Fintechs and their partner banks are keen to hold the industry to high standards of regulatory compliance in the interests of everyone's reputation.
Following the collapse of banking middleware vendor Synapse, fintechs, banks and regulators are unanimously calling for greater transparency into customer deposit accounts.
Although the
Post-Synapse, fingers are pointing at banks that partner with fintechs, stressing the need for greater bank supervision of all aspects of fintech-enabled financial products, including deposit insurance, accurate customer recordkeeping, and technological and financial soundness.
Banks partnering with fintechs hold the ultimate liability for customer accounts, even though contractually they share this responsibility with fintechs, said Ian P. Moloney, senior vice president, head of policy and regulatory affairs at the American Fintech Council, or AFC.
Celent principal analyst Alenka Grealish sees a new equilibrium emerging in the banking-as-a-service, or BaaS, landscape post-Synapse, based on strong responsibility sharing between partner banks and fintechs; subject matter experts at both banks and fintechs in areas such as bank compliance, policy compilation and system integration; and a careful, phased approach.
The fintech industry is taking steps to improve customer protection. In October, an industry-led organization, the Coalition for Financial Ecosystem Standards, was launched to develop compliance and safety standards for nonbank financial companies. CFES, whose members include Stripe, Block and Mercury, seeks clarity on compliance and risk management practices.
The AFC's Moloney is currently seeing due diligence occurring throughout the industry with fintechs who previously were not as diligent becoming a lot more careful. "They're engaging in what responsible fintechs were already doing such as proper suitability analysis and holistic, qualitative and quantitative risk assessment," he said.
BaaS vendor Treasury Prime has strengthened its contingency plans post-Synapse. It has also seen its bank customers become much more selective about which fintechs they work with, putting them through robust due diligence programs covering their finances as well as operations.
"A common theme we see in all our bank partners who've been successful is that there is investment at every level, not just in dollar terms but also in the number of people, along with buy-in from the innovation and compliance teams," said Sheetal Parikh, Treasury Prime's general counsel and chief compliance officer.
Treasury Prime links banks with fintechs, but fully integrates its ledger with its client banks' core banking systems, according to Parikh. "This means banks have full-time visibility through a dashboard and real-time reconciliation on every transaction through our ledger, as it's happening on their core, and the ledger isn't necessarily outside their systems," she said.
"We hold our API's underlying code in code escrow, so in the worst-case scenario, where we cease to exist, our banks would still have access to our database and could continue using our API," said Parikh. "Some of our banks were beneficiaries to our code escrow prior to Synapse's collapse, and since then many other of our banks have requested access to it, upon a triggering event."
Treasury Prime's contracts with its clients often stipulate that, in the event of its running out of funds, it would help them run their own version of the Treasury Prime database, Parikh said.
Going forward, Parikh sees banks acting as internal regulators for their fintech partners, and proactively engaging with regulators before entering a partnership.
Nonbank providers of deposit accounts have also been speaking up about best practices in linking directly to partner banks, two examples being Chime Financial and Revolut US.
"Certain types of intermediaries can add risk to the fintech-partner bank pipeline, and, because of this, Revolut US operates with a more direct and secure framework," a Revolut US spokesperson said. "We manage customer balance reporting directly with our partners on a daily basis, ensuring the cash available at each institution always aligns with our own ledger."
Chime said in a response to the Federal Deposit Insurance Corp., the Federal Reserve and the Office of the Comptroller of the Currency's July 2024 request for information on banking-fintech relationships that it designed its relationships with partner banks to protect Chime's customers even in adverse circumstances.
"Not only does each of our partner banks have complete access to the relevant ledger, they also each have full visibility into Chime's financial performance, enabling them to plan for and anticipate potential disruptions," Chime said. "Consequently, our members would be protected in the event of an operational disruption."
Historically, banking regulators have been empowered to monitor core banking service providers such as Fiserv, although they rarely exercise this power. But Zedrick Applin, head of regulatory compliance at issuer-processor Thredd, and himself a former OCC national bank examiner, expects greater enforcement of existing regulations as well as new regulations focusing on technology providers and addressing gaps in existing banking regulations.
The FDIC is keen to ensure accurate and timely deposit insurance determinations for fintech customers. In September 2024, it proposed a rule to enhance recordkeeping requirements for banks that partner with fintechs to hold customer funds in a single pooled "for the benefit of" deposit account.
FDIC-insured banks holding custodial accounts would have to maintain accurate granular information on each individual account holder, be able to determine the individual owners of funds, and reconcile the account for each owner daily.
The FDIC also wants oversight authority over third-party critical service providers to banks, just as it has for core banking service providers.
Don Apgar, director, merchant payments at Javelin Strategy & Research, noted that there has been a rash of FDIC consent orders against banks, including
"Synapse's collapse forced regulators to look more closely at banks with fintech partners," Apgar said. "The regulatory enforcement is around areas such as inadequate recordkeeping, due diligence and compliance as well as AML and KYC. The federal regulators are asking banks with fintech relationships to show them where they hold customer deposits and their compliance programs, and are telling them they can't offload their responsibilities to the fintechs."
