The 5 C’s of lending? “Throw that book out” says Darrell Esch, VP of SMB Lending for Paypal. At the Federal Reserve Bank’s New York Small Business Summit last week, critics hammered away at the high rates being charged by some alternative business lenders.
In the first video below, PayPal’s small business loan program (which is a textbook merchant cash advance) is characterized as too expensive and not transparent.
APRs? Business owners don’t think that way, says Esch:
The transparency debate is a hot topic in alternative business lending. Merchant cash advance industry hater Ami Kassar pressed me on the transparency issue just last week over twitter, to which I conceded transactions structured as loans should clearly state an APR, even if that metric is not the most relevant or helpful.
What confuses me is Kassar’s belief that an APR represents the “real cost.” It is nothing more than an annualized metric. Many people understand APRs, but many do not. My point is that an APR is a mathematical formula that may or may not be relevant and may or may not be understood.
In fact, Bankrate.com’s loan calculator helps borrowers ascertain the true cost of their loans by helping them calculate what they really need to know, the total dollar amount to be repaid. And with that reality, alternative business lenders and their merchant cash advance counterparts are speaking the language of their clientele by making the dollar for dollar cost as transparent as possible.
After all, business owners regularly borrow at rates that exceed 3,500% APR via overdrafts.
Kassar claims that more than 50% of borrowers substitute MCAs for something else once they’ve learned the “real cost” of such financing. This implies that all of his clients have better options, a circumstance which generally isn’t true of small businesses that use merchant cash advances or high cost business loans. Deficiencies in Credit Score, Capital, or Collateral tend to disqualify them in the real world.
This debate leads us down the same road every time. Should businesses rejected by low rate lenders be banned from accessing credit because the options available to them now are too expensive? “No,” a critic would say. “They should just be charged a lower rate.” But considering the risk, could a lender survive drastic price cuts? With all the competition in today’s market, alternative business lenders have been slashing rates to as low as they can possibly get them… for now.
But to critics like Kassar, things like profitability are an afterthought. What’s profitability got to do with the price of a loan?
— ami kassar (@akassar) May 15, 2014
I wonder if his clients who have exhausted all their options choose a low rate SBA loan that they can’t get once he has educated them about the high cost of a merchant cash advance. Oh wait…
Esch suggested throwing out the 5 Cs. I don’t think that’s a good idea. It’s leeway that’s needed, not discarding the book altogether. That leeway comes at a cost.
Questioning the costs that alternative business lenders charge is a beautiful example of the free market at work. They’re an easy target for criticism, yet a badly needed component of the American economy. No harm can come from keeping them honest. But as Esch commented on how he feels about what he does, “I feel blessed to be serving this higher need.”
In the latest issue of DailyFunder, Cheryl Conner explored data security in the alternative business lending industry. Its basis was rooted in the ETA’s 2008 Merchant Cash Advance White Paper that stated Merchant Cash Advance companies must be PCI compliant.
That white paper was drafted in a different era, particularly when 99% of all transactions required a payment processing split rather than ACH debits. It’s true also that it specified companies “that handle sensitive payment related information”, namely cardholder data as part of its regular business operation.
Credit card processors that engage directly in issuing merchant cash advances are naturally already subject to PCI compliance, but for the funding companies that aren’t in the processing business, they’re basically off the hook. Indeed a spokesperson for the PCI Security Standards Organization informed Conner that “PCI standards apply to payment card data branded by one of the five founding brands, which means any entity that accepts, processes, transmits or stores account data from a PCI branded payment card should be applying PCI DSS for the protection of that data.” She went on to say that PCI DSS doesn’t apply to bank account data.
So while PCI compliance does not have a place in alternative business lending, it raised the question as to whether or not there were other privacy regulations that do, particularly the Gramm-Leach-Bliley Act (“GLBA”) of 1999. According to the FTC, the GLBA “requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.” The law is broad enough to cover any financial institution that is engaging in activities that are financial in nature.
The GLBA imposes a host of requirements on these financial institutions, including the need to establish an information security program to protect customer information.
But as is the recurring theme in alternative business lending, such rules do not govern institutions that engage in business-to-business transactions. On the FTC’s website, it states:
Under the Rule, a “consumer” is someone who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes, or that person’s legal representative. The term “consumer” does not apply to commercial clients, like sole proprietorships. Therefore, where your client is not an individual, or is an individual seeking your product or service for a business purpose, the Privacy Rule does not apply to you.
Similarly, I’ve been told that the Consumer Financial Protection Bureau does not have jurisdiction over business-to-business transactions, even if one party is a sole proprietor. In a business-to-consumer transaction, there’s an assumption that the consumer may not be as sophisticated as the business and thus deserving of protections. In the course of two businesses engaging in business, it would be extremely difficult to draft rules that only protected one side as both are free market equals.
While there may not necessarily be any laws that regulate security or privacy in commercial transactions, there are plenty of benefits to following GBLA-like guidelines. For one, it could be used to build goodwill with clients. Additionally, security and privacy are sure to be examined during the course of a due diligence audit by potential investors. In this day and age, a breach of privacy or security could permanently disrupt a business’s ability to maintain the good faith of the public.
Do you feel that alternative business lenders are doing a good job?
Note: I am not a lawyer and this post should not be considered legal advice.