Access the latest news, analysis and trends impacting your business.
Explore our insights by topic:
Additional Broadridge resources:
View our Contact Us page for additional information.
Additional Broadridge resource:
Your submission has been received. We will contact you soon.
One of our sales representatives will email you about your submission.
Your sales rep submission has been received. One of our sales representatives will contact you soon.
Your submission has been received. One of our customer service representatives will contact you soon.
In July 2018, the Office of the Comptroller of the Currency (OCC) updated within the Licensing Charter Supplement a new charter specifically applicable to fintech companies. The updated charter allows fintech companies to operate on a national basis and take in non-FDIC-insured deposits, which will put them on the same competitive playing field as other state and national banks. The July 31, 2018, OCC policy states that these companies will face the same regulatory scrutiny as banks of similar size and complexity. In particular, the OCC highlighted “capital, liquidity, and risk management.” This series is focused on the last element, risk management.
To date, fintech companies were regulated by the states, which mandated business licensure for each state they operate in and do not require the application for bank charters. In order to obtain an OCC bank charter, the fintech company must pass the OCC license process in which the company demonstrates how they will comply with OCC regulation 12 CFR 30 Appendix A, which establishes the interagency standards for safety and a sound internal controls environment.
Appendix A is fairly prescriptive as it mandates the internal controls and information systems to provide for:
Entities in less or unregulated industries often have these elements, but may not be sufficiently defined at the requisite level of this new mandated regulatory regime. The level of development within policies and procedures, along with the review and approval process, is more onerous with regulated entities, especially financial services. For example, banks are required to evidence the following:
The risk governance framework will be driven by the size and complexity of the organization. However, the company will need to demonstrate:
Risk management has always been more art than science and it will take more than rolling out a couple of models to get regulatory approval. Larger fintech companies listed on an exchange will have financial reporting structures in place but setting up systems for reporting the Call Report will prove more challenging. The Call Report is built on schedules and dissects the balance sheet and income statement in various ways. New banks often find this process the most difficult to achieve as the mapping of each schedule items can be cumbersome. For companies that are not already reporting financial data, this process will be even more challenging.
Data privacy and customer information is always important. The OCC is focused both on consumer privacy and reputational risks of their regulated entities. When breaches occur, it damages the reputation of the bank and the OCC. For fintech businesses, the visibility and review of data governance and protection will be more paramount given their innate business models.
Of all these categories, compliance may have the biggest impact on the fintech company applying for a charter. Consumer advocacy groups are focusing on the fintech charters and looking for fully functional and well documented/vetted compliance departments as they are subject to all consumer regulations. Obtaining an OCC charter will provide fintech companies benefits but, as De Novo institutions, they will go through many years of elevated scrutiny before they are accepted by regulators as well-established.