top of page

Acting Comptroller Hsu’s speech - the tip of a new regulatory iceberg


A lot of folks in fintech are still talking about Acting OCC Comptroller Michael Hsu’s recent speech, which among other things outlined a new regulatory approach to Banking as a Service (BaaS), or partner banking.

As he noted, we’re in the midst of a fundamental change in our banking system. Banks are no longer the sole integrators and providers of financial services. Instead, the component parts of a given financial service (e.g. product design, marketing, customer acquisition, processing, funding, etc.) are being disaggregated and performed by specialists (banks and nonbanks) rather than all by a single bank. At the same time, financial services are becoming seamlessly woven into our everyday experiences (buying a car, having dinner with friends, taking an Uber home). This is creating an increasingly impactful, varied, complex, and intricate set of relationships involving banks and nonbanks/fintechs.

Fintechs have become large and important providers of financial services to consumers and businesses. Not all fintechs want to, can be or should be banks - in fact, the majority won’t be, especially as it’s becoming increasingly clear that bank regulators are less than open to bringing a large proportion of fintechs within the regulatory perimeter. But banks, and the special powers they control by law, remain essential to most financial services. As a result, partnerships among banks and fintechs will continue to be a critically important avenue to deliver financial services.

Hsu’s right that fintechs and partner banks need to put in the time and investment to conduct these partnerships in a compliant and resilient way. But he and other regulators will need to contend with the fact that these relationships are the inverse of traditional bank/vendor relationships: in many cases, it is the fintechs and not the banks that bring the customers - indeed, many bank partners operate largely in the background. This economic reality may call for a different regulatory approach to these relationships compared to the traditional vendor management framework. For now, though, banks, fintechs and the regulators are stuck with that vendor risk management framework.

I shared some further thoughts in an article in the American Banker here - but the bottom line is:

  • If you’re a bank that partners with fintechs, it’s critical to acknowledge the much higher level of regulatory expectations and scrutiny that are headed your way—and to invest now in the tech and risk management work likely required to meet and exceed those expectations.

  • If you’re a fintech with significant dependencies on a single small bank for a given product or service, now is the time to press your bank partners for more information, up your own game regarding compliance and risk management, and, critically, to invest in diversifying your exposure by implementing complementary bank partnerships.

Higher regulatory expectations and more intense scrutiny are probably overdue and valuable. Banks that invest to meet those higher expectations in compliance and risk management are and will be performing a critical function by enabling innovation in the previously too-stagnant financial services sector. That should be encouraged for the benefit of consumers - and for the benefit of community banks increasingly desperate for additional lines of profitable business.

If you want to talk further about the future of partner banking, BaaS, and the new and fast-evolving regulatory environment in which we’re all operating, shoot us a note at

Photo by Erol Ahmed on Unsplash


bottom of page