The business of banking is increasingly the business of technology. Technological innovation has given consumers ready and easy access via their mobile devices to a full range of banking products and services like traditional bill pay, the convenience of making real-time payments, instant credit, deposit and savings tools, and investment advice at reduced cost and on-demand. Just as technology has democratized banking products and services, it has also made it easier for non-banking companies to offer these products. While greater competition is generally positive, these new entrants — both large “BigTech” companies as well as smaller fintech firms — do not offer the same level of protections for consumers as banks and are increasingly putting consumers’ financial and personal security at risk.
Federal Reserve Governor Lael Brainard recently highlighted the growing divide in consumer protections in a speech before the Stanford School of Business. In her remarks, she noted that many things consumers have come to expect — deposit insurance, strong data security and privacy protections, account and transaction fee disclosures, and protections against fraudulent transactions — are lacking in many non-bank providers who face far fewer statutory and regulatory requirements and receive little, if any, oversight of their financial, business, privacy and data security practices.
Take for example the growing number of tech companies seeking applications for Industrial Loan Company (ILC) charters. ILCs permit tech companies to engage in a full range of traditional banking activities, like making loans and taking insured deposits. However, unlike their traditional bank counterparts, ILCs are not considered “banks” under the federal Bank Holding Company Act, which means that their parent companies and affiliates are not subject to any federal regulation and supervision — no minimum standards about capital and liquidity, no federal privacy and data security standards, no safety and soundness standards, no federal consumer protections and, perhaps most significantly, no limits on their ability to engage in a full range of commercial activities.
For this reason, Congress has often placed limits on ILCs and consumer protection groups have raised concerns with their use. The exploitation of the ILC charter to circumvent all of this federal regulation and supervision is known as the “ILC loophole.” What should be particularly alarming for consumers is that large tech companies can exploit the ILC loophole to combine their existing troves of consumer data with very sensitive and confidential personal financial information, with few restrictions on its use or requirements to safeguard it against misuse or theft.
Another tool used by tech companies to avoid direct regulation are “rent-a-charter” relationships whereby a fintech firm partners with a regulated institution, typically a smaller community bank, to hold their customer deposits. New business models are popping up where a tech company may even act as a broker to help fintechs find banks to hold their customers’ funds. This arrangement may provide some deposit insurance but allows the fintech to avoid compliance with risk management procedures and other regulatory and supervisory oversight intended to protect not just consumers but the broader financial system.
Underlying many of the new consumer fintech apps is also an expanding form of infrastructure allowing consumers to link their accounts, share data and make payments. Data aggregators that offer these services often operate in the background, unbeknownst to consumers, but play increasingly important roles in banking. They power popular services like Venmo or tax preparation tools like Intuit and are used to make applying for mortgages a less cumbersome process. Similar to ILCs or rent-a-charter relationships, however, aggregators have access to very sensitive customer financial data and play a role in facilitating transactions, yet they fall outside the existing regulatory structure and face no oversight that would help ensure they appropriately manage the risks they are introducing into the financial system.
As these relationships have grown and as more tech companies attempt to provide financial services, regulators in the United States and abroad have noted the potential systemic risks. The Financial Stability Board noted last December that the “financial services offerings of BigTech firms could grow quickly given their significant resources and widespread access to customer data, which could be self-reinforcing via network effects.” If these tech firms come to dominate parts of the industry, the “risks may be particularly significant … if BigTech firms’ risk management and controls are less effective than those required of regulated financial institutions.”
Without congressional action, regulators’ concerns and warnings will just be words on a sheet of paper. As Brainard suggested, it is time for Congress to help address these growing gaps in financial regulation that leave consumers vulnerable and pose growing risks to the financial system. Technology innovation has brought, and will continue to bring, wonderful new financial tools. Our system of regulatory protections and oversight, much of which was put in place before the invention of the smartphone, must evolve to meet today’s environment and continue to ensure the safety and security that Americans have come to expect.
Heather Hogsett is a senior vice president, technology and risk strategy, for the BITS division at the Bank Policy Institute.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.