Cease and Desist – Full Transcript

December 17, 2024 ACT3 Agency Uncategorized Comments Off on Cease and Desist – Full Transcript

Welcome to Breaking Banks, the number one global fintech radio show and podcast. I’m Brett King. And I’m Jason Henricks.

Every week since 2013, we explore the personalities, startups, innovators, and industry players driving disruption in financial services. From incumbents to unicorns and from cutting edge technology to the people using it to help create a more innovative, inclusive, and healthy financial future. I’m J.P. Nichols, and this is Breaking Banks.

Well, this week we have a slate of guests who actually need some introduction, not because you may not know who they are or have heard from them before, but because their backgrounds and experiences are highly relevant to what we’re going to talk about today, which is the continuing saga of what’s been happening with the explosion at Synapse, the underlying bank had evolved, and more importantly, what are the ripple effects that are going on from here that will impact the industry for probably some time to come? And what are the lessons that other fintech players and banks need to learn? So first, Kia Hazlitt, who’s well known to the show as a banking fintech editor of bank director. And Kia, I know you want to give your disclosure. These are your opinions, not necessarily bank directors.

They’re always my opinions. Yeah. Anything else you want to say about your background? You are a self-described compliance geek.

I’m a bank nerd. I’ve been covering financial institutions and banking for 10 years. I kind of came into banking as a service through broker deposit designations.

And I think we’ll be talking about maybe the OG BAS consent order that got me on this track, which was the Bancorp’s consent order, and seeing how this space has really evolved and maybe the seminal nature of the evolved consent order and its lessons for the industry. But it kind of all goes back to the Bancorp’s 2014 consent order. Yeah.

10 years ago. We should have a 10-year celebration or something. Yeah.

Exactly. Matt Janica from Trustly. Matt, welcome to the show.

Talk a little bit about your background and feel free to give any other disclosures or announcements. Absolutely. Well, every opinion today is definitely my own, so please hold them against me.

Just for background for listeners and folks who don’t know me, I have been in-house now for 10 years on the West Coast. So I was in private practice at Capital One and then at Morrison & Forrester, which is a law firm, lots of offices all over the place, but had a very strong financial services group. And we were doing a ton of work for Square.

And my wife is from California and said she wanted to move back and said I could move with her or we could get divorced. And I said, well, I’d like to stay married. So Square was nice enough to hire me in-house and that kind of started my odyssey really as in-house counsel in fintech.

And we built out a ton of interesting stuff as they’re at the start of Cash App and helped create the Square Capital Loan Program and a couple other fun things that they have over there now at Block. And then moving on to Stripe, we’re kind of repeated and did a whole bunch of other stuff, including cut a partnership with Evolve Bank while we were there for some of the products that they have on their treasury front and their banking as a service front. Since then, I’ve done a tour of duty to a bunch of different places, including Lithic.

We did a lot of card action for various banks and working with including some of the actors here involved in the Synapse debacle. And now I’m at Trustly where we’re trying to figure out how do we get more people to adopt Pay-by-Bank. But I’ll stop there so we can get Jesse involved.

Yeah, Jesse Silverman also is joining us. Another lawyer, not one, but two here on our show today. Jesse, another lawyer with experience, both as through law firms and as in-house counsel.

Talk a little bit about your relevant background, Jesse. Yeah. So everyone’s lucky day.

Two lawyers on a Friday afternoon. Jesse Silverman, I’m counsel in Troutman Pepper’s New York office, and I’ve been in consumer finance regulation for almost 25 years now. I started at a state banking regulator where we covered all measure of banking and non-depository institutions, examinations, enforcement and all of that fun stuff.

When the CFPB opened, who could pass up that opportunity? So I was one of the early hires down in enforcement. And so while I was in enforcement, oddly enough, I was one of the very small handful of lawyers in enforcement that actually had prior supervisory experience. So I quickly found myself tasked with a small little task force made up of office, general counsel, supervision, enforcement, that sort of handled all of the most hairy, complicated issues in each of the CFPB’s examination regions.

And then I decided, gotta be almost 10 years ago, moved to the fintech side where I had been head regulatory counsel, general counsel for a number of fintechs, dealing with it on the other side of the table. And if there’s one thing I’ve learned, it is a lot more fun to be on the government side of the table when you’re dealing with these compliance issues. Because I can tell you, not one time in my entire career did any respondent, defendant ever say, could you hurry up and sue me soon? So I can tell you, and now that I’m on the other side, outside counsel, everyone wants things done faster, and boy, do I miss those government summers.

That’s a little bit about me. Well, thank you all for sharing your background, because I think it’s important that this is not a show of empty suit talking heads. This is a group of people who I’ve known on social media for a while.

This is a group of people whose opinions I look to, to try to get past the hot takes, even though we do love hot takes on breaking banks, but really try to understand not only what’s happening, but what does this mean and what might this mean going forward? So, Kia, I’ll start with you as a reporter and editor, maybe just what’s the most succinct summary for those that maybe aren’t keeping track of this? And by the way, we are recording this on Friday afternoon, June 21st. By the time this hits the air, probably the following Thursday, eight new revelations may absolutely come out. But just what’s the high level of what’s happened at Synapse? I know Jason’s been talking about this on the show quite a bit.

He even interviewed the Synapse CEO before this stuff really hit the fans, Sanjeev Patak. But at a high level, what happened and what’s now happening at the bank level centered around Evolve Bank? Yeah, so I will first have to cite Jason Mikula, who’s done most of the reporting on the company Synapse, which is a fintech partnership or fintech partner that helped provide software for fintech companies to work with banks. That’s the easiest way to describe it.

The way they have arranged those partnerships and the facilitation of the money movement is coming into question as the company goes through bankruptcy. And there is reporting in the bankruptcy court through their trustee, John McWilliams, that there are reconciliation issues and that seem to involve this middleman and then the players that need the ledgers to add up. At the same time, there are several banks that worked with Synapse.

One of them is Evolve. Others are Lineage involved in this proceeding. And then Evolve has a large fintech partner that is moving to work directly with, which is Mercury.

That bank is also, or that fintech, I’m so sorry, I’m mixing up all these institutions. That fintech works with another bank called First Choice. So we’ve got a couple.

