The complex and under-supervised “banking as a service” sector (BaaS) has developed beyond regulators ability to keep up — leaving customers and communities exposed.
The agencies are pushing for action on bank-fintech partnerships following the recent collapse of prominent BaaS firm Synapse, which resulted in about $85 million in customer funds irretrievably lost.
Synapse was a middleware provider, offering services to customer-facing fintech companies such as Yotta and their respective partner banks such as Evolve Bank & Trust. Many banks rely on fintech companies to provide novel products and services to customers such as personalized financial management tools and instant money transfers through digital payment infrastructure.
In April 2024, Synapse filed for bankruptcy due to its inability to reconcile the account balances of individual customers. The crisis exposed that Synapse had allegedly used customer funds to meet their reserve requirements. The poor compliance practices maintained by both Synapse and Evolve created an environment ripe for abuse. The customers whose deposits were unaccounted for in Synapse and Evolve’s collapse had little recourse to recoup their losses because Synapse held consumer deposits without a bank charter, meaning that any deposits lost by the company were ineligible for FDIC coverage.
In response, the OCC and FDIC asked for stakeholder input concerning bank and third-party partnerships, with the FDIC also issuing a new proposed rule requiring daily reconciliation of consumer deposits.
NCRC’s comment letter raised concerns with BaaS oversight that go beyond the vulnerability of customer deposits to encompass broader systems issues with allowing unchartered fintechs to engage in activities that have historically required a bank charter (and thus FDIC coverage). Our coalition is particularly eager to see the regulators act to curb BaaS’s current ability to undermine the redevelopment and equitable investment obligations Congress placed on banks back when computers were the size of a house.
NCRC’s comments highlighted that:
- Regulators should strengthen oversight on banks to ensure fintech partners comply with anti-discriminatory and consumer protection laws.
- In the event of risky behavior on behalf of a fintech, regulators should consider a range of measures including assessing fines to the partner bank, restricting the fintech’s products and services, as well as requiring both the bank and fintech to report on actions taken to mitigate future risks.
- Bank-fintech partnerships pose challenges to the traditional definition of CRA assessment areas, which typically assumes that lending should occur in the area where a bank collects consumer deposits.
- Fintech companies can allow banks to engage in deposit collection across almost any geographic area creating a significant regulatory gap in community reinvestment activity.
As new financial innovations continue to advance, regulators should seek approaches that are flexible and proactive to manage risks posed by emerging entities within the digital banking ecosystem. Responsible approaches to these types of bank-fintech partnerships should prioritize both consumer protection and reinvestment activity at the forefront of the business model – rather than as an afterthought.
Bakari Levy is a Government Affairs Associate at NCRC.
Photo by Tech in Asia, via Flickr.