Where the F(BO) Is the Money? Part 1 – Synapse’s Clarion Call for Standards

This is the first of three articles focused on a key question: as bank-fintech partnerships continue to play a vital role in driving financial services, how does the industry make this system safer and better?

Fintechs and their partner banks are on edge. Regulators are concerned. But as counselors to a wide range of banks and nonbanks, we are confident that the bank-fintech partnership model is not broken. We have seen these partnerships work well — not just for clients, but for consumers and other end-users — with rigorous, risk-based controls that satisfy both the regulators and the public.

To some, the current fintech environment is grim. They see the recent spate of regulatory enforcement actions, calls for more granular approaches and greater engagement between banking regulators and nonbank fintechs, the collapse of fintech middleware Synapse (leaving an estimated $65 – $95 million shortfall between the money held by Synapse’s partner banks and the amount owed to fintech end-users), and requests from Congress for regulatory action.

We, however, see this as a unique opportunity for a fresh set of standards and thoughtful, interdisciplinary dialogue that builds on lessons learned and incorporates the positive examples that rarely, if ever, make headlines. We are optimistic that an industry-led approach — in collaboration with regulators — is a critical and underutilized tool that will restore confidence in the bank-fintech partnership model.

_______________________

In Part 1 of this series, we explain why now — post-Synapse bankruptcy — is the moment for banks and fintechs to closely examine the structure of their relationships. The Synapse bankruptcy has revealed some flaws in how the partnership ecosystem was built, but it does not change the long-term benefits of bank-fintech partnerships. We discuss the wide variety of account types and structures within the industry and why the term “FBO account” is too generic and functionally useless for understanding the industry. Part 1 concludes by explaining that industry standards for implementation — not new rules — are what are most needed to prevent future Synapse-like failures, and we highlight innovative efforts that are already underway.

Part 2 of this series encourages the industry and regulators to adopt the right lessons from Synapse. We dig into the details of Synapse’s failure to identify what really went wrong (spoiler: it had nothing to do with brokered deposits). While action is needed, preventing future failures does not require changes to the Bankruptcy Code or special rules for fintechs. Instead, we explain how existing regulations and guidance can be applied to the various types of bank-fintech partnerships and how account ledgering can be improved to mitigate the risk of consumer harm.

Part 3 of this series concludes on an optimistic note. Borrowing from the tried-and-true best practices model, we go into more depth on the emerging examples of industry-led collaboration to improve the structure of bank-fintech partnerships. We support these efforts and suggest potential next steps to formalize the development and implementation of comprehensive and rigorous standards. We also imagine the future state of bank-fintech partnerships and propose tech-based solutions, including an exploration of distributed ledger technology as a tool that could address lapses in account ledgering, thereby benefiting banks, fintechs, regulators, and ultimately consumers.

_______________________

1. Why Now: Synapse

Synapse Financial Technologies, Inc. (Synapse) was founded in 2014, along with its subsidiaries Synapse Brokerage LLC and Synapse Credit LLC. Synapse was touted as the pioneer of the banking as a service (BaaS) model, and was well-funded by leading venture capital firms.

Synapse functioned as a middleware between banks and fintechs. In this role, Synapse opened demand deposit accounts on behalf of approximately 100 fintech companies (and their end users) at four different banks, and Synapse managed the account ledgers. This meant that the banks and the fintechs were all reliant on Synapse to determine how much each customer was owed. By the middle of 2023, there were signs this reliance was misplaced, and in April 2024, Synapse filed for Chapter 11 bankruptcy in the Central District of California.

When a bank fails, Federal Deposit Insurance Corporation (FDIC) coverage generally means depositors get their money back. These accounts were at insured banks, but it was Synapse, not the banks, that failed. The fintechs and their customers probably assumed that their funds were safe at the banks (and maybe they are), but more than four months after the failure, hundreds of thousands of people are still unable to access their accounts. This has led other banks, fintechs, regulators, Congress, and consumers to all wonder the same thing: where is the money?

2. Examining the Structure: The “FBO Account” Muddle

Quickly on the heels of the Synapse bankruptcy, many pointed fingers at FBO accounts as being an underlying cause of trouble within the bank-fintech ecosystem. Not only does this demonstrate a fundamental misunderstanding of the Synapse situation, but it wrongly presumes that an FBO account is a singular discrete structure. While it has become common to call every account established within a bank-fintech relationship an “FBO account,” appending FBO or “for the benefit of” to the account title is merely a naming convention.

In fact, there is really no such thing as an FBO account. There are demand accounts, escrow accounts, trust accounts, custody accounts, and savings accounts, among others. Adding “FBO” to the name on the account indicates that there is a split between legal title and beneficial title for the funds in the account, but it does not change the nature of the account itself.

While adding “FBO” to the name on an account helps indicate the intention of the parties, it is the underlying account agreement between the fintech and the bank (or the end users and the bank) that is dispositive in determining what type of account has been established. We have seen, for example, instances of fintechs managing “FBO accounts” that are, in fact, nothing more than standard demand deposit accounts.

