BID® Daily Newsletter
Jun 11, 2024

BID® Daily Newsletter

Jun 11, 2024

Regulators Have a Watchful Eye on Your Fintech Partnerships

Summary: A spate of regulatory actions against banks for compliance deficiencies in their fintech partnerships has bankers concerned. We discuss recent consent orders and provide tips on managing third-party vendor risk.

Since ChatGPT has grown more ubiquitous, companies across multiple industries have been chomping at the bit to find a way to incorporate the AI chatbot into their processes. The issue, however, is that regulations around machine learning and ChatGPT usage are not fully formulated, and a study conducted by Stanford and UC Berkeley discovered that ChatGPT’s accuracy is declining instead of improving, particularly when it comes to code generation.
When embracing new technology, it’s important to consider the risks. Banks that dove headfirst into fintech partnerships and banking as a service (BaaS) have often been hailed as visionary market leaders. Now some of them are being lacerated by banking regulators for failing to adhere to risk management practices in their haste to go digital. As one bank CEO dealing with an enforcement action noted, “Every bank that touches BaaS is getting an enforcement action.” 
For some time now, community banks have been urged to partner up with fintechs as the quickest and easiest way to keep up with the tech revolution in banking and payments. Turns out that these fintech partnerships can also be a shortcut to regulatory purgatory.
Fintech Usage Crackdown
A recent wave of enforcement actions against banks over their fintech usage has bankers on edge, and with good reason. The FDIC is clearly taking a close look at fintech in banking and isn’t liking what it sees, particularly at smaller banks. Fintechs have become ubiquitous as community banks eagerly partner up to avoid getting left behind in the race for enhanced digital banking services. 
The need to closely manage those services for compliance with broader banking regulations has emerged as a significant issue.
Here are a few of the recent cease and desist orders (C&D) and consent orders issued against banks by the feds:
  • A northwestern US bank was hit with a C&D that required it to wind down its fintech business strategy and enhance its risk monitoring and management. 
  • A New England bank entered a consent order to clean up its business practices, with a focus on its dealings with third-party vendors and its BaaS offerings. 
  • A midwestern bank was ordered to provide a full inventory of its third-party contractors and explain how the bank was managing risks associated with them.
  • A southern bank was ordered to improve its risk processes and to ditch some of its fintech partners.
Some common shortfalls emerge from recent enforcement actions. Federal regulators are finding sketchy compliance with anti-money laundering (AML) rules and Combatting the Financing of Terrorism (CFT) regulations, and a lot of these problems revolve around fintech usage. The issue appears to be lax oversight and management of these fintech partnerships. Banks are being told to tighten oversight and management practices and improve risk management when it comes to partnering with fintechs.
Ways To Manage the Risk
Banking regulators are not telling banks to stop using fintechs, without which smaller banks would be hard pressed to keep up with all the digital enhancements and services in banking today. Regulators simply want banks to use stronger risk management practices when they join forces with fintechs.
Here are four recurring requirements from the recent enforcement actions that banks should keep front of mind when considering a fintech partnership:
  1. Strong regulatory compliance. Policies and procedures to identify and manage fraud risks and compliance need to be stronger, particularly as it applies to AML/CFT. Fintech usage is a focus of this criticism.
  2. Appropriate personal expertise. Some employees lack the subject matter expertise to be able to effectively monitor and manage bank programs. Again, this shortfall revolves around a lack of tech expertise and how to manage fintech relationships.
  3. Proficient data analysis and monitoring capabilities. Systems and data are lacking to enable banks to effectively monitor and assess third-party relationships. Of particular concern is the ability of banks to spot and report suspicious banking activity.
  4. Proactive and strategic board activity. Bank boards are not taking a strong enough role in policing the use of third parties and compliance with AML/CFT rules. Boards also need to have stronger expertise and a dedicated strategy for overseeing third-party activities. 
The recent crackdown by the regulators on fintech usage shouldn’t surprise banks. In November 2023, federal banking regulators released an update to the guidance originally issued in 2021, entitled, “Conducting Due Diligence on Financial Technology Companies” to keep this topic front and center.
The guide includes deep dives into regulatory compliance, as well as risk assessment and control, and coverage has already begun to help banks learn how to mitigate these risks in order to effectively handle third-party fintech partnerships.
As banks navigate fintech partnerships, prioritizing robust risk management is crucial. Recent enforcement actions highlight the need for compliance and vigilance to avoid regulatory scrutiny and protect operations.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

2024 in Review: Part 2 of 3 — Regulations & Digital Banking
In this second part of our review of 2024, we look at the challenges and opportunities arising from increased regulatory scrutiny, the rise of open banking, and the adoption of faster payments.
Heightened Regulation Is Making BaaS a Risky Proposition
As regulatory oversight of BaaS increases, CFIs need to be aware of the risks in their third-party relationships. We provide examples of BaaS flubs and how to avoid them.