We’ve got, I’ve now named three banks. All three of these banks are active in Banking as a Service, which is a business line that’s going through a little bit of a growing pain and period. I would say we’re in the third wave of Banking as a Service that, and this wave of Banking as a Service has been marked by middleware software that makes it really, really easy for these banks to kind of work together with fintechs, but has created some compliance and control and oversight issues.

And all three of these banks have actually received consent orders or enforcement actions, formal enforcement actions from their regulator. Evolve just happens to be the third bank, the most recent bank to receive this order, and also has potentially received the longest of the orders. What I would say is likely the most thorough of the orders.

And so it’s interesting to see kind of the evolution of how bank regulators are reacting to banks execution of third party risk management, technology risk, compliance risk and complexity. And then separately, an extremely complex bankruptcy proceeding that has big implications for a lot of consumers who are understanding now kind of the limits of the supervisory parameter, what it means to have insurance, FDIC insurance, and what it does not mean to have FDIC insurance. And so it’s kind of a complex situation.

I will also say, and I think it’s important because the Fed said it was important, that the Fed’s actions are outside of and independent of the Evolve bankruptcy proceedings. And their findings are separate from any probably public reporting. I want to interject there to be clear.

The Synapse bankruptcy. Sorry. Oh my gosh, did I mess up the institutions again? Okay.

Sorry. Banks can’t technically go bankrupt. Oh my gosh, I’m so sorry.

The bankruptcy proceedings are independent of the enforcement actions. So there are whatever issues come out of the bankruptcy proceeding, it is not reflected in the consent order. And I’m so sorry about that misspeak.

Yeah, I just want to be clear about that. Go ahead, Jesse. I take that claim with a shaker full of salt when, and I’m sure we’ll dive into it, when some of those restrictions are, they need to learn how to reconcile their books.

I take it with a grain of salt that it’s totally unrelated to the bankruptcy proceeding. But I didn’t want to interlude. Yeah, no, I’ll just say what the Fed said.

And anyone else can say something else. Yeah. Well, Matt, Tia says this is maybe the third wave of evolution around banking as a service in the banks.

Let me reframe that in baseball terms. What inning is this? And I guess we don’t know. We don’t know how many innings this might go to if things are tied up.

But what we’re starting to see is a little bit of, dare I say the word, contagion, right? As these organizations are interrelated. So we have three banks, a handful of fintechs already involved. Where do you see this going? Again, speculating from here, but how much more do we have from here? Yeah, so I’d say baseball game analogy is good.

It probably put us in the sixth inning. And then I think we’re probably in the first third of the season. I think a better analogy might be, I know other folks have used this, those things where when interest rates go up, the financial tide goes out.

And I think we’re in another one of those situations, not related to interest rates, but here we have regulators paying attention because things have gone wrong. And so the tide’s gone out and you kind of see who’s swimming naked. And one of the things that struck me over the last 10 years was there are a lot of really good business people, but they didn’t necessarily have the full complement of teams at their banks around compliance and legal or risk, right? To think through what are you doing? And then if you don’t have a good owner, and I always think about the folks at Celtic, because the owners there, everything’s driven top down.

They’re very tight, very buttoned up. Same thing with WebBank, right? Obviously they have, I think it’s Steelhub Partners, so they’re publicly traded. But you’ve got two banks there where ownership is very bought in.

Management, the board is very bought in. Having these things buttoned up and driving it kind of top down. And you feel that and you see that whenever you interact with any part of that bank, especially the business people at the tip of the spear.

And you see it in other parts of organizations, I think Cross River and some others, which is really interesting to see, in Bancorp, right? And you see that because those folks have been in that space for a real long time. They’ve been through, I think JP, as you mentioned, these various cycles before. So that’s where I think, you can call it a baseball game, but I think the tide going out is probably a better analogy here.

Because this isn’t the first day the tide’s gone out, right? This has happened before to folks, particularly as you mentioned Bancorp, kicking off about 10 years ago. Very similar AML type issues, right? They’re really kind of stem it. The other interesting thing I think for listeners to keep in mind is that the banking as a service market is segmented.

So you have payment processing, payment acceptance as one segment. And you’ll see community banks, but also very large money center banks. Play in that space and get comfortable.

You have the credit segment. So I mentioned Webb and Celtic. There’s a lot of good folks in that space.

And again, Cross River is another one that plays in that space, but they play in a little bit of everything. And then you have some folks like Bancorp, right? Or Stride or others that are traditionally more just DDA focused, or they’re going to focus on cards or other types of programs. And again, it goes back to how long have those folks been swimming in that pond.

And the other thing we haven’t really talked about, but probably will come up a little bit later, is you can have DDAs, but you also can just have these slim prepaid card accounts. And consumers usually can’t tell the difference if what they’re doing is putting money in, using the card to spend it, and they don’t need checks. Sometimes they don’t even have ATM access turned on, right, in those programs and other things like that.

So I think baseball game-wise, I’d say probably sixth inning. And I think if folks think about this more as a cycle, the tide has definitely gone out. And we’re seeing now who’s wearing clothes and has floaties and things like that, and who’s just kind of getting ripped away with the riptide.

Well, Jesse, one of the things that makes this so complex, not only all the partners, but then we can add on to that the web of different regulators. And so many of the issues that are going on right now seem to fall right through the cracks. So we have customers and users who have money missing, and the regulators are fairly limited on what they can actually do about that.

Can you shed a little light on what’s going on there? So I would say that that is a sort of root cause question. And I would also suggest that there is a number of people who have a differing opinion on whether or not there actually is a regulatory gap. I happen to be in the school of thought that the regulations as they currently exist are sufficient to protect the interest.

And as evidence of that, I’ll point to the hundreds of other fintechs that have not had this problem, the scores of other banks that have not had this problem. To some extent, this really is a unicorn experience. But I’ll say, I don’t think everyone involved in this particular incident was doing their job, right? There were lots of people who should have been doing different things that weren’t.

So, and I say that just to add, do I think that I could come up with a better, more efficient regulatory structure than currently exists? A hundred percent. I suspect we could sit here in 25 minutes, all of the people on this call, and in 25 minutes, we could easily design a more efficient regulatory structure. So by saying the existing structure works, doesn’t mean that we couldn’t all improve it.

