Bank-Fintech Partnerships: Analysis of the Federal Reserve Board's 2024 Guidance

In recent years, technological advancements and innovation have significantly reshaped the community banking sector. While banks continue to embrace new tools and systems, their core mission—to deliver exceptional financial services to their communities—remains unchanged.

To achieve this mission, many community banks have partnered with nonbank entities, such as financial technology companies (fintechs), to offer customers services including deposits, payments and lending. These partnerships often enable fintechs to serve as conduits, increasing risk exposure to the community bank.

This article covers the FRB's November 2024 Statement by Clay Kitchura, Senior Financial Institution Policy Analyst, Division of Supervision and Regulation, Federal Reserve Board, while providing additional information regarding referenced joint statements and programs from the FED.

Regulatory Programs and Goals for Bank-Fintech Partnerships

Goal of Regulation is to Balance Risks and Opportunities

Community banks are increasingly exploring innovative strategies to enhance their service offerings. By partnering with fintech companies, community banks can compete more effectively with larger financial institutions  and adapt faster to evolving consumer expectations. 

The Federal Reserve acknowledges the potential advantages of these partnerships in improved service delivery and cost reduction, but recognizes the associated risks. The goal is to balance regulation and risk tolerance to foster a responsible environment for growth. To achieve this, the FED set up the Novel Activities Supervision program.

Federal Reserve’s Novel Activities Supervision Program

On August 8, 2023, the Federal Reserve introduced the Novel Activities Supervision Program to oversee risks from emerging financial activities like crypto-assets, distributed ledger technology (DLT), and partnerships with non-bank entities. The program ensures stability and compliance while promoting responsible innovation.

Key Areas of Focus

1. Non-Bank Partnerships: Collaborations using technologies like APIs for deposit-taking, lending, and payments.
2. Crypto-Asset Activities: Includes custody, lending, stablecoin issuance, and trading.
3. DLT Projects: Applications like tokenization of assets and dollar token issuance.
4. Banking Services for Crypto and Fintech Sectors: Monitoring banks serving these industries.

Program Approach

• Risk-Based Supervision: Oversight intensity varies by activity level.
• Continuous Monitoring: Regular updates for organizations engaged in novel activities.
• Expert Collaboration: Involvement of Federal Reserve, industry, and academic experts.
• Data Utilization: Real-time monitoring and inter-agency collaboration.

As technology continues to grow, the FED has continued to expand on the core relationship structures, risks, and responsibilities of these cross-sector partnerships.

Defining Bank-Fintech Partnerships: Takeaways from Federal Reserve's RFI in July, 2024

In July 2024, the Federal Reserve, FDIC, and OCC jointly issued a Request for Information (RFI) addressing the growing complexity of bank-fintech partnerships. While these arrangements can provide significant benefits, supervisory experience has highlighted various risks that need careful consideration. The agencies support responsible innovation while ensuring adherence to safe and sound banking practices and applicable regulations.

The entire RFI can be found here

3 Bank–Fintech Partnership Models

The RFI identifies several key partnership models that have emerged as banks and fintech companies collaborate to deliver financial services. These arrangements typically fall into categories of deposit-taking, payment processing, and lending activities.

Deposit-Taking Arrangements

Bank-fintech deposit partnerships typically involve nonbank fintech companies providing end users access to banking products through their platforms. These arrangements create complex operational structures requiring careful oversight and management.

Operational Structure:

• Fintech companies maintain critical roles in deposit and transaction record-keeping
• Bank's core deposit ledger often shows only omnibus accounts titled FBO end users
• Contracts govern operational responsibilities including record-keeping and access
• End-user onboarding and compliance management are often handled by the fintech

Service Delivery:

• Some fintechs target specific customer bases like underserved or younger demographics
• Others incorporate deposit services into larger suites of financial products
• Heightened operational complexity exists in reconciliations and BSA recordkeeping
• Customer complaint handling and dispute resolution responsibilities must be clearly defined
  

Payment Processing Partnerships

The RFI notes that payment-related partnerships have rapidly increased in both number and complexity. These arrangements can vary widely and may include several different types of payment options.

