The Office of the Comptroller of the Currency (OCC) has been featured many times in the news recently in connection to increased scrutiny of the relationships and financial offerings of banks and their third-party fintech partners. Blue Ridge Bank, a Virginia-based financial institution, has specifically come under fire for inadequate oversight of activities and products offered by their partners.
When the dust settled, the OCC and Blue Ridge came to an agreement, which included an order to increase oversight of third-party fintech partnerships, bolster anti-money laundering (AML) risk management, improve suspicious activity reporting (SAR), and increase information technology controls.
The OCC also has plans to create a new Office of Financial Technology in 2023, with the goal to ensure the federal banking system is safe, sound, and fair. This new office will pay close attention to fintech innovation, and keep newly conceived services and partnerships inline with regulations.
The scrutiny of banks and their partners has increased, while valuations and funding opportunities for fintechs have declined. Without investor funds, many fintechs and neobanks have begun pursuing profitability through new revenue streams. As fintechs begin to offer loans and other financial products it’s important that they focus on choosing the best technology partners to ensure security and compliance.
This is especially a focus for partner banks as the capital, compliance expertise, and licensing partner to fintech/marketplace lenders. Failure to operate within the scope of compliance could result in hefty fines or loss of business as expressed by both the OCC and FDIC recently.
Financial institutions are among the most heavily regulated businesses in the world due to the inherent risk when handling other people’s money. Regulatory committees view fintech lenders backed by a partner bank as an extension of the bank itself, and may hold the partner bank liable for regulations not met by the partner fintech. With this in mind, partner banks have increased the scrutiny on the technology stack and compliance used by banks’ fintech/marketplace lender partners.
The pressure is on for partner banks. Rhonda McGill, PerformLine’s Senior Director of Client Solutions, emphasizes the need for smart partnerships and decisions in completing their compliance due process. “All eyes are on the data, and fintechs need to show how they are ensuring equity in their lending practices,” she said. “Banks need to make smart decisions on how they choose partners, how algorithms are determined, and the impact algorithms may have on lending decisions.”
Upcoming Partner Bank Regulation Changes
Regulatory changes are designed to protect consumers and ensure that banks are operating in a safe and sound manner, but that doesn’t lessen the difficulties of maintaining compliance. In early October, the Office of the Comptroller of the Currency (OCC) released its “Bank Supervision Operating Plan for Fiscal Year 2023” which details many areas they’ll focus on and consequently may issue new regulations for.
These areas include:
- Strategic and operational planning
- Operational resiliency
- Third parties and related concentrations
- Credit risk management
- Allowances for credit losses
- Interest rate risk
- Liquidity risk management
- Consumer compliance
- Bank Secrecy Act
- Fair lending
- Community Reinvestment Act
- New products and services
- Climate-related financial risks
With so many areas of banking under the microscope of the OCC, how can partner banks ensure their systems and their fintech partners’ systems, for which they’re responsible, not only maintain compliance but are also prepared for future regulations?
Maintaining Compliance with LoanPro
LoanPro provides a secure Loan Management Software (LMS) as the operating platform to manage loans, servicing, and compliance. We take considerable care to keep up with regulations and compliance standards so we can support our clients compliance requirements in all US jurisdictions (federal, state, & local). Our loan management software was built to streamline lending compliance in a transparent, convenient way that maintains portfolio performance.
Let’s take a look at the compliance concerns, for which the OCC recently cited Blue Ridge Bank. For each issue, we’ll also look at the solution LoanPro provides to help partner banks and lenders ensure compliance.
Third-Party Risk Management
Issue: Banks need to have a “Third-Party Risk Management Program” to assess and manage any risks that might come about from relationships with third-party fintechs.
Our Solution: LoanPro operates as the core lending software platform for our clients. We hold various security certifications including SOC 1 Type II, SOC 2 Type II and PCI-DSS Level 1 AOC, which attest to our compliance with third-party security and risk-management programs. Furthermore we provide a complete audit trail and tools that help our customers provide the necessary documentation and visibility for regulators.
