FDIC’s ‘Synapse Rule’ and the BaaS impact: A banker’s perspective

Less than six months after the Synapse collapse, the FDIC released a notice of proposed rulemaking intended to strengthen recordkeeping requirements for certain types of custodial deposit accounts.

Coined by many as the “Synapse Rule”, FDIC staff and leadership point to the Synapse fallout and their bank partners as the impetus for rulemaking. As drafted, the proposal includes recordkeeping and reporting obligations designed to improve oversight and transparency in custodial relationships.

Trent Sorbe image
Trent Sorbe

Given the scale of the Synapse failure, it’s not surprising that the FDIC’s response has been swift and potentially far-reaching. The industry must now grapple with whether the agency’s proposed reporting requirements will achieve the intended outcomes, or unintentionally stall bank-fintech partnerships that already fit the FDIC’s proposed rule. Not to mention the impact on bank-led BaaS.

Behind the FDIC’s proposed rules

The recordkeeping provisions generally require banks to maintain specific records to identify all beneficiaries of accounts with certain transaction capability and that are held by a custodian, maintain such records in an agency-developed, standard format, and administer custodial accounts under sound internal controls and auditing. The reporting provisions require annual attestations and regulatory filings for all banks holding even one custodial account subject to the rule.

The testimony by agency staff during the Sept. 17 FDIC Board of Directors meeting justified the proposed rule by pointing to a lack of consumer understanding of:

  1. The limitations of pass-through deposit insurance protections.
  2. Sufficient recordkeeping by banks is necessary for the agency to fulfill the statutory requirement to promptly disburse insured deposits in the event of a bank failure.

FDIC leadership specifically called out the damage left by Synapse’s collapse and the impact to consumers because of the massive disparity between the Synapse ledger and cash on hand in various custodial accounts at its partner banks.

The Synapse debacle checks all the boxes for predicting a swift regulatory response: massive consumer harm, confusion about the limitations of deposit insurance, and prolonged irregularities involving a relationship between a nonbank and multiple insured financial institutions. Given the scourge from Synapse, it is hard to imagine any astute industry stakeholder being surprised by a regulatory response that is sweeping and imposing.

As the comment period begins, few are expected to argue with requirements that banks maintain records that: A. Properly identify beneficial owners; B. Accurately maintain their portion of the custodial account balance, and C. Are administered under sound internal controls, audited regularly, and reconciled daily.

Addressing the potential far-reaching impact

For most, these requirements were already universally accepted standards for offering custodial accounts. Synapse was an outlier because it was not transparent in explaining how or where its customers’ funds were held.

Regulators and U.S. senators have referenced Synapse’s failure as a weakness of fintech-led banking-as-a-service (BaaS) systems. Unfairly grouped into that box are bank-run BaaS programs that provide the entire financial ecosystem — banks, fintechs and their customers — the fund security and FDIC protection that Synapse failed to offer.

While the recordkeeping requirements will feel like a restatement of the norm for many, the proposed rule’s reporting requirements will likely elicit arguments that such submissions are unnecessary and most importantly, will not prevent a Synapse-like outcome from a future fractured bank-fintech relationship. Bank-led fintech relationships should not be viewed the same as fintech-bank relationships like Synapse and Evolve.

In response to the FDIC’s proposed rules

As comments begin to pour in, the FDIC will likely be challenged to defend its intended actions by those who contend that the proposed rule’s reporting requirements are overreaching to avoid another Synapse saga. Specifically, the agency will have to contend with a host of arguments likely to fall into one or more of the following general categories:

  1. Could the definition of “custodial account with transaction capabilities” be more tightly defined to better isolate banks maintaining custodial accounts at risk of a Synapse repeat?
  1. Will the agency-mandated reporting and data file requirements actually be useful in the event of a bank failure? Do the data requirements conflict with or create confusion with other laws and regulations, most notably those associated with banks’ required customer identification program?
  1. If the agency had the information required to be reported under the proposed rule back in 2023 when it is believed the Synapse funding shortfall was discovered, would it have prevented the devastation experienced by consumers in the wake of the fintech’s collapse? What would the FDIC have done since none of the banks failed?

Balancing the rules: What the FDIC should consider

At a time when community banks could leverage bank-led BaaS programs that provide the necessary fund protection, and support the digital banking needs of their customers, the  FDIC must consider the impact of potential far-reaching rules that may place an undue burden on those that already follow the accepted standards for offering custodial accounts.

Focusing back on the first question, the FDIC must consider whether the type of custodial account creating risk of a Synapse repeat could be more carefully carved to better isolate and identify banks deserving of close oversight and compliance obligations.

As drafted, transaction capability is the lone qualifier that subjects a custodial account to the rule. The agency should consider the following as additional qualifiers (or perhaps outright prohibitions), any one of which are already widely considered warning signs of possible abuse:

  • The custodial account is owned or controlled by a nonbank or third-party partner.
  • A party other than the bank can transfer funds to or from the custodial account that are unsupported by the transaction activity of any beneficial owner.
  • The ledger is administered by a third party that is not independent of the program, or the third-party ledger provider’s primary contractual relationship is with a party other than the bank.
  • Transaction settlement with payment networks is performed directly in the custodial account rather than one or more settlement accounts where it can be reconciled first.
  • A third-party custodian subcontracts or otherwise enables use of the custodial account to another party.

Arguably, the above red flags warrant an outright prohibition. At a minimum, the FDIC should consider clarifying the definition of custodial accounts subject to the reporting and data file portions of the rule, as a means of better segmenting such high-risk activities.

As drafted, the current blanket approach masks the outliers by diluting the mandatory reporting with the majority of banks already managing custodial accounts in accordance with long-held standards for safe and sound banking and pass-through deposit insurance.

Trent Sorbe joined First International Bank & Trust (FIBT) in 2023 as the institution’s first chief payments officer. With more than 30 years of credit, debit and prepaid cards and payments experience, Sorbe is leading the bank’s payment initiatives, including its Kotapay division, a top 30 ACH originator in 2022 that settled over $100 billion in ACH originations in 2023.