Hey there -- Alex here. You probably have a couple of questions. Namely, "who's Kiah and why am I getting her newsletter?"

Kiah Lau Haslett is the newest creator in the Fintech Takes cinematic universe. Her weekly newsletter focuses on all things banking. It looks like you might be in (or adjacent to) banking, so I wanted to share (don't worry, you'll still get the other Fintech Takes newsletters you've been receiving).

As I've always said around here, you can't understand fintech if you don't understand banking and Kiah has, over the last couple of years, immeasurably leveled up my understanding of banking.

I hope you'll give her new newsletter a read each Tuesday. I've gotten a peek at what she has coming down the pipe and I promise, you'll learn something worth your time.

Ok, enough of me. Passing the mic over to Kiah!

Hello! Kiah here. Welcome to Fintech Takes Banking, my weekly newsletter where I highlight things I think are interesting or important for bankers and the surrounding environs.  

I thought long and hard about what my first newsletter should be, and ultimately decided to spare you an accounting topic (longtime readers of mine will understand). And so, I took a look at the comments of the OCC’s recent request for information and found myself… disappointed! I was planning on writing a very different piece about this RFI and wasn’t able to. Read on to find out more. 

Also, you might think from this newsletter that I am a Mean Girls stan, but I have seen it maybe two times, and the first time was in like…. 2016. This is neither an indictment nor endorsement.

Was this email forwarded to you?

Pretend you’re having a party and invite 800 people you think would be interested in attending (also pretend you’re rich). People have 45 days to RSVP. On the day of the party, only 22 people show up. Seventeen of them work with your parents.

Something similar recently played out in the requests for information from a federal banking agency (There wasn’t a party, don’t worry). The Office of the Comptroller of the Currency issued a request for information, or RFI, this spring seeking to learn more about the “specific obstacles” that community banks face as they attempt to “modernize operations, enhance customer experience, and remain competitive.” 

Side note: This RFI uses “digitalization” instead of “digitization,” which I think is a much clunkier term. Merriam-Webster says they’re synonymous, so I’m just going to use “digitization” for the most part. The fact that the OCC picked the clunker phrase feels consistent with my read of the agency’s efforts in this situation.

By all accounts, this RFI should have been a welcome opportunity for smaller financial institutions, and there should have been lots of interest. The OCC regulated 1,040 banks at the end of 2024, and it says 80% of those are community banks, which are often defined as institutions with less than $10 billion in assets. And yet, that’s not what happened! The agency received 22 responses, including two from bank trade groups. While I’m sure the bank members of those trade groups would agree with what their trades submitted on their behalf, only five community banks submitted comment letters providing their own direct feedback. One was from a bank that the OCC doesn’t even supervise. 

This surprised me. Digitization has been a major challenge for community banks for a long time. And arguably, the attitude and actions of the federal banking agencies over the last four years made it harder for banks to add certain new technologies without too much skepticism. This caution and skepticism is evidenced most clearly in the OCC’s about-face concerning banks offering cryptocurrency custody and stablecoin services (allowed, then allowed only after nonobjection, then back to allowed) and the February release of the Federal Deposit Insurance Corp.’s “crypto pause” letter dossier, but the universal crackdown on the institutions in the banking as a service space also comes to mind. So why didn’t more banks write in? 

The request was “a bit unorthodox and a bit stilted” for an RFI, said Justin Steffen, a financial institutions partner at the law firm Barack Ferrazzano Kirschbaum & Nagelberg. 

“I have no idea what the impetus was for it,” he added. “Usually, I see an RFI as a prelude to some initiative or regulation or legislation. I don't think I would view this one that way. This is ‘Tell me your problems with technology.’”

The OCC is seeking to “better understand” the challenges community banks face when it comes to planning for digitalization. It asked about issues related to due diligence, implementation, technology costs and how these items impact budgets. The agency wanted to know about banks’ use of third parties, how their boards govern technology and the risks banks see when it comes to digitalizing, as well as doing nothing and standing pat. It also asked banks about the impact of applicable laws and regulations, how they share data with their partners and their usage and oversight of artificial intelligence. 

The request comes at a transitional time for Washington, underlining a different attitude and approach toward these topics relative to the previous administration. Regulators have rescinded the 2023 version of the Community Reinvestment Act and announced they’ll no longer examine for reputation risk. The Federal Reserve Board is revisiting large bank capital rules, while the FDIC repealed its merger policy, which was less than a year old, and is looking again at its industrial loan company charter application process. 

