Partnerships between community banks and fintechs have surged in recent years, growing over 5x in the past decade. This increased popularity has caught the attention of federal regulators, so much so that the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corp. (FDIC), and the Federal Reserve released a joint guidance for bank-fintech partnerships.
This guidance provides insights on six key due diligence topics that banks should consider when choosing a fintech partner, including regulatory compliance and risk management. Here’s what this means for both community banks and fintechs.
Compliance & Risk Management as Part of Due Diligence
Business Experience
Evaluating a fintech’s business experience can provide insight into a fintech’s ability to “meet a community bank’s needs, including, for example, the ability to adequately provide the activities being considered in a manner that enables a community bank to comply with regulatory requirements and meet customer needs.”
Some sources that the guidance recommends reviewing include:
- Company overview
- Organization charts
- List of client references using the activities being considered
- Volume and types of complaints, including those available from the fintech company, regulatory agencies, and other public sources
- Public records of any legal or regulatory actions and to establish corporate standing, if applicable
- Media reports mentioning the fintech company
- Summary of any past operational failures of the fintech company
Regulatory Compliance
Reviewing a fintech’s compliance processes can help a bank “assess the fintech company’s ability to support the community bank’s legal and regulatory requirements, including privacy, consumer protection, fair lending, anti-money-laundering, and other matters.”
Some sources that the guidance recommends reviewing include:
- Policies, procedures, training, and internal controls pertaining to compliance with legal and regulatory requirements
- Proposed contract terms that specify performance of legal and compliance duties
- Information regarding customer-facing delivery channels or applications (for example, mail, online, and telephone)
- Proposed marketing materials and regulatory disclosures with product details such as fees, interest rates, or other terms
- Methods used to monitor, remediate, and respond to customer complaints
- Customer complaint records involving the fintech company
Risk Management
Reviewing a fintech’s risk management practices can help the bank determine if they align with their own risk appetite, policies, and procedures.
Some sources that the guidance recommends reviewing include:
- Policies, procedures, and other documentation related to the prospective activity
- Policies and procedures related to the fintech company’s internal control environment and overall risk management processes
- Information on risk and compliance staffing
- Recent results of control reviews and audit reports related to the prospective activity
- Issue management policies, procedures, and reports
- Schedule of planned control reviews and audits
- Self-assessments
- Training materials and training schedule
- Inventory of key risk, performance, and control indicators
- Sample key risk, performance, and control indicator reports
Takeaways for Banks and Fintechs
Fintechs-be proactive in your compliance and risk management
Regulatory compliance and risk management is a vital part of the due diligence process, and having a strong compliance management system (CMS) is key. Read more on what makes up a robust CMS in this article.
Banks-the regulatory burden doesn’t fall just on fintechs
As the partner bank, you assume regulatory responsibility if your partner(s) are not in compliance. It’s critical to create an overall compliance program that is repeatable and scalable across all of your fintech partners.
A joint compliance effort is key to a successful partnership
The most powerful partnerships are those that truly work together. You know what they say, teamwork makes the dream work, and that’s no different when it comes to meeting regulatory compliance obligations in bank-fintech relationships. Partners who are both committed to compliance and have a continual loop of monitoring and feedback will succeed together-without the burden of a regulatory investigation or enforcement action looming.
It’s critical for both banks and fintechs to take responsibility for their own compliance obligations from the start, and we’ve seen it first-hand with our clients. PerformLine’s omni-channel solution was built to automate the monitoring and remediation of regulatory and brand compliance violations, on all internal and external channels including web, messaging, call centers, email, documents, and social media. Our turn-key industry rulebooks are built on years of experience by working with regulators and industry clients.
Speak to one of our experts today to learn more about mitigating your risk and ensuring brand safety so that your partnerships can thrive.
John Zanzarella