BY JOSHUA DIAMOND
The Oracle of Omaha Warren Buffett’s famous quote, "Only when the tide goes out do you discover who's been swimming naked," has resonance today for banks partnering with fintechs. My colleagues and I have been watching closely as the twin forces of increased market volatility and sharper regulatory scrutiny have put bank-fintech partnerships under the microscope, and recently we shared some thoughts on the current landscape with Fintech Nexus.
At Klaros we believe strongly that bank-fintech partnerships still hold a lot of promise. However, we believe that the way they were managed in the past won’t necessarily hold up in the new landscape in which we’re operating.
By conducting new or updated risk assessments along with comprehensive due diligence, partner banks can mitigate the business and regulatory risks likely to pose challenges.
Risk assessments should allow the partner bank to identify the key risks associated with each of the programs being managed by their fintech partners, thereby allowing the bank to make a risk-based determination regarding oversight of its partners and take proactive steps to manage the financial, reputational, compliance, or strategic risks associated with those programs.
Due diligence should confirm the fintech partner’s ability to perform the activity as expected, adhere to the partner bank’s policies, comply with all applicable laws, rules, regulations, and requirements, and operate in a safe and sound manner. Due diligence on fintech partners should address all aspects of the regulatory guidance, but in particular should focus on:
BSA and KYC/AML requirements;
IT, information security, and business continuity expectations; and
Consumer protection and UDAAP guidance, including reviews of proposed marketing materials and a clear understanding of how complaints will be handled.
Partner banks should also ensure contingency plans are in place, in the event that one of their fintech programs has a major disruption or becomes insolvent. Those plans should consider the following:
Transition strategy and execution plan to assess and manage impacts related to customers, business, and employees;
The organizational, legal, regulatory, and financial risks if there is meaningful disruption for the partnership;
The inventory of products and services performed by the fintech and what IP or knowledge transfer should occur;
Risks related to technology, data, and infrastructure; and
Customer dispute communications during and after the end of partner relationship support.
Banks and fintechs, and more importantly their customers, have much to gain from successful partnerships. But regulators have made it clear that banks are to treat the activities of their fintech partners as their own. Banks partnering with fintechs need to ensure that both they and their partners have the resources, processes, and systems in place to ensure risks are well-managed and consumer protections are followed.