investor.  Due to the high volume of securities being issued by P2P Lending Companies, “shelf” registration is a necessity.

P2P companies may apply for an exemption from SEC registration if:

  1. The securities offered are “Private Placement” notes

  2. They are offered intrastate

    • The lender and borrower reside within the same state

    • The lender conducts the majority of their business within that state

  3. The aggregate amount of securities issued by the P2P lending company does not exceed $5 million in any 12-month period

  4. The aggregate amount of securities issued by the P2P lender in any 12-month period falls within:

    • Tier 1 (up to $20 million): subject to state-by-state Blue Sky Laws

    • Tier 2 ($20 million to $50 million): federal preemption from Blue Sky Laws, subject to ongoing reporting and audited financial statements

3.) Blue Sky Laws:

According to State securities laws- referred to as “Blue Sky Laws”, Issuers must register securities in every state the securities are offered for sale to the public. Accordingly, any P2P lending company intending to operate in multiple states must register its securities in multiple states and pay the accompanying filing fees.
Unfortunately, due to the new territory of Platform Notes, and the inability of P2P businesses’ to adequately verify borrower information, some states have refrained from permitting the sale of Platform Notes to retail investors. Others have permitted the sale of Platform Notes, but only in limited offerings.

4.) Dodd-Frank Act:

Requires that for any ABS (“Asset-Backed Security”) sold, the “securitizer” (issuer of an ABS) must retain no less than 5% of the credit risk, and are prohibited from hedging or transferring this risk. However, whether P2P Lending companies qualify as such is still to be determined- final regulations will become effective for P2P Notes in December 2016.

5.) National Securities Markets Improvements Act of 1996 (NSMIA):

Most P2P Lending Companies, under Blue Sky Law regulation, must register their securities in every state in which securities are offered for sale to the public. It is unclear whether P2P Lending Companies with common stock (IPOs) may label P2P notes as “senior securities” to apply for preemption from Blue Sky Laws. In the present climate, and considering civil/criminal liabilities from a failed claim of preemption, it is prudent for P2P Lending Companies, including IPOs like Lending Club, to continue registering securities under state securities laws.

In addition to financial and securities regulation, P2P lending companies are also subject to federal regulation aimed at protecting consumer borrowers:

6.) Truth in Lending Act (TILA):

TILA protects consumers against inaccurate and unfair credit billing and card practices. The act mandates all lenders, including P2P lenders, maintain uniform methods for computing the cost of credit, disclosing credit terms, and resolving errors on certain types of credit accounts.

You can find more information on the Truth in Lending Act here.

7.) Equal Credit Opportunity Act:

The Equal Credit Opportunity Act prevents creditors from discriminating against applicants on the basis of race, color, religion, national origin, sex, marital status, and age. Although this information can be asked for, it cannot be used to inform the credit decision.

You can find more information about the Equal Credit Opportunity Act here.

8.) Fair Credit Reporting Act:

The Fair Credit Reporting Act sets restrictions on obtaining consumer credit reports and sharing customer information. The act also requires implementation of an identity theft prevention program.

You can find more information about the Fair Credit Reporting Act here.

9.) Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act was enacted in 1999, and restricts the disclosure of nonpublic personal consumer information to non-affiliated third parties. The act mandates that financial institutions tell their customers about their information-sharing practices and provide an option to “opt-out” if they don’t want their information shared with third parties.

You can find more information about the Gramm-Leach-Bliley Act here.

10.) Electronic Fund Transfer Act:

The Electronic Fund Transfer Act establishes the rights, liabilities, and responsibilities of parties in electronic funds transfers, and allows electronic documents and signatures to have the same validity as paper documents and signatures. Electronic transfers are subject to timing and notification rules administered by the National Automated Clearinghouse Association (NACHA).

You can find more information about the Electronic Fund Transfer Act here.

11.) Fair Debt Collection Practices Act:

The Fair Debt Collection Practices Act provides guidelines and limitations on the conduct of third-party debt collectors’ regarding the collection of consumer debts. The act prevents debt collectors from using abusive, unfair, or deceptive practices to collect from consumers.

You can find more information about the Fair Debt Collection Practices Act here.


P2P Lending Companies are currently regulated by antiquated and overarching legislation for financial institutions and securities. As the market continues to grow, legislation will adapt to accomodate advances in technology and better mitigate the risks of P2P Lending and other online financial services.

IdentityMind provides risk management and customer verification (KYC) capabilities for P2P and Online Lenders. Expand your business while maintaining compliance with federal and state regulations.