The New Administration Won’t Absolve Banks of Strict BaaS Oversight

With a new administration taking the reins at the federal banking agencies, the headwinds faced by banks providing banking as a service (BaaS) likely will lessen.

Still, the lessons learned over the last four years during the Biden administration will be instructive to banks providing BaaS.

As regulators have made abundantly clear through the issuance of guidance and regulation by enforcement, BaaS is not a turnkey activity. Even with the anticipated light-touch supervisory oversight from the Trump administration, compliance management will remain key: onboarding clients should involve a documented review of the fintech and its key service providers, their respective management teams, experience in offering regulated products, compliance records and sources of financial support.

Boards of directors must set the tone for management by establishing risk tolerances and articulating their vision of BaaS. Boards also must require management to develop oversight plans for each fintech’s operations, including the identification and mitigation of risks posed by each fintech client, and regularly review these plans to ensure they align with expectations and established risk tolerances. Oversight plans must be consistent with board-approved policies and procedures.

While regulatory burdens likely will be somewhat lowered, banks will still be required to invest in compliance resources, including experienced personnel familiar with the types of products and services that will be offered in connection with the BaaS programs. Oversight plans should establish appropriate metrics to monitor and oversee fintech partners, and banks must retain and use the right to audit fintech partners for contractual and regulatory compliance. The results of these audits should be appropriately documented, shared with the bank’s board, and made available to regulators.

Based on the findings of an audit, banks need to develop a realistic process for terminating relationships with fintechs that fail to meet their expectations and oversight plan. Provisions for an orderly wind-down should be set forth in each program agreement, and banks shouldn’t be shy about exercising their right to terminate a troublesome program.

Recent experience reveals why both banks and fintechs should understand their respective obligations when they part ways. The wind-down agreement should include information regarding whether a bank merger application will be required with regulators for transferring deposit liabilities and be structured to avoid disenfranchising consumers from the products and services they were receiving via the fintech.

For example, when a consumer receives direct deposits, it could take several months for the sender to revise their Automated Clearing House instructions to a successor bank. Regulators will continue to look unfavorably on a bank if it disenfranchises customers from their deposits due to a disorganized wind-down — which could be deemed an unfair, abusive or deceptive practice, potentially creating liability for the bank. In addition, banks must remember that the customers of their fintech partner are ultimately also customers of the bank, and the bank could face significant reputational harm for disenfranchising its own customers by terminating a program expeditiously, absent exigent circumstances.

Of course, fintechs are not absolved of their independent obligations to conduct diligence on potential bank partners. It is important for fintechs to consider the staffing resources at potential partner banks to understand the amount of business the bank can support.

Fintechs also should understand the number of other programs the bank has taken on, the types of such programs and the potential risks presented by those programs. A bank is only as good as its weakest program, and if one of its programs lacks sufficient compliance and financial resources, the bank will ultimately face challenges that could result in unintended consequences. This could suddenly leave the fintech program without a home if the bank terminates its BaaS program — whether at the direction of regulators or on the bank’s own accord. Fintechs should prepare accordingly and have frank and honest communications with their bank partners.

Just as in other critical relationships, there should be no surprises between a bank and its fintech partner.