Fintech companies are not new to the financial industry. For years, financial institutions have
used fintechs to assist in the maintenance of their customer account relationships. In these
types of bank – fintech relationships, the fintech rarely if ever had direct contact with the bank
customers except to perform duties on behalf of the bank. More recently, fintechs have emerged
to provide financial services in new and innovative ways that often cater to a consumer’s desire
for increased speed, access to systems, or niche services (that some banks fear to tread).
Whether a fintech seeks to provide services as an extension of bank services or independently
with a bank as their sponsor, many fintechs are faced with the harsh reality that the Sponsor
Bank Dating Game is not for the weak at heart.
Banks have historically implemented third-party risk management protocols for entities and
individuals that are conducting activities on behalf of the bank. While the bank can outsource
functions, it cannot outsource responsibility. Third-party risk management programs enable a
bank to properly vet a third party to understand if they can reasonably rely on that entity to
perform in compliance with law and regulation and with bank policy.
As banks began dipping a toe in the fintech sponsorship waters, some delegated key compliance and consumer protection functions to those fintechs. While delegation is not in general prohibited, it introduces oversight responsibilities on the bank. New fintechs entering the landscape seeking bank sponsorships as well as fintechs with existing sponsorship relationships are finding that banks have introduced new and/or enhanced third-party risk management requirements for engagement. These changes have been prompted by regulatory scrutiny, bank risk appetites, and some of the underlying factors for recent bank failures.
So, how does a fintech get a potential sponsor bank to “swipe right”? The first step is setting up
your profile to get a bank’s attention in the right way. Whether it’s a slide deck, intro packet, or
meeting, your team should demonstrate an understanding and familiarity of the consumer
protection laws and regulations that are applicable to the products and services you provide.
Many fintechs understand what consumers want, but often have no or little experience in
understanding the legal requirements for consumer protection, fraud and anti-money laundering
protocols. Even more important is an understanding of how your fintech’s product fits within the
regulatory space. Most law, regulations, and supervisory guidance haven’t kept pace with the
financial innovations being developed daily. Many bankers are immediately “turned off” if the
fintech lacks an understanding of the risk inherent in their product or the application of laws and
regulations for your business use case.
Also, be careful not to throw up red flags in the process. Fintechs pride themselves on being
innovative – being the first to try it this way or introducing a new concept. Understand that
language matters when explaining these concepts to bankers. There are specific terms either
defined within laws and regulations or considered terms of art in the industry. Using these terms
correctly will keep you out of rabbit holes that can derail the courtship.
The next step is to avoid being a “Compliance Catfish”. Be prepared to share policies,
procedures, data flow charts, funds flow charts, and details about your company’s structure.
Also understand that a bank sponsorship relationship will open your fintech up to regulatory
review as part of a bank program examination. Don’t represent that you have compliance
program components that either you don’t have or have yet to implement. Be honest - A
meaningful thought process goes a long way. Let the bank know what is on your roadmap and
how you’ve prioritized implementation. Bankers understand that consumer protection, fraud and
anti-money laundering protocols take time to implement properly. Having a frank discussion may
delay a “go live” date until certain systems are tested and running but it also might get you that
second date.
Some key compliance program components that fintechs should consider developing are listed
below. The level and depth of your program implementation should be commensurate with the
risk inherent in the product, service, customer type, and jurisdictions served.
Information Security
BSA/AML
OFAC
Consumer Protection
Complaints & Inquiries
Audit & Review
Training
Reporting
This bank courtship process can be long and seemingly cumbersome, so remember to have
fun. Yes, I said have fun – but then again, I am a compliance geek! Remember “Comply or Die”
until the next blog!
Kimberly Hebb, Co-Founder & CRO of BalancedTrust