The Federal Deposit Insurance Corp. (FDIC) is attempting to tighten the recordkeeping in bank-fintech partnerships by imposing requirements on the “custodial accounts” through which the partners operate. Its proposed rule raises the compliance bar for both banks and fintechs, including the need to share daily reconciliations for the potentially thousands of fintech customers in any single custodial account. The proposal is open for public comments until December 2, after which the agency may revise it before issuing a final rule.
Background
On September 17, the FDIC introduced a proposed rule aimed at strengthening recordkeeping practices for banks that partner with non-bank entities to accept deposits through custodial accounts. The rule targets FDIC-insured depository institutions offering custodial deposit accounts with transactional features.
Custodial Deposit Accounts Defined
Custodial deposit accounts are those where a third party, often a non-bank, opens an account at a bank on behalf of multiple beneficial owners. These accounts typically involve commingled funds and enable transactions, such as payments and purchases, initiated by the beneficial owners through the account holder. According to the FDIC, each account may hold thousands of individual customers’ and businesses’ funds. This fund commingling causes banks to have less visibility into how the funds should be allocated to an account’s end-users.
Key Requirements for Banks
Banks would be required to complete an annual certification of compliance signed by an executive officer, stating that the bank has implemented and tested the recordkeeping requirements. Banks would further be required to complete a report annually that:
- describes any material changes to their information technology systems relevant to compliance with the rule;
- lists the account holders that maintain custodial deposit accounts with transactional features, the total balance of those custodial deposit accounts, and the total number of beneficial owners;
- sets forth the results of the institution’s recordkeeping requirement testing; and
- provides the results of the required independent validation of any records maintained by third parties.
Third-Party Partnerships, Contingency Plans, and Exemptions
While banks may partner with third parties to maintain records, they must have contingency plans, including backup systems, to ensure compliance during business interruptions. Contracts between banks and third parties must outline clear roles, responsibilities, and internal controls, with periodic validations to mitigate risk. There are, however, certain accounts exempt from the rule, including:
- accounts holding only trust deposits, government funds, broker- or attorney-held funds, employee benefit plans, real estate transactions, and mortgage servicer accounts;
- accounts legally barred from disclosing beneficial owners; and
- deposit placement networks, where the primary purpose is not to conduct payment transactions.
Motivation for the Rule
The proposed rule stems from the May 2024 bankruptcy of Synapse Financial Technologies, which disrupted customer access to funds held in custodial deposit accounts. The FDIC received over 1,000 complaints, highlighting the risks of poor recordkeeping in third-party partnerships. While the rule applies broadly to all custodial deposit accounts with transactional features, its lessons are drawn from such disruptions.
Impact on Fintechs and Banks
The FDIC’s proposed rule reflects a focus on protecting timely access to deposits, increasing customer confidence, and regulating evolving relationships between banks and fintech companies. However, compliance may impose significant operational and financial burdens on both banks and fintechs.
Fintechs, which often rely on partner banks to offer services like digital wallets and payment platforms, will need to maintain meticulous records, but it is ultimately the banks that bear the responsibility for compliance. The banks will need to either hold their customers on their own books or integrate their ledgers with the fintechs, a process that could prove prohibitively complex. This added complexity could drive up operational costs, particularly for smaller fintechs, which may need to invest heavily in resources or technical infrastructure to meet these new demands.
Implications for the Annual Certification Requirement and Potential for Individual Liability
The rule introduces an annual certification requirement, obligating banks to report and certify their compliance with the FDIC’s recordkeeping standards. What is unclear at this time is whether executives or compliance officers will be personally liable if inaccuracies or omissions are later discovered. However, this added scrutiny may lead to increased internal oversight, further raising the cost and complexity of maintaining these fintech partnerships. Bank leadership must ensure that the processes supporting this certification are robust, with clear documentation and audit trails in place to mitigate risks of non-compliance and associated penalties.
Independent Testing Requirement to Validate Records
Another key aspect of the proposed rule is the requirement for independent testing to validate the accuracy and integrity of the records maintained by banks and their third-party partners. This means banks will need to regularly conduct or commission independent audits of their recordkeeping systems, ensuring data is accurate, up-to-date, and accessible on demand. Independent testing adds another operational burden, as it requires additional resources and external expertise. For fintechs, working with banks under these terms may involve adapting their systems to withstand more stringent requirements, which could drive up costs, particularly for smaller fintechs.
