By Alix Prentice

Partner | Financial Regulation

On 11 February 2026, the UK’s Financial Conduct Authority (FCA) published Policy Statement 26/1: “Regulation of Deferred Payment Credit (unregulated Buy Now Pay Later): Feedback to CP25/23” (PS26/1), giving consumers of Deferred Payment Credit (DPC) new protections when borrowing.

As distinct from the current position, DPC (an interest-free credit product repayable over 12 months or less in 12 or few instalments) will no longer be unregulated. Lenders offering DPC agreements to finance goods or services obtained from merchants will require the prior authorisation of the FCA to do so.  This represents a significant milestone in the UK consumer credit market – PS26/1 points out that 20% of UK consumers (10.9 million adults) used DPC in the 12 months leading up to May 2024.  Note, however, that in a change from the earlier Government position, merchants who broker DPC agreements will be exempt from regulation.

Obtaining FCA authorisation will not simply involve the licensing process.  The FCA is concerned that the uptake of DPC is particularly prevalent within a market segment that is more likely to be in financial difficulty than the general population, and so its approach is to  ‘regularise’ DPC by treating it largely as regulated consumer credit (and applying most of the existing conduct rules and guidance in the Consumer Credit Sourcebook).  This means that the following obligations are going to be key for DPC lenders:

1. Pre-agreement customer information:  consumers must receive key product information that includes their obligations and risks under the agreement, as well as additional information on their rights and information about the involvement of credit reference agencies;

2. Communications with customers in arrears or default:  firms will need to show that they have taken customers’ individual circumstances into account in these communications;

3. Creditworthiness  DPC providers will be required to undertake a creditworthiness assessment for each DPC transaction, including small-sum DPC agreements of £50 or less.

ABS and DPC

While regulated receivables might appear a more challenging asset class for this sector of the ABS market, the large DPC providers have welcomed regulation as ensuring a fairer, safer market for consumers.  Rules on creditworthiness and affordability should enhance the credit quality of the asset pool, potentially hastening the likelihood of the first public DPC-backed ABS issuance.

Next steps and timeline

• The Financial Services and Markets Act 2000 (Regulated Activities etc.) (Amendment) Order sets out that DPC becomes regulated on 15 July 2026.
• DPC firms wishing to continue lending after this date must notify the FCA to register under the Temporary Permissions Regime (TPR).
• The TPR notification window opens on 15 May 2026.
• Firms in the TPR can then apply for full authorisation within a six-month window following 15 July 2026.
• Any firm without the necessary consumer credit permissions and which does not register for the TPR will not be permitted to enter new DPC agreements after 15 July 2026, but may continue to service agreements taken out before that date.

By Mercedes Kelley Tunstall

Partner | Financial Regulation

By Christina Mille

Associate | Financial Services

Introduction

On January 28, 2026, the SEC’s Divisions of Corporation Finance, Investment Management, and Trading and Markets issued a joint statement addressing “tokenized securities.” The staff defines a tokenized security as a financial instrument that already fits within the statutory definition of a “security,”[1] but is “formatted as or represented by a crypto asset,” with ownership recorded in whole or in part on a crypto network. In other words, putting a security “onchain” does not in and of itself change the security into something else.[2]

Tokenized securities generally fall into two categories:

The statement divides tokenized securities into two broad categories: (1) issuer-sponsored, and (2) securities tokenized by unaffiliated third parties.

1. For issuer-sponsored tokenization, the message is straightforward: if an issuer integrates distributed ledger technology into its master securityholder file so that transfers on a blockchain update the official ownership record, the tokenized security will still have the same properties and treatment as a non-tokenized security. To this end, the staff states plainly that “[t]he format in which a security is issued or the methods by which holders are recorded (e.g., onchain vs. offchain) does not affect application of the federal securities laws.” Registration requirements, reporting obligations, and the definition of “equity security” apply regardless of whether the cap table sits in a traditional database or on a blockchain.

The staff also notes that issuers can have multiple formats of the same class of securities, or even create a separate class in tokenized form. But if the tokenized instrument is of “substantially similar character” and carries “substantially similar rights and privileges,” it may be treated as the same class for certain securities law purposes.

