What the Federal Crackdown on Bank+Fintech ‘BaaS’ Partnerships Means

Institutions that want to continue to play in the 'banking as a service' field need to have their risk management and compliance expertise down cold. They will have to own consumer fairness and must regard what their BaaS clients do as impacting directly on how they are perceived by regulators.

If bankers have a sense that Washington is playing catch-up on the banking as a service front, they’re right. And indications are that this is part of a general movement towards greater skepticism about innovation.

A longtime observer of the Washington scene says that in part the bank regulatory pendulum is swinging towards caution after holding back in many ways — a time of the “cowboys” getting roped in. Driving this is concern about consumers not being harmed by innovation’s leading edge.

Another Washington observer, Konrad Alt, Partner at Klaros Group, suggests that Washington is down on big tech firms’ financial activities right now, and that fintech firms are taking some of that heat by association. He points out that by using the “fintech” label, many companies risked association with bigtechs. It was the cool label to carry, but now it also carries reputational baggage.

There may also be an element of turf battle going on, which is hardly unknown among traditional banking regulators. The situation has only grown more confusing as evolution in banking products has blurred the lines between the various financial regulators.

Signs of this broader scrutiny of financial innovation has come in such developments as Consumer Financial Protection Bureau enforcement actions against companies like MoneyLion, FDIC’s efforts to rein in crypto companies’ attempts to use the mantle of deposit insurance and the increasing commentary from Acting Comptroller Michael Hsu about crypto and other forms of innovation. It’s all of a piece.

CFPB telegraphed its intentions back in April 2022 when it asserted ability to examine nonbanks that it considered risky to consumers. “Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to,” said Director Rohit Chopra at the time.

BaaS Under the Spotlight:

Relationships between banks and fintechs are definitely under additional scrutiny, both out of concerns for safety and soundness and consumer protection.

Some BaaS providers have already grown used to much closer and frequent examiner review than institutions of comparable size that don’t engage in banking as a service.

For others, this is a sea change: Competitive, economic and evolutionary pressures have been driving more smaller institutions to at least explore BaaS deals, even if they are just toe-dipping for now. There are considerations they and those already in it must have for the future.

Implications for BaaS of Further Attention from Washington

Alt, a financial industry veteran and a former senior federal regulator and Capitol Hill staffer, thinks the time of the fintech side of BaaS deals being somewhat outside the federal umbrella is coming to a close.

“Either these companies should be regulated like banks and belong in the banking system or they shouldn’t be and they’re properly outside of it,” says Alt. “I think, to some degree, the message to the fintech sector has been mixed so far. ‘You should be regulated like banks, but we don’t want you to be banks.’ It’s clear that that’s not a tenable long-term position for official Washington to maintain.”

During a banking conference panel discussion, Kevin Greenfield, Deputy Comptroller for Operational Risk Policy, revealed some of the perspective developing in this area while talking about “responsible innovation.”

Partnerships are partnerships, but regulators are concerned about the ultimate impact, Greenfield indicated during the annual conference of The Clearing House and the Bank Policy Institute. Even when a banking service is being offered through a fintech using a BaaS deal, in the end it’s still a banking service being provided and thus bank regulators want to regulate it as one, according to Greenfield.

And that’s what banking regulators are responsible for. Greenfield said that regulators are concerned about transparency regarding what is being delivered and who is responsible for aspects of that delivery. Ultimately, he added, the banks involved are responsible for the risks of any services they are providing.

This situation is not lost on the fintech side of BaaS, according to Alt, who has seen more exploration going on around the idea of buying a bank.

Time To Buy A Bank?:

Multiple fintech clients of Klaros Group have decided living in the shadowlands isn't a good way to continue. Partner Konrad Alt says they are exploring acquisitions of banks as a way to step over the border.

Even where they don’t do that, he says, fintechs that persist with a BaaS model won’t want to stick with a single community bank partner, Alt predicts. They can’t put all their chips on one bank that could fall under a regulatory order.

Read More: Does Anyone Really Know What ‘BaaS’ or ‘Embedded Banking’ Is?

What OCC is Looking At in BaaS Arena

The observer quoted at the beginning of this article says the regulators clearly feel innovation got ahead of regulation and supervision over the last five years or so and they are working to remedy that.

Hsu has given signs of this in public pronouncements, but he is stepping things up. Regarding BaaS and other fintech partnerships, in a September 2022 speech, Hsu spoke of the potential for surprises from bank-fintech banking as a service deals and the OCC’s intention to mitigate such risks.

Hsu noted that BaaS is chiefly a matter of interest for smaller banks. The major institutions have never expressed much interest in such partnerships, typically acquiring fintechs instead.

The regulator gave a sense of questions under study, that in part will be used to identity those bank-fintech arrangements that pose certain kinds of safety and soundness risks.

“Who is responsible for what when things break?” said Hsu.

Other questions he posed, all directly quoted from his speech:

  • “How might confidence be lost in a banking services supply chain disruption and what would it take to regain it?”
  • “How do banks and their third parties view and treat customers in bank-fintech arrangements — when do customers go from being the client to becoming the product and how are consumer protections maintained?”
  • “What happens when fintechs fail?”
  • “How are bank and fintech models changing and how are incompatibilities reconciled?”

Hsu indicated that much more is coming, as the OCC continues “expanding our aperture.”

Greenfield made it clear that fundamentals will play a part going forward. Take BaaS-based credit, for example. “Ultimately it’s the chartered financial institution that’s providing that loan,” he said. While credit evaluation may rely on a fintech’s artificial intelligence, he said, the regulated bank would be responsible for any resulting fair-lending law implications, for instance. Taking such responsibility goes hand in hand with having the official authority to offer such services, he added. (House Republicans, including Patrick McHenry, Ranking Member of the House Financial Services Committee, have sent a letter to Acting Comptroller Hsu seeking clarification of OCC policy on BaaS.)

Read More: Why KeyBank Believes ‘Embedded Banking’ Is the Future of the Industry

Business Considerations for Both Sides

Klaros’ Konrad Alt sees key business considerations for both sides of BaaS deals.

On the banking side, he says the clearly renewed public emphasis on institutions being able to handle the risks their partners pose dictates that institutions can’t just try out BaaS casually. Working with partners demands having dedicated compliance and risk management staffs, for example.

Alt says a prudent BaaS effort can’t just pile more work on the bank’s existing employees. This in turn suggests that supporting such a staff commitment means making a whole-hearted push into banking as a service in order to be able to make revenues that will support additional staff muscle.

Can Your Bank Really Hack BaaS?:

Institutions have to ask themselves if they are really managing the risks as well as regulators increasingly make clear they expect.

“It’s not a business you want to get into halfway,” says Alt.

He says there are also business considerations that fintechs involved in BaaS will increasingly worry about. Alt often speaks of fintechs starting as “two guys in a garage” that over time suddenly become very big deals. Such operations may find themselves becoming large players dependent on a single, small BaaS provider. BaaS institutions are typically forward-leaning, innovative institutions, he says, but they are also still mostly smaller companies.

Alt suggests that some fintechs will want to find a larger partner that is more fitting with their new size, which is bad news for the original partner but not illogical. He says that instead of breaking things off completely, fintechs may decide they need to have redundancy, striking partnerships with other BaaS providers so they don’t base their entire operation on a single financial institution and its ongoing health.

Fintech partners don’t necessarily know what discussions are going on between their BaaS banks and the banks’ regulators, especially as such talks are generally considered confidential through much of the process.

For the fintechs, “it begins to feel a little hair-raising,” says Alt. Hence the interest of some in buying a bank of their own, and others in potentially selling themselves to a bank.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.