But we understand why the term “FBO account” has become popular: it is useful. The term quickly conveys the concept that one party (usually the fintech) is involved in establishing an account on behalf of or to hold funds for some third party (usually the fintech’s customers), and that the fintech, rather than the bank, will be responsible for managing the account records and maintaining the ledger balances. In the absence of a more convenient or accurate term, “FBO account” has propagated and been applied to all manner of fintech-related accounts — even those where the end users have a direct relationship with the bank and there is no FBO title on the accounts.

When everything is called an FBO account, what does the term even mean?

3. A More Fitting Convention: “Third Party Ledger Accounts”

Given both the genericization of the term “FBO account” and the need for a convenient and useful replacement, we propose calling these accounts “third party ledger accounts” or “TPLAs.” A TPLA is any account where a party other than the bank is responsible for maintaining the account ledger. A TPLA can have either split title, where one party establishes the account for the benefit of other parties, or unified title, where the legal and beneficial owner are the same party (i.e., there is no “FBO”). But TPLAs would not include an account established by one party for the benefit of another party where the bank itself maintains the ledger because these accounts do not present novel risks.

From the bank’s point of view, a TPLA (like the term “FBO account”) can refer to many account types (demand, custody, trust, etc.). However, unlike the FBO account, calling these TPLAs forces the bank, fintech, and end users to look beyond the titling of the account and to focus on the agreements that create the account relationships. The account agreements establish the rights and obligations of each party and ultimately determine who owns the funds in the account.

The term TPLA also better identifies the risks from Synapse-like arrangements. There, the point of failure was that banks and fintechs were relying on Synapse to maintain the account ledgers — it had nothing to do with the beneficial ownership status of the end users. On this basis alone, we recommend that industry standards be developed to guide banks and fintechs regarding the establishment and coordinated management of third party ledger accounts, including sharing access to account ledger data that is trusted and reconcilable in real time.

In short, calling these accounts TPLAs both surfaces the potential risks and points to the solutions. An important first step in identifying and mitigating those risks is to closely examine the structure of each bank-fintech relationship, including the potential impact on the TPLA of a bank, middleware, or fintech failure.

4. TPLAs Are Legion

Another benefit of the term “TPLA” is that it better captures the breadth of account structures in use throughout the industry. In some cases, calling these FBO accounts may be accurate but unhelpful with regard to identifying the risks; in other cases, it would be inaccurate and potentially misleading. But TPLAs encompass all of these account relationships and, more importantly, provide the foundation on which the industry can build a generally applicable set of standards.

The use of TPLAs frequently, but not always, involves meeting the FDIC’s requirements for recognizing deposit insurance on a pass-through basis. The FDIC explains pass-through, stating “the concept is that there is a person or entity depositing funds at an FDIC-insured bank on behalf of the actual owner of the funds.” The funds in the account are insured to the actual owner (i.e., the beneficial owner) not the named account owner, provided the requirements for pass-through insurance are met. Fintechs often are not “depositing funds on behalf of” their users, but nevertheless, common usage of pass-through arrangements in bank-fintech partnerships gave rise to the popularity of the term “FBO account.” Importantly, not every pass-through arrangement involves the third party managing the ledger, and not every account where a third party manages the ledger involves pass-through insurance. Ergo, the utility of “TPLAs.”

Below is a summary of some, but not all, variations of TPLAs used in the industry. One of the more popular uses of a TPLA is when a fintech (or other third party) manages the customer relationship but wants to remain outside the funds flow for money transmission purposes. There are, however, some TPLA relationships that are expressly used by licensed money transmitters.

• Pooled Account – This type of TPLA is used in prepaid cards and similar payment programs. Pooled accounts are seen in BaaS products where the fintech or other third party acts as a program manager and performs functions, such as customer onboarding and tracking end user funds in the pooled accounts. Pooled accounts are usually owned the bank itself and titled for the benefit of the program users. In these structures, there is a direct customer relationship between the bank and the end users.
• White Label Account – This type of TPLA is used when a fintech wants to offer its customers a deposit account product with its own branding. The deposit account is provided by the partner bank, and the terms and conditions establish a direct deposit account customer relationship between the bank and the end user. White label accounts are typically structured as a single parent account with subaccounts for each customer. The bank contracts with the fintech to manage the account ledgers, customer service relationships, and, in many cases, all the card and ACH payment transaction flows. Because of the direct deposit account agreements between the bank and the end users, these are not “FBO accounts” as the term was originally understood, but they are TPLAs. Many (if not most) of the accounts managed by Synapse were intended to be white label accounts.
• Payment Enabling Account – This type of TPLA is a type of custodial account used by BaaS, other fintechs, and many others to embed payments (credit card, debit cards, and ACH) into their services. Typically, these bank customers are not licensed money transmitters and have no direct access to payment networks. They need a bank to hold and transmit funds between the payment networks and the bank customer’s customers (the end users). Payment enabling accounts are owned by the bank and titled as being for the benefit of its customer’s customers, but the end users do not establish a customer relationship with the bank. Furthermore, while the bank-fintech program agreement assigns responsibility for maintaining the ledger balances to its customer, it generally makes clear that the bank (not its customer) retains ownership and control over the funds while in the TPLA.
• Licensee Account – This type of TPLA is established by a fintech or other third party that is required by its license to hold customer funds in a segregated bank account. These licensees can include money transmitters, broker-dealers, nonbank lenders, real property title agencies, and branches of foreign banks. These licensees are permitted to take legal ownership of their customers’ funds, and the licensee account is established in the name of the licensee either with or without being identified as for the benefit of the end users. The licensee’s users do not establish a customer relationship with the bank. Licensee accounts are often structured as pass-through insurance arrangements, although that is not always required by the applicable state law.