We definitely could. It does, however, highlight some serious problems, most notably with consumer understanding, and frankly, the understanding of the bankruptcy judge. One of the shocking aspects to me was how surprised that judge was that there was no regulator who was coming to step in.

And it really highlights a misunderstanding by the consumers and frankly, by lots of people. What does FDIC insurance actually apply to? It’s when a bank fails. There’s no bank failing here.

So there’s no FDIC insurance that’s stepping in. I would hop in with a slight twist on that, and dare I say hot take, but apologize because I know some of the country is going through a heat wave right now. I think there is a gap.

And I think, you know, when you look at Synapse or even, I think about FDX, and I try and think, what are the ties that kind of bind these two things together? And, you know, you’ve seen money transmission regulation tighten post-FTX because people pointed the finger at that and said, well, they had their licenses, but somehow they failed. And I think the gap exists in that there’s no Fed for fintech, right? If you think about banking, right? I was at Capital One. We had two National Association banks.

We had a services arm, right, that would hold contracts and technology and some other things like that. We had a broker-dealer rolling around. They were always looking at adding other things kind of into the fold under that umbrella.

But the Fed was the top-line umbrella and regulator to make sure all the pieces fit together and that you were sequencing everything right. And if you take a look at it, you know, just like the OCC would come in and take a look at Capital One’s National Association banks, you know, the broker-dealer regulators, right, whether it was FINRA or whether it was a state regulator, would come in and take a look at Synapse’s broker-dealer, right, on some level. If Synapse had lending licenses, not all the states do examinations for that, but you would have to do reporting and the states could come in, right? They could ask questions.

They’d have a throat to choke around that. Or even if you think about a bigger company like a PayPal or Venmo, right, really the same thing under the hood, they have money transmission licenses, right? They have, I think, BitCrypto licenses through New York, right? They have other types of regulatory touchpoints. And they work with these bank partners the same way Synapse did, right? They’re just doing it directly.

And what’s interesting is there’s not really any one regulator that’s got the bird’s eye view the way the Fed does in banking. So I think my kind of hot take coming out of this is that, you know, it would be helpful for consumers if we had that. It’s possible to see if BBFILs that with their larger payments participant role, right? Because they could use that perch to go in.

That’s what I was going to ask. Yeah, yeah. But they have to get away from ticky-tacky disclosure violations because that’s not the issue here.

It wasn’t, hey, does it say FDIC or bank? It was, was the money actually moving in the right way? And, you know, that’s something where I think, again, if you had a Fed for fintech, that could be a role that could be played. And this is all too small for FSOC. So FSOC’s the wrong body to stretch over this as well.

I actually did a different podcast with Alex. And we talked to Todd Phillips about his paper that the CFPB could, his argument that the CFPB could regulate maturity transformation when it happens at non-banks. And he mentions Voyager’s bankruptcy, or he mentions FTX’s bankruptcy and all these crypto banks when they failed.

And he was like, the customers were in bankruptcy proceedings. And they’re like, I had no idea I was in a bank. And I was like, Todd, you’re walking me right to the current news.

And my question to him was, you know, if maturity transformation is so risky that no bank or no company can do it safely, and that’s why the activity needs to be regulated or monitored, is ledgering and reconciliation also, you know, seen as kind of a fundamental risk of the industry? I’ve also been thinking a lot about the role of internal and external audit here. Like maybe the PCOAB can get in and really mess up these banking as a service middlewares, which I don’t… But the other thing too is I don’t think anyone really wants the CFPB to be regulating this. Like I think fintech needs to fix any perceived weakness before the CFPB gets in there, because I don’t think that’s going to be a very fun regulatory relationship.

I just want to add one, because I’ve had conversations already. And I’ve mentioned this on Twitter under one of Jason’s posts, where someone asked, how do you resolve this? What do you see happening? I can already smell state regulators taking this opportunity to create a new license type. And again, how they define it is, you know, that’s for another conversation, but it’s going to be something like a neobank.

If you’re taking consumer funds, you’re going to have to register, you’re going to have to be subject to supervision examination, and you’re going to have some measure of safeguarding those funds. When you have disasters like this, and you have federal judges pointing out regulatory black holes, that is an open invitation for lots of regulators to step in and fill that void. And if I know one thing about states, they’re very good at expanding their jurisdiction.

Would it be better on the federal level? Probably. But I will be surprised if we come back and have this conversation in 12 months, if some state hasn’t proposed it, and others haven’t joined on. So what’s interesting about that is that I think states who want to be aggressive could stretch the stored value laws nested under money transmission to really get to that point.

And we’ve seen this in the past where, you know, especially in the early 2010s, right? You had Square and Stripe obviously, but you had other stuff like PAYGO, and Amazon was in this space a little more heavily. And all the regulators were like, wait a minute, I can like boot money on my phone, right? And really you were swiping a card, right? Through the headphone reader or something like that. But they were like, mobile money, this is money transmission.

And so they all stretched their money transmission laws, even if they were wrong, right, legally. And a lot of them were. And so the interesting thing will be to see, are there people at the state level that realize, hey, we can stretch the money transmission laws, right? We can go get it.

And if you take a look, the stretching is still happening. Like payment acceptance from a merchant side has largely been settled out and also has been hardwired into the New Uniform Act. So you can’t touch merchant acceptance.

But when you think about what the neobanks or Synapse or Yotta or some of these other ones were doing, right? They’re not doing merchant acceptance. They’re taking customer funds. And it feels a lot like a stored value account or a prepaid account, which where I would argue they could probably stretch the current laws over.

The other thing, if you take a look, some of the regulators, like I think Texas does this a lot, and not to say that they’re wrong, but they have gone out and they’ve targeted certain industries. And I think Florida does the same thing as well, where they say, hey, now it’s time for payroll, right? Because I think there was a fraud in New York state related to payroll companies. And some of the regulators were like, oh my goodness.

And they share information, right? They have monthly calls. They talk to each other. They work through CSPS.

And I think they identified payroll as an issue. So Jesse, you’re right. That could be where this comes from.

And it won’t be uniform. Yeah. I just hope that that’s not the approach that they take because where we start to have real problems, and I 100% agree, I have seen this in any number of areas.

We can see it in my home state of Connecticut with their sort of expansion of EWA into small dollar regulation. Very, very rarely do you come up with an optimal solution when you’re trying to take a new product and just sort of expand the existing regulation. Like I said, I started this by saying, I think that there are ways to resolve this under the existing structure.

