Retail Lending: Risk Management of ‘Buy Now, Pay Later’ Lending

  • Source:


Banks can expect the new “buy now, pay later” (BNPL) guidance to significantly impact their risk management practices for loans that are payable in four or fewer installments and carry no finance charges. Notably, an increased focus on underwriting standards, clear repayment terms, transparent pricing, and safeguards to minimize adverse customer outcomes. The guidance also emphasizes the importance of clear and conspicuous marketing materials and disclosures, as well as the need for comprehensive credit reporting to address the challenges posed by the short-term nature of BNPL loans.

Treliant’s team of experts, including former bankers and regulators, can assist financial institutions in reviewing their risk management programs and analyzing marketing materials, disclosures, and underwriting guidelines for BNPL loan products.


On December 6, 2023, the Office of the Comptroller of the Currency (OCC) released Bulletin 2023-37 to assist banks in effectively managing risk associated with BNPL lending:

  1. Consumer Protection and Understanding:
  • Concern that borrowers will overextend themselves or not fully understand loan repayment obligations.
  • Lack of clear, standardized disclosure language, which could obscure the true nature of the loan, leading to consumer harm or violations of prohibitions on unfair, deceptive, or abusive acts or practices.
  1. Credit Risk, Underwriting, and Loan Repayment:
  • Potential for BNPL applicants to have limited or no credit history, presenting difficulties in underwriting.
  • Limited visibility into the applicant’s aggregate borrowing activity on BNPL platforms due to incomplete credit reporting, thereby complicating credit risk assessment.
  • Elevated risk of first payment default due to factors like fraud or borrower oversight, and the potential for secondary fees such as overdraft, non-sufficient funds, and late fees due to loan payments being tied to debit or credit cards.
  1. Operational, Compliance, and Third-Party Risks:
  • Third-party relationship risks may increase exposure to operational and compliance risks, especially when the bank lacks direct control over third-party activities.
  • Highly automated nature of BNPL lending, including instantaneous credit decisioning and strong reliance on third parties, elevates the potential for operational risks, such as fraud.
  • Merchandise returns and merchant disputes pose risk to both BNPL borrowers and banks where these issues are not resolved during the brief term of the loan.

The OCC guidance identifies practices banks engaging in BNPL lending should have to account for the associated risks:

  1. Credit Risk Management: Bank policies should articulate comprehensive strategies for loan terms, underwriting criteria, and methodologies to assess a borrower’s repayment capacity. This includes evaluating debt-to-income ratios using deposit account information or considering alternative data to ensure a borrower’s ability to repay the debt. Monitoring and reporting systems should reflect the unique aspects of BNPL loans. Traditional credit card metrics may be insufficient, necessitating more tailored approaches like forecasting, analytics, and stress testing. Additionally, banks should adapt their charge-off practices and allowances for credit losses (ACL) methodologies to suit the short-term nature of BNPL loans, ensuring these practices align with the bank’s size and complexity.
  2. Credit Bureau Reporting: Industry-wide reporting of BNPL loans would aid banks in identifying an applicant’s total debt obligations and borrowers who make on-time payments to build positive credit history.
  3. Operational Risk Management: Banks should conduct fraud risk assessments and implement controls tailored to BNPL-specific risks, such as product returns, customer disputes, and the verification of borrowers’ legal age. They should also establish procedures to address the elevated risk of first payment default, which may arise from fraud or insufficient funds, and have systems in place to promptly identify and respond to suspected fraudulent activities, including timely loss-mitigation and charge-off recognition. Additionally, models used in the BNPL lending process should be incorporated into a bank’s model risk management processes just as third- party models should be incorporated into the third-party risk management processes.
  4. Compliance Risk Management: Banks must pay close attention to the delivery, timing, and content of marketing, advertising, and consumer disclosures for BNPL products, ensuring they clearly communicate borrower obligations and any applicable fees. This clarity is crucial to prevent obscuring the nature of the product and to comply with consumer protection rules, such as the ECOA, EFTA, and FCRA. Effective management of billing disputes and error resolutions, particularly in scenarios where BNPL lenders act as intermediaries, is also expected.

What Does This Mean for Financial Institutions?

The OCC’s new guidance signals a clear regulatory shift towards heightened scrutiny of non-traditional loan products and nonbank intermediaries. Additionally, it aims to address systemic risks such as liquidity mismatches and hidden leverage, reflecting a proactive and comprehensive approach to ensure financial stability and consumer protection. This trend underscores the need for robust oversight mechanisms to keep pace with the evolving financial ecosystem and safeguard consumer interests.

Ready to Talk?

We work with you to understand your needs, so we can tailor our approach to your engagement. Learn more when you connect with our team.


Laura Huntley

Laura Huntley is a Managing Director in Treliant’s Regulatory Compliance, Mortgage, and Operations Solutions practice. Laura brings almost two decades of specialized experience in regulatory strategy, compliance, and risk management within the financial services industry. Beginning her career as a practicing attorney, she honed her expertise in regulatory compliance and…