Shifts in the regulatory landscape carry significant impacts on banks, credit unions, and the fintech companies that are part of a growing ecosystem. The most-active agency in recent months has been the Consumer Financial Protection Bureau (CFPB). There's little reason to expect the CFPB to slow its pace in 2023, aggressively enforcing existing rules and angling to expand its jurisdiction.
In our new report, Keeping Watch Over the Watchdogs: SRM's Take on What to Expect from the CFPB in 2023, we outline the agency's likely moves now that the midterm elections are behind us and a permanent director, Rohit Chopra, has been confirmed for a five-year term. To borrow a hockey metaphor, anticipating where the regulatory puck is headed is essential for all financial services providers. Such forethought enables FIs to communicate their position to all relevant parties, influence the crafting of common-sense rulemaking, and perhaps prepare for new regulations that stand to alter their operations.
Here are some initial areas where the CFPB could specifically influence the growth trajectory of challenger banks.
A Step Toward Open Banking
Director Chopra has been vocal about his intent to "activate a dormant authority under Section 1033 of the Consumer Financial Protection Act." In plain English, he wants financial institutions and other service providers to make certain data available to consumers – a catalyst for open banking.
The CFPB sees this as a way to increase financial services competition by making it easier to switch banks and by giving nonbanks access to the data necessary to offer additional services. The agency recently sought comments for a rule that would require firms to make a consumer’s financial data available to them or to a third party at the consumer’s direction. The comment period closed on Jan. 25.
The agency has also created an office to encourage innovation and competition among financial institutions, lowering barriers to entry for startups.
These initiatives raise privacy concerns for banks and credit unions, the trusted agents that consumers rely upon to safeguard their data. Customer consent must be given before info can be shared (APIs greatly simplify the data flow itself), but will the typical consumer comprehend the extent of the use they're authorizing? What obligation or liability does an FI have if they suspect a request may be nefarious? And who will be held at fault should the data be misused? The devil's in the details, and clarity on these matters will be imperative.
Watchful Eye on Banking-as-a-Service
The growth in consumer-facing fintechs has given rise to the Banking-as-a-Service (BaaS) sub-sector, where FIs provide fintechs with access to the payment rails and compliance infrastructure needed to operate such businesses. The Office of the Comptroller of the Currency has identified at least 10 OCC-regulated banks with nearly 50 BaaS relationships, some of which set up new departments and procedures to support this fee income opportunity. Banks regulated by the Federal Deposit Insurance Corp. and Federal Reserve are also offering these services, which a CFPB official labeled as "rent-a-bank schemes," indicating the agency's view of the model.
The CFPB and other regulators will look to the bank or credit union to ensure they have adequately vetted their partners, whose actions they will likely treat as an extension of the mainstream financial services company. Expect more vigorous oversight in this area, especially about items like the Bank Secrecy Act and Anti-Money Laundering. BaaS has proven to be a viable business model, but FIs electing to participate must not extend beyond their comfort zones.
The Bottom Line
Given the current economic and political environment and the public statements made by CFPB leadership, we expect a flurry of announcements, proposed rules, and financial penalties in the months ahead. Our new report provides greater detail on these and other important areas. SRM will monitor regulatory developments and is well-equipped to help you evaluate and manage third-party relationships in light of any policy changes.