But if they’re not gonna take that path forward, I hope they at least take a thoughtful approach to what the actual issues are, rather than saying, oh, I’ve already got money transmission. Let me see how I can cabin this in there. That really ends up badly.

So state regulators, if you’re listening, just create a new one. Well, this is part of the problem, the patchwork of regulations and regulators that we have. And by definition, regulation is always going to lag innovation, right? People come up with new ideas, new technologies, new business models, and then the regulators are always playing catch up to some degree.

But as a recovering banker here and someone who spends time working with bankers all week long, my general take is that most banks wanted some sort of FinTech charter, be right or wrong and well-reasoned or not, because it felt like it would level the playing field. They felt like we have a lot of regulators breathing down our neck, they don’t have any, which is of course not correct, but that is often the perception. And at the same time, I kind of felt like, are you sure that’s what you want, right? Because if it levels the playing field, it also makes it easier for FinTech companies to win on merits and business value and competitive advantage because a lot of banks still feel like, oh, well, you need to come to us because we’re prudentially regulated, et cetera, et cetera.

So just curious your take in general. I don’t know, I didn’t have a question buried in there somewhere, but do banks want a FinTech regulation or not, or should they want one or not? I’ll take a first pass at that one because having been in several FinTechs, I always found that argument a little interesting as I was getting examined by 12 states concurrently with multiple different license types. And now the CFPB was sending over an inquiry and certainly didn’t feel like I wasn’t regulated.

That was certainly not the feeling that I had. But do they want it? That’s a really interesting question. I think that they probably do at this point.

And this is one of my arguments for why I think there will be some action on this to sort of close what may or may not be a regulatory black hole. You have consumer advocates who want these neobanks. And again, Matt made a really good point in the beginning of this where he said, you know, we’re talking about Bass, we’re talking about Middleware, we’re talking about FinTechs.

We’re talking about them generally, but they’re all very different. Like if you’re taking demand deposits and you’re doing payments, these are really functionally different businesses. So I’m just talking generally.

But when you’ve got banks saying, hey, I want these neobanks to have regulation like I do. And then you’ve got consumer advocates on the same page as the bankers saying, I want these guys to have regulations. You don’t often come across consumer advocates and big bankers on the same page.

When you do, I think you have to pay attention because you might actually get some movement. Well, it’s funny that you say that because I actually have a blog post in draft that is my preemptive, with my banker hat on, it’s my preemptive objection to any new regulation, right? Because it’s going to be bad for banks, bad for consumers, bad for communities, right? That’s always the blanket answer by all the industry groups that we don’t really like this, but yet we want it pushed on to these asymmetric competitors that we have. Yeah, I was going to say, like the history of companies getting charters, banks generally have been against those.

And so if you think about Walmart, their attempt to get an industrial loan charter and some other non-banks trying to get charters, banks in general have been against that. They see the charter as a regulatory moat, but they also, and in some regards, starts to protect their ability to operate. But they also- There’s a competitive moat in there.

Yeah, but they also think it’s unfair that they have to follow the rules and apparently no one else has to follow the rules. And so I think they go back and forth. It’s not, you know, I haven’t actually delved into the 2016 proposal for what a fintech charter would have looked like from the OCC.

I lived it, I can tell you. Okay, I just know more about the legal battle itself, but I actually don’t know kind of what that charter would have looked like. I know it would have exempted non-banks because they didn’t take the insured deposits.

So it was more, it seemed at the time, more of a payments type charter, although you can correct me on that, Matt. Yeah, so what the charter was, and it actually was pretty interesting, it would have preempted state licensing, both for lending and for payments, but you would have had to have two separate chartered entities because you couldn’t have lending and payments in the same fintech charter. You could not get FDIC insurance.

Right. So there was effectively a moat around existing community bank and large bank payment revenue, which I actually think isn’t bad, right? Because fee income is important for banks. Banks who are over-relying on interest income run into problems when interest rates go way up or way down.

I have no idea what you’re talking about. Oh, sorry. Pulling us off the level, right? Because bankers obviously, and I recognize that you’re joking, but some of the folks listening, they’d be like, what is he talking about? Banks obviously, right, make money off of interest rates or off of fee income, and fintech partnerships are an important source of fee income for banks that lean into those and not just for community banks, right? And so we’ve mentioned some in the call, but also if you take a look at Wells Fargo and JP Morgan and others, right? They have large payment arms.

They have large partnership arms, you know, and even banks like US Bank that you may not think of as fintech partners, you know, they have fee income coming from offering services, usually to smaller banks, right? In the card segment or something else like that. So the interesting thing is this charter would have protected the fee income lanes because you couldn’t get FDIC insurance with it, unless you wanted to be a full-blown bank. You couldn’t connect directly to Visa and MasterCard.

You couldn’t be your own member and you couldn’t get a Fed account, right? That was the thinking back then. So the interesting thing was you would still have to partner with a community bank or a money center bank if you wanted to use those services, right? Like offer a card program the way we see Mercury do today, right? Or offer payment acceptance, right? The way Square, Stripe, or even the verticalized versions, Airbnb and Uber, right? Have that are out there today. So I thought it was a pretty elegant solution.

The state, the states, right? And I think led by New York, they came and attacked this because they realized this would have taken away or preempted the need to go get licensing. And I thought that that was too bad because honestly, like some of the states are great at licensing. We’re getting money transmission licenses now at Trustly.

Some of them are going very fast. Kudos to Florida, right? Who takes strange positions on what needs to be licensed. But we got our license in Florida fairly quickly, right? Which was actually really helpful.

For New York, we’re going in for a pre-meeting soon. I don’t know if it’s been scheduled yet or not. But we’ve been told by our consultants to expect a three-year timeline to get a license.

Yeah, and that’s just too long. And New York knows that, right? But there’s never been, I don’t know. There’s never been a driver since Ben Lasky left to get that fixed.

And hopefully they do get it fixed, right? I mean, at Trustly, we’re well-resourced. We’ll figure out a way to navigate it one way or the other. But it’s punitive for FinTechs that want to do that.

And then you’re cutting off, what is it? 27 million people in New York. Maybe I’m over-inflating it. There’s a lot, right? There’s tens of millions of consumers in New York that may not necessarily be able to access certain services, certain innovations, right, that they couldn’t get without potentially a federal charter.

