Is it safe to bank at a fintech?
With the recent failure of Synapse and the ensuing fallout across several fintechs, some people are wondering if it’s safe to work with fintechs at all.
We strongly believe the answer is yes, at least when it comes to well-run fintechs. But how can you know if a fintech is run well?
Assessing neobanks
Determining how well a neobank is run is difficult from the outside. Here are some questions to ask when evaluating a neobank:
- Are the accounts real bank accounts (demand deposit accounts, or DDAs) with FDIC insurance issued by a sponsor bank? This is spelled out in your account agreements, which should be between you and the bank sponsor who issues the account. If you’re opening a real bank account, the issuing bank is responsible for ensuring the safety and accuracy of your accounts, whether they do it themselves or through a technology partner. A common alternative to this structure is a cash management account issued by a brokerage, which means the brokerage is responsible for the safety and accuracy of your accounts. Brokerage accounts themselves aren’t eligible for FDIC insurance, although the broker may sweep your deposits to FDIC insured organizations and offer some pass through coverage in that way.
- Does the sponsor bank have a robust risk management function? This is tricky to evaluate if things look good, but easy to tell when a bank’s risk management program is very poor. Look for recent enforcement actions and consent orders against the sponsor bank. Regulatory agencies are paying special attention to fintech sponsor banks, and ones with poor risk management are being called out more consistently than in the past.
- Does the fintech have a robust risk management function, appropriate for its stage? Newer fintechs often work with experienced outside compliance teams and establish in-house compliance teams as they grow. You can learn about this by asking the fintech about their compliance management system. Their response will make it apparent how seriously they take their responsibilities as a fintech working with a sponsor bank.
Synapse has caused real harm
It's been gut-wrenching to hear the stories of so many customers who were harmed by the bad choices of companies they trusted. Many customers lost access to their deposits for an extended period of time, and many still haven’t received their money. That’s an inexcusable result for Synapse and the other entities involved. Hopefully, those companies and individuals are held responsible for their negligence by the appropriate authorities.
For years, industry insiders have known that there were real issues with the way Synapse was conducting itself, and many stopped working with them or never partnered with them in the first place. Synapse going bankrupt and the poorly managed banks they partnered with receiving sweeping consent orders is a painful event, but one that will hopefully lead to a more stable and responsible fintech industry.
It’s worth exploring what happened in the case of Synapse and fintechs like Yotta and Juno as an instructive cautionary tale for serious people working in fintech as well as concerned consumers thinking about using fintech apps.
Banks rely on tech providers
Most banks rely on third-party core technology providers like Jack Henry or FIS to be the source of truth for how much money is in whose account. This is a more complicated job than you might think — it's really easy to get the books to be correct 99% of the time, but that 1% can be very complex. Disputes, transfer returns, errant wire transfers, and losses all present challenges that can make reconciling your books harder. These core technology providers have been doing this for decades and are generally very good at it.
Synapse and other BaaS providers enter the scene
Core providers are hard to integrate with and lack mature APIs. Synapse was started in 2014 as one of the first "Banking as a service" (BaaS) providers in the US to help tech companies build new banking products in collaboration with banks. Banks contracted with them to provide easy-to-use API integration points for fintechs and to be the source of truth for their deposits. Customers of fintechs like Yotta or Juno on the Synapse platform pooled customer deposits into a single account (an FBO account) on the legacy banking core, and Synapse was the source of truth for how much of the money in the FBO account belonged to each customer. In this way, BaaS providers like Synapse acted as extensions of the bank core.
Cardinal sin number one - the math didn't math
As a team with very little experience in finance, Synapse seems to have underestimated the complexity of tying out their books with partner bank FBO accounts. For years their expected balances diverged from what the bank had in their accounts.
Cardinal sin number two - moving deposits around
Synapse then made things worse by moving customer deposits between different bank partner FBO accounts, which added even more complexity to the already broken reconciliation process. It also made it unclear to customers which bank they were doing business with.
Cardinal sin number three - reconstituting accounts
While failing to fulfill their basic responsibilities as a source of truth for customer funds, Synapse went further and worked with their fintech partners to reconstitute customer bank accounts as cash management accounts held by Synapse Brokerage LLC. This is a very significant change, but they treated it like a standard terms of service update with a passive opt-in. This change meant there was now no bank individually responsible for ensuring customer balances were safe and accurate, and customers were fully dependent on Synapse as a source of truth.
As Synapse's shortcomings became more publicized they struggled to fund the business or find a buyer for it, and eventually declared bankruptcy. Many of Synapse's fintech partners changed providers before the company went into bankruptcy, but the mistakes described above made it impossible for remaining fintech partners to manage an orderly wind down of their customers' accounts.
Scope of FDIC insurance
FDIC insurance of deposits is necessary but insufficient to fully protect your deposits at a fintech or a bank. The FDIC protects deposits in the event an insured institution fails (the bank that holds deposits), not an underlying tech provider. That means if Bangor were to fail, customer deposits would be covered subject to the FDIC's standard limits.
Crew maintains redundant records of Treasury Prime’s ledger, and regularly reconciles them against Bangor’s FBO account. If Treasury Prime were to fail, Bangor and Crew would transition record keeping to a new technology solution. If Crew were to fail, Treasury Prime and Bangor would manage an orderly wind-down of the program and return deposits to customers. In either case, we've made every effort to ensure that customer deposits are kept safe.
How Crew is different
Crew has a much more conservative arrangement:
1. Crew works with a single bank partner for deposit accounts, Bangor Savings Bank.
2. Accounts are real, FDIC-insured demand deposit bank accounts issued by Bangor Savings Bank (not brokerage cash management accounts).
3. Customer balances are continuously reconciled against the program FBO account.
4. We take our responsibilities as a program manager very seriously.
Bangor uses Treasury Prime as its sole BaaS provider, and customer deposits are pooled in an FBO account similar to the way Synapse originally structured customer accounts. However, if those two systems ever got out of sync that would be an all-hands-on-deck situation that Crew, Treasury Prime, and Bangor would work to resolve immediately, in just the same way it would be if Bangor's Jack Henry core were to fail to reconcile.
There are many examples of neobanks that follow this arrangement and have been responsible program managers, the most well known example being Chime. Being a well run neobank requires fintechs to take their responsibilities seriously, and to collaborate deeply with their bank partners over time.