Research conducted by Federal Financial Analytics, Inc. indicates that fintechs pose greater financial stability risk to the economy than previously thought, due in large part to their lack of regulatory oversight.
The report states that fintechs pose systemic risk stemming from their general lack of liquidity, lack of regulatory oversight compared with banks and credit unions, their dominance in certain areas of the marketplace and the vast amount of personally identifiable information (PII) they store.
The report questions Fed Chairman Jerome Powell’s assertion in an August speech that new rules intended to stem systemic financial risks have well-insulated the country from another crisis similar to 2008.
The report poses a provocative question – “Is financial stability really so much more assured now due to all the post-crisis rules and those still to come?”
The stated intention behind the report is to “sound an early warning where risks are already evident” pertaining to fintechs. It says such risks include:
- Issues with fintechs’ capital- and operational-risk management constructs, which are considered essential to building sustainable business models across the business cycle while coping with financial-market stress;
- Lack of transparency safeguards among fintechs regarding their operation systems, underwriting and corporate governance;
- The absence of concentration-risk controls to account for the enormous presence Facebook, Google, Apple and Amazon maintain in the mobile phone, cloud technology and financial services industries; and
- Whether fintech activity is linked to the tightening of U.S. economic inequality and the potential for a financial crisis.
Liquidity risk
A significant difference between fintechs and banks of all sizes, particularly larger banks, is the lack of capital risk-alignment and liquidity requirements imposed on banks but not fintechs. This means that fintech investors and customers are vulnerable to losses in the event that a fintech fails. As consumers begin using fintechs more and more like banks, the report asserts that it is time they are treated as such.
“[G]iven growing market reliance on fintech infrastructure and its increasing importance in bank-like product offerings, it is far from clear that the financial system, consumers, taxpayers, or even the macroeconomy are immune from fintech profit-maximizing behavior,” the report states. “It is thus already past time to consider where capital risk-alignment incentives and operational-risk buffers are required for fintech companies active in key financial arenas.”
The Office of the Comptroller of the Currency (OCC) took a major step toward doing so with its July announcement that it would begin accepting special purpose bank charters from fintechs that would subject them to the same type of regulatory scrutiny as a national bank while also granting them the same benefits, such as the pre-emption of state laws that currently handcuff some fintechs in their lending activities. Such charters only go so far to address the safety and soundness risks of fintechs, the report states.
The report notes that when a bank passes its risk to a fintech, that risk becomes virtualized, and the virtualization of that risk does not change its fundamental nature. That fact can be obscured by artificial intelligence (AI) and machine learning (ML) systems used in the virtualization process.
“With or without virtualization, risk is blind to the legal charter of the entity that takes it unless that legal charter comes with mandatory mitigation measures,” the report states. “Even then, though, risk may not only be mitigated, but also transformed in terms of consumer, macroeconomic and financial-stability impact. When a business becomes uneconomic under one charter due to risk-mitigation requirements, the activity moves outside the regulatory perimeter if its economic rationale and profit benefits continue in the broader financial-product marketplace. When that financial product is further transformed through application of AI, ML, or other virtualized processes, risk transformation resulting from regulatory arbitrage accelerates because, even though fundamental risk remains, it is obscured by opaque techniques. These may well be faster and smarter than legacy, book-driven procedures, but these benefits do not mitigate risk if speed and smarts are deployed to enhance firm profitability, not long-term safety and soundness.”
Data security risk
By their nature, many fintechs collect and store vast quantities of PII, making them prime targets for cybercriminals. Even with state-of-the-art cybersecurity systems in place, the task of ensuring that data’s safety is a difficult one. The International Monetary Fund has classified the data security risk posed by fintechs as systemic from a safety and soundness perspective, given the large amounts of PII they hold and that there are no clear legal precedents requiring victims to be redressed in the event of financial harm resulting from a breach of such entities. This fact was highlighted by the major data breach at Equifax in 2017 and the multiple lawsuits that followed.
“When a regulated financial provider with capital at risk owns customer personally-identifiable information or similarly sensitive data, it has the resources with which to make good on fraudulent, data-breach, or similarly problematic transactions such as those for which current U.S. law assigns principal liability to the financial provider,” the report states. “In the event of large-scale disruption to a payment provider such as Venmo or to a non-bank payment service (e.g., Amazon), funds may be available for minor disruptions, but deep pockets for sustained losses are uncertain even at giant platform companies with no clear legal obligation to make customers whole in the event of system breaches or widespread infrastructure damage.”
Concentration risk
There is significant concentration risk in certain marketplaces dominated by fintechs, the report asserts, noting that Amazon and Apple have $1 trillion in market capitalization and control 99 percent of the mobile phone software technology market and that four companies control 73 percent of cloud services. Such market dominance by companies not bound by bank-like capitalization standards present a level of systemic risk, the report states.
“Concentration risk is perhaps most acute when it comes to cloud service providers (CSPs),” the report states. “While not in any way limited to cloud computing, concentration is most acute here due to the small number of scaled providers and the critical importance of server capability. These attributes also raise stability risks due to the vulnerability of many institutions reliant on a single, potentially vulnerable CSP. Based on the systems threatened or even taken offline, interbank liquidity, ready access to payment, settlement, and clearing services, or other systemic risks could quickly manifest themselves. The ability of a central bank to intervene with liquidity support could also be threatened if it relies on the same CSP or its funding channels interact with it.”
Regulators have yet to determine the value of cloud-based data storage, which often is outsourced, considering the various available formats and cross-border concerns. The report notes that a CSP can be considered a third-party vendor to banks in the U.S., which would subject it to supervision but uncertainty has helped to keep that from happening.
“Virtualized risk becomes still more dangerous when it transfers from many more or less competitive, regulated entities to a very few – or even just one – unregulated provider,” the report states. “When these very happy few govern critical aspects of financial-market infrastructure – i.e., through hardware dominance, cloud computing – risk grows still greater because one firm’s profit-maximization incentives can make or break national or even global financial system.”
Competition risk
Concerns about maintaining a competitive playing field in the financial sector have been some of the most commonly sighted reasons banks and credit unions have given for pushing back against unregulated fintechs as some develop new products designed to provide financial services directly to consumers rather than working through traditional financial entities.
During a recent Senate Banking Committee hearing about the need for fintech regulation, Sen. Catherine Cortez Masto (D-Nev.) referenced a letter from the National Association of Federally-Insured Credit Unions (NAFCU), asserting that “when fintechs compete with regulated financial institutions, they must do so on a level playing field where smart regulations and consumer protections apply to all actors in that space.”
The Independent Community Bankers of America (ICBA) has been vocal about its opposition to fintechs seeking to operate as banks, arguing that they would an unfair advantage from a regulatory standpoint and threaten the safety and soundness of the financial system. ICBA President and CEO Rebeca Romero Rainey reiterated that sentiment commenting on the recent decision by Nelnet to withdraw its applications to be chartered as an industrial loan company (ILC) from consideration by the Federal Deposit Insurance Corp. and Utah Department of Financial Institutions.
“The ILC loophole allows commercial interests to own full-service banks while avoiding Bank Holding Company Act regulations and consolidated supervision by the Federal Reserve — threatening the financial system and creating an uneven regulatory playing field.”
Rainey further stated that fintechs interested in owning a bank “should be subject to the same restrictions and supervision that apply to any other bank holding company” and that regulators should maintain separation between banking and commerce.