The number of new fintechs continues to increase and regulators have made it clear they have their eye on this exploding industry. With increasing consumer protection regulations on the horizon for banks, we are starting to see the cloud of regulatory oversight moving closer and closer to fintechs. So fintechs, it is time to consider the next step.
Regulatory oversight is coming, and it is important to know the unknown. First off, fintechs aren’t banks. They neither think nor operate like a bank. The visionary mindset of a fintech will create a bit of a challenge for regulators and the first unknown. What will the regulatory environment look like for a fintech? Will they be forced to fit into the same box as traditional banks? Or will regulators have to step back and take a different approach when evaluating fintechs? It is obvious that flexibility from both sides will have to come into play to ensure a successful relationship.
The next unknown will be the regulations, which haven’t kept up with traditional banking, let alone the fast-changing fintech pace. You might remember that Regulation E (Electronic Fund Transfer Act) had additional guidance issued a couple of times over a decade before the regulation itself saw a much-needed overhaul. Institutions were begging for clarification on requirements for new technologies that had not been created when the act was first implemented. Some regulations are just now catching up to the more traditional banking services that have been in place for 10-plus years.
This will leave examiners lacking the black-and-white regulations that serve as the basis for the exam manuals they depend on when they go to examine fintechs. In many cases, the products and services offered by fintechs do not come with a long track record or history to assist in applying outdated regulations. Even when you consider those regulations that have been updated, fintech product and services offerings are outpacing them at lightning speed.
To add a twist to the unknowns, there is the additional uncertainty surrounding the “special purpose” national bank charter. The topic of applicability to fintechs has been bounced around in various courts since the Office of the Comptroller of Currency (OCC) introduced the idea back in 2016. This charter could add additional confusion to the fine line between the products and services offered by a fintech and the requirements of a banking charter and regulatory supervision of a traditional bank.
So, what does a fintech need to do to prepare for the second act?
Let’s walk through each of these preparations and how Spinnaker can help develop a right-sized approach for your fintech.
Regulators already have hinted at what the fintech regulatory roadmap will look like in the near future. One example is an interagency guide, Conducting Due Diligence on Financial Technology Companies – A Guide for Community Banks, published in August 2021. While directed to community banks to assist as they consider working with fintechs, this guide serves up an excellent glimpse into future regulatory expectations. It also references and incorporates guidance proposed in another interagency guide on third-party relationships, Proposed Interagency Guidance on Third-Party Relationships: Risk Management, published for comment in July 2021. As you can see with these recent releases, this is a hot topic and near the top of the regulatory watch list.
The challenge comes into play because a good majority of fintechs are fairly new to the stage. Of course, some veterans have been around for a while, and they have the bruises to show for being the first on the scene. However, most fintechs are less than 10 years old, and this rapidly growing sector of the financial industry continues to increase with no signs of slowing.
The lack of history and proven practices leaves this high-growth sector in a position of high risk. While fintechs might fall outside the official regulatory oversight line, the financial institutions they seek to do business with do not. It’s important to ensure that regulatory compliance and prudent risk management aren’t afterthoughts for fintechs.
Identifying your compliance resource is an important first step in knowing your regulatory environment. A compliance expert, such as Spinnaker, can navigate the regulatory environment and assist in aligning the requirements applicable to your fintech. Once the requirements have been identified, you can determine what the right size is for your compliance team. Will your team be in-house or outsourced?
We are starting to see compliance teams as part of the overall fintech corporate structure, even though many aren’t currently formally regulated. Fintechs are finding this a necessity if they want to be successful in working with traditional financial institutions that want partners that understand their regulatory requirements. Fintechs with strong compliance cultures – which are not yet mandated – will stand apart from the competition.
As we will discuss in a later series post, “The Future of Open Banking in the U.S.: Do customers understand who has their money and the risks?,” regulators and bankers alike hold great concern that consumers are unaware of who is holding their money and the risk associated with holding funds with these companies. This makes “getting it right” even more important for fintechs. The other side is the financial institution’s demands. According to Forbes in a January 2022 article, “65% of banks and credit unions entered into at least one fintech partnership over the past three years.” Banks are looking to partner with fintechs because they bring innovations that outpace what banks can do internally and often at a lower cost.
Institutions must ensure they partner with a fintech that is the right fit, and they must “get it right” the first time. Selecting a fintech that isn’t compliance minded could end in a costly lesson for both. A non-compliant fintech relationship can have far-reaching negative implications for financial institutions and can quickly cripple the future of a fintech. The bank will remain accountable for violations committed via a fintech partnership offering. And even with the strongest contract, the bank cannot transfer their regulatory liability.
