Wake up regulators, the BaaS revolution threatens all

In a letter last week, democratic senators Elizabeth Warren and Chris Van Hollen expressed concerns about bank and fintech partnerships last week, sparked by what looks like the collapse of Synapse.

The letter is addressed to the heads of the FDIC, Federal Reserve and Office of the Comproller of the Currency.

We write with concern about partnerships between traditional banks, Banking as a Service (BaaS) providers such as Stripe, Finastra, Synapse, and Marqueta, and financial technology (fintech) entities such as Venmo, Cash App, Yotta, and Chime.

The rapid growth of these partnerships risks harming consumers while posing a broader threat to the stability of our banking system and the economy.

These partnerships package services traditionally offered by banks such as deposits, saving accounts, and debit cards into a fintech substitute that uses BaaS providers to interface with a traditional bank. For example, Synapse Financial (Synapse) operated as an intermediary between fintech companies and regulated banks, helping to transfer consumer funds from apps such as Yotta—an app designed to gamify saving strategies—to banks.

Synapse’s failure, which hurt over 100,000 consumers with $265 million in deposits, is a salient example of the harms posed by lack of oversight of BasS providers and fintech companies.

You may be familiar with the Synapse failure, as I blogged about it two months ago as “a perfect storm”:

Of the traditional lenders that partnered with Synapse included American Bank, AMG National Trust, and Lineage Bank, the largest was Evolve, which had roughly $1.5 billion in assets at the end of the first quarter (2024) … the problems surfaced shortly after Synapse filed for bankruptcy in April when it could not reach an agreement with Evolve on a settlement of funds. Three weeks into the bankruptcy proceedings, Synapse cut off Evolve's access to its technology system. That, in turn, forced Evolve and the other partner banks to freeze customer accounts. Both parties blamed each other as the culprit.

Anyways, Warren and Van Hollen’s letter goes on to quote the OCC’s Acting Head, Michael J Hsu:

Banks and tech firms, in an effort to provide a “seamless” customer experience, are teaming up in ways that make it more difficult for customers, regulators, and the industry to distinguish between where the bank stops and where the tech firm starts.

This is something I’ve blogged about quite often, most recently in The Confusion of Money, wondering when things go wrong, who is accountable? What do Warren and Van Hollen think?

BaaS revenue alone is expected to rise tenfold, from $1.7 billion in 2021 to over $17.3 billion in 2026, and the risks to consumers will rise accordingly. The recent collapse and bankruptcy of Synapse demonstrates just how exposed consumers are to these risks … the risks are clear, and we urge your agencies to use your existing authority to protect consumers and the economy.

They then pick on the example of each agency and ask for specific actions, such as the clear requirement for BaaS firms to stop misleading consumers in thinking that they are fully regulated.

For example, Yotta:

Yotta, one of the savings apps with customers affected by the Synapse failure, proudly represents in large text on its website that money deposited in the app is FDIC-insured. In smaller text, it explains that “[y]our money is held in an account eligible for pass-through FDIC insurance up to $250,000 through Evolve Bank & Trust.”

Pass-through deposit insurance “refers to arrangements through which deposit accounts are established by a third party for the benefit of one or more other [principal] parties.” In this instance, Yotta used Synapse to transfer consumer funds to Evolve Bank. While located in these “pass-through” accounts, consumer deposits are only protected should Evolve Bank fail.

As the Synapse collapse demonstrates, these consumer deposits are not protected when in transit to the bank or if any associated fintech or BaaS provider declares bankruptcy. Yotta’s statement misleadingly implies that consumer funds deposited in the app are always protected.

So, we have Yotta, Synapse, Evolve Bank and possibly more involved in a process where only one of the firms is FDIC-backed, but all claim they are. That’s a problem. This is why their letter then moves on to target the other agencies:

We urge the Bureau to finalize the rule and urge the OCC, Federal Reserve, and FDIC to follow the CFPB’s (Consumer Financial Protection Bureau) lead in using their own authority to regulate these entities directly, including through supervision and examination.

The letter ends with two specific recommendations:

In the immediate term, given the threat posed to consumer deposits by the safety and soundness vulnerabilities of BaaS and fintech companies, we urge you to use your existing authority under the Bank Service Company Act and the Federal Deposit Insurance Act to:

1) Ban entities that provide products only eligible for pass-through FDIC insurance from using the FDIC name or logo in any materials, and

2) Establish clear and direct rules for nonbank companies that partner with banks to offer deposit-style products, such as BaaS providers and fintech companies, to ensure they are properly safeguarding consumer funds. Directly supervise and examine these entities under the Bank Service Company Act to ensure compliance and conduct enforcement actions against companies that violate these established rules.

As usual, regulators are driving with a rear view mirror, rather than looking forward through the windscreen. Warren and Van Hollen’s letter is a signal that, should the Democrats stay in office for the next term, big changes will be coming downstream for the whole BaaS industry. In some ways that is welcome but, in other ways, it’s a little worrying.

For example, fintech poster-child Stripe may run into a rocky ride. Why? Well, as Marcel van Oost points out on LinkedIn:

Last year, Stripe learned its partnership with Wells Fargo was in jeopardy. Wells Fargo wanted to end its collaboration with Stripe, citing growing risks and regulatory scrutiny. Seeking a replacement, Stripe approached Goldman Sachs, but Goldman ultimately declined due to concerns over Stripe’s business practices and the regulatory environment. Stripe eventually secured a partnership with Deutsche Bank for payment processing. This shift reflects a broader trend where banks, including Wells Fargo, Goldman, and others, are pulling back from supporting FinTechs due to regulatory pressures.

One way or another, the fintech industry is growing up from being a poster-child to a poster-adult and, as this happens, the state governments have realised the risks and reactions. Interesting times and oh,here’s the letter in full: