How to Strengthen Bank and Fintech Partnerships with Compliance

Regulatory scrutiny for bank and fintech partnerships is continuing to increase. This, coupled with a challenging macroeconomic environment and an election year, means there’s a lot on the horizon for the compliance space for the industry in 2024. 

We recently sat down with industry professionals Elizabeth Gorz, Chief Strategy Officer at American Fintech Council, and Ed Greene, a seasoned legal, risk, and compliance professional, and discussed how bank and fintech partnerships can thrive through compliance.

Keep reading for their insights on upcoming regulatory expectations, maintaining compliance with limited resources, the importance of cross-collaboration, and how to best prepare for partnerships. 

Regulatory Expectations for Bank and Fintech Partnerships

Catching up to technology advancements

The consensus is that 2023 was the year of the consent order, explained Ed. So today, we face increased regulatory scrutiny of bank-fintech partnerships.

There’s currently a big wave of technological advancements in the financial industry. Regulators are playing catch-up with the pace of change. While laws and regulations exist, they may not fully address the unique challenges posed by fintechs.

It’s safe to say that fintechs and banks acknowledge that they need to beef up their risk and compliance.

— Ed Greene

The impact of an election year

There is a commonly held belief that during an election year, public policy development shifts from Congress to the Administration, which has historically been true, explains Elizabeth.

However, this administration is unique in pursuing its agenda despite division from the beginning. 

While bipartisan support for policy development in Congress may not be as strong in the coming months as we near November, there will still be a concentration of attention on consumer protection.

Just because it’s an election year, there’s still a real opportunity to go in and educate members of Congress and their staff on the unique products and services that you’re offering and the partnerships.

— Elizabeth Gorz

Third-party risk management

Third-party risk management is a significant issue for banks and fintech companies and was a dominant topic of the consent orders we saw in 2023.

Organizations will often look at these consent orders to better understand what regulators expect, says Ed. One important guidance document to also consider is the interagency guidance on risk management for third-party relationships. 

This document provides insight into how to manage relationships between banks and fintechs, particularly in times of economic challenge and cost-cutting pressures.

The oversight of third-party risk and what it encompasses is just getting started, says Elizabeth, and it presents an opportunity for fintechs and banks to increase education as public policy begins to take shape.

Keeping up with compliance with limited resources

The current interest rate volatility has led to tighter budgets, layoffs, and pausing hiring for risk and compliance roles. At the same time as regulators are demanding more, banks are under pressure to grow deposits and get new customers.

Enterprise risk management

Enterprise risk management is the process of identifying, assessing, prioritizing, and mitigating risks across an organization to enhance decision-making and achieve strategic objectives, and is an established and effective way of managing risk and compliance at an organization, explains Ed. 

While this is typically seen at large banks, this strategy should be used at smaller banks and fintechs to manage risks and compliance effectively. 

Real-time monitoring is a tangible way that regulators expect fintech, banks, and third parties to add value to their relationships.

— Ed Greene

Prioritize risk and compliance teams

First and foremost, prioritize your risk and compliance teams.

— Elizabeth Gorz

This prioritization involves providing these teams with the resources they need, focusing on retention strategies, and addressing redundancies in institutional knowledge. 

About a year and a half ago, a lot of talented compliance professionals were moving around to different jobs, which resulted in gaps in that institutional knowledge. So, now is the time for banks and fintechs to build up and document that host of knowledge within their organizations.

Three lines of defense model

When it comes to compliance, we can point to the “gold standard,” says Elizabeth—the three lines of defense  model for risk management: 

• First Line: Directly involves the business unit, typically the fintech, responsible for managing its own risks and adhering to regulations.
• Second Line: Encompasses oversight functions such as risk management and compliance departments, offering support to ensure that operations align with regulatory standards.
• Third Line: The independent audit function assesses the effectiveness of the first and second lines in risk management and compliance.

This approach creates a comprehensive and multi-layered approach to risk management and compliance, allowing banks and fintechs to protect themselves and consumers.

We see checks and balances in all different phases of our lives, and I think it’s a good thing when it comes to the partnership between banks and fintech companies. It creates a symbiotic relationship, which is what regulators and Congress want. Ultimately, this check is put in place for the consumer’s benefit, so that they have access to sound, fair, secure, and transparent financial products.