Wait just a second before you start throwing stones. I am certainly not advocating that anyone jump up and down with excitement to embrace additional regulatory oversight. My point is actually the opposite. Is anyone familiar with the phrase “better the devil you know than the saint you don’t”?
We must preserve the innovative spirit of fintechs. But, as we can all see where the train is headed, a slow embrace of those regulations can prevent the quashing of that spirit. Gentle persuasion, if you will, should steer regulators to move in a direction that complements the visionary mindset and flexibility of these companies. Adopting requirements in a way that directs and demonstrates the commitment to reasonable compliance should be part of the vision. Recognizing early on the ultimate focus of consumer protection will be a win for both sides.
To compete in this new environment, fintechs will have to consider risk and compliance teams, commensurate with their risk profile, that align with regulatory expectations. Banks will have no other choice than to demand it, because they can’t afford to test the water with a fintech product or service that could land them in hot water.
A glimpse into the expectations can be found in the interagency guidance mentioned above. While the guidance is directed to community banks, fintechs of all sizes can benefit from reviewing and aligning with the expectations referenced in this document. You can liken it to taking a test that you already have the answers to, so there’s no reason to fail. The great opportunity here is to act now, to allow time to transition slowly and get it right before it is mandatory.
Fintechs are used to operating with “what can be” in product innovation vs. “what must be” in regulatory compliance. We recognize these aren’t easy tasks and often conflict with the visionary mindset of fintechs.
Spinnaker can help you build the risk management and compliance program that is appropriate in scale to your individual organization, and not only puts your company in good standing but can become your competitive edge to drive your growth strategy.
Late last month, I had the pleasure of attending and facilitating a couple of on-demand panels for the American Banking Association’s (ABA’s) first-ever Risk and Compliance Virtual Conference.
Customer Channels & Operations Management, Data & Analytics, Risk Management & Regulatory Compliance 4 minute read
The Big Picture Pick up recent copies of The Wall Street Journal or American Banker, and you’ll see headline after headline about consent orders and hefty fines issued by the Consumer Financial Protection Bureau to mortgage companies caught using deceptive advertising practices. This summer alone, eight have been issued. Two things immediately strike me when I see these stories: Many of these cases didn’t have to happen. And while these particular consent orders were concentrated in the mortgage sector, similarly problematic issues are most certainly occurring in other lending segments across the financial services industry. After a hundred years or so, you’d think we would know how to follow regulatory rules –particularly those put in place to protect consumers. Indeed, the first such laws were framed by the states before World War I – although the first meaty federal law, the Truth in Lending Act, wasn’t passed until 1968. Every new regulation layered in since then largely continues to further shield consumers from unfair practices – which often start with glossy ad campaigns designed to get them in the physical or digital door. The reasons why we’re still struggling with compliance aren’t too difficult to understand: turnover within organizations, competing priorities, a lack of sound controls, new staffers who are unfamiliar with existing regulations, and a never-ending list of new ones, including Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) and the Mortgage Acts and Practices (MAP) – Advertising Rule. There’s also often a gap between the intent of any new regulation and how marketing teams interpret it. The risks of not crossing every “t” and dotting every “i” are significant, as evidenced by these recent consent orders. Doing things the wrong way also can mean costly penalties, time-consuming regulatory remediation, and loss of customer trust – which can translate into higher complaint volumes and even lawsuits. Let’s explore some long-lingering myths about how banks advertise their lending products – and, more importantly, what your financial institution should be doing. MYTH: Legal and Compliance don’t need to review my ad since I’m the expert in marketing. FACT: This is the biggest myth that persists in financial services marketing and advertising. Every word you use to communicate has specific and nuanced meanings, and your legal and compliance teams have a responsibility to protect your company and consumers alike. No external ads or marketing materials should be released until you get signoff from your legal or compliance team. It’s not any more complicated than that. MYTH: Our marketing team knows what Legal and Compliance have told us. We get it, but we need leeway to make our ads eye-catching and even a bit sexy so we can get business in the door. One little word change doesn’t really make a difference. FACT: Remember how former President Bill Clinton faced legal drilling over his interpretation of the word “is”? You’d be surprised at exactly what a bank must validate before it advertises anything as “free.” That word “free” – and countless more – are triggers, often requiring specific disclosures on how they apply to what you’re advertising right at that moment. Ideally, your marketing and advertising teams should collaborate almost daily with your legal and compliance teams. Of course there’s going to be some friction between the advertising folks, who see in every color of the rainbow, and the legal and compliance folks, who typically only see in black and white. The important thing is to build processes and procedures that enable effective and efficient reviews of all advertising and marketing materials, and that begins with concepts. When you involve those responsible with compliance up front, they can help rethink an approach in ways that ensure the final ad meets regulatory requirements. Also, try taking their early “no” to mean “not yet” and be open to ideas on what could translate into an easy reframing. But go to them at the end with an ad that fails on every compliance front, and their “no” will be just that. When I was at a bank that now has more than $30 billion in assets, my compliance team worked diligently to become a strategic partner to the marketing team. It took some time, but our peers came to see that we never aimed to derail their vision. As our relationship evolved, so did our interactions. In fact, we created a desktop resource that allowed marketers to easily look up the latest laws or match sales terms with the necessary disclosures, delivering a self-service tool that also empowered them to create responsibly and expedite the review process. Rest assured, the goal of your bank’s lawyers and compliance officers is not to thwart creativity, but to ensure that amazing ad concepts give consumers precise, clear information about the company’s products and services, allowing them to make smart financial decisions. Believe me: Compliance teams want powerful, compelling and even award-winning advertising that brings more revenue in the door, because when you have that, everyone benefits. MYTH: Our market competitor ran an ad just like that. If they got away with it, then it’s OK and the legal and compliance team is overreacting. FACT: This is the corporate version of your mother asking you, “If everyone was jumping off a cliff, would you do it, too?” The only truth here is that your competitor ran an ad. You don’t really know if that financial institution “got away with it.” In fact, you might learn not too far down the road that your competitor actually got caught red-handed with a compliance violation. After all, the underlying premise of advertising is to spread the word, and regulators are paying close attention. Frankly, you should be analyzing what your competitors are doing, but I’m not talking about their advertising. Take a good look at every consent order or other regulatory action you hear about and compare it to what’s happening in your shop. Are you doing things the right way? Are you identifying and avoiding the possible risks in your process? In other words, consider that the teacher has given you every answer to the test, and you don’t want to fail down the road. MYTH: The bank’s advertising agency developed that campaign – not our internal team – so we’re not going to get in any trouble. FACT: Time and time again, oversight organizations stress that any third-party vendor – whether it’s an ad agency or a cross-sell phone queue – is a seamless extension of your financial institution. If they get it wrong, so do you. You don’t outsource the compliance responsibility along with the work. MYTH: All of that applies to my bank or mortgage company – not to me as a loan officer. I’ll post a special offer on my social channels just for my customers. FACT: Your very title of “loan officer” means you’re an officer of your financial institution, and the same exact requirements apply to you. Without question, the growing influence of social media makes consumer outreach easy, but the brevity and ease of these same platforms also make it more difficult to keep your team members from going rogue. The same compliance standards apply to all of your advertising, including any unsanctioned materials. Every employee needs to understand this responsibility. (BTW, don’t forget about old-fashioned tactics, such as a quick sales flyer that a teller might create and post in a branch. Whether that flyer meets your advertising brand standards is the least of your worries, because you’re most likely out of regulatory compliance.) MYTH: Getting an internal review takes so much time that we’re losing competitive advantage. FACT: Doing it right takes a fraction of the time needed to fix things – particularly if you’re cited for a regulatory infraction – and maintains your institution’s reputation. Yes, a legal or compliance review is another step in your marketing process, but it’s a short blip in the lifetime of a successful business. In my previous role, I was intentional about building interactions with the marketing team that served everyone’s needs as efficiently as possible. If a federal agency comes at you with a consent order or Matter Requiring Attention, you’re going to spend significantly more time finding the root issue, solving for your misstep, gaining regulatory signoff and getting back to work. You also can’t rebuild consumer confidence overnight – even with the most attractive offers in your marketplace. After all, if your customers know you’ve been under scrutiny before, do you think they’re going to trust that you’re being straight with them this time around?
Risk Management & Regulatory Compliance, Compliance, Risk Management 5 minute read
We’re less than 48 hours into Russia’s invasion of the Ukraine, and my household has been glued to the TV, watching the nightmare unfold. During this time, economic sanctions have been enacted, putting intense pressure on the financial system to be able to comply with these new rules. While federally-imposed economic sanctions aren’t new, many banks are scrambling to tighten up AML/KYC routines, at individual, entity, and regional levels.
Data & Analytics, Compliance, Governance & Policy 2 minute read
Like how we think? Subscribe to have our articles delivered direct to your inbox each month.
Headquarters: 8000 Franklin Farms Drive, Suite 100, Richmond, VA 23229
©2022 Spinnaker Consulting Group. All rights reserved.