The joint statement and requests for information issued by several agencies late last month on “potential risks” inherent in bank/FinTech relationships spotlight regulators’ concerns on banks’ reduced control and visibility into critical financial functions.
The statement also provides a roadmap into some of the key aspects of those relationships that may be subject to additional regulation in the months to come, especially in light of the still-unfolding events surrounding the Synapse bankruptcy, which — while not explicitly named — have put account oversight and accessibility under close scrutiny.
As detailed more fully in the joint statement issued by the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC), “some banks have entered into arrangements with third parties to deliver deposit products and services (such as checking and savings accounts) to end users.
“Banks may do this in order to increase revenue, raise deposits, expand geographic reach, or to achieve other strategic objectives, including by leveraging new technology or offering innovative products and services,” the statement added. “In these arrangements, a third party, rather than the bank, typically markets, distributes or otherwise provides access to or facilitates the provision of the deposit product or service directly to the end user.”
If banks rely on third parties to manage deposit operations, that reliance can “eliminate or reduce a bank’s crucial existing controls over and management of the deposit function. Without adequate initial due diligence and ongoing monitoring, risks to the integrity of a bank’s deposit function are heightened,” the regulators wrote.
Also, within those relationships, “fragmented operational functions for deposit products and services among multiple third parties” can wind up making it “more difficult for the bank to effectively assess risks.” The banks also might lack access to records, including deposit and transaction systems of record that are maintained by those third parties, leading “to delays in end-users’ access to their deposits, which in turn can expose the bank to additional legal and compliance risks.”
The information request, accessible here, noted that “some non-bank fintech companies provide end users with access to deposit products and services; however, these entities are not Federally insured depository institutions.”
As the joint efforts scale, with FinTechs offering loans, different payment types or digital wallets across their platforms, banks’ “existing risk and compliance management systems, as well as management’s and employees’ expertise and roles and responsibilities, may neither be commensurate with the risk profile of the new business model nor be sufficiently scalable without significant investments in resources and training.”
The request for comment asks respondents, including the financial institutions and members of the public, to comment on the structures and agreements governing the use of data to monitor and control for risk, as well as upfront and ongoing costs.
Among the questions asked: “how are deposit accounts usually titled? Describe the range of practices reconciling bank deposit account records with the FinTechs ’records. Generally, what party holds and maintains the account records … Describe any additional controls, that banks or FinTechs may use to provide for accurate reconciliations.”