On July 25, federal regulators issued a joint statement to further put banking organizations on notice of the inherent risks of collaborating with fintechs in offering deposit products and services. This guidance aims to ensure the stability and integrity of the banking-as-a-service (“BaaS”) business model.
The Federal Reserve, Federal Deposit Insurance Corp., and Office of the Comptroller of the Currency (collectively, the “agencies”) jointly announced their concerns and also published a request for information (“RFI”) in the Federal Register with a 60-day comment period, which seeks information and comment on fintech arrangements, including associated risk management practices and implications. The RFI highlights the agencies’ commitment to understanding and possibly refining the framework governing these collaborations.
Notably, the agencies clarified that their intention is not to stifle innovation or deter banks from engaging with BaaS providers. Instead, they emphasized the importance of pursuing these partnerships responsibly, “in a manner consistent with safe and sound banking practices, and with applicable laws and regulations,” and adding that BaaS arrangements “can provide benefits.”
The guidance specifically focused on risks related to deposit-related arrangements (partnerships where a bank is providing deposit account functionality to a fintech’s customer base), such as dependency on third-party vendors, lack of access to crucial deposit records, and inadequate oversight of a partner’s consumer protection practices. The guidance underscores the risks associated with the potentially rapid growth a bank may experience when it starts managing third-party deposits.
The agencies explained that a bank’s “use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations,” and provided a detailed list of best practices to help banking organizations manage the risks associated with BaaS arrangements. Key among these is the necessity for effective board and senior management oversight to align a bank’s risk management practices with the “complexity, risk, size, and nature of the activity and relationship, both when the relationship commences and as it evolves over time.”
Putting it into Practice: The bank-fintech partnership model has gained momentum in recent years, fueling the growth of numerous banking apps, online loan platforms, and other digital financial services. However, the model is not without its challenges, especially concerning compliance and risk management. The recent bankruptcy of a California-based BaaS provider brought these issues to the forefront. Theagencies’ joint statement and RFI underscores their growing concern that banks lack proper oversight over their fintech partners. Federal regulators have been highly proactive in addressing the risks associated with BaaS arrangements, particularly through the issuance of guidance and enforcement efforts. Banks with current or prospective BaaS arrangements should ensure that their risk management practices are up to the standards set forth in the joint statement to ensure compliance and mitigate risk, and also monitor comments to the RFI to anticipate any enhancements to the existing supervisory guidance.