Service Types:

• Debit and credit card offerings through bank-fintech arrangements
• Fund-transfer services utilizing ACH transactions and wire transfers
• Prepaid services linked to fintech platforms
• Digital wallet and contactless payment capabilities

Operational Structure:

• Banks may directly operate and manage cards or delegate to fintech partners
• Settlement accounts are established for payment acceptance and processing
• Banks often sponsor fintech access to payment systems and card networks
• Additional services may include personal finance and payment management tools
  

Lending Collaborations

The RFI outlines specific structures for lending partnerships where banks facilitate and fund loans while fintech companies handle customer acquisition and data collection.

Operational Roles

• Banks facilitate and fund loans under agreed-upon standards
• Fintech companies collect application data and solicit end users
• Underwriting uses fintech-collected data within bank parameters
• Loan servicing may be performed by the fintech or fourth parties

Financial Structure:

• Loans may be retained on bank's balance sheet or sold to fintech partner
• Some arrangements include loan securitization options
• Banks often maintain economic interest through various mechanisms
• Specific service level agreements govern ongoing operations

Risk Considerations and Challenges

Accountability Issues

The Request for Information (RFI) highlights the critical accountability challenges faced by banks engaged in partnerships with fintech companies. Despite the division of contractual responsibilities, banks retain ultimate accountability for regulatory compliance, creating significant oversight complexities. Banks are required to monitor activities even when operational control is shared, which can complicate risk management efforts and blur lines of accountability. Ensuring compliance with all applicable laws remains a non-negotiable responsibility for banks, regardless of the partnership structure. 

Control Challenges

Additionally, control challenges often arise when fintech partners hold substantial negotiating power or when banks are heavily dependent on them for revenue or liquidity. These dynamics can weaken a bank’s ability to effectively oversee the partnership, particularly when differing risk tolerances between the entities create operational tensions. Banks must also ensure their staff has the capacity to critically assess and challenge key aspects of these relationships, reinforcing the importance of clear oversight and accountability mechanisms.

Rapid Growth Risks

The RFI identifies specific risks related to rapid growth through fintech partnerships, particularly for community banks. These risks can threaten safety and soundness if not properly managed.

Operational Impacts:

• Risk management capabilities may not scale fast enough with growth
• Significant increases in transaction volumes create monitoring challenges
• Manual workarounds may be needed for infrastructure limitations
• Complex technology integration can introduce new vulnerabilities

Financial Considerations:

• Rapid deposit growth may exceed traditional management capabilities
• Investment of short-term deposits in longer-term assets creates risks
• Capital must be sufficient to support expansion
• Liquidity stress can occur from large withdrawal requests

Data Management Challenges

The RFI highlights several critical issues surrounding data management in bank-fintech partnerships.

Access and Control:

• Banks need sufficient access to fulfill regulatory obligations
• Data ownership disputes can arise between partners
• Customer information sharing faces regulatory restrictions
• Record retention requirements must be clearly defined

Protection Requirements:

• Clear protocols for handling nonpublic information
• Requirements for data privacy and security
• Procedures for data retention and destruction
• Access controls and monitoring systems

Additional Guidance on Third-Party Arrangements for Bank Deposit Products

On July 25, 2024, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) collectively issued a Joint Statement addressing the potential risks associated with banks' arrangements with third parties for delivering bank deposit products and services. This statement emphasizes the importance of effective risk management practices and reaffirms existing regulatory guidance without introducing new supervisory expectations.

For further details, you can view the full statement here.

Common Bank Partnerships with Third Parties

Banks often collaborate with third-party providers, including fintechs, to expand their services. These partnerships commonly involve:

• Marketing and Distribution: Third parties promoting and distributing deposit products directly to customers.
• Operational Functions: Handling tasks like deposit recordkeeping, payment processing, and customer service.

