Acting Comptroller Hsu weighs in on nonbank, fintech roles in banking

Valerie Plesch/Bloomberg

WASHINGTON — Acting Comptroller Michael Hsu is raising concerns with the growing disintermediation of banking services as firms partner with entities outside of the purview of regulators.

"Banking is no longer done by just banks," he said Tuesday in an interview at DC Fintech Week. "Increasingly, it's going to be banks, working with nonbanks ... and that's really important for us as regulators because our mission is to ensure that the banking system [and] banking services are safe, sound and fair. So we need to make sure that those relationships are in service of that particular mission."

The Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp. and the Federal Reserve recently issued guidance on third-party risk management. It directs banks to monitor diligently any risks associated with consultants, payment processors or other nonbanks.

Hsu characterized the growing reliance on fintechs as a sort of banking service "supply chain," since often many collaborators use third-party services themselves. 

He said regulators are eyeing the risks associated with such linkages because the 2008 financial crisis showed that such partnerships can diffuse compliance responsibility and accountability across various, often less-regulated links in the chain.

"The lending activities that banks were doing [pre-2008] got disintermediated by securities firms, securitization, asset managers, mortgage originators — a whole bunch of nonbanks that basically chopped it up into a bunch of pieces and created, essentially, what was essentially a supply chain, and it broke," he noted. "It actually didn't achieve the efficiencies and the resilience; it created a bunch of opacity that was very fragile and brittle."

Hsu said regulators have a variety of tools for regulating third-party relationships, but the increasing complexity of such partnerships could warrant more authority, which would require congressional approval.

"We do have authorities under the Bank Services Company Act to look at providers to the bank almost as an extension of the banking service. … That's good, we utilize those, and I don't think those have to be revisited at this time," he said. "To the extent that the ecosystem gets more complicated and you have kind of more complicated chains, more complicated arrangements, re-bundling of banking outside of the banking regulatory perimeter, that may require some more authorities." 

Hsu on banking-as-a-service

Another area of policy he said regulators believe requires more attention is banking-as-a-service, when tech companies partner with banks to provide their customers the banks' financial products.

Hsu said some of these arrangements can offer positive efficiencies and meet customer needs, but that other more intricate relationships are concerning to regulators.

"Some of them are really complicated, where you have this kind of vicious cycle between rapid growth and a diffusion of responsibility and accountability and it's essentially a big regulatory arbitrage," he said. "We don't want to paint with a broad brush; we want to really dive into that [and] make sure we can figure out where that line is between good and bad."

OCC's Hsu says bank interest in crypto has 'receded' since FTX

Basel endgame

When asked about the lingering potential for more bank failures, as happened earlier this year, he said not to worry now about another failure for the short term and that regulations the agencies have announced in the wake of the failures this year will shore up identified weaknesses.

Hsu pushed back on banking industry complaints about U.S. efforts to conform with the new Basel III international capital standards. He noted that regulatory standards like capital — the increased costs of which banks have balked at in recent months — stabilize the system over the long term and therefore promote stability, which is good for banks and consumers alike.

"I think of [capital regulation] like building codes. … The building codes don't tell you what building to build. They don't tell you how to design those things. But their specifications say if you build to these specs, that building will stand," Hsu said. "It will stand in good weather and bad weather, through stresses, through shocks. You don't have to worry about it. You can walk into this building and be assured."

He also stressed the need to carefully consider how to craft regulations that are durable and do not need to be rewritten every time a novel crisis rears its head.

"[We want to] make sure that [we] provide that assurance to folks that these [standards] are gonna be good and they're gonna be good for time so we don't have to constantly revisit these things every time there's a hiccup," he said. "Hiccups are part of life that should be just part of the normal course of what we do."

Tokenization overtakes crypto

Hsu also indicated, as he had previously this year, that he is seeing a continued decline in interest from banks in public-blockchain-facilitated cryptocurrency and simultaneously an uptick in interest in using the underlying technology to make settlement more efficient — often referred to as tokenization.

"When I talk to folks, there's increasing interest in tokenization because it solves a problem and less and less interest in crypto," he said. "There's so many problems with [crypto], it's hard to comply with [the Bank Secrecy Act] and other laws, whereas tokenization, if done right, that holds a lot of promise." 

The OCC has announced it will explore the potential for the tokenization of real-world assets, "with a particular focus on the foundations needed to ensure responsible innovation," at a symposium on Feb. 8 at its headquarters in Washington.

Hsu said that part of the reason crypto is incompatible with the kinds of anti-money-laundering standards the bank regulators are tasked with upholding is that many of the tokens trade on public permissionless blockchains which conceal the identity of the many participants. 

"There's the public ledger, you get the wallet address, [but] you don't know who that is, [and] that's the fundamental problem," he said. "[Whereas] a lot of the tokenization efforts that I've seen are private. … You know exactly who you're dealing with, and you can apply all the [know-your-customer reviews]."