Ms. Ann Misback
Secretary
Board of Governors of the Federal Reserve System
20thStreet and Constitution Avenue NW
Washington, DC 20551
Mr. James P. Sheesley
Assistant Executive Secretary
Legal ESS
Federal Deposit Insurance Corporation
550 17th Street NW
Washington, DC 20429
Chief Counsel’s Office
Attention: Comment Processing
Office of the Comptroller of the Currency
400 7th Street SW Suite 3E-218
Washington, DC 20219
Re: Request for Information onBank-Fintech Arrangements Involving Banking Products and Services Distributedto Consumers and Businesses—Docket No. OP-1836; RIN 3064-ZA43; Docket No.OCC-2024-0014
To whom it may concern,
On behalf of The American Fintech Council (AFC),[1] I am submitting this comment letter in response to the joint Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses (RFI) by the Board of Governors of the Federal Reserve (FRB or Federal Reserve), Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) collectively referred to as the “Joint Agencies”.
AFC’s mission is to promote an innovative, transparent, inclusive, and customer-centric financial system by fostering responsible innovation in financial services and encouraging sound public policy. AFC members are at the forefront of fostering competition in consumer finance and pioneering ways to better serve underserved consumer segments and geographies. Our members are also improving access to financial services and increasing overall competition in the financial services industry by supporting the responsible growth of lending and lowering the cost of financial transactions, allowing them to help meet demand for high-quality, affordable financial products.
Responsible bank-fintech partnerships are critical to the continued innovation in and improvement of the financial services industry.[2] As the premier industry association representing both innovative banks and fintech companies, we are uniquely positioned to discuss the questions posed by the Joint Agencies in the RFI. Our overarching aim is to pursue a pragmatic approach to regulation that will encourage responsible innovation through sound public policy. To ensure the continued development of responsible bank-fintech partnerships AFC has consistently advocated for the Joint Agencies to
1. engagein regulatory modernization that encourages competition and innovation;
2. develop a unified and consistent approach to their oversight of bank-fintech partnerships;
3. increase clarity of supervisory expectations for regulated entities engaging in novel or innovative business models and activities; and
4. avoid the development of a patchwork or inconsistent regulatory and supervisory landscape that harms consumers, industry participants, and the resilience ofthe financial services ecosystem by inadvertently encouraging regulatory arbitrage.
Though the Joint Agencies identified potential risks that could be posed by bank-fintech arrangements within the RFI and the previously issued Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services,[3] it is important to recognize that both financial institutions and their fintech partners face significant regulatory oversight both directly and indirectly. Given the existing U.S. regulatory structure, financial institutions—regardless of size, activity, or business model—hold distinct requirements and responsibilities for ensuring their engagements with fintech companies are fully compliant with existing laws and regulations.[4] However, fintech companies also have requirements and responsibilities to adhere to existing laws and regulations, and face significant oversight from both the Consumer Financial Protection Bureau (CFPB) and state regulatory agencies.[5]
Further, due to customer demand within the fintech market, both financial institutions and fintech companies face an inherent incentive to remain in compliance with all relevant laws and regulations within the parameters of their partnerships. In addition, as will be discussed further below, fintech companies have established an important role in serving consumers, particularly those in historically underserved communities, with modern, digital-first banking services. In general, through these innovative products and services, consumers have both found an ease of use not previously found in services offered by legacy financial services providers and a trust in the products and services offered. In turn, these products and services have become an integral part of the livelihoods of consumers, including those who have been historically underserved.
It is with these points and the perspectives provided below, that AFC respectfully requests the Joint Agencies to carefully consider the comments received in response to this RFI and develop a pragmatic regulatory agenda that corresponds with the perspectives and recommendations identified by the varied stakeholder groups. Regulation by enforcement, unclear supervisory expectations, and non-binding interpretive rulemakings are not the path to an effective regulatory framework that encourages responsible innovation through bank-fintech partnerships.
To summarize, in the detailed analysis presented below AFC seeks to address the questions posed in the RFI. We do this first by presenting distinctions between the various types of bank-fintech partnerships within the financial services industry, including specific analysis regarding the risk profiles of “fintech consumer” and “fintech supplier” relationships, as well as, direct and indirect bank-fintech partnerships. Next, AFC discusses the benefits of bank-fintech partnerships. As will be further evidenced below, consumers and the industry see the benefits of encouraging the further development of robust digital-first offerings through responsible bank-fintech partnerships. Then, AFC will discuss the leading risk management practices and processes identified for establishing and maintaining responsible bank-fintech partnerships, as well as leading risk management practices and processes for specific activities conducted within bank-fintech partnerships. Lastly, AFC poses multiple recommendations related to improving the oversight and supervision of bank-fintech partnerships in a manner that will ultimately encourage the continued development of responsible bank-fintech partnerships. In addition, AFC also makes several programmatic recommendations for the Joint Agencies’ consideration that are specifically geared towards developing a regulatory framework that is befitting of the modern financial services industry.
