OCC's 2023 Supervision Plan Includes Fintech, BaaS Focus
UK Challenger Bank North Shuts Down, Binance "Cross Bridge" Hack, Study Shows Americans' "Financial Health" Deteriorating
Hey all, Jason here.
I’m wrapping up this week’s newsletter from a hotel in beautiful Valencia, Spain. I’m here for an event put on by upSWOT, a bank-delivered embedded finance analytics platform designed to help SMBs aggregate and analyze their business data. My thanks to the entire upSWOT team for putting together an interesting and fun event!
It’s been a great way to kick off what will be a busy month of conferences and travel — I’ll be at SIBOS in Amsterdam next week, and, of course, Money20/20. I’m looking forward to what is sure to be an exciting (if not exhausting!) month.
Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:
Fintech Meetup is the next big thing in fintech events!
Sponsored content: Join fintech’s only tech-enabled event! We connect all attendees through technology (it’s a proper platform with workflows, not a basic app!). Meet anyone for any reason, easily and efficiently, using technology that works. See it for yourself, at the Aria, Las Vegas from March 19-22.
Binance Makes For 4th $100 Million+ “Cross Bridge” Hack Just This Year
Binance, the world’s largest crypto exchange by volume, experienced a $570 million hack of its “Binance Smart Chain.” Also known as “BNB Chain” or simply the “Binance blockchain,” the company took the extreme step of suspending all transactions and funds transfers on the blockchain. The measure limited the attackers’ ability to transfer funds to other chains and appears have constrained losses to around $100 million.
The attackers forged messages that enabled them to mint new BNB tokens, which they then attempted to move off of Binance to other chains. Because the attack created new tokens, there was no direct impact to existing users’ funds.
The perpetrators exploited a vulnerability in Binance’s BSC Token Hub, a so-called cross-chain bridge. Such bridges enable users to move assets between otherwise incompatible blockchains.
The complexity of such bridges has proven a boon to hackers — this is the fourth nine-figure attack this year (that’s $100 million+, if you’re struggling to count the zeros.)
Previous heists include a $100 million theft from Horizon Bridge, $190 million from Nomad, and $625 million from play-to-earn game Axie Infinity’s Ronin Bridge.
Altogether, some $2 billion has been stolen in cross-chain attacks, according to crypto analytics firm Chainalysis.
These hacks demonstrate that much of the crypto ecosystem still lacks something one would think is a prerequisite for holding users’ assets: security.
Not only that, but how crypto companies and the crypto community respond to such attacks can undermine other values many advocates of the ecosystem often espouse: particularly about the ‘censorship-resistant’ and ‘immutable’ nature of crypto — for instance, by shutting down blockchains, freezing funds or wallets, or even “forking” a chain to effectively reverse rogue transactions.
UK Challenger Bank North Shuts Down Amid Funding Crunch
UK challenger Bank North — which secured a full banking license just last year — has decided to shut down after struggling to raise fresh capital it would need to comply with regulatory capital requirements. The challenger focused on the SME lending market and had only just begun originating loans this January.
According to AltFi, Bank North, which last raised a £20 million Series A round in 2021, had been trying to raise an additional £50 million at a £106 million valuation. Finding itself unable to raise new funding, the bank would not be able to meet Bank of England requirements and thus opted to wind down operations.
As part of the “solvent wind down,” the bank is working to sell its £17m loan book, which the bank’s chairman Ron Emerson characterized as “critical” to ensuring all creditors and employees get paid in full.
OCC’s 2023 Supervision Plan Includes Fintech, Banking-as-a-Service, Crypto & Climate Focus
If any doubts about the OCC’s focus on fintech, in general, and banking-as-a-service, specifically, weren’t put to rest by its recent agreement with Blue Ridge, the agency’s recently released bank supervision plan for fiscal year 2023, which began on October 1st, should do the trick.
According to the OCC’s press release, “[t]he plan provides the foundation for policy initiatives and for supervisory strategies as applied to individual national banks, federal savings associations, federal branches, federal agencies, and technology service providers. The OCC staff uses this plan to guide its supervisory priorities, planning, and resource allocations.”
The plan speaks broadly both to evergreen and emerging areas of risk, including strategic and operational planning, operational resiliency, credit risk management, and the Community Reinvestment Act, but also to interest rate risk (more relevant than ever), consumer compliance, climate-related financial risks, third parties and related concentrations, and new products and services.
Regarding “third parties,” which would include non-bank fintechs that work with banks in a variety of ways, the plan states (spacing adjusted, emphasis added):
“Examiners should determine whether banks are providing proper risk management governance of their third-party relationships, commensurate with the risks posed, which may include relationships with financial technology (fintech) companies.
Examiners should identify the risk attributes of these relationships, for example, if they involve customer-facing products and services, are critical to bank operations, represent significant concentrations, affect the bank’s operational resilience, or affect compliance with requirements such as the Bank Secrecy Act and consumer protection laws.
Additionally, examiners should determine whether the bank and third parties have sufficient, qualified staff to meet contractual obligations. Examiners should be aware of the cyber-related risks arising from third parties and evaluate the bank’s assessments of third parties’ cybersecurity risk management and resilience capabilities.”
It’s worth noting here that the OCC isn’t only describing customer-facing fintechs, like neobanks, that partner with banks to deliver services. The OCC also references third party relationships that “are critical to bank operations” or “affect compliance with requirements” — which would include fintech service providers in areas like customer onboarding, KYC, AML, transaction monitoring, and fraud screening, for instance.
The OCC’s 2023 plan goes on to detail a focus on new products and services, including both fintech and crypto (spacing adjusted and emphasis added):
“Examiners should assess whether banks remain vigilant when considering growth and new profit opportunities. Examiners should assess bank management’s and the board’s understanding of the impact of innovative or new activities, including activities offered through third-party relationships, on the bank’s financial performance, strategic planning process, and risk profile.
Examiners should identify banks that are implementing significant changes in their operations using new technological innovations. These include cloud computing, artificial intelligence, digitalization of risk management processes, and engaging in banking-as-a-service arrangements. Examiners should evaluate the implementation of any changes to and appropriateness of governance processes when banks undertake significant changes.
When crypto-related and other new products and services are present, examiners should evaluate risk management practices for these products and services, including reviews of due diligence activities and evaluations of expertise to manage the technology, financial, operational, compliance, strategic, reputational, and other risks. Examiners should assess whether banks have sought and received a supervisory nonobjection before engaging in the activities described in Interpretive Letter 1179.”
The plan also calls attention to consumer compliance risk, specifically in relation to “new or innovative products, services, or delivery channels,” disclosure/UDAAP risk, and adequate compliance staffing (spacing adjusted and emphasis added):
“Consumer compliance: In addition to assessments required by statute, regulation, or OCC policy, examiners should focus on compliance management systems, including complaints management, and the build-out of new or innovative products, services, or delivery channels.
Focus should also be on how the programs are implemented and how terms of the programs are disclosed in relation to requirements under unfair, deceptive acts or practices and unfair, deceptive, or abusive acts or practices statutes. Examiners should also focus on evaluating compliance staffing, by assessing staff numbers, expertise, training, changes to staffing models, and the extent to which compliance functions are supported by third parties.”
While the OCC’s 2023 supervision plan doesn’t constitute specific guidance to banks or their fintech partners, it does quite clearly spell out the kinds of questions it may ask in a supervisory exam. Nationally chartered banks overseen by the OCC would be well advised to prepare accordingly.
Americans’ “Financial Health” Deteriorating in the Face of High Inflation, Report Shows
The Financial Health Network released the 2022 edition of its Financial Health Pulse® report and, perhaps unsurprisingly, it showed an overall decline in Americans’ financial health — the first such decline the group reported since beginning the survey in 2018.
The survey is designed to assess four key indicators of financial health: if respondents are spending less than their income; if they are able to pay bills on time; if they have sufficient liquid savings; and if they have sufficient long-term savings.
These underlying indicators are combined to group respondents as financially “healthy,” “coping,” or “vulnerable.”
During the early phase of the COVID pandemic (~2020), robust government support in the forms of expanded unemployment, nutrition support (“food stamps”), and stimulus payments meant many families saw their financial situation improve and managed to bank significant savings.
While the economy’s “reopening” in 2021 was certainly uneven, in many cases, workers held the upper hand, as employers across wide swaths of the economy faced talent shortages, which translated into growing wages.
But, in 2022, although the job market has remained robust so far, nearly double digit inflation is taking a toll on families’ budgets.
This is demonstrated in the survey results, which show a 6% point drop in respondents who reported that their spending is less than or equal to their income:
Other indicators that deteriorated include those reporting paying all bills on time (-1% point), those with enough savings to cover three months’ expenses (-3% points), and those that felt they were on track to meet their long-term financial goals (-3% points).
The overall result was a decrease in the proportion of respondents considered “financially healthy” from 34% to 31%, while those considered to be “coping” increased from 52% to 55%, and those considered to be “vulnerable” increased from 14% to 15%:
FT Partners: $4.1 Billion Across 267 Fintech Deals in September
In a sign that the fintech funding environment may be stabilizing, FT Partners’ October report indicated a slight rebound from August’s $3.5 billion across 257 deals in the sector.
And anecdotal evidence shows it isn’t exclusively smaller, earlier rounds that are getting done. Recently announced deals include Tally’s $80 million Series D, Jiko’s $40 million Series B, and Railsr’s $26 million equity + $20 million debt Series C (stay on top of the latest fundraising news at This Week in Fintech.)
Other Good Reads
BNPL’s Biggest Problem (Fintech Takes)
How to Make Better Decisions (Chaos Engineering)
How to Fix the $30 Billion Overdraft Problem (Ron Shevlin/Forbes)
Contact Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion
Early stage startup looking to raise equity or debt capital