5. TPLAs and the Need for Industry Standards Generally

It is well-known that there are additional risk-management requirements when a bank outsources key functions to third parties. If applicable, there is also a need to modify customer identification programs (CIP) when the financial institution has little or no direct information about the end-user customers in a fintech program. Banks and fintechs now regularly include in their program agreements CIP and due diligence processes, transaction monitoring obligations, and fraud prevention procedures.

However, in part because of the rapid development of the bank-fintech ecosystem, there is less understanding of the potential risks when a third party manages the ledgers for a program or group of accounts. The ledgering methods for TPLAs vary widely and are often created ad hoc for each program. Some ledgering for these accounts exists only within the fintech’s (or other third party’s) systems, and the bank relies on reports for visibility into the end user balances. In other programs, the TPLAs will be reconciled by transmitting compiled files between the fintech and the bank. Yet others use application program interfaces (APIs) to directly update information on the bank’s core ledger.

Depending on the size and complexity of the particular program, reconciling the TPLAs can be exceptionally challenging. This is especially true for banks that are using outdated or chimeric systems that are difficult to integrate with the fintech architecture. The FDIC regulations for the recognition of deposit insurance and the maintenance of account records already impose on banks the requirements to ensure account balances are ascertainable for each beneficial owner of a TPLA. However, what banks need is a better understanding of best practices for how to fulfill that requirement.

It would be boon to banks and fintechs alike if there were standards to follow and apply when determining the ledgering and reconciliation processes that would be necessary for each type of TPLA.

6. Emerging Standard-Setting

In fact, the industry has been making significant inroads at setting standards in the BaaS context since 2022. For example, several community banks have joined together — through the Alloy Labs Alliance — to publish industry insights designed to standardize certain aspects of BaaS. A paper titled “The New Nomenclature Behind the BaaS Partnership Boom,” defines certain common terms and argues for “a shared industry vocabulary.” We view community bank-led efforts at standardization as critical for maturing bank-fintech partnerships and promoting thoughtful innovation.

On the tech side, we are similarly encouraged by recent announcements and calls to spearhead initiatives that will promote safety and soundness within the financial ecosystem, while also fostering competition and choice. Our colleagues at FS Vector are partnering with industry leaders to launch the Coalition of Financial Ecosystem Standards (CFES). CFES is an industry-led organization that sets operating rules that promote safety and soundness for nonbank participating in financial services.

We look forward to sharing more on these efforts to develop standards in Part III of this series.

7. Conclusion

The industry would benefit greatly from robust and comprehensive standards for implementation — not new rules — to prevent future Synapse-like failures. While we do not think “FBO accounts are original sin of banking-as-a-service,” without critical improvements, such as the ability to verify and reconcile end-user account data in real time, across multiple partners, within a trusted infrastructure, there will remain a greater risk from failure of a third party than failure of its bank partner. And in the absence of a bank failure, where deposit insurance is irrelevant, where the parties cannot agree on who is owed what, and where nobody knows where the money is, we inevitably risk Synapse II, with countless more consumers unable to access their funds in a tangled, seemingly irreconcilable ledger hellscape.

To jumpstart the standards discussion, the next article in our series will offer several draft principles — building partly from Synapse’s failure — followed by Part III, which delves into technological solutions that could potentially revolutionize account ledgering. For now, we are encouraged by the emerging efforts at setting standard for bank-fintech partnerships. These projects represent the clearest path toward maturing the bank-fintech ecosystem, fostering innovation and competition without sacrificing safety and soundness.

See Chapter 11 Trustee’s Eighth Quarterly Bankruptcy Report (Synapse Financial Tech. Inc.) (Bankr. C.D. Cal. 2024), Bloomberg Law at page 7.

FDIC, Financial Institution Employee’s Guide to Deposit Insurance at 77 (2024), https://www.fdic.gov/system/files/2024-05/financial-institution-employees-guide-to-deposit-insurance.pdf.

Interagency Guidance on Third-Party Relationships: Risk Management, 88 FR 37920 (June 9, 2023).

See FFIEC BSA/AML Examination Manual (2021), Customer Identification Program (CIP) Overview, Procedures, and Examination Procedures, at 2.

12 CFR 330.5 and 12 CFR Part 370.

See also, Alloy Labs Members Move to Standardize BaaS; Defining Roles & Responsibilities in BaaS (alloylabs.com);