Skip to main content


Episode 45: Strengthening Bank-Fintech Partnerships with Compliance

Gianna Kennedy
May 3, 2024
COMPLY Podcast How to do more with less and better prepare for a compliant bank-fintech partnership.

2023 was a year of increased regulatory scrutiny for bank-fintech partnerships. This, coupled with a challenging macroeconomic environment and an election year, means there’s a lot on the horizon for the compliance space for the industry in 2024.

In this episode of the COMPLY Podcast, we’re joined by industry experts Elizabeth Gorz, Chief Strategy Officer & Head of Legislative Affairs at American Fintech Council, and Ed Greene, BSA Officer at Middlesex Federal Savings, to discuss:

  • How banks can establish and maintain compliance over their fintech program after a challenging year of budget cuts and being asked to do more with less
  • Best practices for fintechs to better prepare themselves for a cohesive and compliant partnership with banks
  • How banks can ensure accurate communication to consumers when that communication comes from fintechs and their partners

Show Notes:

Subscribe to COMPLY: The Marketing Compliance Podcast

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY Podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Hey COMPLY podcast listeners and welcome to this week’s episode. My name is Gianna Kennedy, Content Manager at PerformLine and your new co-host of the COMPLY podcast! In this episode, we’re joined by Elizabeth Gorz from the American Fintech Council, Ed Green from Middlesex Federal Savings, and John Zanzarella, PerformLine’s SVP of Sales, as they discuss how bank and fintech partnerships can thrive through compliance. Then, we’ll end with a quick overview of how PerformLine can help banks automate and scale their compliance programs.

Thanks for listening and enjoy!

Hello, and welcome everybody to PerformLine’s webinar, Strengthening Bank Fintech Partnerships with Compliance. My name is John Zanzarella. I am going to be the moderator today. I am the Head of Sales at PerformLine. I have been here just over 6 years, and we are really excited about this presentation. Obviously, it is a very hot topic. A part of the reason we are excited is because of our awesome guests who we have today. I am going to pass it on and allow them to introduce themselves. We are very excited to welcome both Elizabeth Gores from the American Fintech Council and Ed Green. Elizabeth, do you want to do a quick introduction?

Sure. Thanks, John. 

Hi, everyone!  I am Elizabeth Gorz. I am the Chief Strategy Officer and Ledge Affairs at the American Fintech Council. For those of you who do not know, the American Fintech Council has 50-plus members, banks, credit unions, and regtech companies and we believe in a transparent regulatory framework and to be engaged in the public policy process. I have spent my time in and around public policy for the last 15 years or so. I have my JD, although I do not practice in a traditional sense, and I pride myself on being able to read the needle amongst the internal players. The risk and compliance teams, the legal teams, and the business with the external players which are Congress, the Regulators, and our peers.

Elizabeth, it is great to hear some more contacts about what you and the AFC are doing before mine has been a member of the organization. We have a lot of customers as well, and it is great to see all the events and information coming from your part of the business. So, thanks for joining us today. 

Ed, do you want to give a quick update on your background?

Sure. Thank you. 

I am Ed Green. I am a legal and compliance banking professional. I have been in the industry going on about 15 years. I started at a small credit union, worked at a small bank, worked at a larger bank, Citizens Bank, and, in the last couple of years, I have worked at various fintechs in the legal and compliance capacity. Particularly setting up a bank partnership,  and I believe that’s what is our topic of the day.

Yeah. You are the perfect candidate to talk today, because you have experience both on the banking side as well as standing up programs at the fintech level. I have certainly seen some of the challenges and opportunities in between. We are excited to get that perspective. As far as a kickoff question, I joked around with you both before. You know, once you are into February, we cannot really make predictions for the year anymore, but we can do expectations. So, when it comes to banks and fintech and regulatory oversight in 2024, what are some of your expectations for what to expect from regulators, if you are either a bank or a fintech partnering this year?

