The fundamental problem with banking as a service (BaaS) is that in order for it to work, every participant in the value chain needs to do their job with more diligence than they are required to do.

For the most part, this hasn’t been an issue. Fintech is filled with founders and operators who care deeply about safeguarding customers’ money and ensuring that they have uninterrupted access to it, and banking is filled with bankers who feel the same way.

BaaS mostly works, but it works because of the above-and-beyond efforts of those involved in it.

Structurally, BaaS has some glaring flaws.

Banks are required to manage the risks associated with all of their third-party service providers (including fintech partners), but that risk management is generally focused on preserving the banks’ financial stability and ensuring full compliance with anti-money laundering (AML) requirements, not preventing harm to customers.

Fintech companies have a financial responsibility to their investors and a legal responsibility not to commit fraud, but typically, no one ends up in jail if the company’s employees drive it into the ground, even if that failure adversely impacts customers. 

(Perversely, failing big in the startup world is often seen as a badge of honor and a way to improve your odds of being able to raise funds for your next venture.)

We don’t know all the details of the Synapse situation yet, but you can certainly see how a Synapse-sized problem could happen with no laws being broken or massive fraud being perpetrated. All it takes is the wrong combination of good old-fashioned incompetence.

BaaS is a high-wire act, without a safety net. 

This is why I find the standard fintech answer to how we avoid a similar situation in the future – just do a better job reconciling accounts! – so insufficient. Like, yes, sure, that’s a nice thing to hope for, but as an old boss of mine was fond of saying, “Hope is not a strategy.”

The number one job in financial services is to foster and sustain trust. People need to trust that their money is safe and that the financial products and services that they rely on will work 100% of the time.

Everything in financial services sits downstream of trust.

This is why Synapse’s failure is a problem for regulators and policymakers like the FDIC, whether they believe it or not. Consumers and business owners aren’t going to stop using fintech (even after Synapse), which means that any fintech failure that adversely impacts end users undermines trust in the entire financial system.

So, in the wake of the Synapse collapse, there are quite a few industry observers asking, “Why do we need BaaS at all? Why can’t fintech companies get their own charter and be regulated directly? Wouldn’t that be a better model for ensuring trust in the financial system as fintech companies continue to eat into banks’ market share?”

This is a great question!

It’s also quite a complicated question to answer, but let’s give it a try.           

Why can’t we have a national fintech charter?

We could (in theory)!

In fact, we almost did.

In December 2016, the Office of the Comptroller of the Currency (OCC), which is the federal regulatory agency responsible for chartering and supervising national banks, published a paper exploring the idea of a special-purpose national bank charter for fintech companies.

The OCC’s argument boiled down to two points. First, the development of the modern fintech industry introduced a number of novel products and business models that were deserving of special regulatory attention (via a built-for-purpose charter) based on the traction they had been getting in the market. Second, the OCC’s authority to charter special-purpose national banks is applicable to fintech as long as the fintech company in question conducts at least one of the following three core banking functions: receiving deposits, paying checks (i.e. facilitating payments), or lending money.   

After putting the fintech charter on the back burner for a few years, the agency began accepting charter applications from fintech companies in 2018. The charter focused on payments and lending but specifically excluded fintech companies engaged in deposit-taking.

The OCC was promptly sued by the New York Department of Financial Services (NYDFS) and the Conference of State Bank Supervisors (CSBS), which argued that the OCC lacked the authority to charter a bank under the National Bank Act if the institution didn’t, at a minimum, take deposits.

The NYDFS’s suit was successful, and although it was overturned by the Second Circuit on appeal, state regulators succeeded in running out the clock on the OCC, and the idea of a national fintech charter was shelved.   

What is the Conference of State Bank Supervisors, and what’s their problem with a national fintech charter?

At this point in the story, I wouldn’t blame you for asking, What is the Conference of State Bank Supervisors?

Founded in 1902, the CSBS is a trade association for the 55 U.S. state and territory bank regulators, such as the New York Department of Financial Services, the California Department of Financial Protection and Innovation, and the Montana Division of Banking & Financial Institutions.

It’s worth pausing and acknowledging how strange the CSBS is.

A trade association for regulators.

I’m accustomed to private industry trade associations. We’ve had them in banking for a long time (longer, in some cases, than we’ve had banking regulators!) And we’ve been getting more and more of them in fintech in recent years.

Private industry trade associations exist to counter the influence of the government when it comes to how their industries are regulated.

Why does the CSBS, which, again, is made up of state government agencies, exist?

From what I can tell, there are two main reasons.

1.) Coordinate state-level supervision of banks and non-bank financial services providers. 

