How can we ensure Synapse is the last instance when a middleware banking-as-a-service (BaaS) partnership implodes?
Millions of Americans use neobank accounts to hold their deposits and make payments, making it urgent to find proper fixes. Synapse's failure revealed a system that outsourced responsibility for essential banking components. It violated the trust between banks and their depositors. Simply put, people deposited money in these accounts, but no one wrote down how much money they were owed, accounts were frozen and at risk of being lost.
Banking and regulators alike frequently speak about instilling best practices. That's fine, but the industry should critically self-assess and acknowledge that some banks differentiate themselves by deploying worst practices. Clearly, fintechs have an appetite to work with worst-practices banks. Indeed, the bank at the center of the Synapse crisis had the largest number of fintech partners.
First, prudential regulators must have insight into independent BaaS companies. The Bank Service Company Act gives them the right to examine companies that provide important services to financial institutions.
The correct response will not tailor supervision according to size. Instead, regulators should consider the risk and complexity of activities and connect the dots to bank safety and soundness and consumer protection. There should be a rebuttable presumption that activities involving bank-fintech partnerships are complex. Moreover, skepticism should increase when middleware companies participate. Daily access to ledgers is necessary, and co-mingling is unacceptable, but regulators should go further and get into the weeds. They should review contractual agreements between middleware and third parties and ensure critical account information will not be lost if a middleware company cannot pay its bills. Even the choice of database software could matter if it influences the safety of depositors' funds.
Regulators should keep up pressure against banks employing light-touch approaches to know-your-customer (KYC) and anti-money laundering rules. Because fintechs measure success by active users, they design apps to reduce account-opening friction. Partner banks hew to their desires. For example, Evolve's KYC technology did not prevent applicants from opening many accounts at identical addresses,
The FDIC should reverse
Sometimes, exclusive deposit placement arrangements may increase risk. When a large fintech partners with a small bank, it holds all the cards. Today, there are instances where neobanks with millions of accounts work with small banks. It is hard for a small bank to walk away. Look no further than the relationship between Mercury and Evolve. As Evolve's largest fintech, Mercury was the prized asset of the bank's relationship with Synapse. Even though reports show Evolve was frustrated with Synapse's recordkeeping, it did not sever the relationship until first negotiating a direct contract with Mercury. Banks may become dependent on deposits from a single relationship. When they profit from maturity transformation, banks bear interest rate risk, but their fintech deposit sources are likely to be flighty.
Regulators must not permit workarounds for innovators. As they prepare for changes from the current administration, they must resist deregulatory voices seeking a return to sandboxes and no-action letters.
It is time to concede that the public cannot distinguish between regular and pass-through deposit insurance. People want a single flavor of insurance— plain vanilla. The FDIC rightfully shut down companies' practices of making misleading insurance statements, wrote a new interagency statement, and updated sign and advertising rules. However, it should go further. When the end-user depositor is not the entity directly insured, the FDIC should prevent fintechs from displaying the standard FDIC logo.
Consumers do not benefit when their funds move across a string of FBOs. These practices led to trouble. Synapse had several FBO partners, and funds held by a single depositor could have been in multiple FBO partner banks. The Synapse trustee reports revealed that partner banks could reconcile demand deposit accounts quickly but struggled with FBOs. In some cases, funds were divided into positive and negative balance accounts. Simpler account structures would reduce risk.
This moment is also a time to highlight the age-old problems of risky rent-a-bank lending. Regulators should acknowledge that all high-cost lending facilitated through partnerships is high risk. Recently, the CFPB used its dormant risk-based authority to assert
A small set of banks rent their charters to share in the profits of non-banks' high-cost installment, refund anticipation, and paycheck advance loans. They have found what Warren Buffett would call an "enduring moat" shielding their businesses from competitive forces because other banks will not enter these spaces. Because rent-a-banking frequently uses BaaS, it follows that a need for supervision exists for loans as well as deposits. Synapse signals another call to clamp down on bank-fintech partnerships that support evasive high-cost lending. The interagency guidance on third-party risk management permits a bank regulator to examine the activities of a service provider when the risk warrants it. There is enough evidence to justify aggressive step-ups in supervision of non-banks engaged in high-cost lending through partnerships.
Initially, I was optimistic the series of enforcement actions by prudential regulators would force the bank-fintech ecosystem to reframe compliance as essential for business viability. To be clear, those actions and the regulators' "
A banking charter is a privilege. It permits its holders to access the Federal Reserve's payments services and wholesale funding, receive exemptions from state usury laws, and benefit from reputational distinctions between banks and non-banks. Unfortunately, some banks use their charters for the wrong purposes, and some fintechs have an appetite to work with worst-practices banks. Synapse showed we have promoted innovation and cost-efficiencies beyond what is sensible or safe. It's time to shift course.
