On September 17, the Federal Deposit Insurance Corporation (FDIC) proposed a new rule that would significantly impact the risk management and oversight requirements for bank-fintech arrangements.1 This proposal comes in response to recent events, notably the failure of Synapse Financial Technologies, Inc., a “middleware provider” for numerous fintech companies.
If adopted, the new rule will require banks catering to fintech companies to enhance their recordkeeping and oversight of the fintech’s activities.
Typically, fintech companies partner with FDIC-insured depository institutions (IDIs) to offer banking services to their customers through a structure often referred to as “Banking-as-a-Service” (BaaS). In these arrangements, the fintech company usually opens a single, omnibus account at the IDI in which funds are pooled and held “for the benefit of” (FBO) the fintech company’s end users.
The fintech company then maintains its own ledger, tracking individual customer balances and transactions. Longstanding FDIC policy states that these funds are generally covered by federal deposit insurance if certain requirements are met, including recordkeeping regarding the beneficial owners of the funds.2
Following Synapse’s bankruptcy filing in April 2024, thousands of consumers lost access to their funds, prompting a flood of complaints to the FDIC and calls for action from consumer protection groups and congressional leaders.3 These accounts were not eligible for deposit insurance payouts because there has not been an associated IDI failure.
According to the FDIC, the episode exposed significant deficiencies in recordkeeping practices, as banks struggled to determine the ownership of funds deposited through Synapse. The situation highlighted the risks inherent in complex third-party arrangements, particularly when consumers believe their funds are FDIC-insured but may not understand the limitations of that protection.
The rulemaking is the latest signal that federal bank regulators are more closely scrutinizing fintech arrangements.
This comes on the heels of a joint statement issued by the FDIC, the Office of the Comptroller of the Currency, and the Board of Governors of the Federal Reserve on July 25, which highlighted the risks involved in bank-fintech arrangements and was accompanied by a request for information from the industry.4
The proposed rule aims to address recordkeeping and insurance coverage risks by requiring banks to maintain accurate, accessible (i.e., auditable) records of beneficial owners and their balances for “custodial deposit accounts with transactional features.” These measures are intended to ensure that even if a third-party intermediary like Synapse fails, banks have the immediate ability to identify account owners and provide access to their funds.
Key Provisions:
1. Scope: The proposed rule’s requirements would apply to IDIs that hold “custodial deposit accounts with transactional features,” which are accounts meeting three criteria:
a. the account is established for the benefit of beneficial owner(s);
b. the account holds commingled deposits of multiple beneficial owners; and
c. a beneficial owner may authorize or direct a transfer through the account holder from the account to a party other than the account holder or beneficial owner.
2. Recordkeeping Requirements: IDIs must maintain detailed records of beneficial owners and their account balances for custodial deposit accounts with transactional features.
3. Third-Party Arrangements: If using third parties for recordkeeping, IDIs must ensure direct, continuous, and unrestricted access to records, even in the event of the third party's business interruption or insolvency.
4. Daily Reconciliation: IDIs must implement internal controls to ensure accurate balances and daily reconciliation of custodial deposit accounts.
5. Annual Independent Validation: Third-party recordkeeping must be validated annually by an independent party.
6. Compliance Certification: IDIs must complete annual compliance certifications and reports, to be submitted to the FDIC and the appropriate federal banking agency.
7. Exemptions: Certain types of custodial accounts are exempt, including those holding only trust deposits, government depositor accounts, and accounts established by brokers or investment advisers.
The proposed rule represents a significant new compliance obligation for affected IDIs, particularly in terms of recordkeeping and reporting requirements for custodial deposit accounts with transactional features.
If it is adopted as proposed, we expect that fintech companies partnering with banks for custodial account offerings would be subject to significantly increased contractual obligations. The rule may also require substantial updates to technology systems and internal controls, potentially increasing operational costs for IDIs and fintech companies alike.
Fintech companies should review their current bank partnerships, assess their recordkeeping capabilities, and prepare for potential operational changes.
The FDIC is seeking comments on all aspects of the proposed rule. Financial institutions and fintech companies should carefully review the proposal and consider submitting comments during the 60-day comment period.
Footnotes
1See Federal Deposit Insurance Corporation, FDIC Proposes Deposit Insurance Recordkeeping Rule for Banks’ Third-Party Accounts (Sep. 17, 2024), https://www.fdic.gov/news/press-releases/2024/fdic-proposes-deposit-insurance-recordkeeping-rule-banks-third-party.
2Federal Deposit Insurance Corporation, General Counsel's Opinion No. 8; Insurability of Funds Underlying Stored Value Cards and Other Nontraditional Access Mechanisms, 73 Fed. Reg. 37852 (July 2, 2008).
3E.g., Adam Rust, “The Synapse Crisis Reveals the Urgent Need for Supervision of BaaS,” Consumer Federation of America (Jul. 8, 2024), https://consumerfed.org/the-synapse-crisis-reveals-the-urgent-need-for-supervision-of-baas/; Letter from Senators Brown, Fetterman, Baldwin, and Wyden to W. Scott Stafford, President and CEO of Evolve Bank & Trust (Jun. 28, 2024), https://www.banking.senate.gov/download/synapse-letter.
4https://www.occ.gov/news-issuances/news-releases/2024/nr-ia-2024-85a.pdf; https://www.occ.gov/news-issuances/news-releases/2024/nr-ia-2024-85b.pdf.