The RFI on community bank digitization is a small part of this broader endeavor. In June, then-Acting Comptroller Rodney Hood said the agency’s priorities included "accelerating bank-fintech partnerships” and "modernizing regulation to unleash growth.”

“But for community banks, the path forward is not always as clear,” he said. “That’s why we issued a Request for Information (RFI) earlier this year, seeking direct input on the unique challenges community banks face when adopting digital solutions. Our goal is to develop guidance, tools, and partnerships that help ensure that all banks—not just the largest—can modernize and remain competitive.”

But there was some goofiness in the RFI’s questions for community banks. Justin thought “the funniest thing” in the RFI was the question of how dependent community banks are on vendors. 

“Like, entirely? I thought it was funny that they even asked. Was there uncertainty?” he said. “Most banks aren't JPMorgan Chase. They don't have the staff and resources to build internally. Was that not well known before?”

Source: OCC’s Request for Information Regarding Community Bank Digitalization

What the (again, five) community banks shared with the OCC about their digitalization challenges will surprise no one. Chris Sawyer, CEO of Grand Bank for Savings, said his institution’s challenges included limited internal expertise and budget constraints. And the banks told the OCC that regulation can impede their digitization efforts, but that there are larger, structural and existential challenges that fall well beyond the OCC’s regulatory or supervisory purview. 

These issues include finding qualified talent and the ever-complicated relationship between banks and their core providers. Still, there was an interesting mix of comments and suggestions that I divided into two camps: 1) What the OCC could do and 2) what the OCC could do if it really wanted to but probably won’t do. These category assignments are my own assessment of past OCC actions and statements, but I ran them by Justin for a vibe check. 

More tailored and specific guidance. Bankers asked for “faster” guidance on emerging and evolving technology trends, and model risk expectations for less-complex institutions. They also wondered if the OCC could provide examples of effective board oversight and acceptable artificial intelligence use cases. 

But providing tailored guidance is “harder than it seems” for federal banking agencies, Justin said. Providing guidance that is too specific and prescriptive could make community bank executives overly reliant on the guidance and possibly risk missing things that are important but weren’t captured in the guidance. 

“What the OCC is saying is, ‘It depends.’ … These things depend greatly on many different factors and many different ways you operate,” he said. “The reason the OCC won't give banks a broad brush or a broad set of factors is because that might give banks the impression that other things don't matter when they do, or vice versa.” 

Better and standardized examiner education. Chris shared in his letter that during Grand Bank for Savings’ OCC exams, the bank’s due diligence and implementation elements are rated “differently depending on each individual regulator’s subjective expectations and expertise.” He suggested the agency develop a standardized diligence template for examiners, along with an “expected project implementation framework for small banks.”

These are items I frankly think the OCC (or any regulator) has no interest in doing, but I wanted to highlight them because they reveal gaps that community bank executives believe could be addressed by the regulator.  

BSCA vendor list. One suggestion was to make more use of the Bank Service Company Act exam findings and leverage them into a database or list for small banks to use. Chris at Grand Bank for Savings suggested the OCC share a list of nonqualified fintech vendors or a rating system of fintechs that includes an independent audit evaluation and any negative issues. Hong Ngoc Nguyen, the CFO at California International Bank, seconded a database for “vetted vendors” used across the banking industry and added that it would be helpful for banks to have access to the service provider reports of examination.

Justin flatly said, “No way.” A list of nonqualified vendors could create reputational risk for the OCC if the vendor suffers negative outcomes from being on the list. He also said banks would put too much value in whatever judgment or criteria the OCC uses in its determinations, and that banks and OCC may differ on their vendor criteria or areas of due diligence. 

My two cents here is that I think this could be a workable idea if the BSCA did what everyone thinks it does. But in my research of more than a year, I learned there are likely fewer exams conducted than one would think is ideal in this world of bank-fintech partnerships (only 12 in 2023, according to an August report from the FDIC’s Office of Inspector General), and that these exams are likely dated. 

Also, I understand the regulator’s concern that a bank using the BSCA as a proxy for “regulator-approved vendor list” is exactly the opposite of what they want. “Banks are responsible for vendor management and [the Division of Risk Management Supervision] does not want to create the impression that managing vendor risk is a regulator function,” the FDIC’s OIG wrote in August. 

