Sylvia Yarbough
Regulatory expert and former Head of Compliance
The relationship between financial technology providers and banks is increasingly in the crosshairs of regulatory agencies.
In November 2023, the Consumer Financial Protection Bureau (CFPB) introduced a proposal to supervise large non-bank fintechs that provide digital wallets and payment apps (which handle more than 5m transactions annually).
The CFPB is a powerful US consumer watchdog, and it is attempting to ensure large fintechs are subject to the same oversight as banks, credit unions, and other financial institutions.
As digital consumer payment applications become increasingly popular amongst lower and middle-income consumers, concern has mounted that regulation is not stringent enough.
This proposal would give the CFPB authority to conduct examinations into fintechs, and level the playing field between fintechs and traditional banks. The focus will be on the following services:
- Compliance with unfair, deceptive, and abusive acts and practices (UDAAP)
- Electronic Funds Transfer (Reg E)
- Privacy regulations (GLBA/Reg P)
In the same month, Blue Ridge Bank, based in Martinsville Virginia, announced it was downsizing its Banking as a Service (BaaS) with various fintech partners after receiving a consent order from the Office of the Comptroller of the Currency (OCC).
This action came after Blue Ridge failed to meet previous OCC enforcement action concerning failures in third-party risk management, appropriate compliance oversight, and Bank Secrecy Act (BSA) compliance regarding its fintech partners.
Unfortunately, Blue Ridge didn’t move fast enough to satisfy the OCC and is now under a cease-and-desist order.
Earlier in 2023, the Federal Deposit Insurance Corporation (FDIC), a federal financial regulator, issued a consent order against Cross River Bank, of Teaneck, New Jersey, concerning fair lending compliance issues involving loans from numerous fintech partnerships.
As I did my research on this topic, I asked myself – is this changing landscape helping or hindering traditional banking, and what does it all mean for compliance and risk management professionals?
Help or hindrance to traditional banking
In discussions with some of my associates, many said they were pleased with the CFPB’s steps and believed it was about time regulators adopted a direct approach to regulating fintechs.
As seen with Blue Ridge and Cross River, the pressure focused on the bank’s efforts to ensure fintechs followed regulatory requirements regardless of how strong the relationship was. This approach has long put undue pressure on the bank’s compliance partners and created a level of complexity that makes the profitability of these models questionable – Blue Ridge has found that out the hard way.
Many banks partner with fintechs to keep up with consumer demands for innovative financial solutions due to the level of corporate bureaucracy internally that can slow down innovation. Some of the partnerships are not as obvious to the consumer, especially if they don’t read the fine print on the disclosure or the back of the debit card.
Most well-established payment services and digital wallets are supported by underlying traditional banking, and banks are typically the true underwriter and funder of small-dollar loans offered by fintech lenders, for example.
Many banks see these partnerships as another way to generate revenue and develop a larger marketing base to potentially convert to traditional banking customers.
Unfortunately, when developing the business case, many often discount the volume of fraud, Electronic Fund Transfer (ETF) disputes, and anti-money laundering (AML) requirements that must be met, as well as the fact that compliance with fair lending is more complex when moving away from the traditional underwriting criteria.
The reality is that fintechs need traditional banking services to make their models work. However, because they are not regulated before or during operations, the banks that do business with them must ensure compliance requirements are met, and the banks are currently being held accountable if they are not.
Many of my peers believe that regulators should put more direct accountability on fintechs to establish strong compliance programs within their organizations as entry and ongoing partnerships with banks.
Having knowledgeable experience, compliance, and risk management peers on the fintech side, would make it much easier to run a profitable business as well as sound compliance and risk management programs.
All my associates believe that fintechs’ integration into traditional banking is here to stay, and so it is incumbent on everyone to improve their business models and ultimately service consumers in the way they want to bank. And of course, everyone hopes the regulatory scrutiny will be a help, not a hindrance, to the evolving industry.
What does the extra scrutiny mean for compliance and risk professionals?
Compliance teams on both sides will be kept busy. The consensus is banks should spend more time understanding compliance and risk implications before entering partnerships with fintechs.
This will help ensure appropriate staffing and processes are in place for third-party oversight, as well as core compliance and BSA/AML program requirements. Light touch due diligence doesn’t work because a contract does not relieve the banks from their responsibilities.
Credit and liquidity risk also need to be emphasized. Banks that do not have a good balance between traditional sources of deposits and non-interest income revenue streams may find themselves sideways if they rely too heavily on fintech activity. These platforms rely on low to middle-income younger consumers, and the popularity of platforms can quickly come and go along with related deposits and revenues.
In addition, a lot of fintech lending is focused on small-dollar loans to individuals who are not yet financially stable or live on the edge of stability. These are unsecured loans that can quickly become write-offs. Therefore, balance sheet risks must be carefully managed and modeled before wading into the fintech market.
There are a lot of small banks like Blue Ridge and Cross River that have built their growth model around BaaS and now need to rethink it.
Larger organizations ideally should have their fingers on the pulse of managing compliance and risk programs in association with fintechs. However, as we all know, BSA/AML and fraud are beasts that often rear their ugly heads when least expected.
To all compliance and risk professionals whose banks are in a partnership with a fintech or thinking about it, don’t be afraid to identify the variety of risks that must be considered and managed in developing these working relationships.
Help your business partners plan and execute appropriately. As we all know, the regulators won’t be afraid to point out your organization’s shortcomings.
Hopefully, the CFPB will lead the march in setting more accountability in the fintech industry, so all the burden doesn’t continue to fall on the banks.
Contact CUBE so we can help you proactively manage every single regulatory change.