There has been a shift in how regulators are approaching regulation of BaaS and fintechs. As enforcement actions continue to increase, having a well prepared compliance program in place is important now more than ever.
In today’s COMPLY Podcast episode, I am joined by Ethan Singleton, Principal at FS Vector where we will chat about:
- Regulation in a new age of Fintechs
- How banks and fintechs can apply what they have learned from regulatory actions
- How to know when the time is right to get out of spreadsheets and into a technology solution
- The cost of not having a monitoring process in place (and it’s not just monetary)
Show Notes:
- Marketing Compliance Enforcement Actions Stats & Themes: 2H 2023: https://bit.ly/3uJGVKK
- Why Banks are Investing in Marketing Compliance Technology Blog: https://bit.ly/3w9Lgr1
- Learn more about FS Vector: https://fsvector.com/
- Connect with Ethan Singleton: https://www.linkedin.com/in/ethan-singleton-esq/
- Connect with me, Rhonda: https://www.linkedin.com/in/rhonda-mcgill/
Subscribe to COMPLY: The Marketing Compliance Podcast
About COMPLY: The Marketing Compliance Podcast
The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY Podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level.
Episode Transcript:
Rhonda:
Hey COMPLY podcast listeners and welcome to this week’s episode. On today’s episode, I had the pleasure of speaking with Ethan Singleton, of financial consulting firm, FS Vector. Ethan advises fintechs on an array of matters including the creation of oversight frameworks, implementation of compliance programs, and management of regulatory and partner bank relationships. Today we discuss how regulators are evolving to manage in a new world of regulating fintechs and how regulatory actions over the last couple of years are laying out a compliance playbook of do’s and don’ts as you work to shore up your compliance management and so much more!
Thanks for listening and enjoy!
Rhonda:
So great to have you here with us, Ethan. Thank you so much for joining us here, for PerformLine’s COMPLY Podcast and glad to have you here as a guest. So can you please take a moment to introduce yourself and tell us a little bit about FS Vector, what you all do as well as provide a brief overview of yourself.
Ethan:
Yeah, thank you so much for having me Rhonda. My name’s Ethan Singleton, I’m a Principal at FS Vector based out of New York City. FS Vector is a boutique consulting firm focusing on financial service companies really broken into two main services. One is our advocacy group, and that is kind of mostly focused on policy lobbying down in DC. Kind of working to shape regulations around financial service companies, from traditional banks to emerging technology companies. Then we have the advisory team that I sit on and help lead, we’re much more focused on kind of strategic consulting. So that’s getting embedded with our financial service clients to really help them rethink how compliance impacts their businesses. And that could spawn from a startup fintech, who’s building their compliance program for the first time all the way to a mature financial institution that is looking to maybe enter the banking as a service space or looking to mature their compliance program.
I’ve been with them for about 2 years, and I have an interesting journey into fintech. I’d say probably a little different than most in that I’m a lawyer by training. And out of law school and passed the bar and was working at a law firm in Philly, and really wasn’t enjoying what I was doing, and was trying to find a kind of a backup or alternative career, and happen to stumble upon a job posting of all places on Craigslist for a regulatory compliance attorney at a US financial institution
And at the time I wasn’t super familiar with what regulatory compliance was, but it sounded interesting enough for me to take an interview, and it turned out that the role was with HSBC Bank USA. And it was really focused on remediating some of the issues that they had had around their BSA/AML compliance program, in the context of a regulatory consent order. And I didn’t really know what AML meant, and I was like, okay, let me learn—let me just dive deep. And it was a really great way to just jump headfirst into compliance. And I had really good interactions with the regulators, good facetime there and knew that it was something that I wanted to pursue full time and make a career out of it. And after HSBC I went to a consulting firm called BDO, where I focused mostly on BSA/AML and sanctions related work.
And I had my first, I’ll say, foray into fintech during that time, and had just one fintech client but it was working in the Banking-as-a-Service model. And I knew it was this very new and interesting relationship that, you know, there’s a regulated institution, and there’s a non regulated institution. But the non regulated institution is offering these financial products.So when I found out that there was this firm called FS Vector that was living and breathing fintech. I said okay, and I immediately knew that that was the firm I should probably be talking to. And 2 years ago now, since I joined the firm and a lot of my focus is, really all of my focus, has been on financial technology and emerging tech in the financial services space.
Rhonda:
That is amazing, that’s a great story. And it’s so funny as you were saying that you kind of stumbled in through the BSA/AML spot. That’s kind of how I landed in the world of compliance. I wonder if that’s like the very beginning?
Ethan:
Yeah, I said it was a unique story. But I feel like that happens a lot, where AML is kind of your foot into the door of compliance, and if you’re lucky enough to get to expand into other fun areas like consumer protection, third party risk and information security and all these other fun things.
Rhonda:
Absolutely, and then I went right into consumer protection, so gotta love it, gotta love it. So with the rise of fintech how have regulators adopted to address the challenges and opportunities presented by the many technological advancements and fintech services? Seems like there’s just so many different unique ways and all that good stuff. So let’s talk a little bit about how regulators have adapted, because I don’t remember they’re always being tech savvy regulators out there?
Ethan:
Yeah, it’s been an interesting, I’ll call it, decade. If we want to look back to 2014 with Chime, kind of first came in as the I’ll say the neo-bank to start all neo-banks. That really should have been the time where the regulators were like this is going to be the next big phase of banking, is this shift to fintech in this more like digital-first banking ecosystem.
I think they didn’t really take a ton of proactive steps immediately, though. There was, I think some of the early regulatory offices focused on innovation, where, like the CFPB’s project, Catalyst, which wasn’t so much focused on tech, but more of like, we know there’s going to be new ways that consumers are presented with financial products. And we want to make sure that they’re aware and educated on these products and make sure that they’re protected. And there was some additional, you know, like the OCC’s Office of Innovation, was created a few years ago, and more recently they added the Office of FinTech last year, but that is, I’d say, kind of gotten off to a shaky start.
There’s been the creation of the Novel Activities Group, but that’s what I’ll say more on supervision as opposed to innovation from a regulatory perspective. There’s been the FDIC’s Tech Office, which, unfortunately they’ve kind of shuddered to some extent and rolled into another internal office which has drawn the attention of lawmakers and and and I think some have said, “backwards on innovation,” is what is happening at the FDIC.
And more recently, the focus has been on enforcement actions and those types of relationships. And it’s been prudential banking regulators taking enforcement actions through consent orders, cease and desists, MLUs, likely some things that are happening behind the scenes that aren’t public, with some of the sponsor banks in the Banking-as-a-Service fintech partnership space.
So there’s been a dramatic shift of maybe not thinking about it proactively a ton in like 2014, and in the years that followed, to let’s create some offices focused on innovation and tech as a way for regulators and these companies to collaborate. To now I think really focused on regulation and potentially regulation by enforcement over the past year and a half or so. Which is, I think, good for consumer protection, which is what we really care about, but I think at the risk of potentially stifling innovation.
Rhonda:
Yeah no, you’re absolutely right. I know the a lot of, the recent roundtable that I was moderating, a lot of folks for saying that they’re noticing that more of the new regulators coming in the door are more into the tech. And they’re more tech savvy than in the past, and it’s made examinations a little bit more difficult for them, so I don’t know if you’re seeing that with some of your clients. But…
Ethan:
Yeah, I am and I like it in the stance that there is a lot of good tech out there in terms of the actual like financial products that are being offered in the fintech companies themselves. But there’s also a lot of good regtech out there that can help the fintechs and the banks make sure that they’re meeting their regulatory requirements. And so I have heard, where there are examiners kind of coming in the door and evaluating these Banking-as-a-Service relationships in particular, saying that the best thing you can do is add layers of technology to help you oversee these relationships. Which I kind of agree with to the extent that, like spreadsheets being sent back and forth for, like AML reviews and like marketing compliance reviews, and third party risk management, there leaves a lot to be desired, I’ll say.
Rhonda:
For sure, for sure. So what are some of the things that financial institutions should be doing now to navigate the complex landscape of regulatory compliance? Because it’s going to get a little bit trickier.
Ethan:
Yeah, yeah, and I think you know, we’re probably going to have more actions from a regulatory perspective throughout this year. I don’t think that’s a hot take or anything new, and it’s probably the consensus across the board. But like focusing on the fintech and Banking-as-a-Service space, I think those financial institutions are going through a tough time with their regulators, for better or worse. But I think for those that are maybe looking to get into the Banking-as-a-Service space, or those already in it, the enforcement actions that have happened over the past 18 months or so are actually roadmaps of like how to not do things. So if you’re a financial institution in the space, you can look at any order that’s coming from the OCC or the FDIC, the consent orders, that kind of specifically lay out issues with, you know, BSA/AML programs, or fintech oversight, ongoing, testing and monitoring even to to some extent like the use of data and these relationships. And you could take every single one of those line items and the regulatory feedback and say, great, here’s the recommendation, or finding that they have made. Here’s how we’re going to address it at our financial institution, so that down the road, when the regulator comes and asked these questions for you, you can specifically say, look, we mapped our control specifically to feedback.
So to some extent, it’s like, you know, it’s a tough period for BaaS and fintech in in terms of just the regulatory posture. But at the same time they’re kind of giving you a playbook of like how to do it right. And I know at none of these institutions they are going to be able to say these work perfect, or that we’ve done everything by exactly by the book. All of these compliance programs are risk based, right? Which means that there’s no like binary 1-0 way of of doing these things. But I do think that all of the the feedback over the past couple of years is like the first thing, senior management and the board at any of these finance institutions should be looking at to incorporate feedback into their program.
Rhonda:
Absolutely. So when should a fintech consider a technology solution for monitoring their consumer facing marketing? It just seems that some are really big or organizations, and some are very small. And so when is it the right fit?
Ethan:
Yeah, it’s such a good question. I think there’s a number of of factors that will determine when you should go from that spreadsheet approach that we mentioned before to automating and maybe plugging in tech. And for a lot of the startup fintechs that I work with it. It doesn’t really make sense to like immediately plug in a tech solution for your marketing compliance program. One because you you might not be live yet, so you might not even be marketing to consumers. Two, you might have minimal volumes or minimal channels that you’re marketing to your potential customers through. But overall, it’s like as you grow and mature, there’s probably like 3 or 4 things I’d really focus on. One is that like stage of maturity, are you pre-launched? Are you launched? Have you gotten your proof of concept? Have you started to mature, and like, really grow your volumes of of customers? Are you at the like unicorn stage of 1 billion valuation? If you’ve gotten a 1 billion valuation, and you don’t have some type of marketing compliance tech—that might be a red flag. But it’s probably not like a perfect sliding scale.
Another factor has to be product risk, no two financial products are exactly like in terms of the potential risk of consumer or customer harm. So I’d say, like the higher UDAAP risk, and that could be UDAAP with 2 A’s or UDAP with one A, the higher Reg B, or Reg z risk around lending products. The higher the risk, the sooner you should probably plug in tech to help you mitigate that risk. I think traditional neo-bank account product that some might call relatively vanilla, has a much lower risk of UDAAP concerns than a lending product. Particularly a lending product that’s maybe earned wage access or Buy Now, Pay Later, where the regulators, and particularly the CFPB are like really focused on the the risks.
I think the next one would probably be the channels that you’re marketing to your customers or potential customers through. One in how many channels you’re operating through. And two is the volumes in which you’re operating through that channel. So if you’re early fintech, you might just have a website. And the website might be really the only place that you’re marketing your financial product. But as you start to grow, you’re going to be looking to email marketing campaigns, television marketing campaigns, social media. And I think social media is an interesting one because you can start to have interactions with your potential customers, like through comment, feedbacks. And so the more channels that you have, the higher area of risk that you’re going to have. And so it kind of makes sense at some point to start plugging in technology to help automate some of the coverage of those risks.
Rhonda:
Absolutely, so based on some of the things that you’ve seen. I’d love for you to share with our listeners some of the practical considerations that they should be thinking about. We always hear about companies not having a budget. But what about the cost of a fine for a regulatory compliance violation versus the cost of having a monitoring process in place?
Ethan:
Yeah. And I think historically that has probably been the main question for senior management at a financial institution—is what is the cost of spinning up a really effective operational compliance program versus risk of not spending that money and maybe receiving a fine on the back end and weighing those costs. Which the answer should really always be spend the money on a compliance program.
Rhonda:
Spend the money on compliance! Yes!
Ethan:
And well I’m certainly biased myself, I’m a consultant.
Rhonda:
I was going to also say I’m biased myself, but, boy, coming from a compliance background. You just say, spend the money on compliance, you know, it just makes sense.
Ethan:
Exactly, and I always say it’s easier to build than it is to remediate and and it’s the cost of remediation. It can be very, very daunting particularly if you’re getting into like BSA, AML, OFAC, consumer protection, things like that. But it’s gotten beyond that analysis that I’ll say, particularly for those financial institutions in the Banking-as-a-Service, bank-fintech sponsor model. Because it’s not just how much are they going to fine us? It’s are the regulators going to restrict our ability to enter into new partnerships? Which is a huge revenue stream potentially for some of these financial institutions. So if you have let’s say, failed to build a strong oversight compliance monitoring process, particularly of your fintechs, if you’re a bank partner, you’ve then had an enforcement action that says you have to pay X number of dollars for failing to do that, and the regulator says and then you can’t add any new programs moving forward, or you can’t add any new programs unless you get our non-objection. Overall that’s an extremely costly indever you’ve gotten yourself into.
And so I would council is take the lessons we talked about before from the financial institutions who have been receiving these enforcement actions and and regulatory finds, etcetera, and then build that into how you’re spending money on compliance on the front end. And hopefully, that can get you to the point of not being in the position of regulatory action, or fines, or things of those nature, and then it also allows you to continue to add new programs and build those streams of revenue on like the fintech partner side. And there’s also a non-monetary cost of reputation, if your name is is appearing in the news particularly around like consumer harm. If I’m a fintech looking for a new bank partner, and I’m going through my list of options, the reputational risk and the even the risk of of being off-boarded because of that reputational risk is something that I would seriously consider. So overall, I think that the costs have become so much more than than monetary in today’s landscape.
Rhonda:
I guess what they say, i’s dollars and cents or dollars and common sense.
Ethan:
Exactly, exactly
Rhonda:
So let’s switch to a little bit about, how can financial organizations ensure that their marketing teams are well versed in compliance requirements? This is something that a lot of folks are always seeking. Where is the best place to go to educate folks?
Ethan:
Yeah, absolutely. The easy answer is have a training program. Have a basic compliance training program that includes specific requirements around marketing and UDAAP and the applicable regulations. But not just a training program that says, here are the applicable regulations that apply to our financial institution. But also, how do we make sure in practice that we’re complying with those. Through marketing reviews, implementation of certain technology—how do you use that technology effectively? There’s really good training platforms out there for financial institutions. I don’t know if there’s really good training programs out there specific to fintechs, like the marketing risks that might arise from a fintech relationship versus a traditional brick and mortar branch. So if you’re on the fintech side, you’re evaluating your training options, if you go and look at maybe traditional bank learning management systems, they may have a marketing compliance module, but the marketing compliance module might talk about branch activity and like face-to-face customer interaction. So if you’re at a fintech and you’re on the marketing compliance team, you’re going to be wondering like, why am I even getting taught about branch activity?
So I think if you’re that, fintech, maybe look a little bit more for a training platform that is focused on fintechs, that is focused really on the risk of digital interactions in terms of like marketing compliance and consumer protection. I think that’s a really good way to build a foundation to making sure your employees are aware of the regulatory obligations and how you’re meeting those. And then I think the second part of that, it’s just ongoing regulatory change management in the sense that when there are specific FTC or CFPB or other regulatory actions focused on marketing, UDAAP issues, consumer protection, similar to our point before—take those actions and educate your team on why they are important and like how our fintech is going to respond to those. So if a UDAAP issue arises, and the CFPB says, you as a fintech said that you were a bank on your website, and you’re not a bank. If I’m the marketing compliance manager at a fintech, I’m immediately going to our website and making sure the way we talk about our fintech as not a bank, but we partner with banks in the space. Making sure that is actually happening in practice. And every time there’s a new thing like this in the news, immediately take it back to your team and see where you can put it into practice.
Rhonda:
Absolutely. I could not agree with you more. I know that a lot of folks I’ve talked to are always looking for like, where and what conferences are they talking about this stuff? It’s so hard to find the place where everybody can kind of synergize and get to know each other and have these conversations, especially around marketing. There’s always conversations around fintechs, and BaaS, and all these other things, but not about the marketing itself.
Ethan:
I think that’s great, particularly fintech conferences are generally broad—in that, let’s get people together in a room who are in fintech and we can talk about your products and how you’re growing, and what are some of your challenges? Compliance isn’t always like at the forefront of those conferences. And you think about like Money20/20, and Fintech Meetup, and some of the banker’s conferences, there’s always some panel on compliance, but I think maybe that fintech-focused conference with an earmarked marketing compliance banner, maybe is what we need—well marketing compliance—I think all of compliance in general.
Rhonda:
For sure, no, I really appreciate it. I appreciate you taking some time out of your busy schedule to join me for today’s podcast. Is there any parting thoughts that you’d like to share with our listeners? And we will make sure that we also include for folks your contact information, if they would like to reach out to FS Vector or to you, with regards to getting their fintechs on the right path with compliance. But is there anything else that you would like to share as we’re parting and closing out today?
Ethan:
Yeah, thank you so much again, Rhonda, for having me. The one thing I’ll say about compliance is that you don’t just build it and leave it. You’re always thinking about ways to mature it and automate it, maybe bring in new tech. So whether you’re a fintech founder and you’re building your compliance program for the first time, or you’re a financial institution that’s been around for 50 years, just always constantly think about how you can mature and enhance your compliance program. I’ll leave it at that.
Rhonda:
Perfect. Always want to be better.
Ethan:
Exactly.
Rhonda:
Well, thanks again Ethan, for joining us, and hopefully we’ll have an opportunity to connect with you after you attend, you’re going to be at the next Fintech Meetup, in Las Vegas in March.
Ethan:
That’s right, that’s right. I’m so excited. Fintech Meetup is one of my favorite events of the year, and I think it’s going to even be bigger this year as we switch to the Venetian.
Rhonda:
Love it, so yeah, we’re going to have a few folks that are going to be out there. Alex Morris is going to be out there. And you guys have promised me, after you get back, that we’re going to have an opportunity to get together and kind of debrief on some of the things that you guys learn out there at Fintech Meetup. So I’m looking forward to that and looking forward to talking to you again real soon, Ethan. Thanks again for joining us today. And we look forward to talking to our COMPLY Podcast listeners again real soon.
Ethan:
Thanks, Rhonda.
Rhonda:
Thanks for listening to this episode of the COMPLY Podcast! As always, we hope that you were able to take away some useful information that will help you to better prepare your compliance program. If you would like to connect with me, please don’t hesitate to drop me a line, you can always find me on LinkedIn! You can find additional resources, including our blog on why banks are investing on marketing compliance technology, as well as a link to FS Vector and Ethan Singleton’s LinkedIn information and so much more in today’s show notes.
As always for the latest content on all things marketing compliance you can head to content.performline.com. And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!
Xavier Holland