Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses, 61577-61584 [2024-16838]

Agencies

• FEDERAL DEPOSIT INSURANCE CORPORATION
• FEDERAL RESERVE SYSTEM
• Office of the Comptroller of the Currency
• DEPARTMENT OF THE TREASURY

[Federal Register Volume 89, Number 147 (Wednesday, July 31, 2024)]
[Notices]
[Pages 61577-61584]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-16838]



[[Page 61577]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

[Docket No. OCC-2024-0014]

FEDERAL RESERVE SYSTEM

[Docket No. OP-1836]

FEDERAL DEPOSIT INSURANCE CORPORATION

RIN 3064-ZA43


Request for Information on Bank-Fintech Arrangements Involving 
Banking Products and Services Distributed to Consumers and Businesses

AGENCY: Office of the Comptroller of the Currency, Treasury; Board of 
Governors of the Federal Reserve System; and Federal Deposit Insurance 
Corporation.

ACTION: Request for information and comment.

-----------------------------------------------------------------------

SUMMARY: Over the past several years, the Office of the Comptroller of 
the Currency (OCC), Treasury; the Board of Governors of the Federal 
Reserve System (Board); and the Federal Deposit Insurance Corporation 
(FDIC) (collectively, ``the agencies'' or ``agency'' when referencing 
the singular) have observed and reviewed arrangements between banks and 
financial technology (fintech) companies. The agencies support 
responsible innovation and banks pursuing bank-fintech arrangements in 
a manner consistent with safe and sound banking practices, and with 
applicable laws and regulations, including consumer protection 
requirements and those addressing financial crimes. Bank-fintech 
arrangements can provide benefits; however, supervisory experience has 
highlighted a range of potential risks with these bank-fintech 
arrangements. This request solicits input on the nature of bank-fintech 
arrangements, effective risk management practices regarding bank-
fintech arrangements, and the implications of such arrangements, 
including whether enhancements to existing supervisory guidance may be 
helpful in addressing risks associated with these arrangements.

DATES: Comments must be received on or before September 30, 2024.

ADDRESSES: Comments should be directed to:
    OCC: Commenters are encouraged to submit comments through the 
Federal eRulemaking Portal, if possible. Please use the title ``Request 
for Information on Bank-Fintech Arrangements Involving Banking Products 
and Services Distributed to Consumers and Businesses'' to facilitate 
the organization and distribution of the comments. You may submit 
comments by any of the following methods:
     Federal eRulemaking Portal--Regulations.gov: Go to https://www.regulations.gov. Enter ``Docket ID OCC-2024-0014'' in the Search 
Box and click ``Search.'' Public comments can be submitted via the 
``Comment'' box below the displayed document information or by clicking 
on the document title and then clicking the ``Comment'' box on the top-
left side of the screen. For help with submitting effective comments, 
please click on ``Commenter's Checklist.'' For assistance with the 
Regulations.gov site, please call 1-866-498-2945 (toll free) Monday-
Friday, 8:00 a.m. to 7:00 p.m. ET, or email 
[email protected].
     Mail: Chief Counsel's Office, Attention: Comment 
Processing, Office of the Comptroller of the Currency, 400 7th Street 
SW, Suite 3E-218, Washington, DC 20219.
     Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, 
Washington, DC 20219.
    Instructions: You must include ``OCC'' as the agency name and 
``Docket ID OCC-2024-0014'' in your comment. In general, the OCC will 
enter all comments received into the docket and publish the comments on 
the Regulations.gov website without change, including any business or 
personal information provided such as name and address information, 
email addresses, or phone numbers. Comments received, including 
attachments and other supporting materials, are part of the public 
record and subject to public disclosure. Do not include any information 
in your comment or supporting materials that you consider confidential 
or inappropriate for public disclosure.
    You may review comments and other related materials that pertain to 
this action by the following method:
     Viewing Comments Electronically--Regulations.gov: Go to 
https://regulations.gov/. Enter ``Docket ID OCC-2024-0014'' in the 
Search Box and click ``Search.'' Click on the ``Dockets'' tab and then 
the document's title. After clicking the document's title, click the 
``Browse All Comments'' tab. Comments can be viewed and filtered by 
clicking on the ``Sort By'' drop-down on the right side of the screen 
or the ``Refine Comments Results'' options on the left side of the 
screen. Supporting materials can be viewed by clicking on the ``Browse 
Documents'' tab. Click on the ``Sort By'' drop-down on the right side 
of the screen or the ``Refine Results'' options on the left side of the 
screen checking the ``Supporting & Related Materials'' checkbox. For 
assistance with the Regulations.gov site, please call 1-866-498-2945 
(toll free) Monday-Friday, 8:00 a.m. to 7:00 p.m. ET, or email 
[email protected].
    The docket may be viewed after the close of the comment period in 
the same manner as during the comment period.
    Board: You may submit comments, identified by Docket No. OP-1836, 
by any of the following methods:
     Agency Website: https://www.federalreserve.gov/. Follow 
the instructions for submitting comments at https://www.federalreserve.gov/apps/foia/proposedregs.aspx.
     Email: [email protected]. Include the OMB 
number or FR number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Federal Reserve Board of Governors, Attn: Ann E. 
Misback, Secretary of the Board, Mailstop M-4775, 2001 C St. NW, 
Washington, DC 20551.
    All public comments are available from the Board's website at 
https://www.federalreserve.gov/apps/foia/proposedregs.aspx as 
submitted, unless modified for technical reasons or to remove 
personally identifiable information at the commenter's request. 
Accordingly, comments will not be edited to remove any confidential 
business information, identifying information, or contact information. 
Public comments may also be viewed electronically or in paper in Room 
M-4365A, 2001 C St. NW, Washington, DC 20551, between 9:00 a.m. and 
5:00 p.m. on weekdays, except for Federal holidays. For security 
reasons, the Board requires that visitors make an appointment to 
inspect comments. You may do so by calling (202) 452-3684. Upon 
arrival, visitors will be required to present valid government-issued 
photo identification and to submit to security screening in order to 
inspect and photocopy comments.
    FDIC: You may submit comments, identified by RIN 3064-ZA43, by any 
of the following methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow instructions for 
submitting comments on the FDIC's website.
     Email: [email protected]. Include ``Request for 
Information on Bank-Fintech Arrangements Involving Banking Products and 
Services Distributed to Consumers and

[[Page 61578]]

Businesses/RIN 3064-ZA43'' in the subject line of the message.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Request for Information on Bank-Fintech Arrangements 
Involving Banking Products and Services Distributed to Consumers and 
Businesses--RIN 3064-ZA43, Federal Deposit Insurance Corporation, 550 
17th Street NW, Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 550 17th Street NW, building (located on F 
Street NW) on business days between 7:00 a.m. and 5:00 p.m. ET.
     Public Inspection: Comments received, including any 
personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments, and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this notice will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act.