The statement also addresses structures where the blockchain does not itself constitute the official master securityholder file. In those models, the issuer maintains the authoritative ownership record offchain, and the token functions as a mechanism to facilitate transfers that are then reflected in the issuer’s books. Even in that case, the tokenized instrument involves a securities transaction and must comply with the federal securities laws.

2. The more complex analysis arises with third-party tokenization of securities that have already been issued. Here, an unaffiliated entity creates a crypto asset tied in some way to an underlying security issued by someone else. The staff observes that these models vary, and that the rights associated with the crypto asset “may or may not be materially different from those of the underlying security.” Importantly, holders of the resulting token may face risks related to the third party (such as insolvency) that would not exist for holders of the underlying security.

The statement describes two primary third-party models.

1. Custodial tokenized securities. In this model, the third party holds the underlying security in custody and issues a token representing a “security entitlement.” The token reflects the holder’s indirect interest in the underlying security. As with issuer-sponsored models, using a crypto asset format does not alter the application of the securities laws. Whether the entitlement records are maintained onchain or offchain, the instrument remains a security subject to the existing regulatory framework.
2. Synthetic tokenized securities. These do not represent an ownership interest in the underlying security. Instead, the third party issues its own security that provides economic exposure to a referenced security.
   1. One version is a “linked security,” such as a structured note or exchangeable instrument, where the return is tied to the value or performance of another security. The linked security “is not an obligation of the issuer of the referenced security and confers no rights or benefits” from the original issuer. This suggests that the third-party must itself comply with securities laws, registrations and requirements.
   2. Another version is a security-based swap formatted as a crypto asset. The staff emphasized that if a crypto-formatted instrument meets the definition of a “swap”[3] and satisfies one of the prongs of the “security-based swap” definition[4], then it is regulated as such.[5] The statement highlights that security-based swaps generally may not be offered or sold to persons who are not eligible contract participants unless a Securities Act registration statement is in effect and transactions occur on a national securities exchange.

The staff underscores that whether an instrument is a security-based swap or a linked security can depend on exclusions from the definition of “swap,” and that “the economic reality of the instrument rather than the name given to the instrument” determines its treatment.

[1] The Guidance explicitly noted that “security” is defined in Section 2(a)(1) of the Securities Act of 1933, Section 3(a)(10) of the Securities Exchange Act of 1934, and Section 2(a)(36) of the Investment Company Act of 1940.

[2] We note that due to changes regarding securities in the 2022 Amendments of the Uniform Commercial Code (UCC), the management of an onchain security for UCC purposes may vary from the way an offchain security would be handled.

[3] See Commodities Exchange Act Section 1a(47). The Guidance noted that the definition consists of six prongs and specified exclusions. If a crypto asset satisfies one or more of the prongs of the definition of “swap” and does not fall within one of the statutorily specified exclusions, the crypto asset is a swap.

[4] See Securities Exchange Act Section 3(a)(68).

[5] The statement reinforces the jurisdictional boundary with the Commodity Futures Trading Commission, as instruments that qualify as “swaps” but not “security-based swaps” may fall under the Commodity Exchange Act. On December 8, 2025, the CFTC’s Market Participants Division, Division of Market Oversight, and Division of Clearing and Risk issued guidance on tokenized collateral in Staff Letter 25-39; and the CFTC’s Market Participants Division issued guidance in Staff Letter 25-40 regarding digital assets accepted as margin collateral. The CFTC’s December 2025 guidance on tokenization takes a notably practical, market-operations approach, in contrast to the SEC’s taxonomy-heavy analysis. Rather than focusing on how to categorize tokenized instruments, the CFTC addressed how tokenized assets can function within the existing derivatives regulatory framework—particularly as margin collateral. See also Cadwalader Resources: Client and Friends, CFTC Opens the Door to Digital Asset Collateral: Regulatory Guidance, No-Action Relief, and Practical Implications (Dec. 23, 2025); available at: https://www.cadwalader.com/resources/clients-friends-memos/cftc-opens-the-door-to-digital-asset-collateral--regulatory-guidance-no-action-relief-and-practical-implications.

