Which players in the Banking-as-a-Service (BaaS) ecosystem — sponsor banks, fintechs, lead generators and middleware providers — are fair game for today’s regulatory crackdown on bias in lending?
If you answered “all of the above,” you’d be right.
Today, plenty of fintechs, lead generators, middleware providers and other players in the BaaS world think that, since they aren’t formally lenders, they’ll be spared scrutiny of any discriminatory outcomes in the loans they facilitate. Some also believe that the fairness and non-discrimination obligations of a lending program are managed well enough through their sponsor bank’s compliance programs.
As such, these firms seem to believe that fairness is the sponsor bank’s problem, not theirs.
As lending programs in the BaaS ecosystem are increasingly facilitated by a wide range of technology providers, regulators are cracking down on potentially unfair or discriminatory outcomes caused by anyone in the banking process—including non-bank fintechs, lead generators and middleware providers.
Regulators are also increasingly imposing fairness obligations on business practices that are not credit-related, on the grounds that even neutral policies that have disparate outcomes can be illegal, including where fair lending laws don’t apply.
How can regulators do this? Let’s look at the law.
The Equal Credit Opportunity Act (ECOA) prohibits discrimination by creditors against applicants in any aspect of a credit transaction.
Courts and regulators interpret ECOA to prohibit even neutral-seeming practices that have a “disparate impact” on protected classes unless the creditor has a legitimate business justification for the practice that cannot reasonably be achieved in a less discriminatory manner.
Regulation B, which implements ECOA, defines a “creditor” as including a non- lender who “regularly participates in a credit decision.” The definition includes anyone who “regularly refers applicants or prospective applicants to creditors or selects or offers to select creditors to whom requests for credit may be made.”
In other words, ECOA applies not just to the named lender but also to a broader swath of entities involved in the credit granting process.
As a result, fintechs, lead generators, middleware companies and other firms can be subject to ECOA’s rules.
And it’s not just ECOA that BaaS ecosystem players need to worry about.
The CFPB is likely to appeal a recent court ruling that struck down a 2022 update to its financial institution examination manual which had been amended to say that a business process causing disparate outcomes could be deemed “unfair” even where ECOA doesn’t apply if it harms consumers in ways that they cannot avoid and lacks benefits that outweigh the harm.
In announcing the update, the CFPB stated that examiners would more “closely examine financial institutions’ decision-making in advertising, pricing, and other areas to ensure that companies are appropriately testing for and eliminating illegal discrimination.”
The CFPB has also warned that it can sue “material” service providers to financial companies for failure to comply with applicable consumer financial protection laws.
What’s more, BaaS providers, lead generators and fintechs can’t necessarily assume that their bank partners’ fairness compliance programs are sufficient for their own needs.
A leading fintech sponsor bank is operating under a regulatory consent order which restricts them from onboarding new fintech partners or launching new fintech products until they’ve enhanced their fair lending controls.
The constraints imposed by this consent order demonstrate that a sponsor bank’s regulatory challenges can hamper its partners’ growth and that BaaS players who have interdependence in business also have a shared responsibility for fairness.
Moreover, just as the BaaS ecosystem requires coordination among its participants, it can also be fragmented. The number of players in any given BaaS partnership can increase the risk of unintentional non-compliance. For example, if one player adjusts its practices in some way, it might inadvertently create or exacerbate disparities for other partners.
At the same time, not every disparity is a fairness violation. The CFPB’s staff commentary to Reg B, which implements the ECOA, says that a practice that has disparate effects on a prohibited basis may nevertheless not be prohibited if it “meets a legitimate business need that cannot reasonably be achieved as well by means that are less disparate in their impact.” In addition, a practice may not be unfair if it is reasonably avoidable and has benefits that outweigh the alleged harm.
So what should non-bank BaaS players do?
Simple: Assume You Have Fairness Obligations, Because You Probably Do.
Here are 6 steps for non-bank BaaS companies to create or improve a strong Fairness Compliance Program:
1. Act Now
Today is the best time to implement a fairness compliance program. Fintech, lead generation and middleware providers can be subject to the ECOA as participants in loan transactions or as service providers, and regulators are increasingly acting on the belief that even unintentionally discriminatory policies can be illegal as “unfair” practices.
Non-bank BaaS ecosystem players need a fairness compliance program that is proportional to the potential disparities that might result from activities they perform. And they need it now.