FOR FURTHER INFORMATION CONTACT: 
    OCC: Miriam Bazan, Financial Technology Policy Specialist, or Tracy 
Chin, Director for Payment Systems Policy, Bank Supervision Policy 
(202) 649-5200; or Beth Knickerbocker, Special Counsel, Micah Cogen, 
Counsel, or Graham Bannon, Counsel, Chief Counsel's Office (202) 649-
5490. If you are deaf, hard of hearing, or have a speech disability, 
please dial 7-1-1 to access telecommunications relay services.
    Board: Kavita Jain, Associate Director, Novel Activities and 
Innovation Policy, (202) 452-2062, Jeff Ernst, Manager, Innovation 
Policy, (202) 452-2814, or Roman Goldstein, Lead Financial Institution 
Policy Analyst, (202) 452-3802, Division of Supervision and Regulation; 
Drew Kohan, Associate Director, Program Direction, Division of Consumer 
and Community Affairs, (202) 452-3040; Asad Kudiya, Deputy Associate 
General Counsel, (202) 475-6358 or Isabel Echarte, Attorney, (202) 452-
2514, Legal Division, Board of Governors of the Federal Reserve System, 
20th and C Streets NW, Washington, DC 20551. For the hearing impaired 
only, Telecommunication Device for the Deaf (TDD), (202) 263-4869.
    FDIC: Rae-Ann Miller, Senior Deputy Director, (202) 898-3898, or 
Tom Lyons, Associate Director, (202) 898-6850, Division of Risk 
Management Supervision; Luke Brown, Associate Director, (202) 898-3842, 
or Meron Wondwosen, Chief, (571) 438-7127, Division of Depositor and 
Consumer Protection; Annmarie Boyd, Senior Counsel, (202) 898-3714, or 
Vivek Khare, Senior Counsel, (202) 898-6847; FDIC, 550 17th Street NW, 
Washington, DC 20429; FDIC, 550 17th Street NW, Washington, DC 20429.
SUPPLEMENTARY INFORMATION:

Background Information

    The agencies are responsible for supervising certain Federally-
chartered and State-chartered banks (herein referred to as 
``banks'').\1\ Over the past several years, the agencies have observed 
and reviewed arrangements between banks and fintech companies \2\ that 
provide consumers and businesses (herein referred to as ``end users''), 
access to banking products and services. Although these arrangements 
may provide benefits, supervisory experience has highlighted a range of 
risks with these bank-fintech arrangements. The agencies support 
responsible innovation and support banks in pursuing bank-fintech 
arrangements in a manner consistent with safe and sound practices and 
applicable laws and regulations, including but not limited to, consumer 
protection requirements (such as fair lending laws and prohibitions 
against unfair, deceptive, or abusive acts or practices) and those 
addressing financial crimes (such as fraud and money laundering).\3\ 
This request solicits input on the nature of bank-fintech arrangements, 
including their benefits and risks, effective risk management practices 
regarding bank-fintech arrangements, and the implications of such 
arrangements, including whether enhancements to existing supervisory 
guidance may be helpful in addressing risks associated with these 
arrangements.
---------------------------------------------------------------------------

    \1\ For a description of the banks supervised by each agency and 
relevant to this request for information, refer to the definition of 
``appropriate Federal banking agency'' in the Federal Deposit 
Insurance Act (12 U.S.C. 1813(q)(1), (2), and (3)(A)-(E)).
    \2\ In some cases, the fintech company may be an affiliate of 
the bank, such as, for example, where a bank holding company owns a 
fintech, and that fintech relies on the holding company's subsidiary 
bank to provide end users access to banking products or services.
    \3\ Examples of relevant issuances may include the following: 
Interagency Guidance on Third-Party Relationships: Risk Management, 
88 FR 37920 (Jun. 9, 2023); Interagency Guidelines Establishing 
Information Security Standards, 70 FR 15736 (Mar. 29, 2005); 
Interagency Guidelines Establishing Standards for Safety and 
Soundness, 61 FR 43948 (Oct. 1, 1996); FDIC FIL-15-2024, Collecting 
Identifying Information Required Under the Customer Identification 
Program (CIP) Rule (Mar. 28, 2024); Third-Party Risk Management: A 
Guide for Community Banks (May 2024); Conducting Due Diligence on 
Financial Technology Companies: A Guide for Community Banks (Oct. 
2023); FDIC FIL-35-2022, Advisory to FDIC-Insured Institutions 
Regarding Deposit Insurance and Dealings with Crypto Companies (July 
20, 2022); Joint Statement on the Risk-Based Approach to Assessing 
Customer Relationships and Conducting Customer Due Diligence (July 
6, 2022); Interagency Guidance to Issuing Banks on Applying Customer 
Identification Program Requirements to Holders of Prepaid Cards 
(Mar. 21, 2016); Interagency Policy Statement on Funding and 
Liquidity Risk Management, 75 FR 13656 (Mar. 22, 2010); Interagency 
Interpretive Guidance on Customer Identification Program 
Requirements, (Apr. 28, 2005); Unfair or Deceptive Acts or Practices 
by State-Chartered Banks (Mar. 11, 2004).
---------------------------------------------------------------------------

    For many years, non-banks have provided access to financial 
products and services, such as consumer credit products, commercial 
loans, payment products, and deposit accounts. Rapid technological 
advances and evolving customer preferences are accelerating these 
trends. Over the past decade, fintech companies have significantly 
expanded their ability to distribute financial products and services 
directly to end users. These companies include small- and medium-sized 
firms specifically focused on the financial services sector as well as 
larger firms with established, multi-use technology platforms 
(sometimes referred to as ``Big Tech''). For purposes of this Request 
for Information (RFI), we refer to all of these types of non-bank firms 
as ``fintech companies.'' \4\
---------------------------------------------------------------------------

