In June 2023, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance coverage Company (FDIC), the OCC and the US Treasury Division issued joint steerage to all banking organisations for growing and implementing threat administration practices when partaking in third-party fintech partnerships.
In direction of the tip of February, Michael Hsu, CEO and performing comptroller of the forex at OCC, delivered a presentation at Vanderbilt College in Nashville, Tennessee, discussing how the ‘blurring of the road’ between banking and non-banking entities might result in monetary instability.
Fintech innovation has been rife all through the final decade, with funds altering drastically and inspiring the expansion of the e-commerce sector.
Nonetheless, whereas many have celebrated the pace of change pushed by the fintech trade, Hsu fears that extra nonbank entities taking over the assorted parts of banking might result in monetary instability – as they fall exterior of the banking regulatory remit – and as public confidence is lowered.
These considerations might result in considerably extra regulatory consideration, with Hsu outlining that the OCC expects banks to handle dangers associated to fintech partnerships, including that “micro-prudential supervision and regulation have a job to play in mitigating among the macroprudential dangers from nonbanks”.
To seek out out extra in regards to the potential penalties of this, we reached out to trade specialists to get their tackle the way forward for collaboration between fintechs and banks.
‘We face a disaster of a major mismatch’
Phil Goldfeder, CEO of the American Fintech Council (AFC), the trade affiliation representing accountable fintechs, defined to The Fintech Occasions that the OCC might negatively affect the fintech trade within the US, if it interferes with partnerships too broadly: “As a standards-based commerce affiliation, AFC recognises that not all fintech is created equal. Portray bank-fintech partnerships, and the dangers related to them, with a broad brush, negatively impacts accountable firms which can be working tirelessly to evaluate the precise dangers related to a given product, service, or partnership.

“Accountable bank-fintech partnerships function very otherwise than different, much less accountable, fashions. To that finish, the OCC and the opposite banking regulators ought to fastidiously think about every particular person bank-fintech partnership, and the nuances entailed inside it, when assessing the danger of a given partnership.
“We face a disaster of a major mismatch between the fintech used to conduct our every day lives and the regulatory mechanisms designed to make sure a good and secure banking system. Regulated and accountable fintech firms are poised to steer the way forward for monetary companies innovation as they break down the standard limitations to capital and attain households and companies historically left behind.
“The onus is on the financial institution and fintech firm to handle threat, however equally necessary that regulators assess threat successfully. An efficient system requires each events to know the whole ‘provide chain’ of banking and clearly recognise the actual extent of the danger offered. That understanding begins with correct examiner schooling of the distinctive services and products being examined, constant engagement between each regulators and their regulated entities, and a deal with modernising rules which can be at present impractical for the way forward for monetary companies.”
Discovering a stability between overcorrecting and guaranteeing financial institution requirements
Jonah Crane, associate at Klaros Group, a monetary companies advisory and funding agency, shares the same view and defined that whereas change is required to make sure no calamity comes from these partnerships, it should be launched fastidiously, to not uninteresting fintech innovation utterly: “When banks enter into partnerships that permit fintechs and different nonbanks to supply banking merchandise to their clients, these clients change into financial institution clients.


“So, all actions in reference to providing these merchandise want to satisfy financial institution requirements, and in the end the financial institution is liable for ensuring they do. This isn’t precisely new, however the explosion of latest fintech programmes led many banks to see a free lunch: ‘the fintech does all of the work, and I get deposits and payment income’.
“This premise was defective from the start, and as soon as regulators began to dig in they didn’t like what they noticed. This will likely be a difficult house for a couple of years, however the structural want for this mannequin (particularly within the US) means there will likely be nice alternatives on the opposite aspect. It’s not rocket science, nevertheless it’s additionally not trivial, and the price of working a bank-sponsored programme is undoubtedly going up. The query is whether or not we are able to discover a workable mannequin or if, as an alternative, we overcorrect to the purpose that the subsequent Chime or Money App by no means makes it to market.”
Fintechs and banks ‘should perceive the regulators’ considerations’
Nonetheless, Rick Kuci, COO of FundKite, an SMB fintech funding platform, believes OCC considerations are honest. As a result of many banks didn’t do their due diligence when partaking in fintech partnerships, important dangers have emerged from them: “The OCC has legitimate factors round fintech and banking relationships on the subject of managing dangers.


“Sadly, many banks induced this threat subject for themselves. Neighborhood and regional banks jumped into fintech partnerships with out totally understanding these points round compliance, hacks and client safety. Fintech partnerships have been new to banks and regulators alike, and there wasn’t a lot steerage from regulators within the early days.
“The idea was good: providing extra companies and sooner decision-making to financial institution shoppers. It was extra cost-efficient to associate with a fintech firm as an alternative of making an attempt to develop the programme themselves.
“Nonetheless, many banks didn’t maintain fintechs to the identical cybersecurity and privateness requirements as they held themselves. If fintechs wish to associate with banks, they need to perceive the regulators’ considerations, keep updated on these considerations, and supply assurances to the banks that they adhere to the strictest privateness and cybersecurity rules.”
Danger is a ‘shared duty’
For Kevin McWey, chief income officer at DataVisor, an AI-powered fraud and monetary crime prevention platform, the burden of threat must be shared between the fintechs and banks: “The chance posed to the monetary ecosystem is a shared duty throughout banks and fintechs. Nobody get together ought to shoulder the entire burden.


