Providing banking services to FinTechs? Here are your key compliance responsibilities 

With FinTech partner banks in the United States increasing their FinTech deposits by double digits, greater scrutiny of the risks these relationships create by regulatory and supervisory bodies was inevitable. Financial institutions are offering these Banking as a Service (BaaS) capabilities to FinTechs to boost their deposits. While the FinTech partnership business model offers many upsides, senior legal advisors at major partner banks now warn their peers about the coming scrutiny. 

As such, 2024 is a critical year in which the sustainability of partner banks’ risk management frameworks will be tested. Firms that have reviewed the latest regulatory guidance and public statements by other partner banks will be best placed to capitalize on the continued demand from FinTechs for access to banking services.

Key regulatory requirements

The core documentation every partner bank compliance leader should familiarize themselves with is the joint guidance issued by the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) in June 2023. The guidance states that:

“A banking organization’s use of third parties does not diminish its responsibility to meet these requirements to the same extent as if its activities were performed by the banking organization in-house.”

The guidance specifically calls out a five-stage risk management process:

1. Planning: Before entering a partner relationship, banks should “evaluate and consider how to manage risks” – for example, the volume of activity and any technology required to support that.
2. Due diligence: Partner banks need to thoroughly evaluate potential partners in alignment with the risk and complexity of the relationship. The regulators state that “relying solely on experience with or prior knowledge of a third party is not an adequate proxy for performing appropriate due diligence.” 
3. Contract negotiation: This should document specific, effective risk management principles and oversight, any risks that are increased, and whether any remaining residual risks are acceptable once a contract is drafted. 
4. Ongoing monitoring: Once a relationship is active, it is critical to review the “quality and sustainability of a third party’s controls” and establish the ability to escalate and respond to issues of concern.
5. Termination: Partner banks need a straightforward process for terminating relationships, taking full consideration of the level of risk incurred as a result.

How partner banks can consolidate their risk exposure

Top takeaways for banks from the guidance include treating FinTech partners’ customers as their own and having a complete view of their risk exposure at all times. 

At ComplyAdvantage, we support partner banks with customer and payment screening, some of whom have 12 or more FinTech partnerships. This creates a complex set of risk management responsibilities for our customers. 

So, what criteria should banks looking to build and grow their partnership business model use to assess RegTech vendors? 

• Do they offer a complete view of potential risks? For reporting and risk management, tracking exposure across all relationships in a single place is critical to scaling the partner bank model.
• How easy is it to integrate data sets? Expert implementation and a flexible data model are critical to bringing multiple data models into one environment.
• What segmentation options are available? In addition to providing a complete view, can the RegTech segment FinTechs’ data to break down potential risks and set specific rules to mitigate those risks? 
• Are there opportunities to improve efficiency with AI? Most vendors will reference AI capabilities in their marketing materials, but understanding how these can be accessed is essential. For example, would it require a partner bank to rip and replace its AML stack, or can AI be layered on top of existing models and data sets? 
• How much support do they provide? Given the highly complex and changing regulatory environment, selecting a RegTech partner familiar with the banking and FinTech sectors is important. This will also enable partner banks to scale more quickly, leveraging rules and existing best practices for other customers.