2. Identify Practices that Might Cause Unfair Outcomes
You can’t measure what you don’t know, so start off by identifying any business practices that could cause disparate outcomes for protected classes. Because regulators are scrutinizing a broad swath of activities, BaaS players can’t limit their fairness audits to decisions about credit underwriting and pricing.
Also on regulators’ radar is the expanding adoption of technology for lead generation, digital marketing, fraud prevention, loan servicing, debt collection, and other non-credit functions used to offer or provide financial services to consumers.
Because disparities in any aspect of any financial transaction can be “unfair,” any activity that may result in materially different outcomes for historically underserved groups probably ought to be evaluated for fairness.
Another Best Practice is to risk-rank the business processes that you’ve identified based on their likely consumer impact and to focus on the higher- risk items first. For example, a practice that might cause historically underserved groups to be charged higher interest rates for a loan probably seriously harms those consumers, while a practice that sends relatively fewer debt collection notices to a historically underserved group might cause only minor harm, or perhaps no harm at all, to consumers.
3. Gather Your Data and Put It to Work
Once you’ve identified the practices that you intend to evaluate, consider what data is available to you and what outcomes should be measured. There’s no one-size-fits-all way to measure disparities.
While the outcomes that need to be evaluated are sometimes obvious, like whether applicants from different racial or ethnic groups are approved at different rates, the potentially disparate outcomes of some business practices can be subtle and require additional thought.
For example, if a marketing algorithm offered Black and White consumers different products or targeted advertisements primarily to certain demographic groups, or a servicing practice discouraged female applicants from gaining certain account benefits, or a fraud prevention vendor disproportionately flagged applications from older applicants, then the disparities that result could give rise to legal liability.
4. Use Math to Identify Disparities
Once you have all the relevant data to run a fairness review, you’ll need statistical analysis to evaluate fairness outcomes—which generally requires specialized knowledge.
Regulators have described the statistical methods that they use to assess the likelihood that a given applicant or customer belongs to a given demographic group.
Companies can use these same methods to gauge disparities. There are also a range of measures that can be used to assess fairness outcomes, such as Adverse Impact Ratios, Standardized Mean Differences and Shapley Values.
5. Search for Ways to Reduce Disparities
Just about every institution that looks for disparities finds them. But don’t despair: disparities by themselves do not give rise to legal liability.
The multi-million-dollar question is: Do the disparities you find arise from legitimate business needs that can’t reasonably be met in a more equitable manner?
Evaluating if there is a fairer means of accomplishing a legitimate business objective is a critical step in any fairness compliance program. To do it right, you have to pinpoint the specific business practices adversely impacting historically underserved groups and assess if there are alternative methods that achieve the same objectives with less bias.
To find less discriminatory variants of your business processes, you may need advanced mathematical methods. For example, de-biasing and fairness optimization methods can help identify ways of adjusting your decisioning criteria, resulting in better outcomes for protected class applicants while staying within your risk tolerance. Experts can guide you through this process and ensure thorough and accurate results.
6. Share Relevant Information With Your Partners
No one likes to share potentially negative information about their company.
Still, in the multi-player BaaS ecosystem with fragmented responsibilities and siloed data, BaaS ecosystem participants need visibility into program-level fairness risks from the loans they facilitate. And if there are disparities, BaaS players need an understanding of what’s driving them—and whether there are less discriminatory alternatives to the disparity-driving practice.
The business and legal risks to the BaaS ecosystem of individual participants withholding or minimizing the severity of compliance information outweigh the potential risks of sharing that information.
This collective action problem, while seemingly protecting individual firms in the short-term, paradoxically raises fair lending risks for the BaaS ecosystem overall since a lack of transparency undermines regulatory and consumer confidence in BaaS programs.
If there are confidentiality concerns, a neutral third party can evaluate the program without disclosing any single firm’s confidential information to the others.
If these fairness practices sound daunting, here’s the good news: fairness is good for business. Disparities often represent missed opportunities or mis-priced customers, while identifying and minimizing disparate outcomes can be a path to higher revenue and lower risk, especially in a world of tightened credit and heightened regulatory enforcement.
Meanwhile, not taking your fairness obligations seriously can tarnish your reputation, cost you money in penalties and rob you of potential partnerships, employee retention, consumer goodwill and more. Plus, a weak or absent fairness program can be a red flag for investors or partners, signaling potential regulatory problems or difficulty maintaining your bank partnerships down the line.
Bottom line: BaaS players who fail to meet their fairness obligations place themselves at serious risk.
If you follow the steps above, you’ll ensure you aren’t one of them.
Read the full article here