    \4\ This term includes, among many others, intermediate platform 
providers (as defined below), as well as certain processors and 
payments platforms. It also includes certain non-financial retail 
businesses seeking to expand into markets for financial products and 
services through arrangements that could allow them to leverage 
their existing infrastructure and customer relationships to offer a 
one-stop-shop to access financial and non-financial products and 
services.
---------------------------------------------------------------------------

    To facilitate providing end users with access to banking products 
and services, fintech companies may enter into arrangements with banks. 
In these arrangements, a bank typically makes products or services 
available through an arrangement with one or more fintech companies in 
which the fintech company, rather than the bank, markets, distributes, 
or otherwise provides access

[[Page 61579]]

to or facilitates the provision of the product or service directly to 
the end user.\5\ These arrangements enable fintech companies to provide 
end users with access to a range of banking products, including deposit 
products (e.g., checking or savings accounts); payment services (e.g., 
peer-to-peer, debit card, contactless payments, Automated Clearing 
House (ACH) transactions, or wire transfer capabilities); or lending 
products (e.g., unsecured consumer or small business loans) through 
online and mobile applications, platforms, or digital wallets. In some 
of these cases, fintech companies (sometimes referred to as a 
``middleware provider'' or ``intermediate platform provider'') act as 
intermediaries by engaging in a variety of functions, as described in 
detail below. For purposes of this RFI, we refer to all of these types 
of arrangements as ``bank-fintech arrangements.''
---------------------------------------------------------------------------

    \5\ These arrangements are sometimes referred to as ``banking-
as-a-service'' or ``embedded finance'' depending on the structure 
and parties involved in the arrangement.
---------------------------------------------------------------------------

    Bank-fintech arrangements may enable banks to leverage newer 
technology and offer innovative products or services to further their 
digitalization efforts and to meet evolving customer demands and 
expectations. These arrangements may also provide banks with the 
ability to quickly and more cost effectively deploy products or 
services into the market through the fintech company. In addition, 
these arrangements may provide banks with access to new or expanded 
markets, revenue sources, and customers. As discussed in more detail 
below, bank-fintech arrangements also may introduce potential risks 
through business and legal structures that increase operational 
complexity, unbundle traditional banking products and services 
(particularly payments), and increase compliance challenges. The 
failure of banks to manage these arrangements effectively may present 
consumer protection, safety and soundness, and compliance concerns.
    The following sections of this RFI describe several bank-fintech 
arrangement structures and use cases, as well as the risks the agencies 
have seen manifesting and arising from these arrangements. The agencies 
seek public comment to build on their understanding of these 
arrangements, including with respect to roles, risks, costs, and 
revenue allocation. The agencies also seek additional information and 
stakeholder perspectives relevant to the implications of such 
arrangements, including for banks' risk management, safety and 
soundness, and compliance with applicable laws and regulations. The RFI 
is not intended to impose any obligations or define any rights, and it 
is not an interpretation of any statute or regulation.

Descriptions of Bank-Fintech Arrangements

    The agencies have observed that bank-fintech arrangements vary 
significantly in structure and product and service offerings, but many 
commonly fall into one or more categories of facilitating deposit-
taking, payment (including card issuance and digital wallet 
capabilities), and lending activities. Such arrangements may be 
effectuated either directly between banks and fintech companies or 
indirectly through the use of an intermediate platform provider. The 
agencies seek comment on these categories and the attributes of the 
bank-fintech arrangements described below.

Bank-Fintech Arrangements in Connection With Deposit-Taking Activities

    Some non-bank fintech companies provide end users with access to 
deposit products and services; however, these entities are not 
Federally insured depository institutions (IDIs). Instead, the fintech 
company establishes arrangements with one or more IDIs, directly or 
through an intermediate platform provider, to provide end users with 
access to banking products and services--such as deposit accounts, 
debit cards, savings accounts, and other account-related services--
through the fintech company's online or mobile platform.\6\ Some 
fintech companies enter into these deposit-taking arrangements with 
banks to target a specific customer base, such as underserved or 
younger demographics. Other fintech companies incorporate such deposit-
taking arrangements into much larger suites of financial and non-
financial products and services and target a much broader customer 
base.
---------------------------------------------------------------------------

    \6\ Fintech companies that offer these services to end users 
through such arrangements are sometimes referred to as ``neobanks'' 
or ``challenger banks.''
---------------------------------------------------------------------------

    In arrangements between banks and fintech companies to facilitate 
an IDI's deposit-taking activities, fintech companies often play a 
critical role in maintaining a deposit and transaction system of 
record. These transaction records may not be reflected in the bank's 
core processing system. Instead, the bank's core deposit ledger may 
only include omnibus accounts, often titled to reflect that they are 
held for the benefit of (FBO) end users. The contracts governing these 
arrangements commonly set forth the operational responsibilities of 
each party, such as record-keeping and access to records, end-user on-
boarding, compliance management, transaction monitoring, and complaint 
handling. Bank-fintech arrangements involving deposit-taking activities 
often involve heightened levels of operational complexity, including as 
it relates to reconciliations and Bank Secrecy Act (BSA) recordkeeping 
and compliance (e.g., customer identification and due diligence, 
suspicious activity monitoring, and reporting and sanctions screening).

Bank-Fintech Arrangements in Connection With Payment Activities, 
Including Card Issuance

    Banks may enter a variety of arrangements with fintech companies in 
connection with fund-transfer services, card issuance, contactless 
payments, and other payment solutions. While banks and non-banks have 
entered into payment-related card sponsorship arrangements for decades, 
the types, number, and complexity of payment-related products and 
services and associated arrangements between banks and fintech 
companies have rapidly increased in recent years.
    Today, payment-related bank-fintech arrangements can vary widely 
and may include several different types of payment options, including 
debit and credit card offerings, fund-transfer services utilizing ACH 
transactions, wire transfers, prepaid services, and instant payments. 
Non-cash payments, particularly cards and ACH transactions, have 
increased significantly in size and volume in recent years due to 
innovation and the ease, convenience, accessibility, and speed of 
digital payments. A fintech company may enter into a card offering 
arrangement with a bank to provide end users with access to bank-
issued, fintech-branded debit or credit cards. In some of these card 
offering arrangements, the partner bank directly operates and manages 
the cards. In others, the fintech company directly operates and manages 
the cards with oversight by the partner bank pursuant to a bank 
sponsorship agreement between the bank and fintech company. In a 
prepaid services arrangement, a fintech company may offer end users 
access to bank-operated (and, often, fintech-branded) prepaid accounts 
that link to end users' accounts with the fintech company. This type of 
structure allows end users to load and store prepaid funds and transfer 
such funds to others. A fintech company may also

