Effective oversight of FinTech partnerships

0

Knowledge

For banks today, going digital and adopting fintech is no longer an option but a requirement to be competitive.

FinTechs allow banks to deploy, create and serve their customers more efficiently than traditional methods; now many customers prefer these channels. But banks are often held back from getting into FinTech and digital spaces by what they see as insurmountable obstacles for their risk management, compliance and operations teams. They see this change as requiring several new hires and requiring significant capital and technology resources. In fact, many smaller institutions wade through these spaces methodically and efficiently.

These materials have been prepared for informational purposes only and do not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without consulting a professional.

For banks today, going digital and adopting fintech is no longer an option but a requirement to be competitive.

Fintechs allow banks to deploy, create and serve their customers more efficiently than traditional methods; now many customers prefer these channels. But banks are often held back from getting into the fintech and digital spaces by what they see as insurmountable obstacles for their risk management, compliance and operations teams. They see this change as requiring several new hires and requiring significant capital and technology resources. In fact, many smaller institutions wade through these spaces methodically and efficiently.

Supervision and management of banks should be tailored to specific products and services and associated risks. These opportunities can range in complexity, from relatively simple referral programs between a bank and a fintech company, which require much less oversight, to banking as a service (often referred to as BaaS) which requires extensive oversight.

A bank is personalized third-party monitoring programor TPO, is the cornerstone of a successful fintech partnership from a risk and compliance perspective, and should receive proper management attention and commitment.

What is considered an existing premium TPO program at a traditional community bank may not meet the ever-changing regulatory expectations of a TPO that governs an institution offering core products and services through various fintech partners and digital. Most banks already have the features of a traditional TPO program, such as reviewing all associated compliance checks from their partner/vendor and monitoring performance on a recurring basis. But for some banks with more exposure to fintech partners, their TPO has to deal with other risks before onboarding. Common unrecognized risks we see in banks embarking on broader fintech strategies include:

  • Review and document partner money transmission processes to ensure they are not acting as unlicensed money transmitters.
  • Review fintech deposit account setup procedures.
  • Assess the marketing of fintech partner services and/or products.
  • Ensure agreements provide sufficient oversight of partners to satisfy regulators.
  • Procedures for effectively executing protocols required under the Bank Secrecy Act, Anti-Money Laundering and Know Your Customer regulations, and capturing information in bank record systems. If the bank relies on the fintech partner to do this, implement the process for evaluating and monitoring the fintech program.
  • Assess compliance and credit risks associated with fintech partner underwriting criteria such as artificial intelligence, alternative data and machine learning.
  • Assess the impact of the fintech strategy on the bank’s fair lending program and/or community reinvestment law footprint.
  • The potential risk of unfair, deceptive or abusive acts or practices through the activities of the fintech partner.
  • True lender risks and documentation of the institution’s understanding of the regulations surrounding the true lender doctrine.
  • Assess changes in the risk profile of customers resulting from the expansion of the bank’s services and/or products and integrate these changes into the compliance management system.
  • Revise your overall enterprise risk management program to take into account the risks associated with any changes in products and services.

Finally, regulators expect this shift to more fintech partnerships to become the norm rather than the exception. They see it as an opportunity for banks to provide greater access to products and services to people who are underbanked, unbanked and invisible to credit. Over the past two years, we have seen a number of resources deployed by banking regulators in this space, including:

  • Regulators are creating various offices to determine how banks can best use data and technology to meet consumer demands while maintaining safety, soundness and consumer protection. The Federal Deposit Insurance Corp. built FDITECH, the Office of the Comptroller of the Currency has an Office of Innovation, as does the Federal Reserve Board. The CFPB has pooled its efforts to deploy sandboxes and issue “no-action letters” through its own innovation office.
  • The Federal Reserve released guidance for community banks on conducting due diligence on fintech companies in August 2021.
  • OCC Acting Comptroller Michael Hsu spoke at the Fintech Policy Summit 2021 in November 2021.
  • In November 2021, the OCC issued a statement clarifying the bank’s authority to engage in certain cryptocurrency activities, as well as the regulator’s authority to charter domestic trusted banks.

Adopting best practices like the ones we’ve listed above, along with early communication with regulators, will put your bank in an excellent position to begin working successfully with fintechs to expand and improve your bank’s products and services and to be competitive in today’s market.

Share.

About Author

Comments are closed.