Close Menu
Invest Intellect
    Facebook X (Twitter) Instagram
    Invest Intellect
    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Commodities
    • Cryptocurrency
    • Fintech
    • Investments
    • Precious Metal
    • Property
    • Stock Market
    Invest Intellect
    Home»Fintech»US Banking Agencies Are Ramping Up Scrutiny of Bank-Fintech Partnerships | Skadden, Arps, Slate, Meagher & Flom LLP
    Fintech

    US Banking Agencies Are Ramping Up Scrutiny of Bank-Fintech Partnerships | Skadden, Arps, Slate, Meagher & Flom LLP

    August 21, 202411 Mins Read


    On July 25, 2024, the U.S. prudential bank regulators released a Joint Statement on Banks’ Arrangements With Third Parties To Deliver Bank Deposit Products and Services (Joint Statement),1 along with a request for information on bank-fintech arrangements (RFI) issued on July 31, 2024.2 These releases are the latest development in a trend of increased prudential and consumer protection scrutiny of deposit account practices and third-party relationship oversight. They also follow a significant increase in enforcement actions targeting banks’ relationships with fintech firms.

    The Joint Statement and the RFI were issued by the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC) and cover a wide range of topics, including technology systems, regulatory compliance functions, payment processing, customer service, and complaint and dispute resolution. The RFI solicits input on the nature of bank-fintech arrangements, including their benefits and risks, effective risk management practices and whether there is a need for greater supervisory guidance related to such arrangements.

    Below we describe the risks and risk mitigation strategies described in the Joint Statement and certain areas of focus in the RFI, and summarize key takeaways for banks.

    Elevated Risks Associated With Third-Party Arrangements

    The Joint Statement highlights several “elevated risks” when using third-party arrangements, categorized as (i) “operational and compliance” risks, (ii) “growth” risks and (iii) “end-user confusion and misrepresentation of deposit insurance coverage.”3

    Operational and compliance risks arise when banks hand over substantial control of key functions to a third party, according to the regulators. The Joint Statement cautions that, when substantially relying on third parties, there is a risk to “the integrity of the bank’s deposit function” stemming from “fragmented operations.”4 Furthermore, when a bank relies on a third party for activities such as maintaining the transaction system of record or performing compliance functions, the bank may be exposed to (i) risks from delays in providing information to consumers and (ii) risks regarding compliance with regulatory obligations. Such compliance obligations in the deposit context include requirements under the Electronic Fund Transfer Act and Regulation E to investigate and resolve certain payment disputes and under the Truth in Savings Act and Regulation DD to provide specified disclosures regarding consumer deposit accounts.5 Notably, the Joint Statement indicates that reliance on a third party to maintain deposit information can, in some circumstances, “lead to delays in end users’ access to their deposits,” which may be a reference to a recent highly publicized bankruptcy of a fintech middleware provider that reportedly has resulted in significant delays in customers accessing their funds held at depository institutions.

    Other operational and compliance risks can arise when a bank does not have direct contractual relationships with a fintech partner’s contractors, when the bank does not have experience with new technologies or methods used by the third party, and from weaknesses in the bank’s auditing of the third-party relationship.

    Growth risks can arise when the fintech or other third party is incentivized to promote growth in a manner that is not aligned with the bank’s regulatory obligations, including where operational and compliance risk management processes do not keep pace with rapid growth. Other growth risks include rapid increases in funding concentrations caused by business generated through third parties. Also, when a third party generates a significant share of a bank’s deposits, the bank may face liquidity risks that make the bank reluctant to terminate the third-party relationship. Furthermore, rapid balance sheet growth resulting from third-party arrangements may result in growth without the maintenance of commensurate capital.6

    Risks of end-user confusion and misrepresentation of deposit insurance coverage can result when fintech companies directly solicit consumers for deposits: The Joint Statement warns that consumers may not understand that deposit insurance does not protect against losses resulting from the failure of the third party.7 In addition, the Joint Statement identifies potential risks of false advertising under 12 C.F.R. Part 328, Subpart B (False Advertising Rule), should there be omissions of material information regarding (i) the applicability of deposit insurance (which applies to the failure of insured depository institutions, as opposed to nonbank firms) or (ii) the requirements that must be satisfied to obtain pass-through deposit insurance coverage.8 This guidance aligns with the FDIC’s increased focus on false advertising of deposit insurance, including the FDIC’s revisions to the False Advertising Rule in December 2023,9 and several recent public letters to fintech companies asserting violations of the False Advertising Rule.10

    Risk Management and Governance Practices

    The Joint Statement reiterates and expands upon the existing guidance on effective third-party risk management practices,11 including in the following areas:

    • Governance and third-party risk management. The Joint Statement indicates that banks can manage risk through policies and procedures governing organizational structures, lines of reporting, expertise and staffing, internal controls and audit functions. Furthermore, the Joint Statement maintains that banks can conduct risk assessments to assess controls for mitigating risk relating to specific third-party arrangements. The Joint Statement also notes that banks can engage in due diligence of third-party relationships, set appropriate contractual relationships (in addition to assessing situations where the bank does not have a direct contractual relationship) and establish monitoring routines to identify risks.12
    • Managing operational and compliance implications. Banks can manage risk through maintaining a clear understanding of management information systems, including obligations and contractual reporting requirements, according to the guidance. Additionally, the Joint Statement affirms that a bank can develop and maintain risk-based contingency plans to address potential disruption or failure of a third party, including contractual provisions that facilitate the banks’ contingency plans. The Joint Statement also observes that banks can implement internal controls to mitigate risks in deposit functions, including dual control and separation of duties, data verification and issue resolution procedures. For effective compliance management of third-party relationships, banks should establish policies, procedures, oversight and controls to comply with consumer protection laws and regulations.13
    • Anti-money laundering (AML)/countering the financing of terrorism (CFT)/sanctions compliance. The Joint Statement specifies that banks can manage risk through adequate policies, procedures, oversight and controls to meet AML/CFT requirements — such as monitoring for and reporting suspicious activity, customer identification programs and customer due diligence — and through compliance with sanctions regulations.14
    • Managing growth, liquidity and capital implications. Banks can manage risk through establishing appropriate concentration limits, diversification strategies, liquidity risk management strategies and exit strategies and through maintaining adequate capital, according to the guidance. Furthermore, the Joint Statement notes that banks can perform analyses to determine whether parties are defined as deposit brokers and thereafter appropriately report brokered deposits.15
    • Addressing misrepresentations of deposit insurance coverage. The guidance indicates that banks can manage risk through establishing policies and procedures for deposit-related arrangements with third parties to ensure compliance with regulations that prohibit misrepresentation of deposit insurance. The Joint Statement also affirms that institutions can implement policies and procedures, including provisions related to monitoring and evaluating activities, that facilitate access to deposit-related services or products.16

    Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses

    In the RFI, the prudential regulators seek information on three broad categories of bank-fintech arrangements, including (i) deposit-taking, (ii) payments (including card issuance and digital wallet capabilities) and (iii) lending activities. In addition, the RFI observes and seeks comments on the growth of bank-fintech arrangements relying on an intermediate technology platform to facilitate relationships between banks and other fintech companies and the implications of such relationships. Comments on the RFI are due September 30, 2024, although several trade groups have requested a 30-day extension to the deadline for comments.17

    Consistent with the Joint Statement, the RFI identifies risk implications arising from bank-fintech relationships, including those relating to managing accountability between the bank and fintech partner, mitigating potential end-user confusion, managing rapid growth, developing robust concentration and managing liquidity risks. In a departure from the Joint Statement, the RFI also describes and seeks comments on the risks arising from use and ownership of data and customer information in the context of a bank-fintech relationships, including risks related to compliance with laws and regulations, operational challenges, and the ownership, use and nature of that data.

    Finally, the RFI seeks comments on certain trends relating to bank-fintech arrangements, including the impact of these arrangements on financial access, innovation, competition and financial stability.

    Recent Regulatory Focus on Deposit Activities and Takeaways

    The Joint Statement and the RFI highlight the intensifying focus by federal financial regulators on risks associated with third-party relationships and deposit activities. For example, on July 30, 2024, the FDIC proposed rulemaking to revise rules for brokered deposits in order to reduce safety and soundness risks to banks, promote consistent reporting of brokered deposits and reduce some operational challenges and reporting burdens (which we will discuss in a separate client alert).18

    The Joint Statement and the RFI also continue a recent trend of regulators focusing on legal compliance and consumer risks associated with deposit accounts. For example, the Consumer Financial Protection Bureau (CFPB) has challenged “junk fees” on deposit accounts and banking products in enforcement actions, rulemaking and guidance, with particular emphasis on overdraft fees and nonsufficient funds fees.19 The CFPB has also asserted that fees charged by banks in connection with consumer requests for information relating to deposit accounts, such as fees for requesting account balances, obtaining check images or account documents or researching accounts, may violate Section 1034(c) of the Dodd-Frank Act.20 Furthermore, the CFPB recently brought enforcement actions and issued guidance regarding concerns about the breadth and duration of account restrictions placed on consumer deposit accounts.21

    Importantly, the Joint Statement and the RFI do not represent or purport to indicate a wholesale rejection of the bank-fintech partnership model. Rather, the RFI states that “[t]he agencies support responsible innovation and banks pursuing bank-fintech arrangements in a manner consistent with safe and sound practices and applicable laws and regulations” and that “[b]ank-fintech arrangements can provide benefits.” However, prudential banking regulators are clearly focused on ensuring that banks improve their oversight and management of arrangements with fintech companies. Accordingly, banks may want to analyze the Joint Statement and the RFI and assess their institution’s practices and controls for third-party relationships and deposit functions, with particular focus on fintech relationships involving deposit account generation. For example, as recommended by the agencies, banks could conduct, internally or with the assistance of counsel and/or others, risk assessments relating to third-party oversight and deposit activities. We will continue to monitor activity in this rapidly evolving regulatory environment.

