Bankers have written a playbook for fintech partnerships

by James · October 23, 2022

“We’re a capitalist society, and unless we put in railings, money will drive results,” says Curt Queyrouze, president of Coastal Community Bank.

He applied this universal truth to the banking-as-a-service movement, where banks work with fintechs that have built mobile banking apps, online lending sites and other interfaces for financial services. The bank sits in the background and manages checking accounts, Federal Reserve access and Federal Deposit Insurance Corp. insurance. Fintechs pay for the service. The banks are often community institutions that are not subject to the Durbin Amendment’s limit on interchange revenue and therefore can reap fees every time a debit card is swiped and share that revenue with fintech partners.

Curt Queyrouze and Laura Wildenborg — Curt Queyrouze, president of Coastal Community Bank, and Laura Wildenborg, fintech innovation manager at Sunrise Banks, both worked on a bank-fintech relationship playbook.

As dozens of banks have jumped into banking as a service in the past year, some of their new fintech partners are pushing aside the noble pursuit of expanding customer financial access to pursue fundraising, and other less honorable purposes, Queyrouze said.

About a year ago, Queyrouze and 15 other bank members of the banking technology consortium Alloy Labs Alliance started talking about this and agreed that banks that don’t maintain a standard of behavior can damage the entire ecosystem. They began developing a set of rules for banking-as-a-service relationships that they are publishing Wednesday as a playbook.

“If we’re going to do this right, we have to prove that we can protect the ecosystem, that we can build it in a safe, correct way,” Queyrouze said in an interview Wednesday.

It is a common danger for bankers in this industry, he pointed out.

“There is a risk of infection,” said Queyrouze. “If some players are negligent and there’s a big meltdown as a result, it’s going to affect all of us. We thought, let’s get some dialogue and standards and discussion going about it.”

Soon after, they began to see an increase in regulatory scrutiny of banks’ relationships with fintechs.

“Between the summer of 2021 and the summer of 2022 was the tone [from regulators] changed dramatically,” Queyrouze said.

In recent months, banks and fintechs have felt the harsh glare of regulatory scrutiny of their relationship. In September, Acting Comptroller of the Currency Michael Hsu called bank-fintech partnerships a systemic risk. In the same month, the OCC penalized Blue Ridge Bank for compliance issues with fintech partners.

Banks must act as an extension of their regulators to force their fintech partners to comply with banking regulations, and they must continuously monitor what these partners are doing, Queyrouze pointed out.

Coastal Community Bank, which Queyrouze joined in June, has around 30 fintech partners and already had some fintech standards in place before the new playbook was created. As the banking-as-a-service program grew in scale and scope, this became more difficult to manage. The bank, which is based in Everett, Wash., has raised its standards, and many of the rules in the playbook are clauses Coastal puts into its contracts with fintechs.

The bank’s intention to make financial services more widely available remains the same, Queyrouze said.

Jason Henrichs, CEO of the Alloy Labs Alliance, led and organized the effort to create the playbook.

“We looked at it and said we have to mature the industry, but we either take it upon ourselves, lead the charge to mature the space, or let it become a race to run fastest in terms of compliance,” Henrichs said in an interview . “It’s a weak proposition for all of us.”

The handbook describes which parties are responsible for various aspects of compliance, customer service, data management, disaster recovery and more.

Alloy Labs Alliance members account for approximately 30% of the market share of banking-as-a-service banks, including Sunrise Banks, Lincoln Savings Bank, Coastal Community Bank and Cross River. The bankers worked with several fintechs to create the playbook, including Unit, Treasury Prime and Currency Cloud.

“All these players came together and said, ‘Hey, doing this together benefits everyone,” Henrichs said. “What we really care about is ensuring strong compliance.”

In regular meetings with banking regulators, Alloy Labs notified them that this document was coming.

“They were very receptive to the idea,” Henrichs said.

At Sunrise Banks in St. Paul, Minnesota, “being able to talk to others who have similar challenges, being able to put this document together, was pretty amazing,” Laura Wildenborg, fintech innovation manager, said in an interview. Sunrise’s fintech partners include Self and TrueConnect.

