Banks should prepare for increasing regulatory scrutiny of fintech relationships by proactively taking responsibility for their partners' practices, said Arlen Gelbard, general counsel at Cross River Bank.
Gelbard should know.
The consent order can be seen as a blueprint of the FDIC's expectations for financial institutions and their fintech partners, Gelbard said on a panel at the American Fintech Council's Policy Summit on Tuesday. Cross River, which has more than $8 billion in assets, is a powerhouse in the banking-as-a-service (BaaS) sector, offering lending, cards and payments services through partners like Upstart, Affirm and Upgrade.
"Our regulators look at the lending that we do and say, 'They're your loans. You're responsible. Period. Full stop,'" Gelbard said. "I think everybody should look at [the consent order] and say, 'This is the expectation.' Even if it's not what you expected before, wake up."
Gelbard said Cross River's consent order shows the importance of the bank's access to data, even if it's collected and analyzed by fintech partners. If the FDIC requests information, Cross River has to be able to provide it, he added.
Regulatory attention on
Jelena McWilliams, who served as FDIC chairman from 2018 to 2022, said that BaaS is here to stay, but will likely be in "dire straits for the next couple of years." She thinks regulators are trying to limit the growth of bank-fintech partnerships by raising the bar for risk management and compliance.
"The message that is being sent is that 'Your every step is being watched,'" McWilliams said. "And it's not going to take a lot to get dinged on the Bank Secrecy Act and anti-money-laundering."
The former regulator and current lawyer at Cravath, Swaine and Moore said on a panel that the recent guidance doesn't provide enough clarity for banks to feel comfortable partnering with fintechs.
"When you read the guidance, it says a lot, but it doesn't say anything to really help you understand if you crossed the line," she said. "Banks need to know how to comply. And if you don't give them the road lines to stay within the lanes, they will be hesitant to engage in partnerships."
Regulatory scrutiny of bank-fintech partnerships has steadily increased, putting more pressure on companies like Synapse.
Gelbard said looking at consent orders could help banks define specific guide posts for their own compliance. John Beccia, CEO at consulting firm FS Vector, said on the panel with Gelbard that future regulatory guidance will likely come from supervisory activity, so companies should try and glean from consent orders where regulators' boundaries lie.
Jesse Honigberg, who leads products and platforms at Customers Bank, said on a separate panel that banks need to think about the long-term plans for their BaaS business when they're structuring their offering, such as whether they'll build their technology to connect with fintechs in house or
"As we build deeper and more capable tech, regulatory relations and risk and monitoring, I want to make sure that my partner has as much skin in the game as I do," Honigberg said. "Banking-as-a-service is exactly that. You're turning a fintech into a bank. And not just any bank. You're turning them into your bank … you're trusting them to do a lot of really important, complex things, that, if they don't get right, you're on the hook."
