OCC and Blue Ridge Bank Agreement with Neil Peretz and Kevin Herrington
Stay up to date
Read the full transcript
Speaker 1:
Welcome to Season 2 of Under the Hood, a podcast series brought to you by Synapse. In this series hosted by Synapse founder and CEO, Sankaet Pathak, Under the Hood takes a deep dive into various challenges and opportunities in FinTech. Topics range from technical design and architecture to regulatory and policy challenges.
Sankaet Pathak:
Hello and welcome to Under The Hood. Today, we're going to be talking about the OCC and Blue Ridge ruling that came out a few weeks ago. And to have this conversation with me today, I have Kevin Herrington, who is the president and CEO of Lineage Bank, and Neil, who is the Chief Legal Officer of Sawa Credit. Guys, welcome, thanks for joining me on Under the Hood today.
Neil Peretz:
Great to be here.
Kevin Herrington:
Thanks for having us.
Sankaet Pathak:
Yeah, I think it'd be great guys, if you just introduce yourselves for the listeners and maybe just tell them a little bit more about what do you do, your day to day, and then we'll just jump in. Neil, do you want to start?
Neil Peretz:
Sure. Neil Peretz and I was formerly in the Department of Justice’s Corporate and Financial section, so I was on the wholesale side of consumer finance representing entities like Ginnie Mae and FHA and also appearing in bankruptcy court often during the prior financial crisis. Then after that, I'd left to help start the primary consumer financial services regulator in the U.S., the Consumer Financial Protection Bureau, and I was asked to go help start the Office of Enforcement there. In more recent years, I've been in-house at various financial technology companies and partnered with banks to launch a variety of different products, both small business lending and consumer-facing products.
Sankaet Pathak:
Kevin, what about you?
Kevin Herrington:
Oh, wait a second. No, you came from the CFPB, oh, I didn't realize we had the enemy on here. I'm just kidding.
Neil Peretz:
We're your friends to help you in partnership with consumer compliance.
Kevin Herrington:
I'm the government, I'm here to help you. Yeah, we hear it every time that you guys show up. Well, not CFPB, but anyways, my name's Kevin Herrington, President, CEO, Chair of Lineage Bank. Lineage Bank is located in Middle Tennessee. We're a smaller bank. Beginning, we put a group of investors together and January 1st, 2021 acquired the smallest bank in the state of Tennessee. It was out in West, we moved it to Middle Tennessee where we have been banking. I feel like I was born in banking with PowerPoint, so we've been banking here our entire careers. What I mean we, it's my father and I have been together for quite some time working on banking.
Now, we have a bank that has major strategy on banking as a service and we also we're in a great market, even though with this, a recession may or may not happen, but Middle Tennessee is a good place to be. Good economics. Everyone seems to be moving here, so our bank is definitely poised for success. For us, our balance sheet strategy when it comes to banking as a service is more along the lines of funding the pot, I mean, the loans demand we have here with high quality borrowers, creditworthy borrowers, and it's just a really good time and love working with Sankaet in Synapse. It's been an awesome journey so far.
Sankaet Pathak:
Yeah, thanks Kevin. Guys, we started talking about this topic separately, so a little while back, OCC put out a ruling around Blue Ridge, and if my memory serves me well, this is the first substantial ruling or first substantial position that a regulator's taken publicly around the banking as a service business. And I thought what would be very helpful or valuable for the listeners is just to break this down, which is what does the ruling contain in its entirety? And then maybe reflect after that. What implications does it have, high level for the industry? Neil, maybe to start with you, I know you've been reading the document and analyzing it for a while. Would you mind walking us through the document, maybe article by article? And then Kevin, your reactions on that would be really helpful and maybe we spend some time just doing that and then we'll dive a little bit deep into each sections and then have a high level perspective on what this means for the industry. Neil, do you want to go?
Neil Peretz:
Sure. Happy to do that. To some extent, we'll call this the first major consent decree related to the current generation of Banking as a Service, but the category of banks working with non-banks goes back quite far and there have certainly been areas where regulators have stepped in and gotten involved in programs where it was a bank and a non-bank partnering before. I guess, this is probably the flagship for current thinking of at least the OCC. I think when we talk about it in more depth later, we probably want to give some background on Blue Ridge as well to help people set a context on that. In terms of the actual decision, this was a consent decree then, it was agreed upon by Blue Ridge as well.
There were basically a series of recommendations that the OCC put out and said, "Look, if you want to enter into any more FinTech partnerships, we need you to engage in these steps first and we need you to check with us first as well and go over a plan for any future FinTech partnership." There were very prescriptive steps that the OCC expected Blue Ridge to take. And Kevin, being an experienced banker, I'm sure will nod his head and say, "Yeah, of course, we expect most banks to do those things anyway." Nothing is that surprising in terms of tasks. First and foremost, what the OCC was interested in was really executive and director level attention on compliance.
The way that is brought about typically, and the way that the OCC wants it brought about, is to have a compliance committee set up within the bank that then leads up to the board of directors. And the OCC correctly said, "Hey, you should have at least half of your compliance committee members be non- workers at the bank working on compliance, because overseeing yourself doesn't tend to be as effective in terms of outside perspectives on things." If the committee has to be at least three people, then they would need at least two who were not working on compliance at the bank themselves. If they had five, then they would need three, et cetera, so they've got to go balance that out.
In terms of the other activities that the OCC was focused on, there's sort of we'll call three or four categories. We have Bank Secrecy Act, we have customer due diligence in knowing your customer, we have managing your third parties, and then we have general information technology risks. Within the Bank Secrecy Act area, what the OCC asked for first was to say, do an assessment, figure out what is your compliance program right now and where the holes in it, what are you going to go improve? Then after that it's to then go develop an independent audit program.
It's not enough for you to have your own perspective on this, but we'd like you to have some outside perspectives because sometimes people don't know what they're missing. Article 4 [of the Consent Order] was about doing your own risk assessment. And then Article 5 was, we'd like you to go set up an audit program using some external auditors or experts on this. Then Article 6, segueing directly from that is, “Hey, you really need to make sure you've got expert personnel in house on BSA. So we're going to basically take a look at your compliance personnel, who's staffing group, what's their relevant level of experience, not just for being at a bank, but for particularly working with the types of transactions that you're working with. Because if you're a bank and you're partnering with FinTechs on, let's say, banking as a service, FinTechs can do very different activities.”
You really need to focus your BSA work on the types of activities that you are... Or actually the types of transactions that you're engaged in. Going forward, these are all kind of a continuum. Customer due diligence, enhanced due diligence, high risk due diligence. This was what was Article 7 in the Consent Decree and the succinct description was, within 90 days, the bank should implement and adhere to a risk-based set of policies and procedures and processes to analyze their customers. Some customers are going to be in sort of the normal customer due diligence. Some will need enhanced due diligence, and then some would be in the high risk customer identification category. I think we should talk about this in greater depth later because it really has to be risk-adjusted. It's not that everyone should be under a high level of diligence and the types of diligence you engage in really vary by types of transaction. This is core to being able to implement the other programs.
How do you know if something is suspicious if you don't even know who you're doing business with? In the case where if you're a bank and it's a FinTech that has the customer relationship, it's okay if the FinTech finds that out, but you’ve got to work with FinTechs that actually have that capability and have built it in. You can't just assume that it's being done. Going into Article 8 [of the Consent Decree], goes into suspicious activity monitoring, where essentially banks are deputized to be law enforcement whether they want to or not. Banks have privileges and they have responsibilities and this is definitely the responsibility category, where banks are expected to file what are known as SAR, a Suspicious Activity Report, when they see certain types of behaviors going on that might be a signal of money laundering or terrorist financing or other activities that are not proper.
There's two components to the OCC Consent Decree with Blue Ridge that relate to SARs and suspicious activity reporting. Article 8 says, “I'd like you to set up, make sure you've got your monitoring and reporting program in place, and then once you have it or you've improved it, I need you to look backwards because I'm concerned that you might have missed some things over time. So take whatever your new enhanced processes are and go backwards over time.” This, and Kevin probably sees this on a day to day basis, is how you're supposed to be able to look back over time anyway over your transactions because any one transaction might not be suspicious. You're supposed to look for patterns over time, potentially. It is expected that you have some type of look back anyway. Then towards the latter part of the Consent Decree, the OCC started delving into this general category of information technology controls.
This [IT Controls Requirements] can apply to working with FinTechs, it can apply to really any vendor, it can apply to your core banking system and you basically have to go manage your IT activities in a careful way. I've also worked in enterprise software and frankly enterprise software clients have these same types of concerns and perspectives on things who have to go meet compliance programs. And there's a series of external checks you can go do that we see you throughout the business world, system of controls and checking your key vendors because basically when you're dependent upon a major IT program, the whole experience is a big chain. (12:37)
When any one link in the chain that breaks, that's it. Any other link that was strong, it doesn't matter because the one link is broken. That's why you need to start applying this scrutiny to someone else who's in the middle, who's a third party potentially, providing some IT services to you or maybe your own people. You've got an IT subsidiary doing things and you want to make sure you don't have a weak link in the chain there. Then the sort of general board responsibilities to run your board effectively, have proper oversight of the bank. Then please, please, please, or call us up [at the OCC], you need our approval before you enter into another FinTech partnership.
Sankaet Pathak:
Neil, thank you for that. Reading through this whole document and just seeing the public commentary on this. Doing this for a while, it was extremely hard for me to reconcile as to what is egregious about this or what actually is blowing up the industry. Because it seemed like, and Kevin would love to hear your opinion on this, all this is table stakes. This is basic stuff, basic infrastructure that a bank has to set up if they're going to be operating programs through third parties. And nothing here seems egregiously off, but Kevin, what are your reactions?
Kevin Herrington:
Several reactions. I guess my first one and something we'll never find out was being in banking long enough, you understand it when you have a regulatory action against you, it usually comes up in steps, whether it's some findings and maybe an MOU, then maybe a formal written agreement, so kind of wondering how this happened, if it came from out of instantly. Are there warnings ahead of time? We'll never know.
Neil Peretz:
I have a theory on that, Kevin.
Kevin Herrington:
Love to hear your theory.
Neil Peretz:
It ties into who's the bank and what's going on, right?
Kevin Herrington:
Yeah.
Neil Peretz:
A theory I've heard from people who know a lot about these topics is, well, what exactly was Blue Ridge Bank doing recently? Among other things, we could see that they were working on a merger and the merger was called off. Well, when you work on a merger, you do things like undergo extra scrutiny from your banking regulator.
Kevin Herrington:
That's true.
Neil Peretz:
It's like raising your hand: “look over here, look over here”. Maybe had they not been going through merger and having to go trot out all their paperwork and all their programs, this might have been discovered later. It doesn't change the concerns that they [the OCC] had, but they [the bank] essentially volunteered to be under extra scrutiny in that setting.
Kevin Herrington:
Oh, that's a very, very good point. Also, there's been a lot of discussion from all the regulatory agencies when it comes to banking as a service and FinTech oversight. But I feel like this, and sorry that Blue Ridge is having to go through this, but I do feel like this written agreement somewhat lays out a blueprint of banks that are interested in, and Neil, I'm taking something you said in the previous meeting, so I'm stealing your idea here. This is somewhat of a blueprint of what you should have in place. And as I was studying this formal written agreement for this podcast, one of the things that struck me is where is our bank at when it comes to these things?
We're still developing our programs. We didn't have the volume of FinTech activity that Blue Ridge did, but it struck me, this is getting a lot of attention and directors and some of our bank directors and holding company directors have said a few things about this. One of the things I've already made as my takeaway, where applicable, I'm going to take this written agreement and put a group together within the bank so they can give responses as to where we are and where we're going. So it's very transparent to our directors and obviously if you give it to the board, the examiners see it. I think that's one of the things we want to do, just help us make sure that we are continuing to move in the right direction.
Neil Peretz:
Yeah, I think that's exactly the right approach, and fortunately, there's great detail in the exam manuals for all these activities are public. It's not a secret what you should do to go comply with this. Instead, you could go pull out the exam manual and run your own miniature in-house exam and go take a look, where am I, on X or Y? I think that the harder part, the judgment part that comes with the fact that you're an experienced banker for example, is where you say, “Oh, well, I need to risk adjust all these activities because there's not a hard and fast answer of “thou shalt always research customers a certain way.” It really depends on the type of activities you’re involved in with them. If you partnering with a FinTech, it's fine. You just have to be conscious of whether the activity I'm partnering with them on is an activity I'm up to snuff on.
Kevin Herrington:
Yeah. Yeah. Okay...
Sankaet Pathak:
Kevin, please go ahead.
Kevin Herrington:
Yeah, I completely agree with you on that. I remember the first time I was still part of an exam years ago, my first one and they said, "Go read the exam manual." I started and fell asleep. But with that say, one of the things we talk about is toxin here is the due diligence on the FinTech itself. And that's interpret that as maybe building a credit file, building a due diligence package like you would alone and have that risk reward. Take a look at it, what kind of underwriting standards from a lending standpoint, not that we would just compare this to how you do a due diligence package. If you have that mindset in preparing to, whether you're talking to a BaaS provider or a FinTech, I think that's a start in the direction to have.
Obviously, if you have a relationship that is long enough, it needs to be reviewed on a regular basis, probably annually or maybe even more so often in the beginning. I still completely agree with some of the things we find in here and I do really like the idea of the concept of getting a due diligence kind of package for each FinTech and make that along the lines of you would have a credit package for any large loan and monitoring it appropriately with any governance or anything of that nature. Yeah, that's something that we are definitely have heard before and I think this reinforces that and something we're doing here at our bank.
Neil Peretz:
I actually think the FinTech partnerships create an opportunity as well. As we can see here, you have a checklist. It was an expensive checklist for the bank, but they were supposed to get the checklist to follow the checklist, anyway. This reminded me of, in the crypto world, we've ended up having several crypto companies having some head banging against the SEC and there was one, BlockFi, that eventually, they reached a settlement with the SEC, and essentially consent decree. But boy, those were expensive instructions to go get. The thing that I actually like about banks partnering with FinTech is it is a way, I think, for the bank to go up its game. Because some of the FinTech like a Synapse have been working at this for a long time and making some huge investments in automating compliance basically.
Depending on the volume at your bank, you might may not be doing the same volume as some of the FinTech programs, but Synapse is working with those type of folks. And there are other, several other banking as a service companies that have also been making heavy investments in this category. In some ways, it actually is a way to get a snapshot of possibly what is a really best of breed or an up to date system to go keep track of certain transactions, for example, or verify certain types of identity that any one bank might be challenged to go make the investment in. But an entity that's doing banking as a service running across multiple programs has made a larger investment in.
Sankaet Pathak:
Yeah, I think, and it seems like this letter carves out enough space for using third parties, except all OCC saying is, have a strong IT control program that you have strong oversight over this. So not everything has to be done by the bank, but it has to have the right checks and balances along the way.
Neil Peretz:
Yeah, I think actually you'd be hard pressed to do some of these things...
Sankaet Pathak:
Oh, totally. Yeah.
Neil Peretz:
... within the bank itself. It was interesting because the head of the OCC, who is the Acting Comptroller has actually given some commentary on this topic. The OCC said, there's at least 10 OCC regulated banks that have BaaS partnerships across nearly 50 FinTechs. It's not like this [Blue Ridge Bank] is the only bank doing this. The OCC said, the vast majority of these banks [partnering with FinTechs] have less than 10 billion in assets and one fifth of them have less than $1 billion in assets. This isn't new. But when you start looking at a bank that has less than a billion in assets, less than $10 billion in assets, I know this sounds like a big number for you and I and what we spend on lunch, but compared to some banks who are much, much larger than that, you really do need to use third parties.
Getting back to your comment, Sankaet, if you wanted the best of breed, it wouldn't be something you developed in house. You wouldn't have the budget to go hire all those people to go develop all of that, number one. And then number two, there's like this big data information situation where for example, pattern matching, if you just looked at your own transactions, that's a really limited data set to go look for patterns over. If you started to aggregate this over more banks and more transactions, you'd actually be much better at figuring things out. You'd be tremendously better at it, partnering with a third party.
Kevin Herrington:
Totally. I think partnering with the third party of the service providers, it allows a community bank, which is typically one of the best places to be involved in being a sponsor bank for numerous reasons, especially being below the 10 billion for interchange income. It allows that bank and our bank in particular to expand our customer base well outside our demographic areas. Now, there's obviously risk associated with that and we need to handle that appropriately, but I think that's a big plus. It allows us to expand out [inaudible 00:22:38] of where we are. And so as long as handled correctly from risk compliance operations and IT, I mean, that's just a win-win for everybody.
Neil Peretz:
Yeah, I think you could really diversify your risk too, because I know you talked about things are pretty strong right now, in Middle Tennessee right now, but things can change in different geographies and not every bank is in Middle Tennessee. In some ways, if you're working with a FinTech and they've got this sort of national draw and they're bringing in programs all over, you actually do diversify your risk as well.
Kevin Herrington:
It does feel like every bank is here, Middle Tennessee, but that's totally another competitive discussion. Yeah, it's very competitive here, locally.
Neil Peretz:
What are we doing in California, Sankaet?
Sankaet Pathak:
Yeah, I have no clue.
Neil Peretz:
Let's go to Tennessee.
Sankaet Pathak:
Yeah, I have no clue why Tennessee has become an interesting central zone for some of this stuff. I could explain some of that because of Synapse, because we started there, but not all of it, because not all of the partners are in this business because of us. They're partners that have been in this business independent of Synapse, but they're still in Tennessee, which is interesting.
Kevin Herrington:
We're in a county just south of the Nashville County, Davidson County. The Chamber does its own statistics and shows where people are moving from and I think the top five or six counties of people moving into the county I live in, they all came from the LA area and not lower Alabama. Then after you go that, it hits a few more other areas of California and then goes into New York, New Jersey and Illinois. There's definitely a big movement towards Middle Tennessee for various reasons. We're also...
Neil Peretz:
One of my friends is about to go, I think, he might sell his private equity owned company one of these days and he says, this [Tennessee] seems to be a very favorable tax regime for me to go earn money...
Kevin Herrington:
Yeah, well, we're one of the...
Neil Peretz:
... if I live in Tennessee.
Kevin Herrington:
We're one of the three states in the country that doesn't have a state income tax. That is a difference maker right there.
Sankaet Pathak:
Yeah, totally. Going back to this OCC ruling, something struck as a little odd and fundamental to me, it's setting up a compliance committee, having a BSA and risk assessment program and having an IT control program and having a suspicious activity monitoring program. It seems like OCC’s commentary is not that there were inadequacies in the ongoing practice. It's more so at a very fundamental level, some things weren't even drafted. That sounds off, because how could you be in this business and not have those capabilities already at least drawn out? It could be that your written program's insufficient for the BaaS business, but here it seems like they didn't have one at all.
Neil Peretz:
I think that's more likely the scenario that you just hinted out though, which probably is insufficient because if I engage in certain types of transactions with Mr. Jones down the street or whatever, it's in my local catchment area, I'm not engaged in the same transactions as suddenly I might be doing with the FinTech. And if we jump into, let's look at Blue Ridge in particular, not that I have insight that is beyond what's publicly available, but if we look at, well, who are they partnering with, for example, one of the companies that I read about that they were partnered with was doing... It was basically trying to help people in the BRICS, which was Russia, India, China and what's our B? Brazil engage in banking in the United States.
Well, that wasn't the normal catchment area for customers who were wandering in the door [at Blue Ridge], but that's what this FinTech was doing. The program might have been tooled for customers they know or customers they can easily verify and you don't have the same know your customer abilities when all of a sudden the customers are coming in from these other countries. And shortly before or after the OCC consent decreed, this other startup announced it was shutting down, but it was listed as one of the startups that was working with Blue Ridge Bank. Their whole program [at Blue Ridge] might not have been originally oriented towards the type of business that was coming in with their partnerships.
Sankaet Pathak:
Which backs me to ask a question, and I think I might be biased as I'm asking it given I've taken a position on it, should BaaS be regulated given there is this third party onboarding impact, which is I'm bringing customers to Lineage and a BaaS provider is bringing customers to Blue Ridge, how much of this responsibility should be divided between the BaaS provider and the bank partner?
Kevin Herrington:
When you say BaaS being regulator, are you talking about companies like yourself? Sankaet, are you telling about Synapse?
Sankaet Pathak:
Yeah, I'm talking Synapse. Yeah, we're the aggregators at the end of the day, we're the ones bringing you all these customers. In a way, we're saying we will do certain things for you, but we don't have a lot of skin in the game at the end of day.
Kevin Herrington:
I mean, if you aligned us with the big core providers, right? They're constantly being regulated and having through exams. I think that would probably be a natural kind of evolvement of this, that the big players in the game that at least have some additional regulatory scrutiny. And I think right now, the regulators want the banks to monitor, to monitor, to monitor, to monitor. And so I think that's just where we're going as far as some of the things they had in this written agreement, especially when it comes to compliance committee and programs and things of that nature. That's just banking as general, I don't think anyone's ever survived a regulatory review that didn't say improved documentation. Well, we say...
Sankaet Pathak:
Well, here, it said, write the documentation, not improve it.
Kevin Herrington:
But I will say that we have found...
Sankaet Pathak:
It's an old attrition.
Kevin Herrington:
Yeah, we have found out as we go through here and then this is where we're heading. That means what you do for the customer that comes walks in the door and what you do for your FinTech is completely different. It is appropriate to have separate policies that govern that. We have a list of whole bunch of banking as a service policies and KYC requirements that wouldn't necessarily even make sense to apply that to the guy that walks on the bank branch around the street.
Neil Peretz:
It's funny, Sankaet, your comment or your question, should these be regulated, really mirrored a comment by the acting comptroller. I have been reading some of his statements recently, Mr. Hsu and he had said in November 2021, he said that he was talking about FinTechs and non-bank entities involved in the financial services. And his statement was, "These synthetic banking providers he calls SBPs, operate out of the reach of bank regulators and free of bank rules such as capital requirements, bank consumer protection laws, and the Community Reinvestment Act." I actually disagree with that statement.
Sankaet Pathak:
Well, he's pointed out to three things that are exceptionally punitive, like having a FinTech abide by CRA, it's going to completely rank the business model.
Neil Peretz:
Well, so we've had some banks themselves be virtual and in many cases the question is: You do CRA, so what's your community? And in some cases, they've had to make a synthetic community somewhere or we'll just pick a community arbitrarily that we go touch to go support. There's a company that I had worked at before called SmartBiz Loans, and what they do is they work with banks, they're a FinTech, and they found as a result of SmartBiz working with the banks is they were actually able to greatly improve the community reinvestment activities of the banks because by being digital and bringing FinTechs involved, they were actually helping communities that were otherwise underserved. I don't know if it officially qualified as CRA, but it had the net result of doing what the CRA hopes to go do. But the reason I brought up the quote by Hsu is I don't think it's accurate that these are not regulated. For example, he says that they're free of bank consumer protection laws. That's just flat out wrong. It's false. It's not true.
Sankaet Pathak:
Yeah, that's a false statement.
Neil Peretz:
Because the consumer protection laws apply regardless of whether you're a bank or not, and the CFPB, I mean, that was the whole part of the purpose of creating the CFPB was the banks said: “Hey, it's an unfair playing field. We're so regulated and the non-bank, the shadow banks are not.” And so part of the big win for the banks in creating the CFPB was, hey, they can equally regulate non-bank. They don't care whether your bank or not, they just go and enforce the consumer protection laws. So that statement [by Acting Comptroller Hsu] is right out there, not true.
Then if you go into things like capital requirements, so we see this in, where does a capital requirement matter? If we pick a FinTech example, let's say stablecoins, right? Stablecoin is where I'm promising that this coin is exchangeable for X or Y. There have been regulators going after some of the stablecoin providers who are misleading people about what is the capital that's backing my stablecoin. And we've actually seen enforcement activities by the regulators in that regard. That's another area where it's not a true statement that there are no requirements, you're not allowed to false advertise, for example.
Sankaet Pathak:
Well, I think if you take the spirit of the statement, which probably is an extrapolation, but to me, it seems like there is a lot of value in having some regulatory body govern and regulate at least the banking, the service provider, if not the FinTech around BSA, AML and basic IP practices given and unusual activity reporting, basic things that are so transactional that you have to do on a day to day basis expecting the bank to be the responsible party every single time. It's probably not... That doesn't make a whole lot of sense. They should be responsible as well, but if they're the only ones responsible.
Kevin Herrington:
Yeah, the way it's going, the banks responsible for everything that, yeah, I mean, I agree with you those comments that these FinTechs are not regulated. I mean, these FinTechs don't have bank charters, right? So that the checking account has got to be at a bank and which is regulated. That was a confusing statement.
Neil Peretz:
One of my favorite phrases is: “You can delegate authority but you cannot delegate responsibility.”
Kevin Herrington:
That's so true.
Neil Peretz:
That gets back to: “The bank can have the FinTech help, but the bank is still on the hook. Think of it like joint and several liability, but I think what is lost by those statements of, these are unregulated parties is there's a long history of the bank regulators themselves regulating non-bank entities. And Kevin, you brought this up as an example, wherein FIS or Jack Henry will have [bank regulator] exam teams checking stuff out and basically it's under the FDI act. There's this concept of an Institution Affiliated Party. In many cases, basically, if you are an Institution Affiliated Party means you're affiliated with a regulated institution like a bank and you could be regulated too. You're under the thumb and control and the scrutiny of the banking regulators. In many cases, if you go read enforcement actions against an IAP, an Institution Affiliated Party, they're against individuals and some person worked at a bank and engaged with bad activities.
And the bank regulator might say, you're banned from banking, just like we hear about people being banned from the securities industry. But in other cases, the bank regulators have applied their jurisdiction over Institution Affiliated Parties to actual FinTech entities and there's a series of enforcement actions going back over time. The one example is the FDIC had an action against a company called Freedom Financial, which is a FinTech as an Institution Affiliated Party. And the FDIC determined that, well, they violated laws related to unfair and deceptive practices. And the bank itself was actually a different bank, but the FDIC went after the FinTech company. The regulators actually have the power right now to go after this and they have in the past. I don't know if this is a big push for more power for the bank regulators or a good way to complain.
I mean, there's other examples, there's Nova Bank was gone after before as an IAP because it was an information services provider. There was an action against Higher One in the student loan business. Again, not a bank, but the bank regulators actually went after them before. In my view, and maybe this is because I'm a former regulator, I think yeah, they're regulated already and I know the CFPB has made an announcement more recently that said, "Hey, we take a very broad view of who's engaged in consumer financial services and you might be a tech company out there that is going and sourcing customers for certainly these products. And if you're engaged in anything more than a ministerial activity, meaning you're just doing what you're told and you're helping make decisions and find customers, we're going to look at you too."
Sankaet Pathak:
Yeah.
Kevin Herrington:
You got to... Go ahead, Sankaet.
Sankaet Pathak:
No, Kevin, please go ahead.
Kevin Herrington:
I was going to say, you got to wonder, I mean, I feel like you're seeing all these FinTechs, they're obviously aligned with community banks for numerous reasons and then, which I think are starting to put a noticeable dent into the big banks and you see some of the big banks expressing concern and wanting to see the FinTechs regulated. But you take a look back where the motivation may be, and it may be along the lines of, hey, these guys are still in all of our customers, community banks have a place and they're over overstepping their place and we want it back. You wonder, is there any influence when it comes to lobbyist political activity, whatever, packs, to see this increased regulation just to make it tougher now? I do think we need to have regulation, no question about it, but you got to wonder if there's some underlying motivation there.
Sankaet Pathak:
I do, however, think that the overall Blue Ridge OCC letter and not talking about OCC's public statement, some of them are interesting, but just the letter was fair. Everything in there, made total sense.
Kevin Herrington:
Oh yeah. Yes, Sankaet, I completely agree with you. It does make a total sense. As I said earlier, it's a blueprint and we're going to go compare ourselves to it, make sure we're in the business where we need to. I'm just more alluding to some of the comments you're hearing from the CFPB or the OCC higher ups when they wanted to push scrutiny down to the FinTechs. And you got to wonder, I'm trying to stay politically correct here, is there underlying, we want these customers back at the big banks, kind of whoever is pushing that agenda? I don't know, maybe it's a rabbit hole I shouldn't go down, but just a thought.
Sankaet Pathak:
I think this is a valuable exercise. Just before we do it, I think for the record, we all agree, I think the letter was fair and I think it right, it essentially documents
Neil Peretz:
Right. They’re table stakes as you describe it, which is yeah, you should do these things regardless of who you're partnering with.
Sankaet Pathak:
I would go all the way to saying on the record, I think the letter is fair. Second, there are some obligations that your BaaS provider should be helping you with. And there's a part of that, which is IT control program, a part of it is considering if the BaaS needs to be regulated so that they have to have SAR obligations and BSA obligations directly with the regulators themselves.
Neil Peretz:
Oh yeah. I didn't actually touch on that in your comment, but you brought that up, Sankaet, just a little bit earlier as an example of, "Hey, should FinTech be regulated in that regard?" And the answer is, "Yeah, they are." Right? That's under FinCEN for example. And in many cases the FinTechs are considered money transmitters under FinCEN. They've got to go register with FinCEN, they've got to follow the rules.
Sankaet Pathak:
Some of them. Some of them.
Neil Peretz:
Well, depending on your activities.
Sankaet Pathak:
Totally, some of them.
Neil Peretz:
But you could be an art dealer, and maybe have some obligations in this regard too. It's not even just FinTechs. The growth of monitoring of different types of money movement has been exponential since 9/11 and the responsibilities put on all sorts of folks in our society. I'd say there's lots of non-banks that end up having obligations in that regard.
Sankaet Pathak:
If they get regulated.
Neil Peretz:
Someone in their food chain is regulated if they're engaged in the activity.
Kevin Herrington:
Yeah. Something that is completely loud and clear to be read in here is that the FinTechs are indeed regulated and the expectations they're regulated by the bank they're sponsored with, completely agree with that. We need to push that down given the amount of FinTech and how this is moving forward. Again, align with what the written agreement was with Blue Ridge. Yeah, I think that is one of the underlying things here is that, hey, you have to regulate these guys too, just like you would as if they were your customers. But you have to monitor the monitor and sometimes go a few layers deeper than that. I think that is fair. I think the expectation is for banks to regulate this, and I agree with that. We need to be on extra scrutiny to make sure we... Not having troubles coming out of these FinTech customers.
Sankaet Pathak:
Yeah, totally. Now, taking this letter, which is fair and my personal opinion is we need more regulation on the BaaS and the FinTech side. How do we reconcile this letter to the public commentary, which I think is 5 to 10 knobs completely detached because there are two kinds of commentaries that are problematic. The first one I can reconcile, which is people who are not sophisticated in understanding banking, generally, speculating what does this mean? Because it seems like bad news and bad news equals trouble and trauma and pain and which I could reconcile, they don't know the space as well and maybe some of them are listening to this and they're able to understand the letter a little better. The one that is puzzling to me is to your point, Neil, the OCC commentary and subsequent commentary from what I would consider experts making this into a bigger trend than it is. So my question is, how do you two reconcile that? What is that difference in modality on both? And does that indicate anything?
Neil Peretz:
I think, part of it is if it bleeds, it leads, right? We'd like to have something sensational to go publish as news and get a headline. “The World is ending for FinTechs!” That's a good headline. Maybe people click on that. Then there's another element that maybe is akin to what Kevin is bringing up, which is to say, hey, to the extent someone else's ox is being gored, their customers are being taken away, then they will go amplify any message that would be bad about FinTechs as a method of publicizing, yep, yep, you should only do business with Citibank and JP Morgan or Wells or something like that.
Sankaet Pathak:
I mean, that makes sense to me for the press. That makes sense to me for the VC crowd just to shrink down valuations and that makes sense to me for somebody who failed trying to build a FinTech company, but it doesn't make sense when it comes from the regulators themselves.
Neil Peretz:
There's some statements by the acting comptroller, and in many ways, he seems like a levelheaded guy, but some of the statements don't really add up to me. There's another statement he made just in September of this year, just last month. He says, he was talking about FinTech. He said, "Where is all this headed? For me, there's a nagging familiarity in the 2008 financial crisis I recall being camped out of the Federal Reserve Bank of New York seeing for the first time the wall size map of the shadow banking system." And he goes on and on and there was all sorts of complex liabilities.
And he talks about commercial paper conduits, buying commercial paper from SIVs, which were buying paper from CDOs, buying paper from other CDOs. And this light bulb moment, I don't think that the role of FinTechs out there is nearly the size of what we saw in the wholesale financial services markets heading into the 2008 crisis. I mean, pick a big FinTech, oh my God, if there was a problem with Chime? Well, all their money is stored in a normal account. What's going to happen? There's not people gambling based on this.
Kevin Herrington:
Yeah. I mean, what did I hear one time, someone said, the job of the media is to sensationalize stuff and tell you how bad news is. You need to come back the next time and read it again and read more because you need more information that, that's just where the media is and then...
Neil Peretz:
This is the Comptroller of the Currency saying this.
Sankaet Pathak:
Exactly. That's true.
Neil Peretz:
It doesn't add up.
Sankaet Pathak:
Yeah.
Kevin Herrington:
Yeah. That was just commenting on Sankaet's, everyone's getting all the commentaries we're seeing about this. I mean, this has been sensationalized, there's no question about that. And whenever you do that and grabs attention, that people choose to sometimes go to extreme opinions. I mean, it's not the first time we've ever seen a formal written agreement probably won't be... We'll probably see another one at some point in time that may has nothing to do with banking as a service, but I bet it won't gain as much attention because maybe it has to do with your credit risk or loans or something of that nature. I think this has just grabbed a lot of people's attention. And if a few more happen, I don't think it's going to be a, oh, no, FinTech and banking as a services going away, it's just going to be, guys, they're serious, your banks and providers have to step your game up.
Neil Peretz:
I think that the Comptroller's comments suggest he's worried about a bank run. He actually said this, he said he was looking before, this is again 2008, a system... Here is his quote, a system that evolved to approximate compete with banks and was then enduring a run. And that's when the fed had to open more windows and try to, let's convert Goldman and Lehman and banks and try to bail them out, things like that. We'll basically open up our money borrowing window to more than the traditional banking players, but those were all Wall Street folks moving large amounts of money around and they still do that, of course. That's the wholesale markets.
If we were to take a look at FinTechs today, particularly banking as a service, and there was a “Run”, well, where's all the money? The money's in the bank, the money should be available. Unless you were misrepresenting what's in people's bank account, you wouldn't have any problem at all. Pick 12 deal banks in a row that all have bank accounts somewhere and have a run on the bank. Well, they would just call up the bank where the money is and they'd go produce the money. It wouldn't be anything at all like CDOs and AIG.
Sankaet Pathak:
Yeah, that comment always seemed very specific around lending. It didn't seem like, because another comment that was in the similar way by the OCC acting chair was something about if you underwrite and write a loan through a FinTech, it's you who's responsible as a bank. And I wonder if there is a fundamental misunderstanding around banking as a service predominantly today being focused on deposits, not lending.
Neil Peretz:
I think that might also, the statement that one should always be careful with that because it ties into this true lender issue as well, which is that you are responsible as the true lender, but at the same time there's a long history of banks selling their loans as well. And so if you had some type of forward flow arrangement where you ended up selling your loans in the future, then you have responsibility for that snapshot in time. If you have a market for your loan, then you can defray some of your risk. I think a lot of the FinTechs who work with banks have historically had the bank. The bank has still stayed involved in the loan in some aspect, but they've certainly been able to defray some of the risk by selling parts of it or government guarantees or what have you. I guess maybe there is some limited truth to the existence of risk, but it's not as heavy of risk if you had someone else who was willing to bear some of the risk down the road.
Kevin Herrington:
Yeah, I think that whole true lender situation and issues that was once addressed in that regulation was rolled back. I mean, I think that's still a big unknown, and at some point in time will need some additional guidance. But then again banks, well, before this rate increased, banks and mortgage companies sell loans all the time, right? So this to a certain extent can be somewhat looked at that way. Obviously...
Neil Peretz:
The capital markets want it, they want to be able to invest in these type of instruments.
Kevin Herrington:
Yep. I mean, when you sell a mortgage you've got so long after you sell it, if there's any problems, then the bank has to take it back. But also that it's wherever it went.
