The Federal Reserve Board's (FRB) December 2019 Consumer Compliance Supervision Bulletin (December Bulletin) focuses on fintech. The December Bulletin's goal is to "enhance the understanding of common fact patterns and emerging risks so that institutions can manage fintech risk appropriately and efficiently." In line with that goal, the December Bulletin discusses the following topics:
- (i) Promoting effective fintech risk management;
- (ii) Online and mobile banking; and
- (iii) Managing the fair lending risks of targeted internet-based marketing.
Promoting Effective Fintech Risk Management
Banks have extensive experience managing their own compliance and third-party risks but face challenges collaborating with fintechs, which may be less familiar with and not as equipped to work with the complex web of consumer finance regulations. Yet financial institutions are continually concerned about losing revenue to innovative market entrants.
Despite these challenges, the trend toward increased collaboration will likely continue. Approximately 82 percent of financial institutions are expected to increase their collaboration with fintechs over the next three to five years.
In response to this observation, the FRB noted several areas for banks to manage risks associated with fintech collaborations:
- Promote appropriate board and senior management oversight, including dedicated resources to the collaboration and ensuring the "staff is knowledgeable, empowered, and held accountable for compliance with consumer laws and regulations."
- Institute policies, procedures, and training that are appropriate and comprehensive to the risks associated with fintech collaborations.
- Develop and proactively update risk-monitoring processes to ensure they are sufficient in identifying and addressing risks associated with fintech collaborations.
- Perform comprehensive and ongoing due diligence and oversight of the fintech third-party.
Online and Mobile Banking
The December Bulletin warns that online and mobile banking practices may present heightened risks of unfair or deceptive practices (UDAP). Typically, these UDAP risks result from a bank's failure to provide accurate account information or disclosures on their online or mobile platform, or a bank's failing to evaluate and validate modifications to these platforms.
In response to this observation, the FRB suggested the following steps to identify and manage UDAP risk:
- Compare disclosures on online and mobile banking platforms to ensure overall consistency and accuracy.
- Confirm the product works how the bank understands it should work (in other words, confirm the consumer experience).
- Monitor complaints.
Managing the Fair Lending Risks of Targeted Internet-Based Marketing
The December Bulletin notes that targeted internet-based marketing is an area that "warrants attention" and remains a subject that industry and the FRB is still learning. Based on new, sophisticated techniques allowing businesses to target segments of consumers, the FRB can "no longer assume that consumers will broadly have access to the same options, even if they were to do their best to research and seek out as many choices as possible online."
This "unequal access" could result in fair lending violations (the Equal Credit Opportunity Act and the Fair Housing Act) by leading to redlining or steering. To illustrate this problem, the FRB referred to the recent Facebook marketing settlement with civil rights advocates and the U.S. Department of Housing and Urban Development.
In response to this observation, the FRB lists the following steps a bank can take to manage fair lending risk:
- Eliminate geographic filters that would exclude predominantly minority neighborhoods.
- Review elective filters so they do not prevent viewers with protected characteristics from seeing the ad.
- Review information regarding the audience that viewed each online ad.
- Establish policies and procedures to evaluate fair lending risk for marketing and outreach.
- Monitor marketing and outreach activities to ensure the activities are reaching the entire area, including any predominantly minority neighborhoods.
- Ensure relevant vendor management policies are in place.
- Understand marketing practices employed by the bank or on its behalf and have appropriate controls to assess/manage associated risks.
The December Bulletin further evidences the FRB's engagement with fintech. This week, the FRB also announced that it will hold a series of "fintech innovation office hours," starting with a session at the Federal Reserve Bank of Atlanta on February 26, 2020. We'll continue to monitor the FRB and other consumer financial regulators as they seek to keep pace with the industries they regulate.