Compliance-led and platform-enabled credit sponsorship
Takeaways:
- The traditional approach to BaaS has structural flaws, and these flaws lead to a pattern of operational and compliance issues.
- In a more forgiving regulatory environment, those flaws might be palatable. But with regulators growing stricter, sponsor banks can’t abide the risk.
- Writers like Simon Taylor see a path forward through a “compliance-led and tech-enabled” approach.
- Sharing a modern credit platform with their fintech partners, sponsor banks can maintain visibility and control over their data and operations, significantly strengthening their compliance strategy.
BaaS isn’t dead; it’s changing shape and becoming compliance-led and tech-enabled.
That was Simon Taylor’s commentary after the banking-as-a-service facilitator Synapse announced its bankruptcy. But it wasn’t revenue problems that did them in: lawsuits with Mercury and consent orders from regulators put them in dire straits, despite a relatively strong revenue stream.
The underlying relationship between sponsor banks and fintech partners still makes sense, pairing the bank’s stability, charter, and compliance expertise with the fintech’s crowd-pleasing adaptability. But more important than making sense in theory, it can still make money—as long as consent orders don’t shut them down.
There are clear compliance problems with the current model of fintechs working out of their own systems and the bank having little control over, or even visibility into, their operations. To achieve the “compliance-led and tech-enabled” future that Simon Taylor talks about, sponsor banks need a platform that addresses the compliance shortcomings of legacy solutions.
The problems with the status quo
As the situation currently stands, sponsor banks face several compliance challenges with a common root cause: their fintech partners use platforms that offer sponsor banks limited data or visibility over accounts that were issued under their charter. These problems can be addressed through a compliance-first platform, but first we should explore each of them—and their consequences—in greater depth.
- Weak controls. Sponsor banks need to ensure their fintech partners are operating within the law, but very few of them have any direct means of controlling the configuration and operation of products and processes that fintechs manage on the ledger. They can’t enforce compliance on day-to-day operational tasks, like handling SCRA claims or CCPA requests, and if a credit product has significant compliance concerns, they have no direct integration with the core for controlling activity and growth of the program. Instead, they’re stuck communicating through back channels with their partners, asking them to adjust processes or adjust growth of the program, waiting for evidence and confirmation that those changes were implemented. This arrangement is extremely likely to lead to violations and fines.
- Low visibility. Most legacy loan management systems (“LMS”)offer very limited data visibility to the fintech brands using them, and that data only gets further obfuscated for the sponsor bank as it travels from the LMS to the fintech to the sponsor bank. More modern LMS offerings typically have better data visibility, but can still leave gaps. And these blind spots in their data don’t just mean that they’ll have a headache when exams come around; regulators now expect that sponsor banks will have ready access to their data at any time, and actually leverage that data to ensure compliance. With weak data visibility, sponsor banks are too often left in the dark.
- Repeated effort. With the heightened scrutiny around credit sponsorship, it takes far more effort to build a compliant system for each fintech the sponsor bank partners with. But if even a single partner has significant compliance issues, regulators might shut down all of the sponsor bank’s partnerships, even those who had airtight compliance strategies in place—one bad apple spoiling the figurative bunch. But with their fintech partners all using different systems, sponsor banks have a monumental uphill battle in order to fully leverage their experience in launching and managing credit sponsorship programs, stunting their ability to scale.
The long-term consequences of inaction
These compliance problems are not merely roadblocks or inconveniences for sponsor banks. These problems are rooted in the relationship between banks and the fintech brands they sponsor, and genuine compliance concerns that emerge from the arrangement.
Neither does the current scrutiny from regulators seem to be a passing fad. A report from the Klaros Group (LinkedIn Post) showed the percentage of enforcement actions directed towards sponsor banks and their partners increased dramatically through 2023.
The first two quarters saw the percentage hovering steady between 9 and 10%, but that doubled in Q3 to 18.2%, and nearly doubled again by the end of the year to a full third of the enforcement actions leveled against all banks. While the involvement of fintech partners does introduce some genuine compliance concerns that aren’t present in traditional banking, this level of scrutiny is surprising given that sponsor banks make up only 3% of total banks.
If sponsor banks fail to address the compliance concerns that center around their fintech partners, it will be virtually impossible for them to avoid consent orders, enforcement actions, and other penalties.
The sponsor banks who avoid that future will be the ones who pull off what Simon Taylor discussed: evolving to become “compliance-led and tech-enabled.”
