Expanding regulatory authority challenges in financial services

Explore challenges, regulatory pressures and actions to take.

The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take. 

Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to expanding regulatory authority.


The financial services landscape is fundamentally changing; technology is now integral to financial services delivery and much of the innovation is being developed through FinTech and nonbank financial services companies. Traditional banks are actively forging partnerships and alliances with one or more of these companies to quickly achieve scale, enter new markets, or acquire needed capabilities.

There is some tension between Federal and State regulators, which license or charter most FinTech and nonbank financial services companies. States are working together to establish more uniform licensing and streamlined examinations recognizing companies increasingly hold a multiplicity of licenses. Efforts by the OCC to establish separate special purpose national bank charters are ongoing but have been opposed by the States; this debate will spill into 2021 and potentially beyond.

Throughout 2021, financial services companies may also be impacted, directly or indirectly, by:

  • some very large nonbanks seeking, and receiving, federal charters permitting deposit taking and potential access to the Federal payments system
  • heightened attention by DOJ and FTC to anti-trust and anti-competitive activity in financial services markets, including acquisitions of nascent companies
  • state laws and regulations establishing new supervisory units or stringent regulations with broad application
  • expansion of regulators existing regulatory authority to new areas, such as artificial intelligence and ESG issues.

Regulatory pressures

Regulatory acceptance of emerging areas. Expanding use of artificial intelligence, machine learning, and algorithms by bank and non-bank financial institutions to execute core activities will present novel challenges for both regulators and the institutions they supervise. Tighter integration of third-party technologies into core functions and customer facing applications will drive deeper scrutiny by regulators seeking to understand the risks posed to both safety and soundness and consumer protection. Regulators will press institutions to demonstrate and explain use cases for these new technologies as well as governance and oversight of the associated risks in a clear and concise manner.

Regulators are just beginning to understand ESG risks and are in the early stages of exploring how to monitor, measure, and report them. For 2021, the regulatory focus is clearly centered on climate change. Though even as regulators begin to set expectations, financial services companies should note the regulators currently have the jurisdictional authority needed to set forth supervisory expectations for addressing financial climate-related risks, and ESG risks more generally, without requirement for additional rulemaking.

Applications for licensure. Technology companies and FinTechs seek licenses and charters to expand into adjacent businesses and to offer complimentary products on their digital platforms. Money Transmitter Licenses, Bank Charters, and SBA licenses will bring scrutiny to previously unregulated companies that will need to build teams, systems, and processes capable of responding to examinations. Bolstering compliance programs for new expectations will be slowed by hiring/staffing challenges during COVID-19. Industry opposition to the OCC’s proposed special purpose charters questions whether supervisory oversight would mirror that for banks and their holding companies.

Federal and State regulatory divergence. Federal and State regulators are at odds over a variety of regulatory topics. DOJ and FTC are actively pursuing anti-trust compliance as it relates to customer data privacy, especially in the technology sector and digital markets. Some States have enacted laws and promulgated regulations that are setting expectations at the federal level, such as California’s CCPA data privacy law, New York’s cybersecurity regulation, and multiple States new “mini-CFPBs” (refer to the Customer Protections section within the document below). Notably, the OCC and the NYDFS remain engaged in a legal dispute regarding chartering authorities. These divergences will create uncertainty for both regulators and the institutions they regulate. Simultaneous efforts by State supervisors to streamline licensing and examinations may drive more regulated financial activity to the States.

Regulatory expansion regarding digital assets and Cryptoassets. State frameworks for digital assets and cryptoassets (e.g. Wyoming and New York) will allow for new entrants to custody cryptoassets alongside certain Federal banking entities. There is, however, little coordination in approach at the State level. Into 2021, regulatory guidance will remain sparse and evolving as the breadth of activities, scope of experience, and regulatory authorities expand. Supervision examinations are expected to cover areas such as BSA/AML/KYC/sanctions, custody and fiduciary activities, information technology, payment system risk and bank operations.

Mergers and alliances. Continued consolidation amongst and across bank and nonbank financial services companies will expand the scope and scale of supervision that combined organizations will face.

Administration and policy changes. Shifts in public policies resulting from an Administration change or agency leadership changes may alter, or in some cases pull back, efforts to redefine or expand regulatory chartering authorities at the Federal level. Other potential changes contemplated over a longer term portend competition from new government-run financial services providers, which could influence the viability of certain business relationships or M&A decisions.

7 actions to take

Key considerations for bank charter applications

  • Organizers, management, directors
  • Business plan
  • Capital and liquidity
  • Consumer compliance
  • Financial inclusion
  • Contingency planning
  • Accounting and tax
  • Other regulators
  1. Ensure that all leveraged technologies and their usage can be easily explained to regulators, including associated governance and risk management structures.
  2. Ensure that service continuity/resilience plans are established for any providers of key services (e.g. ML, AI, cloud), including contracted third parties and alliance partners.
  3. Evaluate innovation priorities and determine technology needs. 
  4. Assess risk appetite and existing risk management frameworks for new technologies and products (e.g. cryptoassets).
  5. Develop a posture/strategy for M&A activity, giving consideration to transaction size and specific targets based on technology, markets, and/or geographies; maintain, monitor, and periodically reassess a list of potential targets in light of the strategic plan.
  6. Maintain a dialogue with regulatory authorities, as appropriate.
  7. Review pending or anticipated acquisitions and third-party relationships for anti-trust issues and risks as well as for how new products will be structured and operationalized.

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100
Michael Scarpa

Michael Scarpa

Managing Director, Advisory FS Regulatory & Compliance Risk, KPMG US

+1 212 872 3528