Fraud consortium. Chris also suggested the OCC develop a fraud prevention data sharing portal — also known as a fraud consortium — and mandate its supervised entities use it. He even included an outline.

I don’t think this is a terrible idea, and previously ranted about why the Financial Crimes Enforcement Network, as recipient of the industry’s suspicious activity report filings, isn’t more active here. Digital channels have made it easier for fraudsters to find more institutions to open accounts at, and institutions are playing catchup, trying to understand these tactics so they can prevent greater fraud and block future attempts. I like that this suggestion speaks to the idea that regulators could serve as central coordinating mechanisms and providers of a valuable service. 

Of course, the main critique of this is that a consortium that excludes nonbanks has clear limitations, a charge that has been levied at other consortia. Banking agencies also have an outstanding RFI on fraud and I will be interested to see if similar requests pop up there.

Vendor standards. One of the five bank letters came from Coastal Community Bank, which is not an OCC-supervised institution. Coastal wanted to share some of the governance and operational work it has done to incorporate fintech business lines into its strategy. The bank suggested that the OCC could support efforts to make vendors more accountable and amendable, potentially by encouraging or requiring that they adhere to interoperability and data access standards and support modular API architecture.

So that’s the broad overview of the community bank letters. It remains to be seen what happens with them after the installation of Senate-confirmed Comptroller Jonathan Gould. The OCC declined to comment on the RFI for this piece. But the exercise fails to answer a pretty essential set of questions: Why this, why now? 

Why did the OCC send out this particular RFI at this particular time? Is it possible that the OCC doesn’t know the answer to these questions, like how reliant community banks are on vendors to digitize? Did the OCC feel that this was the best way to ask bankers about the technology challenges they face? (Do not even get me started on the data sharing questions in this RFI — it’s a rant for another day.)

“I think if you thought about it, you wouldn't expect to get much here,” Justin said. But he doesn’t think the RFI was a wasted effort, even if there was less participation than anyone wanted. He saw it as “nothing ventured, nothing gained.”

But what conclusions is the OCC — is anyone — supposed to draw from five bank comment letters and 22 from fintechs and industry groups? I’m not mad, I’m just disappointed. When I shared this on the Fintech Takes Network, someone messaged me to say, “Community bankers are probably too busy to respond.” I think that’s probably accurate and partially explains the low participation rate from the exact audience the OCC wanted to hear from. But then why do it in the first place? 

It remains to be seen what comes of this RFI — or of any RFI that regulators have published in recent years. It’s a long list: third-party partnerships, brokered deposits (kidding), ledgering (TBD!), fraud, capital rules and this one. The priorities of the federal banking agencies are in flux, to say the least. 

The community bank digitization RFI asked bankers to imagine what the OCC could do to help them. The question now is whether the OCC, under new leadership and with a new attitude, wants to do that. 

FROM THE VAULT

What I’ve been reading, watching and listening to this week:

⏳Waiting for: My retirement check to show up so I can forward it over to my new provider. The Redditors and I are wondering why, in 2025, our retirement fund providers (Fidelity, TIAA and Vanguard, among others) are still putting these checks in the mail in the first place.

📋To-Do List: I was inspired by these nostalgic summer bucket lists to create one of my own this year. I just checked off “see a play” with a Labor Day trip to Wisconsin to see some regional theater with a friend who worked in the costume shop. What summer adventures are you checking off and is September basically a summer month where you live?

🥵All About AC: Amanda Mull explains in Bloomberg Businessweek how important air conditioning has been to the American South becoming a “cultural powerhouse” and ain’t that the truth.

✈️ Catch Me At: MX’s Money Experience Summit Forum, Sept. 15-17 in Park City, Utah

Thanks to my colleagues Kate and Claire for making these memes for me, and thank you for reading! Let me know your thoughts on this piece. 

Also, I want to underline that there are a lot of RFIs outstanding from federal banking agencies right now, and I think it’s important that regulated financial institutions comment on them and participate in this process! I would much prefer to engage with the substance of these letters than comment on the lack of them.

– Kiah

Get your brand in front of 55,000+ financial services execs.

Workweek Media Inc. 
1023 Springdale Road, STE 9E
Austin, TX 78721

Want to ruin my day? Unsubscribe.