Skip to main content
close search
site logo

Did regulators send warning shot at already roiled BaaS space?

It’s clear the Synapse debacle was on regulators’ minds when they issued last week’s statement highlighting risks associated with banks’ third-party partnerships, analysts said.

Published July 31, 2024
Caitlin Mullen's headshot
Reporter
Michael Barr, the Federal Reserve's vice chair for supervision, speaks during a congressional hearing, while sitting next to Martin Gruenberg, chair of the FDIC and Michael Hsu, acting comptroller of the currency
Federal Reserve Board Vice Chair for Supervision Michael Barr, Federal Deposit Insurance Corporation Chair Martin Gruenberg and Acting Comptroller of the Currency Michael Hsu testify during a Congressional hearing last year. Kevin Dietsch / Staff via Getty Images

Federal banking agencies’ recent statement on bank-fintech ties points to more change on the horizon, which could lead to a rulemaking, greater engagement between regulators and non-banks, or an even smaller roster of lenders in the banking-as-a-service space, analysts say.

The Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency issued a joint statement July 25 outlining risks that may be heightened when banks deliver deposit products and services through a third party, such as risks related to compliance, liquidity and “end user confusion.”  

“A bank’s use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations,” the statement advised. It underscored that banks need to prioritize rigorous due diligence and monitoring when forging such ties.

The agencies also issued a request for information, seeking input on bank-fintech partnership arrangements.

Underscoring risk management  

Both reaffirmed regulators’ heightened focus on BaaS and third-party risk. The key messages of the statement and RFI aren’t new, but “the emphasis is,” noted Michele Alt, a partner at consulting firm Klaros Group.

“Banks and their third parties should be reading this very carefully,” Alt said.

It isn’t novel for banks to work with third parties for some activities, but regulators “have observed an evolution and expansion ... to include more complex arrangements” that rely on third parties to deliver deposit products and services, according to the statement. Banks tap third parties for various reasons, including to perform compliance or customer service functions, provide consumer-facing technology applications or handle dispute resolution functions.

Some of those situations can carry greater risk, including if operations are fragmented or banks lack access to records; growth outpaces operational capabilities; or misleading statements are made related to FDIC insurance, the statement noted.

Banks engaged in third-party partnerships are encouraged to develop risk assessments to consider risks unique to each arrangement; conduct and document due diligence “of sufficient scope and depth” on the reliability of third-parties the bank might partner with; and draw up contingency plans for account transfers in the event of a third party’s failure or bankruptcy, among other suggestions. 

Synapse influence

It’s clear the Synapse debacle was on regulators’ minds, based on mentions of risk associated with rapid growth, lack of access to records and potentially inaccurate FDIC insurance coverage information, analysts said.

Middleware provider Synapse, which served as the link between consumer-facing fintechs such as Yotta and Juno and the banks that actually held customers’ money, filed for bankruptcy in April. 

Thousands of customers have been locked out of accounts with banks that partner with Synapse, and affected customers haven’t been given a clear timeline for restored access to their funds. A potential shortfall of $65 to $96 million has been identified, between what consumers are owed and the funds held on their behalf by Synapse partner banks. 

That has highlighted a need for clearer guidance related to bank-fintech relationships, regulatory officials have suggested. FDIC board member Jonathan McKernan this month said existing third-party guidance leaves room for more activity-specific advice. 

With their latest statement, the agencies are signaling that BaaS activities can require additional capital, Alt said, so it’s crucial banks ensure they have adequate liquidity and capital available. She added that she wouldn’t be surprised to see future enforcement actions take aim at inaccurate or misleading information regarding FDIC deposit insurance coverage. 

‘Nested risk’

Some saw the statement as further evidence that regulators have taken a negative view of bank-fintech partnerships. 

“What bank will be willing to enter the business after reading this ‘reminder’?” Matthew Bisanz, a financial regulatory partner at Mayer Brown, said in a LinkedIn post last week. “Sort of like a reminder that it is totally safe to work in a nuclear reactor if you wear a dosimeter, keep your radiation suit on, and can run very fast when the alarm goes off.”

To Alexandra Steinberg Barrage, a partner at law firm Troutman Pepper, regulators are emphasizing that there are a number of risks involved, “and it's not just what you see. It's also the nested risk issue. It's what you don't see.”

Banks now need “due diligence on steroids” if they want to engage in these partnerships, she said. Regulators appear to be underscoring that “unless you're a bank that's able to invest in what you need to do to appropriately risk manage these relationships, you're going to have issues,” she said.

The banking agencies understand how impactful these partnerships can be for banks engaging in them, but knowing more and earlier is paramount, she said.

Ultimately, regulators are “frustrated” that they only communicate with their regulated banks, and aren’t engaging directly with the fintechs in those relationships, Barrage said.

Change could be on the horizon in that regard, she said. Bank regulators “want fintechs to have more skin in this game,” Barrage said.

Rule in the offing?

The agencies appear to be using communication and guidance strategies to address BaaS risks in a timely manner, said Alt, an OCC veteran. In that sense, the RFI is “a rulemaking-like document,” she added.

There’s potential for guidance and the examination process to evolve, Barrage said. It’s also “entirely possible we’ll have better exam manuals that are more bespoke to these types of relationships,” she said.

Fed Gov. Michelle Bowman also touched on the possibility of a rulemaking in a statement she made. Bowman appeared wary of further action, expressing concern that the agencies “continue to publish piecemeal guidance and other documents based on an incomplete understanding of current bank-fintech relationships.” 

“While I am supporting the RFI, my support should not be construed as future support for any potential guidance or rulemaking that could result from this RFI,” she said, adding that she encourages the public to weigh in on the tie-ups.

As partnerships and technology change constantly, “regulators are never going to feel like they know enough,” said Barrage, a former FDIC executive. “That’s quite challenging for them.”

Whether a regulation is put forth or not, the costs of being a partner bank are likely to increase, as lenders address mounting supervisory expectations, compliance and risk management needs, and due diligence and record-keeping requirements, Alt said. That may lead to bigger banks dominating and smaller lenders exiting the business.

Room for more

Some analysts said the agencies’ statement left more to be desired, including enhanced guidance. Eric Holmquist, managing principal at consulting firm Capco, said regulators could have gone further to underscore the importance of monitoring third-party relationships and understanding the benefits, costs and risks of entering such arrangements.

“Banks are getting better and better at vetting third parties and asking the right questions, but ... monitoring does not mean, ‘Give us a monthly or quarterly report on performance,’” said Holmquist, who recently served as chief risk officer at Customers Bank. “Monitoring means monitoring.” 

Additionally, the lure of low-cost deposits brought in through these partnerships can be a “siren song” that keeps banks from fully assessing the associated costs and risks, Holmquist said, adding that he thinks regulators should have more meaningfully emphasized that.

There’s an “inherent challenge in the world of change management,” that if you “allow yourself to fall in love with the benefit, then you become somewhat indifferent to the cost and the risk,” he said.

Editors' picks

Company Announcements

View all | Post a press release
Unitus Community Credit Union Deploys JUDI.AI to Scale Small Business Lending
From JUDI.AI
October 31, 2024
Cross Border Payment Solutions Launches to Help Business Take Control of International Finance
From Cross Border Payment Solutions
November 18, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Regulations & Policy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell