Banking, compliance, and “fintegration”

Disruption seems to be everywhere today, and one of the poster children for that is Uber, the app-based transportation service. Banker Tom Ryan said that people often like to cite Uber as an example of how to break through regulatory limitations.

But is Uber really a model that banks can emulate?

In his view, Uber was able to launch as a “P2P” service, not subject to commercial regulations. Once it grew to an increasingly large following, that critical mass of consumer users enabled it to overcome entrenched regulatory norms—even up against New York City’s powerful Taxi and Limousine Commission—and change the rules of its real business.

Pushing back against a powerful regulator to essentially elbow its way into an established business—really, a transportation oligopoly—worked for Uber.

However, “in banking, we don’t have that option,” said Ryan, managing director at Citigroup, where he heads up the compliance side of Citi’s card business and its fintech development operation. “People in other industries wonder why we don’t do that [follow Uber’s example]. The reasons are legion why we don’t do that,” Ryan said at the Regulatory Compliance Conference of the American Bankers Association.

Showing newcomers why compliance matters

One reason, though not mentioned specifically by Ryan, is that Uber was an upstart out of nowhere infiltrating a heavily regulated business, while banks are already in the system—indeed, they are a big piece of the system—and are looking for ways to break the traditional mold. Ryan spoke about the balance between innovation and compliance during a panel discussion entitled “It’s A Brave New World: Financial Innovation And Evolving Compliance Management.”

Ryan, who was previously with American Express, said that at Citi he and his compliance staffers frequently work with newcomers to banking. These recruits often come from Silicon Valley and other nonbank business environments where rapid development is common.

Ryan explained that they arrive with the attitude “Don’t let the control groups get in your way or slow you down.”

So, they are predisposed to disrespect the compliance function. They have to be educated into understanding that they have entered a highly regulated industry.

“As much as we’d like it,” said Ryan, “it’s not an option to bypass our governance processes and controls.”

Ryan pointed to the innovation white paper release earlier this year by the Comptroller’s Office as a touchstone for business side players and compliance advisors—the paper stresses the concept of “responsible innovation,” which is OCC’s term, developed under a regulatory umbrella. 

Some question the viability of trying to innovate in that environment, but Ryan said that Citi has been working at “the nuts and bolts level” to find ways to make innovation and compliance come closer to harmony.

One strategy that has shown promise is an experiment in “co-location.” Ryan said Citi has stationed a handful of the dedicated fintech compliance staff right alongside the working spaces of the fintech business line people that they need to work with.

“This has been great,” said Ryan, “though it puts pressure on resources.” Working in proximity has created some common understanding, said Ryan, and underscored that “it’s not an option to proceed without us.”

Two sides to the fintech compliance challenge

The session, moderated by Lyn Farrell, managing director at Treliant Risk Advisors LLC, paired the top fintech player and the top dedicated compliance official at two organizations. Ryan’s opposite number at Citi is Andres Wolberg-Stok, director, Citi FinTech. Joining the pair on the session panel were two bankers from BBVA: Adam Shapiro, chief control officer, BBVA Open Platform, and Chris Lucas, compliance director, new digital business, BBVA Open Platform and Innovation. Open Platform reflects BBVA’s intent to integrate many outside services, apps, and other functionality into its array of customer offerings.

Moderator Farrell noted that such thinking may need to be part of banks’ thinking if they wish to remain relevant to millennials. Mother of five millennials, she said they are all dedicated users of the Venmo and Paypal payment services. They feel no qualms about linking their banking accounts to these nonbank services. A boomer, she does not feel comfortable sharing her payments information with such nonbanks, and is happy with the P2P payments service her bank offers.

From the fintech side, Citi’s Wolberg-Stok indicated that such collaboration as described by Ryan has already been proven to be possible through extensive communication and cooperation. This occurred in 2011 when he headed up Citi’s team developing its iPad app. “We invited Compliance in from Day One,” said Wolberg-Stok. He said that the compliance representatives were told from the start what the developers had in mind, and they were kept in the loop.

“Four and a half months later, when we were ready to launch, they were on board,” said Wolberg-Stok, instead of reacting with surprise had Compliance been first informed near the cusp of the rollout.

“We were cleared for takeoff,” said the fintech banker.

This effort was before Ryan’s time, but his team has been involved in Citi’s model of using “agility teams” to get fintech projects off to a rapid start. Compliance staff is frequently part of the “scrum team,” as the developers call it.

Banks emulating this approach for their compliance oversight of fintech products must be sure these overseers appreciate how they should participate, said Ryan.

“One of the things you need to do is understand that you can’t just sit in that room and say, ‘No, that doesn’t work.’ You have to speak from the art of the possible,” said Ryan. What helps in this, Ryan continued, is approaching the project initially from a strategic viewpoint, appreciating where the bank is trying to go, rather than focusing initially on tactics—how the bank plans to get there.

BBVA’s Shapiro agreed with this thinking.

“It is taxing on resources to get involved early,” said Shapiro, “but it may mean stopping the business unit from going down dead ends. You can save a lot of resources.”

What are we trying to accomplish?

The panel discussed in detail the many regulatory facets of innovation in a bank environment, but a key question is—taking compliance as a given—what is the end result to the customer?

Shapiro says that customers, especially consumers, want interfaces that allow them to do things fast and conveniently. “They want it to be easy,” he said. Often, he said, what banks offer at this time is not so easy.

Coming from the U.K., Shapiro said he has been accustomed for over 15 years to be able to pay someone else who banks at another institution in the U.K. with a banking P2P service that is seamless.

But recently, he said, he’d been trying to send several hundred dollars to fintech and compliance consultant Jo Ann Barefoot. It was anything but easy. (Barefoot is a member of the Banking Exchange Editorial Advisory Board.)

Attempts to send the payment via Barefoot’s email address kept not going through. Finally, said Shapiro, it became clear that Barefoot’s U.S. bank would only allow her to accept Shapiro’s payment by logging onto her online banking account and accepting the payment directly. What U.K. banks do directly, he said, U.S. consumers frequently require a Venmo or equal to accomplish, and to have set up in advance.

“We’re sitting here in 2016 with no clear way to do this within the banking system,” said Shapiro.

A myriad of third-party services have been developing that overlay U.S. banking customers’ banking relationships and accounts. Yet Shapiro insisted that “the death of banking here is greatly exaggerated. Something people really want is to do as much as possible through one solution that they can.”

And their banking relationships, the existing accounts that they already have, could be the foundation of that one solution.

Citi’s Wolberg-Stok said the lesson to take from Uber is not how it undermined the transportation regulatory process, but how it changed the customer relationship.

When someone wants a yellow cab in New York City, they must typically go out and hail the vehicle. This may mean standing in the rain, hoping to spot a cab with its “available” light on, and hoping the driver sees you. (And on a Friday late afternoon, some drivers cruise with their off-duty lights on, so they can take only runs they want.)

Uber, by contrast, allows the user to order up transportation from the comfort of their home or office in all weather. “They will come to you,” said Wolberg-Stok.

Wolberg-Stok agreed with the concept of working with the best out of the vast “fintech ocean” of available partners, plus bank-grown ideas, to come up with the overall best that banks can then bring to their customers.

“We all have to learn how to supplement the core relationship,” said Wolberg-Stok. “Give our customers the best from out there and integrate it with our offerings. At Citi, we call this ‘fintegration’.”

“It’s not going to be ‘fintech or banks’,” he added. “It’s going to be ‘fintech and banks’.”

Assessing the regulatory attitude

For both fintech and compliance, doing business in a customer-oriented, regulatorily compliant way will be a shift.

“We’re in unchartered waters here,” said BBVA’s Lucas. “As a compliance person, I’ve always had to look at things through a different lens. But we’re doing business in a different way today.”

As much as bankers speak of regulators being a limiting factor in a practical sense, BBVA’s Shapiro warned bankers against letting that hinder them.

“There is a tendency in a lot of banking operations to self-censor,” said Shapiro. “Often this is on the grounds that ‘the regulators won’t like something.’ But generally the regulators are just as unhappy with the status quo.”

One point supporting Shapiro’s contention is that regulators, notably the OCC in its innovation white paper and related speeches by Comptroller Thomas Curry, have raised the possibility of fintech solutions being a way to economically meet the needs of unbanked and underbanked consumers.

Lucas noted that fintech firms’ days of completely unregulated existence may be coming to a close.

Innovation versus regulation

Wolberg-Stok asked the audience of compliance specialists if they had seen a recent Government Accountability Office report that graphically represented the spaghetti-like financial regulatory structure in the U.S. Hardly anyone raised a hand.

“Oh my God!” exclaimed Wolberg-Stok. He said they would thank him if they looked it up. This complicated structure gets in the way of agile product development. Indeed, Citi’s Ryan said the tapestry of federal and state regulation of banking makes it complicated to obtain approvals to go forward.

The hope for some kind of American version of the “regulatory sandbox” adopted in the U.K. was evident. In the U.K., a new process allows new products to be launched in a kind of “regulatory lite” environment, to give ideas a try. The closest thing that the U.S. has along these lines is the Project Catalyst concept introduced a few years ago by the Consumer Financial Protection Bureau. In February of this year CFPB announced a "no-action letter" policy and procedure, which was originally proposed in 2014.

The consensus of the panel seemed to be that Catalyst was a good beginning, but only that.

“We need to have more of that,” said BBVA’s Lucas.

Shapiro, whose former regulatory employer in Britain runs that sandbox, doubts that U.S. regulators will ever go quite so far.

“You are never going to get a blanket exemption,” he predicted. He suggested U.S. prudential regulators would be willing to provide a system of some no-action letters, much as CFPB has offered, with the understanding that if the experimenting banks keep regulators informed, that the agencies will be reasonable—but not writing any blank checks.

One of the key challenges is the diversity of federal regulation. The agencies aren’t all on one page, and they all want a piece of the evolution and say on where it goes. The U.K. approach is seen as “one-stop-shopping” for regulatory input and America doesn’t offer that. That might come within each agency, but that means three federal viewpoints and one for each state. Already, some states have gone their own way. One example was New York’s early entry in digital currency regulation.

Question of disclosure

The sheer volume of disclosures required from every regulator, and especially now from CFPB, has been a factor in development of new services, said Citi’s Ryan. He noted that while many banks in this country offer mobile banking, only a small number offer online, mobile applications. This results directly from the disclosure challenge. Rendering disclosures through a mobile device is difficult.

Ryan said that he and Wolberg-Stok frequently debate whether it is time wrest the balance towards electronic disclosure. Has the time come, he asked, to move to “paper disclosure on request” and make electronic opening and electronic disclosure the norm?

Ryan noted that many older customers feel paper is more secure, but increasingly, he wonders if that is so. As an example of paper versus digital, he pointed to paper checks, still used by many people. Are checks really more secure?

It’s just one question that will be answered as the industry, and its compliance approaches, evolves with technology and customer expectations.

Adam Shapiro and Jo Ann Barefoot are among the speakers at the June 23 Comptroller's Office "Forum On Supporting Responsible Innovation In The Federal Banking System."