The United States is one of only a few countries in the world that permits both the federal government and state governments to charter, regulate, and supervise banks. This dual banking system creates a massive coordination challenge, both between state regulators and federal regulators (79% of banks in the U.S. are state-chartered, but almost all of them are also supervised by the FDIC or Federal Reserve) and between different state regulators (there are more than 33,000 non-depository institutions in the U.S. that have state-level licenses for activities like money transmission or lending and those institutions are required to get licenses in every state that they operate in).

One of the CSBS’s primary functions is to help solve these coordination challenges. 

In a podcast interview in 2020, John Ryan (the former President and CEO of the CSBS) shared a story from a regional meeting of state bank supervisors: 

One of the regulators said, “Hey, there’s this company that we’ve been having problems with, and we’re going to revoke their license.” And that caught other people’s attention around the table because that entity happened to be licensed in their states, and they wanted to know what this particular regulator had found. Curing those information gaps is foundational to what we are thinking about when creating a networked system of supervision.     

As the end of that quote illustrates, the CSBS has been thinking about this coordination challenge as a technology problem; one that can be solved through investments in what it calls “networked supervision”.

A good example of this is the Nationwide Multistate Licensing System & Registry or NMLS.

This system was created in 2008 in response to the lack of visibility that state regulators had into shady multi-state mortgage originators leading up to the financial crisis. It allows for mortgage, debt, consumer finance, and money services businesses to acquire and renew state licenses through one unified system. 

While the tech behind NMLS is showing its age (CSBS has embarked on a multi-year initiative to modernize it), the system itself represents a significant improvement to the previous status quo (companies used to have to go state by state to acquire licenses, and each state had a slightly different process) and is indicative of the value that a trade association for state banking regulators can add to the ecosystem.

2.) Defend the existence and existential importance of the U.S.’s dual banking system. 

As I already mentioned, the U.S.’s dual banking system is unique.

While the U.S. Congress has, over the last 150+ years, given more control over the big topics in financial services regulation (monetary policy, financial stability, consumer protection, etc.) to federal regulators, it has preserved the role of state regulators to charter, regulate, and supervise banks and non-depository financial services providers. The legal term for this evolution is “encirclement”, which my Bank Nerd Corner podcast co-host Kiah Haslett colorfully describes as the federal government wrapping its arms around the state-chartered banks and saying, “Shhh, it’s fine, no sudden movements and no one gets hurt”.

The other big reason the CSBS exists is to oppose this encirclement and to vigorously defend the U.S. dual banking system.

They argue that state chartering and supervision facilitates innovation, that state regulators have a unique understanding of their citizens’ specific financial services needs, and that the states do as good a job as or better than federal regulatory agencies at regulating and supervising banks and non-depository financial services providers.

I’m sure that many of the folks working in state regulatory agencies and at the CSBS genuinely believe in those arguments. However, I also believe that the CSBS’s defense of the dual banking system has a lot to do with self-preservation. 

For the most part, state banking regulatory agencies in the U.S. are self-funded through fees paid by the companies that they supervise and fines collected from those companies when they mess up. The virtue of this model is that it gives the regulatory agencies political independence by not having to rely on annual appropriations. However, the downside of this model is that it incentivizes those agencies to acquire and retain as much direct supervision and enforcement responsibility (and revenue) as possible.

The modern fintech industry has, for the most part, grown within the remit of state banking regulatory agencies (directly in the case of money transmission and lending licenses and indirectly in the case of BaaS). This growth has been enormously beneficial for the balance sheets of those agencies, which is one of the reasons why they were so stridently opposed to the OCC’s national fintech charter, as the CSBS’s legal complaint against the OCC made clear:  

The OCC contends that the number of fintech companies in the United States and United Kingdom has reached more than 4,000, with investment in the sector growing from $1.8 billion to $24 billion worldwide in just the last five years. It is therefore without question that the OCC’s actions to remove these nonbank companies from state oversight will have significant economic consequences.

What’s the problem with state-led supervision of innovative financial services companies?

Let’s start with a broad statement, and then get into some specifics.

Trust is a low fault tolerance business.

As I mentioned at the top, everything in financial services sits downstream of trust. The challenge with state-by-state regulation and supervision of innovative financial services companies is that it only takes a couple of states screwing up to undermine trust in the entire financial system. 

We saw this during the free banking era in the middle of the 1800s, which led to the National Bank Act and the creation of the OCC. And we saw it again during the savings and loan crisis in the 1980s, which led to the Federal Deposit Insurance Corporation Improvement Act and the strengthening of the FDIC.

We continue to see it today.

