Banking Agencies Address Banking Arrangements with Third Parties to Provide Deposit Products and Services
Banking Agencies Address Banking Arrangements with Third Parties to Provide Deposit Products and Services
On July 25, 2024, the Federal Reserve Board, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation (collectively, the “Agencies”) issued a joint statement to banks regarding risks associated with working with third parties to provide bank deposit products and services to customers (“Joint Statement”). The Agencies also issued a request for information (RFI) to solicit comment on bank-fintech arrangements that involve banking products and services delivered to end users. The issuance of the Joint Statement and RFI follows final joint guidance on managing risks associated with third-party relationships and an increase in enforcement actions levied by the Agencies related to bank-fintech arrangements.
While the Agencies make clear they support responsible innovation and the use of third-party arrangements, the Joint Statement is a reminder that a bank’s use of third-party arrangements to deliver deposit products and services to customers does not diminish the compliance obligations of the bank. The Joint Statement does not set forth new supervisory expectations or alter existing legal or regulatory requirements.
The Agencies also acknowledge that while third-party arrangements can provide benefits to banks such as raising deposits and increasing revenue, the “evolution and expansion of these arrangements” has led to greater complexity. As a result, the Agencies highlight the following potential risks that each bank should consider in structuring and operationalizing third-party relationships for delivery of banking products and services to end customers.
The Joint Statement lists potential operational and compliance risks to consider, including among others:
Potential growth risks associated with third-party arrangements cited in the Joint Statement include:
The Joint Statement also flags potential risks pertaining to end user confusion and misrepresentation of deposit insurance coverage. These potential risks include:
The Joint Statement sets forth effective governance and risk management practices for banks to consider as they manage their third-party arrangements, including:
The Joint Statement highlights the importance of a bank having adequate policies, procedures, oversight, and controls to help ensure that the bank complies with applicable AML/CFT and sanctions requirements. It also notes the importance of establishing liquidity risk management strategies, as well as maintaining capital adequacy. In addition, the Agencies recommend that banks conduct analysis on whether parties involved in the arrangement may meet the definition of a deposit broker under 12 U.S.C. § 1831f and whether there are any associated reporting obligations.
The Agencies issued an RFI requesting feedback on complex bank-fintech arrangements. These include arrangements involving deposit-taking activities, payment activities, and lending products and services. The Agencies are requesting comment on the nature and implications of bank-fintech arrangements in connection with a variety of financial services and effective third-party risk management practices for banks.
In particular, the Agencies ask for information about the role of “intermediate platform providers” or “middleware providers,” which act as intermediaries between banks and fintech companies. Generally, intermediate platform providers, as defined in the RFI, enable individual banks to connect with numerous fintech companies, and provide technological, operational, and information services that enable individual banks to connect with numerous fintech companies more seamlessly. The RFI notes that an intermediate platform may enter into its own arrangements with banks and third parties to provide these services, and cautions that use of an intermediate platform provider further distances the bank from the end user.
The RFI also requests comments on topics such as (i) the different ways in which bank-fintech arrangements may be structured, (ii) risk management, and (iii) the impact of arrangements on end user access to different financial products and services.
The Agencies also ask whether enhancements to existing supervisory guidance could help to address the risks associated with bank-fintech arrangements.
Comments on the RFI are due by September 30, 2024.
Although by its terms, the Joint Statement does not impose any additional or altered legal requirements on banks, it indicates that bank-fintech arrangements are going to be subject to increased scrutiny by the Agencies and that the Agencies understand that these arrangements may be unique from other relationships between a bank and third-party vendor. In her statement issued in connection with the Joint Statement, Governor Michelle Bowman offered a slightly different view, expressing concern about the “disjointed approach” to guidance that the Agencies are taking with respect to bank-fintech relationships as providing insufficient clarity on the Agencies’ supervisory expectations. Governor Bowman also stated that while she supports the RFI, she hopes that it does not lead to duplicative or contradictory guidance or result in unnecessarily restricting innovation in the banking system.
When viewed along with the number of recent enforcement actions by the Agencies in the fintech space, the Joint Statement could increase the compliance and risk mitigation standards a bank may decide to contractually impose on its fintech partners and their third parties. Generally, fintechs will have to expect more stringent and thorough compliance demands and expectations from banks when entering into a partnership, and fintechs will have to make more significant investments to comply with such expectations.
This continues to be an emerging space that will continue to evolve as the Agencies stated they are considering whether additional steps could help ensure that banks effectively manage risks associated with banks’ third-party arrangements. Stay tuned for market and regulatory updates.