[[Page 61580]]

enter into a bank-fintech arrangement to offer ACH transactions, wire 
transfers, or settlement of payment services to end users. For example, 
a fintech company may enter into an arrangement with a bank to offer 
ACH services to its end users, such as sending or receiving funds via 
ACH transfers, which may take place through a bank sponsorship 
arrangement. Additionally, operators of digital platforms permitting 
the transmittal and exchange of funds between and among member 
participants \7\ enter into bank-fintech arrangements to offer a range 
of payment options to end users of the platforms.
---------------------------------------------------------------------------

    \7\ These platforms are sometimes referred to as ``Peer-2-
Peer,'' ``Business-2-Consumer,'' or ``Business-2-Business'' 
platforms.
---------------------------------------------------------------------------

    Under each of these arrangements, fintech companies also may 
provide a variety of additional services, including providing end users 
with personal finance and payment management tools, marketing the 
branded cards and payment services to end users, or assisting banks 
with underwriting for credit cards (sometimes using alternative data). 
Additionally, under each of these arrangements, banks may provide 
access to various services to or for end users, including card or 
account issuance, back-end fund-transfer and redemption operations 
support, access to proprietary electronic platforms, or bill payment 
services.
    Many fintech companies enter these arrangements with banks in order 
to gain access to existing payment systems and card networks. In these 
types of structures, a bank may enter into an arrangement with the 
fintech company (such as a payments platform or a card processor) to 
``sponsor'' the fintech company's access to one or more payment systems 
or card networks to facilitate the availability of specified payment 
options to end users in exchange for one-time and/or per-transaction 
fees. In this structure, operators of payment systems and card networks 
may permit fintech companies to conduct transactions on payment and 
card networks through the bank's sponsorship arrangements with the 
operator. Among other things, bank sponsorship may entail the partner 
bank agreeing with the operators of the payment and card networks to 
sponsor and pre-approve the proposed payment activities of the fintech 
company across the payment or card networks, to monitor the fintech 
company's operations for compliance with operator and relevant network 
rules, or to accept risk-of-loss liability in connection with 
transactions effectuated by the fintech company.
    A bank that sponsors a fintech company's access to a payment system 
or card network for these purposes may establish an account for the 
fintech company at the bank for the acceptance and settlement of end-
user payments, which may be effectuated in several different ways 
depending on the agreement between the fintech company and bank. For 
example, the bank may agree to open an account FBO the end users and 
use it to settle payment transactions. In some cases, the fintech may 
provide recordkeeping functions to facilitate the settlement of end-
user transactions.
    Several fintech companies have also entered into arrangements with 
banks in recent years to offer digital wallets, often in conjunction 
with associated payment applications (sometimes referred to as ``pay 
apps''). A digital wallet is a software application that permits end 
users to store card account or other payment credentials in encrypted 
or tokenized form so that end users may recall and transmit the stored 
credentials via a digital payment application at physical or digital 
points of sale. End users may rely on digital wallet functionality, 
used in combination with payment applications, to make in-person, 
contactless payments via their mobile devices (sometimes referred to as 
``tap-to-pay''). Digital wallet functionalities also may assist end 
users in making online purchases through web and mobile applications. 
Some fintech companies make their digital wallets and associated 
payment applications available for limited use--for instance, to 
effectuate purchases with a single retailer or group of retailers. 
Others offer general use digital wallets and associated digital payment 
applications available to end users at a variety of participating 
points of sale.
    In each case, fintech companies offering combined digital wallet 
and payment applications typically enter into arrangements with banks 
that issue the debit and credit cards that end users wish to include in 
their digital wallets. Many of the arrangements reflect standard terms 
governed by the payment systems and card networks. Other arrangements 
may require debit and credit card issuers to pay fintech companies per-
transaction fees associated with the end users' reliance on the 
combined digital wallet and payment applications of the fintech 
companies.

Bank-Fintech Arrangements in Connection With Consumer and Small 
Business Lending

    Bank-fintech arrangements can also facilitate loans through a 
fintech company's online platform. Fintech companies may market and 
distribute a variety of loan products, including those targeted to 
consumers, students, and small businesses.\8\ Banks increasingly engage 
with fintech companies to access these lending markets. The parties to 
these arrangements in turn may be assigned to perform various core 
operational functions in connection with lending, including those 
relating to the processing, underwriting, closing, delivering, or 
servicing of loans.
---------------------------------------------------------------------------

    \8\ Such products may also include ``buy now, pay later'' (BNPL) 
lending, to the extent offered through a bank-fintech arrangement; 
however, BNPL offerings have to date typically been offered and 
distributed solely through either a bank, fintech company, or 
consumer retailer, rather than through a bank-fintech arrangement. 
BNPL generally refers to point-of-sale installment loans offered to 
end users that are payable in four or fewer installments, often 
concurrently with their purchase of non-financial goods and 
services. For additional information on BNPL, and the risks it may 
pose to banks, see Retail Lending: Risk Management of `Buy Now, Pay 
Later' Lending, OCC Bulletin 2023-37 (Dec. 6, 2023).
---------------------------------------------------------------------------

    In a typical arrangement, a partner bank agrees to facilitate and 
fund loans, while the fintech company solicits end users and collects 
application data. In some arrangements, end-user application data 
collected by the fintech company is used in the underwriting process 
within the parameters of underwriting standards agreed upon with the 
bank. Loans might be retained on the bank's balance sheet, or the loans 
(or a portion of the loans or an interest in the loan payment streams) 
might be sold to the fintech company. The fintech company may then 
securitize any acquired loans for subsequent re-sale into the public or 
private asset-backed securities markets, although the bank may retain 
an economic interest in the performance of the loans through a variety 
of contractual mechanisms. The fintech company or a fourth party often 
performs loan servicing and collection under these arrangements.

