On March 15, 2017, the U.S. Office of the Comptroller of the Currency (OCC) issued a draft supplement to its existing Licensing Manual (the Supplement) which describes “how the OCC will apply the licensing standards and requirements [contained] in its existing regulations and policies to fintech companies applying for [a special purpose national bank ’SPNB’] charter.” Based on a comparison of the Supplement to the existing licensing requirements, those looking for a “true” OCC fintech charter in the sense of something uniquely different received little cause for encouragement. For example, the Supplement proposes that an SPNB adhere to essentially the same OCC supervisory expectations for community reinvestment that apply under the Community Reinvestment Act to national banks that accept FDIC-insured deposits. 

In explaining the Supplement’s intended scope, the OCC notes that “while references to ‘full service bank,’ ‘trust bank,’ and ‘SPNB’ are convenient ways to distinguish among national banks based on their business models, these designations do not signify a difference in the character of the national bank charter.” Those designations also fail to signify a meaningful difference between the OCC’s respective supervisory expectations for applicants for an SPNB and traditional applicants, particularly with respect to meeting the financial needs of “underserved populations or geographies, which may include, for example, low-and moderate-income individuals” and that fall within the applicant’s formally defined “relevant market and community” — commonly known as CRA.

Financial Inclusion

An SPNB is defined in the Supplement as a “national bank that engages in a limited range of banking activities, including one of the core banking functions described at 12 C.F.R. § 5.20(e)(1), but that does not take deposits within the meaning of the Federal Deposit Insurance Act (FDIA). . .” This definition does not appear in any law or regulation, and the bank’s voluntary agreement to refrain from deposit-taking would be imposed by the OCC as a condition to approving the bank’s request for a charter.

The absence of deposit-taking is important for two reasons. First, the Bank Holding Company Act (BHCA) automatically covers any person who owns or controls a “bank,” which is defined in the BHCA as including any institution that accepts FDIC-insured deposits. If an SPNB were to accept such deposits, significant funders of the SPNB (e.g. an investment company) could be subject to oversight by the Federal Reserve and significant regulatory restrictions on their business activities. Second, applicability of the Community Reinvestment Act (CRA) is likewise triggered by a bank’s acceptance of insured deposits. Rather than treating SPNBs, which would draw no deposits from their communities, differently from other national banks in regard to community reinvestment, however, the Supplement requires “all SPNBs engaged in lending or providing financial services to consumers or small businesses” to commit to the implementation of a financial inclusion plan (FIP) by entering into an Operating Agreement with the OCC. The latter is a form of binding agreement that has the same legal force and effect as an OCC-issued cease and desist order.

As noted above, the FIP of an SPNB applicant would need to include details regarding the “identification of, and [a] method for defining, [the SPNB’s] relevant market and community, including underserved populations or geographies. . .” In addition, the applicant would be required to publish its FIP for public comment during the application process and solicit public input on an ongoing basis. Finally, after its implementation, the OCC would examine the FIP on a recurring basis for compliance with the following factors, which closely mirror the factors that the federal banking agencies consider in performing CRA exams:

• The SPNB’s ability, efforts, and commitment to meet various community financial needs based on the applicant’s financial condition and size, economic conditions in the relevant market and community, and other factors, including any expected participation by the SPNB in governmentally insured, guaranteed, or subsidized loan programs for housing, small business, community development or small farms.

• How the SPNB’s policies, procedures and practices, including those described in its compliance management program, are designed to ensure products and services will be offered and provided on a fair and non-discriminatory basis, with full disclosure of terms and conditions to all customers, and in compliance with applicable laws and regulations.

• Investments, partnerships, ongoing outreach, and collaboration strategies, or expected participation in governmentally insured, guaranteed, or subsidized loan programs that the SPNB will use to achieve its financial inclusion objectives.

• Other factors that reasonably bear upon the extent to which the SPNB will help meet the credit and other financial services needs of the relevant market and community.

In sum, the Supplement proposes that an SPNB adhere to essentially the same OCC supervisory expectations for community reinvestment that apply under the CRA to national banks that accept FDIC-insured deposits.

Business Plan

The supervisory expectations for the business plans of SPNB applicants outlined in the Supplement are largely consistent with what is expected of applicants for other types of national banks. In this regard, the Supplement advises that SPNB applicants should expect to be required to maintain capital in excess of the OCC’s minimum capital amounts, consistent with the OCC’s supervisory expectations for other special purpose banks. In addition, again consistent with the other applicants, an applicant for an SPNB will need to describe its contingency plans and recovery and exit strategies, and, depending on the nature of its business plan, may need to provide “an alternative business strategy detailing how the bank will manage potential scenarios when expectations—such as operating expenses, marketing costs, or growth rates—differ significantly from the original plan.” Lastly, any significant departures from the SPNB’s business plan are likely to require a request for an OCC non-objection, and certain conditions, such as the bank’s capital requirements and its FIP, will be applied as “conditions imposed in writing,” which are enforceable to the same extent, and with the same consequences for noncompliance, as an OCC-issued cease and desist order.