— Elizabeth Gorz

But, it’s not always easy—especially for fintechs. While the three lines of defense should be individually stood up at the fintech, whether there’s a bank relationship or not, it’s a struggle for fintechs to have those three lines of defense within the company because they are often small. And, since they’re so small, it’s often a challenge to get the fintech to acknowledge some compliance responsibility—not because they don’t want to be compliant, but because they’re so focused on building products for consumers. 

Whatever the fintech onboards, sometimes considered the fintech’s responsibility, is now absolutely the bank’s responsibility. These regulators, in these consent orders, are clearly saying that even if the fintech is onboarding customers, the bank has to have insight into those customers.

— Ed Greene

The three lines of defense still exist, but there is a nuance today where the responsibility lies between the bank and the fintech. Ultimately, the bank is responsible for what its fintech partner does.

The need for cross-collaboration

As more banks are entering the fintech partnership space, more compliance professionals—although highly experienced—may lack familiarity with the specific demands and nuances of running a fintech program. 

Unlike larger banks, which have a long history in fintech partnerships and have usually developed best practices, smaller banks are navigating relatively uncharted waters.

But, despite the competitive nature of the industry, there’s a growing trend towards collaboration and idea sharing within the ecosystem, which is key for those who may be unfamiliar in this area.

Industry-level collaboration

Elizabeth emphasizes the importance of maintaining strong relationships, both internally and externally, at the industry level. This is particularly true in the context of fintech partnerships, where relationships with peers and within the organization are paramount. 

Banks are increasingly seeking ways to collaborate and improve the overall environment for the industry. This approach aims not only to enhance operations, but also to establish clearer and more proactive communication channels with regulators to ensure a more compliant and efficient framework for all involved.

The American Fintech Council is a prime example of this collaboration. With over 50 members, the council hosts monthly webinars and work groups to facilitate discussions on current issues, promoting educated, systematic, and transparent conversations among members.

Collaboration with partners

On the partnership level, there’s a need for collaboration between strategic partnership teams and compliance teams from the start of a potential partnership, through onboarding, to ongoing maintenance and monitoring. 

The smoother the process between these two groups, the better the outcome. 

Internal collaboration

Internally, compliance professionals have to work closely with other departments within the organization. Their job expands beyond just the compliance function—they have to have a solid understanding of the business, the products, and everything in between, which requires a lot of cross-collaboration.

This includes servicing, sales, marketing, and everything from the front end to the back end, says Ed. They need to know the brand and its outward-facing marketing materials, ensuring they’re compliant and not deceptive. 

As a compliance professional, you’re not just wearing that compliance hat or risk management hat and knowing the regulations. You need to know your business line, you need to know your product lines, and the type of product you’re offering.

— Ed Greene

Preparing for bank-fintech partnerships 

What steps should fintech companies take to ensure they are ready for a compliant partnership with banks and get the resources needed? 

Lead with compliance

It all starts with cross-collaboration between the product team and getting buy-in from the top down, with the involvement of the CEO and the Board, says Ed. 

Fintechs especially must acknowledge the tough regulatory environment that they’re operating in. In the past, the focus for these companies was primarily on growth and meeting investors’ demands, 

But today, companies must take a more comprehensive approach to launch—they have to bring compliance, product, strategic planning, the CEO, and the board to the table to understand the totality of their product and brand, which will prepare them for a bank relationship.

Some of these fintechs are startups and have limited resources. But, the successful ones are the ones that spend time and investment in their compliance team and in the relationship building with their partners. This seems to be the sound public policy direction, and also a model to help prevent consent orders.

—Elizabeth Gorz

Regulatory agency relationship and engagement

Engaging with regulatory agencies is also crucial for fintechs, says Elizabeth. Building relationships and communicating with regulatory agencies allows you to establish a relationship with them, explain your products and services, and develop a robust compliance program. 

Ask about compliance resources

This point is for those who are seeking a new compliance role in a fintech company—if you’re interviewing, ask your potential employers about their commitment to compliance resources in the next few years and their leadership structure. This will help you better understand the company’s support and growth opportunities, especially if it’s an early-stage fintech.

Get the full insights from industry experts

For more insights on how to strengthen bank and fintech partnerships with compliance, listen to the full discussion here.

Frequently Asked Questions