OCC keeps focus on bank/fintech partnerships

Since the beginning of Michael Hsu’s tenure as Acting Comptroller of the Currency, bank/fintech partnerships have been a focus of OCC concerns. Although bank lending partnerships with fintechs continue to receive attention from the OCC, recent comments from OCC officials indicate that OCC scrutiny is now also targeting partnerships outside the lending arena.

In remarks yesterday at The Clearing House and Bank Policy Institute’s annual conference, Acting Comptroller Hsu discussed the growth of “banking-as-a-service (BaaS),” meaning arrangements where a non-bank offers banking services to its customers as a way to add value to its products and services. He observed that “[d]digitization has placed a premium on online and mobile engagement, customer acquisition, customization, big data, fraud detection, artificial intelligence, machine learning and cloud management” and that “these activities require expertise and economies of scale that most banks do not have. ” Noting that BaaS is not a problem limited to large banks, he commented that banks and fintechs, “in an effort to provide a ‘seamless’ customer experience, are merging in ways that make it more difficult for customers and regulators, and industry to distinguish between where the bank stops and the technology company starts.”

Mr. Hsu expressed significant concern about the implications of these developments for safety and soundness. Discussing the supervisory concerns raised in banking technology surveys, he stated that a majority relate to “fundamental elements of risk management, such as board oversight, governance and internal control”, and that common issues involve inadequate information security controls, change management issues, particularly with emerging products and services , and IT operational robustness.” Mr. Hsu also raised concerns about unknown risks or “nasty surprises” arising from banking fintech arrangements. He indicated that to mitigate these risks, the OCC is currently working on a process to share into cohorts with similar safety and soundness risk profiles and attributes, this approach is expected to enable a clearer focus by the OCC on risks and risk management expectations.

According to a Law360 report, another OCC official speaking at the annual conference expressed concerns about bank/fintech partnerships. Kevin Greenfield, OCC deputy commissioner for operational risk, is reported to have warned banks that they could be liable for customer harm resulting from fintech partnerships, such as violations of consumer protection laws and unfair and deceptive practices. He advised banks to closely monitor risk and compliance in these partnerships. Regarding lending partnerships, Greenfield is quoted as saying that a bank’s responsibility for compliance with consumer protection laws “does not disappear if [customers] click on a fintech app or if they go into the bank branch to get that loan” and that “[i]fits into [the bank’s] charter granting that loan, [the bank needs to] understand what the risk is and how it works, because it will eventually be traced back to [the bank] who gave the credit.”

We find it notable that neither Mr. Hsu nor Mr. Greenfield mentioned concerns about a bank using the charter to avoid state interest limits that apply to a non-bank partner.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *