Consent Order Double Header Suggests Tough 2024 For Fintech, Banking-as-a-Service
Consent Order Double Header Suggests Tough 2024 For Fintech, Banking-as-a-Service
Another CFPB "Junk Fee" Rule, NY BNPL Law, PayPal's "Shock" Falls Short, Is the Fintech Mega-Round Back?
Hey all, Jason here.
I come from a fintech and banking background, not a media one, but I’ve certainly learned some of the challenges of running a “media business” in the course of building Fintech Business Weekly over the last three and a half years.
Less than a month into 2024, and intensifying signs of stress in the media landscape are undeniable: from Sports Illustrated’s junk AI content scandal to substantial layoffs and employee walk outs at publications ranging from the LA Times to Condé Nast and Business Insider.
Fintech-focused media isn’t immune to the pressures on the business model of journalism, with news site AltFi announcing it is shutting down after 10 years in the space.
There’s a reason why the media is thought of as the “fourth estate.” Whether reporting on politics or the banking and fintech industry, an independent media — not one owned by billionaires or used by VCs to talk their own book — has a key role to play in providing unbiased reporting and analysis.
This all to say, support the sources of information and analysis you find value in, even if it isn’t this one!
If you enjoy reading this newsletter each Sunday and find value in it, please consider supporting me (and finhealth non-profits!) by signing up for a paid subscription. It wouldn’t be possible to do what I do without the support of readers like you!Only 5 DAYS left to get your Fintech Meetup tickets!
Sponsored content: Don’t miss 45,000+ meetings at Q1’s BIG Fintech Event. Room Block 95% Sold out — Register & Book Room before Feb 5 Deadline!
CFPB Proposes Another “Junk Fee” Rule
Fresh on the heels of its new proposed rule that would effectively cap overdraft charges — potentially as low as $3 — the CFPB dropped another “junk fee”-related proposed rule last week.
According to a statement from the CPFB, “The proposed rule would prohibit non-sufficient funds (NSF) fees on transactions that financial institutions decline in real time. These types of transactions include declined debit card purchases and ATM withdrawals, as well as some declined peer-to-peer payments.”
One notable difference vs. the proposed overdraft rule is what financial institutions the new measure would apply to: all of them, basically.
Unlike the proposed overdraft measure, which would only apply to banks with more than $10 billion in assets, the new NSF measure would apply to “covered financial institutions” as defined by Reg E.
The proposed rule is a bit of a nothingburger, as it’s already uncommon for banks to assess NSF fees for declined “real time” transactions, like attempted debit card payments or ATM withdrawals. The CFPB seemed to implicitly acknowledge this, describing the measure as “proactive” and saying:
“The CFPB is taking proactive steps to ensure that financial institutions do not impose these fees, which can occur for a host of reasons that are out of the consumer’s control. Specifically, as technology advances, financial institutions may be able to decline more transactions right at the swipe, tap, or click. These transactions include ATM, debit or prepaid card, online transfer, in-person bank teller, and certain person-to-person transactions.”
NY Gov’s Law Would Require BNPL Lenders To Assess Ability To Repay
Earlier this month, New York Gov. Kathy Hochul promised legislation to strengthen regulation of buy now, pay later companies that operate in the state.
The measure, included in her proposed Transportation, Economic Development and Environmental Conversation Bill, could, if enacted, have serious repercussions for how buy now, pay later providers operate in the state.
The law would define a “buy-now-pay-later loan” as “credit provided to a consumer in connection with such consumer’s particular purchase of goods and/or services, other than a motor vehicle,” which, law firm Ballard Spahr notes, is quite broad and could include non-BNPL products if it is signed into law as is.
The definition does not include criteria about number of payments, open vs. close ended, or whether or not a product carries a finance charge. The proposed legislation would exempt banking organizations that are licensed in the state and national banks chartered by the OCC, but is silent on the question of out-of-state state-licensed banks.
The proposed law would impact covered companies by:
requiring BNPL providers to be licensed in New York and to submit to regulatory examinations
prohibiting false, misleading, or deceptive advertisements
prohibiting “unfair, abusive, or excessive” penalties or fees
requiring clear and conspicuous disclosure of any fees
requiring a process for consumers to return and obtain refunds for goods or services they purchased with a BNPL plan
requiring BNPL providers to undertake an ability to repay analysis, though it would be up to the state regulator, the NYDFS, to promulgate the specifics of the required analysis
requiring BNPL providers to maintain accurate data for credit reporting, though it would stop short of actually requiring companies to furnish data to the credit bureaus
As written, the proposed law would presumably apply to the major BNPL providers, including Affirm, Klarna, and Afterpay, which is now part of Block.
PayPal’s Promise To “Shock The World” Falls Short
PayPal’s PR machine was working overtime to hype up a slate of product announcements it made last Thursday — loudly promising it would “shock the world.”
If the reaction from analysts and shareholders is any indication, the world was not impressed.
The announcement was heavy on buzzwords — “AI” was mentioned at least nine times in the comparatively brief written statement — but light on substance.
The company announced six key developments:
“Transforming checkout” by making it easier for merchants to integrate PayPal as a payment method, “reducing latency,” and integrating passkeys that let users authenticate with a fingerprint or facial recognition. PayPal further claims its new checkout experience “will also leverage AI to get smarter and faster over time.”
The introduction of “Fastlane by PayPal,” which basically boils down to a one-click checkout solution. Numerous others, like Fast and Bolt, have attempted this but failed to gain traction. Stripe is also making a push in the space, with its consumer-facing Link offering. PayPal certainly has the benefit of a large existing merchant and user base, but faces plenty of barriers to achieving widespread adoption for its own one-click solution.
The launch of “Smart Receipts,” which are, of course, described as “AI-powered.” Smart Receipts will enable consumers to track their order and will let merchants target recommendations and offers to customers. Klarna and Apple Wallet offer similar receipt-and-order tracking capabilities.
An “Advanced Offers” platform, which — surprise! — also uses AI to enable merchants to target users with personalized offers. Rather than relying on browser behavior, PayPal promises to let merchants target shoppers based on what they’ve actually purchased, “down to the stock keeping unit (SKU).” While end-users often say they’re concerned about potential privacy risks of such initiatives, they rarely actually make decisions based on those stated concerns. The CFPB, however, has frequently raised concerns about so-called “data harvesting,” including possible plans to classify certain kinds of data brokers as consumer reporting agencies.
A plan to “reinvent” the PayPal app, including CashPass, which uses AI (are you noticing a trend yet?) to organize personalized cash-back offers based on where a user has shopped. PayPal plans to begin rolling out such offers in March, starting with merchants that include Best Buy, eBay, McDonald’s, Priceline, Ticketmaster, Uber, and Walmart. While users unquestionably love rewards and cashback, it’s unclear how CashPass is materially distinct from PayPal’s existing cashback offers or merchant offers built in to popular credit cards, neobanks, and digital wallets.
Is The Fintech Mega Round Back? Bilt Raises $200 Million At $3.1 Billion Valuation.
Frequent readers will know I rarely cover fundraise news — but I’m making an exception for rewards credit card startup Bilt. The company announced a $200 million raise, led by General Catalyst, which valued the company at $3.1 billion. As part of the deal, General Catalyst chairman and former American Express CEO Ken Chenault will join Bilt’s board of directors.
The size of the fundraise and increase in headline valuation are notable given the relatively bleak landscape in consumer fintech lately, particularly in the consumer lending segment Bilt is in.
Bilt partners with Wells Fargo to issue its credit card and is most notable for allowing users to earn points on rent payments, up to a maximum of 100,000 points per year — whether or not their landlord accepts card payments.
Offering rewards on rent payments has helped Bilt compete for higher-income and higher-credit score cardholders that might typically be attracted to rewards cards like the Chase Sapphire Reserve or American Express Platinum card. And, unlike premium cards from other issuers, Bilt carries no annual fee.
Bilt’s apparent traction with a higher-earning and higher-credit segment demographic is a notable accomplishment, given most fintech companies that offer credit products have focused on lower-income and non-prime segments that have historically been less-well served by establishment banks.
How Bilt makes the economics work of offering points on rent payments, even when transactions aren’t on Bilt’s card and thus don’t generate interchange revenue, is a bit unclear. Users must make at least five transactions on the card each statement period to earn any points, suggesting Bilt could be using the rent offer as a loss leader to attract users, hoping to capture a larger share of wallet.
According to a statement to TechCrunch, Bilt said its annualized member spend is “nearing” $20 billion and that it achieved EBITDA profitability in 2023 — though I’d be remiss if I didn’t point out EBITDA isn’t the most useful financial measure for lending companies.
Blue Ridge, Choice Bank Hit With Enforcement Actions Over BSA/AML Compliance, Fintech Relationships
Late last week, not one but two BaaS-related enforcement actions became public.
Blue Ridge Bank disclosed in an SEC filing that it had entered into a consent order with its primary federal regulator, the OCC, as first reported by Fintech Business Weekly early Friday morning.
The order is notable as it comes less than 18 months after the bank entered into a formal agreement with the OCC. The new consent order incorporates the elements of and replaces the prior formal agreement.
From the limited external information available, Blue Ridge seemed to be taking the right steps to address the issues raised in 2022’s OCC agreement.
It reshuffled leadership, bringing in veteran community banker William “Billy” Beale. It began the process of refocusing on its community banking roots and reducing its exposure to fintech partners. And it embarked on a $150 million capital raise to shore up its balance sheet.
But, evidently, these steps were not enough to convince the OCC that Blue Ridge had made sufficient progress on mitigating risks highlighted in the 2022 agreement.
In addition to requiring Blue Ridge to improve its BSA/AML compliance and third-party risk management, the order also continues to require Blue Ridge to receive OCC non-objection before onboarding new fintech partners or offering new products or services through existing third-party relationships.
