Recently, Blue Ridge Bank in Charlottesville, Virginia, disclosed that its regulator imposed an
The market had been anticipating some type of enforcement action against Blue Ridge after regulatory issues seemed to derail a proposed merger with another bank and rumors spread of disruption among its fintech partners. On the face of it, a limited action by one regulator against a single bank with only $2.7 billion of assets should be worth barely a passing notice. But this regulatory action is the tip of the iceberg. Intense regulatory scrutiny is coming for fintechs and the bank partners on which they rely. However, not all fintechs or their bank partners are yet truly prepared to meet this higher level of regulatory scrutiny.
Over the past 15 years, fintechs (more precisely, nonbank providers of financial services) have grown dramatically in both number and size, fed by unprecedented venture investment and, candidly, the weaknesses and lack of agility of incumbent banks. According to the consulting firm
The special legal powers available only to banks mean that even the largest nonbank fintechs must rely on bank partners to deliver financial services to their many customers. Only banks can offer insured deposits, access the Federal Reserve's payment system and card rails, lend effectively across state borders, etc. Hence, the need for partnerships among fintechs and banks. The Durbin amendment, which severely restricts debit interchange revenue once banks top $10 billion of assets, means that smaller community banks are best suited to be partners to deposit-oriented fintechs. Large banks are also typically less inclined to jeopardize their national brand by partnering with direct-to-consumer fintechs, preferring instead to compete head-on.
In putting those fintech/community bank partnerships together, short-term incentives for fintechs and their bank partners have been in part perverse: Many fintechs were looking for the fastest and easiest "yes" from a bank partner (which almost never correlates with high-quality compliance and risk management), while some small banks sought to maximize returns by minimizing upfront investment (which could leave them without adequate risk management, staffing or technology to manage fintech partnerships). The significant time and costs inherent in setting up a fintech-bank partnership caused many fintechs — even very large ones — to rely on a single bank partner. Excessive reliance on a single partner is always a risk. When a fintech with millions of customers becomes large relative to the resources of the bank partner, the risk of reliance on a single partner is magnified.
Despite these perverse incentives, not all fintechs or bank partners have been sloppy on compliance and risk management, but many appear to have been. Not all fintechs are overly reliant on a single bank partner, but many are. And not all fintechs or their bank partners are ill prepared for an unexpected termination of their relationships, but many appear to be.
As a rule, regulatory scrutiny typically lags developments in the market, but recent evidence demonstrates it is now ramping up quickly: the Blue Ridge enforcement action;
In the long run, more intense regulatory scrutiny will be a positive. High standards for compliance and risk management will contribute to a more transparent, fairer and more resilient ecosystem. And partnering with fintechs offers community banks a critical potential life line as they continue to struggle for survival and success in a challenging competitive market.
But in the short run, the potential for widespread disruption is both very real and imminent. Imagine a fintech serving millions of customers and reliant on a single small bank partner that is forced by its supervisors to terminate its support of that fintech. Replacing a bank partner takes time. What happens to those millions of customers if the fintech loses access to a bank partner, even briefly?
Similarly, how would a small community bank handle the customers and accounts of its fintech partner should the fintech shut down abruptly? In today's challenging fundraising market, this is not a hypothetical. For example, consumers carrying what they think is a fintech debit card that's really issued by an underlying partner bank could wake up one morning to a rude surprise. Who do they call? And the bank partner can be left to pick up the pieces if it failed to prepare for such a scenario.
In the future, partner banks should expect a significant increase in the intensity of regulatory oversight. They should intensify scrutiny of fintech relationships and undertake a sober and objective assessment of their management of the risks associated with fintech relationships. Leaving problems for regulators to find is a recipe for disaster. They should revisit business continuity planning for fintech partners with a focus on how customers would be served in the wake of an unanticipated shutdown.
Fintechs must prepare, urgently, for much more intense regulatory oversight of their partners and thus, indirectly, of their businesses. They should reassess their own compliance and risk management programs. They should evaluate whether they are overly reliant on a single bank partner; and invest to add additional bank partners and diversify risk where merited. If the oversight they receive from their bank partners isn't already rigorous, they should expect stepped-up pressure and start looking for additional or replacement partners. If a bank partner is already facing regulatory headwinds, it can expect them to get worse.
Regulators should make sure teams are fully informed about the evolution of the market and continue efforts to coordinate and systematize oversight of banks partnered with fintechs. Rather than pressuring all bank partners equally, they should add to the incentives for existing and future bank partners to provide this critical function in a high-quality manner by focusing on the weaker players and sharing lessons learned.
Wishing away the challenges that are looming is a perilous choice. Instead fintechs and their bank partners need to prepare to face a much more challenging environment. The consumers and small businesses that rely on them deserve nothing less.
