The regulatory horizon for banking as a service

Hearts and minds of customers

Both banks and nonbanks are increasingly looking for new ways to attract and retain customers, while building strong balance sheets and growing the bottom line. With growth, however, inevitably comes increased regulatory attention and scrutiny. We expect, an increasing regulatory focus on BaaS providers, the development and implementation of additional risk management supervisory guidance for banks, and more frequent enforcement actions against nonbanks. In this evolving landscape, both banks and non-banks should anticipate the following impacts when engaging with financial services products:

• Nonbanks will likely feel greater regulatory scrutiny and indirect pressure from collaborating banks.
• There may be increasing accountability on collaborating banks to enhance risk management of their third-party relationships.
• Banks should anticipate increased supervisory focus and attention commensurate with their activities and any associated risks in addition to their asset size and risk profile; these banks should expect to be held to large bank supervisory standards.
• Banks that have entered into relationships with nonbanks for delivery of products or services will be forced to expand their supervision of these providers.

A refresher on the bank regulatory perimeter

The US bank regulatory system has been built around permissive and restrictive regulatory requirements that establish a legal boundary around the US banking sector, known as the regulatory perimeter. Bank organizations within the perimeter can conduct banking activities (e.g., making loans, accepting deposits, facilitating payments, and providing custody services), subject to extensive banking laws, regulation, and related supervision by the federal banking agencies: the Federal Reserve Board of Governors (FRB), the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Consumer Financial Protection Bureau (CFPB).

Nonbank organizations outside the regulatory perimeter are subject to alternative laws and restrictions, generally at the state level but also including federal consumer protection regulations administered by the Consumer Financial Protection Bureau, when conducting other financial and nonfinancial activities.

Regulators are starting to take notice

These enabling bank/nonbank relationships have not been without their own accompanying risks. The new BaaS ecosystem, as well as the existing regulatory arbitrage, has not gone unnoticed by the federal banking agencies. These regulators are putting more pressure on banks and are scrutinizing services offered to nonbanks. Today, nonbanks and their holding companies do not have a primary federal regulator and are not subject to consolidated supervision, leading to regulatory gaps and respective risks that exist out of the sight of regulators. By pushing through their supervised banks and “exporting” their regulatory expectations into the banks’ nonbank relationships, many nonbank organizations will feel the heat and the need to “level up” to reckon with this enhanced, indirect supervision.

Looking ahead

The inevitability of heightened regulatory expectations will place the imperative upon both banks and nonbanks to define how they will adapt to thrive within and at the borders of the evolving regulatory perimeter. This may mean recalibrating strategic priorities and enhancing capabilities to meet a specific business strategy and regulatory requirements.

As the lines between banking, nonbanking financial services, and commerce become more blurred, the regulatory perimeter faces a variety of challenges. Whether you are a traditional bank or a nonbank performing banking activities, the paradigm is shifting significantly, and you need clarity to act. To link your strategic goals with your regulatory strategy there are several actions you will need to consider including anticipating potential regulatory change and planning a business model response, assessing preparedness for examination activities, obtaining support for effective third-party risk management, and integrating monitoring activities with existing firmwide change management and controls systems. Download our report, which includes a summary of financial services activities performed by nonbanks to learn more about these considerations and available support to navigate the evolving regulatory perimeter.

Get in touch

Deloitte Center for Regulatory Strategy