September 14, 2022 | Ali Abbas
Estimated reading time: 7 minutes
FinTechs and Banks: friend, foe, partners – or a compliance blind spot?
How traditional banks interact with financial technology companies (FinTechs) has long been the source of confusion and debate. There have been ongoing conversations around whether FinTechs were friends or foes to traditional banking, with rumours that FinTech would render banks dormant as they struggled to keep up with increasing consumer demands for digital finance.
While FinTechs and their longstanding counterparts have varying pros and cons, we are starting to see that – instead of working in competition as separate entities, the two are partnering together to offer a new, hybrid product. These partnerships combine the well-built-out customer bases and reputation of banks with the agility and technological ability of FinTechs to offer the ultimate in financial services.
It would appear that FinTechs are neither friends nor foes to banks – they are partners.
While the meeting of big banks and FinTechs has many benefits, it is not without risk. This is especially true given the lack of transparency and regulatory clarity around these emerging working relationships. This is an issue that Acting Comptroller of the Currency, Michael Hsu, was eager to tackle in a recent speech.
Hsu has highlighted that these emerging relationships offer many benefits, but also make space for compliance blind spots. With that in mind, the Office of the Comptroller of the Currency (OCC) is actively working to ask questions to better understand these partnerships which, as Hsu notes, could mark a “significant shift in how banking services are going to be provided in the future.”
“What is the dynamic between the two business models? Do they lead to healthy competition resulting in better products and services and more resilience at better prices for customers? Or do they lead to a race to the bottom with pressure to cut compliance corners and to monetize user data in novel ways? Perhaps both?”
A careful and cautious approach to crypto
Before exploring these vital relationships, Hsu was keen to note that alongside new relationships between banks and FinTechs, we are also seeing increasing interplay between banks and cryptocurrency.
While some regulators are giving the green light to crypto, Hsu maintains that he has always seen red flags in crypto’s rapid growth, resulting in a “careful and cautious” approach from the OCC. As set out in Interpretive Letter 1179, Hsu notes that national banks and federal savings associations (FSAs) should not engage with crypto activities unless they can show that any activities are “performed in a safe, sound and fair manner”. It is this cautious approach, Hsu believes, that has protected the federal banking system from much of the fallout experienced following the collapse of Terra in May 2022.
While crypto remains important, Hsu notes that it is not the sole focus of regulators and instead moves away from the impact that volatile crypto markets have had on the regulatory focus, noting instead that “FinTechs and Big Techs are having a large impact and warrant much more of our attention.”
A more sophisticated understanding of bank-fintech arrangements
Financial services are being “compartmentalised and offered by a greater number of entities beyond traditional banks, including by technology firms”. The arrangements between banks and FinTechs, says Hsu, are “significantly more intricate” than traditional or standard outsourcing relationships for banks. These new ways of working, especially with “banking as a service” are changing the face of banking, as well as the risk profile that sits alongside it.
As banks move to a more digital way of working, Hsu notes that a new premium has been placed on technology, in particular mobile engagement, customisation, big data, artificial intelligence and cloud management. Most traditional financial entities, often rooted in tradition, lack the “expertise and economies of scale” to be successful players in the new digital world. Instead, legacy banks are turning to FinTechs and Big Techs to fill their tech-led gaps. Far from being a foe to traditional banks, FinTechs are proving their services in a way that modernises their product offering and makes it more appealing to the new market of investors.
The benefit doesn’t solely lie at the feet of FinTechs, however. These smaller, tech-savvy firms have a lot to gain from larger banks with big budgets, built-out customer bases and market reputations.
And so, instead of seeing “FinTechs disrupting banks out of existence” we are instead seeing a focus on partnerships – the meeting of new tech with old finance. In many ways, it’s a win-win for both parties: banks have access to innovation, technology and speed to market that would pose challenges if built internally, while FinTechs can draw on the reputation, customer bases and funding sources of larger banks.
However, while these partnerships pose many benefits, they are not without risks. For Hsu, there is a “nagging familiarity” and parallels to be drawn between current markets and the 2008 financial crisis where, in his words, “the government’s liquidity backstop for banks had to be created to match the complexity of the financial system”.
Under this emerging new relationship between bank and fintech, Hsu’s concern is that a “similar increase in complexity is happening with regards to online and mobile payments, lending and deposit taking activities”.
“This process, if left to its own devices, is likely to accelerate and expand until there is a severe problem or even a crisis”.
How to prevent a crisis
In order to prevent compliance blind spots from becoming compliance crises, there needs to be a broad understanding that the benefits of technology can only truly be realised alongside effective risk management frameworks.
Bank information technology (BIT) concerns make up 25% of all cited supervisory concerns, according to the OCC. While technology poses myriad new risks, the chief concerns within supervisory relate to age-old issues, particularly:
- Board oversight
- Internal controls
- Insufficient information security controls
- Change management issues – particularly around emerging products and services
- IT operational resilience
While these “known knowns” are concerning, they are well worn and compliance teams should be considering these points as a matter of practice when onboarding new technology. Those that are failing to do so will fast feel the sharp end of the regulatory stick.
It is not the “known knowns” that worry Hsu, however. It is the “unknowns”. These less familiar, unseen risks pose a greater threat to compliance and wider financial services.
In order to tackle these risks, the OCC has committed to eliminating blind spots, better understanding the relationship between banks and FinTechs and working with interagency peers “to help ensure that we have a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized”.
The OCC is working on a process to subdivide bank-fintech arrangements into cohorts with safety and soundness risk profiles and attributes. As well as this, the OCC will be asking questions. In particular:
- Who is responsible for what when things break?
- How might confidence be lost in a banking services supply chain disruption and what would it take to regain it?
- How do banks and their third parties view and treat customers in bank-fintech arrangements—when do customers go from being the client to becoming the product and how are consumer protections maintained?
- How resilient are banking services to stress at FinTechs?
- What happens when FinTechs fail?
- How are bank and fintech business models changing and how are incompatibilities reconciled?
The OCC, as with most global regulators, are keen to instil trust within the banking system. In order to do this, Hsu says, regulators must maintain “high fidelity to the concept of safety and soundness”.
Over the past few years, we have seen significant changes within financial services, driven largely by digitisation. Of course, these are exciting times. We can now conduct financial activities from our homes – making investments, processing cheques and speaking to customer services. All of these offer huge benefits to customers and banks alike.
It is important to take stock, however. It was not so long ago that a compliance professional suggested to me that I should look into whether FinTechs could bring down traditional finance – there seemed genuine concern that FinTechs could render traditional banking redundant. This was less than a year ago, and yet here we are discussing newly fledged partnerships. Technology moves fast and, if the tone of Hsu’s speech is anything to go by, the industry isn’t always equipped to keep pace.
New partnerships are exciting, as are new, inventive product offerings. But compliance teams should not lose sight of the bread and butter due diligence that should run alongside these partnerships, nor essential, ongoing operational resilience checks once the technology is in place. As if that isn’t enough, compliance teams need to have their ear to the ground…it isn’t always the known risks that can bring you down, it’s the ones you might not predict.