WASHINGTON, D.C. – Former Federal Deposit Insurance Corp. Chair Jelena McWilliams said she has concerns with the new third-party guidance bank regulators released over the summer, saying she fears the updated text will have a chilling effect on bank-fintech partnerships.

“I think the message is clear. I don’t think that the current set of regulators really want banking-as-a-service and third-party partnerships to blossom,” she said during a fireside chat at the American Fintech Council’s Policy Summit in Washington, D.C. on Tuesday. “They can’t specifically prohibit [third-party partnerships]. And I think they're trying to make it more difficult for banks to engage in those partnerships.”

Regulators, including the FDIC, the Office of the Comptroller of the Currency and the Federal Reserve in June issued long-awaited guidance on how financial institutions should approach third-party relationships, such as tie-ups with fintech firms. 

That guidance, however, doesn’t give banks enough information and clarity regarding the parameters around third-party partnerships, said McWilliams, who stepped down from her role at the FDIC at the end of 2021 and is now a partner at Cravath, Swaine & Moore.

“When you read the guidance, it says a lot, but it doesn't say anything to really help you understand, if I cross the line, where is that line?” she said. “The truth of the matter is, banks need to know how to comply. And if you don't give them the road lines, painted in the lanes, they actually will be hesitant to engage in partnerships. … As a former general counsel, I think I would be taken aback having to explain that to my C-suite.”

When the guidance was introduced in June, it received pushback from Fed Governor Michelle Bowman, the only Fed member to oppose the finalization of the document. 

Bowman also took issue with what she called a lack of clarity, specifically for smaller institutions. 

“Although this guidance suggests that a sound third-party risk management framework should be appropriately tailored to a bank’s level of risk, complexity, and size, it does not provide the necessary clarity or supplemental tools to facilitate small bank implementation,” she wrote.

The lack of clarity around the guidance could cause some banks to refrain from entering into partnerships with fintechs or from pursuing BaaS, a business model some smaller community banks have adopted in order to stay viable, McWilliams said. 

“If you don't know how to do it, you don't do it, and that's what I'm afraid is going to be the chilling effect of the guidance,” she said.

Consent orders

McWilliams also shared her thoughts on the latest consent orders regulators have doled out to several large BaaS players in the past year-and-a-half.

The Office of the Comptroller of the Currency last year ordered Blue Ridge Bank to improve its oversight of third-party fintech partnerships. The bank was also told to bolster its anti-money laundering risk management and suspicious activity reporting and information technology controls after the regulator “found unsafe or unsound practice(s),” according to an Securities and Exchange Commission filing indicated.

Under the order, the Charlottesville, Virginia-based lender must obtain the OCC’s non-objection before entering into any new contracts with fintech partners or adding new products in cooperation with existing partners.

Cross River, another BaaS-focused firm based in Fort Lee, New Jersey, was hit with its own enforcement action by the FDIC earlier this year.

The bank engaged in “unsafe and unsound” practices related to fair lending laws and regulations, the FDIC claimed. 

The bank, which neither admitted nor denied the charges, is not allowed to enter into any new partnerships with third parties or offer new credit products without the FDIC’s approval, according to the order. 

“The message that is being sent by this is that, your every step is being watched and it's not going to take a lot to get dinged on [Bank Secrecy Act] and AML,” McWilliams said regarding regulators’ recent enforcement activity. “And by the way, most banks have BSA and AML issues, not because they don't have good compliance and risk management programs, but because it is hard.”

McWilliams expressed empathy for banks trying to balance compliance and risk management programs with efforts to serve unbanked and underbanked consumers, saying it can be difficult to onboard consumers who lack extensive financial histories.

“The risk of onboarding that customer is even higher. But if they're not being served, then the very premise of what we're trying to achieve in the United States, which is to bridge the income gap and the wealth gap, is not going to be fulfilled,” she said. “I do think it's a little bit odd that some people who profess to be in favor of financial inclusion in low- and moderate-income communities are really making it hard for those communities to be onboarded to banks and not creating on the regulatory side, some programs that would help banks and fintechs onboard those consumers.”