The first challenge the group had was to define all the terms used in banking as a service.

“That was a really great first part, defining the terms we use over and over in our everyday lives,” Wildenborg said. “It was such a big step because everyone is saying these words like ‘host’ or ‘baas’ and starting to get a defined language because it helps everyone get more clarity around it.”

“When this group came together, the realization was not only that each organization did things a little differently, if you look at the portfolio itself, they even sometimes had different relationships and roles between the different fintech programs they work on,” Henrichs said . Members realized they wanted consistency and standards.

“If we can simplify by codifying, it’s going to make it easier for everyone to stay compliant,” he said.

Much of the playbook formalizes the way responsible banks and fintechs work together already.

“I would say that a lot of the documentation and the roles and responsibilities that we’ve defined are based on regulations that are in place,” Wildenborg said. “That’s where we started and that helped clarify things. We moved on from there.”

Choosing the right partner

Some banks have run into trouble for working with fintechs with sketchy business models, such as high-cost lenders and fintechs that high interest pet store loans that support puppy mills.

One of the rules in the Alloy Labs Alliance handbook is: “The bank is responsible for clearly outlining acceptable end customers as well as prohibited businesses.”

“A big thing for Sunrise is mission alignment,” Wildenborg said. “That’s one of our first pieces of qualification when we look at partners: do we see mission alignment?” Sunrise Banks has a mission to strengthen financial well-being and is a member of the Global Alliance for Banking and Values and a financial institution for community development, she said.

“So we have these different standards that we have to follow,” Wildenborg said. “These are different pieces that we have to take into account in order to maintain these certifications, but also to make sure that whatever our fintech partner is offering, who are they targeting? How are they targeting them? And who are they working with? Some times they” work with co-brands, for example to offer.”

A small business bank in the Alliance has drawn a line toward working with fintechs that serve cannabis and gambling businesses, Henrichs said.

Most of the banks in the group only support loans below the military interest rate ceiling, Henrichs said. They don’t work with fintechs that want to get around interest rate caps by working with a bank in a state that has no interest rate cap. This is a practice regulatory officials derisively refer to as “rent a charter.”

Determining which fintechs are good to work with and which are not is still difficult, said Queyrouze, who has worked in fintech for decades. (Prior to Coastal, Queyrouze was CEO of TAB Bank, a Utah banking-as-a-service financial institution.)

“There are no bright lines yet, but some lines may be starting to emerge behind the scenes,” he added. “We have a lot of discussion about this with our regulatory partners. The theme that I see, which I think is a good thing, is transparency, how you disclose. If you charge a high interest rate, that might be fine, but you have to be very clear about all costs.”

Manage data

The document also addresses the use of customer data and states that banks must enforce guidelines for data use with their fintech partners.

“It’s one of the hardest things,” Henrichs said. “I think there’s a lot of players out there that don’t even have a data usage policy that they look to enforce on their fintechs. And if you don’t specify that, it certainly doesn’t happen, other than by luck and maybe goodwill. So I think it has to be a kind of trust-but-verify: Tell them what the expectations are up front, but also go back and verify.”

It can be a challenge for banks to know what their fintechs are doing with customer data, Queyrouze acknowledged.

“That is the primary challenge and focus today that we are working on,” Queyrouze said. “How do we build better systems to protect the data, to anonymize the data, to track it [the Financial Data Exchange’s] protocols, where you take the least necessary data and transfer it? When you’re working with consumer data and bringing all of that into an environment that’s shared outside of your domain? There are tools out there to influence that, and to make sure it works, it really comes down to testing and auditing.”

Everyone agrees that collaboration on this playbook does not hinder any member’s ability to compete.

“We can’t compete on what good compliance is,” said Mike McCrary, senior vice president of Lincoln Savings Bank, in the early days of work on this document. “We can compete on how good we are at enforcing it and managing it, but we shouldn’t be competing on who can run the fastest and loosest around regulation. That’s the wrong thing.”