Or really, I think why we’re all here today, bank partnerships. I love bank partnerships. I think they’re really important for this.

And again, are a very important source of revenue for these banks. They should be done right and correctly. And maybe we’ll get into some of that with the consent order.

But they’re good. Bank partnerships are good. We are definitely gonna come into that because I share that view from a slightly different angle.

But Jesse, I think you wanted to comment. I just wanted to, because it was interesting that you brought up how long New York was. So one of the things that I did several years ago, CSBS had a program they called Vision 2020, where they were modernizing state regulation, trying to make it more efficient.

And one of the most interesting, I was one of the industry participants. There’s about five or six of us from the industry there. And one of the most interesting aspects of that endeavor was listening to us as the industry talk about the timeline in order to get licensed and realizing how myopic each of the states were, not for any nefarious reason.

They genuinely did not know what the process was like in their neighbor state. And so when they started hearing these stories, like, hey, I’m in Nevada and I got a license in three months. Wow, that’s crazy.

Because in North Carolina, at this point, this was like a mortgage loan originator we were talking about. It was like two plus years. And even the state, the banking commissioners themselves were absolutely shocked at the variance in their, in the variance in any number of ways.

And I know that’s not what we’re here to talk about, but that to me has always stood out as watching the recognition of the commissioners themselves when they realized how differently they were operating their own organizations and really for no consumer benefit, right? There was no benefit to the way they were doing it. It was just how they did it. They didn’t know it was different.

Again, I know this is a whole other topic, but it was just, it’s one of the more fascinating conversations I’ve had in consumer finance. This show is brought to you by Alloy Labs. As much as we love talking on the show, we believe that action is more valuable than talk.

Alloy Labs is the industry leader in helping fearless bankers drive exponential growth through collaboration, exclusive partnerships, and powerful network effects that give them an unfair advantage. Learn more at alloylabs.com. Alloy Labs, banking unbound. Well, let’s do take this forward because Matt, I’m also a big fan of bank and fintech partnerships.

I think they’re absolutely critical. When I started in this industry, we had over 13,000 banks. We’ve got around 4,500 today.

And the fact that you’re a bank and can gather FDIC insured deposits and make loans is not remarkable, right? Partners can really help you attract attractive market segments. They can help you create new sources of value, new sources of revenue. And to your point, yes, they need to be done right.

But I find it really interesting. So both of these recent consent orders, the stuff that they got wrong is really kind of stuff banks are just supposed to be good at. And Kia, this is the same conversation we had however many months ago now when Silicon Valley Bank failed.

And we said, well, what they failed at was the stuff that banks are supposed to be good at. And Matt, the other thing you said earlier is, so some of these banks appear to have good business people and maybe not such good compliance systems or processes. And I see a lot of banks that are the other way around.

They really believe in compliance. They’re really very prudent, very careful and maybe not so good on the business side of thinking there’s a lot of risk in not acting to create new partnerships, new value streams, et cetera, et cetera. And I worry that this has the proverbial chilling effect on bank FinTech partnerships.

See, these banks got consent orders. So, and to your other point, there are so many different jobs. It’s getting to the point where like literally partnering with a FinTech sounds like it’s an embedded Baz partnership when it’s like maybe not at all, right? So Kia, maybe to start this part and we were commenting on Twitter, Jonah Crane came up with a great little table of the last 10 or 12 enforcement orders.

And each one of the columns of what did it involve? So what are the kind of the key themes? What are the things that banks keep getting wrong over and over again? Yeah, so like I alluded to evolve is the latest to receive a consent order that I would argue probably the wave of these consent orders begins in 2022 with the Blue Ridge consent order. But although you can go back even further, I’ve been personally, I read all these consent orders. I love reading when the regulators indicate a bank is in trouble when a bank is in trouble for.

And I’ve been personally keeping track of consent orders that I feel either are to a technology bank or speak to a technology issue. And rather than writing about one individual bank’s problems, I’ve been trying to thematically cover them because I think, as we think about how digitization has changed, how banks deliver products and services and reach customers, we are probably just going to see the risk that comes from these interactions changing. And I think about how do banks know who their customers are? Even if you’re not a FinTech, if most of your customers just come online now and anyone around the country can open an account at your bank digitally, what needs to change? I try not to focus just on the vast things, but I think about them as canary in coal mines.

So in my coverage of consent orders and technology issues, the first one we see is BSA AML compliance issues. It was after the financial crisis that bank regulators started looking at BSA AML. And it was always explained to me that the reason why we would see all these BSA AML issues was that credit issues had really eaten up a lot of attention and oxygen.

And then once credit issues went to the side, bank regulators were like, okay, well, where have you not been investing in? Because you were so focused on credit. And so BSA AML had come up a lot in kind of the 2014, 2016 era. And I think BSA AML has big implications in digital environments.

Tied to that is customer due diligence and CIP. So who is your customer when they come to you initially? And then how are you gonna monitor your customer throughout the relationship? I also think fraud has a big role to play in CIP, CDD. And I think that if you’re a bank that kind of just bought a digital banking product and turned it on, maybe you didn’t make like investments into some of our transaction monitoring or information that would help us understand who our customers are.

And then understanding how artificial intelligence is really going to challenge any bank’s ability to verify like that a customer is not a scammer or isn’t committing different types of fraud. Other issues include so third-party risk management. Obviously banks have always had third parties.

But I think that regulators have not seen those risk management programs evolve as the type of third parties you are working with has evolved. Certainly that comes up in if you’re working with an early stage company, those are just different types of companies than if you’re buying everything from your core or your law firm that you work with. That’s just a different type of party.

And there are different types of people who work at these companies. Sorry, Matt. But that, you know, like it’s actually really good that you have bank pedigree because some of these fintechs don’t always, you know, they want to disrupt banking without always understanding the responsibilities and regulations that a bank has to operate in.