I. AFC Believes the Joint Agencies Should Further Distinguish the Various Types of Bank-Fintech Partnerships
As the Joint Agencies continue to develop their understanding of bank-fintech partnerships, it is important to recognize the impact that the facts and circumstances of a given partnership may have on the revenue structures, risk profiles, and business operations of both the financial institution and the fintech company.
Simply put, not all bank-fintech partnerships are created equally. Responsible bank-fintech partnerships do have some salient features regarding the understanding that liability for any issues within the partnership ultimately lies with the bank. Further, as noted above, both financial institutions and their fintech partners have significant requirements under existing legal and regulatory frameworks. However, many of the specific terms and conditions devised in a bank-fintech partnership are predicated on contract provisions.
In large part, this reliance on robust contract provisions between the financial institutions and fintech companies is due to common and prudent business and legal practices. However, it also belies the lack of regulatory guidance regarding specific activities that exist in bank-fintech partnerships and the array of facts and circumstances that underlie a given bank-fintech partnership. These differences are critical to the structure and viability of the partnership, as well as the actual risks that the partnership could pose to consumers or the resilience of the financial institution and fintech company. Also, each of these partnerships presents distinct opportunities and dynamics that are important to the Joint Agencies’ oversight of the partnership.
While the RFI identifies various types of bank-fintech partnerships and notes that these arrangements “vary significantly in structure and product and service offerings”, it does not substantially discuss the various dynamics that are contingent upon the specifics of the bank-fintech partnership.[6] To improve the Joint Agencies’ understanding of bank-fintech partnerships, AFC recommends that staff continue to assess how the parameters of a given bank-fintech partnership impact the viability, opportunities, risks, and dynamics of these partnerships. In an effort to assist the Joint Agencies in this endeavor, AFC has provided additional information on various types of bank-fintech partnerships below.
AFC believes that it is important for the Joint Agencies to further distinguish between the various types of bank-fintech partnerships. It is important to note that within the existing regulatory framework, regardless of the model, banks hold the ultimate liability in any bank-fintech partnership. However, there are different categories of relationships depending on a number of factors. Each of these partnership categories can present distinct opportunities, risks, and dynamics that are important to oversight activities.
a. Fintech Consumer and Fintech Supplier Partnerships
In practice, AFC distinguishes between “fintech consumer” and “fintech supplier” relationships. While partnerships related to fintech consumer and fintech supplier relationships may have exhibit similar risk profiles in traditional risk management areas, such as concentration risk, AFC believes that there remain important factors that should be considered when reviewing both fintech consumer and fintech supplier relationships. In addition, we recognize, as the joint agencies briefly did in the RFI, that partnerships may be direct or indirect in nature. However, as explained further below, AFC believes that decidedly different risk profiles exist for direct versus indirect partnerships.
Fintech consumer partnerships are when there is direct engagement of the fintech company with a consumer or business that either previously or would have previously engaged directly with a financial institution. These partnerships commonly exist in lending and payments activities and provide consumers with improved user experiences while simultaneously improving the financial institution’s customer acquisition operations. Partnerships of this type would be considered “novel” under the definition put forth by the Federal Reserve.[7] In virtue of this novel activity, fintech companies in this type of partnership will have direct engagement with consumers and the initial aspects of a financial transaction. Given the type of relationship that the fintech company generally has with customers in the fintech consumer partnership, responsible financial institutions and their fintech partners must engage in robust risk management processes and practices to ensure that consumers are properly informed about the partnership and are properly protected from harm. As will be discussed further below, AFC and its members have identified a number of leading practices to ensure the responsible development of these novel partnerships.
