Last spring, innovative banks, fintechs, and regulators were shaken by the collapse of prominent fintech middleware provider, Synapse. What ensued was a maelstrom of finger-pointing, legal proceedings, and regulatory activity, ultimately leaving the industry and consumers confused and, even worse, Synapse customers without access to their funds. Nearly a year later, fintech companies, banks, and regulators must all ask themselves if they have done enough–or what more is needed–to avoid another Synapse-level disaster.
To avoid the next Synapse, three key factors must be understood. First, banks partnering with fintechs hold the ultimate liability for the activities of the fintech, even though contractually they share this responsibility. Second, banks and fintech companies should focus due diligence on whether they are a good fit rather than on a speedy onboarding process. Last, having the right regulations, people, and processes in place is essential for robust, effective risk management.
Critically important to note, however, is that in the wake of the Synapse disaster, responsible innovative banks and fintech companies have doubled down on these three points. Operationally, this means conducting proper suitability analyses and holistic qualitative and quantitative risk assessments. While these activities create additional tasks for both parties and extend the onboarding timeframe, long-term partnership success is far more preferable and prudent than the most expedient go-to-market strategy.
Partnerships between innovative banks and fintech companies must adopt a "shared responsibility" model for the safety and soundness of the partnership. This requires everyone involved to internalize the key factors noted above while also seeking opportunities to improve their collaboration. Specifically, from a risk-management and compliance standpoint, this "shared responsibility" model requires both parties to rethink their incentive structures to focus more on preventative rather than reactionary measures. In practice, both innovative banks and fintech companies should continuously develop and improve upon processes and activities that proactively identify issues as they arise and work collaboratively to address them. For example, to mitigate any risks that come with the addition of partnerships beyond the direct engagement between a bank and fintech company, both entities should develop compliance management programs to monitor for nth party risk. Getting out in front of problems can save money and avoid regulatory actions for both fintechs and banks.
On the regulatory side, "shared responsibility" requires the development of clear and consistent "rules of the road" for innovative banks and fintech companies, and an overall change in how regulators view and approach innovation. Specifically, regulators should recognize that the innovative approaches to offering banking services that have sprung up over the past decade are driven by consumers' desire for these services and are not just a passing fad. Thus, there needs to be a concerted approach to clearly portraying how the existing regulatory system applies to these innovative business models, products, and services by providing clear guidance documents. These documents should provide clear explanations about the agencies' supervisory expectations and, where necessary, provide activity-specific guidance that recognizes the nuance of a given product or service.Regulators share the responsibility of keeping the financial system safe, sound, and resilient, working with the industry participants under their jurisdiction to ensure that consumers remain protected. However, the best opportunity to avoid another Synapse comes down to how agencies conduct their oversight.
Over the past several years, regulators, while unified at times, have also adopted differing perspectives and approaches towards innovation in financial services. While the Federal Reserve and the OCC expanded their innovation efforts through the development of designated regulatory infrastructure via the Novel Activities Supervision Program and the Office of Financial Technology, respectively, the FDIC did not pursue such formal activities. Meanwhile, though the CFPB started a more robust oversight strategy of fintech companies, it also dismantled many of the regulatory tools to encourage responsible innovation, including its Advisory Opinion on earned wage access, as well as its no-action letter and compliance assistance sandbox programs, which were only recently reconstituted. Concurrently, the tone from agency leaders toward innovation also varied from cautious optimism to outright skepticism, resulting in inconsistent approaches towards oversight and enforcement within each agency.
It appears that regulators are beginning to recognize the need to change their culture and oversight approach. The OCC and Federal Reserve's innovation infrastructure has served to improve relationships between banks, fintechs, and regulators. While the FDIC has lagged behind in these efforts, FDIC Chairman Travis Hill identified the need for a cultural shift for examiners from a tech-apprehensive view towards innovation to a more open-minded and transparent perspective. Better use of supervisory technology will help regulators operate in a preventative rather than reactionary manner. Optimistically, it seems that a critical change is on the horizon across the prudential regulators.
These regulatory infrastructure and cultural changes help encourage the development of clear "rules of the road" for responsible innovation, and help regulators pursue preventative, not reactionary, approaches to oversight. In turn, innovative banks, fintechs, and regulators can more effectively share the responsibility of keeping the financial system safe, sound, and resilient.
