Nov. 30, 2022 | Financial Institutions Regulatory Risks of Buy Now Pay Later with Fred Rubin


MW: Hi everyone and welcome to our first Ask an Expert. I'm Michelle Wilkinson, Senior Advisor of Retail Banking at equipifi. To kick us off today is Fred Rubin to speak about the regulatory landscape for BNPL.

Fred is a consultant to banks conducting comprehensive analysis of credit risk functions. He was formerly the Chief Credit Officer at financial institutions (FIs) such as PenFed Credit Union, Pacific Mercantile Bank, and National Cooperative Bank. He has also served as the National Bank Examiner at the Office of the Comptroller of the Currency (OCC). Welcome Fred. 

FR: Great to be here.  

MW: As you know, in September 2022 the Consumer Financial Protection Bureau (CFPB) released their BNPL study after analyzing loan data from five fintech lenders. Many FIs are closely tracking these movements in the regulatory landscape to prepare for the impact that BNPL may have to them and their cardholders. Would you please give us some background on this report to set the stage? 

FR: Yes, of course. After the 2008 financial crisis in which nonbank companies played a pivotal role, Congress tasked the CFPB with supervising fintechs. CFPB’s September 2022 issuance focuses on BNPL loans outside of this space, where banks do not use information from credit bureaus, and don’t report their information to credit bureaus. In addition to the CFPB, the Office of the Comptroller of the Currency (OCC) which regulates National Banks recently announced its plans to establish an Office of Financial Technology. This is the OCC’s attempt to begin understanding how these new companies operate so that in the future, they can regulate them properly. 

MW: So Fred, given your regulatory expertise and time with the OCC, what are your thoughts on the recent rise of BNPL as a payment preference? Especially since this growth has been largely driven by third-party fintechs. 

FR: I think it was inevitable that BNPL would find its way into the modern, online world and especially into the fintech space. Historically, BNPL has been used more by those without access to traditional credit sources, and in many cases, BNPL was a service offered by local retailers. As a result, most of the older BNPL programs charged very high interest rates which gave the program a somewhat tarnished reputation. 

Fintechs have been really active in researching ways to profitably lend to new clients due to all the competition for assets in the traditional lending spaces. The traditional lending spaces are becoming crowded and competitive, so it was only natural that the fintechs would wade into BNPL. Even though most of these programs charge relatively modest rates, the expansion has reached the regulators’ radar. 

Screen Shot 2022-11-30 at 8.33.17 AMMW: The CFPB cites concerns surrounding loan stacking and overextension. Can you tell me more about why these are concerns? Traditionally, how are these concerns managed by FIs? 

FR: Let’s first define those terms. Stacking is caused when a consumer establishes more than one BNPL account. This stacking behavior can cause overextension, where the same consumer now has more BNPL monthly payment obligations  than their given income can afford, according to traditional credit measurements. Some fintechs have shied away from using these traditional measurements in order to find wider segments to lend to.   

The global market for BNPL has tripled over the last 3 years and is projected to reach $200 billion during 2022. I don’t think the CFPB has had the time or resources to analyze and understand the fintechs’ methods, and to ensure that these methods produce profitable and ethical mechanisms of granting credit over time. The OCC, Federal Reserve, and Federal Deposit Insurance Corporation (FDIC) are also displaying some anxiety about this method of granting credit due to their lack of history with BNPL. 

Banks and Credit Unions have traditionally used information from one or more of the large credit bureau companies, combined with Credit Scoring, to analyze the probability of loss on their lending portfolios, and to monitor their customers use of credit. They use the probability of loss to set their bad debt reserves, and the regulators monitor those reserves very closely to gauge the health of financial institutions. Anything that introduces change to these factors is a concern to both financial institutions and regulators. 