Sure. I think the consensus amongst peers and others was that 2023 was kind of the year of the consent order. Today, the reality is we are faced with a lot more regulatory scrutiny of the bank in tech partnerships. What we have is a lot of waves of technology, and, now, also regulatory institutions. You know, the OCC, FDIC, the Federal Reserve, and the regulators are kind of playing a little bit of catch up of how do we regulate these entities? They certainly have the regulatory compliance laws on the books, and that is primarily what they use, although I will allude to two topics or two documents that can be used as guidance. I think today it is safe to say that fintechs and banks acknowledge that they need to really beef up their risk and compliance. 

I do so. I think that there is a notion that in an election year, the concentration of public policy development ships from Congress to the Administration. I think, historically, that is correct. I think that this administration is unique and that from the very start, we saw a divided administration moving forth with their agenda. One of those topics that are key to the listeners is one phase call. While that included transportation and entertainment, it also included financial services. I think that while Congress, the bipartisan support for policy development may not be as robust in the passing months as we near November. 

I think there is still going to be that concentration of and attention to consumer protections and this ongoing conversation that has not stopped. To the comments that Ed made on the consent orders, two other notes that are related that I would like to bring up. One being that just because it is an election year, there is a real opportunity for everyone listening to this webinar to go in and educate. Educate members of Congress and their staff on the unique products and services that you are offering and the partnerships.  Then secondly, that holds into that, I think that the third-party risk oversight, and the definition of what is included in third-parties is just beginning. We have just seen the tip of the iceberg there, and that is another angle and opportunity for us to really educate as we see that public policy just starting to emerge.

Yeah, that is a great point, Elizabeth, and we think about that third-party risk management that does seem to be such a big topic of consent orders from regulators when it comes to banks and fintechs. Specifically, I think we will talk about, in a little bit, some of the ways that both banks and fintechs can use some of the information that has come out in the last couple of years to be more proactive when they are putting together their own third-party risk policy. How they onboard new partners, and how they report out to regulators, or if you are a fintech, report out to your bank partners, and it is complex if you are newer to the banking as a service base. It is certainly. There is a bit of a learning curve there. But by having experts on like you all, definitely, helps with that learning curve. 

One of the other questions that we just wanted to call attention to. Obviously, if you look at how some of the factors have affected this industry with interest rate volatility. Over the last 18 months, a lot of the companies in the lending space have been impacted, and that impact is coming in the form of tighter budgets and, in some cases, layoffs. In some cases, the pausing of hiring for future sort of risk and compliance folks. Now, while all this is happening, there is increased demand from regulators, and there is increased pressure on banks to grow deposits to acquire new customers. You have sort of all these things that are falling on the plate of compliance professionals. 

Ed, we will start with you. In your experience, what are some of the strategies or approaches that Banks can adopt to establish and maintain compliance with their fintech programs, even though they are probably going to be a little bit understaffed for the responsibility in the near future?

Yeah. I am going to answer that question in a moment. I would like to play off of what Elizabeth stated about the third-party relationship and governance. That is extremely important. 

I alluded before that there are what is problematic in this environment is a lot of the players are trying to figure out what are the regulators looking for, and they are really looking to the consent orders. That is kind of a consensus as well. What are the consent orders? We know the regulations from A to Z. 

I will reference, as I indicated, two important guidance documents. The OCC issued guidance entitled Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks that was issued in August of 2021, and then Interagency Guidance and Third-Party Relationships: Risk Management that was issued just last year. That, again, plays off of the totality of what we are talking about. How is that relationship between the bank and the fintech? And how is that managed under the increased headwinds of the economic environment, the macroeconomic environment. 

As you indicated, the pressure on institutions, both the fintech side and the bank side, to have cost savings and to generate actually a profit for these fintechs. What I would say is enterprise risk management is kind of an established way of managing risk and compliance at a financial institution or fintech. Typically, you will see that in large, much larger institutions, you know, the Bank of Americas and the JP Morgans. What we are seeing, though, in light of all this, is the idea that enterprise management needs to be at the smaller community bank level in relation to their fintech partners. Enterprise risk management is a fancy kind of term for basically a catch-all to do more with less. 

To address your comments, John, is to take a broader, comprehensive view of the risk. Technology that is what fintechs are driven based upon, but it can be a two-edged sword. It can absolutely facilitate onboarding clients, but onboarding more clients in a shorter period of time increases risk. Real-time monitoring is one tangible way that I think the regulators are looking for, and a way that the fintechs, banks,  and third-parties can provide added value to the relationship.

