Raising fintech risk issues

The Federal Reserve has cleared its throat on fintech.

In a recent speech opening an invitation-only Fed financial technology conference, Governor Lael Brainard devoted a good portion of her time to the risk aspects of fintech—something not talked about much amidst the glitz and competitive urgency surrounding the subject. 

Brainard spoke of banks’ fintech vendor relationships and partnerships as a form of vendor risk that institutions must manage, much like many other third-party relationships.

“Financial services firms must pair technological know-how and innovative services with a strong compliance culture and a thorough knowledge of the important legal and compliance guardrails,” she said.

And then she chalked out a bright line regarding her view on fintech.

“While ‘run fast and break things’ may be a popular mantra in the technology space, it is ill-suited to an arena that depends on trust and confidence,” Brainard said. “New entrants need to understand that the financial arena is a carefully regulated space with a compelling rationale underlying the various rules at play, even if these are likely to evolve over time.”

Brainard made the reason behind this clear—consumer protection.

“There is more at stake in the realm of financial services than in some other areas of technological innovation,” Brainard said. “There are more serious and lasting consequences for a consumer who gets, for instance, an unsustainable loan on his or her smartphone than for a consumer who downloads the wrong movie or listens to a bad podcast.”

Brainard said that the Fed often gets questions about the fit of vendor risk-management guidance to the growing number of bank-fintech partnerships. She said the guidance is under review, as is the interagency service providers supervision program. Brainard said community bankers have expressed concern about being able to perform due diligence and ongoing vendor management with fintech firms. 

Protection along with promise

Brainard acknowledged the potential benefits of fintech, especially in the credit arena where it could make offering consumer and small business credit cheaper and more available to the customer and more cost-effective to the lender.

Brainard also spoke of “regtech,” a segment of fintech that is designed to assist banks and others under compliance rules to better carry out their intent. While these fintech applications may improve Bank Secrecy Act and other compliance efforts, Brainard said it is too early to say for sure how much improvement they will bring.

Brainard said that fintech firms “need to ensure that they are appropriately controlling and mitigating both risks that are unique to fintech as well as risks that exist independently of new technologies.”

One example she cited was the use of nontraditional data in making and pricing loans. She pointed out that some nontraditional data—she cited educational level and social media usage—could pose risks for lenders. She said they “may be correlated with characteristics protected by fair-lending laws.”

“To the extent that the use of this type of data could result in unfairly disadvantaging some groups of consumers,” said Brainard, “it requires careful review to ensure legal compliance.”

Brainard also pointed out that consumers could become confused when lenders use nontraditional data. While much information has been published to help potential borrowers understanding traditional credit evaluation, new methods and measures may be unclear.

“It may not always be readily apparent to consumers, or even to regulators, what specific information is utilized by certain alternative credit scoring systems, how such use impacts a consumer’s ability to secure a loan or its pricing, and what behavioral changes consumers might take to improve their credit access and pricing,” Brainard said.

Brainard also pointed out that data privacy issues will grow more critical as fintech innovations hinge on data sharing in an age of increased cyber risk. The issue of who owns a consumer’s data—subject of a recent Consumer Financial Protection Bureau request for comments—will also be part of this debate.

Compliance and other risks that were on the scene before fintech existed will also be present, Brainard pointed out.

“The same consumer laws and regulations that apply to products offered by banks generally apply to nonbank fintech firms as well, even though their business models may differ,” said Brainard. “However, the application of laws and regulations that were designed based on traditional financial products and delivery channels may give rise to complex or novel issues when applied to new products or new delivery channels.”

Brainard said these potential differences would drive regular contact with fintech firms to understand these issues.