Then tied to that, because, you know, with third-party risk management, when you is a consumer compliance. So if you are, you know, consumer compliance, there’s actually, I feel like not that much new other than maybe like the money transfers rules, but that if you have these third parties that are expanding your customer base and being the primary communicator with those customers, how are you as a bank able to make sure that disputes are getting resolved, that the money is getting transferred? How are you making sure that they’re not misrepresenting FDIC insurance? That’s a big new hot topic apparently. And then, you know, how do you just make sure that you’re able to have effective oversight over all of these links in your chain? And so those are, and then obviously IT and information security comes up all the time, but I think like it reflects that where banks have not maybe been investing in as they have been adding new product services and channels to get new customers.

So those are the five main areas. They kind of, they all come up in these consent orders. They come up in the evolved consent order.

And what I like about these consent orders is they kind of read how to remediate a deficiency. Whether or not a bank can see the deficiency itself, it lays out what the expectations are for the regulators. Do you think some of those are technology and some of those are non-technology? Because when I hear everything about that, my mind thinks about the pipe that has to go from, you know, the FinTech, whether it’s a Chime or a Venmo or a Square, you know, back to the bank, or if there’s a middleware layer, right, between it or quasi middleware layer, but some of the processors, you know, Marquetta, will kind of fit both molds, right, and those types of things.

So do you think there’s a bifurcation or do you think at the end of the day, everything has a technology component involved? I mean, so I read some consent orders that don’t seem to speak to technology. So they’ll say something like interest rate risk, liquidity risk, strategic planning. But if I see BSA, AML, if I see Olfac, third-party risk management, anytime I see consumer compliance and CIP, CDD, those issues all like flag to me, read like in between the lines, that it’s probably an issue that’s coming from the way that the bank uses technology to reach customers and or is using, not using or not using technology to monitor things.

I’ve just, the interest rate risk consent orders read just a little different than what I would say are these kind of consumer issues. I will say that like, I’ve included in my analysis, like the Comerica consent order, which was a technology issue that didn’t necessarily involve, it involved a third-party migration issue. And that was the bank, the bank’s customers were the ones that were impacted, like first-party, no, there’s no third-party BaaS middleware.

So that’s not like, it’s not every single bank is involved in BaaS middleware. It’s just, I was thinking about digital issues that are coming out of banks and whether you’ve just made proper investments, whether or not you’re working in BaaS, whether or not you have middleware. So I have a very weak theory.

So Jesse, you can test this for me. But I have a working hypothesis that in some cases, and I’m not speaking to any of these banks in particular, I have not worked with any of the banks that have received consent orders. You can take that as a humble brag or not.

But it feels like they have under-invested in modern technology to do the things that they needed to do anyway, such as AML and BSA and all of that. And it seems like a partnership and then now maybe even especially so, a middleware partnership, seems like a shortcut. Oh, so they have technology.

We can sign this partnership and they’ll do all that. But yet something gets lost in the translation. Jesse, you buy that? I, not only do I buy it, I’m selling it.

I completely agree. And I think this gets to also something that Kia just said, talking about the third-party risk management in that they didn’t, a lot of them didn’t really know what third-party risk management meant in the context of these fintech partnerships and especially in the context of the BaaS providers, the middleware providers. And the BaaS providers were making some claims about what services they provide, right? They stated that they were offering a full scope solution to everything, right? You can plug us in.

We’re the AWS of financial services. We are gonna handle your KYC, AML, CIP. We’re gonna negotiate the relationships with the banks.

The banks will contract with us. We will solve everything. And so I often wonder if the data, we’re talking about data in this particular context, the data went from the fintech to that middleware and stopped.

I don’t know that they often connected to those banks because let’s be honest, just thinking about core banking technology as it exists, there’s a couple of big players in core banking technology. You’re not just willy-nilly adding APIs to those existing core banking structures. So I’m deeply skeptical that many, and again, I wanna be 100% clear.

Like Matt mentioned a few of the earlier OG sponsor banks, the Celtic banks, the web banks, and there’s several other good ones out there. So I wanna just be crystal clear that I genuinely believe that there are lots of good players out there. There will be lots of good players out there.

I’m incredibly bullish on the relationships. I don’t think that they’re going anywhere, but I think there were some newer entrants and I don’t think that they were investing in those technologies. And I think the net result is the TPR, the third-party risk management guidance was, you know, it’s always risk-based.

It doesn’t provide the really like on the ground tactical steps that a bank needs to take. And guess what? Some of them weren’t doing it well. And now the FDIC and the Fed are coming in and they’re clarifying what those responsibilities look like with these consent orders.

And, you know, I think we’re gonna see what I’ll call a flight to quality, right? Those sponsor banks who are gonna stay in the sponsor bank business are going to invest heavier and they’re going to have higher expectations of those fintechs that they’re willing to bank because they understand just how liable they are for those relationships. So guess what? If you’re now a 23-year-old has this amazing idea to change the world of financial services from their mom’s basement, 10 years ago, you might’ve found some VCs who were gonna fund that. Now, you’re not gonna find a bank partner.

That bank partner is gonna say, all right, what’s your experience in financial services? Like who’s your general counsel? Who’s your chief compliance officer? Who’s your like, who has the experience in BSA? So I think we’re gonna see a flight to quality, but that is going to make everyone better. I’m incredibly bullish. You know, I would hop in and say for listeners, if you’re in this space and you’re wondering, do I have these problems? I would sum up, you know, everything Jesse said, which is 100% right as check your process and check your pipes.

The process piece is how are you evaluating the product that you need to hook up to from that end fintech, right? Are they providing a simple prepaid card? Are they doing a DDA? Are they doing something else? Is there a twist involved? And then how are they collecting this information? Like if you read that evolved consent order, right, they’re not just picking on, hey, you didn’t get SSN, right? Which may or may not have been something that was happening. It sounds like Synapse had some issues, at least with that, you know, but they’re saying we want to know source of income, right? They’re going deeper than things that traditionally regulators I think have poked at or looked at as part of a SIP program. And to me, that signals that there was probably some really sketchy high volume activity going on that wasn’t supported by any rational source of income as I’m a consumer, I have a W-2, right? So there was something else happening in that space that the Fed identified that said, hey, your process and your pipes are wrong because you’re not getting the right information out of your pipe to allow you to run an effective AML program.

And I think if you’re a banker listening to this, the key things to probably check on are KYC and SIP, right? So you want to make sure you’re getting name, address, SSN, right, and date of birth from that fintech partner. It’s not getting caught in the middleware layer. And ideally, you can ingest it.

