Podcast: Deep Dive into Understanding Bank Partnerships in Payment Programs

In this episode of our series of deep dives into consumer financial services, we’re going to discuss bank partnership programs in a different way. We’ve talked about traditional credit products and deposit products. Today, we’re going to focus a little bit more on payment programs.

---

Aaron Kouhoupt: My name is Aaron Kouhoupt and I am a partner in McGlinchey Stafford’s Cleveland office. I practice in our consumer financial services practice group. I’m joined today by my partners David Tallman and Amy Greenwood-Field, who are both also partners in various offices of ours in the consumer financial services sector.

We’re going to talk about bank partnership programs, particularly payment programs. And so, what we’re really focusing on today is this idea of non-depository institutions partnering with other entities to offer innovative or unique creative payment platforms and how that works. Some of the legal considerations that you need to think about—some of which we’ve touched on in other series, and some of which are a little bit unique—in a lot of ways, bring it all together because there are some hidden traps that we’re going to get to here when we talk to Amy.

Amy is going to discuss one of the more common traps that could occur in this kind of partnership. And so, Amy, what I’m alluding to is that in some payment programs, you have a depository that has the ability to move funds and sort of act as a depository financial institution. They’re partnered with this non-bank, somebody that maybe does not have that, they don’t have a charter, they’re just a technology platform company. What sort of things do you need to be cognizant of when it comes to money transmission and potential licensing?

We look a lot at funds flow because if you receive funds, you could trigger a money transmitter license. So, in the United States, money transmission is regulated not only at the federal level but also at the state level… At the state level, money transmission is regulated in some way, shape, or form in every U.S. state and populated territory except for Montana.

Amy Greenwood-Field: Well, Aaron, the important thing to think about here is whether or not you, as a bank partner, are actually receiving funds from someone and then doing something with those funds. We look a lot at funds flow because if you receive funds, you could trigger a money transmitter license. So, in the United States, money transmission is regulated not only at the federal level but also at the state level. So we have a lot of clients that come to us, and they’re like, we registered with the Financial Crimes Enforcement Network (FinCEN), and we’re good to go, right? And unfortunately, the answer is no. At the state level, money transmission is regulated in some way, shape, or form in every U.S. state and populated territory except for Montana. It is my understanding that Montana does not intend to adopt any sort of money transmitter regulation anytime soon. Definitely keep that one flagged for your watch list.

And what we’re seeing right now is a model law effort. So when it comes to money transmission, generally, each state has its own flavor of regulated activity, but the Model Law is pushing towards some uniformity. Right now, we have 18 states that have enacted the Model Law in what we call a full enactment, even though they still may have had some differences from the Model Law language itself, and an additional five states that have some sort of a partial adoption.

Even in payments, if I’m that company and I partner with the bank, I’m not going to be in the flow of funds. I’m not going to move the money unless I have a license or unless I go through the process. I’m not doing that simply because the bank can; the bank is doing it, correct? The bank is doing the actual movement. I’m not using the bank’s charter to move money myself.

Kouhoupt: To make this a real-life example, let’s say I am a non-depository. I offer a platform where a consumer can interact with my platform. We’ll keep it basic on peer-to-peer transfers. So, I am consumer-facing and putting myself out to the world. I have a mobile application, I partner with a bank, and I have accounts sitting at the bank. I am that mobile app, right? I have that mobile application. Consumers can send money between me and David, right? I can say, “Hey, please send this $50 to David Tallman.” When you are the mobile app provider in those scenarios, I’m collecting those funds from Aaron. I’m sending those funds to David; what are you thinking about if that situation comes up to you as far as, you said earlier, the flow of funds? So what are you trying to do or think about when I’m the one with the mobile application allowing Aaron to send the money to David, just as an example?

Amy Greenwood-Field: So the question is, you said the account is being held at the financial institution. How is that account termed? So, is it an operating account that’s just used for your business? So you’re collecting the funds, you have custody and control over them, and then, hopefully, you’re honoring your customer agreements and sending those funds along to David. Or is it a custodial account with the bank where you’re probably paying a premium? We will discuss later why that may be an alternative to money transmission, but in a custodial account, you are actually sitting in the flow of funds. The bank is stepping in and using its charter to provide those services on your behalf.

The CFPB issued FAQs a couple of years ago, and they have answered some questions about what it means to be a financial institution that is subject to requirements under Regulation E. They made it clear that the non-depository in a bank partnership can, in some circumstances, directly be considered a Financial Institution such that they have Regulation E responsibilities in their own right.

