Any reorganization brings with it a few strategic changes, but the announcement by the Office of the Comptroller of the Currency (OCC) that it will overhaul its supervision of community and mid-sized banks, effective October 1st, may spell a fairly profound shift in how fintechs and cryptocurrency companies are supervised. Daniel Stipano, a partner at Davis Polk and former deputy chief counsel for the OCC, described the restructuring as significant and a recognition of industry changes. (https://www.userwalls.com/n/occ-overhauls-community-midsize-bank-supervision-3009913/)
What’s perhaps most significant is the OCC’s creation of a deputy comptroller position devoted exclusively to overseeing novel banks and technology service providers. Unlike the regional reach of most OCC deputy comptrollers, this individual will be responsible for examining and supervising fintechs across the US.
This change should come as no surprise to anyone following recent remarks by the Acting Comptroller of the Currency, Michael J. Hsu. At fintech and blockchain conferences held during the past year, he expressed concerns that fintech and crypto firms are growing extremely rapidly, and yet operate outside the traditional bank regulatory structures. For this reason, he believes in “modernizing the financial regulatory perimeter.”
Hsu notes that most changes to the “reg perimeter” are prompted by crises and failures, but “given the pace and breadth of innovation [in fintechs and crypto companies], we cannot wait and should be proactive.” https://www.occ.gov/news-issuances/speeches/2021/pub-speech-2021-117.pdf
More OCC Changes Ahead
Beyond greater supervision for fintechs and crypto companies, the OCC indicated that it will create additional flexibility to account for the consolidation of small banks.
Some of the changes ahead are largely administrative, as in the altering of oversight boundaries. Currently, there are four district boundaries, while going forward, there will be six regions: Northeast, Central/Mid-Atlantic, South, Southeast, Midwest, and West.
Along with new oversight responsibilities will come additional OCC staff devoted to community and mid-sized banks. The OCC memo indicated that 20 new positions will be created as part of the overhaul.
These OCC changes may mean that some community banks will be reviewed by different agency employees in the future.
Because the OCC will soon be shining a spotlight on fintechs and other banking innovators, community banks should start revisiting their vendor due diligence:
● General corporate information. The more you know about your vendors, the better you are able to identify compliance risks. And remember, that gathering information about a vendor isn’t a one-off event. It’s important to continue monitoring vendors, staying on top of any internal changes that could alter compliance status.
● Financial and insurance review. Community banks need to make sure that a vendor’s financials are in order and any required insurance up to date. Although this can be a tall order, as many fintechs are startups with scanty track records.
● Reputation. When thinking through the reputational risks that arise from working with a particular vendor, consider getting top management and the board involved. Should anything go wrong, you’ll want to have carefully documented all discussions about that vendor in management and board meeting minutes.
● Information security. Often, fintechs have access to your customers’ most sensitive data. How this data will be used and kept secure are critical questions that banking partners must ask. Setting boundaries about data use is extremely important, and the boundaries set should be codified within the partnership contract.
● Subcontractors. If a fintech works with subcontractors, will these subcontractors have access to your customers’ data? If so, you need to delve deeper into the subcontractors’ data use practices and their cybersecurity and risk precautions.
As the relation between technology and financial services becomes increasingly codependent it will be more critical than ever to carefully vet vendor partners. Gone are the days when you could simply purchase software without giving a second thought to the company providing that software. It’s increasingly important to forge deep relationships with your outside vendors and to be diligent in maintaining healthy relationships over time.