Treasury recommends more oversight for bank-fintech relationships

The report, “Assessing the Impact of New Entrant Nonbank Firms on Competition in Consumer Finance Markets,” recommended U.S. banking regulators should provide a “clear and consistently applied supervisory framework for bank-fintech relationships” in response to potential risks and increased competitive pressures posed by nonbank fintechs to the consumer financial market.

The framework would likely be based on risk management guidance proposed in July 2021, in which the Federal Reserve Board, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency offered guidance to financial institutions about how to enter into business relationships with third parties, including fintechs. Wednesday’s Treasury report recommended banking regulators finalize last year’s proposal.

The Treasury report was produced in response to requests made by President Joe Biden in his July 2021 executive order, “Promoting Competition in the American Economy,” and is the last in a series of Treasury reports on various aspects of the U.S. economy.

The report noted there are many benefits to consumers offered by nonbank fintechs, including expanded access to credit, payment solutions, and low-cost transaction accounts through digital banks. However, those same nonbank firms are also adding risks to market integrity. For example, fintechs do not have the same regulatory and reporting requirements related to consumer privacy and data breaches.

In addition, fintechs could potentially conduct business “in a manner that inappropriately sidesteps safety and soundness and consumer protection law requirements” that are applicable to traditional banks and financial institutions, referred to in the report as insured depository institutions (IDIs).

Many of the nonbank fintechs that have entered the consumer financial marketplace offer “unbundled bank-like services” that “are not necessarily subject to prudential requirements, including capital and liquidity requirements, affiliate and business restrictions, and ongoing examination and supervision,” the report said.

Another threat is posed by Big Tech firms potentially pushing out or purchasing smaller competitors in the most profitable sectors of the fintech marketplace, the report said.

The report noted IDIs are already responsible for managing the consumer banking activities of any third parties, including fintechs, and identifying and controlling the risks posed by those activities as if the IDI was performing them itself. If the fintech and not the IDI is providing those services, the fintech is still required to follow all consumer protection laws.

The report recommended federal banking regulators, either in the risk management guidance or separately, encourage IDIs to “negotiate effective oversight provisions in their contracts with fintech firms and other third-party service providers that align with the IDI’s internal oversight and risk management of its consumer banking activities, including those activities performed on behalf of the IDI by a fintech firm or another nonbank.” The contract should require the fintech firm to adhere to certain compliance and risk management practices and provide the IDI with the information necessary to evaluate whether these practices have been implemented.

Banking regulators should also review and potentially revise supervisory practices related to the oversight of small-dollar lending for loans worth less than $10,000, the report said, potentially with new guidance that provides “sufficient specificity” for IDIs on how they can provide small-dollar loan products that comply with applicable banking laws.