The order also classifies Blue Ridge as being in “troubled condition,” which limits its ability to receive expedited review of certain regulatory filings and restricts golden parachute payments to bank executives.
Public enforcement actions from federal regulators don’t specify precisely what led to the orders, so it’s impossible to know, from public information, what role, if any, Blue Ridge’s fintech clients and BaaS partner platforms played in the resulting order.
Per publicly accessible information, Blue Ridge’s third-party partners include:
Middleware platform Increase, which works with fintechs that include Gusto, Pipe, Ramp, and Crowdstreet
Middleware platform Unit, which works with Ampla, Invoice2Go, Seis, and Globalfy
Direct partnerships with fintechs that include Capital (formerly known as Party Round), Novel, Loaner, and numerous others
Another BaaS player, Choice Bank, was also hit with an enforcement action (PDF) that it entered into in late December and that was made public last Friday.
In Choice’s case, the action stemmed from a joint FDIC and North Dakota Department of Financial Institutions examination in June 2023 that resulted in a report of examination that concluded Choice violated certain provisions of the Bank Secrecy Act and the FDIC’s implementing regulations.
Like Blue Ridge’s order, the enforcement action against Choice emphasizes the bank’s gaps in oversight and controls, including of third party fintechs with which it works.
Among other requirements, the enforcement action orders Choice to:
improve its board oversight of the bank's BSA/AML program and compliance, including as it relates to third parties (eg fintech partners)
establish an AML/CFT compliance committee & revise and strengthen the bank's AML/CFT program
revise the bank's system of internal controls
implement an appropriate customer identification program (CIP), including by addressing identified weaknesses
implement an appropriate customer due diligence program (CDD), regardless of whether end customers are onboarded via third parties (fintech partners)
implement appropriate suspicious activity monitoring & reporting practices
conduct a lookback review on customers and transaction activity for customers onboarded via third parties flagged in the bank's 2023 report
ensure the bank has an appropriately sized staff with adequate resources and independence to meet the requirements of the order
(Sarah Beth Felix, an expert in the space, has additional analysis on the order here.)
Like Blue Ridge, Choice works with a middleware platform — which also happens to be Unit — and has direct fintech partnerships. Choice’s direct fintech partners include:
Business banking startup Mercury; Mercury also works with Evolve Bank & Trust
Business banking startup Lili; Lili also works with Column Bank
Consumer neobank Current; Current also work with Cross River Bank
The spate of recent enforcement actions understandably has fintech and BaaS banking world on edge. And there is every indication that there are more public actions yet to come, as the OCC, FDIC, and FRB work through bank exam cycles and any issues they uncover.
What, if anything, should banks and fintechs takeaway from the continued regulatory pressure? Like it or not, banks are the de facto enforcers for their middleware and fintech partners — and, it’s clear, regulators expect them to act like it.
For middleware platforms and customer-facing fintechs, the unfolding pain is a reminder that due diligence runs both ways. Selecting a bank partner is one of the most consequential decisions a startup can make. Taking the time to understand the risk posture of different bank partner choices can help fintechs to avoid unpleasant surprises down the line.
Redundancy, either by working through a middleware platform that has multiple bank relationships or having more than one direct bank partner, is a worthwhile “insurance policy” for fintechs to consider.
Representatives from Blue Ridge Bank did not respond to multiple requests for comment.
A representative for Choice Bank said, “Choice Bank maintains a cooperative relationship with both the FDIC and North Dakota Department of Financial Institutions and are working closely with them to fulfill our obligations, both now and in the future.”
A representative for Unit said, “Unit’s technology is used today by eight banks. Each of these banks is deeply committed to compliance and attuned to the regulatory changes shaping the industry today. By design, all bank partners have a direct relationship with the third parties that market their products and services to end-customers. Banks oversee client programs using Unit’s dashboard and tools, through real-time data access, and with the bank’s own internal technology and processes.”
A representative for Mercury said, “There is no impact or service disruption for our customers. While this is a time of heightened scrutiny for the banking sector, Mercury has long prioritized building an industry-leading risk and compliance system to support the scale we have achieved and our plans for future growth. We have a strong partnership with Choice and our other financial partners, and are working closely with them. We don’t see this as a one-time exercise but rather part of our ongoing commitment to responsible and compliant innovation.”
A representative for Current said, “Current partners with multiple banks to provide products and solutions to serve our mission of improving our members’ financial lives and is committed to ensuring they meet all required regulations and guidelines, including undergoing regular audits to ensure compliance. We don’t anticipate today’s news will have any impact on our upcoming business plans, future growth or innovation.”
Tips about what is happening in banking-as-a-service? Reach me on secure messaging app Signal at +1-316-512-1571.
Other Good Reads
The Future of On-Demand Pay and Earned Wage Access (Jason Lee/Fintech Nexus)
Save Me From The Subscription Economy! (Fintech Takes)
State of Fraud Benchmark Report (Alloy)
About Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Vendor, partner & investment opportunity advice and due diligence
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at +1-316-512-1571