The bankruptcy of bank-fintech intermediary firm Synapse that resulted in frozen accounts fintech customers can't access — worth an estimated $65 million to $96 million — is prompting some foundational questions about how such partnerships are designed.
The fallout from the Synapse collapse has also captured the attention of regulators. On Thursday, agencies issued a
Across the industry, practitioners are assessing the consequences of the Synapse bankruptcy and lessons fintechs and partner banks should take from the debacle. In July, a
For all participants in such partnerships, it's important to ensure "there's a level of diligence on the part of banks and also on the part of tech companies, knowing who you're working with and then being able to address risks through … having controls built into the technology," said Sheetal Parikh, general counsel and chief compliance officer at Treasury Prime.
Here are the key takeaways from the roundtable:
Proactively assess account reconciliation gaps by bringing data in-house. In the Synapse situation, fintech customers' inability to access funds was caused by a reconciliation problem between the banks and the fintech. The pooling of fintech customers' funds into a single, omnibus "for benefit of," or FBO, account opened up opportunities for reconciliation discrepancies, Parikh argued.
To avoid these issues, it's important for partner banks to bring data — including information about fintech customers' accounts — in-house, panelists said. Banks shouldn't rely on fintech partners to safeguard users' account data; it should be on the bank to have a line of sight on their account data, said Keith Vander Leest, head of payments at Cross River Bank.
"It's become very clear over the last 12 months that the reliance model [for user account management] is not something that any bank should be comfortable with," he said. In an FBO account, "you should have visibility via subledgers to the individual partners' customers." Partner banks should also have the know-your-customer and know-your-business information about the fintechs' customers, instead of relying on the fintech to safeguard it.
Bringing the data in-house is also a foundation for other kinds of controls partner banks can put in place, including anti-money-laundering, or AML, compliance.
"Once you have that proper infrastructure in place — the data headers, essentially — you are able to bring that AML and sanctions effectiveness monitoring in-house," said Sarah Beth Felix, CEO of Palmera Consulting. "It's all one big pot of stew."
Maintain fintech user eligibility for "pass-through" FDIC deposit insurance coverage. Fintech account holders are eligible for "pass-through" FDIC insurance if the underlying bank fails and if other conditions are met. But eligibility depends on banks and fintechs maintaining good records about account holders, including information on who owns the funds.
"These accounts are eligible for FDIC 'pass through' [insurance], but a lot of the requirements of whether that applies has to do with … making sure the account is titled properly, making sure that there's records and ledgering that the insured depository institution has access to," said Parikh.
Acknowledge the investment needed in compliance and fraud mitigation. Partner banks that moved too quickly — those "hungry" to scale — relied too much on partners to meet AML and sanctions risks, said Felix. Instead, institutions need to invest in meeting these responsibilities on their own. For some boards, that might mean acknowledging they may need to temporarily operate at a loss to get compliance in check.
"They have to have somebody on the board with some type of AML, sanctions knowledge. … It's the same drum that each of our federal regulatory agencies are feeding," said Felix.
Financial institutions that entered the space before regulatory oversight intensified need to calculate whether the price of talent, risk planning and technology is worth the return.
Banks also need to avoid reducing their capability to carry out AML and fraud mitigation efforts because of understaffing.
"They're understaffing thinking, 'Oh well, then I'll just bring people in as the volume ticks up,' and while that's good … having one person or having a half full-time employee assigned to this is not doing the bank any good, and it's certainly not going to get easier as criminals really figure this out," said Felix.
Staffing up with Bank Secrecy Act and AML experts should also be a priority for fintechs, said Vander Leest.
Rethink business continuity risks. The concepts of business continuity and disaster recovery, pre-Synapse collapse, were typically associated with natural disasters, but now business continuity plans should incorporate third-party risks, including the problems affecting intermediaries.
"What's changing is we've traditionally looked at [business continuity risks] in context of things like disasters or tornadoes hitting and there being outages," said Parikh. "We're thinking of this in terms of venture backed companies that lose funding. In the aftermath of Synapse … it's going to change the standards of what we deem to be a disaster or a disruption."
While banks should carefully evaluate potential fintech partners, it's also on fintechs to vet prospective bank partners. Fintechs should evaluate potential partner banks by looking at the questions they ask.
"If your bank partner is not asking you, 'What are you doing for AML? Show me what your alerts look like? Show me what your dispositions look like? Show me the resumes of the folks on your AML and sanctions team?' If your banking partners aren't asking you, the fintech, for this stuff, to me, that's a red flag for a fintech to go 'Wait, maybe I need to have a second bank partner,'" Felix said.
