As compliance officers well know, fintechs and banks already take on a host of legal, regulatory, and business challenges when entering into arrangements with each other. But recent restructuring decisions at the U.S. Office of the Comptroller of the Currency (OCC) are a signal that regulatory scrutiny of bank-fintech partnerships is further intensifying. For compliance officers, make sure you are ready for the changes likely to result from the OCC’s restructuring!
What are the restructuring changes at the OCC?
The OCC, which regulates U.S. national banks, is restructuring its supervision of small and midsize banks to enable more coordinated and centralized oversight, with particular emphasis on innovations in financial services and new banking business models. The changes, which become effective on October 1, include ramping up oversight and expertise through fintech supervision specialists and appointing a deputy comptroller with primary responsibility for “novel banks and technology service providers.” The OCC is also moving to a six-region supervision model, while aiming to ensure more consistent approaches across regions by its examiners.
Many community and mid-tier banks have actively engaged with fintechs to launch new fintech programs using their charters, as a way to grow their book of value without needing to focus on customer acquisition. Fintechs, in turn, get to enjoy the benefits of a bank’s charter without having to go through the arduous process of becoming a bank. But the expanding range of banking services provided by fintechs has certainly not escaped the notice of regulators.
In November 2021, the OCC’s head made it clear that the agency is alert to safety and soundness risks posed by banks’ relationships with fintechs. Of particular concern are certain BaaS or rent-a-charter arrangements that take advantage of “regulatory arbitrage” due to fintechs falling out of scope of rules and requirements that otherwise apply to banks. In subsequent remarks, the agency head further declared the OCC would need to define more clearly “what is acceptable in a bank-fintech relationship.”
The OCC’s latest restructuring shows the agency is indeed serious about putting bank-fintech relationships to the test through its examination and oversight activities.
What does this mean practically for partner banks and fintechs?
As partner banks continue to expand and scale their fintech programs, what are trends that compliance officers should anticipate?
- Increased Regulatory Scrutiny. Compliance officers can expect more rigorous and detailed examinations on their fintech partnerships and BaaS offerings. What could this look like in practice? Inter-agency guidance issued jointly by the OCC in August 2021 on managing risks in bank-fintech arrangements gives a sense of expectations. It outlines measures that banks should take to carefully evaluate fintechs’ ability to comply with laws and regulations, including financial crime requirements, as one of six key due diligence areas.
- Centralization over Regionalization. As the OCC moves toward a more centralized supervision approach better able to address innovative financial services, testing and examination standards should become more coordinated. Banks partnering with fintechs will likely receive more consistent oversight treatment and more specialized examination, regardless of location. Some banks may face increased supervisory expectations as the OCC implements more consistent practices.
On the other side, what should compliance officers at fintechs be prepared for?
- Increased Oversight from Partner Banks. Partner banks will likely request more assurance, oversight, and testing requirements to gain comfort about the effectiveness of your controls. For example, the August 2021 inter-agency guidance noted above suggests that banks request access to fintechs’ records, as well as conduct periodic audits or reviews of fintechs. Be prepared to demonstrate that your compliance framework is operating effectively to your partners.
- Increased OCC Influence. Needless to say, the fintech industry is squarely in the OCC’s focus. Even if a fintech isn’t directly regulated by the OCC, in practice, if the OCC says a fintech poses excessive risks to banks, that fintech may find itself effectively cut off from partnering with banks. You should stay alert for future regulatory updates on expectations for bank-fintech compliance frameworks.
What’s the key takeaway for compliance officers?
The OCC’s restructuring is a key signal to compliance officers of greater regulatory focus on the bank-fintech partnership space. You need to stay abreast of heightened supervisory expectations as the OCC implements these changes. Failing to do so creates not only a risk of supervisory action, but also an unwillingness of other banks or fintechs to partner with you. As a result, it’s essential that you are ready to provide assurance of the effectiveness of your compliance programs and controls to others.