In contrast, fintech supplier partnerships are when the fintech has direct engagement with the financial institution to provide a business development service within an existing or new business line or function of the financial institution. These partnerships are designed to be enterprise-facing endeavors that operate in a traditional service provider relationship with the financial institution. Unlike the fintech consumer partnerships discussed above, in a fintech supplier partnership, the consumer is maintaining a relationship with the financial institution, not the fintech. Fintech supplier relationships encompass core service provider relationships with financial institutions, as well as fraud, know-your-customer (KYC) monitoring, account verification, and card payment services. Within all of these examples, innovation can and does occur. However, the benefits and risks to consumers and the partnered financial institutions are not the same as those associated with fintech consumer partnerships.
b. Direct and Indirect Bank-Fintech Partnerships
Amore familiar bifurcation of bank-fintech partnership models is the direct versus indirect model. In a direct model, the bank supplies the technology solutions and APIs required for the non-bank financial services provider to connect to the bank’s system of record or account ledger. Some banks may also offer compliance or other advisory services to their non-bank financial services customers.[8] On the other hand, in an indirect model, a third-party “middleware” provider supplies the technology and APIs required for the bank and the non-bank financial services provider to exchange data. Middleware providers may also assist non-bank financial services providers with forming relationships with sponsor banks and other technology firms that provide services such as payment processing, account holder verification, and onboarding.[9]
Both direct and indirect models can operate in a responsible manner. AFC believes that it is critically important for financial institutions and fintech companies engaging in either direct or indirect models to appropriately understand the roles and responsibilities of each entity engaged in the supply chain of the banking product or service offered through the partnership. For instance, which entity owns the responsibility for customer communication and servicing within a given partnership. In practice, AFC recognizes that there are varied and, at times, complicated dynamics that exist between the different types of bank-fintech partnership models. However, to ensure proper understanding of the roles and responsibilities of each entity engaged in a partnership, all entities are required to establish clear and distinct roles and responsibilities for compliance and risk management processes that are underpinned by the existing regulatory structure.
At no point in either a responsible direct or indirect partnership model should the roles and responsibilities of any entity be confused, outsourced, or otherwise shirked. At the core of both direct and indirect models should be a focus on ensuring consumers are properly served. To that end, as will be discussed further below, AFC believes that industry participants should engage in the leading risk management practices identified in this letter.
II. Bank-Fintech Partnerships Exhibit a Multitude of Benefits for Both Consumers and Industry Participants
Fintech companies arose out of the combination of a dearth of consumer trust in traditional financial institutions in the wake of the 2008 financial crisis and increasing demand for modern, digital-first banking services.[10] Through partnerships with innovative financial institutions, fintech companies have been able to increase access to historically underserved communities, expand offerings, and create a robust and competitive market that has the ability to mitigate certain types of contagion risks in the financial services industry. As noted in multiple reports by the U.S. Government Accountability Office (GAO), responsible fintech providers provide the opportunity for significant consumer and market benefits.[11] As we will discuss in more detail below, these benefits are not coincidental to bank-fintech partnerships, but instead, they are ancillary to the robust market that has developed over the past 15 years.
a. Responsible Bank-Fintech Partnerships Responded to Digital-First Consumer Demand
Bank-fintech partnerships developed and rapidly grew in popularity due to strong consumer demand for digital first financial products and services. Partnerships that started within one vertical, such as lending or payments services, quickly developed to include other services, such as deposit taking. The consumer demand, which has been a driving force for these innovative products and services, shows no sign of slowing, regardless of market or non-market forces and their impacts on bank-fintech partnerships.[12]
AFC recognizes that this rapid growth in the parameters of the partnerships does not come without the need to ensure that both the innovative financial institutions and fintech companies develop processes and staffing resources in key areas that are commensurate with the growth in the partnership. At no point should a financial institution grow in an unmanageable manner that places unnecessary risk on the services they provide and the consumers they serve. Todo so would be antithetical to the purpose underpinning bank-fintech partnerships, namely, to serve consumers more efficiently and effectively than has been previously done. Equally important, is the Joint Agencies’ consideration of the perspectives provided in response to this RFI so they can craft their policy efforts in a manner that will ensure the continued development of bank-fintech partnerships in a manner that benefits consumers and addresses the significant demand for improved products and services through digital-first offerings.
b. Bank-Fintech Partnerships have Increased Access to Financial Services for Historically Underserved Consumers
Through academic, industry, and government research, bank-fintech partnerships have been empirically shown to improve financial inclusion through improved services to historically underserved communities.[13] In addition, innovations from fintech companies have provided responsible alternatives to high-cost options for consumers in these communities; thus, improving the overall financial health of these consumers.[14] Instead of being forced to engage with payday lenders and check cashers, consumers have gained access to responsible term loans and high-yield demand deposit accounts. Specifically, the deposits brought into financial institutions via their partnerships with fintech companies have proved to be stable and beneficial for both the consumers and the financial institution. These products and services are a direct response to consumer demand, and their impact is most acute for those consumers historically underserved by traditional financial services participants.