    _______________

    1 Board of Governors of the Federal Reserve System, “Joint Statement on Banks’ Arrangements With Third Parties To Deliver Bank Deposit Products and Services” (July 25, 2024).

    2 Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses, 89 Fed. Reg. 61,577 (July 31, 2024).

    3 Joint Statement at 2-4.

    4 Id. at 2.

    5 Id.

    6 Id. at 3-4.

    7 Id. at 4.

    8 Id.

    9 FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo, 89 Fed. Reg. 3504 (Jan. 18, 2024).

    10 FDIC press release “FDIC Demands Three Companies Cease Making False or Misleading Representations About Deposit Insurance” (March 19, 2024); FDIC press release “FDIC Demands Five Entities Cease Making False or Misleading Representations About Deposit Insurance” (Jan. 19, 2024); FDIC press release “FDIC Demands Unbanked, Inc. Cease Making False or Misleading Representations About Deposit Insurance” (Aug. 4, 2023).

    11 See, e.g., Interagency Guidance on Third-Party Relationships: Risk Management, 88 Fed. Reg. 37,920 (June 9, 2023).

    12 Joint Statement at 5-6.

    13 Id. at 6-7.

    14 Id. at 7.

    15 Id.

    16 Id. at 8.

    17 Letter from the American Bankers Association, et al. to the FDIC, Office of the Comptroller of the Currency and Board of Governors of the Federal Reserve System (Aug. 9, 2024).

    18 FDIC, Notice of Proposed Rulemaking, Unsafe and Unsound Banking Practices: Brokered Deposits Restrictions (July 30, 2024).

    19 See, e.g., CFPB, Fees for Instantaneously Declined Transactions, 89 FR 6031 (Jan. 31, 2024); CFPB, Supervisory Highlights, Issue 29, 3-6 (Winter 2023).

    20 See, e.g., CFPB, Supervisory Highlights, Issue 34, 14-15 (Summer 2024); CFPB Advisory Opinion, Consumer Information Requests to Large Banks and Credit Unions, 88 FR 71279 (Oct. 16, 2023).

    21 See, e.g., CFPB, Supervisory Highlights, Issue 34, 13-14.

    [View source.]



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Manila Tech Summit 2025 links PH to global FinTech arena

    Fintech

    Canadian fintech rides smaller wave after last year’s record high

    Fintech

    Cedar-IBSi Capital on track to raise ₹250 cr via fintech fund

    Fintech

    Logiserve Gains NBFC License to Power Fintech for Merchants

    Fintech

    Bankrupt Fintech to Sell Hard-to-Get Stakes in Private Firms

    Fintech

    Starling Bank acquires UK fintech Ember to enhance small business services

    Fintech
    Leave A Reply Cancel Reply

    Top Picks
    Commodities

    “Câbles et systèmes arrachés”, écoulement de fioul… enquête après des dégradations dans un dépôt pétrolier Bolloré Energy, site classé Seveso

    Precious Metal

    Baisse du bénéfice ajusté d’Ero Copper au 4ème trimestre, hausse du chiffre d’affaires -Le 06 mars 2025 à 23:30

    Commodities

    Income Tax Bill 2025: Here’s how taxation of agricultural income, farmland has been tweaked

    Editors Picks

    Commodities Prices in Bengaluru – March 7: Rediff Moneynews

    March 7, 2025

    Dow slides as tariffs kick in, Nasdaq rises as Trump signals chip carveout

    August 7, 2025

    Argentina’s Milei slammed over cryptocurrency post

    February 16, 2025

    Ministry mandates 75% local agricultural products in cooperative societies

    February 11, 2025
    What's Hot

    RFK Jr. suggests he’ll have a significant role on agriculture and health policy if Trump is elected

    October 15, 2024

    Argentine President Javier Milei’s cryptocurrency promotion sparks controversy – Firstpost

    February 15, 2025

    Haïti éliminée après sa défaite face aux États-Unis

    June 23, 2025
    Our Picks

    Coinbase On Following MicroStrategy’s Bitcoin Playbook: Looking For ‘Opportunities,’ Says CFO, But Highlights Key Difference Between The Two Companies – Coinbase Glb (NASDAQ:COIN)

    October 31, 2024

    What’s normal and what isn’t

    August 4, 2025

    “Des enjeux énormes pour l’agriculture” : à l’INRAE, le nouveau pôle de recherche en agronomie ouvre ses portes

    April 3, 2025
    Weekly Top

    How much should you allocate to your IRA?

    August 20, 2025

    Canadian fintech rides smaller wave after last year’s record high

    August 20, 2025

    Crowds gather for 150th Hawkshead Agricultural Show

    August 20, 2025
    Editor's Pick

    Justice Dept seizes crypto wallets used to fund Hamas terror

    March 30, 2025

    Seasonal Farm-to-Table Dinner Series to Highlight Iowa Agriculture and Culinary Talent

    October 16, 2024

    To Improve Crypto Tax Gap, IRS Must Enhance Compliance Efforts

    July 23, 2024
    © 2025 Invest Intellect
    • Contact us
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.