The Role of Intermediate Platform Providers

    The growth of bank-fintech arrangements has spurred the development 
of a new business model whereby some fintech companies provide an 
intermediate technology platform--sometimes referred to as an 
``aggregation layer''--to facilitate relationships between banks and 
other fintech companies that seek to distribute banking products and 
services directly

[[Page 61581]]

to end users. These intermediate platform providers enable individual 
banks to connect to numerous fintech companies and serve the role of 
introducing banks and fintech companies seeking such relationships. 
Intermediate platform providers may also market these services together 
as an ``all-in-one'' solution for fintech companies and banks by 
providing technological, operational, and information services in one 
place, enabling fintech companies and banks to connect more seamlessly. 
An intermediate platform provider may also offer to assist fintech 
companies in implementing compliance risk management programs and in 
handling the transfer and flow of funds across deposit-taking, 
payments, card issuance, or lending activities.
    Operators of intermediate platforms may enter into their own 
arrangements with banks and third parties to provide these services. 
These arrangements may involve a bank providing an intermediate 
platform provider with permission to transfer data via, for example, 
application programming interfaces (APIs). A single intermediate 
platform provider may have arrangements with multiple banks to provide 
such access or provide services to banks relating to operational, 
compliance, data, or other functions in connection with the banks' 
relationships with fintech companies or the platform provider itself.

Risk Implications

    While bank-fintech arrangements may offer banks significant 
benefits, they also may present the full spectrum of risks facing 
banks, including, but not limited to, third-party, credit, liquidity, 
compliance, and operational risk. Risks may also be heightened where 
the fintech is the distributor of the banking product or service to the 
end user, or where the fintech or intermediate platform provider 
performs key functions, such as handling end-user complaints, 
performing customer identification and due diligence, developing and 
transmitting disclosures, monitoring transactions, maintaining end-user 
ledgers, performing certain lending-related activities, developing and 
deploying marketing materials, or directly communicating with end 
users.\9\ Bank-fintech arrangements may also involve a wide range of 
practices to deliver banking products and services to end users through 
a combination of the fintech company's technological capabilities and 
the bank's infrastructure, including the ability to provide access to 
deposit accounts, access to payment rails, and extend credit. These 
facets of bank-fintech arrangements may create heightened or novel 
risks for banks relative to the risks associated with more traditional 
third-party vendor relationships. The following discussion of risks in 
bank-fintech arrangements is meant to be illustrative of certain select 
concerns and is not meant to be comprehensive.
---------------------------------------------------------------------------

    \9\ A fintech company may also use subcontractors (referred to 
variously as ``nth-party risk,'' ``nested risk,'' or ``banking 
services supply chain risk'') in providing these services. 
Ineffectual oversight of subcontractors (including failure to 
properly account for subcontractors in the arrangement's business 
continuity plan) could result in material disruptions of the 
arrangement. See generally Interagency Guidance on Third-Party 
Relationships: Risk Management, 88 FR 37920 (Jun. 9, 2023).
---------------------------------------------------------------------------

Accountability

    Contractual accountability for different aspects of the end-user 
relationship may be allocated among the parties to a bank-fintech 
arrangement. However, banks remain responsible for compliance with 
applicable law. Failure to conduct sufficient due diligence, ongoing 
monitoring, and oversight of the bank-fintech arrangement may 
complicate the bank's ability to ensure such compliance and to identify 
risk. In addition, contractual division of labor may complicate the 
bank's ability to establish clear lines of accountability, implement 
effective risk and compliance management strategies, and address and 
remediate issues as they arise, especially where novel arrangements 
place certain traditional banking activities outside of the bank. These 
factors may expose the bank to compliance, litigation, and other risks.
    For example, in a bank-fintech arrangement, the fintech company may 
maintain the end-user relationship, including by interacting directly 
with end users, responding to inquiries and complaints, and providing 
required consumer protection and other disclosures. However, 
independent of contractual responsibilities, the end user may still 
qualify as a customer of the bank for certain regulatory purposes.\10\ 
The bank also remains responsible for its various other compliance 
requirements, such as Anti-Money Laundering and Countering the 
Financing of Terrorism (AML/CFT) compliance program requirements.\11\ 
Similarly, the fintech company's role in providing disclosures may 
increase the risk of inaccurate or misleading representations 
concerning, for example, the applicability, nature, or scope of Federal 
deposit insurance available to end users.\12\ Such risks may be 
heightened where the fintech company controls the end-user relationship 
and uses the bank's name and branding in marketing or when an 
intermediate platform provider is used and further distances the bank 
from the end user.
---------------------------------------------------------------------------

    \10\ See, e.g., 12 CFR 1016.3(i) (defining customer 
relationships for purposes of the Consumer Financial Protection 
Bureau's (CFPB) Regulation P); OCC (12 CFR part 30, App. B 
(I)(C)(2)(d); Board (12 CFR part 208, App. D-2 Sec.  I.C.2.d) FDIC 
(12 CFR part 364, App. B Sec.  I.C.2.d) (adopting Regulation P's 
definition of ``customer'' for the Interagency Guidelines 
Establishing Information Security Standards); 31 CFR 1020.100(b) 
(defining customer relationships for purposes of a bank's customer 
identification program).
    \11\ See, e.g., suspicious activity reporting and BSA/AML 
program requirements for the OCC (12 CFR 21.11 and 21.21), Board (12 
CFR 208.62 and 208.63), and FDIC (12 CFR 326.8 and part 353).
    \12\ See, e.g., 12 U.S.C. 1828(a)(4); 12 CFR part 328, subpart 
B; FDIC, FIL-35-2022, ``Advisory to FDIC-Insured Institutions 
Regarding Deposit Insurance and Dealings with Crypto Companies'' 
(Jul. 29, 2022); see also 12 CFR 7.5010 (requiring banking 
organizations to distinguish products and services offered by it 
from those of a third party on co-branded websites and other shared 
electronic spaces). Even when the parties intend that the financial 
products or services will benefit from deposit insurance, 
application of Federal deposit insurance may be complicated in novel 
arrangements; 12 CFR 330.5, 330.7 (describing requirements for pass-
through deposit insurance).
---------------------------------------------------------------------------

    Under certain bank-fintech arrangements, it may be difficult for 
the bank to perform oversight and control functions over the fintech 
company effectively where the fintech company has substantial 
negotiating power relative to the bank or where the bank relies on 
revenue or liquidity from the fintech company. Difficulty in performing 
this oversight and control function in turn could impede bank staff's 
ability to provide effective challenge to critical aspects of the bank-
fintech relationship, including whether to terminate the contractual 
arrangement if necessary. These risks may be heightened where the 
fintech company is not familiar with or has a different risk tolerance 
concerning the specific requirements of the laws and regulations 
applicable to it,\13\ the bank, or the products and services offered 
via the arrangement. These risks may be further heightened where an 
intermediate platform provider assists the fintech company in 
implementing risk management programs, such as compliance.
---------------------------------------------------------------------------

    \13\ The CFPB (for instance) possesses authority under 12 U.S.C. 
5514 to engage in risk-based supervision of non-depository financial 
institutions participating in certain markets for consumer financial 
products and services. Fintech companies that are regulated as money 
services businesses are also subject to certain BSA/AML and state 
law requirements. See, e.g., 31 CFR part 1022.