Consumers categorized as “near prime” consumers are another consumer group who has uniquely benefited from responsible bank-fintech partnerships and their ability to offer expanded traditional products and services. For example, credit offerings, including credit builder products, credit cards, and term-loans, offered through the innovative services born out of the bank-fintech partnership model are able to serve an expanded consumer market making these products and services more economically viable and available to consumers. In today’s world, it is nearly impossible to function without a credit card, to either make purchases online, or offline, particularly with a trend toward cashless payments. Through responsible bank-fintech partnerships, this cohort of near prime consumers, thus helping consumers build credit, and in the process, making credit even more affordable and accessible.
c. Responsible Bank-Fintech Partnerships Expanded Offerings through Innovative Products and Services
In addition to the expanded offerings of traditional banking services—including no-fee, high-yield demand deposit accounts, term loans, and faster payments services—responsible bank-fintech partnerships have also been able to offer new, innovative products and services to consumers. For example, through bank-fintech partnerships, buy-now-pay-later (BNPL) loans and earned wage access (EWA) transactions have been able to flourish and assist consumers in developing stronger financial lives. While these two products are distinct in crucial ways, they both leverage innovative technologies to effectively serve consumers and expand available alternatives to predatory products. These products allow consumers to smooth their spending, budget more effectively, and, specifically for EWA, receive the pay they are entitled to for completed work prior to the end of an arbitrarily set pay period. In short, these innovative products and services would not be viable without the use of innovative technologies and a partnership between financial institutions and fintech companies.
d. Responsible Bank-Fintech Partnerships Increased Competition and Improved Long-Term Viability of Financial Institutions
Bank-fintech partnerships have also been crucial to improving competition in the financial services industry both domestically and abroad. According to a June 2024 literature review conducted by the Basel Committee on Banking Supervision, there is ample evidence to support the view that the rise of fintech has put pressure on the market share and pricing power of incumbent banks.[15] Ultimately, as evidenced by the aforementioned discussion on consumer demand and service to underserved populations, responsible bank-fintech partnerships have led to greater competition for banking services, particularly when gaps in the market a represent. In turn, this greater competition has led to a virtuous cycle of innovation and consumer benefit by pushing companies to continue seeking new services or providing these services in unique ways to increase their market share and effectively serve more consumers.
In addition, through this competition, community banks have experienced unique benefits. As portrayed by the sentiments of FDIC Chair Martin Gruenberg,[16] community banks and their continued involvement in the U.S. financial services industry are crucial to ensuring that the industry remains resilient and that consumers are properly served. Through partnerships with fintech companies, community banks have been able to reach far more consumers than through their traditional banking services alone. Central to many community banks is a “relationship banking” culture that meets customers on their terms and provides additional flexibilities in the products and services offered. Community banks engaged in bank-fintech partnerships bring additional benefits to consumers by providing their relationship banking style to the products and services they offer online. Further, the relationship banking ethos that underpins community banks helps to bolsters the suitability and resilience of partnering with fintech companies who seek to leverage innovative technologies and methods to offer new products and services. In turn, by pursuing these innovative products and services through responsible bank-fintech partnerships these community banks can help ensure long-term viability of their institutions and the resilience of the U.S. financial services industry.
e. Responsible Bank-Fintech Partnerships Leveraged the Core Competencies of Each Entity to Improve Services to Consumers in a Compliant Manner
Relatedly, responsible bank-fintech partnerships have been able to improve regulatory and cost efficiencies within both financial institutions and fintech companies. For years, fintech companies have leveraged their core competencies to make payments, lending, and deposit taking easier for their financial institution partners. On the financial institution side, these entities have used existing robust compliance practices and processes, as well as keen knowledge of the regulatory requirements in financial services to improve the safety and security of products and services offered in partnership with fintech companies. Thus, the bank leverages their strength in defining the regulatory guidelines for the fintech company and ensuring compliance. By creating these efficiencies, financial institutions and fintech companies are able to dedicate additional capital to their core products and services. Thus, more effectively serving consumers, especially those in historically underserved communities.