LoanPro maintains continuous monitoring of our systems, data backups, documentation and reporting, business continuity plans, clear roles and responsibilities, and independent reviews. We also offer a written contract outlining the rights and responsibilities of all parties, and we cooperate with company vendor policies to ensure sufficient evidence of compliance.
Bank Secrecy Act Compliance
Issue: Banks should establish compliance programs and record keeping to ensure that there are controls to deter and detect money laundering and other criminal acts.
Our Solution: LoanPro undergoes independent auditing to ensure our security meets required standards. We provide system logs, access points, and user access controls and permissions, to limit access to system data. We keep data on transactions and actions taken within our platform to help with any needed audits. We also work with payment-processing partners that offer anti-money-laundering features, transaction pattern recognition, fraud detection, ID verification, phone carrier validation, background checks, and other consumer and business tools to manage account-level fraud and risk.
Customer and Enhanced Due Diligence
Issue: Banks should perform customer due diligence and enhanced due diligence for all customers at the opening of an account and throughout the life of the account.
Our Solution: We partner with many origination services capable of checking these due diligence boxes. We also provide data points for ongoing due diligence such as OFAC compliance tools, bank account verification, address, phone, and social profile lookups as well as customer data tracking so ongoing checks can be performed.
Suspicious Activity Monitoring and Reporting
Issue: Banks should have a program in place to monitor, investigate, and report suspicious activity on accounts.
Our Solution: While the suspicious activity requirement is primarily concerned with deposit accounts, LoanPro keeps a record of all actions in the system, as well as transaction data and a daily snapshot of each loan. These tools can help uncover suspicious activity among your borrowers or agents.
IT Control Program
Issue: Banks need to have standards and controls over the use and storage of their data, and should ensure that any fintech clients or service providers have IT control programs that are up to standard as well.
Our Solution: LoanPro maintains SOC 2 type II and SOC 1 type II compliance, along with PCI-DSS Level-One Attestation of Compliance. In addition our software development processes ensure code integrity, and our data backup, data encryption and management strategies provide data security. We offer configurable access controls and the use of a least-permissions access model. This means you can easily set up your system so that users only have access to what they need, and don’t have access to see or edit data that should be restricted.
Compliance in Processes
In addition to the regulations discussed above, LoanPro can be especially helpful with compliance for NeoBanks or Fintech/Marketplace lenders. We offer the ability to configure and customize processes so that compliance can be built in. Lending compliance includes a number of acts that dictate what the lender can do. Lending Program guardrails like a max APR for members of the military (Military Lending Act), APR disclosure and credit reporting (Truth in Lending Act), and timely and accurate notifications for adverse-actions (Equal Credit Opportunity Act), which many fintech lenders tend to struggle with.
LoanPro provides processes, automation, and custom communications to keep partner banks and non banks compliant in managing their loans.
LoanPro Built for Partner Bank Compliance
Staying compliant can be daunting. LoanPro makes it less scary. Partner banks will have more time to focus on process and profitability with LoanPro’s built-in compliance features and a proven compliance safety net to guard against regulation changes and unforeseen fines.
LoanPro not only simplifies compliance for partner banks, but provides additional tools necessary for the monitoring and unification of its many fintechs, including complete data visibility into their fintech partner’s processes. LoanPro’s single system model allows partner banks and their subsidiaries to maintain unified compliance.
Partner banks can mitigate a violation of regulations or compliance with proper usage of LoanPro, while also future-proofing their lending-program processes for additional compliance requirements that may come any day.
Our request of all Partner banks is to simplify your compliance and oversight risks by having your fintech/marketplace lenders use LoanPro. Each enterprise client is assigned an account management team with expertise in compliance, onboarding, servicing, loan lifecycles and policy governance. LoanPro has helped our customers launch 1000+ Lending Programs and we want to help you launch your next one, with a focus on convenience, compliance, and performance.
To learn more about how LoanPro simplifies compliance for partner banks, book a meeting with our partnership compliance expert.