Building an Efficient and Compliant Ecosystem in Banking & Fintech

With regulators honing in on consumer protection issues amidst an increasingly complex marketing and partnership ecosystem, it can seem impossible for banks and fintechs to manage the deluge of compliance concerns—let alone be efficient at it.

At Money20/20 USA, PerformLine’s CEO Alex Baydin sat down with Babette Reynolds at Truist and Harsha Raghunath at Stripe to share their playbooks on mastering compliance to create a safe and compliant ecosystem for all.

Here’s a summary of the discussion, which includes insights on how banks and fintechs are developing lower-risk relationships, how to use automation for comprehensive oversight, and ways to enable compliant partnerships while reducing resource fatigue.  

Embedded compliance: Getting it right from the start

Stripe’s core operating principle revolves around a “user-first” approach, which includes compliance. Ensuring positive and compliant outcomes for their customers is ingrained in the DNA of everything they do, explained Harsha.

We’re a product-driven company, so everything we do needs to be in furtherance of building good, strong products and changing the economic outcomes of our customers.

– Harsha Raghunath, Stripe

Compliance should be at the forefront of any consumer finance organization. It’s important to hire compliance professionals who are passionate about the industry and eager to drive change, explains Harsha. These specialists may not design the user experience or manage engineering directly, but their insights are vital in shaping compliant and successful products.

Understanding the costs and implications of compliance early on is key, especially for fast-growing fintechs. Incorporating these costs into the decision-making process helps organizations make strategic choices about entering new product spaces or markets. 

The way that Stripe achieves this is by embedding compliance throughout the entire product development process—having dedicated compliance specialists assigned to each product vertical, working in tandem with product managers from ideation through to launch. By aligning the compliance function with product development, there’s a shared vision of success.

As proven by Stripe’s significant growth in recent years, a proactive and embedded compliance strategy is critical for fast-moving fintechs to provide positive outcomes for consumers and to achieve sustainable growth and success.

Managing Third-Party Risk: Both Sides of the Partnership

Earlier in 2023, the Federal Deposit Insurance Corporation (FDIC), Federal Reserve, and Office of the Comptroller of Currency (OCC) finalized guidance highlighting that banks are accountable for the risk management of third-party providers, putting a lot of pressure on banks and their partners. 

From the fintech’s perspective

The key to keeping partners compliant is open communication and transparency about compliance expectations and obligations. 

For fintechs, explains Harsha, having clarity from regulators and bank partners is crucial.

Having candid conversations early on—whether it’s considering a new partner bank or when existing partners issue guidance—helps prevent awkward conversations and fintechs having to guess what’s expected of them.

I can’t say anything but good things about regulatory clarity, especially for the fintech partners. It helps me do my job on a day-to-day business. It helps us build better and more effective products in the market.

— Harsha Raghunath, Stripe

And, with more clarity comes more interactions with partners. Ensuring that risk tolerances are aligned early in the partnership is important to avoid any surprises down the road. For fintechs, having open dialogues and being an active participant in compliance can drive the alignment needed for success.

Part of these interactions and discussions includes having those proper risk controls in place (i.e. embedded compliance, as mentioned earlier), which can help bank partners understand how a fintech’s offerings meet their needs. Directly including the compliance and risk roles from the beginning helps ensure that both the fintech and partner bank are aligned.

From the bank’s perspective

From a partner bank perspective, fintechs taking regulatory requirements and compliance seriously is vital for success, explained Babette. 

To Harsha’s point,  it’s crucial to have early discussions about the expected risk and compliance requirements.

In my experience, some fintechs come up with incredible offerings and are ready to engage with business partners and customers quickly. However, they tend to overlook the critical risk and compliance conversations. This oversight can slow down the progress for both the business partners and fintechs. If they had these discussions concurrently or even before they began onboarding, it wouldn’t cause delays.

– Babette Reynolds, Truist

Babette’s recommendations for fintechs are:

• Get introduced to the third-party risk management and risk and compliance individuals at the partner bank to better understand regulatory expectations before partnering
• Consider compliance as an integral part of product development (once again, reiterating Harsha’s earlier point about embedded compliance)

For fintechs, it’s crucial to understand expectations from regulators and be prepared for the possibility of triggering risks, especially in areas related to consumer protection or data.

For both parties: Being proactive is key

The overarching theme for successful bank-fintech partnerships is being proactive, having conversations as early as possible with the interested parties, and getting out ahead of risk before the product is even designed.

Have the conversations as early as possible with interested parties. Be proactive, raise your hand, and get out ahead of compliance before you even start designing product. That can not only lead to a more compliant and less painful journey, but a better customer experience.