By Mercedes Kelley Tunstall

Partner | Financial Regulation

By Christina Mille

Associate | Financial Services

In the recently grand tradition of Maryland making waves in the consumer financial services space, the Mayor and City Council of Baltimore filed suit against Dave, Inc., a fintech that uses a “proprietary AI underwriting model that analyzes cash flow, not credit scores” to offer a product called  “ExtraCash” to consumers when it looks like their budget might be tight.  Baltimore claims that the ExtraCash product is an illegal, unlicensed payday loan scheme disguised as an “overdraft service.” 

The complaint,[1] brought under Baltimore’s Consumer Protection Ordinance and grounded in the Maryland Consumer Loan Law (“MCLL”),[2] alleges that Dave’s characterization of ExtraCash as an “overdraft service” was purposefully designed to evade Maryland’s 33% interest cap and licensing requirements applicable to consumer loans of $25,000 or less. 

This action follows parallel federal scrutiny, with the U.S. Department of Justice (DOJ), on referral from an initial investigation and case brought by the Federal Trade Commission (FTC), alleging deceptive marketing practices by Dave and its CEO in December 2024.

The Allegations

ExtraCash Is a Loan, Not an “Overdraft”

Baltimore argued that ExtraCash advances possess every hallmark of a consumer loan:

• Underwriting using proprietary “CashAI” models;
• Verification of recurring income via linked accounts;
• Preauthorized ACH debits for repayment;
• Near-total collection rates; and
• Fees tied to principal and repayment timing.

Although Dave currently characterizes the product as an “overdraft service,” the City alleged that no third-party transaction is being covered, no traditional checking account is being overdrawn, and the so-called “ExtraCash account” functions solely as an internal ledger reflecting a negative balance created by Dave itself when it advances funds. 

Fee Structure

The complaint also described a shifting fee model that, in Baltimore’s view, reveals the underlying economics of a high-cost short-term loan.

Historically, ExtraCash included express transfer fees for “instant” funding, monthly membership fees, and default “tips” (with design features allegedly nudging consumers toward 15% gratuities). In 2025, following regulatory scrutiny, Dave eliminated tips and introduced a mandatory “overdraft fee” equal to 5% of principal (minimum $5, maximum $15), while increasing its monthly subscription fee from $1 to $3.[1] Baltimore provided illustrative examples:

1. A $40 advance repaid in three days with a $5 overdraft fee, $0.60 express fee and $3 membership fee allegedly yields an APR exceeding 2,500%.
2. A $25 advance with a $5 fee and 10-day repayment allegedly equates to 730% APR, even before other charges are included.

The City alleged that express fees are effectively mandatory because the “instant” version of the product (which was prominently advertised) requires payment of the fee, while no-interest funding is delayed by multiple days. 

The complaint also characterized prior tip screens as employing “dark patterns,” including default tip selections and charitable meal claims that allegedly overstated the relationship between tip percentages and food donations. 

The $500 “Bait-and-Switch”

According to the complaint, advertising repeatedly features consumers receiving $500 instantly. However, Baltimore alleged that:

• Dave offers no advance at all more than 75% of the time; and
• Only 0.009% of new users allegedly receive $500 advances, with less than 1% receiving $250 or more. 

The City characterized this as a classic “bait and switch,” arguing that disclosures stating that “few receive $500” are buried and unreadable in social media contexts. 

The MCLL Licensing Regime

The complaint asserted that because ExtraCash advances are loans under Maryland law, or alternatively a “device or pretense” to collect interest, they are subject to the MCLL’s licensing regime and 33% interest cap. Baltimore alleges that Dave operates without a Maryland consumer lender license and that loans exceeding the statutory cap are void and unenforceable. 

Past FTC and DOJ Scrutiny

On December 30, 2024, the DOJ, together with the FTC, announced that it had filed an amended complaint against Dave and its co-founder and CEO, Jason Wilk, alleging violations of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA). The complaint amended and replaced an earlier FTC action by adding Jason Wilk as a defendant and seeking civil penalties.

The DOJ and FTC alleged many of the same complaints as Baltimore, including the advances of “up to $500” with no hidden fees, the undisclosed “express fees” for instant funding, and misrepresentations regarding tips. The government also alleged that Dave enrolled customers in recurring monthly membership fees without clearly and conspicuously disclosing material terms and without providing a simple mechanism to cancel, in violation of ROSCA. The DOJ sought consumer redress, civil penalties, and a permanent injunction.

On December 31, 2024, Dave Inc. issued a response statement, saying the suit was “without any basis” and “a continued example of government overreach.” The company emphasized that it takes compliance and consumer transparency seriously and intended to defend itself.

Dave also provided an update on its ExtraCash product fee structure. To address concerns raised in the complaint about optional tips and express fees, the company eliminated both, making the fees mandatory and simplified. All new members joining on or after December 4, 2024, were placed on the new structure, and the transition for existing members was underway. Dave reported positive early results and expected full implementation by early 2025.

[1] See Complaint, Mayor & City Council of Balt. v. Dave, Inc., No. C-24-CV-25-010691 (Md. Cir. Ct. Baltimore City Dec. 30, 2025).

[2] See Md. Code Ann., Com. Law § 12-301 et seq.

[3] See Past FTC and DOJ Scrutiny section.

By Mercedes Kelley Tunstall

Partner | Financial Regulation

By Christina Mille

Associate | Financial Services

In a February 3, 2026 speech to the Investment Company Institute’s Winter Board Meeting, Brian Daly, Director of the SEC’s Division of Investment Management, requested industry comment on how the use of artificial intelligence solutions should be addressed by the federal securities laws and processes.

Daly started off by pointing to how little progress has been made in modernizing existing technology rules. Quoting from a 2005 speech by former SEC General Counsel Giovanni Prezioso, he highlighted questions that still resonate today (e.g., whether posting to the web satisfies delivery obligations, whether emails count as regulatory “correspondence,” and whether electronic storage satisfies recordkeeping rules). Two decades later, Daly acknowledged that “we are literally looking at a lost generation of limited progress,” noting that the SEC has yet to adopt a comprehensive e-delivery rule and confusion remains over the Books and Records Rule.[1]

Against that gloomy backdrop, Daly turned to AI. He asserted that engaging in “intelligent use [of AI solutions] can, should, and will catalyze a transformation of the technology of investment management.” While many firms are experimenting with AI, he reported that comprehensive adoption remains “uneven and often tentative,” with enforcement or litigation risk the most frequently cited barrier.[2]

Daly did not preview any new rules. Instead, he explicitly invited outreach from firms that believe existing laws may be constraining responsible innovation through the use of AI solutions. He said advisers should assume that inbound messages beginning with “I have a novel approach that is good for investors…” will “grab [the SEC’s] attention.”

Daly floated the idea of reimagining how disclosures, which tend to be traditional and formulaic, are presented and worded by using the power of AI large language models. He then described the possibility of a fund-provided AI agent trained on the full suite of offering documents, capable of answering investor questions in plain English regarding fees, investment strategies, redemptions, conflicts, or benchmarks. Daly acknowledged such tools would inevitably raise questions about liability and regulatory compliance, but framed those questions as “solvable.”[3]

For advisers and fund sponsors, the takeaway is less about imminent rule changes and more about posture: the Division of Investment Management is finally signaling openness to conversation about necessary regulatory changes to accommodate technological innovation. Those prepared to approach the SEC with concrete, investor-focused proposals now have an opportunity to potentially shape how the use of AI and AI agents are regulated in the investment management space.

[1] See 17 C.F.R. § 275.204-2.

[2] Daly said feedback comes from numerous industry surveys, from direct outreach, and from the Examinations Division.

[3] Daly said regulatory questions may include: “Would the model be considered marketing? Would it require registration as an investment adviser? How would we supervise it?”

Christopher B. Horn, Jed Miller, Daniel Meade, Ivan Loncar, Kathryn Borgeson, Chris van Heerden and Christina Mille have authored a new Cadwalader memorandum examining the treatment of significant risk transfers (SRTs) in the resolution of failed banks.

The piece analyzes how SRTs are treated under the Federal Deposit Insurance Act when an insured depository institution enters FDIC receivership. The memorandum highlights an often underappreciated feature of SRTs: the resolution-stage optionality they create for the FDIC. By virtue of its statutory powers to enforce, repudiate or transfer contracts, the FDIC effectively holds a financial option that allows it to preserve economically valuable credit protection while limiting exposure to unfavorable arrangements. The authors explain how this optionality can preserve third-party loss-absorbing capacity outside the receivership estate, improve recoveries and facilitate the orderly resolution of failed banks.
 
Read the full memorandum here.