In a bank-fintech partnership, who is in charge?
Just last week, Blue Ridge bank received an unprecedented second consent order in 18 months in connection with its fintech program. What are these consent orders really about? And what does it mean for the future of the fintech-bank partnership?
In this week’s Fintech Law and Compliance 101, we delve into the background of the model and how it is intended to work.
******
If you’re looking to launch a fintech product, you generally have two options:
We’ll consider the trade-offs and what it means to get licenses in a different post but for now let’s assume the bank partnership route is the one you pick.
So what does it mean to partner with a bank, and why does this partnership exist in the first place? Who owns the end customer? And the data? And what happens if you partner with a middle layer BaaS instead?
In other words, who is in charge?
Like any relationship, it’s a bit complicated. First, some background:
The genesis of the model:
If left on its own, a brick and mortar regional or state chartered bank might be the go-to bank in its neighborhood, its city, or even locally in the state. But a bank, say, in Kansas City, is going to have a difficult time getting customers in Virginia.
Banks are great at doing banking things, like taking deposits and issuing credit, but not so great at building slick websites, a cool user experience, or using SEO strategies or social media to get customers.
And so for the brick and mortar bank, growth remains stagnant.
Luckily, regulators understood a long time ago that banks would need a little help in an increasingly digital economy.
Enter: The fintech.
An early example:
One of the first successful examples of the bank-fintech partnership was Lending Club. Lending Club built (at the time) a revolutionary product: a website where one could apply for a loan and be approved in seconds and, on the back end, a way for an investor to buy the loan (i.e., finance it).
The loan marketplace became a hit especially as conventional banks pulled back on issuing credit circa 2008.
Lending Club went public in 2014.
But Lending Club was just the technology that matched borrowers with investors once the loan was issued. It needed a way to issue the loans in the first place.
Enter: WebBank, a bank based out of Utah that nobody had ever heard of.
Why was WebBank especially helpful in issuing loans for Lending Club.
Banks in the U.S. have a unique advantage: they can export the interest rate of their home state across all 50 states without having to worry about state specific interest rate caps, a concept known as rate exportation.
So, with WebBank, Lending Club could:
(1) issue loans without getting its own lending licenses; and
(2) offer a uniform product across all 50 states.
And with it, Lending Club built a massive business with just a slick website (ok, it was a bit more complicated than that…)
A mutually beneficial relationship
So in a fintech-bank partnership, each party brings something to the table:
The bank brings its ability to offer a financial product (such as lending, taking deposits, or issuing credit or debit cards)
The fintech bring its technology and innovation to help with customer acquisition.
Together, they offer a co-branded product.
That means that whenever you encounter a fintech, if you scroll to the very bottom, you’ll see a bank mentioned in the footer of the website similar to how you see a very bank sounding name at the back of your credit card.
The “True Lender”:
But who is really in charge: The finance folks issuing the credit product or the tech founders figuring out brand marketing?
Is it the “fin” or the “tech”?
Even though the bank-fintech partnership has evolved since Lending Club/WebBank, the regulatory view has always remained the same:
Regulators were always ok with, even endorsed, the bank-fintech partnership so long as they could supervise the bank, and the bank supervised the fintech.
Why? Because initially, it is the bank’s loan, the bank’s account, the banks’s credit or debit card. And these are all regulated products subject to many laws and regulations, and the regulators view it as their job to ensure that the bank issues them in compliance with all the regs.
And so regulators expect the bank to know everything about each of its fintechs. In banking speak, this is called third party oversight.
In other words, regulators view the fintech as the technology branch of the bank.
This is why we’re seeing all sorts of consent orders with bank sponsors showing up in the news. The bank regulators show up at the bank’s offices and the conversation is something like this:
Regulator: So how are things with the fintech that’s issuing the trendy new family plan debit card in your name.
Bank officer: Seems to be going well. We have more customers and doubled the number of accounts opened last year!
Regulator: Great. Can you show me all the marketing materials they’ve used to market the card.
Bank officer: Marketing?
Regulator: Yes, the criteria they use for targeted marketing. The claims they’re making on their ads. We just want to make sure they’re compliant with UDAAP and fair lending laws. You’ve approved all their marketing, right?
Bank officer: Of course we have! Let me get all that for you.
Bank officer to fintech founder in another room: (*whispering on the phone*): Hey, can you send me all the marketing materials you’ve used in the last year. Yes, everything. Even the TikTok ads.
Wait, TikTok?!
Fintech founder: Sure, no worries, let me drop everything and get that for you right now. I wasn’t busy at all, really.
