Dive Brief:
- Stronger regulatory oversight might slow innovation, but the added guardrails are necessary as bank-fintech partnerships grow more complex and as fintechs tackle more compliance responsibilities, analysts said Tuesday at the Finovate Fall conference in New York City.
- “Many of the enforcement actions that we’ve seen in the last year or two are because those risk management and compliance concerns were not addressed upfront,” Donna Murphy, deputy comptroller for compliance risk policy at the Office of the Comptroller of the Currency, said Tuesday. “That sort of careful and cautious approach to innovation is what we expect from banks. ... Will it be slower than fintech that doesn't have those same considerations? Probably, but that’s OK.”
- Increased attention from U.S. and EU regulators on bank-fintech partnerships would bring new costs and affect “build-versus-buy” considerations, said Yossi Leon, chief technology officer at FIA Tech and an adjunct professor at New York University. “There’s no doubt that [regulation] will slow down innovation, because it’s just more expensive to have compliance in place or to hire the right team to make sure that you’re aligned with the compliance in different regions,” he said. “It’s going to be more expensive to buy because the cost to innovate is higher.”
Dive Insight:
Bank-fintech partnerships have faced increased oversight from regulators over the past year, with the Federal Deposit Insurance Corp., the OCC and Federal Reserve issuing consent orders to banks working with fintechs. In the aftermath of the Synapse bankruptcy case — in which more than 100,000 customers have been locked out of accounts with partner banks amid disputes over the users’ balances — the FDIC plans to issue a proposal requiring banks to maintain ledgers of “for benefit of” accounts opened by third-party fintechs, Bloomberg Law reported last week.
Murphy pushed back on claims the interagency guidance on third-party relationships issued in June 2023 was more prescriptive than previous frameworks laid out by regulators.
“The bank is still responsible for complying with all the laws and regulations,” she said. “The expectations that we have as supervisors are laid out in a fair amount of detail, but they're not prescriptive. It doesn't say ‘This is how you must implement this particular thing.’”
Her remarks appeared to run counter to earlier comments from Jonathan McKernan, an FDIC board member, who said in July that there is room for activity-specific advice under existing guidance.
Murphy said the latest interagency guidance represents a “slight update” from the previous iteration that had been in effect for a decade. The new guidance reflected the evolving complexity of bank-fintech partnerships, she said.
“[Bank-fintech partnership] arrangements are sometimes getting more complex, with a third party not only performing a particular service but also maybe doing compliance,” and that amplifies risks, she said.
Kristin Lee, a partner for investment management at Morgan, Lewis and Bockius LLP, said regulators are asking more questions about how third-party risk determinations are made by banks, along with governance considerations.
Enhanced scrutiny of bank-fintech partnerships may boost the business case for artificial intelligence-based compliance platforms, Leon said.