---------------------------------------------------------------------------

[[Page 61582]]

End-User Confusion

    The fintech company's efforts to provide a seamless end-user 
experience could make it difficult for end users to know in what 
capacity they are dealing with the bank or the fintech company. In some 
cases, marketing materials or other statements by the fintech company 
or bank may exacerbate end-user confusion. For example, end users may 
not be well-informed regarding the type of account relationship that 
the end user is establishing through the fintech and may not understand 
that Federal deposit insurance does not protect them from a nonbank 
fintech company's failure. End-user confusion may also complicate 
compliance efforts and pose other risks to the bank. For example, an 
end user that is unaware of the bank's presence in the arrangement may 
direct complaints solely to the fintech company. The bank's ability to 
comply with its obligations under Federal consumer financial protection 
laws could be undermined if the fintech company fails to timely 
communicate to, or coordinate with, the bank on responses to consumer 
complaints.\14\
---------------------------------------------------------------------------

    \14\ For example, the bank's ability to comply with its dispute 
and error resolution obligations or undertake its risk monitoring 
capabilities could be impaired.
---------------------------------------------------------------------------

Rapid Growth

    A bank may experience rapid growth as a result of engaging in a 
bank-fintech arrangement (e.g., growth in deposits or transaction 
volume), especially in the case of a community bank. Various risks can 
emerge from rapid growth and the bank's changing risk profile, 
including risks that may threaten the bank's safety and soundness or 
its ability to comply with applicable laws and regulations.\15\ These 
risks may arise from challenges such as appropriately scaling risk and 
compliance management systems, operational complexities, significant 
deposit growth, and insufficient capital to support the rapid growth, 
among other things.
---------------------------------------------------------------------------

    \15\ See OCC Bulletin 2017-43, New, Modified, or Expanded Bank 
Products and Services: Risk Management Principles (Oct. 20, 2017) 
for a general discussion of these risks.
---------------------------------------------------------------------------

    For example, a bank's existing risk and compliance management 
systems, as well as management's and employees' expertise and roles and 
responsibilities, may neither be commensurate with the risk profile of 
the new business model nor be sufficiently scalable without significant 
investments in resources and training. Failure to scale compliance and 
risk management functions and resources with the growth resulting from 
the bank-fintech arrangement may increase the likelihood of the bank 
violating applicable laws and regulations, including those related to 
AML/CFT or sanctions, consumer protection, and fair lending.
    Bank-fintech arrangements may also pose operational complexities, 
which may lead to increased risk. For example, potentially significant 
increases in the volume of payment processing may give rise to 
increased transaction monitoring alerts. In addition, depending on the 
integration of the bank's information technology systems with those of 
the fintech company, security vulnerabilities and other sources of 
operational disruption may arise, increasing the likelihood of data 
breaches, privacy incidents, service interruptions, and fraud.\16\ In 
some cases, banks do not have or are unable to develop the 
infrastructure to adequately address these complexities, and instead 
rely on manual workarounds, which could lead to operational breakdowns 
that may implicate various other risks, including compliance and legal 
risks. These risks may be heightened where the bank-fintech arrangement 
involves an additional entity (e.g., an intermediate platform 
provider).\17\
---------------------------------------------------------------------------

    \16\ Integration could also introduce security vulnerabilities, 
including by providing another access point into the bank's systems. 
Integration may amplify operational risks, such as fraud, 
cybersecurity, and data privacy incidents occurring at the fintech 
company that then affect the bank.
    \17\ The growing prevalence of nested relationships may 
materially alter the traditional third-party risks present, 
complicating the bank's ability to provide effective oversight to 
the arrangement. This is especially so if the additional entity may 
be contractually allowed to add operating partners or subcontractors 
without the bank's prior consent. See ``Interagency Guidance on 
Third-Party Relationships,'' supra note 9, for more.
---------------------------------------------------------------------------

    Rapid deposit growth related to a bank-fintech arrangement can also 
pose risks related to funds management. For example, a bank may need to 
invest an influx of short-term deposits that greatly exceed amounts the 
bank has traditionally managed. To the extent that deposits are used to 
fund growth in longer-term or higher-risk fixed-rate assets, including 
loans and securities, the bank may be exposed to greater liquidity, 
interest rate, or credit risk, especially when such investments are 
concentrated, or the risks are otherwise correlated. The bank may also 
experience increased liquidity stress should it need to meet material 
short-term withdrawal requests. Rapid deposit or asset growth also 
implicates various other risks, including those relating to maintaining 
sufficient capital to support expansion of the bank's business.\18\
---------------------------------------------------------------------------

    \18\ Additionally, to the extent that a fintech company meets 
the definition of a deposit broker under 12 CFR 337.6, any related 
deposits would be brokered deposits subject to applicable 
restrictions if the bank becomes less than well capitalized under 
the prompt corrective action provisions of the agencies' capital 
rules.
---------------------------------------------------------------------------

Concentration and Liquidity Management

    Bank-fintech arrangements may also result in the bank's business 
becoming highly concentrated in the arrangement. This concentration 
risk may amplify other risks to the bank, including from any market 
stresses or if deposits are used to fund longer-term assets. For 
example, in a rising interest rate environment, a bank-fintech 
arrangement involving loan products may see a reduction in 
originations. This reduction may pose particular risk to a bank whose 
business has become heavily concentrated in that arrangement and that, 
as a result, relies on those originations for a material portion of its 
earnings. Such an environment may increase the bank's exposure to 
credit risk from the arrangement (e.g., the credit risk of the fintech 
company or of loans originated under the arrangement, whether still on 
the bank's balance sheet or for which the bank retains any contractual 
interest, even if repurchased by the fintech company). Such an 
environment may also lead to an increase in the credit risk of a bank's 
overall retail loan portfolio.\19\
---------------------------------------------------------------------------

    \19\ These risks may be heightened where the arrangement results 
in the bank's risk profile becoming more correlated to or 
concentrated in a particular market segment or asset type, either 
directly through its exposure to certain products, or indirectly 
through its exposure to the fintech company.
---------------------------------------------------------------------------

    Bank-fintech arrangements may also pose liquidity risks if the bank 
fails to establish adequate liquidity contingency plans and exit 
strategies, particularly when arrangements represent a funding 
concentration. An arrangement may be terminated or reduced in amount 
for any number of reasons, including those over which the bank has 
little control, and which may result in significant stress on a bank. 
For example, if the fintech partner or an intermediate platform 
provider in a deposit-taking bank-fintech arrangement faces a stress 
event or terminates the contractual arrangement, that could lead to a 
large withdrawal of end-user-related deposits, resulting in liquidity 
stress and losses for the bank. Failure to establish adequate liquidity 
contingency plans and exit strategies could also increase operational 
and strategic risks for the bank.

[[Page 61583]]

Use and Ownership of Data and Customer Information

    Bank-fintech arrangements often rely on new, innovative, and 
potentially untested uses of data to expand or enhance access to 
financial services, which may in turn lead to risks related to 
compliance with laws and regulations, operational challenges, and the 
ownership, use, and nature of that data. For instance, a bank-fintech 
arrangement may be premised on underwriting credit using alternative 
data. Introducing alternative data into a bank's existing systems may 
pose risks. These include, for example, risks related to the bank's 
ability to address concerns associated with alternative data and its 
use (including as to accuracy and biases) and to incorporate 
alternative data types and formats into its information technology 
systems, credit risk modeling capabilities, and compliance management 
systems.\20\
---------------------------------------------------------------------------

    \20\ For example, alternative datasets that impact credit 
decisions could potentially create or heighten consumer protection 
risks, such as unlawful discrimination in lending.
---------------------------------------------------------------------------

    Data ownership and use questions may also create risks for the 
bank. For instance, the fintech company may attempt to limit the bank's 
access to data generated as part of the arrangement if the fintech 
company views the data as its proprietary information. Other issues 
related to data ownership and use may arise where banks are required by 
law to limit the fintech company's access to and use of certain data. 
For example, banks are restricted in the sharing, use, and disposal of 
end user nonpublic information, and end users may have opt-out rights, 
which could pose operational difficulties and compliance risks.\21\ 
Therefore, the bank may require information on the bank-fintech 
arrangement's end users to meet its own compliance obligations, 
including, but not limited to, those related to recordkeeping, AML/CFT 
or sanctions, fair lending, or state escheatment statutes or 
regulations. This requirement for information may arise even where the 
bank lacks a direct relationship with end users or where they are not 
named account holders with the bank.\22\ As discussed in more detail 
above, these risks may be heightened where aspects of the end-user 
relationship or compliance-related activities are contractually 
allocated among multiple entities (e.g., intermediate platform 
providers).
---------------------------------------------------------------------------

    \21\ See Title V, subtitle A of the Gramm-Leach Bliley Act, 
Public Law 106-102, 113 Stat. 1338, codified in relevant part at 15 
U.S.C. 6801 et seq., implemented at OCC (12 CFR part 30 Appendix B, 
including Supplement A), Board (12 CFR part 208 Appendix D-2, 
including Supplement A), FDIC (12 CFR part 364 (Appendix B, 
including Supplement A), and 12 CFR part 1016 (Regulation P).
    \22\ See, e.g., suspicious activity reporting and BSA/AML 
program requirements for the OCC (12 CFR 21.11 and 21.21), Board (12 
CFR 208.62 and 208.63), and FDIC (12 CFR 326.8 and part 353). See 
also supra note 10 and accompanying text.
---------------------------------------------------------------------------

Request for Comment

    In this RFI, the agencies are inviting interested members of the 
public to comment on the descriptions of bank-fintech arrangements and 
risks summarized in the document. The agencies are also seeking comment 
on effective practices for managing these risks. Where questions ask 
for the ``range of practices,'' respondents are encouraged to describe 
the practices' advantages and disadvantages.

Bank-Fintech Arrangement Descriptions

    1. Do the descriptions and categorizations in this RFI adequately 
describe the types of bank-fintech arrangements in the industry and the 
companies involved? If not, why? Are the descriptions or 
categorizations overly broad or narrow, or are there any types of 
companies or categories of arrangements missing from the descriptions?
    2. Are there any benefits of bank-fintech arrangements that are not 
addressed by this RFI? What benefits do the bank or the fintech company 
receive by using an intermediate platform provider?
    3. Describe the range of practices regarding banks' use of data 
\23\ to monitor risk, ensure compliance with regulatory 
responsibilities and obligations, or otherwise manage bank-fintech 
arrangements. What data and information do banks typically receive in 
bank-fintech arrangements, including in those involving intermediate 
platform providers? To what extent is this information different from 
the information banks would receive when interacting with end users 
independent of fintech companies? What challenges have banks 
experienced in bank-fintech arrangements--including those involving 
intermediate platform providers--related to the timely access to 
customer information, and what steps have the parties to bank-fintech 
arrangements taken to assess potential compliance issues associated 
with such challenges?
---------------------------------------------------------------------------

    \23\ For example, key performance indicators, product-level 
data, service levels, end-user information, key risk indicators, 
consumer complaints, fraud monitoring metrics, or KYC/CIP 
information.
---------------------------------------------------------------------------

    4. How do the parties to bank-fintech arrangements determine the 
end user's status as a customer of the bank, the fintech company, or 
both, including for purposes of compliance with applicable laws and 
regulations, and each party's responsibility in complying with 
contractual requirements? What disputes or uncertainties regarding the 
status of end users have the parties experienced, and how have they 
sought to resolve them? How does the type of arrangement impact such 
determinations?
    5. Describe the range of practices regarding the use of a core bank 
service provider or other third-party providers in bank-fintech 
arrangements. How do these providers help or hinder bank-fintech 
arrangements?
    6. Describe the range of practices in cases where bank-fintech 
arrangements involve affiliates of the bank, including fintechs. What 
are the benefits and risks of these arrangements?
    7. Bank-fintech arrangements can involve significant up-front and 
ongoing costs and resources for the bank involved and may take some 
time to recoup these costs and resources. What type of up-front and 
ongoing costs and resources are associated with establishing bank-
fintech arrangements? Describe the range of practices regarding how a 
bank factors such upfront costs and resources into its overall strategy 
and risk management strategy. Describe the range of practices regarding 
how revenues and costs resulting from these arrangements are allocated 
between the bank and fintech company.

Risk and Risk Management

    1. Describe the range of practices for maintaining safety and 
soundness, and compliance with applicable laws and regulations arising 
from bank-fintech arrangements. How do the practices differ as between 
different categories of arrangements? Does the RFI adequately identify 
and describe the potential risks of bank-fintech arrangements?
    2. Bank-fintech arrangements can present unique or heightened 
consumer protection risks, such as risks of discrimination, unfair or 
deceptive acts or practices under the Federal Trade Commission Act, or 
privacy concerns. Describe the range of practices for managing any 
heightened risks.
    3. Describe the range of practices parties to a bank-fintech 
arrangement may use in contractually allocating functions among 
themselves, including the advantages and disadvantages of each such 
practice. For example, while the parties to such arrangements remain 
responsible for their own compliance with applicable laws and 
regulations, as a matter of contractual allocation, who performs which 
activities related to risk and compliance management, customer 
identification and due diligence,

[[Page 61584]]

transaction monitoring, sanctions screening, fraud monitoring, end-user 
complaint management, dispute resolution, data protection, or credit 
underwriting, if applicable? Who develops and oversees marketing 
materials, develops and provides disclosures and account statements, 
addresses errors, receives and resolves disputes, and responds to 
complaints? How are contractual breaches and indemnifications typically 
addressed in these types of arrangements? Describe the range of 
practices for monitoring compliance with applicable laws and 
regulations, notwithstanding contractual allocations.
    4. How are risks resulting from these arrangements, including those 
concerning credit, liquidity, concentration, compliance, and 
operational risk, as well as concerns regarding negative end-user 
experience managed? What techniques or strategies are most effective in 
managing the impact of rapid growth, particularly related to deposit-
taking and payment-related arrangements?
    5. Describe the range of risk management strategies banks and 
fintech companies use to ensure that required disclosures in bank-
fintech arrangements, including those relating to rates and fees 
associated with end-user banking products and services, are accurately 
and plainly communicated, and comply with all relevant state and 
Federal laws and regulations.
    6. Describe the range of practices regarding disclosures (e.g., 
initial, annual, or ongoing) to end users about the involvement of 
bank-fintech arrangements in the delivery of banking products and 
service.
    7. Describe the range of practices regarding the use of an 
intermediate platform provider. Describe how the use of an intermediate 
platform provider may amplify or mitigate risk, and to what extent, if 
any, intermediate platform providers influence how banks handle 
operational, compliance, or other issues when dealing with fintech 
companies within the intermediate platform provider's network.
    8. Describe the range of practices regarding how banks manage the 
risks of connecting to multiple technology platforms and exchanging 
data in bank-fintech arrangements.
    9. Describe the range of practices regarding planning for when a 
fintech company or intermediate platform provider exits an arrangement, 
faces a stress event, or experiences a significant operational 
disruption, such as a cyber-attack. Describe the range of practices 
regarding how arrangements are structured to minimize harm to end 
users, meet compliance requirements, and minimize liquidity risks and 
other risks in the event of such exits, stresses, or disruptions.
    10. Describe the range of practices, and challenges, in negotiating 
contracts with, or conducting due diligence on fintech companies. 
Describe the range of practices in maintaining ongoing monitoring of 
bank-fintech arrangements, particularly related to risk management, 
regulatory compliance, data ownership and use, and information security 
assessment rights. What impact, if any, does the size and negotiating 
power of the bank or the fintech company have on these issues? What 
impact, if any, does the fintech company's or intermediary platform 
provider's degree of control of operational functions have on these 
issues? What impact, if any, does bank liquidity or revenues 
concentration represented by any particular fintech company, 
intermediary platform provider, or business line have on these issues?
    11. Bank-fintech arrangements may involve processing payments 
transactions unrelated to any specific deposit-taking or credit 
offering in significant volumes. Describe the range of practices that 
banks adopt to manage potential risks associated with processing large 
volumes of otherwise unaffiliated payments transactions. Do banks view 
bank-fintech arrangements involving such processing differently from 
other payments-related products and services offered to end users?
    12. How do banks ensure bank-fintech arrangements can be suspended 
or terminated based upon safety and soundness, compliance, or consumer 
protection concerns? What fees or other costs are typically involved in 
exiting these arrangements?
    13. Are there other techniques or strategies that banks use to 
manage the various risks bank-fintech arrangements may present? Which 
of these techniques or strategies are most effective in managing such 
risks?
    14. In the context of bank-fintech arrangements, how are deposit 
accounts usually titled? Describe the range of practices reconciling 
bank deposit account records with the fintechs' records. Generally, 
what party holds and maintains the account records? Describe the 
structure in place to exchange accurate customer information between 
the bank and the fintech company and how the agreements between banks 
and fintech companies generally address these matters. Describe any 
additional controls, that banks or fintechs may use to provide for 
accurate reconciliations.
    15. Describe the range of practices regarding the maintenance of 
systems of records and account titling in the context of bank-fintech 
arrangements. Do certain account structures pose greater risk 
considerations to banks and end users than others? What additional 
controls, if any, do banks or fintechs place on these accounts to 
manage these risks?
    16. To what extent would additional clarifications or further 
guidance be helpful to banks with respect to bank-fintech arrangements? 
If so, please explain. In what specific areas would additional 
clarification or further guidance be most helpful?

Trends and Financial Stability

    1. What data would be helpful for the agencies in monitoring 
developments regarding bank-fintech arrangements? For example, this 
might include data to assist in monitoring developments and trends in 
bank-fintech arrangement structures and use cases, concentrations, and 
the number and types of bank-fintech arrangements in the financial 
services industry.
    2. In what ways do or can bank-fintech arrangements support 
increased access to financial products and services? Alternatively, in 
what ways do or can these arrangements disadvantage end users?
    3. In what ways might bank-fintech arrangements function as 
transmission mechanisms to amplify financial shocks (i.e., threaten 
financial stability)? Conversely, how could these arrangements help to 
contain shocks and reduce contagion?
    4. What factors are important in determining whether bank-fintech 
arrangements support or hinder responsible innovation and a competitive 
and compliant financial services landscape?

Michael J. Hsu,
Acting Comptroller of the Currency.

    By order of the Board of Governors of the Federal Reserve 
System.
Ann E. Misback,
Secretary of the Board.

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on July 23, 2024.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2024-16838 Filed 7-30-24; 8:45 am]
BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P