Banks and fintechs ought to carry out ‘belief workout routines’ amid OCC scrutiny of BaaS

It could simply be that banking-as-a-service (BaaS) suppliers and fintechs have grown into distinctive and now mature collaborators that justify up to date and revised necessities from regulators. Earlier this month, Appearing Comptroller of the Forex Michael J. Hsu spoke at The Clearing Home and Financial institution Coverage Institute’s Annual Convention, outlining the Workplace of the Comptroller of the Forex’s (OCC) official steering for maturing necessities on financial institution and fintech partnerships.  

Clint Heyworth, director of compliance, Alloy

The OCC’s actions might seem to impose new necessities, but when previous guidelines might be relied on, they may seemingly solely impose finest practices all through an trade which can pressure immature firms out of the area, rising the potential power of these remaining however subjecting the hurt which may circulate from their market energy to the federal regulatory construction. All that to say, typically you simply have to maneuver as much as the following weight class.

In any case, we should always do not forget that regulators are chargeable for defending customers who get hold of and use monetary providers merchandise, even after we disagree on the small print. Slightly than draw back from these partnerships out of concern of extra regulation, banks and fintechs alike ought to see this as a possibility to strengthen their relationships with one another, regulators and their prospects. 

Present regulatory panorama  

Put merely, the chartered financial institution holds the first accountability and threat for compliance in financial institution and fintech partnerships. Nonetheless, that is an actively evolving area within the regulatory panorama. It’s essential to level out that the OCC is only one regulator, and since it regulates bigger nationwide banks, it doesn’t truly oversee nearly all of banks within the U.S. In our estimation, the U.S. federal prudential banking regulators will probably be joined by the FTC and state regulators to have probably the most significant impression on this area.  Following is a abstract of the place some key gamers on this regulatory area at the moment stand on financial institution and fintech partnerships:  


In August 2021, the OCC printed a 20-page information directing neighborhood banks to conduct due diligence on their third-party fintech companions. Alongside Hsu’s latest remarks, the OCC notably ordered Blue Ridge Financial institution to extend its due diligence and its oversight of third-party fintech partnerships.  

Federal Deposit Insurance coverage Company (FDIC) 

Though all banks are insured by the FDIC, many accomplice banks are neighborhood banks or mid-size banks, which are sometimes instantly regulated by the FDIC. The FDIC has a information of its personal on how banks ought to oversee third-party fintech partnerships. And, because the OCC and CFPB proceed to be aggressive on this difficulty, we anticipate the FDIC to comply with swimsuit.  

Client Monetary Safety Bureau (CFPB) 

Since being confirmed in 2021, CFPB Director Rohit Chopra has been outspoken in regards to the shut eye he’s retaining on nonbanks in monetary providers. “To the extent that large tech firms are utilizing the treasure troves of knowledge, there must be some parity with native banks and different monetary establishments which can be following the legislation,” he stated shortly after being confirmed.  

Federal Commerce Fee (FTC) 

The FTC, a long-time consumer-focused regulatory physique, participates in federal enforcement of quite a lot of client finance legal guidelines, together with the Gramm-Leach-Bliley Act (GLBA), which regulates the therapy of nonpublic private data of customers by monetary establishments. The FTC will proceed to affect public coverage — particularly because it pertains to privateness necessities at banks — which requires banks and fintech companions to stage set this federal regulatory physique in opposition to state and worldwide privateness necessities. 

State regulators 

Within the U.S., the monetary providers trade is topic to each federal and state rules. Traditionally, states have by no means had a lot of an curiosity in regulating financial institution and fintech partnerships, seemingly as a result of they hold firms from acquiring state licenses and reducing income alternatives for states. State rules fluctuate on a state-by-state foundation, with many states already starting to extend their oversight of bank-fintech partnerships. State attorneys normal have not too long ago challenged financial institution partnerships as “rent-a-bank” to allow fintechs to keep away from complying with state legal guidelines, significantly state usury legal guidelines. Because of this, states at the moment are aligning with present federal company challenges to the financial institution partnership mannequin. 

Way forward for financial institution, fintech partnerships 

Companion banks will face deeper questions from examiners about their important service suppliers to ascertain that they’ve acceptable oversight and management over their applications provided by way of fintech partnerships. Banks will want to have the ability to set up the integrity of their very own third-party vendor administration techniques to show their companions are, the truth is, in good situation and wholesome sufficient to supply the providers the financial institution is contracting. Banks don’t should be petrified of this or decelerate their plans to accomplice with fintechs. They need to assess their present vendor administration program and be sure that it’s adequate. It’s at all times higher to determine an issue your self earlier than regulators are at your door, and accomplice banks will more and more have to show to regulators that they’re performing the right due diligence on third-party distributors.  

For fintechs that have already got a deep understanding of the extremely regulated monetary providers area, it’s enterprise as standard. A key accountability of fintechs in financial institution partnerships has at all times been to allow their accomplice financial institution to satisfy their regulatory necessities — together with compliance with the BSA and KYC/AML necessities, transaction monitoring and information safety — and that is extra essential now than ever. 

For each banks and fintechs, this implies they will need to strengthen belief with one another.  

Constructing a “belief partnership” 

I’m positive many people have been at some kind of team-building retreat the place we needed to do a belief fall with a workforce member. To a sure extent, banks are doing a belief fall into their fintech partnerships. All they’ll actually do is clearly talk their regulatory necessities to their fintech companions and hold a detailed eye on them, however in addition they need to belief the fintech companions will comply with the rules.  

The onus is basically on the fintech to indicate the financial institution that they are often trusted with this important activity. However belief doesn’t imply a scarcity of oversight over the fintech companions and their applications. Belief means establishing a working relationship and course of that each meet the banks’ regulatory and threat necessities and helps the launch and enlargement of the fintech program. 

Listed here are some tangible ways in which fintechs and accomplice banks can nurture a trusting relationship: 

  1. Rent competent compliance individuals. Fintechs should level-up their information of the regulatory panorama. It begins with accepting and embracing that there’s a “fin” part in fintech. There’s going to be elevated oversight, there ought to be individuals on the fintech that perceive rules and may defend their applications. Search for individuals with confirmed expertise on this extremely regulated area who know the dangers related to it; 
  2. Frequently talk. The compliance and threat groups at banks and fintechs ought to be assembly weekly. Protecting the traces of communication open is essential, particularly as a result of rules consistently evolve; 
  3. Reply shortly. Responsiveness in fintech and financial institution partnerships is essential — non-compliance can have main monetary and reputational implications for accomplice banks, so fintechs have to deal with compliance issues as a excessive precedence; and 
  4. Get on a airplane! Banking remains to be a really in-person, face-to-face trade. Leaping on a airplane and having in-person conferences (and when you’ll be able to’t meet in individual, hitting the dreaded video-on button in your Zoom) will go a protracted solution to construct belief. 

Wanting forward 

The OCC’s latest remarks and enforcement in opposition to Blue Ridge Financial institution are simply the tip of the iceberg. While you have a look at the OCC’s latest statements and couple that with an aggressive regulator just like the CFPB, it’s only a matter of time till different regulators comply with swimsuit and proceed tightening rules on financial institution and fintech partnerships. This might trickle right down to third-party infrastructure suppliers as nicely. These suppliers must also be watching this area, hiring individuals which can be outfitted to navigate it and constructing belief partnerships with their financial institution and fintech companions.  

Clint Heyworth is the director of compliance at Alloy and brings virtually 20 years of expertise within the discipline to the corporate.