When Synapse Financial Technologies declared bankruptcy in April, the financial industry was still reeling from the collapse of Silicon Valley Bank the previous year and the run on some banks that followed.
The failure of Synapse highlighted some of the key risks inherent in fintech programs that rely on a “for the benefit of” account. This is a type of deposit account in which a third party (which may be the bank itself) opens and manages the account at a bank for the benefit of another party.
Fintech platforms offering deposit accounts often open FBO accounts with partner banks to hold their end customers’ funds, which are reflected as a single account in the bank’s records but hold a pool of funds for many end users . Typically, a third party maintains detailed records of customers and transactions in its systems.
When a bank fails, access to deposit accounts is generally frozen until the Federal Deposit Insurance Corp. can assess insurance requirements. The agency needs rapid access to detailed and accurate end-client account information from third-party systems.
However, the Synapse turmoil has brought the other side of the coin to the forefront: what happens when the third party managing an FBO account goes bankrupt and its records become irreconcilable or unavailable? This scenario created significant challenges for Synapse partner banks, leaving some end customers without access to their funds even months later.
On April 22, Synapse filed for Chapter 11. On May 11, its four partner banks lost access to middleware provider Synapse’s records, unable to identify end users for fund withdrawals. According to September 12 Trustee’s reportof the $219 million in custodial FBO accounts, $165 million, or 75 percent, was distributed to end users, with $54 million, or 25 percent, remaining. A recent law firm report Troutman Pepper Iidentified a shortfall of $65 million to $95 million between funds held by the bank and amounts owed to fintech end users, with unclear responsibility for customer restoration.
“FBO accounts themselves are not the problem. They have been used for years to support essential banking services and should remain a feature of our banking landscape,” Patrick Haggerty, senior director at financial services consultancy Klaros Group, said in an email. “That said, as use cases have proliferated, so have risks. Banks offering FBO accounts should expect to face increased regulatory scrutiny. Expectations are increasing, particularly regarding contingency plans and financial controls.
In the midst of the Synapse ordeal, the FDIC proposed a record keeping rule last month to strengthen recordkeeping of bank deposits received from third-party or non-bank entities that accept these deposits on behalf of consumers and businesses. The proposal aims to address risks associated with these third-party arrangements, such as faulty account accounting, and to protect depositors.
Troutman Pepper’s report analyzed the root causes of Synapse’s collapse and lessons learned that can be kept in mind to avoid future failures.
Multiple entities, account types
Synapse operated from multiple entities and accounts, including Synapse Brokerage, after acquiring a small brokerage firm. The new modular banking product opened cash brokerage accounts for its more than 100 fintech partners at four banks. Synapse has encouraged fintechs to use the product because it facilitates the free flow of funds between different banks.
The middleware provider ensured that it knew where the money was and that its strategy for segmenting and distributing services across multiple banks was to keep each partner bank unaware of what fraction of the total deposit base it held , according to the report. Synapse has pushed for modular banking even with existing fintechs, which have embraced the direct model and reportedly moved end-user funds from some fintechs to its brokerage unit without permission.
“The money is in the bank,” Matthew Bornfreund, a partner at Troutman Pepper, told Banking Dive, adding that banks are responsible for knowing who owns that money.
“Banks have long been allowed to outsource their responsibilities and hire vendors,” Bornfreund said. “But the bank is also the insured by the (Federal Deposit Insurance Corporation)and so if the FDIC wants to make sure that it knows who the deposits are tied to, it makes sense that the party that is the insured party is the one that is responsible for maintaining those records.
When a bank and fintech team up, it is essential that both adhere to the third-party risk management guidelines released last month while understanding the account agreements governing the partnership, compliance with the false advertising rule of the FDIC and each party seeking ways to evaluate and improve accounting practices consistent with the FDIC’s recordkeeping final rule.
As partnership agreements are fundamental, they should clearly delineate respective roles and responsibilities – banks should ensure that the agreements detail their robust oversight mechanisms to monitor the activities of the fintech partner, specify the frequency and scope of reports to the bank, periodic audits and criteria to evaluate the partner’s performance and the process to follow in case of discrepancies or violations, recommends the report
Account accounting irregularities
Another important lesson: fintech relationships involve a wide range of account types and structures and access to FBO ledgers is necessary, but FBO ledgers are not adequate to identify and correct accounting irregularities.
