New world, new risks: how banks can manage compliance in the age of fintech
Banks are partnering with fintechs to gain new customers and revenue streams, but with new ways of conducting business come new risks. Bankers may feel apprehensive about giving up control of the client experience and shifting to more of a support or oversight role for these new acquisition channels. How can a bank be certain that a fintech partner has a strong compliance program, and that this fintech is taking appropriate measures to guard against bad actors?
This post will go over strategies for how banks can ensure fintech partners are ready to meet bank compliance standards. It will also provide fintechs with insights into how banks view compliance, and why this topic is such a huge concern for traditional financial institutions
Watch our on-demand seminar, "The 5 Critical Elements of Compliance for Fintechs."
Fintech compliance risk management methodology
Unless a fintech company is large and well-established, it generally doesn’t have the resources to build a successful internal compliance program. Instead, the fintech will often work with companies that offer risk and compliance support. As a bank partnering with a fintech, you want to make sure that the fintech’s compliance setup adheres to all regulations. So how can you judge if a fintech company is complying with the law?
For starters, examine the fintech’s general compliance model:
- Are they working with specialized partners? Specialized compliance partnerships are the safest option for small-to-medium-size fintechs that are still refining their product and scaling their business. By leveraging tools offered by industry leaders, a fintech company can easily identify risk and create appropriate processes of review during customer on-boarding and throughout the customer lifecycle. Examples of specialized compliance partners include KYC and risk assessment firms Unit 21, Alloy, Middesk, and LexisNexis. These companies can tailor solutions to a fintech’s specific use case, protecting them against their unique risks. Just as banks conduct due diligence on their potential fintech partners, they should also research any third party compliance platforms that a prospective fintech partner has contracted.
- Are they working just with their BaaS provider? Some BaaS providers claim that they can provide general, one-size-fits-all compliance solutions. General BaaS compliance offerings may not cover every unique risk facing a specific fintech, and the fintech may not have a say in how the program is designed. All this can mean the fintech remains exposed in some areas. If the fintech is exposed, then so is their bank partner.
- Are they building their own program? Once a fintech reaches a certain size, relying on partners to manage their compliance program ceases to be cost-effective. At this stage, the fintech is ready to build their own program. Early-stage fintechs that are just seeking their first bank partnerships are unlikely to have the necessary scale to support building their own internal compliance program.
Choosing an integrated model where the BaaS provider already has established partnerships with specialized compliance providers provides a number of advantages:
- You have one connection for both BaaS and compliance services.
- The BaaS can help advise on technology and compliance integration with fintechs.
- This can help cut down ongoing requests and process audits
Treasury Prime works with top compliance companies such as Alloy and Unit21 to provide compliance support to both banks and fintech companies, and has expert knowledge of the processes and players in all three industries.
Can you trust your fintech partner with compliance?
Fintechs routinely navigate compliance with success. That said, as with any industry, not all fintechs are built the same. Look for fintechs who have a team with a strong connection to financial services. Fintechs that have strong tech backgrounds among their staff but no principals with finance backgrounds can remedy this imbalance by working with BaaS or other providers with finance industry experience.
Fintechs with good compliance programs and best banking practices in place also share a couple key characteristics.
- They’re transparent: They give their bank partner full visibility into their operations and customer base. They share developments within their company and seek input from their bank partner on potential new features and changes.
- They communicate openly: They contact you directly as needed with questions, concerns, and just to keep you up-to-date.
Some fintechs sit at the intersection of multiple industries that deal with different regulations. Make sure the fintech is in a line of business your bank is able to support. For example, if you don’t already work with the cannabis industry, you may not be ready to work with a cannabis fintech.
How to mitigate compliance risk?
Ensure that you always have up-to-date information about what a fintech partner is doing. Startups move fast and can pivot quickly as they solidify their business model. Here are some guiding questions to ask when considering a fintech partnership:
- Where is the fintech marketing their product, and to whom?
- What is the fintech’s onboarding process for users? What information does it request from people trying to open accounts?
- What is the fintech’s product roadmap? What features does it plan to add? What features is it retiring?
- What are the fintech’s plans for growth?
- What are the fintech’s biggest challenges in the moment?
- Who are the fintech’s other partners? Is it planning on adding any partners?
If these questions seem routine to you, then that’s excellent. You don’t want to become another high-profile case of a financial institution that got into trouble for failing to properly mitigate third-party risk.
Ideally, your fintech partner will answer these questions without you having to ask. It will independently submit the information to you regularly, and consult with you before making major changes to their product. Choose a BaaS provider that encourages this level of open and direct communication. Avoid providers that insist on being the conduit for all messages from or to a fintech partner.
How your BaaS provider can help
BaaS providers can have significant influence on how fintechs approach compliance — and in turn, how much risk those fintechs pass on to their bank partners.
Look for these qualities in a BaaS provider to ensure a sound compliance approach:
- Financial industry expertise: The BaaS employs experienced compliance experts, and has principals who have worked in the banking industry.
- Tailored matchmaking: The BaaS provider has a deep bench of reputable partners and is able to guide fintechs in connecting with specialists who will meet the fintech’s unique compliance needs. The provider is also able to introduce the bank directly to fintechs that may be a good fit as partners.
- Plays a facilitator role: The provider never forces the bank and fintech to use them as a go-between. Instead, the provider connects the two partners and facilitates initial connection so they may connect directly going forward.
- Transparency: The provider is transparent about what fintechs are on their platform. Once a bank and fintech are partnered, the BaaS provider gives the bank visibility into how the fintech is using its banking APIs and the bank’s system.
- Respects the bank’s role: The provider acts as a technological platform, facilitating connections between banks and fintechs. It does not present itself as a replacement for the bank or as owner of the bank’s charter. The provider does not market “rent a bank” or “rent a charter” services.
Even if a fintech is doing everything right, if a bank doesn’t have visibility into what a fintech partner is doing, that can spell trouble with regulators. Banks need to be able to confidently explain all their programs to regulators to prove they are properly overseeing those programs. That includes third-party programs — which includes how fintech partners are integrating with a bank’s system. If a BaaS provider stands in the way of a bank’s communication with a fintech partner, or if the provider prevents the bank from seeing who a fintech’s customers are, the bank can face regulatory issues.
How fintech could cause a revolution in compliance
Chartered banks are the backbone of the financial system, but increasingly people are choosing to interact with them through fintechs. That means banks are becoming less visible to consumers, though not less important. It also means more parties are involved in account opening. The account opener engages with a fintech app to create the account, and the fintech then opens the account with their partner bank. In the post-fintech landscape, both opportunity and risk can come from new and different places.
Treasury Prime will be launching a four-point compliance framework that includes a thorough, streamlined risk assessment for fintechs, so that all partners involved — including banks — know what they are working with. We will also provide ongoing monitoring of leading risk indicators such as the rate of ACH transfers on the fintech’s platform and continuous screening for known bad actors based on always up-to-date sanctions lists. We connect fintechs with compliance and KYC partners to help them customize their compliance programs.
To learn more about the fundamentals of compliance, watch our webinar, “The 5 Critical Elements of Compliance for Fintechs,” on demand.