Episode 36: Risk Management and Fintech Collaboration: Lessons from Stripe and Truist

If you missed our session at Money20/20 this year on The New Era of Banking Efficiencies, you’re in luck. This COMPLY Podcast episode is the first part of that discussion featuring PerformLine’s CEO and Founder Alex Baydin, Harsha Ragunath, Head of Product Compliance at Stripe, at Babette Reynolds, Head of the Enterprise Compliance Program Office at Truist.

During this episode, they discuss:

• The role of fintechs in compliance & collaboration, and how Stripe’s compliance team collaborates cross-functionally to ensure compliance in product design and development; and acts as a communication bridge to facilitate discussions between fintech features and partner banks’ compliance.
• The current transformation that Truist, and many other large banks, are undergoing right now to automate a lot of the risk and compliance functions, especially as they pertain to their fintech partnerships.
• And finally, the group speaks to the issued guidance earlier this year from the Fed, FDIC, and the OCC, which noted that banks are accountable for the risk management of third-party providers and how both fintechs and partner banks can go about vetting potential partners to align on compliance requirements.

Show Notes:

• PerformLine at Money20/20 USA 2023, The New Era of Banking Efficiencies Recording: https://bit.ly/47AqbE6
• Consumer Complaint and Compliance Trends for Bank-Fintech Partnerships Infographic: https://bit.ly/49XEjJ0
• Why Partner Banks Love PerformLine for Marketing Compliance Blog: https://bit.ly/4acvifB
• Why Banks are Investing in Marketing Compliance Technology Blog: https://bit.ly/3QTpRcg
• 5 Signs It’s Time To Invest In A Marketing Compliance Software: https://bit.ly/3MHGKFx
• Connect with Ashley “AC” Cianci: https://www.linkedin.com/in/ashley-cianci/

Subscribe to COMPLY: The Marketing Compliance Podcast

• Apple Podcast
• Spotify
• Amazon Music
• Google Podcasts

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Ashley:
Hey COMPLY podcast listeners and welcome to this week’s episode. If you missed our session at Money20/20 this year on The New Era of Banking Efficiencies, you’re in luck. Today’s episode is the first part of that discussion featuring PerformLine’s CEO and Founder Alex Baydin, Harsha Ragunath, Head of Product Compliance at Stripe, and Babette Reynolds, Head of the Enterprise Compliance Program Office at Truist.

During today’s episode they discuss the role of fintechs in compliance & collaboration, and how Stripe’s compliance team collaborates cross-functionally to ensure compliance in product design, development, and acts as a communication bridge to facilitate discussions between fintech features and partner banks’ compliance teams. The current transformation that Truist, and many other large banks are undergoing right now to automate a lot of the risk and compliance functions, especially as they pertain to their fintech partnerships. And finally, the group speaks to the issued guidance earlier this year from the Fed, FDIC, and OCC which noted that banks are accountable for the risk management of third-party providers, and how both fintechs and partner banks can go about vetting potential partners to align on compliance requirements early. Thanks for listening, and enjoy!

Alex:
As our MC mentioned, I’m Alex Baydin. I’m the founder and CEO of PerformLine. PerformLine is the world’s leading marketing and sales SaaS compliance platform with a deep focus on consumer finance. We help companies monitor and take action on all of their customer interactions to make sure that they are compliant with state regulations and federal regulations to make sure that not only, you as the end provider, but perhaps your third party partners are not saying anything they shouldn’t be saying in those conversations or in that marketing material. What we get most jazzed about is helping to be the connective tissue between departments in the organization, in particular between marketing and compliance and risk. Sso what I’d like to do is invite my esteemed panelists to introduce themselves. Harsha, would you like to start? 

Harsha:
Sure, thank you. Hi, everybody, my name is Harsha Ragunath. I lead the product compliance function at Stripe. Stripe builds economic infrastructure for the internet. Some of you may have heard of Stripe, we offer payment processing services. We offer banking and banking as a service products. We have a software business, and a budding consumer business as well.

Babette:
Hi, I am Babette Reynolds. I am the head of the Enterprise Compliance Program Office for Truist Bank.

Alex:
So we’ve got some real scale up here. We’ve got a representative from Stripe, the fintechs and payments company that has processed more than $800 billion in total volume last year. And Babette from Truist, which is a top 10 US bank with just shy of 600 billion in assets. So this should be an exciting conversation. 

Alex:
Alright, for a little more context about today’s topic, which is addressing efficiency in particular around the compliance function; not only do we have two companies of real scale up here, but we think two different perspectives, in dealing with maybe different challenges. So for context on that, Stripe, as most of you know, is a born digital company, that has always been in hyper growth mode, I think from day one. And therefore, you know, Stripe does not have some of the legacy issues that sometimes older banks do. But it has had to build compliance into its products from day one. 

Alex:
And Babette who is leading the compliance efforts at Truist, which is the 2019 merger between BBT and SunTrust. They were both large regional banks, with roots going back over a hundred years. So Truist has the dual challenge of both merging these two cultures and systems, and trying to infuse technology to create efficiencies. So very excited and thank you both for joining me.

Alex:
Alright, so let’s get started with questions. So the first question is for you Harsha. We talked a little bit about Stripe’s size over the last five or so years, the growth at Stripe has led it to become one of the highest valued private companies, even in a post pandemic year of 2022, when e-commerce grew sub-10% Stripe is growing closer to 30%. And you do all of this with a guiding principle of being user first in your product mission. So tell us about your role as the head of product compliance at Stripe, how do you embed technology in the organization and how, how is your role embedded cross-functionally?

Harsha:
Sure, thank you. When we think about that, that operating principle that you mentioned, which is users first, we think being compliant is users first. Driving positive compliant outcomes for our customers is part of the value proposition of everything that we do at Stripe. So how do we actually do that? And I love the framing that you had earlier around being a more digital company. For us, we’re a product driven company, so everything we do needs to be in furtherance of  building good products, building strong products, and changing the economic outcomes of our customers.

Harsha:
Along with that, we really want to make sure our compliance function is product driven, and we have the same incentives to ship products as our product managers. So the first thing we do is we hire compliance professionals who care deeply about the products. They care deeply about changing the way the market interacts with financial services. And so for us that’s step one is finding compliance people who care as much as the product managers. Two, we empower them to be product managers for compliance. What I mean by that is, you know, we obviously don’t design the product necessarily from a UX perspective. We don’t own the engineering side of any of that, but we certainly provide inputs to all of it. And our job is to really make sure that product managers and engineers are equipped with the information that they need to  build the product that is compliant. That is doing what we want it to do while also kind of creating those positive economic outcomes for our customers.

Harsha:
So, how do we do that in practice? You mentioned our embedded model. We actually provide dedicated embedded product compliance folks to our product functions. We have functions teams within product compliance aligned to each of our product verticals. And we sit there with our product managers from ideation through product development and through to launch, and then once the product’s out there in the wild. I think for us the one of the real value propositions of product compliance is actually, especially for a fast moving high growth fintech like Stripe, it’s understanding the cost of compliance. So when we’re thinking about whether or not to enter a new product space or enter a new market, understanding that like, okay, we could do this quickly, and we can do this, scrappily is one way of doing it, but if we find product market fit, this thing is going to scale rapidly and we’ve gotta manage that risk rapidly.

Harsha:
So understanding the growth trajectory of a product early, partnering with product managers to scope in that cost of compliance and helping them make informed decisions around whether or not to even pursue a product or pursue a particular market is something that we take very seriously within our product compliance switch.

Alex:
That’s great. Yeah, with your growth rates, if you get something right, it’s going to be big quickly, right? So you don’t have a lot of time after the fact, thank you. Babette, so I mentioned briefly, Truist is the result of the merger of two large regional banks. And now you’re a big national bank leading the market in a lot of categories. I imagine, in the history of some of those regional banks, there were manual processes that were relied on and were probably good enough at a certain stage. Do you spend your time now trying to change the mindset and the culture to think about the bigger size and the bigger scale of Truist? Talk to us about where you’ve had some successes and getting in there and changing those legacy cultures and mindsets?

Babette:
Yeah, absolutely. So one of the things that I think became obvious, so I joined Truist about two years ago, having had experience at Bank of America, Citibank, and a couple of other large banks. And so when I joined Truist it became pretty clear that there was a real learning curve that the compliance department needed to go through and also the business lines as they were implementing the compliance requirements, and one of the things was just understanding that as a newly large bank that the regulatory expectations are different for large banks, the standards are different, the expectations are higher and more stringent. And so as you mentioned Alex, where previously manually processes were just fine, they are not for large banks and for Truist, both because the transaction volumes and the number of customers, and the scale of our businesses is larger now, but also because of those standards I mentioned, it’s just not enough to just tick a couple of boxes, you have to make sure that all the i’s are dotted and the t’s are crossed. And so that was a big learning curve for us and it has been, we are still on that journey. But the management and the teammates at Truist are definitely eager to learn what those expectations are and so I’ve had a really fun time, in a way, sharing that knowledge that I’ve gained at other organizations and helping Truist from a compliance perspective get where it needs to be.

Babette:
And as you’ve mentioned the manual processes, and even when I think about from a compliance standpoint, manual testing, manual monitoring, very small sample sizes that get implemented when you do that type of testing and monitoring and that’s just not sufficient for large banks in this environment. So we can talk a little bit later about that in more detail if that…

Alex:
Great, great perspective. So obviously one of the big themes here in Money 2020 is partnerships, partnerships between banks and fintechs and payment platforms. There’s risk in partnerships, right? So earlier this year, the FDIC, the OCC, and the Fed issued guidance for banks saying that you are responsible as a bank for the actions of your partners. And that puts a big onus on really everybody to constantly evaluate and reevaluate the compliance practices of their partners. Collaboration is a key ingredient to making sure that that works. Last year we hosted a meetup, at a similar stage, and collaboration was the key takeaway. I think it’d be helpful for the audience to understand a little bit more about your partner networks and how you think about holding your partners accountable. So I think this may be pretty unique from the Stripe perspective. So would you just tell us a little bit about what the ecosystem is like at Stripe, the partner ecosystem that you’re involved with as it relates to product compliance? 

Harsha:
Sure, and in our function, we do a lot of day-to-day interaction with our partner banks. And so it’s fundamental to everything we do. So we obviously are operating in a number of different product lines and product areas. And we have a number of different partnerships across payments, across payouts, across our bankings offerings, our Banking-as-a-Service offerings, et cetera. And so for us, we welcome a lot more clarity from the regulators and then in turn the banks, as to what they want us to do.

Harsha:
We don’t want to play a guessing game. We don’t want to have awkward conversations. We actually want to have those frank conversations upfront, as that guidance comes down with existing partners or as we’re thinking about bringing on a new partner bank. Having those conversations early on in the process before we’ve even signed, or have got to a term sheet, to understand, are our risk tolerances aligned? Are we working towards the same goals, not just from a business perspective, but from a risk management perspective, right? 

Alex:
Yeah, we’ve heard the expression rules are tools and to compose alongside regulations. So the more clarity, the more useful it can be. I don’t know if you want to expand on that at all, or? 

Harsha:
Yeah, I think so. I’m a compliance professional, so I can’t say anything, but good things about regulatory clarity on, especially the fintech partners, right? It helps me do my job on a day-to-day basis, and it helps us build better products, more effective products in the market. I think with clarity though, comes a lot more interaction with the bank partner, right? And one, making sure our risk, you know, as I mentioned, our risk tolerances are aligned early in the deal cycle, so we’re not getting surprises six months after an implementation. Where all of a sudden we find out that a bank’s been under a bit of scrutiny that now affects our partnership that we didn’t know about going into that relationship. So having those open dialogues inviting the business to lead on those conversations, but also being an active participant as a compliance or a risk function can really help drive that level of alignment between you and your partner banks that you need to be successful.

Harsha:
I think the other piece is especially where you’ve built a strong control environment. You’ve built compliance into your products, that’s an opportunity to work with your banks to help them understand why what you’ve built meets their needs. And having those conversations early and inviting compliance and risk to have those conversations directly. There’s a bit of a translation layer, I think between your fintech product and engineering, business operators, and your partner bank compliance functions. And that translation layer is your compliance function, right? Your fintech compliance function. And so for us, it’s really important to be in those rooms early and help being able to translate that for the business and say one is this partner aligned to our risk tolerance. Two, do we expect to see surprises coming down the road? And three, how big of a lift is what they’re asking us to do? Or can we get away with the things that we’ve already done and just frame it for our bank partner as an effective means of risk mitigation? So having compliance and or risk as part of those discussions is sort of critical to growing your partner relationship. 

Alex:
That is great, so Babette, you alluded to some of your experience working at some of the largest banks, like Bank of America and Citi prior to Truist and I know you are involved in Truist Ventures as well. So what were some of the expectations that banks should have of their fintech partners in today’s day and age, from your experience?