— Alex Baydin, PerformLine

Doing more with less through technology

Shifting from manual processes to automation

After its merger of two large regional banks, Truist met the threshold of a large national bank, facing new hurdles of increased regulatory standards, expectations, and scrutiny. 

Babette shared her experience transforming risk and compliance functions within the organization, which involved a cultural mindset shift from legacy, manual compliance processes to fully automated and efficient processes. 

From a compliance standpoint, manual testing and monitoring small sample sizes isn’t sufficient in this type of environment—the sheer volume of transitions and number of customers makes it impossible to scale compliance without the help of automation and technology. 

And, especially in an environment where resources are decreasing and regulatory pressure is increasing, organizations must find more efficient ways to manage risk. 

Many banks are taking an automated approach using technology like PerformLine to do more with less. 

PerformLine provides banks (and fintechs) with daily, automated monitoring of marketing materials across channels to identify and remediate potential compliance issues—such as outdated interest rates, specific privacy terms, or disclosures.

Looking for those opportunities is going to help us actually do more from a risk management standpoint and have it be much more cost-effective. And, through that, we think that helps reinforce our commitment to the values of caring for our customers.

– Babette Reynolds, Truist

Using technology for consumer trust and protection

Stripe takes the need to stay ahead of innovation and risks in the BaaS space very seriously. Technology is critical to operating at scale and growing a large customer base.

Internally, technology and data analysis can be used as a proactive measure to ensure that products remain compliant and continue to meet users’ needs in an ever-changing business environment.

Externally, technology like PerformLine can be used to ensure that products and services are being promoted accurately by partners and third parties. And, if they’re not, these communications need to be remediated quickly. PerformLine helps organizations do this at scale across marketing channels, including discovering unknown mentions and promotions. 

Leveraging [PerformLine] technology to ingest rules that trigger on an alert, being able to triage them on a risk-adjusted basis, and then filter them into workflows is the only way we can do this at scale. It’s not something that we can handle in spreadsheets on a manual basis. It has to be something that’s built into our platform and systems that we’re able to do with the right number of full-time employees and not an army of compliance people like traditional financial institutions sometimes do.

— Harsha Raghunath, Stripe

Shift from task-based to strategy-based compliance roles

Compliance technology enhances efficiency and allows for the transition of high-performing employees from mundane, task-based roles to more strategic, thought-based roles.

Leveraging technologies like PerformLine or others to discover and score large volumes of data is essential. It’s unlikely, at least in the current state, that a complete machine-based solution will exist. The key challenge is ensuring the right individuals make decisions based on the data, reducing the need for manual comparison and review. This is where companies can truly realize cost savings.

– Alex Baydin, PerformLine

Babette explains that this is something her team is working on internally—freeing compliance professionals from tedious tasks that can be done more comprehensively and efficiently through automation.

This approach not only allows us to gain more insights into themes and trends but also enables our team to allocate their time to more value-added activities. Our focus should extend beyond handling individual exceptions for specific customers. We need to discern what the overarching themes and trends reveal about what’s on the horizon and potential systemic issues we must address.

– Babette Reynolds, Truist

Looking ahead: Predictions for the future

The discussion ended on the topic of what’s coming next for technology and compliance for the future. 

Here are the predictions:

• Increased regulatory scrutiny on bank-fintech partnerships, ensuring that compliance functions are appropriately sized and equipped for both sides
• Regulators will increase focus on technologies used to ensure that compliance tools are fit for purpose and are scalable 
• Regulators likely won’t create new regulatory regimes for new technologies, such as Artificial Intelligence (AI), but apply existing requirements like fairness, consumer protection, and data protection to new capabilities
• AI will be the next big thing for compliance processes, such as using it to prepare, classify, and summarize data in a way that automates what would otherwise be done manually

Watch the session on-demand 

Hear more insights from the experts themselves. Watch this Money20/20 session on-demand here. 

Learn how PerformLine can support your partnerships

Automation and efficiency are key to managing partnerships while ensuring consumer protection and trust.

And, having a compliance technology that can grow and scale alongside your partnership program can help your organization get ahead of regulatory risk.

PerformLine’s omni-channel compliance monitoring solution provides:

• Comprehensive coverage of your organization and your partners across marketing channels, including documents, the web, social media, emails, calls, and messages
• An adaptable compliance program that matches your risk threshold as you bring on new partners
• Scalability and efficiency as your partner program grows, allowing your organization to bring on more partners while ensuring compliance 
• A competitive advantage with a robust and proactive compliance management system 

Learn more about how PerformLine makes compliance automated, scalable, and efficient. Request a demo today.

Frequently Asked Questions