Banking Regulators’ Growing Concerns over Bank-Fintech Partnerships
By: Jeremy M. McLaughlin, Grant F. Butler, Andrew C. Glass, Gregory N. Blase, and Joshua L. Durham
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) have jointly issued a request for information (RFI) seeking input on the nature, risks, and implications of bank-fintech partnerships. Accompanying the RFI, the agencies issued a joint statement on banks’ arrangements with third parties to deliver bank deposit products and services (Joint Statement). We will be hosting a webinar on this topic on 10 September (register here), and comments to the RFI are due 30 September.
The RFI seeks input on specific practices but is generally based on: (1) the nature of bank-fintech arrangements, (2) effective risk management practices regarding bank-fintech arrangements, and (3) the implications of such arrangements, “including whether enhancements to existing supervisory guidance may be helpful in addressing risks associated with these arrangements.” These topics could very well be the focus of future rulemaking or supervisory guidance, so industry participants—both banks and fintechs—should be proactive with their responses.
The Joint Statement largely collects and restates risk concerns found in other agency guidance, though it is clear that the banking agencies’ concerns regarding fintech partnerships related to deposit products have been considerably heightened due to the consumer issues that have arisen as a result of Synapse’s bankruptcy.
The RFI focuses on five key “select concerns”: (1) accountability for the end-user relationship; (2) end-user confusion under marketing and disclosure requirements; (3) rapid growth in bank activity increasing operational complexity; (4) concentration of reliance on the arrangement and resulting liquidity management risks in the event of the fintech’s or bank’s failure; and (5) the use and ownership of data and customer information.
Regarding accountability, the banking agencies reiterated their position that “banks remain responsible for compliance with applicable law” especially when the end user may qualify as a customer of the bank. The banking agencies expressed their concern that end-user confusion may arise because fintech consumers may not know “in what capacity they are dealing with the bank or the fintech company.”
The RFI discusses that rapid growth in a bank’s activity by means of fintech services may introduce various risks and result in changes to the bank’s risk profile. Rapid growth was also flagged as a source of operational complexity and risk, which require a bank to scale and enhance its compliance, risk management, and information technology systems.
Lastly, the RFI notes the growing risks around the use and ownership of user data. For example, fintechs may use new alternative data in making more accurate credit decisions, which the RFI notes may introduce risks around fair lending and bias. All such risks are heightened where aspects of the end-user relationship and other compliance-related activities are contractually dispersed among multiple fintechs and banks.