These third parties can include non-bank companies, particularly financial technology (fintech) firms, and may be involved in what is commonly referred to as "banking-as-a-service" or "embedded finance."

Key Risks Associated with Third-Party Bank Deposit Products

Operational and Compliance Risks

• Heavy Third-Party Reliance: Banks lose some control over deposit functions when third parties manage significant operations, making due diligence and monitoring essential.
• Fragmented Oversight: Multiple third-party relationships can complicate risk management.
• Limited Access to Records: Banks may struggle to obtain critical data maintained by third parties, jeopardizing their ability to fulfill obligations.
• Compliance Vulnerabilities: Outsourcing compliance tasks to third parties increases the risk of regulatory failures, with banks bearing ultimate responsibility.
• Consumer Protection Risks: Poor oversight can lead to violations, such as delayed dispute resolutions or inaccurate disclosures.

Growth-Related Risks

• Conflicting Incentives: Third parties may prioritize growth over regulatory compliance.
• Lagging Capabilities: Rapid expansion can outpace risk management systems.
• Liquidity Dependence: Relying heavily on third parties for deposit funding can destabilize liquidity.
• Capital Strains: Fast growth without adequate capital can weaken financial stability.
  

Confusion About Deposit Insurance

• Misleading Marketing: Some third-party promotions may create confusion about deposit insurance coverage.
• Incomplete Information: Misrepresentation or omission of key details can lead to violations of FDIC regulations.

Risk Management and Governance Considerations

Effective Risk Management Practices

Banks are expected to maintain robust risk management frameworks that align with the complexity and nature of their third-party relationships. Key practices include:

• Due Diligence: Assess third-party reliability and capability.
• Clear Contracts: Define roles and responsibilities explicitly.
• Ongoing Monitoring: Regularly evaluate third-party performance and identify issues.
• Contingency Planning: Prepare for operational disruptions.
• Internal Controls: Ensure strong oversight of deposit-related activities.
• Compliance Policies: Establish procedures for regulatory adherence.

Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)

• Compliance Framework: Ensure adequate policies and procedures are in place to meet AML/CFT requirements, including monitoring for suspicious activities.
• Sanctions Compliance: Maintain oversight to ensure compliance with sanctions regulations.

Managing Growth, Liquidity, and Capital Implications

• Concentration Limits: Establish appropriate concentration limits and diversification strategies to manage liquidity risks.
• Liquidity Risk Management: Develop strategies to address unexpected deposit withdrawals and maintain capital adequacy.
• Brokered Deposits Analysis: Conduct analyses to determine if any parties involved in deposit placements qualify as deposit brokers, ensuring proper reporting in Call Reports.

Addressing Misrepresentations of Deposit Insurance Coverage

• Policies and Procedures: Develop risk management practices that ensure compliance with regulations prohibiting misrepresentation of deposit insurance.
• Monitoring Activities: Implement monitoring provisions for third parties that facilitate access to deposit-related services.

How NETBankAudit Can Help Navigate Bank-Fintech Partnerships

NETBankAudit specializes in helping financial institutions manage the complexities of bank-fintech partnerships. With a focus on compliance, risk management, and operational efficiency, our services ensure that banks meet regulatory expectations while fostering successful collaborations.

Our offerings include:

• Risk Assessments: Comprehensive evaluations to identify and mitigate risks associated with third-party relationships, ensuring alignment with regulatory frameworks like FFIEC and NIST.
• Compliance Audits: In-depth reviews of policies and procedures to ensure adherence to consumer protection, BSA/AML/CFT, and other regulatory requirements.
• Third-Party Vendor Oversight: Tools and guidance to enhance due diligence, contract management, and ongoing monitoring of fintech partnerships.
• Data Governance Support: Assistance with developing data privacy and security protocols to meet regulatory standards and safeguard customer information.

As the financial landscape evolves, it’s essential to stay ahead of potential risks and challenges. NETBankAudit provides the expertise and solutions needed to navigate this complex environment. Explore NETBankAudit's services to learn more about how we can support your institution’s growth and compliance efforts.