In recent months, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corp. (FDIC) have issued a number of consent orders involving banks that participate in banking-as-a-service (BaaS).
This marks a crucial inflection point for fintech, which aims to expand financial access by distributing tailored banking products (e.g., bank accounts, credit cards) through apps and websites people already use. Today, embedded financial products are helping millions of small businesses and individuals get paid faster, obtain better financing terms, and take control of their money.
Some in the industry have interpreted the recent consent orders as the beginning of the end for fintech. They think regulators are telling banks to stop allowing their financial products to be distributed via tech companies like Uber and Shopify.
But I’ve been an operator in the industry long enough to believe that the opposite is true. In the past, when regulators have issued consent orders involving banks that are exploring new ways to offer financial services, those consent orders have typically been the first steps in a long march to regulatory clarity and normalization.
History Suggests Today’s Regulatory Action is the End of the Beginning
To interpret the current raft of consent orders involving fintech banks, we need look no further than The Bancorp, Inc., and MetaBank (now called Pathward).
These banks pioneered the idea of in partnering with tech companies to offer prepaid cards, which function like gift cards. Customers can buy cards with money loaded onto them and spend up to the prepaid amount.
Back in 2010, prepaid cards were new. Regulators hadn’t issued explicit guidance about how to offer them. So banks like Bancorp and MetaBank had to interpret existing regulatory frameworks and apply them to these new products. They did their best to offer prepaid cards in a way that was safe for end-customers and compliant with relevant laws.
In July 2011, the OCC issued a consent order against MetaBank regarding its prepaid card programs. In June 2014, the FDIC did the same for Bancorp.
The consent orders cited possible violations regarding BSA/AML, marketing disclosures and third-party risk management. Interestingly, these are some of the very same things cited in the current raft of consent orders involving fintech banks.
Read more: Hoodies and Suits: Can Banks and Fintechs Learn to Speak the Same Language?
Long and Winding Road to Normalization
At the time, many in the industry said it was the end of prepaid cards — that regulators couldn’t get comfortable with this new way of distributing financial services. But it wasn’t true then, and it probably isn’t true now. On the contrary, regulators were busy learning about prepaid cards, understanding how customers use them, and figuring out the best way to regulate them.
The process came to fruition on Oct. 5, 2016, when the Consumer Financial Protection Bureau (CFPB) issued the “Prepaid Rule,” which created comprehensive consumer protections for prepaid financial products.
Meanwhile, Bancorp and MetaBank (rebranded as Pathward in 2022) have thrived.
Today, both are leaders in the prepaid card space, which has helped to drive their impressive growth. In response to the consent orders, both banks invested heavily in improving their compliance and oversight programs. The OCC lifted its consent order against MetaBank in 2014, and the FDIC lifted its consent order against Bancorp in 2020.
Read more: Some Top Fintechs Value This Function as Much as They Do Innovators and Engineers
What BaaS Players Can Learn from the Prepaid Consent Orders
At a moment like this, it’s helpful to remember why fintech exists. The reason banks and tech companies are partnering to build innovative financial products is that customers need them.
As we’ve heard again and again, businesses and consumers are not well-served by many existing solutions, and they’re eager for an alternative. For example, according to research Unit conducted with The Harris Poll, nearly two thirds of American small businesses say they can’t get the financing they need. A similar number say it takes too long for them to get paid. Banking-as-a-service solves these problems, helping small businesses take control of their cash flow and access the funds they need to grow.
So what can today’s banks learn from the example of Bancorp and MetaBank?
1. Choose the right partners. The best way to mitigate the risk inherent in these new ways of distributing your financial products is to choose program partners and infrastructure providers whose core values, risk appetite and operational excellence match your own.
2. Prioritize compliance and oversight. As in the case of prepaid cards, regulators are keen to ensure that bad actors aren’t taking advantage of new channels as a way to do things like launder money or finance terrorism. Make sure you’ve got the people, technology and processes necessary to effectively oversee your embedded finance partners.
3. Stay the course. Increasing access to financial services for businesses and consumers who badly need them is a goal that regulators share. They, too, want to increase financial access and ensure that these essential banking products are made available to the widest possible audience. The key is to ensure that we’re doing it safely.
No one can say with certainty how the current volley of fintech consent orders will be resolved. However, we can look to numerous historical precedents: not just prepaid cards, but things like earned wage access, Buy Now, Pay Later (BNPL) — even ATMs.
In those instances, regulatory enforcement actions were the first step in a long march to clarity and normalization for the industry. By working closely with regulators and program partners, banks like Bancorp and MetaBank were able to achieve a positive outcome — and I believe the same will be true for fintech and BaaS.
About the Author
Amanda Swoverland is chief compliance officer at Unit. Opinions expressed in viewpoint articles of those of the author and not necessarily those of The Financial Brand.