III. AFC Identified Leading Risk Management Processes and Practices in Bank-Fintech Partnerships Both Throughout the Partnership and in Specific Activities
Fintech companies and the innovative financial institutions with whom they partner have a duty to operate in a responsible manner. To AFC and its members, this means avoiding simply digitizing existing analogue predatory products and instead operating in a proactive manner to address any identified issues that might harm consumers, diminish the resilience of the financial institution or fintech company, or increase risks to the financial services system. Like any emerging industry or model, the bank-fintech partnership continues to mature in its processes and practices related to risk management. To that end, AFC and its members continue to pursue leading practices to effectively manage risks associated with bank-fintech partnerships.
In an effort to address the Risk and Risk Management questions posed by the Joint Agencies in the RFI, AFC and its members have identified leading practices that responsible banks-fintech partnerships rely upon to conduct their operations in a prudent and orderly manner. In recognition of the complexity and nuance associated with bank-fintech partnerships, AFC and its members have engaged in establishing practices and processes that consider the partnership in a holistic manner, while also developing specific practices depending on the type of partnership and activities covered under the partnership. Overall, this approach helps to ensure that both banks and fintech companies are developing effective, transparent, and resilient partnerships that benefit consumers.
a. AFC Identified Leading Practices in Throughout the Bank-Fintech Partnership
As noted in the existing interagency third-party risk management guidance, both financial institutions and fintech companies engaging in responsible bank-fintech partnerships of all types should develop robust due diligence and risk management processes and practices encompassing the entirety of the bank-fintech relationship.[17]AFC generally approved of the supervisory expectations conveyed through the Joint Agency’s third-party risk management guidance and found the guidance helpful for the continued development of responsible bank-fintech partnerships. Particularly, the provisions related to the due diligence and third-party selection, contract negotiation, and governance sections of the guidance were helpful in rebalancing industry conversations and developed a clear path forward for financial institutions and fintech companies. In accordance with this guidance, AFC members have developed specific processes and practices for partner onboarding, continued monitoring of the partnership, and the responsible dissolution or termination of a partnership should it be required.
i. Leading Practices and Processes in Onboarding a Partner
Within a bank-fintech partnership, effective onboarding processes and practices are crucial to ensuring that both parties understand the roles, responsibilities ,and business operations in the partnerships. Paramount to the effective onboarding of a potential partner, this process must take a “consumer-first" approach when determining if and how to partner. When onboarding either a new bank or fintech partner, both parties should engage in a multi-step approach to assessing the risks posed by a given partnership. This process should be methodical and replicable for each partnership arrangement, while still recognizing the distinct risk profiles associated with each partnership. Specifically, contracts between financial institutions and fintech companies must provide clear and consistent compliance roles and responsibilities for both entities. While, as noted previously, the bank holds the ultimate liability for any compliance issue from a regulatory standpoint, the contract terms must also ensure that the fintech company is held accountable and not absolved of any liability.
Within the onboarding process for either a financial institution or a fintech company in a bank-fintech partnership, AFC identified leading practices as conducting robust “suitability assessments” holistic qualitative and quantitative risk assessments; targeted secondary risk assessments (where applicable); development of clear compliance requirements; and contingency planning for effective remediation of issues, dissolution, or termination of the partnership. These practices are specifically designed to evaluate each partnership on its merits and effectively determine the actual risks posed.
Suitability Assessment. A suitability assessment starts prior to the formal due diligence process and functions as an initial check of a potential partner and how they fit with the assessing entity’s mission, risk appetite, activities, and other relevant factors. The assessing entity will review the potential partner at a high level, but holistically to understand any potential legal, compliance, reputation, and culture risks. To conduct this assessment, the assessing entity will typically engage multiple internal teams, including legal and compliance, and assess the permissibility of the activity(ies) that would be under the partnership within the given operating jurisdiction. The goal of this assessment is to flag any issues that the potential partner may pose to the risk tolerance and appetite of the assessing entity.
Holistic Quantitative and Qualitative Risk Assessment. As part of the formal due diligence process for potential partnerships, both financial institutions and fintech companies conduct quantitative and qualitative risk assessments. This assessment occurs prior to the creation of contractual partnership agreements. Building on the initial “suitability assessment”, these risk assessments are deeper analyses of the potential partner. Within these assessments, the assessing entity both quantitatively scores the potential partner, as well as qualitatively assess the information it receives from the potential partner based on internally established criteria relate
.svg)
.svg)
About the American Fintech Council: The mission of the American Fintech Council is to promote an innovative, responsible, inclusive, customer-centric financial system. You can learn more at www.fintechcouncil.org.
.webp)