Despite their claims to the contrary, state banking regulators are no better at supervising financial services companies or stopping bad things from happening to consumers than federal banking regulators.

As Jason Mikula noted in his newsletter, neither the Federal Reserve nor the Arkansas State Bank Department has covered themselves in glory in regard to Evolve Bank & Trust. Indeed, as Evolve’s BaaS vendor Synapse was descending toward bankruptcy, Susannah Marshall, the commissioner of the Arkansas State Bank Department, testified at a House Financial Services Committee field hearing, saying:

State regulators are the ‘boots on the ground,’ protecting consumers from companies that run afoul of or seek to circumvent state law. Their approach to consumer protection is strong and effective. State regulators are closer to the consumer and are locally accountable, a dynamic that greatly benefits consumers in need of regulatory assistance. 

Eek!

And even when things aren’t melting to the ground, it’s easy to look at the structure of state-led bank regulation and supervision and see the potential for massive problems.

Take state money transmitter licenses as an example.

As Professor Dan Awrey described in his excellent paper “Money and Federalism”, the regulatory framework for state money transmitter licenses was developed in the age of the telegraph. The consumer protections built into that framework were designed around the assumption that consumers would use a money transmission service primarily to …drum roll … transmit money, meaning that the risks associated with the provider holding onto the money would be small because they weren’t going to be holding onto it for very long.

That’s not how many modern money transmission services work, as Professor Awrey explains:

Today, popular money transmitters like PayPal and its sister platform Venmo hold far more customer funds, often for far longer periods of time, thereby enabling them to accumulate vast pools of longer term investment capital.

Oh, what delicious irony! State regulators sued the OCC, claiming that they could not issue a special-purpose bank charter that didn’t include deposit-taking, and yet those same regulators are providing money transmitter licenses to companies that are, functionally speaking, holding massive amounts of customer deposits! 

And the restrictions on what those companies are allowed to do with those deposits and what steps they are required to take to mitigate any potential risks are often weak and vary a great deal from state to state. Here’s Professor Awrey again:

Permissible investment restrictions vary significantly from state to state: with many states permitting investments in a variety of longer-term, risky, and illiquid assets like stocks, bonds, mortgage-backed securities, and opaque intragroup debt. In many cases, minimum net worth requirements also only provide a very thin layer of protection against losses on these investments, thereby increasing the probability of bankruptcy. And if and when these money transmitters do go bankrupt, lax security requirements mean that customers will often only get back a fraction of their hard-earned money.

Now, to be clear, I don’t think PayPal is going to bet all of its customers’ money on some highly risky investment and go bankrupt. However, folks probably would have said the same thing about MoneyGram in 2008, and yet it actually did almost go bankrupt due to the failure of some large and poorly timed investments in mortgage-backed securities, which it forced to sell at a massive loss during the early days of the great financial crisis.

One final point – even if we accept the premise that state regulators do a better job than their federal counterparts at supervising financial services providers and that the designs of various state licenses for non-depository businesses don’t create structural vulnerabilities (and, to be clear, we should not accept this premise), there is still a problem – the federal government, not the states, controls the infrastructure that financial services companies rely on.

If you are a frequent listener of the Bank Nerd Corner podcast, you will know that the process of deciding which companies get access to a master account at the Federal Reserve has, in recent years, become highly controversial.

As Professor Julie Hill explained to Kiah and me back in May, a master account is an account that member banks can open with a regional Federal Reserve bank that enables them to make payments to other banks using the Federal Reserve’s own liabilities (reserve balances) and infrastructure (FedACH, Fedwire, FedNow, etc.) Access to these accounts (and the underlying infrastructure, which the Fed provides at an extremely low cost) is an enormous competitive advantage for banks.

Historically, access to master accounts was not a controversial issue. If you were a chartered bank (state or national), you could apply for a Fed master account, and usually, you’d be approved for it within 5-7 business days.

However, in 2014, that changed. The State of Colorado, which had recently legalized cannabis for recreational use, granted a charter to Fourth Corner Credit Union, which was founded to serve the legal cannabis industry in Colorado. Fourth Corner then applied for a Fed master account, which put the Fed in an awkward position, as Professor Hill describes:

The Federal Reserve Bank of Kansas City looked at the application, and, you know, you can understand why they might have consternation about it because the whole business plan of Fourth Corner Credit Union was to serve an industry that was illegal under federal law. I can imagine those folks sitting around there, scratching their heads, and thinking, “Hmm, we’ve just been asked to become money launderers. Should we do it?”       

The Fed’s answer to its own question was no, and since then, the Fed has become increasingly wary of handing out master accounts to the more innovative banks and credit unions that are being chartered at the state level.