Aaron Kouhoupt: So I very much want to focus on it. I like what you just said there. I’m sure that many people have heard the concept of “I’m going to partner with somebody and use their charter.” You know, we’ve talked about this in the context of loans. We talked about this in the context of deposit products. It’s the same here, right? Even in payments, if I’m that company and I partner with the bank, I’m not going to be in the flow of funds. I’m not going to move the money unless I have a license or unless I go through the process. I’m not doing that simply because the bank can; the bank is doing it, correct? The bank is doing the actual movement. I’m not using the bank’s charter to move money myself.

Amy Greenwood-Field: Yes, yes, absolutely. So, that’s where that custodial account agreement comes into play, and the bank isn’t going to provide that service to you for free. There’s going to be some sort of per-transaction charge or some other fee associated with them providing you that service underneath their charter. However, we have clients that use that as an option rather than incurring the cost and the upkeep to actually get a license to conduct money transmission in all of those states and U.S. territories.

It is important to keep in mind that the non-depository isn’t always just going to be a service provider. They can have their own responsibilities in their own right. And it’s important to map that out and understand how those arise.

Aaron Kouhoupt: Yes. That always creates—to turn to David for a second—from a compliance management perspective, that always creates a little bit of tension that you need to think through. If the bank is the one that is actually, in this example, transferring the funds, holding a For Benefit Of (FBO) account, but let’s say they’re doing it as an FBO account, the bank is the one that’s doing that. From a regulatory perspective, who’s responsible for, let’s say, deposit or money movement regulations? Just if we stay on that example.

David Tallman: In that example where the bank is holding the account and the bank is moving the funds, the bank is primarily responsible for those regulatory obligations. This is why it’s important to be clear when speaking about the nature of the relationship, who’s doing what, and what the party’s respective roles are. Because quite frequently, we hear clients say something like, you know, the bank’s letting us use their charter or the bank’s letting us use their Bank Identification Number (BIN). That is not accurate. In order to properly set expectations with respect to who’s responsible for what, you want to be clear that the bank is the one that’s engaged in the activity that requires a charter, that requires a license. And that you, as a non-depository, are engaged in other activities, support services, what have you, but that you are not taking on a role subject to increased regulation.

Aaron Kouhoupt: Yes. And then, similar to other bank partner models, it’s no different here, right? The bank, if you switch it over to the financial institution side of the house, doesn’t have the ability to contract away its regulatory requirements. They can bring somebody in as a service provider, and they can have somebody provide a tech platform, the access device, for example, and they can have that third party do those things. But the bank can’t say, well, we have this third party; they’re doing our compliance; we don’t need to worry about it. Correct?

The bank needs to understand and the non-depository, the FinTech, needs to understand what role they’re playing. What exactly am I doing? Where do I fit both from a contractual perspective between myself and my partner and from a regulatory perspective?

David Tallman: They can certainly outsource functions, but the bank will still be ultimately responsible for ensuring compliance. That responsibility includes oversight and vendor management, and the non-depository will be subject to the bank’s oversight.

Aaron Kouhoupt: Now, if we stick to this sort of narrow, but I think it’s a good example to sort of illustrate the issues here, but if we stick with this kind of narrow example of peer-to-peer (P2P), and I am not the depository, I’m the FinTech platform, but I’m the one that provides an access device, so the consumer is only able to move their funds because of the access device that I provided to them. And if we’re thinking about it from that perspective, does that change the analysis at all? Is there any shifting of obligations under, say, Regulation E as an example in the Electronic Funds Transfer Act?

David Tallman: It’s not necessarily a shifting of regulation, but it’s the fact that you can be directly subject to regulation in those circumstances. The Consumer Financial Protection Bureau (CFPB) issued FAQs a couple of years ago, and they have answered some questions about what it means to be a financial institution that is subject to requirements under Regulation E. They made it clear that the non-depository in a bank partnership can, in some circumstances, directly be considered a Financial Institution (FI) such that they have Regulation E responsibilities in their own right.

Communication is important when mapping out responsibility for non-regulatory obligations because another source of authority or requirements that come into play here are card network rules and, National Automated Clearing House Association (NACHA) rules, quite frequently. Those generally are a matter of contract.

For example, if they directly or indirectly hold a transaction account belonging to the consumer or if they’re issuing an access device, etcetera. And in those circumstances, they can have responsibilities too, for example, have an error resolution program. That doesn’t mean that the bank does not also have responsibilities; depending on how the program is set up, both parties can be directly regulated. But I think it is important to keep in mind that the non-depository isn’t always just going to be a service provider. They can have their own responsibilities in their own right. And it’s important to map that out and understand how those arise.

