Do your fintech partners speak “Bank”?
Banks are scrutinized from the due diligence and risk standpoints, and their fintech partners must appreciate that they will face similar scrutiny.
The popularity of bank-fintech partnerships continues to grow, and while these collaborations can be advantageous for banks, some are finding that not all relationships — or partners — are created equal.
Successful partnerships are about accomplishing a goal. A bank must first home in on the specific problem it is seeking to solve, and once it starts to vet prospective partners, it should look for fintechs that not only understand and appreciate its unique needs, but can also provide the flexibility to match those needs.
Today, banks are viewing their overall technology stacks and systems as a single ecosystem and workflow and evaluating how any changes will make it better or more efficient. Fintechs that understand this can offer their bank partners more opportunities to streamline and enhance their operations beyond the initial use case.
One of the biggest hurdles for bank-fintech partnerships often boils down to the equivalent of a culture clash — a difference in approach attributable to the two very different skill sets and mindsets involved. The technology that runs the fintech, whether direct or middleware, is usually nimble and fast-moving. Conversely, the bank’s older systems may not be as complex, but also may not take much maintenance to run. If the two need to “speak,” this can create friction for the platforms and the people running them.
With fintech’s increasing market adoption, the number of fintech-focused accelerators has grown and they can point companies to the experts and compliance considerations necessary to compete and succeed in specific areas. So those fintechs that support lending, for example, are aware that they are different from a regulatory standpoint than those working only with deposits. Today, many fintechs have a better appreciation and understanding that regulators can come for them, too, and they are making compliance a priority.
Due diligence is the key
A few common questions banks should ask before considering a fintech partnership: Does the fintech understand its regulatory responsibility? Does it have up-to-date SOC reporting and a solid business continuity plan? Is the fintech adequately aware of the areas of possible exposure or risk for their service or product?
For the banks, this due diligence includes determining where each prospective partner falls on their own risk scale, rather than applying a blanket level for every vendor or partner. Ideally, this is based on the types and volume of data that will be accessible. Thus, information generally available to the public (like names or addresses) will not have the same level of risk and will not require the same levels of oversight as balance or transactional information.
Third- (or even fourth- or fifth-) party risk is a major due-diligence point that is often overlooked or underappreciated by fintechs and banks. Financial institutions should know which vendors a fintech works with and, in turn, their security capabilities and concern.
For example, many fintechs leverage hosting services like AWS for their platforms, so it is imperative that banks know these details to manage their own third-party risk and how it might impact them if a problem does occur. Understanding the severity of an issue based on what could go wrong will ultimately dictate the kind of controls the institution will need to have in place — or the kind of audits needed.
Financial institutions are risk-averse by nature and can be somewhat hesitant about implementing new technologies, especially if the prospective partner is a relatively young company. To alleviate these concerns, fintechs may offer contract flexibility that can reduce the risks for banks of signing long contracts. Such flexibility helps demonstrate that a fintech understands the pain points and concerns of their bank clients, whether compliance-driven or otherwise.
Banks will always be scrutinized from the due diligence and risk standpoints, and their partners must appreciate that they, too, will be under this level of scrutiny. Fintechs that prioritize due diligence, are committed to understanding their clients’ concerns and can communicate the problem they can solve while acknowledging and articulating the possible risks of their service or product show a demonstrable value to their prospective institutional partners and that they are, in fact, speaking the same language.
Terry Ammons, CPA, is a partner at Wipfli LLP.