Risk Management and Corporate Governance

The Supplement’s expectations for an SPNB’s risk management framework are identical to those for other types of national banks. At a minimum, regardless of its size or complexity, a national bank’s risk management systems are expected to serve the following purposes:

• Identify risk: Banks must recognize and understand existing risks and risks that may arise from new business initiatives, including risks posed by third-party relationships, by external market forces, or by regulatory or statutory changes. Risk identification should be a continuing process and occur at both the transaction and portfolio levels.
• Measure risk: Banks must have effective risk management systems that measure risks accurately and timely. A bank that does not have an effective risk measurement system has limited ability to control or monitor risk levels.
• Monitor risk: Banks must monitor risk levels to ensure timely review of risk positions and exceptions to risk limits. Monitoring reports must be timely, accurate, and relevant, and should be distributed to appropriate individuals to ensure action, when needed.
• Control risk: Banks must establish and communicate risk limits through policies, standards, and procedures that define responsibilities and authority. These limits serve as a means to control exposures to the various risks associated with the bank’s activities.

With respect to corporate governance, an SPNB is expected to implement and maintain the same three lines of defense model of governance as other national banks. This expectation is likely to prove challenging for all but the largest and most mature fintech companies. The basic parameters of this governance model are outlined in the Supplement as follows:

• First line of defense risk management activities take place at the frontline units where risks are created and owned.

• The second line of defense risk management activities occur in an area or function separate from the frontline unit, sometimes referred to as independent risk management (IRM). IRM oversees and assesses the frontline units’ risk management activities.

• The internal audit function is often referred to as the third line of defense in this model. In its primary responsibility of providing independent assurance and challenge, the internal audit function assesses the effectiveness of the policies, processes, personnel and control systems created in the first and second lines of defense. Internal audit (including co-sourcing and outsourced arrangements) must be an independent function and report directly to the Audit Committee of the board of directors.

In addition to the above, the “board of directors must have a prominent role in the overall governance structure by participating on key committees and guiding the bank’s risk management framework.”

Assessments and Fees

The cost of obtaining a national bank charter as an SPNB is unclear. The Supplement notes that “the OCC will impose assessments on an SPNB through special conditions established at the time of preliminary approval.” To this end, the Supplement notes that “the OCC is funded through assessments and fees charged to the banks it supervises [and] SPNBs will be subject to periodic assessments, just as other national banks are.” According to the Supplement, the OCC would determine the amount of such charges based on “the amount and type of assets that the bank holds.” Obviously, an applicant would want to obtain greater clarity on this factor as soon as possible in the application process.

Commingling With Commerce

Persons who own or control SPNBs will not be subject to the BHCA, which prohibits bank holding companies from commingling banking and commerce. Walmart’s application for a national bank charter in 2005, which was ultimately withdrawn, was viewed by many in the financial services industry as posing an inappropriate combination of banking and commerce.As a result, the Supplement states that “OCC will not approve proposals that would result in an inappropriate commingling of banking and commerce.” The Supplement explains that this commingling “could introduce into the banking system risks associated with non-banking related commercial activities, interfere with the efficient allocation of credit throughout the U.S. economy and foster anti-competitive effects and undesirable concentrations of economic power . . ..”

Conclusion

Although the Supplement starts out by reiterating the OCC’s strong commitment to fostering innovation, including in regard to “emerging technologies for banking services,” with the sole exception of its novel approach for imposing the requirements of the CRA, the proposed treatment of SPNBs breaks little new ground and essentially mirrors what is expected for national banks that deliver products and services in traditional ways. Based on the expectations outlined in the Supplement, the overall costs associated with obtaining a national bank charter will be very substantial. Leaving aside uncertainty regarding fees and assessments, and the challenges of complying with CRA-like requirements, a fintech company pursuing an SPNB charter will need to commit to a detailed business plan that will remain in place for at least three years, and adopt a “bank-like,” three-lines-of-defense formal governance structure. As the OCC acknowledges at the outset of the Supplement, “some [fintechs] may wish to continue, or initiate, partnerships with banks by providing technology-related services and expertise.”

Pepper Points

• Notwithstanding the OCC’s promising rhetoric regarding a new approach, the fact remains that the OCC is admittedly attempting to “apply the licensing standards and requirements in its existing regulations and policies to fintech companies. . .” In the end, only Congress, and not the OCC, which interprets and enforces, but does not make laws, has the authority to fashion a charter designed to serve the needs of the fintech industry.

• A fintech company considering a national bank charter will need to consider whether committing to a multi-year business plan is feasible in an industry that is constantly evolving, and in which the ability to respond quickly to market innovations is essential to continued survival.

• State legislators may step in to fill the void by creating state bank versions of a fintech charter. In the meanwhile, the OCC’s willingness to consider applications for SPNBs from fintech companies under the terms of the Supplement is likely to serve the needs of only well-established fintechs that are willing to invest substantial time and money toward obtaining this charter, knowing that a great deal of uncertainty remains.

• Whether the hurdles created by the OCC with respect to the financial inclusion requirement and the lack of flexibility on business plans will deter fintech’s from applying will be interesting to see over time