Babette:
Yeah, thanks Alex. And I think Harsha hit on a number of the topics that I was going to mention as well. I think first is to just take the bank’s regulatory requirements seriously. And what I mean by that is, as Harsha mentioned, have those discussions early on about what the risk and compliance requirements are going to be. Truist Ventures works at early stage with some companies, so having them understand early on as they develop their product offerings, develop their own compliance department so that they understand what the expectations are early on. Because in my experience, one of the things I’ve found is that some fintechs come with this amazing offering. They’re talking with the business partners about offering this to customers, and they’re ready to go quickly, but they haven’t even started the risk and compliance conversations. And so that tends to slow things down from the perspective of the business partners and the fintechs, when really, if they’d been having those discussions in parallel along the way, or even before they were ready to start onboarding, it wouldn’t have slowed things down at all.

Babette:
And so just take those expectations seriously and ask the business folks at the large banks that you’re working with to introduce you to their third party risk management peers and to their operational risk and compliance peers. So you can start learning if you don’t already know what those expectations are and building those in. And then I would say also, just consider it as a part of how you’re building out your products. And so some of the fintechs that I’ve worked with in the past don’t have compliance departments, and so they don’t really know what the expectations are and don’t have a way of managing those. And for large banks, as Alex mentioned, the recent inter-agency guidance that was published, that just reiterated OCC guidance from many years ago, that large banks are expected to manage the risks related to their engagement with third parties, whether you call them partners or vendors, or suppliers, it’s all the same thing to the regulators.

Babette:
And there’s a somewhat prescriptive, but somewhat sort of prudential meaning sort of describing conceptually how the bank needs to assess the risk, but it’s really up to each of the banks to have a risk assessment process for the third parties, which is very prescriptive for each bank. And you really need to understand what those expectations are. And then if risks are triggered, depending on your product offering, you know, especially in areas that touch on consumer protection or data, those areas are going to be considered a higher risk. And you’re going to need to have controls in place, and the bank will need to have monitoring in place often at the time you launch. And so those are things you need to know ahead of time and maybe even build into the way you develop your products and your own infrastructure.

Alex:
So what I’m hearing is the theme is—have the conversations as early as possible with the interested parties, right? Be proactive, raise your hand, you this is coming and to get out ahead of it even before you start designing products. And that can not only lead to a more compliant and less painful journey, but probably a better customer experience, right? KYC, know your customer, what business doesn’t want to know their customer more, right?

Harsha:
I’d love to just add to that summation, which I think is exactly spot on, which is that okay, once you’ve launched, keep having those conversations, right? Like here, a lot of my time here at this conference is spent talking to our partner banks about what are they seeing out there? What do they need from us? How can we be better partners to them? What tweaks can we make to our operating model with our partner banks to be more effective to meet their risk management needs, to meet our business needs, to meet their business needs? So that’s critical. The ongoing dialogue piece it’s not done once the product is launched. And once you’re onboarding customers you’re going to see things and you’re going to see issues. And those issues, since sunlight is the best disinfected, how are you reporting that to your bank partner? How are you giving them clarity so that they’re able to manage their risk and they’re able to loop that into their risk management programs and manage issues and things like that with your program? So I think that’s the piece if you’re not doing, to start doing today, because I think that’s where you’re going to see the most return on investment.

Babette:
And if I can add to that, there is actually a formal requirement for the banks to do ongoing monitoring, and that’s customized from the risk standpoint, that’s customized depending on what the risks are, what the controls are. But I think what you’re talking about Harsha is a broader conversation. So it’s both the performance and the KPI side of things, but then also the risk conversations as well. How are we doing on managing the risks? How are we doing on providing you evidence that we’re executing these things in a compliant way? And that shouldn’t be viewed as burdensome, but just build it into the way the relationship is managed from the outset. It just becomes a part of the way that you do business. And that’s going to benefit you too. If you’re working with Truist, but if you can talk about how successful you’ve been doing that with Truist, that’s going to benefit you as then you look to go work with other banks as well.

Ashley:
Thanks for listening to this episode of the COMPLY podcast! If you’re interested in watching our entire session from Money20/20 this year I will drop a link to that in today’s show notes. And if you’re a fintech or a partner bank looking to learn more about how to be proactive in your partnerships when it comes to compliance, I have several resources that I’ll also drop for you in today’s show notes. As always for the latest content on all things marketing compliance you can head to content.performline.com. And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!