Contents
The recent Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services (“Statement”) released on July 25, 2024 by the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC), signals heightened regulatory scrutiny of bank-fintech partnerships.
With these collaborations becoming increasingly integral to the delivery of financial services, the agencies have identified new risks in the areas of compliance, governance, and operational frameworks.
This article breaks down the key risks highlighted in the Statement, the regulatory expectations for managing these risks, and the implications for both banks and fintech companies. We will also review recent enforcement actions connected to these partnerships and provide insights on how financial institutions can adapt to this ever-evolving regulatory environment.
See also:
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013. If you need assistance with compliance or fintech regulations, click here.
Joint Statement on Bank-Fintech Partnerships Risks
The Statement emphasizes the increasing regulatory focus on the risks associated with bank-fintech partnerships. As these collaborations grow in importance for delivering financial services, the Statement identifies several key areas of concern that banks must address to ensure compliance and protect consumers.
The Statement highlights the need for banks to implement robust risk management frameworks and maintain strong oversight, even when relying on third-party fintech providers to perform critical functions.
This focus on risk management aligns with the Interagency Guidance on Third-Party Risk Management, released in June 2023, which emphasized that banks must align their risk management practices with the specific nature and risk profile of their third-party relationships. To learn more about the updates and clarifications provided in the Interagency Guidance, see InnReg’s detailed article here.
The Statement sets clear expectations for banks to manage these risks proactively, signaling that regulators will closely scrutinize these partnerships to safeguard the financial system's stability and integrity.
Why Banking Agencies Are Increasing Oversight
Banking agencies are increasing their oversight of bank-fintech partnerships to address several emerging risks tied to these collaborations, whose vulnerabilities have been highlighted by recent prominent events.
For example, the recent collapse of Synapse, a banking-as-a-service (BaaS) fintech that filed for bankruptcy after losing millions in customer funds, demonstrated how partnerships with fintechs can expose banks to substantial operational and reputational risks.
Another notable case is the Federal Reserve's enforcement action against Evolve Bank in June 2024, where the bank was penalized for failing to manage risks effectively in its fintech partnerships, including deficiencies in anti-money laundering (AML) compliance and consumer protection controls.
These examples highlight regulators' growing concerns about how some banks delegate critical functions to fintech partners without sufficient governance and oversight. The agencies are reinforcing the need for more robust risk management frameworks to ensure that partnerships align with regulatory requirements, safeguard consumers, and protect the financial system's integrity.
Key Risks Highlighted by the Joint Statement
The Statement identifies several key risks that banks must address when partnering with fintech companies.
These risks stem from the unique dynamics of bank-fintech arrangements, where responsibilities for essential functions are often shared or outsourced, creating potential gaps in compliance, governance, and operational integrity.
The statement categorizes these risks into three primary areas:
1. Operational and Compliance Risks
One of the most significant risks involves the operational and compliance challenges that arise when banks rely heavily on fintech partners to perform critical functions. These challenges include:
Fragmented Operations: When multiple third parties are involved, it can be difficult for banks to maintain clear oversight of all activities, increasing the risk of regulatory non-compliance.
Lack of Access to Records: Banks may struggle to access crucial records that fintech partners maintain, such as transaction data and account information. This can hinder a bank's ability to meet its regulatory obligations, such as consumer protection and AML requirements.
Compliance Failures: Depending on fintechs for regulatory compliance functions, like customer identification and due diligence, may expose banks to compliance failures if those fintechs do not meet regulatory standards.
2. Growth Risks from Rapid Expansion
The rapid growth of bank-fintech partnerships presents another set of risks around managing growth and maintaining adequate oversight. Key concerns include:
Operational Capabilities Lagging Behind Growth: The fast-paced expansion of partnerships can strain a bank’s existing operational and risk management capabilities, leading to gaps in oversight and increased vulnerability to compliance issues.
Liquidity and Funding Risks: Increased reliance on fintech partners for deposit generation can lead to concentrated funding sources, which may challenge a bank's ability to effectively manage liquidity, especially during times of financial stress.
3. Customer Confusion and Deposit Insurance Misrepresentation
The Statement also addresses the risk of customer confusion, particularly around deposit insurance coverage:
Misleading Information: Customers may not fully understand the roles of the bank and its fintech partner, potentially leading to misconceptions about which deposits are insured by the FDIC.
Regulatory Violations: The agencies emphasize the need for clear and accurate communication regarding deposit insurance coverage to prevent potential violations under the FDIC’s rules.
These risks underscore the need for banks to strengthen their governance frameworks, enhance compliance controls, and ensure transparent communication with consumers to maintain trust and mitigate potential regulatory and operational pitfalls in fintech partnerships.
Regulatory Expectations for Banks in Managing Fintech Partnerships
The Statement outlines clear regulatory expectations for banks engaging in fintech partnerships.
The key areas of focus include:
Governance and Risk Management Guidelines
The Statement reinforces the importance of strong governance structures to manage the risks associated with fintech partnerships. Banks are expected to:
Establish Clear Policies and Procedures: Develop comprehensive policies outlining the roles and responsibilities of both the bank and its fintech partners. This includes ensuring that contractual agreements clearly define risk management and compliance obligations for all parties involved.