That is great. Yeah, it is important to think about the resources for banks that are not just the consent orders, right? Some of those other pieces of content that you mentioned. Elizabeth, do you want to weigh in?

Yes, this is a great segue, because when I look at this this question, I think to myself, first and foremost, is to prioritize your risk and compliance teams. How do you prioritize them? We give them the resources that they need, and you look at retention strategies. Also, the other side of this is the redundancies in institutional knowledge. I think we saw about a year and a half ago that the talented folks in the workforce were jumping from different institutions, and there was a lack of, in certain cases, that institutional knowledge. I think now is also a time to learn from that and for the fintechs and the banks to build up that host of knowledge within their institutions. 

Also, I think that you can point to the gold standard, which is the three lines of defense, and having that in your systems. You have got the first line, which is usually the business. In this case, the fintech. The second line obviously is the risk of compliance. I put public policy and, also, legal in that category. Then, finally, there is the audit function. Alongside the three lines of defense is your risk-based testing. That is material in today’s climate. Again, with the public policy landscape, and having to justify how we are serving the underserved. 

Ed, you mentioned fintechs and banks, and the profit margin. We all know that those margins are thin. It is even more important for us to have risk-based testing to the extremes and to be able to verify and have proof points of all that we are doing. Finally, I would be remiss, knowing the role that I play in talking about relationships, both relationships internally across your organization, but also relationships externally. In the vast fintech partnerships, that is paramount. But it is also with your peers. At the American Fintech Council, it has 50 plus members. We have monthly webinars. We have monthly work groups. We are always available. I have the phone with our various members to answer questions, to talk about the the issues of the day, and that way we can move the conversation forward in an educated, systematic, transparent way.

Yeah, Elizabeth, if you did not plug the AFC. There, I was going to because so much of the feedback we hear from our customers, you know, if you are a regional bank or community bank, and you are entering into this exciting banking on the service space. You may have had a compliance professional on the team. Who has been with you for 10, 15, 20 years and may be not as well versed as all of the nuances that go into running a fintech program that you know. Maybe some of the leaders from your past company were, or some of the other players like Evolve or Cross River, who have been doing it for a long time, and have best practices to share. So it does seem like as the ecosystem grows, even though there is some competition, there is a lot more idea-sharing and a lot more collaboration. To say, ‘Hey, how can we work together to make this a better environment across the board and create those clearer paths of communication with regulators in a proactive sense?’ That is a great point. Ed, do you want to add anything to Elizabeth’s point? Because  I do you have a follow-up question on it.

Yeah, I would. Elizabeth makes a great point. Both on the bank and on the fintech side, you want to see the cross-collaboration. You really have to know, and I have done this at a couple of fintechs, you really as a compliance professional, you are not just wearing that compliance hat or risk management hat, knowing the regulations. You need to know your business line, you need to know your product lines, the type of product you’re offering. You need to know business operations, servicing sales marketing. 

Of course, you know, basically the front end to the back end. You need to know what is your brand, what is the outwardly facing brand and marketing materials. Obviously, those need to be compliant and not deceptive. And then you need to know your product, what are you offering. Again, there are plenty of disclosures that go along the lines with the product offering. A lot of these fintechs are online. You have to work with your business line, because a lot of times you have pain points that the customer just wants a seamless application flow. You know you are talking about your iPhone or a quick computer, and you can get a loan in 5 min. You really, as a compliance risk professional, have to know the business line. That requires that cross-collaboration.

Yeah, that’s one thing banking as a service certainly does. The bank level creates more need for communication between those strategic partnership teams and compliance. Both from the inception of a potential fintech partnership through onboarding, through the ongoing kind of maintenance and monitoring of that relationship and we see with our customers the more those two groups are on the same page, the more the entire process works. 

But, Elizabeth, my question for you was around, Ed, we will get your thoughts also. On the first line of risk defense responsibility. I totally agree, and we see that with a lot of our customers who have kind of first, second, and third lines defined.  But, in the banking as a service space, especially, maybe a couple of years ago, as more companies were getting involved, it did seem like the bank’s initial reaction was to put the responsibility of the first line on the fintech, but most fintechs were not prepared for that at all. They were good at marketing, and going to market and acquiring customers, and not necessarily ready to take that step either from an investment in headcount or in technology, to be that first line. 

Then Banks realize pretty quickly that even though they are partnering with fintech, regulators are looking at them as the regulated entity who is bearing a lot of the responsibility. What we see today with some companies is that almost like the bank and the fintech are each playing a first line of defense, or the bank has their own monitoring and oversight program. But they are encouraging their fintech to work toward building the same thing. I am just curious, from both your perspectives, is that the right way to approach it? And is that some of what you are seeing as well?

Absolutely. I could not agree more with the conversation and the direction of where the policy was a year and a half ago to today. I think that it is smart. You know, we see checks and balances and all different phases of our life, and I think it is a good check on both the bank and the fintech partnership. It creates that symbiotic relationship. We are seeing that is what the regulators and Congress want. At the end of the day, that check is put in place for the consumer, and they have sound products and fair products and secure products and transparent products for them. I echo everything that you just mentioned.

That is great. Ed, how about you, having seen it from both ends?

Yeah, I would say there is a little bit of a nuance in where it begins and where we are today. A little bit of the nuance is, technically, that three lines of defense should be stood up individually at the fintech, whether there is a banker relationship or not, and absolutely at the bank without question. Again, I have been at both financial institutions, where they have a very regimented first line, the business line, as Elizabeth aptly stated, and then you have legal risk and compliance, the second line, and audit is your third line. That is the traditional standard. And that is still there today. 

What is the struggle for the fintech is having that third lines of defense within the fintech, because you are probably small, and you have a lot of times one compliance person and that person is going to be the cook, bottle washer, and chef. However, that is stated all in one, and I find it was a challenge, and it probably still is a challenge to get the business line out of fintech to acknowledge some of the responsibility to be compliant, not to say that these people do not want compliance. It is just they are so head down into building out the product for the consumer. 

You do have those three lines of defense, but they can be all one person in the case of a small fintech. But, where I think that it is clearly going between the fintech and the bank partner is that whatever the fintech on boards, sometimes that was considered the fintech’s responsibility. It is absolutely the bank’s responsibility now. Not that the fintech could not be held liable, absolutely, but these regulators in these consent orders are clearly saying even if the fintech is onboarding customers that, technically, are not the bank’s customers, the bank has to have insight into those customers absolutely without question. So, the three lines of defense is still there. There is a little bit of a nuance today that it kind of goes from the bank to the fintech as an overall way of regulatory being in compliance today. There is no question that these consent orders say whatever the fintech brings on is what the bank is going to be responsible for.

Right, that makes a lot of sense and actually segments kind of nicely to our next question. This is one that, again, you both will have unique insights on. Building off of what you just said there, Ed, thinking of best practices for fintech companies to start implementing to ensure that they are well prepared for a compliant partnership with banks. You mentioned in your background that you have worked with multiple fintechs to get them approved by a particular bank based in Utah that we have heard has some pretty strict vetting processes when it comes to them onboarding new fintechs being that person who maybe was one person acting as first, second, and third line of defense for an early stage fintech, What were some of the things that you needed to do internally to prepare for the bank partnership, but also, can we get the appropriate amount of resources from leadership to prepare for that bank partnership? 

Yeah, great question. Again, I think the biggest, and I have been asked this recently. I think the biggest, again it kind of goes back to Elizabeth. It is the cross-collaboration with your product team and buy-in from the top down. There is no question in these, again in these consent orders, I am sorry I keep referencing, but it is kind of the playbook that we are using, really, is that the CEOs and the Board need involvement without question, very much so on the bank side, but on the fintech side as well. The fintech, CEO, and the Board have to acknowledge that they are in an industry that is regulated hard stop. If you do not want to be regulated, you do not want to play by the rules, then maybe you should consider a different industry. But, I think the mindset is more encompassing. I think a couple of years ago, it was, let’s just get it rolling. Growth, growth, growth, and meet the equity investor’s demands. I think today it is more of a let’s really understand the totality of it. We got to get compliance at the table along with product, along with strategic planning, along with the CEO along with the Board, and as a totality: what is our product? What is our brand? And that will prepare you best for a bank relationship.

