On July 24, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (collectively, the Banking Regulators)¹ jointly released the following materials related to bank fintech arrangements:² (1) a statement that is intended to summarize findings by the Banking Regulators to date with respect to such arrangements (the Statement), and (2) a request for additional public information on bank-fintech arrangements involving banking products and services offered to consumers and commercial customers (the Request).

Background

By way of quick background, certain state-chartered and national banks have entered into contractual arrangements with loan or deposit account "finders" (usually defined as "program managers" in the underlying contractual documents) that typically: (A) "find" potential customers (consumers or commercial entities, as applicable) to which applications for such financial product or service can be offered; (B) assist the offering bank in handling application, know-your-customer, and ongoing servicing obligations in connection with applicants who are approved for such products; and (C) buy a partial or full interest in the underlying customer obligation from the bank in the form of a loan participation or whole loan purchase.³ The bases underlying these types of relationships are not new as "cobranded" arrangements in the credit card issuance context have been around for decades.⁴

Products offered through bank-fintech relationships include home equity loans, consumer loans (both installment and open-end products like lines of credit and credit cards), and smaller business loans.⁵ Typically, such programs are "branded" with the fintech's logo and other advertising material with disclosures related to the bank's role in the offering of the product provided in the customer solicitations and clearly disclosed in the underlying product documentation.⁶

From a "business use case" assessment, these programs accomplish two things: (1) they allow the insured depository institution offering the product to diversify its product and customer base while generating interest and other fees related to such products; and (2) they provide the opportunity for fintechs to use their customer acquisition and credit modeling experience to contract with a bank that has the ability to offer its products nationally.⁷

Within the last 24 months, the Banking Regulators have published statements regarding the applicable agency's position on these arrangements⁸ as well as a variety of consent orders and other regulatory actions against banks involved in fintech partnerships (collectively, the Orders).⁹ Typically, the terms of the Orders have required remedial efforts related to third-party risk management controls; in addition, many Orders require an evaluation of third-party fintech providers. For example, in the Evolve Bank and Trust order, the Federal Reserve and the ASBD have imposed the following requirement upon the bank and its holding company:

Effective immediately, the Bank shall not without the prior written approval of the Supervisors: (i) establish any new fintech partners, subsidiaries, business lines, products, programs, services, or program managers related to the Bank's Open Banking Division [OBD], or (ii) offer new products, programs, or services to an existing fintech partner, program manager, or subsidiary of OBD.

Request for Information

The Statement identifies (without specific identification of the parties involved) various types of issues that have been identified by the Banking Regulators to date with respect to such fintech arrangements. Broken out into specific subject areas, the Statement sets forth examples related to operational and compliance matters, growth, and end-user confusion and misrepresentation of deposit insurance coverage. Instructively, the Statement also identifies certain practices that the Banking Regulators believe adequately address the risks inherent in fintech programs, including conducting appropriate diligence on the potential fintech partner and its principals as well as developing a working understanding of the underlying management information systems that will be involved in the delivery of the cobranded banking products. These "guideposts" are helpful for insured depository institutions that are either currently involved in or considering entering into a fintech arrangement.

Concurrently with the issuance of the Statement, the Banking Regulators released the Request seeking information from the public and "stakeholders" regarding these programs. In particular, the Banking Agencies seek "perspectives relevant to the implications of such arrangements, including for banks' risk management, safety and soundness, and compliance with applicable laws and regulations." The Banking Regulators seek specific comment with respect to the use and function of intermediaries involved in the offering of the bank products and trends and financial stability.

Why It Matters

While not prescriptive,¹⁰ the issuance of the Request and Statement are not surprising given the expansion of bank-fintech partnerships and recent news stories related to the collapse of a fintech partner that resulted in the freezing of customer accounts.¹¹ Both banks that enter into fintech arrangements and program managers should use this period, prior to the adoption of formal guidance or other regulatory requirements, to determine whether their programs contain any elements that could potentially create regulatory "friction" when reviewed by the applicable federal banking regulator. For example, one order requires the applicable bank to screen various fintech partners for various attributes, including the performance of a written "quantified analysis of how the proposed [fintech relationship] is expected to impact the [applicable bank's] financial measures including asset totals, capital ratios, earnings, liquidity, and sensitivity to market risk."¹²

Further, in connection with fintech programs that include a "for benefit of" account component where depositors' funds are held on an aggregated basis for which the fintech's books and records are intended to create the basis for each customer's funds ownership in the event a receiver is appointed for the underlying bank, those programs are strongly encouraged to ensure that all bank regulatory requirements related to such programs have been reviewed and assessed for compliance. As noted in the Statement, the Banking Regulators have identified instances where there is a "potential lack of sufficient access by a bank to the deposit and transaction system of record and other crucial information and data maintained by the third party can impair the bank's ability to determine its deposit obligations. In some circumstances, such uncertainty can lead to delays in end-users' access to their deposits, which in turn can expose the bank to additional legal and compliance risks."