Aaron Kouhoupt: Yes. Thank you. It’s really important that in understanding, and again, I’m going to go back to you in a second, Amy, because I jumped the gun on my pet peeve that I’ve talked about in all of these bank partner programs, which is that the compliance management system is so important on both sides, right? The bank needs to understand, and the non-depository, the FinTech, needs to understand what role they’re playing. What exactly am I doing? Where do I fit both from a contractual perspective between myself and my partner and from a regulatory perspective? And part of that, Amy, you touched on this. I, again, jumped the gun to talk about it a little bit, but if I do want to sort of be in that scenario where I am a FinTech, I’m offering this P2P functionality, but I’m either not set up, or I’m not really ready to get licenses. Can you talk about the FBO account? I talked about it a little bit, but could you explain more about the sort of FBO account and how that fits within the framework of the relationship between the depository and the non-depository?

Amy Greenwood-Field: So, like I said, normally, that is some sort of a custodial account arrangement, a contractual arrangement, is entered into between the company that’s consumer-facing and the bank that’s actually providing the transmission services. A lot of times, what we do for clients that have an arrangement like that is the bank will come back and ask for confirmation that the entity that is consumer-facing doesn’t need a license in order to conduct their activity. So we review that agreement and then provide an analysis that the client can provide to the financial institution to put in their file that explains that as long as this arrangement is in place, you’re not triggering an actual license with any state. Part of that analysis is also include a review of customer-facing materials. So it’s important that you’re disclosing to the customer those terms of conditions, the ones that everybody clicks through and doesn’t worry about until there’s a problem, who is doing what with their funds as they’re moving from Aaron to David.

As the parties are structuring the program, it’s important to map out who’s going to be responsible for what in terms of ensuring compliance with these rules and what happens if there is a fault, if there are reporting responsibilities, if there are dispute or error resolution responsibilities, who’s doing it? How is it being supervised, and how is it being reported back to the networks?

Aaron Kouhoupt: So, in the FBO model that you just talked about, the bank is moving funds; you’re not moving funds. The bank has a charter, and that charter lets them do it. They’re doing it, and you are providing the mechanism in which the consumer gets access to that service that the bank offers, but it’s the bank doing the activity.

That’s been a theme that we’ve had so far and is going to continue throughout this series. David, when you were talking about it earlier, I know Amy’s heard the same thing. We’ve probably all heard some variation of that idea of, well, I mean, I’m using their BIN. Even if it’s not happening, it’s terminology that one should try to be a little bit concise with because that’s not the case, right? They’re not sponsoring it in that sense. They’re providing the banking activity, and you are, as the non-bank, are providing access to that service that the bank is offering. And that might have its own set of responsibilities.

Amy talked about how some licenses could be required to provide that service. David talked about scenarios where direct regulatory requirements can apply there. So it’s not a magic bullet that I partner with the bank and walk away. The bank will have its responsibilities under its charter and its laws and regulations, and then you, as the non-bank, will have the same under either your license regime or other state law that you’re operating under. Keeping those two things separate is key to a successful partnership. That requires good compliance management systems and open communication between the two parties.

David Tallman: Communication is important when mapping out responsibility for non-regulatory obligations because another source of authority or requirements that come into play here are card network rules and National Automated Clearing House Association (NACHA) rules, quite frequently. Those generally are a matter of contract. Those contractual requirements are imposed on the bank by the payment networks, but those are frequently rolled down by contract to the FinTech, the non-depository participant. As the parties are structuring the program, it’s important to map out who’s going to be responsible for what in terms of ensuring compliance with these rules and what happens if there is a fault, if there are reporting responsibilities, if there are dispute or error resolution responsibilities, who’s doing it? How is it being supervised, and how is it being reported back to the networks?

As more states adopt the Model Law, your trigger for licensure there as a money transmitter is receiving money or monetary value from a person…it’s also defined as a business, such as a partnership, a corporation, or other sort of corporate entity. So that’s another issue where we see clients sometimes poised for a misstep, or they think that the licensure would only be triggered if you’re transmitting P2P activity instead of something that’s involved in the business.

Aaron Kouhoupt: That’s a great point, David. Amy, any parting words of wisdom?

Amy Greenwood-Field: The only other thing I wanted to flag here is that we’ve been talking about a P2P example. As more states adopt the Model Law, your trigger for licensure there as a money transmitter is receiving money or monetary value from a person. The person is defined not just as Aaron and David, but it’s also defined as a business, such as a partnership, a corporation, or other sort of corporate entity. So that’s another issue where we see clients sometimes poised for a misstep, or they think that the licensure would only be triggered if you’re transmitting P2P activity instead of something that’s involved in the business.

Aaron Kouhoupt: Yeah, that’s also a great point, especially for an upcoming deep dive on dealing with virtual and in-game currencies and all that fun stuff. So, thank you for joining us today and participating in this content session on bank partner programs and how they relate to payment platforms. We look forward to our next one.

---

Subscribe wherever you listen to podcasts: