As regulators look to close gaps in their supervision of bank-fintech partnerships, some say solutions can be found in underused parts of the existing legal framework.
During the past two weeks,
Banks and financial technology groups alike say better outcomes could be had if supervisors and fintechs had more direct dialogues. Conversations can sometimes be arranged on an ad hoc basis, but industry participants say a more formal relationship between the two sides could be beneficial.
“The path to regulatory clarity requires collaborating with responsible industry participants,” said Phil Goldfeder, CEO of the American Fintech Council. “We need to streamline the current patchwork of rules and regulations and ensure fair and consistent enforcement throughout our industry.”
Though not stated explicitly, the recent moves appear to target recent failures within the fintech space that have had ripple effects in the banking industry,
“Operational risk is front and center, and it really brings to the forefront the different models,” Cheng said. “If you have a middleware provider like Synapse versus a model where there’s just a bank and a fintech company, given the number of risks and considerations listed in the statement, it seems there’s some favoring of the simpler model, the lower operational risk model with fewer parties involved.”
During the FDIC’s hearing on brokered deposits, Chair Martin Gruenberg noted that the 2020 rule change allowed groups such as Voyager to be exempt from registering as brokers.
One option for improving communication between regulators and fintechs would be for agencies to classify more companies as significant service providers, a designation that would — under authorities of the Bank Service Company Act — enable agencies to supervise those companies directly.
Traditionally, this designation is reserved for core banking providers, which handle software responsible for critical processes such as account management, deposits and withdrawals, loan processing and more. But bank groups say the agencies could go further.
Michael Emancipator, vice president and senior regulatory counsel for the Independent Community Bankers of America, said while fintechs might not warrant the same level of oversight as core providers, he believes regulators have the ability to scale their oversight of these groups commensurate with their risks.
“There could be an appetite for more entities to be identified as, if not exactly significant service providers, at least important in some capacity to have direct supervision,” Emancipator said, adding that ICBA has repeatedly urged the agencies to “flex that muscle more.”
The Federal Reserve, Office of the Comptroller of the Currency and FDIC define significant service providers as ones that “serve large numbers of banks and pose a higher degree of systemic risk.” These groups are evaluated on six key criteria: management of technology, integrity of data, confidentiality of information, availability of services, compliance and financial stability, which includes a requirement that firms maintain adequate capital and liquidity to support ongoing operations.
While similar in some respects, the prudential standards for these groups are lower than those applied to systemically important financial market utilities, which are entities deemed too big to fail by the Financial Stability Oversight Council. These groups face higher standards for board oversight, resolution and disclosures. Also, unlike SIFMUs, there is no public database of significant service providers.
Fintechs would also like to establish more formal relations with regulators to avoid being caught in the proverbial game of telephone, in which they received regulator feedback second-hand through their bank partners. But that desire for more direct dialog with regulators doesn’t mean fintechs would welcome a significant service provider designation.
Goldfeder said he would prefer a regime in which groups could opt into more direct oversight, noting that his organization has favored the creation of a fintech charter since the idea was first proposed by then-Comptroller Thomas Curry during the Obama administration.
The OCC has been accepting applications for special purpose national charters for fintech since 2018, but the framework is largely focused on payments groups eying a single license rather than having to be licensed as a money transmitter in each individual state and territory. The program has largely gone unused. Goldfeder said fintechs would support improvements to this regime or the creation of a new one.
“We support the idea of creating direct engagement between fintech companies and the most appropriate regulatory agencies,” he said. “A fintech charter has … unfortunately, not seen a path forward, but we’ll always look for opportunities to create as much collaboration engagement as possible.”
While existing frameworks could facilitate these stronger channels of communication and supervision, actually implementing them would be no small feat. Todd Phillips, a former FDIC lawyer and current law professor at Georgia State University, said there are many ambiguities that would have to be cleared up for these ideas to be brought to fruition.
“These are ideas that are floating around, Bank Service Company Act, fintech charter, whatever,” Phillips said. “But there’s still a lot of questions up in the air about most of them.”
In the meantime, fintechs and their partner banks are heartened by the joint regulatory effort to learn more about the dynamics of this industry and come up with more targeted regulatory solutions.
Konrad Alt, founder of the consultancy Klaros Group, said the existing regulatory frameworks most often used to govern these partnerships — primarily third-party risk management and Bank Secrecy Act/anti-money laundering compliance — were not designed with fintechs in mind.
“Regulators are working with the tools they have, but those tools are … not perfect for these institutions. These banks really are different,” Alt said. “There is not yet a complete set of tools to deal with the full set of risks that some of these banks are taking.”
Some in the bank-fintech space hope these efforts to learn more about the industry and potentially craft new rules or guidance for it will mean an end to what they see as a regulation-by-enforcement approach to bank-fintech partnerships.
According to data compiled by Klaros Group, 13% of publicly announced enforcement actions by the three regulatory agencies last quarter were against fintech partner banks. While this is down from the 34.8% tracked during the first quarter of the year and the 26.1% from the fourth quarter of 2023, Alt noted that it still means fintech partner banks are being significantly overrepresented in enforcement actions, noting that they only comprise about 3% of the banking industry.
Alt said much of this may be the result of standard supervisory procedures — examiners flag an issue, a bank fails to address it in a timely manner, then the issue is elevated — but it is not the best way to effectuate change, especially among the community banks that most often partner with fintechs.
“When you bring an enforcement action, what you are guaranteeing, first and foremost, is that it is going to be a central preoccupation of the board and the management for a good long time. It will distract them from lots of other things they also need to pay attention to,” he said. “Many of them, particularly the smaller end, will probably struggle with the cost of compliance.”