Is this fair?

Personally, I don’t think so. I understand the Fed’s concern about its payments infrastructure being used to facilitate money laundering. But since Fourth Corner, they have made decisions on master accounts that appear to be based more on personal biases than legitimate legal or financial stability concerns.

Regardless, this friction between federal and state bank regulators seems unlikely to abate anytime soon. Where states like Wyoming see innovation (and economic development) when they look at crypto, federal regulators (which also control access to important infrastructure and financial safety nets) increasingly seem to see risk.   

This reality undercuts the argument for a dual banking system in which the states take the lead on chartering, licensing, and supervising innovative new market entrants. 

So, how do we solve this?

Let’s set aside the questions about the constitutionality of our dual banking system. My no-but-I-did-stay-at-a-Holiday-Inn-Express-last-night legal analysis is unnecessary when we have actual experts like Professor Awrey (who shared his opinion on this question in his Money and Federalism paper). 

More importantly, we live in a democracy. If we want to change the law, we can! The question we need to concern ourselves with is what is the right policy for regulating banks and fintech companies in a way that balances innovation and consumer protection?

There is no shortage of good ideas.

Jesse Silverman, who has worked for both state and federal bank regulatory agencies and a number of fintech companies over the last two decades, suggested to me that the states could pool their resources through the CSBS to create a centralized team, staffed with folks who have deep expertise in fintech and other emerging technologies, that could be parachuted in to help state examiners, in much the same way that the Federal Reserve’s novel activities supervision program works.

That, combined with a new standardized state-level fintech charter (essentially just a money transmitter license with some additional marketing and consumer protection requirements), could level up states’ supervisory capabilities while mitigating some of the existing risks that come from shoehorning new fintech startups into antiquated state regulatory frameworks.

To complement an improved approach to supervision on the state level, the federal government could make some targeted changes to laws and regulations in order to address some of the shortcomings of state-level regulatory frameworks. This is an idea from Professor Awrey’s paper. He calls it “tailored supremacy,” and it would focus on tightening up the restrictions on money transmitters’ use of customer funds, circumventing some aspects of federal bankruptcy law in order to ensure that the failures of state-licensed financial services providers can be resolved quickly, and ensuring that those providers can access essential financial infrastructure like FedACH.

These are all good ideas. I think they could really help.

However, I’m not sure I’m convinced that heading further down the state-led supervisory path is the right approach, even if it is the more expedient legal and political strategy.      

Philosophically, I tend to lean towards more (and better) federal regulation when it comes to fintech. 

From my perspective, the foundational problem with state-level regulation of fintech is that the states (particularly those not named New York and California) have an incentive to support risky new corridors of innovation (like crypto) in order to entice startups and investors focused on those areas to bring them new jobs and tax revenue. This creates a lowest-common-denominator problem, particularly for state bank charters, which can be used by their holders to provide services nationally. This problem is compounded by the reality that it’s the federal government, not the states, that is always required to clean up the mess (via deposit insurance, bailouts, etc.) when these innovations break the economy or hurt a large number of consumers.

I’m not sure any of the ideas I mentioned above or any of the initiatives that the CSBS is working on to improve state-level regulation can really alter this dynamic.

This is why I was a fan of the OCC’s national fintech charter.

However, the one thing I never understood about the 2018 OCC’s plan for the fintech charter was why it covered payments and lending, but excluded deposits. 

Given the problems we have seen in BaaS over the last couple of years, I think it’s safe to say that we can’t fix fintech without addressing payments, lending, and deposits. 

Personally, I like the idea of creating special-purpose national charters for each of those three activities. These charters could then function as more effective on-ramps for any startup that wants to make the jump from a narrow, special-purpose fintech charter to a full de novo national bank charter (today, the lift to get a de novo bank charter is far too heavy for most startups). 

If we want to keep BaaS as an alternative to special-purpose charters – and I suppose preserving BaaS as a revenue-generating opportunity for community banks is a valid policy goal – then we need to completely revamp the federal regulatory guidance and supervision of banks’ third-party risk management and create some type of national mechanism to help consumers objectively evaluate the risks of working with different fintech providers. 

As we’ve witnessed with Synapse and Evolve, the status quo in BaaS is unacceptably risky for consumers.

Alex Johnson
Alex Johnson
Join Fintech Takes, Your One-Stop-Shop for Navigating the Fintech Universe.

Over 36,000 professionals get free emails every Monday & Thursday with highly-informed, easy-to-read analysis & insights.

This field is for validation purposes and should be left unchanged.

No spam. Unsubscribe any time.