News

Banks and the financial technology-centric firms, or fintechs, they serve should jointly file suspicious activity reports on potentially illicit transactions that affect them both, a senior regulator told attendees of an industry conference Monday.

Submitting a SAR in tandem would help both companies gain visibility into the transaction in question by enabling them to share more details on the originator and beneficiary, Jim Vivenzio, the Office of the Comptroller of the Currency’s director of anti-money laundering policy, said during the opening panel of the ACAMS AML & Financial Crime Conference in Las Vegas.

Financial institutions that reject opportunities to file SARs jointly otherwise limit themselves from exchanging potentially useful financial intelligence with each other under federal regulations governing such collaboration.

“I encourage banks when they have relationships with fintechs to file joint SARs,” Vivenzio said. “It enables both entities to share SARs more freely.”

The senior regulator’s comments come two months after the FBI included fintechs, especially those based overseas, among its top financial crime-related concerns alongside peer-to-peer platforms, unhosted digital wallets and other decentralized forms of cryptocurrency exchange.

They also follow a series of initiatives taken by the OCC to regulate fintechs, starting with the agency’s 2016 proposal to create a special purpose charter for the companies and temporarily allow them to operate in a regulatory “sandbox,” free from enforcement actions.

Varo Bank and SoFi Bank became the first two fintechs to receive conventional charters from the OCC in August 2020 and October 2020 respectively. The agency has yet to issue a special-purpose charter to a fintech.

Conventional banks tend to have one of three types of connections to fintechs, said Vivenzio, including formal account relationships, money services business-type links typically bound by strong controls against financial crime, and contractual ties that do not always clearly delineate which party is responsible for AML compliance.

“What the bank does in each of those scenarios is critical,” Vivenzio said. “The fear that I have is that there’s going to be a [compliance] breakdown, and everybody’s pointing fingers, [which] is why it’s so important to lay out in the contract who is doing what.”

The OCC and other federal banking regulators asked bankers and other interested parties to opine on the concept of outlining contractual AML responsibilities in July as part of a broader proposal for issuing guidance on how to manage third party-related risk.

The guidance as currently proposed advises banks to conduct adequate due-diligence on the fintechs they serve and gauge their knowledge of anti-money laundering protocols. Regulators extended the deadline for financial institutions and other parties to comment on the proposed guidance to Oct. 18.

Large and midsized banks should also carefully review the OCC’s Aug. 27 guidance instructing community lenders to consider vetting fintech clients by inquiring about their prior interactions with other financial institutions, including the extent to which they cooperated with various compliance-related requests, Vivenzio said Monday.

Contact Daniel Bethencourt at dbethencourt@acams.org