The number of new fintechs continues to increase and regulators have made it clear they have their eye on this exploding industry. With increasing consumer protection regulations on the horizon for banks, we are starting to see the cloud of regulatory oversight moving closer and closer to fintechs. So fintechs, it is time to consider the next step.
Regulatory oversight is coming, and it is important to know the unknown. First off, fintechs aren’t banks. They neither think nor operate like a bank. The visionary mindset of a fintech will create a bit of a challenge for regulators and the first unknown. What will the regulatory environment look like for a fintech? Will they be forced to fit into the same box as traditional banks? Or will regulators have to step back and take a different approach when evaluating fintechs? It is obvious that flexibility from both sides will have to come into play to ensure a successful relationship.
The next unknown will be the regulations, which haven’t kept up with traditional banking, let alone the fast-changing fintech pace. You might remember that Regulation E (Electronic Fund Transfer Act) had additional guidance issued a couple of times over a decade before the regulation itself saw a much-needed overhaul. Institutions were begging for clarification on requirements for new technologies that had not been created when the act was first implemented. Some regulations are just now catching up to the more traditional banking services that have been in place for 10-plus years.
This will leave examiners lacking the black-and-white regulations that serve as the basis for the exam manuals they depend on when they go to examine fintechs. In many cases, the products and services offered by fintechs do not come with a long track record or history to assist in applying outdated regulations. Even when you consider those regulations that have been updated, fintech product and services offerings are outpacing them at lightning speed.
To add a twist to the unknowns, there is the additional uncertainty surrounding the “special purpose” national bank charter. The topic of applicability to fintechs has been bounced around in various courts since the Office of the Comptroller of Currency (OCC) introduced the idea back in 2016. This charter could add additional confusion to the fine line between the products and services offered by a fintech and the requirements of a banking charter and regulatory supervision of a traditional bank.
So, what does a fintech need to do to prepare for the second act?
Let’s walk through each of these preparations and how Spinnaker can help develop a right-sized approach for your fintech.
Regulators already have hinted at what the fintech regulatory roadmap will look like in the near future. One example is an interagency guide, Conducting Due Diligence on Financial Technology Companies – A Guide for Community Banks, published in August 2021. While directed to community banks to assist as they consider working with fintechs, this guide serves up an excellent glimpse into future regulatory expectations. It also references and incorporates guidance proposed in another interagency guide on third-party relationships, Proposed Interagency Guidance on Third-Party Relationships: Risk Management, published for comment in July 2021. As you can see with these recent releases, this is a hot topic and near the top of the regulatory watch list.
The challenge comes into play because a good majority of fintechs are fairly new to the stage. Of course, some veterans have been around for a while, and they have the bruises to show for being the first on the scene. However, most fintechs are less than 10 years old, and this rapidly growing sector of the financial industry continues to increase with no signs of slowing.
The lack of history and proven practices leaves this high-growth sector in a position of high risk. While fintechs might fall outside the official regulatory oversight line, the financial institutions they seek to do business with do not. It’s important to ensure that regulatory compliance and prudent risk management aren’t afterthoughts for fintechs.
Identifying your compliance resource is an important first step in knowing your regulatory environment. A compliance expert, such as Spinnaker, can navigate the regulatory environment and assist in aligning the requirements applicable to your fintech. Once the requirements have been identified, you can determine what the right size is for your compliance team. Will your team be in-house or outsourced?
We are starting to see compliance teams as part of the overall fintech corporate structure, even though many aren’t currently formally regulated. Fintechs are finding this a necessity if they want to be successful in working with traditional financial institutions that want partners that understand their regulatory requirements. Fintechs with strong compliance cultures – which are not yet mandated – will stand apart from the competition.
As we will discuss in a later series post, “The Future of Open Banking in the U.S.: Do customers understand who has their money and the risks?,” regulators and bankers alike hold great concern that consumers are unaware of who is holding their money and the risk associated with holding funds with these companies. This makes “getting it right” even more important for fintechs. The other side is the financial institution’s demands. According to Forbes in a January 2022 article, “65% of banks and credit unions entered into at least one fintech partnership over the past three years.” Banks are looking to partner with fintechs because they bring innovations that outpace what banks can do internally and often at a lower cost.
Institutions must ensure they partner with a fintech that is the right fit, and they must “get it right” the first time. Selecting a fintech that isn’t compliance minded could end in a costly lesson for both. A non-compliant fintech relationship can have far-reaching negative implications for financial institutions and can quickly cripple the future of a fintech. The bank will remain accountable for violations committed via a fintech partnership offering. And even with the strongest contract, the bank cannot transfer their regulatory liability.
Wait just a second before you start throwing stones. I am certainly not advocating that anyone jump up and down with excitement to embrace additional regulatory oversight. My point is actually the opposite. Is anyone familiar with the phrase “better the devil you know than the saint you don’t”?
We must preserve the innovative spirit of fintechs. But, as we can all see where the train is headed, a slow embrace of those regulations can prevent the quashing of that spirit. Gentle persuasion, if you will, should steer regulators to move in a direction that complements the visionary mindset and flexibility of these companies. Adopting requirements in a way that directs and demonstrates the commitment to reasonable compliance should be part of the vision. Recognizing early on the ultimate focus of consumer protection will be a win for both sides.
To compete in this new environment, fintechs will have to consider risk and compliance teams, commensurate with their risk profile, that align with regulatory expectations. Banks will have no other choice than to demand it, because they can’t afford to test the water with a fintech product or service that could land them in hot water.
A glimpse into the expectations can be found in the interagency guidance mentioned above. While the guidance is directed to community banks, fintechs of all sizes can benefit from reviewing and aligning with the expectations referenced in this document. You can liken it to taking a test that you already have the answers to, so there’s no reason to fail. The great opportunity here is to act now, to allow time to transition slowly and get it right before it is mandatory.
Fintechs are used to operating with “what can be” in product innovation vs. “what must be” in regulatory compliance. We recognize these aren’t easy tasks and often conflict with the visionary mindset of fintechs.
Spinnaker can help you build the risk management and compliance program that is appropriate in scale to your individual organization, and not only puts your company in good standing but can become your competitive edge to drive your growth strategy.
Change is a constant in the banking industry, with pressures coming from both internal and external directions.
Risk Management & Regulatory Compliance, Program Build Out, Change Management 2 minute read
We all like to think we have our credit-scoring models in check. But do we? When was the last time you reviewed the modeling data and validated the performance? I mean really reviewed it – not just checked the annual review box before audit season?
Risk Management & Regulatory Compliance, Change Management, Governance & Policy 3 minute read
The heart of an organization is within the policies that declare what it is and what it believes. To many people, those policies are about setting limits, which automatically means minimizing risk because there’s not much room to step out of line.
Risk Management & Regulatory Compliance, Capability Delivery, Governance & Policy 2 minute read
Like how we think? Subscribe to have our articles delivered direct to your inbox each month.
Headquarters: 8000 Franklin Farms Drive, Suite 100, Richmond, VA 23229
©2023 Spinnaker Consulting Group. All rights reserved.