Fintech and Digital Financial Services in the US
Fintech — shorthand for financial technology — encompasses a broad and rapidly evolving set of software-driven business models that deliver banking, lending, payments, investing, and insurance services through digital channels. In the United States, the sector operates across a fragmented regulatory landscape governed by federal agencies including the Consumer Financial Protection Bureau (CFPB), the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the Securities and Exchange Commission (SEC), among others. This page maps the definition, structural mechanics, regulatory boundaries, and practical tensions of US fintech and digital financial services, serving as a reference for researchers, compliance professionals, and consumers seeking to understand the sector's scope.
- Definition and Scope
- Core Mechanics or Structure
- Causal Relationships or Drivers
- Classification Boundaries
- Tradeoffs and Tensions
- Common Misconceptions
- Checklist or Steps
- Reference Table or Matrix
- References
Definition and Scope
Fintech describes the application of technology — including mobile software, application programming interfaces (APIs), machine learning, blockchain protocols, and cloud infrastructure — to the delivery and automation of financial services. The Financial Stability Board (FSB) defines fintech as "technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services" (FSB, 2019).
In the United States, fintech is not a single regulatory category but a descriptor applied across multiple licensed and licensed-exempt business types. Scope includes, but is not limited to:
- Digital banking and neobanks — deposit-taking services delivered without physical branches, often operating under a partner bank's charter
- Payments and money transmission — peer-to-peer (P2P) payment platforms, digital wallets, and real-time settlement networks
- Online lending — marketplace lenders, buy now pay later (BNPL) providers, and automated underwriting platforms
- Robo-advisers and digital wealth management — algorithm-driven portfolio management registered under the Investment Advisers Act of 1940
- Insurtech — technology-mediated insurance underwriting and distribution
- Cryptocurrency and digital assets — blockchain-based value transfer and decentralized finance (DeFi) protocols
- Regtech — compliance automation tools sold primarily to regulated institutions
The financial services regulatory framework governing these segments is not unified; a given fintech company may simultaneously hold a money transmitter license in 48 states, a lending license from a state banking department, and registration as an investment adviser with the SEC.
Core Mechanics or Structure
Digital financial services rest on four structural layers that interact to produce the end-user experience.
1. Licensing and charter layer. A fintech company must identify which regulated activities it performs and obtain the corresponding authorizations. Banks issue charters under OCC supervision (national banks) or state banking department supervision (state-chartered banks). Non-bank lenders typically obtain individual state licenses. Money transmitters must register with the Financial Crimes Enforcement Network (FinCEN) as money services businesses (MSBs) under 31 CFR Part 1022 and hold state money transmitter licenses — a requirement that exists in 49 states and the District of Columbia as of the most recent state licensing surveys published by the Conference of State Bank Supervisors (CSBS).
2. Technology and infrastructure layer. Core banking systems, cloud platforms (subject to OCC guidance on cloud risk, OCC Bulletin 2020-10), and API integrations with payment rails such as the ACH network, Fedwire, and the RTP® network operated by The Clearing House constitute the plumbing of digital financial services. The Federal Reserve's FedNow® Service, launched in July 2023, added a second real-time gross settlement rail available to depository institutions.
3. Data and decisioning layer. Automated underwriting, fraud detection, and customer verification rely on data inputs governed by the Fair Credit Reporting Act (FCRA, 15 U.S.C. § 1681), the Gramm-Leach-Bliley Act (GLBA) privacy and safeguards rules, and the CFPB's examination authority over larger non-bank entities under Dodd-Frank Act Section 1024. The CFPB finalized its Personal Financial Data Rights rule under Dodd-Frank Section 1033 in 2024, creating a framework for consumer-authorized data portability.
4. Consumer interface layer. Mobile applications, web portals, and embedded finance integrations — where financial products are offered inside non-financial platforms — represent the consumer touchpoint. This layer is subject to the Electronic Fund Transfer Act (EFTA), Regulation E, and Truth in Lending Act (TILA) disclosures, among other requirements tied to specific product types. Consumers' rights within these interfaces are detailed further in the consumer financial protections resource.
Causal Relationships or Drivers
Five structural forces explain why digital financial services expanded from a niche segment into a central delivery mechanism within the broader US financial system.
Smartphone penetration. As of the Pew Research Center's 2023 survey data, 91% of US adults own a smartphone, creating a ubiquitous delivery channel that did not exist at scale before approximately 2010.
Underbanked population demand. The FDIC's 2021 National Survey of Unbanked and Underbanked Households found that 4.5% of US households — approximately 5.9 million households — were unbanked. Fintech providers identified this population as an addressable market underserved by traditional branch-based institutions (FDIC, 2021).
Regulatory openings. The OCC's non-bank charter initiatives and the CFPB's sandbox and no-action letter programs provided provisional regulatory certainty for novel business models. The OCC issued its "Exploring Special Purpose National Bank Charters for Fintech Companies" whitepaper in December 2016, signaling institutional acknowledgment of the sector.
Capital availability. Venture capital deployment into US fintech reached $27.9 billion in 2022 before contracting substantially in 2023, according to CB Insights sector reports — a capital cycle that funded rapid product iteration and user acquisition strategies unavailable to traditional depository institutions constrained by regulatory capital ratios.
API-driven interoperability. Open banking practices, driven first by private agreements and later by the CFPB's Section 1033 rulemaking, allowed fintech companies to access consumer financial data held by incumbent banks — enabling account aggregation, payment initiation, and credit underwriting without requiring a banking charter.
Classification Boundaries
Understanding which regulatory regime applies to a given fintech company depends on identifying the activity performed, not the technology used. The following boundaries are critical.
Bank vs. non-bank. A company that accepts insured deposits becomes a bank subject to prudential regulation by the OCC, Federal Reserve, or FDIC. Neobanks that offer FDIC-insured deposit accounts without a charter of their own operate through a licensed partner bank under a Banking-as-a-Service (BaaS) arrangement. The partner bank — not the neobank — holds regulatory accountability for the deposit product.
Securities activity threshold. Robo-advisers that provide individualized investment advice for compensation must register as investment advisers under the Investment Advisers Act of 1940 with the SEC (for firms managing $100 million or more in assets) or with the relevant state securities regulator. This threshold is established in SEC Release IA-1092 and Section 203A of the Advisers Act. The registered investment advisers page covers those registration requirements in depth.
Money transmission vs. payment facilitation. A company that holds consumer funds in transit is a money transmitter; one that passes authorization data without holding funds may not be. This distinction determines whether state money transmitter licensing applies — a determination that varies by state statutory language and is documented in CSBS licensing surveys.
Crypto asset classification. Whether a digital asset is a security (subject to SEC jurisdiction), a commodity (subject to CFTC jurisdiction), or a currency (subject to FinCEN MSB rules) remains contested and subject to active litigation and rulemaking as of 2024. The SEC has applied the Howey test (SEC v. W.J. Howey Co., 328 U.S. 293 (1946)) as the primary framework for assessing security status.
Tradeoffs and Tensions
Speed vs. compliance burden. Technology-first companies can deploy new products in weeks; obtaining money transmitter licenses across all 50 states can take 18 to 36 months and cost between $1 million and $5 million in aggregate fees and compliance infrastructure, according to CSBS multi-state licensing research.
Innovation vs. consumer protection. Automated decisioning systems using non-traditional data (rental history, utility payments, social signals) may expand credit access for thin-file consumers but also raise fair lending concerns under the Equal Credit Opportunity Act (ECOA) and the Fair Housing Act. The CFPB has issued supervisory guidance on algorithmic model risk in credit decisioning.
Charter flexibility vs. systemic risk. Non-bank fintech lenders are not subject to the same capital adequacy requirements as bank holding companies under Basel III-derived US capital rules. This lighter capital burden enables pricing flexibility but concentrates credit risk outside prudentially supervised institutions — a concern raised by the Financial Stability Oversight Council (FSOC) in its 2023 Annual Report.
Data utility vs. privacy rights. The more behavioral data a fintech platform collects, the more accurate its risk models become — but GLBA, state privacy laws (California Consumer Privacy Act/CCPA), and the emerging Section 1033 framework impose constraints on data use, sharing, and retention that limit model inputs.
These tensions intersect with financial services compliance standards that govern how both traditional and digital providers operate within the same consumer protection framework.
Common Misconceptions
Misconception: Neobanks are banks.
Neobanks — companies such as challenger banking platforms offering deposit accounts via mobile apps — are not chartered banks. They partner with FDIC-insured depository institutions and the deposit insurance coverage applies to the charter-holding bank, not the neobank itself. The FDIC issued a consumer alert in 2023 clarifying that pass-through FDIC insurance applies only when specific custodial arrangements are properly documented.
Misconception: Cryptocurrency exchanges are unregulated.
US-based cryptocurrency exchanges that facilitate the exchange of fiat currency for digital assets must register with FinCEN as money services businesses and comply with Bank Secrecy Act (BSA) anti-money laundering (AML) requirements. Exchanges offering securities-like products face additional SEC or FINRA oversight. The characterization of crypto as entirely unregulated is factually inaccurate.
Misconception: CFPB authority does not reach fintech companies.
The Dodd-Frank Act (12 U.S.C. § 5514) gives the CFPB supervisory and examination authority over non-bank financial companies that pose risks to consumers, including large fintech lenders and payment companies. The CFPB has exercised this authority through enforcement actions and examination programs targeting non-bank mortgage servicers, student loan servicers, and payday lenders.
Misconception: Robo-advisers eliminate fiduciary obligations.
SEC-registered investment advisers — including automated robo-adviser platforms — remain subject to the fiduciary duty framework applicable to all registered advisers, requiring them to act in clients' best interests and disclose conflicts of interest. The fiduciary standards in financial services page explains how that duty applies across advisory models.
Misconception: Open banking is mandated nationwide.
The CFPB's Section 1033 rule, finalized in 2024, establishes a framework for data access rights, but implementation is phased and subject to ongoing litigation. The United States does not yet operate under a comprehensive open banking mandate equivalent to the European Union's Payment Services Directive 2 (PSD2).
Checklist or Steps
The following sequence describes the standard regulatory assessment process a fintech company undertakes when evaluating a new US market entry or product launch. This is a structural description of what the process involves — not professional legal or compliance advice.
Phase 1 — Activity identification
- [ ] Identify all financial activities the product performs (lending, payment transmission, investment advice, deposit-taking, insurance)
- [ ] Map each activity to the applicable federal and state statutory definitions
- [ ] Determine whether any activities qualify for de minimis exemptions under state law
Phase 2 — Federal registration and licensing
- [ ] Assess whether FinCEN MSB registration is required (31 CFR Part 1010.100)
- [ ] Determine SEC investment adviser registration threshold ($100M AUM threshold under Advisers Act Section 203A)
- [ ] Evaluate applicability of CFTC registration for commodity-linked products
Phase 3 — State licensing
- [ ] Survey state money transmitter license requirements using CSBS Nationwide Multistate Licensing System (NMLS) resources
- [ ] Identify state lending license requirements for each state where loans will be originated
- [ ] Confirm insurance distribution licensing requirements where insurance products are offered
Phase 4 — Consumer compliance program build
- [ ] Implement GLBA privacy notice and safeguards rule requirements (16 CFR Part 314)
- [ ] Build FCRA-compliant adverse action notice procedures
- [ ] Establish TILA/Regulation Z or EFTA/Regulation E disclosures appropriate to product type
- [ ] Deploy BSA/AML program including Customer Identification Program (CIP) under 31 CFR Part 1020.220
Phase 5 — Ongoing supervisory readiness
- [ ] Establish examination management procedures for CFPB, state, and prudential regulator reviews
- [ ] Implement complaint management system consistent with CFPB supervisory expectations
- [ ] Schedule annual review of regulatory changes affecting licensed activities
Reference Table or Matrix
US Fintech Segment Regulatory Map
| Fintech Segment | Primary Federal Regulator(s) | Key Statute(s) | State Licensing Required? | FDIC Insurance Applicable? |
|---|---|---|---|---|
| Neobank (BaaS model) | OCC / FDIC (via partner bank) | Federal Deposit Insurance Act | No (licensing held by partner bank) | Yes, via partner bank charter |
| Online / Marketplace Lender | CFPB, FTC | TILA, ECOA, FCRA | Yes — state lending licenses | No |
| Money Transmitter / P2P Payments | FinCEN, CFPB | BSA, EFTA | Yes — 49 states + DC | No |
| Robo-Adviser | SEC (or state securities regulator) | Investment Advisers Act of 1940 | Yes, if AUM < $100M | No |
| Cryptocurrency Exchange (fiat on-ramp) | FinCEN, SEC (if securities involved) | BSA, Securities Act of 1933 | Yes — varies by state | No |
| BNPL Provider | CFPB | TILA (contested applicability) | Yes — varies by structure | No |
| Insurtech | State insurance departments | State insurance codes | Yes — per state | No (SIPC/state guarantee funds may apply) |
| Robo-Insurance / Embedded Insurance | State insurance departments, FTC | State insurance statutes | Yes | No |
References
- Financial Stability Board — FinTech and Market Structure in Financial Services (2019)
- FDIC — 2021 National Survey of Unbanked and Underbanked Households
- Consumer Financial Protection Bureau — Section 1033 Personal Financial Data Rights Rulemaking
- OCC — Exploring Special Purpose National Bank Charters for Fintech Companies (2016)
- OCC Bulletin 2020-10 — Sound Practices for Model Risk Management
- [FinCEN — Money Services Business Registration, 31 CFR Part 1022](https://www.ecfr.gov/current/title-31/subtitle-B/chapter-X/part-1022