“It’s important for each events to collaborate with knowledge and insights to put efficient controls in place. Fintech is bringing a wealth of innovation to the monetary sector now we have not encountered earlier than, and a few of that may be performed due to the shortage of regulatory burden. The associate banks and regulators must be collaborating with fintechs on tips on how to implement efficient controls to guard their clients and shield the monetary ecosystem from criminals and unhealthy actors.
“Past regulatory concerns, it’s not information that every one monetary companies suppliers ought to undertake a holistic strategy to buyer threat, whether or not that be fraud or regulatory threat.
“Being able to undertake techniques that may be interchangeable throughout completely different knowledge units and transaction autos enhances understanding and cooperation between each events. Breaking down level options siloes and bringing the main target again to shopper behaviour is the one approach to holistically forestall fraud and keep out of the regulatory crosshairs.”
Seeking to the long run
Whereas most seem to agree {that a} refined strategy on behalf of the regulator is right, the indicators recommend that elevated regulatory consideration is inevitable.


Ryan Christiansen, government director of the College of Utah Stena Heart for Monetary Expertise, affords recommendation to fintechs to arrange themselves for elevated ranges of scrutiny: “Fintechs are starting to really feel among the stress growing as they’re requested by their sponsor banks or BaaS suppliers to extend the extent of reporting, settle for further legal responsibility, and improve compliance and controls inside their companies.
“Nonetheless, banks have historically been the entity that clients and regulators search to reimburse harmed clients. The fact is that the entity that induced hurt must be responsible for the losses. To successfully establish legal responsibility the attributes of transparency, traceability, and safety should exist between banks and fintechs. To function these attributes at scale, fintechs and banks ought to develop requirements round every of those ideas. Within the absence of requirements, partnerships between banks and fintechs require techniques and agreements to facilitate these attributes.
“New and present rules are rising in methods that can require fintechs to have extra bank-like controls in place. Profitable fintechs ought to improve their degree of economic regulatory understanding; spend money on compliance instruments and personnel; be ready to simply accept further monetary legal responsibility; insure in opposition to monetary dangers; and construct partnerships with banks which can be totally compliant with the rising rules.”
Who ought to harbour threat duty?
Aaron Kouhoupt, member chief privateness officer for McGlinchey Stafford, a US-based enterprise legislation agency, provides: “Neither the financial institution nor the non-bank ought to harbour all threat duty and that isn’t the way in which partnerships are at present structured or ever have been.


“Every entity has its personal position, and threat, to play within the house and people are regulated actions. The financial institution has threat obligations which can be established by prudential federal regulatory companies whereas non-banks are sometimes topic to state obligations and restrictions. Understanding every get together’s obligation respective to their regulated actions is the important thing to a profitable partnership.
“Fintech firms ought to perceive their obligations each to their financial institution associate and to any federal or state regulatory obligations which may be imposed based mostly on their specific actions. Limiting your actions, based mostly in your degree of authority, is important for every get together.
“Tighter scrutiny and elevated examination are doubtless and the fintech ought to deal with sturdy compliance administration practices.”
‘Extra is coming’
Jess Cheng, funds and fintech associate of Wilson Sonsini Goodrich & Rosati, a authorized advisor to know-how and different progress enterprises, discusses what enhanced regulatory consideration might imply for fintechs trying to collaborate with banks: “The publication of the Steerage on Third-Social gathering Relationships: Danger Administration by the Federal Reserve, the FDIC, and the OCC is only the start. Extra is coming. To many banks partnering with fintechs, these supervisory expectations are new.


“Studying between the strains, there’s recognition amongst officers on the banking companies that one thing extra past the steerage is required to provide smaller banks the required readability and instruments to implement threat administration practices to satisfy these new supervisory expectations.
“Throughout the trade, fintechs are additionally beginning to recognize the dangers of this example – reliance on one financial institution associate, who might have threat publicity to a variety of different fintechs and be prone to a foul supervisory examination, could possibly be an existential threat to their very own enterprise. Till the banking companies present clearer supervisory expectations, these fintechs must forged their very own discerning eye on their companions or potential companions.
“For these fintechs, amongst key issues to search for in a financial institution associate is whether or not it has an efficient compliance oversight programme for its fintech companions, together with a devoted inner compliance workforce to observe ongoing actions and efficiency of fintech companions.”
How strongly and the way quickly new regulatory guidelines might come into play for fintech-bank partnerships is but to be seen, however it’s clear that fintechs might have to arrange themselves for change.