top of page

The BT TrustScore TM Blog

Fintech companies are not new to the financial industry. For years, financial institutions have

used fintechs to assist in the maintenance of their customer account relationships. In these

types of bank – fintech relationships, the fintech rarely if ever had direct contact with the bank

customers except to perform duties on behalf of the bank. More recently, fintechs have emerged

to provide financial services in new and innovative ways that often cater to a consumer’s desire

for increased speed, access to systems, or niche services (that some banks fear to tread).

Whether a fintech seeks to provide services as an extension of bank services or independently

with a bank as their sponsor, many fintechs are faced with the harsh reality that the Sponsor

Bank Dating Game is not for the weak at heart.

Banks have historically implemented third-party risk management protocols for entities and

individuals that are conducting activities on behalf of the bank. While the bank can outsource

functions, it cannot outsource responsibility. Third-party risk management programs enable a

bank to properly vet a third party to understand if they can reasonably rely on that entity to

perform in compliance with law and regulation and with bank policy.

As banks began dipping a toe in the fintech sponsorship waters, some delegated key compliance and consumer protection functions to those fintechs. While delegation is not in general prohibited, it introduces oversight responsibilities on the bank. New fintechs entering the landscape seeking bank sponsorships as well as fintechs with existing sponsorship relationships are finding that banks have introduced new and/or enhanced third-party risk management requirements for engagement. These changes have been prompted by regulatory scrutiny, bank risk appetites, and some of the underlying factors for recent bank failures.

So, how does a fintech get a potential sponsor bank to “swipe right”? The first step is setting up

your profile to get a bank’s attention in the right way. Whether it’s a slide deck, intro packet, or

meeting, your team should demonstrate an understanding and familiarity of the consumer

protection laws and regulations that are applicable to the products and services you provide.

Many fintechs understand what consumers want, but often have no or little experience in

understanding the legal requirements for consumer protection, fraud and anti-money laundering

protocols. Even more important is an understanding of how your fintech’s product fits within the

regulatory space. Most law, regulations, and supervisory guidance haven’t kept pace with the

financial innovations being developed daily. Many bankers are immediately “turned off” if the

fintech lacks an understanding of the risk inherent in their product or the application of laws and

regulations for your business use case.

Also, be careful not to throw up red flags in the process. Fintechs pride themselves on being

innovative – being the first to try it this way or introducing a new concept. Understand that

language matters when explaining these concepts to bankers. There are specific terms either

defined within laws and regulations or considered terms of art in the industry. Using these terms

correctly will keep you out of rabbit holes that can derail the courtship.

The next step is to avoid being a “Compliance Catfish”. Be prepared to share policies,

procedures, data flow charts, funds flow charts, and details about your company’s structure.

Also understand that a bank sponsorship relationship will open your fintech up to regulatory

review as part of a bank program examination. Don’t represent that you have compliance

program components that either you don’t have or have yet to implement. Be honest - A

meaningful thought process goes a long way. Let the bank know what is on your roadmap and

how you’ve prioritized implementation. Bankers understand that consumer protection, fraud and

anti-money laundering protocols take time to implement properly. Having a frank discussion may

delay a “go live” date until certain systems are tested and running but it also might get you that

second date.

Some key compliance program components that fintechs should consider developing are listed

below. The level and depth of your program implementation should be commensurate with the

risk inherent in the product, service, customer type, and jurisdictions served.

 Information Security



 Consumer Protection

 Complaints & Inquiries

 Audit & Review

 Training

 Reporting

This bank courtship process can be long and seemingly cumbersome, so remember to have

fun. Yes, I said have fun – but then again, I am a compliance geek! Remember “Comply or Die”

until the next blog!

Kimberly Hebb, Co-Founder & CRO of BalancedTrust

16 views0 comments
bottom of page