Fintech Compliance: Banking Regulators Issue Guidance on Risks Posed by Bank-Fintech Relationships

Three federal banking regulators have issued joint guidance highlighting potential risks associated with partnerships between banks and financial technology (fintech) companies. The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released a statement emphasizing the need for responsible innovation and compliance with applicable laws and regulations in these arrangements.

Key Risk Areas Identified

The regulators outlined several key risk areas that banks must carefully manage when engaging in partnerships with fintech firms. If you are a tech company seeking a partnership with a BaaS bank, or perhaps you already are engage with a BaaS bank, it is important that you remain abreast of the regulatory implications of your relationship.

Operational and Compliance Risks

Banks that heavily rely on third parties for deposit operations may face heightened risks if they lack adequate due diligence and ongoing monitoring. The fragmentation of operations among multiple parties can complicate risk assessment and management. To mitigate this risk banks should consider increased compliance program component reviews, this includes transaction sampling, regular meetings with fintech compliance team members, and an active training program.

Data Access and Control

Insufficient access to crucial information and data maintained by fintech partners can impair a bank's ability to determine its deposit obligations, satisfy its compliance testing obligations, and examination fulfillment obligations. Bank’s must keep a pulse on how fintech’s store data, including the recording of consumer signatures/consents, and real-time ledger.

Regulatory Compliance

Outsourcing regulatory compliance functions like suspicious activity monitoring and customer identification to fintech partners without ongoing assurance and validation the fintech has the human resources, subject matter expertise, and practices to manage the compliance responsibilities  increases the risk of non-compliance with regulatory requirements.

Consumer Protection

Inadequate oversight of fintech arrangements can impact a bank's compliance with consumer protection laws, such as Regulation E and Regulation DD, potentially resulting in consumer harm, lost of confidence in the financial markets, and potential wide scale consumer duress, such as the fallout related to the Synapse Bankruptcy.

Growth and Liquidity Risks

Rapid growth resulting from fintech partnerships can strain risk management and operational processes. Significant funding concentrations and liquidity risks may arise, particularly when funding is deployed in illiquid or long-term assets.

Summary Guidance for Effective Risk Management

The regulators emphasized that banks must operate in a safe and sound manner while complying with applicable laws and regulations. They provided examples of effective risk management practices, including:

1. Developing comprehensive policies and procedures detailing organizational structures, reporting lines, and internal controls.
2. Conducting thorough due diligence on potential fintech partners.
3. Implementing strong oversight and monitoring processes for fintech relationships.
4. Establishing clear contractual provisions related to oversight and auditing of fintech partners and their subcontractors.
5. Creating strategies to manage growth, liquidity, and capital implications of bank-fintech arrangements.

Implications for Banks and Fintechs

While the guidance applies directly to banking organizations, fintech companies partnering or seeking to partner with banks should also be aware of the framework it creates. Banks may use this guidance as the basis for due diligence requests, contract negotiations, and ongoing monitoring procedures in their fintech partnerships.

The regulators' focus on these partnerships reflects the growing importance of fintech collaborations in the financial services sector. As these relationships continue to evolve, both banks and fintech firms will need to navigate this regulatory landscape carefully to ensure compliance and mitigate potential risks.

‍

Ready to discuss BaaS Compliance Management, we’re here when you need us, click here to start the conversation.

‍