Elizabeth, do you want to jump in?

I do. I agree, and I want to say that I liked, Ed’s use of the word nuanced. I agree that some of these contacts are startups, and they have limited resources. But, what we see is the successful ones are the ones that spend time and investment in their compliance team in the relationship building with their BaaS partners. So, that seems to be the sound public policy direction, and also kind of a model to help prevent consent orders. 

To kind of drill down on your question, John, you know, I think that at the AFC, we believe that agency engagement is paramount. I know I talked about Congress, but the agency, communication, and relationships, both from a perspective but on an individual basis, establishing that relationship early on, and explaining your products and services, are paramount. It pulls out. A compliance team and a robust program—the extent that you can do that is also paramount. 

Lastly, you might not be able to have the function of public policy, but you have to know the direction of the conversation. When it comes to compliance, it is the rules and regulations that come out. But it is the direction of the conversation of all of these new products and services that we can engage on today. That is something that, let’s say, we pride ourselves on at the American Fintech Council is bringing together the fintechs and the banks and the credit unions, the Red Tech companies, and all the external players to be able to talk about what is new and what may not be fully understood and help influence what will be that transparent public policy.

Right? That’s super important. I feel like these days. But the other interesting thing for the audience listening in now is, you know, if you are those people in our network who have been impacted from a job standpoint and are out there finding your next role. There are a lot of really good questions to ask, potential employers that are coming out of this conversation around. ‘Hey! What is your commitment to compliance resources over the next couple of years? What is the access to a seat at the leadership table(like Ed alluded to)for me coming into an early stage fintech, that that is going to be partnering with banks?’ And that will at least give you hopefully a better lay of the land and the support that you will get once you start with, you know, one of these companies that is definitely growing their compliance function. It is amazing when you talk about banks and fintech, how fast the time goes. But we are coming right up against 30-minutes here. I would ask you both if you have any kind of final thoughts to leave the audience with. Go for it!

Yeah, again, did kind of bring it all full circle. I recently talked to a small bank, and they have engaged, they are going to hire a special BSA Officer to manage that fintech relationship. They acknowledge that they have a BSA Officer, but he is more in line with the traditional bank BSA Officer, and the point is that they acknowledge they are going to put the resources into a new BSA Officer. They acknowledge that this is a unique situation, and they have engaged; their regulator happens to be the OCC. They, as Elizabeth stated, you have to engage your agency. They have engaged their agency to tell them this is what the path that they are choosing and believe that it is the strongest for the risk and compliance in the agency obviously concurs.

Well, I want to thank PerformLine for the opportunity to speak today. This was a really interesting topic, and of mind of all of those, I’m sure, today. Although I am sure that I am a little biased, and that as bias in our career paths that we are in. I will say, is this, you know, keep a pulse on the conversation, and if you ever want to know more please feel free to reach out to myself and my team. We are here to be that resource for the industry and bridge together the relationships both internally, externally. So, thank you, again.

Awesome. Thank you. And we will make sure we share everyone’s information as we disseminate the podcast and and people listen in on the webinar. 

Just to wrap up, you know, a lot of people know PerformLine as this company that comes out with a lot of content to empower and educate compliance professionals but outside of that we do have a software business that we have been running for 18 years, where we service banks and consumer finance companies. This particular use case that we are talking about is probably one of the ones where our banks that partner have seen the most value over the last year. I will just spend 2 min talking about our software business and an opportunity for anyone who wants to see a demo afterwards.

PerformLine is the only omni-channel sales and marketing compliance monitoring system that actually starts at the document approval process. So, Ed, you alluded to earlier, right? If you are a bank, you are working with multiple fintech partners, they are all creating marketing content. That content needs to get sent to somebody from the bank. They need to manually review it. The fintech want it faster. Whatever that timeframe is, they are always ready to go, and the banks want that information coming in more compliant and on brand, and so PerformLine has an automated verdict tool that sits within your existing workflow that helps streamline the process of partner banks sending in collateral for review. This becomes extremely important as you hit that scale phase where you are working with 4-5 different fintechs, offering different products with different regulatory considerations. That is certainly one way we have been able to help reduce time for review, especially with maybe less resources than you had in previous years.

