The Nature of Bank Fintech Partnerships
Last week we published a brief overview of the critical issues for banks to consider when engaging in bank fintech partnerships. This week we are diving deeper into each topic, giving actionable takeaways for you to implement into your strategy today.
The Nature of Relationships:
*For background information: Back in June 2023, the powers that be - collectively "the Agencies" (Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”)) issued guidance on managing risks associated with third-party relationships. This including relationships with fintechs. Our deep dive will include and expand upon the Agencies' recommendations.
There are two ways banks and financial institutions can engage with vendors. Typically "third-party" vendors refer to companies engaged to manage auxiliary services (IT support, marketing services, office supplies, etc). You can also consider these vendors "general third-party vendors". General third-party vendors focus on operations and do not have sway or say over core bank products. However, every relationship you engage in matters and is subjected to risk and regulations. Banks must tailor risk management practices to take these "non-core" relationships under consideration.
Bank fintech partnerships or BaaS partnerships: Partnerships with fintech firms or BaaS providers are fundamentally different. These relationships often involve sharing sensitive financial data, integrating core banking functions, and even co-creating financial products. Fintech firms may have direct access to a bank’s systems and customers. Therefore, the stakes are considerably higher, requiring more stringent due diligence.
The National Law Review whittles down the implications to the following recommendations. We've divided the guidance for both bank fintech partnerships and third-party vendor relationships:
Implications for Banks
Banks should consider whether their documentation for third-party vendor risk management is sufficient. If you don't have documented processes and procedures this is the time to get it all in writing, implementing or enhancing your existing inventory of all third-party relationships.
Review and/or update your processes for identifying "critical activities" as defined in the updated Final Guidance.
Consider the nature of your third-party relationships. The updated Final Guidance extends what is included in the definition of third-party relationships (review our guidance above).
Smaller banks and community banks need to lookout for additional resources from the Agencies intended to assist smaller, non-complex community banks in managing relevant third-party risks.
A word of warning to Smaller banks and community banks that entering into more involved fintech partnerships (especially those where the bank will be the issuing bank for products and services marketed and supported by the fintech) will result in complex and costly onboarding, monitoring, and oversight for the fintech partners.
Concerning bank fintech partnerships, the full extent of the effect of this new guidance is still to be seen. However, banks should prepare for the increase in exams and oversight in the future.
Considerations for Bank Third-Party Vendors and Suppliers
Third-party vendors and suppliers will expect to see increased due diligence from bank partners, including onboarding requirements, additional or modified contract terms, and ongoing monitoring.
Third-party vendors and suppliers will also expect increased oversight over their vendors and suppliers.
Implications for Bank Fintech Partnerships
Everyone is subject to regulations - even those partnerships with "innovative or new structures and features". Many banks already included partnerships within their risk profile but the big Agencies regulated banks specifically - under the new rulings, it may require a reset of requirements, changes in the level and nature of oversight, and other components of the bank fintech partnership.
Some relationships are new or novel structures and arrangements may introduce new or increase existing risks to a bank, including those with interactions directly between the fintech and the bank’s customers.
Fintechs need to think about compliance from the very beginning, not just as a reactionary measure. You only need to read the news of recent enforcement actions and consent orders to understand the challenge. Fintechs should expect additional requirements and monitoring from banks.