Bank officer back in the room with regulator, waiting: *Tension escalates, sweat drips. Hours that seem like days go by*
Enter: Consent order
So if you’re partnering with a bank, or even a BaaS that has banks behind it, don’t be surprised if they are increasingly all up in your business, so to speak. The bank is expected to know, almost literally, everything that happens with your business as if you were just another department at the bank itself.
Areas that are part of the supervision:
Approval of all marketing materials
Approval of product changes
Record of customer complaints
Approvals of vendors
Underwriting criteria.
And so much more….
How does a fintech develop value outside the banking relationship?
So if, as a fintech, your only job is to help get the bank customers, how do you develop your stand-alone value independent of the bank. There are a few ways to think about this:
It’s quite possible you continue your banking relationship in perpetuity. Lending Club went public with WebBank in 2014, Affirm went public with Cross River Bank in 2021. Don’t investors view your banking relationship as a single point of failure? Yes, they do, and it’s always highlighted in disclosures as a risk but there’s enough precedent to move past it.
You both co-own the customer. This is a critical and a key part of your legal relationship with your bank. If you ever decide to part ways with your bank partner (which is becoming increasingly common now) you want to know you can take your customer list with you for retargeting efforts. How do you achieve this? Hopefully, your lawyers have already built this into your bank partnership agreement. It can look as simple as this: “provided, however, that Customer Information shall be independently co-owned by each of Bank and Fintech, and each Party may use such Customer Information for any reason so long as it is in accordance with Applicable Law and such Party’s own Customer facing privacy policy.”
You each independently own key parts of the data. Back to the analogy of the fintech as the technology and marketing arm of the bank, you are responsible for acquiring the customers. So you should own how your customers came in through the funnel, right? Think about the marketing strategies that worked, your UX/UI, how many seconds the customer hovered on a particular page on your website, etc. (i.e., your “product”). This is all your data. On the other hand, the bank would own the customer’s personal information (name, date of birth, SSN, address) because once the customer has walked in through the “door,” the relationship shifts to the bank but, to the point above, you also want to co-own key parts of the personal information, such as email and phone number.
You turn the tables and have multiple bank partners. That’s is the ideal state. You are a tech pipeline funneling customers to multiple banks and are valued purely on tech multiples. You are balance sheet-lite (i.e., you’re not retaining the risk of the financial products, such as loans). You no longer have a single point of failure. You would need to build a standard, one size fits many compliance model that you can take to the market. A few companies have pulled this off but they tend to be later stage.
Crystal ball, what’s the future?
Regulators have attempted multiple times to provide guidance on the bank-fintech partnership. The most recent was a multi-agency, joint statement from the FDIC, Fed, and OCC in July 2023. The guidance is not new though — agencies have issued similar statements in the past. What is new is the general consensus among multiple regulators who have all competed for the fintech regulatory turf.
So, we’ve likely moved beyond a tipping point of fintech-bank partnership model in a couple ways:
(1) Regulatory guidance is implicit endorsement. Why care to regulate something that shouldn’t exist? The fintech-bank partnership has moved along enough iterations and received enough guidance where the existential risk of the model has likely gone away.
(2) The model will no longer have the bank hidden at the footer of the fintech marketing website. Banks are going to be expected to play a key role in the relationship and know everything that happens with a fintech, from each customer complaint to any customer facing product change.
So if you’re a fintech founder and need to get set up with a bank, part of your budgeting may need to take into consideration either outsourced or FTE ops or compliance headcount even pre-product market fit. If you’re hoping to find a bank that was going to let you have your way, those days are probably gone.
What happens if I partner with a BaaS and not directly with a bank?
Well, this three-way is even more complicated. The BaaS is a middle layer between the fintech and the bank. Ultimately, it is a technology solution intended to create some buffer between the fintech and the bank. Think of it as the concierge that helps you find your way.
But, really, how is a BaaS helpful?
Well, technology for one. Try finding, or even talking to, a regional bank about an API integration to feed your customer data. You might hear crickets. A tech forward BaaS can help you figure it out here.
More importantly, a good BaaS should help translate between the fintech and the bank. They should help you with, first and foremost, the compliance requirements of a bank.
BaaS provides a useful middle layer when bank onboarding can take months, closer to a year. It’s a matter of how helpful they can be and whether those initial training wheels are worth your money.
Ultimately, the formula is:
Go at it alone: Short term gain, long term pain
BaaS: Short term gain, long term gain until you’re too big then…
Directly with Bank: Short term pain, long term gain…
While we hope you found this post helpful, please note that the information in this post is not intended to be legal or regulatory advice.
Fintech Law and Compliance 101 is affiliated with www.itsaffinity.com, a compliance learning management platform built specifically for fintechs.