Neil Peretz:
Yeah. That was opposite to the statement that Sankaet was describing, not his statement, but the statement of the OCC that says, you are responsible. It's true, you'd have some ongoing responsibility potentially. Certainly, if you erred in underwriting, then you might have to go buy it back out the portfolio. But if you underwrote the loan properly and you later sold it, unless you retained servicing rights or you've got some other responsibility related to it, you wouldn't be involved thereafter. I guess. It all depends on whether you're compliant at the outset by originating things.
There was another statement by the Acting Comptroller that also struck me as a little odd. He'd said, and I think this was a recent statement in September, he was talking about banks and comparing them to FinTechs as if it's like “Men are from Venus, Women are from Mars,” or whatever, the vice versa. I don't know, I forget who's from Venus and Mars, but one of the other [statements by the Acting Comptroller], was like banks are from Venus, FinTechs are from Mars. His statement was, that the technology business model is very different from the banking business model.He said, LTV to CAC is different than NIM, for instance. And for those who don't speak as many buzzwords, maybe Sankaet, you want to describe LTV to CAC, but I think it's worth highlighting that the juxtaposition doesn't work.
Sankaet Pathak:
Yeah, it's straightforward formula around lifetime value of your customer and your cost of customer acquisition. And FinTechs by and large measure the profitability or the likelihood of being profitable based on what's the LTV, the CAC ratio. The idea being you make substantially more money from an individual end user, then you spend on acquiring them, which is I hope a very strong metric to measure success.
Neil Peretz:
Yeah. The Acting Comptroller compares this [CAC/LTV] to NIM, which is Net Interest Margin. That whole statement implies somehow that all banks do is loan money. Kevin, you're in this business, your regulators want you to have fee-based income as well. There's other things that banks do besides just loaning money out. They run deposit services, they help move money around. Regardless of FinTechs, this is what banks do. If you only made money on your net interest margin, you'd be overlooking a large part of your business. And you talked about community banks, right? They're looking for ways to go increase their revenue, use their banking capabilities in some manner that doesn't put as much risk on the table, right? I'm sure you're trying to build your business on more than just NIM.
Kevin Herrington:
Yeah, I mean, absolutely. Obviously, you can't just be in loans without forgetting the other side of the balance sheet with liabilities, you carried away with that, you still have to fund them and there's other mechanisms, ratios will kick in if you're not getting the "core deposits." Yeah, and above that, one of the fee income, non-interest income is a big real line item that banks care about. For the most, especially in the beginning days of a De Novo or turnaround scenario, that's ultimately the thing that pushes to profitability quickly, been involved in a few of those. Yeah, it can't just be the margin. There's so much more to banking and how banks generate income.
Neil Peretz:
That's somehow the Acting Comptrollers is comparing, saying, well, banks only care about NIM and FinTechs, they’re looking at LTV to CAC. I'd say as a person running a bank, you mentioned actually, Kevin, one of the examples of why you like partnering with FinTech is, "Yeah, we can acquire more customers at a cost effective way." I mean, that's you just as a banker saying, "Yeah, I care what it cost me to acquire customers and how much I make from a customer because I'm running, oh my goodness, a business."
Sankaet Pathak:
I mean, banks LTV... Sorry, Kevin, go ahead.
Kevin Herrington:
I'm just still scratching my head of when LTV is not loan to value, when did that change?
Neil Peretz:
And CAC is the sound the chickens make, right?
Sankaet Pathak:
Well, for banks, if you just model LTV to CAC, it's very high number because their cost of customer acquisition is very low. Even if the most conservative CFO will put that inns just on the monitoring cost, if you want to bake that in.
Neil Peretz:
When I was young, they gave you a toaster if you opened an account or maybe a blanket.
Sankaet Pathak:
Oh wow. I was going to ask Kevin to maybe help us start some kind of a program, man.
Kevin Herrington:
You want a toaster?
Sankaet Pathak:
I mean, I'm going to send it actually...
Kevin Herrington:
I can send you a toaster.
Sankaet Pathak:
... to every end user.
Kevin Herrington:
Yeah, I mean, you're right that the traditional model of banks and customer acquisition cost is high. I mean, the number one thing that has the biggest impact on efficiency ratio in the bank is the branch network. Some of these banks that have large branch networks, it's definitely a big hit. That's a lot of personnel costs, a lot of overhead costs. Then however, whether you lease or own the facility. I know in the way we're looking how we're going to run things, we're going to have a incredibly small branch footprint. You still need to have some branches, but we anticipate that making a significant improvement on efficiency ratio. But all these other bigger banks or ones that have just been around for a long time will always struggle with that cost of the core banking when it comes to acquiring customers.
Sankaet Pathak:
Well, now, you have to account for giving everybody a toaster as well.
Neil Peretz:
Well, it's funny, when we were starting the CFPB and I actually worked on the Bureau before it became officially “The Bureau” during this what we call the Standup Period. Now, Senator Warren was really the person spearheading a lot of this and her example in describing why would we need someone regulating consumer financial products? From a consumer's perspective was she compared financial products to physical products and she said: “Hey, you wouldn't be allowed to go sell exploding toasters!” Now, I don't know if she was thinking about the bank gifts of toasters when she brought that up.
Sankaet Pathak:
Maybe she was. Going back to this, given the comments from the OCC, the fact patterns, the letter, are you all worried that this is going to become a trend
Neil Peretz:
Trend meaning that lots of...
Sankaet Pathak:
More regulators.
Neil Peretz:
... other community banks like?
Sankaet Pathak:
Other banks. Yeah.
Neil Peretz:
I think for sure there will be scrutiny of various banks partnered with third parties there, but there's always been this type of scrutiny before. I think if I were to look at the FinTech market, I'd say, hey, this probably is in favor of the established Banking as a Service companies who've actually made the infrastructure investments as opposed to some guy who says, I have an idea for a FinTech and I have $27 and I'm going to go start it and partner with a bank. We look at this, for example, the FinTech entity that was going to go do money transmission or help people living in Brazil, Russia, India and China do business with US banks.
I think their total capital raise was like a million or $2 million. If we compare what is Synapse invested in building its infrastructure, it's a lot more than that. I think this probably means if you are a banking as a service company that helps facilitate this for FinTech, it's probably better for you because you made the investments, but it does make then a higher bar for someone just starting out.
Kevin Herrington:
Yeah, that's very true. You got the big three core providers and you're not going to have another big fourth coming your way. But is this going to be a trend? In some ways, I hope so. I hope that more banks are entering this space and I hope you see some increased regulation. This needs to happen. I love the term that everybody, you describe the space as the ecosystem, this needs to happen in the space simply because for the banks that are within or doing BaaS, there's somewhat of an outlier right now, but if we get more banks and a little bit more bringing it up to the light, it will help those that do that, not necessarily be the standout for the ones that don't. I'll also take this another step and say a pretty obvious comment. A lot of community banks have problems of aging management and aging board not really interested in this.
What's the concern for those that are not pushing forward with where the technology is going and what the customer preferences are, what's going to happen to those banks? They might actually have more negative implication if they're not willing to get in into some sort of arena like this. Because the old, I guess, business case or how traditional banks are run, that's fading away to a certain extent. You got to keep up with what's going on in the technology, what's going on with the customer expectations, and this is obviously clearly where everything is going. And so we need to get more banks playing this space so we are not such an outlier. But you also got to question about the banks that are afraid of everything and just waiting for maybe the next generation to take over what's going to happen to them.