Fintech companies have been combining new research and new data that might not have been available to traditional FIs, such as insight to consumer shopping behaviors like the merchants they frequent and the products they purchase, to assure that a client can pay off these accounts on time. They are not using the 3 large credit bureaus to provide this information, nor are they reporting their loans to the credit bureaus. This lack of information can cause some angst among the financial institutions because it affects traditional measures of ability to pay and, in the extreme, could cause all lenders to lose money on individual loans without any warning. 

MW: How does a financial institution go about protecting and using consumer data and how does that compare against third party providers who collect similar consumer financial data? 

FR: Traditional FIs have literally invested billions in security to create safe data warehouse processes, and fight against hackers every minute of the day. This area of their business is heavily examined, with most large financial institutions having on-site examiners from one of the regulators in their offices every day. This security posture extends to their contracted third-party providers – for example credit bureau companies, FI vendors, partners, and contractors – all of which must assure the regulated financial institution that they have sufficiently secured systems to prevent breaches. We can see from the publicly announced data breaches that this is a constant and costly problem for them. 

Although there is some effort to breach fintechs’ systems, Banks remain the largest targets. As a result, fintechs generally rely on much simpler methods to secure their data. They are collecting and using similar consumer financial data but have not been subject to the regulators’ examinations to test these in the same way that traditional FIs have. 

Expert insights, industry updates, and next generation commentaries for all  things Buy Now, Pay Later - in one easy read.

MW: Can you offer some food for thought for FIs out there looking to understand the risks of third-party BNPL solutions on their cardholders, and wanting to proactively help them mitigate these risks? 

FR: BNPL has been out there in the non-digital medium for years and lots of FI customers have used it at local businesses. The difference now is that BNPL is coming into the modern age, it is being offered at global retailers, and the volume of the business has grown exponentially. Because more people are using BNPL, it may now be more obvious to FI managers and executives that their customers are using it. Whereas in the past the average purchase under BNPL might have been less than $1,000, some BNPL lenders have increased their maximum size to $10,000 – making it a viable competitor to credit and charge cards, most of which have higher interest rates than BNPL. These lower rates actually reduce the risk a bit to their customers’ other creditors, a fact which has been mostly ignored. 

At the simplest level, my advice is to understand the BNPL business. Remember to treat the business like any other business you have in the FI and monitor the compliance, operational, and credit risks. BNPL may have a foundation that is different than the credit business they have been in; as such, FIs need to get to know the fundamentals of the BNPL business they are in. Second, it might be worth some time and research to understand how their customers are currently using BNPL and in what volume. With that knowledge, FIs can decide whether it is worthwhile to enter that business, and to decide whether they want to bring BNPL customers into the FI directly, or to partner with an experienced fintech that can help the FI with the risk. 

MW: What about for FIs trying to develop their own solutions to help customers attain financial flexibility such as BNPL? What have we learned from the CFPB reports that can be informative for them? 

FR: The CFPB strongly encourages the FIs to build their systems with reporting, stacking, and overextension risks in mind, and has the authority to enforce these points, as well as communicate them to the Banks’ primary regulators to ensure that they are built in to a BNPL process at an FI. 

As with most products these days, entry to a new business can be much quicker and much less costly by partnering with an experienced fintech. Businesses such as equipifi have done the work needed to understand and comply with the compliance risk, credit risk, and operational risk that has been identified by the CFPB issuance. If a bank’s managers want to build a system on their own, there is a cost in both time and funding that in most cases will be much higher. 

MW: These are some incredible insights, Fred. Thank you so much for joining us.

Michelle Wilkinson is a retail banking and payments expert with over 18 years of experience overseeing product management to operations at financial institutions. She is a driving force at the intersection of banking and innovative technology, having previously served as the Senior Product Manager of Payments for Alaska USA Federal Credit Union. As the Senior Advisor of Retail Banking for equipifi, Michelle is responsible for providing strategic and operational guidance related to the design, education, and adoption of BNPL by banks and credit unions. 

Webinar: Navigating the Regulatory Landscape