BID® Daily Newsletter
Oct 26, 2022

BID® Daily Newsletter

Oct 26, 2022

Guidance for Engaging in a Responsible Fintech Partnership

Summary: Fintechs — once viewed as an existential threat to community financial institutions — are now increasingly seen as offering institutions an opportunity to innovate and thrive. However, fintech partnerships carry risks and the regulators are watching closely. We summarize six key areas from the latest due diligence guidance to ensure a successful and responsible partnership.

In 2011, Hewlett-Packard (HP) purchased a majority share of British software company Autonomy, valuing the company at $10.3B. A year later, HP took an $8.8B impairment charge, linking $5B of it to Autonomy’s accounting improprieties. Lawsuits followed and the deal has gone down in history as a huge due diligence fiasco. Autonomy claims that HP spent only six hours discussing the deal with them, prior to the acquisition.
Community financial institutions (CFIs) are already familiar with strict due diligence laws for any potential partnership, but fintech partnerships in particular are being watched very closely by regulators, as the popularity of these bank-fintech partnerships rise.
According to a study by Cornerstone Advisors, 65% of banks and credit unions forged at least one fintech partnership over the past 3Ys, and just over a third made an investment in a fintech startup. Of the remaining institutions, “37% plan to partner in 2022, and 18% expect to make an investment in a fintech in 2022.” On average, CFIs had 2.5 fintech partnerships in 2021, up from 1.3 in 2019.
Partnering with fintech companies is often key to a CFI’s ability to innovate and remain competitive in this rapidly changing market. Various partnership models have proven successful, including the following:
  • Operational technology partnerships — third-party solutions are deployed to increase efficiency of processes and infrastructure
  • Customer-oriented partnerships — third-party solutions enhance the customer experience
  • Front-end fintech partnerships — essentially banking as a service (BaaS)
However, for all the benefits of these models, there are also risks. As such, in August 2021, three banking regulators — the Federal Reserve (the Fed), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) — released guidance for CFIs on how to conduct due diligence on potential fintech partnerships. Industry observers believe CFIs should expect increasing scrutiny from regulators.
Keys to Due Diligence Before a Fintech Partnership

The regulators’ guide, which is intended to be tailored to each institution’s specific circumstances, focuses on six key areas for CFIs to evaluate when selecting a fintech partner:
  1. Business experience and qualifications. Understanding a fintech’s qualifications and strategic plans will help establish whether it can meet the institution’s expectations and support its objectives. A fintech’s senior management should also be scrutinized to verify that the company has the necessary experience to handle the proposed activity.
  2. Financial condition. Assessing a fintech’s finances allows CFIs to establish their long-term viability. Typical sources include annual reports, financial statements, and US Securities-related filings. Keep in mind that some newer companies may not be profitable yet or may be unable to provide the financial history traditionally required to assess them. In such cases, CFIs may want to review other indicators, such as access to funds, and growth projections.
  3. Legal and regulatory compliance. CFIs should evaluate a fintech’s ability to comply with applicable laws and regulations, knowing that many fintechs have limited experience working within the regulatory framework. Institutions may want to consider incorporating compliance terms into the partnership contract.
  4. Risk management and controls. A fintech’s risk management processes and controls should be consistent with the CFI’s risk profile. If the relevant information is lacking, CFIs could consider other approaches, such as evaluating the fintech’s operations and control environment with on-site visits, or by employing an independent party.
  5. Information security. A fintech’s ability to handle sensitive information should be appropriate to the type of partnership and activity performed. Depending on the activity provided, the CFI may want to also gain an understanding of a fintech’s oversight of its subcontractors.
  6. Operational resilience. Finally, CFIs should seek to assess a fintech’s ability to work through potential disruptive events, such as technology failures, human error, and cyber threats. Contingency plans may also be appropriate, including how CFIs might act in the event a fintech “fails to recover in a timely manner.”
Further insight comes from the Fed’s report, “Community Bank Access to Innovation Through Partnerships.” During the outreach that generated the report, participating institutions identified three elements that make for a successful partnership: a commitment to innovation across the institution, alignment of priorities and objectives between the institution and fintech partner, and a carefully considered approach to integration. With that in mind, the Fed concludes that “with appropriate risk management and compliance guardrails, fintech partnerships present a notable opportunity for community banks to strengthen existing operations, particularly when the partnership serves the unique strategic objectives of both parties.
If and when your CFI does choose to hitch your wagon to a fintech, some of your first considerations should be whether the fintech is fiscally stable and capable of providing the expertise and service your customers expect. Once you’re certain that the fintech is reliable and a good fit, continually researching the most recent due diligence guidelines and ensuring your partnership checks all the boxes will put your CFI in a solid position when regulators evaluate your fintech partnership.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.