Skip to main content


Compliance & Risk Management is Key for Bank-Fintech Partnerships

September 24, 2021
Compliance & Risk Management is Key for Bank-Fintech Partnerships

Partnerships between community banks and fintechs have surged in recent years, growing over 5x in the past decade. This increased popularity has caught the attention of federal regulators, so much so that the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corp. (FDIC), and the Federal Reserve released a joint guidance for bank-fintech partnerships.

This guidance provides insights on six key due diligence topics that banks should consider when choosing a fintech partner, including regulatory compliance and risk management. Here’s what this means for both community banks and fintechs.

Compliance & Risk Management as Part of Due Diligence

Business Experience

Evaluating a fintech’s business experience can provide insight into a fintech’s ability to “meet a community bank’s needs, including, for example, the ability to adequately provide the activities being considered in a manner that enables a community bank to comply with regulatory requirements and meet customer needs.”

Some sources that the guidance recommends reviewing include:

  • Company overview
  • Organization charts
  • List of client references using the activities being considered
  • Volume and types of complaints, including those available from the fintech company, regulatory agencies, and other public sources
  • Public records of any legal or regulatory actions and to establish corporate standing, if applicable
  • Media reports mentioning the fintech company
  • Summary of any past operational failures of the fintech company

Regulatory Compliance

Reviewing a fintech’s compliance processes can help a bank “assess the fintech company’s ability to support the community bank’s legal and regulatory requirements, including privacy, consumer protection, fair lending, anti-money-laundering, and other matters.”

Some sources that the guidance recommends reviewing include:

  • Policies, procedures, training, and internal controls pertaining to compliance with legal and regulatory requirements
  • Proposed contract terms that specify performance of legal and compliance duties
  • Information regarding customer-facing delivery channels or applications (for example, mail, online, and telephone)
  • Proposed marketing materials and regulatory disclosures with product details such as fees, interest rates, or other terms
  • Methods used to monitor, remediate, and respond to customer complaints
  • Customer complaint records involving the fintech company

Risk Management

Reviewing a fintech’s risk management practices can help the bank determine if they align with their own risk appetite, policies, and procedures.

Some sources that the guidance recommends reviewing include:

  • Policies, procedures, and other documentation related to the prospective activity
  • Policies and procedures related to the fintech company’s internal control environment and overall risk management processes
  • Information on risk and compliance staffing
  • Recent results of control reviews and audit reports related to the prospective activity
  • Issue management policies, procedures, and reports
  • Schedule of planned control reviews and audits
  • Self-assessments
  • Training materials and training schedule
  • Inventory of key risk, performance, and control indicators
  • Sample key risk, performance, and control indicator reports

Takeaways for Banks and Fintechs

Fintechs-be proactive in your compliance and risk management

Regulatory compliance and risk management is a vital part of the due diligence process, and having a strong compliance management system (CMS) is key. Read more on what makes up a robust CMS in this article.

Banks-the regulatory burden doesn’t fall just on fintechs

As the partner bank, you assume regulatory responsibility if your partner(s) are not in compliance. It’s critical to create an overall compliance program that is repeatable and scalable across all of your fintech partners.

A joint compliance effort is key to a successful partnership

The most powerful partnerships are those that truly work together. You know what they say, teamwork makes the dream work, and that’s no different when it comes to meeting regulatory compliance obligations in bank-fintech relationships. Partners who are both committed to compliance and have a continual loop of monitoring and feedback will succeed together-without the burden of a regulatory investigation or enforcement action looming.

It’s critical for both banks and fintechs to take responsibility for their own compliance obligations from the start, and we’ve seen it first-hand with our clients. PerformLine’s omni-channel solution was built to automate the monitoring and remediation of regulatory and brand compliance violations, on all internal and external channels including web, messaging, call centers, email, documents, and social media. Our turn-key industry rulebooks are built on years of experience by working with regulators and industry clients.

Speak to one of our experts today to learn more about mitigating your risk and ensuring brand safety so that your partnerships can thrive.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.