Neil Peretz:
They're going to be left behind. I mean, we look at the neo banks and just some of these entities that have been saying, “I'm a bank, I just am not a Bank… I'm kind of sitting in front of a Bank.” And there's been a tremendous amount of customer acquisition by many of them [BaaS FinTechs], in part because they offered the accessibility that some of the smaller banks weren't offering akin to what you're describing, Kevin.
Sankaet Pathak:
Kevin, does this whole OCC Blue Ridge thing change how you partner with FinTechs?
Kevin Herrington:
I mean, yes and no. I think it's clear. You need to have the appropriate oversight and appropriate documentation in place and the procedures and the ever expanding checklist. For the startup FinTechs that don't have a lot of capital, I think it puts them in a little bit more of a question, which is unfortunate. But we're also seeing that the VCs pulling back on FinTech investments because there's not going to be another, more than likely there's not going to be another big Chime or Green Dot or something of that nature.
It's more niche services right now that is probably the best use case. I don't know. Yes and no. We just need to make sure we understand what our FinTechs are doing and make sure we can have complete and total transparency all the way through the customer level to make sure all the KYC things have been handled properly. If there's any sort of flag or something that needs to be taken care of as just increased monitoring over the FinTech. I don't think I really answered your question other than just go on a tangent.
Sankaet Pathak:
I mean, you did. What you're saying is increased awareness, but that doesn't really change the appetite in the market. It just means the bar's a little higher, but also it seems like it's the right decision to make versus not.
Kevin Herrington:
Yeah. I mean, the bar had to be raised.
Sankaet Pathak:
Yeah, that makes sense.
Neil Peretz:
I think particularly in the category, if we go back to this Consent Order and say: “Well, what are they really focused on here?” The vast majority of the points are about customer identification, suspicious activity reports, Bank Secrecy Act, money laundering. These are all cat-and-mouse game issues that you need to stay up on and keep investing in. If you just said, “Oh, I solved last week's anti-money laundering problem” [that’s insufficient because the bad guys] they're onto the next strategy this coming week. They're all areas where you need to keep investing.
Sankaet Pathak:
Well, to me, it reads far more elemental what the OCC's asking for is, have a policy, write something down, guys, just put it.
Neil Peretz:
It's shocking if there earlier was no policy at all, especially given that they had merged with... Maybe there was some issue because they had merged with another bank. So Blue Ridge was smaller, and then I think in 2021, they had merged with a bank to bring it up to its current asset size. I don't look and see if there was a merger of equals or what, but there were some integration issues combining with the other bank and knowing which policies stood on top. But between the two of them, there should have been some type of policy. Now, are you implementing it? I find a lot of folks have these policy requirements by some policies on paper, but putting into practice gets back to one of the other statements in the consent to create itself, which was, hey, you need personnel, you need to go report on how you're doing this.
Sankaet Pathak:
Yeah, it said, hire a BSA officer. I feel like things here were very elemental. It's like go and hire a BSA officer, write a program, go and cross validate the transactions you've done in the last 90 days with the program now you have written, which tells me there is no program.
Neil Peretz:
Yeah, I agree with your interpretation of the grammar. It's just astounding to imagine that circumstance, given that there appear to be experienced people involved at that financial institution and they merge with another financial institution. The concept of complying with BSA rules is not new by any means.
Kevin Herrington:
No, I mean, the regulators, examiners are looking for a thorough policy that they agree with and then they can also hold management accountable to when it comes to that policy. Whether it was there or not is a debate we could have, but it was clear it needed to be enhanced.
Neil Peretz:
Yeah, it was definitely insufficient. There was something missing.
Sankaet Pathak:
The policy is what was missing. I totally agree.
Neil Peretz:
But I think in part, it could be a policy as related to what the FinTech is bringing to the table. Because if we look at all those BSA, SARs, et cetera, they're all really [dependent on] the context, like risk adjusted.
Sankaet Pathak:
Totally.
Neil Peretz:
Maybe you weren't doing business with people from other countries before that often, and now you are. Now, you just start to need, for example, other types of databases to even validate these people because you're not going to go get that from your knowledge-based authentication from Experian or TransUnion or whatever.
Sankaet Pathak:
Totally. Yeah. I think historically the policy, and I'm just guessing here, was more so whatever the core bank did, which to your point, credit polls looking at suspicious flags and things like that, and for this line of business, it was pretty much flying blind is my assessment, which is whatever the best does, that's what we do, and there's nothing written there. And it seemed like that's the piece that OCC came in and said, one, we're surprised by, second, write something and submit it to us.
Neil Peretz:
Yeah. I find there's the challenge of how do I... Let's look at customer identification. One challenge that I got to hit the database is the challenge is I want to go screen my customer then against things like the OFAC list. Are you a specially designated entity of some sort? The challenge is there's a lot of, we'll call it, bad actors out there who have unfortunately common names and there are many other people who have the same name as the bad actor who themselves are not bad actors. And you get into some challenges with how do I disambiguate? Then you need even more processes. Yes, I checked against the OFAC list, but I found 12 other people with the same name, how do I disambiguate this person from that person? And it starts to be risk-adjusted, so now as I'm... Previously, I could say, well, the bad guys in, I don't know, pick your other country and my customer's in Cleveland, so I'll just distinguish it. Well, now you're actually in some other country. How do I go disambiguate that I'm not dealing with the bad actor?
Sankaet Pathak:
Yeah. I think the things I would've found to be not as surprising was, go and update your policies or/and go and ensure you're accurately enforcing your policies. But here the tone was going right to the policies.
Neil Peretz:
And maybe this is akin to what Kevin was mentioning earlier, which is like, hey, this is good instruction sheet. I think that this was perhaps written in a matter that said, "Yeah, we'd like this to be a checklist for everyone."
Sankaet Pathak:
Totally. Yeah.
Neil Peretz:
In that case, it might be more pedantic or prescriptive than usual saying...
Sankaet Pathak:
Which is great because it's literally saying if there's any bank who wants to get into this, this is a really good playbook. You can just follow this and make sure you feel relatively prepared and notify your regulators.
Neil Peretz:
Yeah, and we care about what's in the exam manual. Now, it's important to think about this is the OCC, right? A lot of the banks that might work with FinTechs are not even OCC banks. This was a national association, but you've got lots of state-chartered banks and they are FDIC members, they may or may not be a Fed member. We haven't seen a broad statement about the FDIC on this, but we also do know FDIC is very concerned about safety and soundness, for example, most of all. That's their biggest guiding light. You could expect the FDIC has a view on this topic, and we know for sure that the CFPB has a view on even non-banks. The CFPB has not shown a drop of hesitation to go after non-bank players in the FinTech world.
Kevin Herrington:
I mean, FDIC, OCC, Federal Reserve Bank, they're all typically on the same page. Not every single page matches. They all have the little different opinions here and there, been exposed to all three of them. But for this level of written agreement that came out, I can't see that FDIC or Federal Reserve Bank taking a significantly different stance. Will the stances they take together evolve? Most likely it has to, but I would expect that you're not going to see the three of them disagreeing because then you're going to see banks jump charters and that's not really good for the industry here.
Neil Peretz:
Well, you can't jump to the OTS anymore.
Kevin Herrington:
Well, I doubt the name OTS, but yeah, nor even talk about the credit union side.
Neil Peretz:
Yeah, I don't know if we have any stories of banks and credit unions switching back and forth and their affiliations there. You'd have to really change your ownership structure. But I do agree that they're coordinated, and you mentioned, Kevin, reading the exam manual, that's largely an FFIEC publication, which is a collaboration of all the regulators. That alone is going to be synced up. I just think there's probably accents or additional emphasis among certain regulators.
Historically, the OCC has been very interested in, for example, banks being profitable and such. The FDIC, which has to pay the bill if you blow up, has been more concerned about safety and soundness. Then the Fed has other missions, if you will, which is, for example, to have a robust economy or deal with inflation. The Fed has these other considerations as well, or maybe access to credit, for example. The Fed would care more about that. Then certainly on the CFPB side, they do care about access to credit, but they also care about not giving out credit that's going to blow people up.
Sankaet Pathak:
But given OCC, Fed and the FDIC are three primary regulators in this construct, other areas, seems like what I'm hearing is by and large, they should all align to this blueprint. There might be an emphasis on one or the other, which is a little bit more magnified in case of one over the other. But this is still a generally safe blueprint to follow. It doesn't matter which one is a regulator, right?
Kevin Herrington:
Yeah. I would say the bigger concern for the regulatory bodies that I would have, and this applies for anything that's new, is we all know there's a shortage and finding good quality people and then the regulatory bodies, how much talent do they have to start examining the banks that are involved in that? I mean, I'm sure everyone has their story about being involved with the examiner who didn't necessarily have the talent and maybe overreacted where it didn't make any sense, but the bank still had to handle it. I think that is another concern, and hopefully, that they'll get that under control as soon as possible.
Sankaet Pathak:
I mean, they could hire Optimus from Tesla, right? Isn't that the new labor force, the robot?
Neil Peretz:
Well, if you've ever played with any machine learning, it's as good as those who train it. I'm not sure who's training the Optimus or the machine learning on this. You don't need physical machines. Actually, related to your comment, Sankaet, is for a while we've seen automation software be called Robotic Process Automation, RPA. That's a whole category of SaaS. And people say, “But where are the robots? Where are the robots?” And it's not really robots, it's just software doing things. We thought we'd put a robot name on and be cute.
Kevin Herrington:
Did I hear Sankaet say that examiners and regulators act like robots?
Sankaet Pathak:
No.
Kevin Herrington:
Is that what I hear, Sankaet, from that?
Neil Peretz:
He thought they could teach how they could train the robots.
Sankaet Pathak:
The recommendation is the banks hire the robots. Maybe your BSA officer would be an Optimus bot, I don't know.
Neil Peretz:
Well, that's why I'm saying it's a software bot, really is trying to do it in a way, the challenge is that you've got to go train... I had a business not too long ago, that was a machine learning business, and you can keep training the machines if you think an algorithm is going to go catch things. The algorithm can be trained and trained and tuned and tuned to, for example, not hit false positives. But unless you actually have a human in the loop, you don't know what you're missing in, what we call, the recall category of machine learning.
Sankaet Pathak:
That's fair.
Neil Peretz:
You still need human experts in the loop, otherwise you've optimized for a non-realistic data set. You don't know what you're missing. It's kind of as the unknown unknowns.
Sankaet Pathak:
Well, I think that's fair to say, starting as a joke, but getting serious about it. Automation does give you massive leverage as banking as a service provider and also as banks that work with us, but there's an element of human oversight that is still needed. I think there are ways to start tapering that down with modern advancement, especially a lot of the times you can train an adversarial network to be able to catch and detect some of the recalls that you can't get from just a regular generative model. But we're through pretty early and maybe that's another podcast we should make.
Neil Peretz:
We're still dependent on the genius of the machine. That's the adversary, if you will, the red team.
Sankaet Pathak:
Yeah. Yeah. I mean, there's a good way to set up, and we've thought about this even internally in adversarial network on false positives and true positives, but you have to have some theoretical improvement on the adversarial network, which is the adversarial network needs to be at least few percentage points, if not more superior than whatever your actual model is, that is generating the outcomes.
Neil Peretz:
Exactly.
Sankaet Pathak:
It's like mathematically possible to do and it's realistic now to do that versus not as well. Maybe another podcast.
Neil Peretz:
But not everything fits from the chess game of all the variables you're manipulating or the system's able to go manipulate.
Sankaet Pathak:
I think in a lot of the stuff in banking could be simplified and automated. Not all of it, but a lot of it can be, and increasingly more and more over time.
Neil Peretz:
Yeah. You've just got to go to the next level though of, okay, well, so and so sent in a transaction, they're legitimate. Well, it turned out that they were tricked into doing the transaction. We're actually seeing this in P2P fraud right now, as well where it might not be the issue that it was a fraudulent actor setting up the transaction, it was just improperly induced.
Sankaet Pathak:
I mean, the historic troubles that have technically plagued the industry are a little different. They used to have all the payment data set in different source like sources of truths depending on if it was an ACH or it was a check transaction or if it was a card transaction and reconciling all of that in one continuous transaction stream was close to impossible technically. You could never do a continuous variable analysis on transactions until very recently. Literally, until now when you have a BaaS that has a core banking system, you cannot technically do this exercise.
I know Citi and all of them have claimed they've spent a lot of money in unifying their transaction streams behind the scenes. But that's like the first technical hurdle, which is more logistical than machine learning. After that, the updates are relatively incremental, which is you can treat this as a continuous variable. Then to your point, Neil, train different models over time to detect money laundering or detect account takeover and bunch of these different things. But I think there's enough data to be able to make this far more meaningful than we have historically.
Neil Peretz:
Yeah. If we go take a look at money spent on anti-terrorism research, that's what they're doing.
Sankaet Pathak:
Totally.
Neil Peretz:
I'm going to suck down a lot of data and I'll start looking for patterns because I have more data and I can go try to identify, I mean, that's in our crypto world as well, so we're trying to figure out, who's the bad guy's wallet? Okay. Well, we need to basically, they don't have a bad guy name on the wallet, so instead we have to study flows in and out and where does it fit the overall broader network?
Sankaet Pathak:
Yeah, I feel like there's a new podcast brewing here. I think maybe we should do another one on just...
Kevin Herrington:
One, an automation machine learning.
Neil Peretz:
Big data.
Sankaet Pathak:
Just automation for banking. I think that might be a useful exercise. But guys, I really appreciate both of you joining us today and sharing your perspective on this. To summarize this, it seems like we all align that the ruling seems fair and straightforward. I think still, we're speculating what the public comments really imply or mean in one area, but this gives a good blueprint for everybody to follow, right?
Kevin Herrington:
Yeah, it does. Completely agreed. One day, maybe one day, we'll find out the story behind the story because there's always one there.
Sankaet Pathak:
Oh, sure.
Kevin Herrington:
That would help.
Neil Peretz:
Yeah, and we could've just got...
Kevin Herrington:
That will give more insight.
Neil Peretz:
... those list if we just pulled out the exam manual.
Kevin Herrington:
No, we would've fallen asleep.
Neil Peretz:
Well, yes, maybe that was the real answer was people keep falling asleep in the exam manual. We need this in a separate document attached to an SEC filing, and then people freaking wake up and read the exam annual.
Kevin Herrington:
That's not what I said.
Sankaet Pathak:
Well, guys, thanks. Thanks lot for joining us and for everyone who's listening, thank you so much for listening to the episode. Have a great day. Thanks again for joining us for this episode of Under the Hood, and a special thanks to our guests as well. If you like the podcast, please go to Synapsefi.com/underthehood to subscribe. Thanks again. See you next time.
