Regulators issue joint warning on bank-fintech risks

Federal Reserve, FDIC, OCC
In a joint statement, the Federal Deposit Insurance Corp., the Federal Reserve Board and the Office of the Comptroller of the Currency warned that end users could "reasonably" mistake certain "nonbank third parties" for FDIC-insured banks.
Bloomberg

WASHINGTON — Federal banking regulators issued a joint warning Thursday on — and a request for information about —  the potential risks of bank-fintech partnerships.

The joint statement — issued by the Federal Deposit Insurance Corp., the Federal Reserve Board and the Office of the Comptroller of the Currency — warned banks of risks associated with relying on third parties, particularly for deposit-related services.

"A bank's use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations," the statement notes.

The joint statement notes that banks sometimes "rely on one or multiple third parties to maintain the deposit and transaction system of record," "process payments," "perform regulatory compliance functions," "perform customer service," and more.

The regulators suggested that banks thoroughly vet third-party partners for reliability and establish clear contracts that lay out the roles and responsibilities of each party. They also suggested that banks conduct ongoing monitoring of the management information systems used by third parties and have contingency plans handy in case of operational disruptions.

While the statement provides a roadmap for how banks could manage risks, it does not alter existing regulations or supervisory expectations. The statement noted that relying on third parties to manage crucial operations — including deposits — can generally weaken banks' oversight over such functions and hinder their ability to monitor risk.

Fragmented record-keeping across third parties could muddy banks' understanding of outstanding obligations and delay depositors' access to funds. The agencies also highlighted concerns about outsourcing compliance functions and the risk of noncompliance with consumer-protection obligations.

In addition, the statement cited the potential that unclear third-party relationships could mislead consumers about the extent to which their funds are covered by FDIC deposit insurance, which generally does not apply to nonbanks. 

"Some nonbank third parties could be reasonably mistaken for an insured depository institution by end users, particularly when they refer to FDIC deposit insurance in marketing and other public-facing materials," the statement noted.

"End users may not be aware that access to their funds may depend on the third party and that deposit insurance does not protect against losses resulting from the failure of the third party."

Regulators have been working to better understand bank-fintech partnerships particularly in the wake of middleware provider Synapse Financial's bankruptcy in April. 

That situation  left tens of millions of dollars in consumer deposits frozen. It has also led to more  regulatory scrutiny of banks in similar partnerships. The Federal Reserve in June issued a cease-and-desist order against Synapse partner Evolve Bank related to gaps in its anti-money-laundering, risk management and consumer protection programs.

Just weeks ago, FDIC board members Jonathan McKernan and Rohit Chopra, who is also director of the Consumer Financial Protection Bureau, suggested that regulators consider issuing more specific third-party risk guidance.

Thursday's release provides some guidance for banks but tracks closely with existing agency policies. The banking agencies are also seeking information from the public and interested parties regarding the risks involved in bank-fintech partnerships.

Fed Governor Michelle Bowman said Thursday that she approves of the effort to collect information, given the risks that third-party relationships can pose to consumers and the financial system.

"We have seen that these relationships can pose significant risks to banks and their customers, including retail deposit customers who reasonably expect that their deposits will be insured and that their banking services provider will comply with all applicable laws, including consumer protection laws," she said in prepared remarks. "It is important for the agencies to fully understand the range of practices and different bank-fintech arrangements in the industry before issuing further guidance."

But Bowman, a former banker, also said that she generally remains skeptical of any effort to impose new regulations on banks in connection with these partnerships. 

"I remain concerned about both the risk of pushing out innovation from the regulated banking system and the sheer volume of new guidance and rules for banks of all sizes," she said. "My hope is that this RFI and the process that follows will not lead to duplicative or contradictory guidance, or unnecessarily restrict innovation in the banking system."

For reprint and licensing requests for this article, click here.
Fintech Regulation and compliance Risk management
MORE FROM NATIONAL MORTGAGE NEWS