Banks have a long-standing and well-established history of complying with consumer regulations. What’s new — and what institutions may struggle with now — is how technology is changing compliance.
Consumer compliance regulations cover a range of interactions between financial institutions and their customers, ranging from marketing and communicating policies and procedures, managing disputes and calculating interest and fees. But digital channels and fintech partnerships are blurring the line between banks and nonbanks: A Bank Director analysis of more than a dozen 2023 and 2024 technology-related public consent orders found that consumer compliance was outlined in at least five orders in this group.
Many of those enforcement actions came from the Federal Deposit Insurance Corp., which highlighted how these partnerships, coupled with poor third-party oversight, contribute to consumer compliance deficiencies, according to a spring supervisory report. The report specifically called out bank and nonbank partnerships where nonbanks offer products and services directly to customers, often called banking as a service or BaaS.
Overall, the agency initiated 16 formal and 16 informal enforcement actions to address consumer compliance exam findings in 2023, compared to the 21 formal actions and 10 informal ones it issued in 2022.
[This is the fifth article in a series about consent orders relating to technology; previous articles focused on the Bank Secrecy Act and money laundering compliance, third-party risk management, customer identification and information technology and security.]
There are several ways that technology’s role in consumer compliance concerns regulators, says Susan Seaman, a partner at the law firm Husch Blackwell, who covers financial services. One is the technology a bank uses to provide a service or generate an offer — such as a credit underwriting algorithm that includes unidentified bias. The other concern is whether banks have adequate capabilities, including technology and compliance staff, to monitor marketing, communications, transactions and disputes to ensure compliance.
This means it’s not just banks with fintech partnerships that need to pay attention to consumer compliance violations, says John Zanzarella, senior vice president of sales at PerformLine, a sales and marketing compliance monitoring software company. Digital channels mean financial services marketing has become more competitive and national, with new and novel ways to reach potential customers: social media, influencers and podcasts, for example. These can overwhelm compliance teams. Banks must show regulators that they have appropriate policies and procedures and that they are making a best-faith effort to monitor those communications and act when they encounter violations.
“The way you have to approach this as a bank is that you need to have your compliance ducks in a row, your policies and procedures in place and have clear-cut brand guidelines of what you expect your partners to do when they’re representing your bank,” Zanzarella says.
But it can be challenging for a bank to oversee a fintech partnership, says James Kim, a partner at the law firm Troutman Pepper, who leads the fintech practice. A bank’s third-party risk management must keep up with the speed and scale of these programs and it might be unclear how to share and delegate compliance duties.
“It takes a lot of time, energy and effort [for a bank to grow],” he says. “These fintech partnerships can be challenging because they involve a combination of exponentially increasing scale and risk, while also moving super fast.”
Prudential bank regulators are not the only government agencies interested in consumer compliance, of course. Both banks and nonbanks must contend with the Consumer Financial Protection Bureau, which has initiated rulemaking on nonsufficient funds fees, overdraft coverage at large banks and has issued guidance on consumer rights when using buy now, pay later products, all of which could impact bank-fintech partnerships.
“At the end of the day, I think it’s a question for banks of vendor management and third-party risk management, and continuing to apply the principles that underlie safe and responsible risk management,” says Mike Silver, another partner at Husch Blackwell who covers consumer finance.
Zanzarella now sees banks are becoming “much more methodical” about the fintech partners they work with, establishing their expectations and performing better due diligence at the start of the relationship while onboarding fewer programs overall. He says fintechs need to invest more and earlier in their compliance capabilities so they can be better partners for their banks, instead of focusing solely on sales, marketing and customer acquisition.
“It does require, in some cases, slowing down to speed up,” says Zanzarella. “Making sure [banks and fintechs are] having these conversations upfront and that everyone’s on the same page, making sure that compliance has a seat at the table, and what’s important coming out of these relationships is some checks and balances going forward.”
Previous