Compliance-led, platform enabled
Solving the compliance problems that threaten these strategic partnerships requires a compliance-first platform, a system engineered to offer sponsor banks visibility into their partners’ data and control over their operations, paving the way for a long-term, sustainable partnership.
We can break down a platform-enabled compliance strategy into three components:
- Big picture compliance, such as real-time data visibility and master controls
- Day-to-day compliance, placing bank-mandated, system-level compliance constraints and operational controls over how fintech partners operate
- Repeatability, ensuring that each partnership is compliant to protect them collectively.
Big picture compliance
Sponsor banks need a platform that offers them visibility and control over their fintech’s entire operation, ensuring the bank has access to accurate data not just in the event of a regulator exam, but in real-time, 24/7.
Between their charter, their reputation, and their bottom line, there’s simply too much risk to let a fintech partner operate on an island. Data visibility gives the bank the assurance they need to have confidence that their name is in good hands, and it gives the fintech a set of seasoned eyes on the operation, catching mistakes or warning signs before they become problems.
That kind of data access will require a platform with a robust API, direct database access, or (ideally) both. A watered-down dashboard or scrubbed .csv file won’t cut it, ruling out some legacy providers as viable platforms.
A sound big-picture compliance strategy also includes master controls that enable the sponsor bank to immediately and directly pause or restrict any program that may be non-compliant, halting or limiting new accounts from being issued and existing ones from allowing new transactions. Seeing the problem will never be enough if the sponsor bank is barred from taking immediate action. But a platform that offers real-time visibility and direct master controls will give sponsor banks the tools to ensure compliance across their entire portfolio.
Day-to-day compliance
Regulator exams and product shutdowns are major events, but they’re not everyday occurrences. Robust compliance strategies also need to consider day-to-day operations between borrowers, fintech brands, and sponsor banks.
Consider a day in the life on a compliance-first platform. Before any human has to take action, compliance guardrail systems automatically detect which accounts need disclosure, warnings, or other notices and send out compliant messages in the appropriate medium (using email or SMS where available, but also sending physical mail when necessary to comply with laws like TCPA.) As servicing agents begin servicing and collecting on accounts, their actions are guided by process walkthroughs, not only ensuring that the proper steps are taken, but also restricting agents from needlessly seeing personally identifiable information or payment details that aren’t necessary for their tasks. And when a possible issue does emerge, the system automatically notifies compliance teams at the fintech, sponsor bank, or both, so they can collaborate and resolve the situation.
These kinds of automatic and streamlined compliance actions would ensure the law is being followed without compromising the fintech’s efficiency or interrupting their standard workflows. With today’s ever-shifting regulatory landscape, however, building processes in line with the law requires a platform built for configuration and adaptability, not the rigid compliance solutions offered by legacy systems.
Repeatability and uniformity
Perhaps the greatest threat from the recent uptick in enforcement actions and consent orders is the possibility that regulators will shut down the sponsorship activities of the bank – not just the one program that violated lending regulations, but all the programs that bank sponsors, even if they’re perfectly compliant.
For sponsor banking to scale with stability, banks need to find technology solutions that can easily repeat what works. If they’ve already gone through the significant work of building out a compliant system for one fintech partner, they should be able to rely on a modern platform to replicate those efforts for their other partners, migrating the processes,compliance policies, credit products, and shared data between them.
For new entrants into credit sponsorship, it would make sense to shop around and find the platform that best addresses their compliance needs and offers repeatability. Then, as they add future partners, they’ll be able to set up compliant workflows and programs with a fraction of the effort.
Banks who already have many fintech partners on different platforms would likely hesitate to migrate all of their partners at one time. However, they could use a single, modern platform’s API to connect with all their partners’ systems, getting data visibility to address immediate compliance concerns (and possibly a full migration later down the road).
In either case, getting all of their partners’ data through a centralized platform would set sponsor banks up for easier monitoring and compliance.
Conclusion
Credit sponsorship is far from dead, but as the events at Synapse show, banks and fintechs need to adapt to changing regulatory focus, adopting a compliance-led and tech-enabled approach toward managing their accounts, applicants, processes, and data.
Failing to adapt will spell disaster by way of enforcement actions, but those companies who lean into the change will see benefits in compliance and beyond. Unifying their relationships with fintechs through a modern credit platform will grant them the visibility and control they need to avoid regulatory scrutiny, and it will also empower their fintech partners to grow their portfolios and margins with total confidence in their compliance strategy.