In response to accounting concerns, the FDIC proposed new reconciliation requirements for “deposit accounts with transactional features.” The proposed recordkeeping rule requires the bank to maintain “direct, continuous, and unrestricted access to the records” of any third party maintaining ledgers for CDAWTFs.
However, the Troutman Pepper report argues that the term third party ledger accounts is a better term because it more accurately captures the risks involved when the bank does not maintain its ledgers directly and can be applied to any type of account, without limit it to custodial accounts. accounts.
Banks must also focus on “ledger hygiene,” requiring fintechs to have separate accounts that more clearly define funds for customers, transactions, third-party payment fees, contingency reserves and network regulations.
Banks should distinguish individually identified subaccounts from general pooled accounts, particularly when middleware companies like Synapse are involved, the report recommends. However, the report reveals that the FDIC’s recordkeeping rule does not account for subaccounts, a common feature of fintech partnerships. Middleware providers are helping to bridge the gap between traditional banks and fintechs using the latest technologies.
Partner bank lapses
Banks and fintechs should have a contingency plan in case partnerships fail. These plans should anticipate the operational risk associated with a general ledger outage, identify ways to mitigate the risks, and deploy reserves to restore end-user integrity in such an emergency.
Following Synapse’s failure, Evolve Bank & Trust received a cease and desist order from the Federal Reserve approximately two months after Synapse declared bankruptcy following a review conducted in early 2023, while another partner bank, Lineage Bank, received a consent order. by the FDIC in late January of this year. Although the timing of the previous review was not specified in either case, it was evident that the partner banks were aware of compliance issues related to their middleware provider, Synapse.
The consent orders issued against two of Synapse’s partner banks related to their board governance and BSA/AML issues without detailing the underlying issues, which could obscure these partner banks’ relationships with others parts that Synapse.
A different accounting solution is needed to track the flow of funds in any multi-stakeholder bank-fintech partnership ecosystem, the report said.
Regulatory gaps
Regulators should prioritize the most critical risks when issuing a consent order to a bank, moving away from a “tick box” model of supervision and towards a “risk-based” model of supervision , the report says.
Regulators have highlighted the complexity of banking-as-a-service arrangements and have disclaimed any oversight responsibility in regulating the non-banks involved. To address this, monitoring processes could be updated to interact more directly with banks’ fintech partners, enabling earlier identification of risks through technology and allowing both the bank and fintech to take corrective action , the report says.
Another question raised by the report, highlighting the more than 300-day delay between a reported review and the issuance of a consent order, was whether supervisors needed additional resources to work more effectively.
“How do the teams (of the Financial Sector Regulatory Authority) and those of the banking regulator work together? » Alexandra Steinberg Barrage, partner at Troutman Pepper, noted. In Synapse’s case, there was a broker, “but was there coordination on what the broker actually did, or what their modular banking business model actually was?” she said, adding that it’s hard to know because there isn’t much information available.
Gross mismanagement
Qualified staff are essential to effective bank-fintech partnerships, and fintechAccording to the report, a focus on speed to market could conflict with compliance requirements. In bank-fintech partnerships, fintechs need leadership with deep expertise in risk management and banking supervision with a strong focus on compliance, regular and adequate training programs and the need for interdisciplinary teams, says the report.
The interinstitutional guidelines also require banks to assess the depth and expertise of fintech partners’ staff, ensure their own staff have the knowledge necessary to manage risks, and assess the qualifications of key personnel.
“Right now, the industry is already taking very significant steps to create standards that would bind them, because right now they are not overseen or reviewed by banking regulators; Yet they are integral to how the bank operates these programs,” Steinberg Barrage said.
“So as a next step… we’re working with people on the banking side and the technology side who are very focused on best practices, to ultimately develop that towards empowering the sector,” she said, “And I think it’s absolutely the right time for that to happen.