Banks that operate banking-as-a-service programs are facing heightened scrutiny from bank regulators, as examiners scramble to get a handle on the size and scale of lenders’ partnerships with fintechs, said Konrad Alt, a partner at financial services advisory and investment firm Klaros Group.
Alt, who advises banks and fintechs, said he is noticing an uptick in regulators’ scrutiny of firms that offer BaaS, and expects enforcement actions against firms that provide the underlying banking services for fintechs will be forthcoming.
“A lot of the enforcement activity, I think, is still in the pipeline, but I've been in touch with several other advisory firms that also work with [BaaS] banks, and it's clear that they are all getting this message. There are quite a few banks that are already under enforcement actions,” Alt said.
This increased pressure follows this spring’s banking crisis, which saw the collapse of three regional lenders that were all closely bound to the fintech sector.
Silicon Valley Bank and First Republic Bank both catered heavily to the VC and startup space, while Signature Bank was known as a crypto-friendly firm. Those lenders’ close ties to technology haven’t escaped the attention of regulators, Alt says.
“While all banks need to expect heightened regulatory attention to interest rate risk and solvency, fintech partner banks must prepare for a particularly hard scrub,” he said.
Banks are already feeling the heat.
"For banks that are in the BaaS space today that haven't gone through an exam in a while, they are going to be in a shell shock for what's coming there," Amesbury, Massachusetts-based BankProv Executive Vice President and COO Joseph Mancini told S&P Global Market Intelligence in May.
Mancini said his bank has noticed increased scrutiny from regulators looking into whether the firm is taking ownership of actively managing its fintech tie-ups.
Alt said the heightened scrutiny comes as regulators attempt to recalibrate their supervision of banks that operate BaaS programs.
Banks that partner with fintechs tend to have smaller balance sheets, meaning they don’t necessarily fall under regulators’ lists of firms that deserve heightened scrutiny, Alt said.
“But they have a great deal more operational complexity, and I think this went largely unnoticed by the supervisory community for a long time,” he said. “[Regulators] have begun to realize they’ve been a little bit behind the curve in their own efforts to figure out how to supervise, and so they're responding to that by exerting a lot of scrutiny during the examination process.”
In recent months, several firms have been hit with enforcement actions related to shortcomings in their BaaS programs.
The Office of the Comptroller of the Currency last year ordered Blue Ridge Bank to improve its oversight of third-party fintech partnerships. Under the order, the Charlottesville, Virginia-based lender must obtain the OCC’s non-objection before entering into any new contracts with fintech partners or adding new products in cooperation with existing partners.
In the year since the order, the bank’s former CEO Brian Plum resigned, and the firm’s new chief executive has said it is taking a step back from its emphasis on BaaS to refocus on community banking.
"Blue Ridge grew very quickly," CEO Billy Beale told S&P Global in August. "There were some mistakes made along the way, and so I'm here to fix those mistakes. That's my priority."
As part of the wind down, the $3.2 billion-asset bank is helping fintech partners migrate to other firms as contracts expire, Beale said.
Cross River, another BaaS powerhouse based in Fort Lee, New Jersey, was hit with its own enforcement action by the Federal Deposit Insurance Corp. earlier this year.
The $9 billion-asset firm, which provides the technology infrastructure for a deep portfolio of payments, fintech and crypto firms, engaged in “unsafe and unsound” practices related to fair lending laws and regulations, the FDIC claimed.
The bank, which neither admitted nor denied the charges, is not allowed to enter into any new partnerships with third parties or offer new credit products without the FDIC’s approval, according to the order.
The order came a day after Cross River CEO Gilles Gade said he expected regulators would step up their oversight of firms that serve fintechs amid the recent volatility in the banking sector.
“Regulatory scrutiny on banks in general is increasing and the events with SVB will only expand those efforts with a specific focus on banks that support fintech,” he said in a statement.
Unlike Blue Ridge, however, Cross River hasn’t announced any plans to pare its BaaS program.
In a statement sent to Banking Dive in May, a bank spokesperson said the FDIC order places no limitations on the firm’s existing fintech partnerships or the credit products it currently offers in partnership with them.
“We don’t expect that the order will have any meaningful impact on our growth trajectory,” the spokesperson said.
Middleware under the microscope
While operating a BaaS program allows banks to grow their assets, often on a national scale, the arrangement creates a layer between traditional banks and deposit holders, as fintechs like neobanks take on the front-facing aspect of the client relationship.
In some cases, an additional platform sits in between the bank and fintech, providing the middleware that helps connect the two parties. These partnerships are also coming under increased scrutiny from regulators, as the dynamic creates an additional layer of risk, Alt said.
“It puts a distance between the banks and the fintechs and complicates questions about knowing who you’re dealing with,” Alt said. “I think [middleware providers] are probably even less well understood by the regulators than the fintech sector generally, because they're not consumer facing in any way.”
While third-party BaaS providers can help bridge the connectivity gap between fintechs and their banking partners, a fintech will often opt for a direct partnership with its BaaS bank once it reaches a certain level of maturity, Alt said.
A recent move by one neobank to transition to a direct relationship with its partner bank has reportedly come at a significant cost to its middleware provider.
As first reported by Fintech Business Weekly publisher Jason Mikula last week, Synapse initiated layoffs after its largest client, neobank Mercury, informed the firm it would not be renewing its contract.
According to a Synapse statement sent to TechCrunch, the firm laid off 86 employees, which represents 40% of its workforce.
Mercury confirmed to Banking Dive it decided to end its relationship with Synapse and work with its partner institution, Evolve Bank & Trust, directly.
“More robust, larger and mature fintechs are generally going to think they're better off minimizing the number of players in their banking relationship,” said Alt, speaking broadly about the relationship between fintechs and their middleware providers. “It’s better to have direct dialogue with your bank than to have that intermediated by some platform, even if the platform's pretty good.”