After that, we do ongoing monitoring. So, monitoring the web, social media, and email for any of the ways that your fintech are talking about your products online. It is not as simple as what most of our customers do, which is, ‘Hey? I have got 10 fintech partners, and once a month we check their website to make sure our bank is in the disclosure’, and that is great. But the next level of that is monitoring your fintech partners online to see how they are doing customer acquisition. Are they working with influencers? Are they working with third-parties? And from a regulatory standpoint, again, regulators are looking at banks to make a good faith, effort to discover monitor and act. 

Anybody who is being communicated about some of their banking products at the consumer level. Having that next level of monitoring, not just monitoring the partner, but how the partner is talking to consumers is something that PerformLine automates and has all the reporting for you. Then on the back end of omni-channel in our world, it is call and message monitoring. 

So again, now you have as a bank, you have to have optics into consumer complaints that your fintech partners are getting, because those are an early warning system for potential regulatory action. How do you do that at scale, right? You probably cannot listen to every phone call of every fintech partner from every unhappy consumer but you can layer in a level of automation that helps point to you when there is a potential regulatory violation or consumer complaint. And if you do that at scale, you are going to get some really great data that can help tip the compliance team off to be more proactive around agent coaching or partner management, then they would be able to be if they were just in the dark there.

Now, where does this all come in handy, when you have those regulatory audits during the year, and the regulators are coming to you and saying, ‘Hey, we want to see proof that you did all of these things that you are telling us you do from a process standpoint.’ Again with PerformaLine a lot of our work is, you know, teams who are not going to be adding more headcount in the year, but need to have more coverage and continue to empower their partnership team to go out and create new fintech relationships. 

A couple of the examples that we will quickly talk about. One bank partner of ours was able to monitor upwards of 1,000 web pages and 60,000 plus social media posts across their fintech ecosystem. They are able to remediate and identify problems all in one system, and that is again infinitely scalable. If you add more partners on, or let’s say you off board partners, but need to make sure they are no longer referencing your bank. Maybe they have moved on to a different bank. The technology continues to look across the web and social media for instances where your brand may be misrepresented. 

Then on the front end of things, we work with customers who have multiple fintech partners who have seen a 90% reduction in document review time just by adding that layer of automation where now a fintech could submit, content to review. But before it gets to Ed’s team, or whoever’s team on the compliance side, the technology is providing an automated verdict. It is letting them know, ‘Hey, you have an outdated APR rate, or you are missing the appropriate disclosure for this product line.’ And once that happens, that response goes back to the fintech. Now they can look at it and say, ‘Oh, I am going to make these changes and resubmit it.’ So by the time it gets to the compliance professional, they are getting a much more complete document. There is less manual review to do. They can jump right to the documents where there are questions, or there are rule observations, and it makes the process a lot easier.

 Like Ed and Liz talked about today, it also makes the relationship between fintech and bank partners more compliant. It keeps them more on the same page, and it keeps some of the frustration out that can occur when someone is waiting on something else for information, or they think the rules are constantly changing. But to wrap up, we would like to thank you, Ed and Elizabeth, for your participation. We are really excited about all that is going on in your world, and with the AFC. And thank you as always to the PerformLine marketing team. They do an awesome job behind the scenes and making sure we can continue to produce educational content that the audience finds interesting, and take that feedback from the audience to set up more of these in the future. So thanks again for your help, and thank you to everyone who tuned in.

Thanks for listening to this episode of the COMPLY podcast! If you’re looking to learn more about how to be proactive in your partnerships when it comes to compliance, or want more information on PerformLine’s compliance solutions, I have several resources that I’ll drop in today’s show notes for you.

As always, for the latest content on all things marketing compliance you can head to And for the most up-to-date pieces of industry news, events and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!

author avatar
Gianna Kennedy Content Marketing Manager
Gianna is a Content Marketing Manager at PerformLine.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.