Share
Despite the uptick in consent orders, most sponsor banks aren’t worried
If you read only news headlines, you might think the sky is falling in Banking-as-a-Service and embedded finance.
Since last fall, regulators have announced a steady stream of enforcement actions against banks for failure to ensure that their non-bank partners were adequately managing risk and compliance for the customers those fintechs were onboarding.
Taken together, those actions represent an unmistakable message from regulators to sponsor banks: you’re on the hook for your partners’ compliance. When mistakes are made, it’s your charter that’s at risk. And amending those missteps can be costly on every level.
Since October, regulators have announced enforcement actions against at least 10 sponsor banks, including six this year alone. And that may be just the start: financial services advisory firm Klaros Group has predicted that every single bank with a Banking-as-a-Service or embedded finance line of business can expect some level of regulatory action in 2024.
The bottom line: if you’re a bank with third-party BaaS or embedded finance partnerships, then it’s likely a question of when, not if, regulators will come knocking on your door. Sponsor banks should operate with the expectation that your regulator –whether it’s the OCC, FDIC or the Federal Reserve– will give your third-party programs and controls a hard look.
That may sound scary, but it isn’t deterring many organizations from either continuing their sponsor bank program or starting a new one. But with more defined rules and stronger enforcements banks who are continuing or exploring a sponsor bank program are doing so with new considerations and stronger compliance requirements in mind.
Compliance isn’t a nice-to-have; it’s a must
CCG Catalyst analyst Tyler Brown recently wrote a helpful analysis of the major themes across recent bank enforcement actions. Two of the biggest themes he identified were a gap in banks’ oversight and control over third-party partners’ BSA/AML compliance, and banks’ failure to scale the scope and quality of risk management to a level appropriate for the size and risk profile of third-party partners.
Last year, Alloy’s co-founder Laura Spiekerman wrote that compliance is the key to successful bank and fintech partnerships. As CCG Catalyst’s analysis shows, that’s never been more true.
New tools make oversight the default, making things easier for banks *and* fintechs
In the wake of this stepped-up regulatory activity, a number of companies –including Alloy– have introduced new products and toolsets specifically designed to give sponsor banks the real-time oversight and meaningful control that regulators now expect.
Alloy’s new product, Alloy for Embedded Finance, is designed to make it much easier for banks and fintechs to work together collaboratively to manage identity and compliance risk.
AFEF gives sponsor banks something they’re desperately missing: visibility into compliance across their entire portfolio of third-party partners, all in one place. These aggregated, real-time insights eliminate the time-consuming need to request and review snapshots –often in spreadsheet form– of partners’ stale data.
Oversight is baked in as the default baseline – and we think that’s the future.
Last fall, our partner Socure announced Socure Control Center, which –like Alloy for Embedded Finance– offers sponsor banks a single dashboard where they can access real-time data and insights across their partner portfolio, and quickly update and deploy policy changes.
Tools like these can strengthen the relationships between sponsor banks and fintech partners by making the compliance process more collaborative, while also allowing each party to more efficiently operate. Fostering positive relationships is critical; it takes time and significant effort to secure a sponsor bank, and when mistakes happen –and they will, because we’re all human– you’ll need to work together to solve them.
Make sure you’re staffed appropriately
Sponsor banks should also consider beefing up your BSA/AML staffing; a common theme among the recent consent orders has been ensuring that banks have adequate programs in place.
The key word is adequate: your BSA/AML compliance program is only effective if you have the teams in place to run it. The size of your BSA/AML team should scale with the number of your non-bank partners and the size of those partners’ programs.
For the same reason, you should strongly consider beefing up the teams that prepare materials for exams by your auditors. The cost of this upfront investment pales in comparison with the financial and reputational costs of a consent order.
Alloy is partnered with more than 300 banks, and in conversations with banks over the past six months, we’ve heard consistently that banks are staffing up in those areas in anticipation of stepped up regulatory scrutiny over the next year.
Final thought: this new normal is an opportunity for banks
Embedded finance and Banking-as-a-Service are still promising growth opportunities for banks. These models give banks an attractive way to reach new customers at a much lower cost, while scale their deposits and compete against much larger competitors.
Cornerstone Advisors has estimated that embedded finance alone may be a $25 billion revenue opportunity for banks. But fulfilling that promise means moving proactively now to strengthen oversight and control of your third-party programs.
In a speech last month at CBA Live, Acting Comptroller of the Currency Michael J. Hsu said, “Consumer banking and compliance are more inextricably linked now than ever. This presents a challenge—and an opportunity—for banks and how they approach compliance risk management.”
I couldn’t agree more.