Yeah, exactly. But ideally, you can ingest it back to your AML compliance system, right? If you’re using something like an Actimize or something else like that, that you’ve got that and you can run a customer profile. I think the other thing that I haven’t necessarily been teased out yet, although he may have, is what happens when you have the same consumer come through and they’re on multiple fintechs? Because if you think about it, you’ve got over at Evolve, a firm with their new debit card.

You’ve got Stripe Treasury, I think, is built on top of Evolve, right? If I’m reading the footers, right, and all those disclosures. You’ve got Steps Card for Teens, right? And then you’ve got all the Synapse stuff. And there’s other programs, right? I know there’s other partners.

You’re running your own fraud consortium right there. Completely, forget about it. Yeah, but if I’m signed up for all of that, is Evolve doing the bird’s eye view on me? Because technically, I’m a customer of the bank with all those programs, right? And they should, legally, they should have and follow the chain out a bird’s eye view.

And I’m not sure if the AML vendors are capable of doing that yet today, right? Which I think is probably one of the other unexplored risks in this space that hopefully executives and boards and compliance officers are thinking about. I mean, here’s where Sardine is doing some interesting things, right? Yeah, I’ll add one that’s not CIP, not KYC, but it’s related. Obviously, it’s everyone’s number one topic, reconciliation, right? Yeah, again, nothing new.

Okay, absolutely, but it’s more a function of who’s responsibility to reconcile. And I think about this from the context of what do I tell my clients, right? And so one of the things that I’m really struggling with, I guess I would describe it, but I don’t see a world where a financial institution doesn’t have real-time access to reconciliation data, rather than passing along daily flat files or whatever. Like I’ve seen a lots of different models out there.

I don’t know how comfortable I would be as a financial institution if I didn’t have real-time access to the data. Does it necessarily have to be right? It could be read-only, et cetera. And then obviously, who owns that data when you have an end-of-life situation? Because right now, we can look at the bankruptcy hearing and one of the scariest aspects of that bankruptcy hearing is that Jelena McWilliams is essentially begging AWS to not shut down the web system where all the data is maintained, notwithstanding the fact that the bankruptcy can’t pay them.

That is a very, very uncomfortable position to think about anyone being in. So like those two things for sponsor banks, real-time access to the data, and some measure of owning that data so that you can reconcile it no matter what happens, I don’t know how I’d be comfortable without that. But I’d be curious, anyone else, like if they have a different opinion.

Well, Matt, I love that you started on this advice thing because that’s actually how I wanted to kind of wrap up. I’d love to get everyone’s advice on, and a slightly different, what if you’re a bank that hasn’t done any FinTech partnerships yet, or you’ve done very minor, because what I worry about, as I said earlier, the chilling effect that, oh my gosh, this is just way too risky. We can’t trust any external partner.

We have to do everything internally. And Kiel, one of the other common themes that most of these enforcement actions also had was board governance. So if you’re a board member, you’re a C-suite executive of a bank, and you’re tempted to stay away from all FinTech partnerships and all banking as a service, because this just looks like the third rail.

I mean, what advice do you have on, what can I do reasonably? And a quick aside, I go to these conferences and I read a lot. I hear other people speak and everything. And so much of it just boils down to some version of be careful, right? You have to be careful out there.

You gotta make sure you don’t. But so I’m gonna ask you to avoid that and try to get a little bit tactical. What should I think about? I don’t know if I think this is tactical and I don’t know if I think this is advice because it’s definitely like, it has rant energy, but- Oh, we’re all here for the rant energy.

Go for it. You and I talked last year about Silicon Valley Bank and about what the shape of their interest rate risk looked like. And it’s been a whole year and I still see banks, I don’t wanna say failing to manage interest rate risk, but they’re just dealing with the failure to manage interest rate risk.

And then we have liquidity risk and liquidity risk is turning into earnings risk. And don’t you know that interest rate risk, or sorry, rising interest rates has also created credit risk. And I hear banks say, we’re like really good at risk management.

And what I feel like actually happened is they don’t take risk, not that they take risk and manage it, but that they don’t take risk. They avoid risk. And so that SVB fails because they substituted all credit risk for interest rate risk and then failed to manage interest rate risk.

And so when I see these orders, when I see the totality of these orders, like I have like 15 orders and I see compliance committee, I’m seeing third-party risk management, BSA, AML. And it is like, you’re not managing the risk. And in fact, like I worry, you don’t even know the risks that you’re taking because it has piled up and is now like the contagion isn’t maybe FinTech to FinTech Bass.

It’s like the risk spread from your bank for out of BSA, AML, third-party risk management, CIP, CDD and consumer compliance. These are all interconnected risk. A deficiency in one will trickle down to a deficiency in others.

And so I think like I write so that banks can get better at risk management, but also so that they can see what risk looks like as our environment has changed, as everything’s become a lot more digital, as people don’t walk into your branch anymore and they’re not using checks. And I just really, really want banks to really get rid of the lie that they don’t take risk. They take risk.

They take maturity transformation risk. They take interest rate risk. They take liquidity risk.

Manage it and then let’s talk, right? And so I’m writing about a bank right now that takes probably some of the greatest credit risk in the country, undeniably. It is on the balance sheet, it is across every single metric. And I am writing about how, if they’re gonna do that, how do you manage it? Comptroller Sue said in 2022, the fastest cars, F1 cars have the best brakes so that they can go fast.

That’s what risk management looks like. It’s investing in brakes so you can go fast. And having really qualified people drive the car and then work on the car.

So that’s my, I don’t know if that’s advice, I don’t know if that’s risk, but that’s why I come to Jesus for these banks is manage risk. You guys are in the risk management business, manage the risk. I love it.

Matt and Jesse are both champing at the bit to pile on that. But before I let them, I’m going to pile on because where we’ve been spending a lot of time is looking at kind of non-banking, just business risk, right? The risk of disruption, the risk of the digital arms race from the largest players, the asymmetrical competitors that are doing a much better job of understanding real customer needs. And then the internal growing gaps of talent, the ability to execute, the ability to test and learn.

And those are risks that are not showing up on any kind of risk management matrix at all. And they kind of just quietly, what happens is, for every bank that fails, what’s the number, like 20 merge, something like, maybe more than that. Maybe it’s- Like 10% of the industry every year.