Implement Effective Oversight and Monitoring: Banks must actively monitor their fintech partners to ensure compliance with regulatory requirements and internal risk management standards. This involves conducting regular assessments, audits, and due diligence checks to verify that fintech partners meet the bank's expectations and regulatory obligations.
Maintain Board and Senior Management Oversight: The board and senior management are expected to provide clear guidance on risk appetite, oversee the effectiveness of risk management practices, and ensure that risk management processes are appropriately scaled as partnerships evolve.
Enhanced Compliance Requirements
To address the identified compliance risks, regulatory agencies expect banks to implement several key measures:
Strengthen Compliance Programs: Banks must enhance their compliance programs to cover all aspects of their partnerships, including AML compliance, consumer protection, data privacy, and other regulatory requirements. This may involve dedicating more resources to compliance functions and improving staff expertise in managing third-party risks.
Ensure Clear Communication on Deposit Insurance: To prevent consumer confusion, banks should clearly communicate which products are covered by FDIC insurance and under what circumstances. This includes requiring fintech partners to use accurate language in marketing materials and public communications to avoid misrepresenting deposit insurance coverage.
Prepare for Regulatory Examinations: Banks should be prepared for closer regulatory scrutiny, including examinations focused on their fintech partnerships. This involves maintaining detailed records, ensuring transparent communication with regulators, and promptly addressing any identified deficiencies.
By meeting these regulatory expectations, banks can better manage the risks associated with fintech partnerships, protect their customers, and maintain compliance with evolving regulatory standards.
Implications for Banks and Fintech Companies
As regulators increase their focus on the risks associated with these partnerships, financial institutions must take proactive measures to mitigate potential risks.
Preparing for Regulatory Scrutiny
Banks and fintech companies should expect more scrutiny and oversight from regulators. To prepare, they need to:
1. Strengthen Risk Management Frameworks
Banks must enhance their risk management programs to include comprehensive oversight of all fintech partnerships. This effort involves conducting thorough due diligence on fintech partners, establishing clear roles and responsibilities, and ensuring that all third-party activities align with the bank's risk appetite and regulatory requirements.
2. Enhance Compliance Programs
Banks should bolster their compliance programs, particularly in areas like AML, consumer protection, and data privacy. Such enhancements may require increased investment in compliance resources, staff training, and technology solutions to effectively monitor and manage third-party risks.
3. Document and Monitor Compliance Efforts
Both banks and fintech companies should maintain detailed documentation of their compliance efforts, including records of risk assessments, audits, and corrective actions taken to address any identified deficiencies. This helps demonstrate to regulators proactive risk management and compliance with all applicable laws.
4. Engage in Open Communication with Regulators
Banks should maintain transparent communication with regulatory agencies, promptly addressing any issues raised during examinations and audits. Proactive engagement can help mitigate potential penalties and demonstrate a commitment to maintaining regulatory compliance.
Adjusting Partnership Strategies
The evolving regulatory landscape may require banks and fintech companies to adjust their partnership strategies to ensure alignment with regulatory expectations:
1. Reassess Existing Partnerships
Banks should thoroughly review their current fintech partnerships to identify potential gaps in compliance or risk management. This may involve renegotiating contracts to clearly define roles, responsibilities, and compliance obligations or even terminating relationships that do not align with the bank's risk appetite or regulatory requirements.
2. Focus on Transparent Communication
Clear communication between banks, fintech partners, and customers is essential. Banks should ensure that all marketing materials and customer communications accurately reflect the nature of the partnership, the scope of deposit insurance, and the roles of each party to avoid potential regulatory violations related to misrepresentation.
3. Adopt a Risk-Based Approach to New Partnerships
When entering new partnerships, banks should adopt a risk-based approach to assessing potential fintech partners. This includes conducting rigorous due diligence, assessing the fintech's risk profile, and ensuring the partnership aligns with the bank’s overall risk management strategy.
4. Invest in Compliance and Monitoring Tools
To manage risks effectively, banks and fintech companies should consider investing in advanced compliance and monitoring tools that provide real-time insights into partnership activities, customer transactions, and potential compliance breaches.
See also:
—
The recent Joint Statement by federal banking agencies marks a significant shift in the regulatory landscape for bank-fintech partnerships. As regulators heighten their scrutiny of these collaborations, both banks and fintech companies must be prepared to meet new expectations around risk management, compliance, and consumer protection.
Proactive steps such as strengthening risk management frameworks, enhancing compliance programs, and adjusting partnership strategies will be essential to successfully navigate this evolving environment.
For banks and fintech companies seeking to build and maintain compliant partnerships, expert guidance can make all the difference.
At InnReg, we bring extensive experience in managing the compliance implications of bank-fintech relationships. Our services include comprehensive compliance policy development and management, banking partner selection and onboarding assistance, and in-depth risk assessments. We help financial institutions and fintechs align with regulatory expectations, mitigate risks, and achieve their strategic goals.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with neobank compliance, reach out to our regulatory experts today:
Published on Sep 5, 2024
Last updated on Sep 5, 2024