For banks, the rule reinforces deposit insurance integrity, ensuring that in the event of a failure, the FDIC can quickly determine ownership of funds and pay insurance claims. However, the operational demands of daily reconciliations, annual certifications, independent validations, and maintaining contractual obligations with third parties may force banks to reassess certain fintech relationships. This could potentially limit partnerships or shift more responsibility onto fintechs, significantly impacting the more innovative products and services available in the fintech market. Banks may opt to scale back or avoid offering more complex fintech-driven solutions that require intricate ledger integration and increased oversight.
Broader Implications for the Fintech-Banking Landscape
The FDIC’s proposed rule has broader implications for how fintechs and banks collaborate moving forward. Banks may become more selective when choosing fintech partners, favoring those with strong compliance frameworks and transparent operations. The need for continuous access to data and daily reconciliations could lead to increased scrutiny in these partnerships, pushing fintechs to either improve their infrastructure or face being sidelined by larger financial institutions. This may also lead to consolidation in the fintech sector, with smaller companies struggling to meet the regulatory demands or passing on increased costs to their customers.
Moreover, while the rule aims to prevent future disruptions, such as the Synapse Financial collapse, it may slow the pace of innovation in the fintech industry. As fintechs adapt to these heightened compliance standards, the focus could shift from product development and customer acquisition to risk management and regulatory adherence. In the long term, this could reduce the flexibility and speed with which fintechs bring new products to market, impacting their competitiveness in an industry where agility has been key to success.
The rule may also deter bank-fintech relationships as they currently exist, making banks even more cautious about entering or maintaining these partnerships, especially given the numerous enforcement actions related to Banking as a Service (BaaS) over the past year. Additionally, it will have significant implications for how banks raise deposits in the future. Fintech companies have historically been able to attract deposits through innovative offerings that banks couldn’t provide on their own. Now, with these added regulatory burdens, banks may need to be more competitive to attract deposits without the ease of fintech partnerships, which could fundamentally shift the landscape of deposit-gathering strategies.
Ultimately, the proposed rule underscores the increasing regulatory oversight in the fintech space, bringing it closer to the traditional banking sector’s standards. While fintechs will need to manage the operational and financial costs of compliance, it is ultimately the banking sector that will need to reassess whether these partnerships are worth the added complexity and risk.
Treliant’s Take
To navigate the evolving regulatory landscape, fintechs and banks must prioritize strategic alignment and proactive planning. For fintech companies, building a robust compliance infrastructure is no longer optional; it is a competitive necessity. Fintechs should invest in automating compliance processes, such as real-time transaction monitoring and daily reconciliations, to reduce operational strain. Additionally, integrating compliance considerations into product design from the start can save time and resources down the line. Fintechs that take a proactive approach to regulatory requirements will be better positioned to secure partnerships with banks and maintain customer trust.
Banks, on the other hand, should reassess their third-party risk management frameworks. A more selective approach to choosing fintech partners, focusing on those with strong operational controls and transparent data handling practices, will be essential to mitigate the risks posed by non-compliance. Banks should consider setting up dedicated teams to oversee fintech partnerships, ensuring that regulatory demands are met without stifling innovation. Collaborating with fintechs that can meet these heightened compliance expectations may allow banks to preserve their ability to offer cutting-edge products while managing risk effectively.
Both banks and fintechs must embrace collaboration over competition. This regulatory shift presents an opportunity for partnerships that focus on joint innovation while sharing the burden of compliance. Rather than seeing regulatory demands as obstacles, fintechs and banks should explore co-developed solutions that can streamline recordkeeping and improve transparency. Such partnerships could lead to the creation of industry-standard platforms that not only meet FDIC requirements but also enhance the overall efficiency and security of custodial deposit accounts, ultimately benefiting customers and the whole financial ecosystem.
How Treliant Can Help
Treliant plays a crucial role in helping clients navigate these regulatory changes. With deep expertise in financial compliance, Treliant can assist both fintechs and banks in building the necessary infrastructure to meet the FDIC’s recordkeeping requirements. Treliant’s advisory services can help clients assess their current compliance frameworks, identify gaps, and develop strategies to integrate real-time reconciliation and data transparency into their operations. Additionally, Treliant can provide third-party risk management consulting, helping banks select fintech partners that align with regulatory demands, while ensuring fintechs are equipped to maintain compliance without sacrificing innovation. By leveraging Treliant’s expertise, clients can mitigate risk, streamline processes, and maintain a competitive advantage in a highly regulated environment.
Authors