Yeah. And there’s such existential risk that gets overlooked. It’s just like, heart disease and cancer, but we’re focused on somebody might have a bomb on the subway.

And that’s horrible. We don’t want bombs on subways either, but the likelihood of it happening is really, really low. So, I think it’s not only understanding the risk that you’re taking, and as you say, the risks that you’re not taking.

Every choice you make has trade-offs to it. So, all right, Matt, I know you’ve been waiting to dive in, so- I’m ready, I’m ready. I would say start simple.

So, if you’re a bank that wants to get into this, don’t do everything all at once. Like I saw this week, Brax announced with one sponsor bank, which is a relatively new sponsor bank, they’ve launched three different new account types and I think there’s some other products under the hood that are there. In my mind, that is way too complex.

Like kudos to the partner bank, kudos to Brax for pulling all that off. But if you want to get into this, you can start simple and you also can start with what I would consider to be a lower risk profile. And I think commercial cards are a great way to go, right? That’s something that you can embed where you can have one corporate account holder, right, who’s using it for their own purposes and you can have easily understandable concepts when you’re applying your AML programs.

You can understand, is this a regular transaction or not? And if folks are looking for examples where corporate cards embedded, they’re everywhere. You have programs like bill.com and Sepulte and others that are embedding corporate cards under the hood, but you see them as well as key disbursement methods being used or bridges, right, from like travel and hotel purchasing platforms, right, buy no cards, exactly. Where you’re hooking into a merchant’s regular payment acceptance system and you can use the card as a commercial settlement bridge, right? So it’s really no different than offering treasury services to one of your well-known corporate customers you have today.

And you can start small with one or two customers, right, understand who they are, have kind of a known limited set of universe of risks and go from there. And there’s other examples of that. The other thing is, I think, you know, if you go work with some of the networks, right, you probably already have a relationship with Visa or MasterCard.

I have been very impressed with the risk management and review functions of MasterCard, right? We worked with them closely at Lithic and we would see stuff sometimes where a customer would go rogue and within minutes, MasterCard would catch it. We would also catch it. So it was good that we weren’t being surprised.

But MasterCard would also catch it and we would catch up and compare notes. And the first thing we do is obviously shut that rogue customer off. But, you know, seeing MasterCard’s chops under the hood, if I were a bank looking to get into this space, particularly in the card space or something that MasterCard did, I would start by talking to MasterCard and saying, hey, how can we partner more? You have this, you know, this, I know Visa has the FastTrack program, but MasterCard is something similar, right? You have this for FinTech.

How can we do something for banks, right? And I’d go start and talk with those folks. There are also key channel partners potentially you can work with. Like if you want to get into commercial cards, you know, Marketa, Lithic, right? I2C, these are good folks to go talk to because they have those customers coming to find them and they can refer customers over to you.

And you can say, we’re open for business for this swimline type. So I would say, go start small, master that space and don’t get too spread out. Because once you get into, you know, all these programs and you have a chicken and a dog and a pig of FinTech programs, you know, you’re going to lose track of all the kind of animals in your barn.

And that’s where you’re going to get into trouble. Just like Mike Su, I can make fancy analogies that come from nowhere. So Mike, I love all your stuff.

That’s right. All right, Jesse, you get last word here. Right, I’ve got an easy one.

I’ve got a hot take here. This isn’t hard, right? This is my hot take. It is not hard for sponsor banks and FinTechs to work together.

Banks have been working with third parties for as long as they have been in existence. This isn’t radically different. You just have to invest the time and money and expertise.

Now, whether or not that changes the economics to such a degree that it’s no longer a viable partnership, that is a very, very different question. But from a legal and compliance perspective, they could have called me up five years ago and I could have solved all of these problems. I suspect pretty much everyone on this call could have as well.

If you have the desire and the willingness and the expertise, this is really not hard. So I don’t expect that this is going to kill bank FinTech partnerships. And I definitely don’t expect that it should.

I want to, yeah, Jesse, I want to add to that. Like, you know, I mentioned the Bancorp. That order took six years for them to get out of.

But they made a number and they made a number of investments that helped them both leave the order and also have continued, like became a best in class service. These banks that are under consent orders, they will, you know, regulators might keep them there for a really, really long time. And I think they should all prepare for that.

But at the end, these investments hopefully will set all of these banks up who are committed. You know, we have had some banks decide to exit this industry, having looked at what the costs are. But these, they will, they may be best in class.

This is a crucible, right, for these institutions. But the investments they make to get out of the order will be the investments that allow their programs to succeed hopefully after this order. And it’ll be really interesting to see kind of what changes they need to make.

And that will, you know, again, get them out of the order, but then feel their next phase of growth. Yeah, I just, I, maybe I’m not looking at this right, but I don’t see it as very hard, right? I really don’t from a legal and regulatory perspective, monetary economics, different question. And the other thing I’d like to end with is just for those FinTechs out there, we’ve talked a lot about the sponsor banks, but those FinTechs out there, remember all of this rolls down.

So all of those, all of these conversations we’ve had about what sponsor banks should be doing, what are some best practices? What are those takeaways? Well, guess what? All those sponsor banks out there, they’re going to be going out there. They’re going to be looking at their KYC. They’re going to be looking at their reconciliation, all of these issues.

And then the next question is, they’re going to be coming to you and you FinTech partners, are you guys prepared to answer those questions? So we might’ve been talking about it in the context of the banks, but everything rolls downhill and you guys are at the bottom of that hill. So if you’re out there, be smart and be prepared. Well, that’s a mic drop.

We’ll leave it there. Thanks to all of you for joining us and thanks for sharing your expertise. And we’ll be back next week with more Breaking Banks.

That’s it for another week of the world’s number one FinTech podcast and radio show, Breaking Banks. This episode was produced by a US-based production team, including producer, Lisbeth Severance, audio engineer, Kevin Hirsham, with social media support from Carlo Navarro and Sylvie Johnson. If you liked this episode, don’t forget to tweet it out or post it on your favorite social media.

Or leave us a five-star review on iTunes, Google Podcasts, Facebook, or wherever it is that you listen to our show. Those actions help other people find our podcast. And in return, that helps us build an audience that can be supported by sponsorship.

So we can continue to provide you with our award-winning content every week. Thanks again for joining us. We’ll see you on Breaking Banks next week.

[shows-menu]