Bank-Fintech Relationships: Key Regulatory Developments
Bank-fintech relationships and the Banking-as-a-Service (BaaS) landscape have become major regulatory focuses in the last two years and it's essential to follow the latest compliance developments. We’re tracking and updating this page for key regulatory guidance, events, and discussions on bank-fintech oversight expectations.
Subscribe to our newsletter and follow us on LinkedIn and Twitter to get the latest news!
Bank-fintech compliance in the spotlight
BaaS and embedded finance markets are growing exponentially as new forms of partnership between banks, technology providers, and businesses emerge to adapt to the latest banking, merchant, and consumer trends.
But regulators have taken note, even drawing parallels between the rise in emerging bank-fintech business models and the 2008 financial crisis.
It’s clear that successful fintech partnership programs require partner banks to maintain robust, effective compliance programs and closely manage risks in their fintech relationships.
As a result, the leading companies in this space are closely watching bank-fintech partnership regulatory developments, and investing in compliance tools to optimize fintech program oversight, onboarding, and scaling.
Timeline: Key bank-fintech regulatory developments
The US federal bank regulatory agencies (the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and Federal Reserve) releases proposed interagency guidance on how banks should manage risks in third-party relationships, including bank-fintech partnerships. The guidance also says that under certain circumstances, the agencies may even examine banks’ third-parties, including their AML and sanctions compliance.
In two speeches here and here, the OCC's Acting Comptroller Michael Hsu speaks about “modernizing the bank regulatory perimeter.” He notes the OCC has seen “fintechs make technical, and questionable, arguments that their products or services fall outside the existing regulatory framework,” and warns against “regulatory arbitrage” in certain BaaS arrangements. He also says regulators should clarify “what is acceptable in a bank-fintech relationship.”
The OCC announces its restructuring of community and midsize bank supervision, including adding fintech supervision specialists and appointing a deputy comptroller with primary responsibility for “novel banks and technology service providers.”
- Read our breakdown here:
The US Consumer Financial Protection Bureau (CFPB) also enters the regulatory fray by announcing it will invoke a little-used authority to supervise fintechs and other nonbank companies determined to pose risks to consumers for potentially unfair, deceptive, or abusive acts or practices, or other acts or practices that potentially violate federal consumer financial law. The CFPB finalized its rule on making these determinations in November 2022.
Various rumors of regulatory crackdowns on banks and BaaS providers emerge with reports of serious compliance issues at some banks and other banks slowing or ceasing onboarding of new fintechs.
- Read our summary of these issues here:
The earlier rumors become real with public disclosure of an agreement between the OCC and Blue Ridge Bank requiring the bank to strengthen its BSA/AML program and oversight of fintech programs, among other corrective actions, and imposing restrictions on the bank’s onboarding of new fintech partners or new activities with current partners.
- Read about the new clarity from this OCC agreement on regulatory expectations for bank-fintech partnerships here:
Acting Comptroller Hsu makes remarks causing more waves in the banking industry, as he notes bank-fintech partnerships are growing at “exponential rates” and compares this trend to safety and soundness concerns from the 2008 financial crisis. He believes that, “this process, if left to its own devices, is likely to accelerate and expand until there is a severe problem or even a crisis.” Hsu also shares the OCC’s plan to “subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to better understand how to manage risks.
The OCC also releases its 2023-2027 Strategic Plan, highlighting its goal to “facilitate community banks’ safe and sound transition to digital banking” and new fintech arrangements.
The OCC announces it will establish an Office of Financial Technology, building on and incorporating its Office of Innovation. As we wrote in our 2023 Financial Crime Predictions, this is a positive indication of the OCC’s intent to invest resources in understanding and making bank-fintech partnerships work.
Additionally, the Wolfsberg Group releases updated Financial Crime Principles for Correspondent Banking, explicitly stating banks may extend the third-party risk management principles to “Non-Bank Financial Institutions (NBFIs) and Payment Service Providers (PSPs), including but not limited to, Money Services Businesses (MSBs) / Money or Value Transfer Services (MVTS), financial technology companies (FinTechs), Virtual Asset Service Providers (VASPs) and new payment method (NPM) companies.”
The US Treasury Department releases its report “Assessing the Impact of New Entrant Non-bank Firms on Competition in Consumer Finance Markets” recommending that US federal banking regulators implement a clear and consistent supervisory framework for bank-fintech relationships, including finalizing the July 2021 proposed interagency guidance on third-party risk management and suggesting language for banks’ oversight provisions in contracts with fintechs.
Acting Comptroller Hsu pens an article re-iterating the need to modernize the bank regulatory perimeter and calling for more coordination across regulatory agencies to reduce regulatory arbitrage.
US Senate Banking Committee Chairman Sherrod Brown introduces the “Close the Shadow Banking Loophole Act” to level the regulatory playing field for retail and tech companies seeking to offer banking services through state-chartered industrial loan companies (ILCs). This came on the heels of Elon Musk’s indication of plans to integrate payments into Twitter.
Should we add anything to this page? Let us know on our Twitter or LinkedIn!
Get in touch today if you want to stay ahead of regulatory scrutiny and build market-leading financial crime compliance capabilities for your fintech programs.