Skip to Content
Picture of a blurry man walking down a corridor with glass railing to his right.
Article

Fintech partnership risk: A checklist for financial institutions

May 6, 2020 / 5 min read

Alliances with financial technology (fintech) companies can be transformative for financial institutions. But with benefits come significant risks, many of which may surprise you. Here’s a checklist for mitigating those exposures.

Partnering with the right fintech company can represent an enormous opportunity. Large and small banks, community banks, and credit unions, can:

Yet, while the future of banking lies in the kind of digital transformations these alliances make possible, financial institutions face an array of regulatory, reputational, and other risks and should proceed with caution. Banks must do their due diligence before striking these deals and monitor the relationships closely afterwards.

Banks must do their due diligence before striking these deals and monitor the relationships closely afterwards.

Key areas of risk

There are three broad areas of risk in fintech partnerships:

  1. Reputational risk: Financial institutions face reputational risk when any new product or service is introduced, regardless of whether it was developed in-house or by a third party. A single security breach as a result of a flaw in a fintech product could severely undermine the trust and loyalty that a bank has spent years nurturing. It could also directly impact profitability.
  2. Regulatory risk: Regulatory risk is a priority for financial institutions partnering with fintech companies. Fintech products are transforming the financial services industry, and lawmakers have fallen behind. It could be a long time before banking regulations are changed to address fintech products. In the meantime, regulators are scrutinizing fintech relationships to ensure financial institutions are still in compliance with traditional banking regulations.
  3. Unforeseen risk: Fintech companies have limited experience dealing with both regulations and regulators. For their part, banks and credit unions are unaccustomed to the changing, fast-paced environment in which fintech companies operate. There’s no telling what unforeseen risks may lie at the intersection of these two areas of uncertainty.

Fintech checklist

In order to mitigate these risks, financial institutions must manage their fintech relationships with great care, right from the start, and at every stage.

Do your due diligence (external and internal)

Before engaging in a relationship, make sure to:

Likewise, turn the due diligence lens on your own organization. Do you have the capacity to deal with a new partnership? Do you have the IT, compliance, and other resources needed to integrate a new system or product effectively and efficiently?

Turn the due diligence lens on your own organization. Do you have the ... resources needed to integrate a new system or product effectively and efficiently?

Decide who owns the relationship

Well-managed fintech alliances need to be centrally led, with clear internal accountabilities and reporting lines. Some banks have one person managing each fintech provider, without any periodic process for conferring on their fintech program as a whole. Siloed environments can leave bank executives unaware of patterns or trends across fintech relationships.

Consider having one person in charge of each relationship. If you’re working with several fintechs, consider forming a committee. In larger financial institutions, it’s especially important for the compliance function to reach out across the different lines of business, keeping the channels of communication open, so that news of any potential issues travels fast.

Set the ground rules

Define your fintech’s obligations in the relationship precisely and be sure to include communications protocols. Financial institutions share risk with their fintech partners, yet often only learn after the fact of significant product changes affecting compliance or of significant litigation or regulatory pressure. Detail your expectations. Determine who needs to know what and by when. And then schedule a series of ongoing touch points to make certain each side is getting the information they need.

Monitor the relationship closely

Think of your fintech partnership as similar to a large technology or other investment. Your monitoring approach should be as robust as manageable. Do the upfront work of identifying key risks in the relationship, and ensure you regularly monitor and assess them. Conduct formal reviews of the relationship quarterly and annually. Consider a periodic independent review. Plante Moran can help with that.

Ensure risk management is robust

Financial institutions tend to assume that fintechs are well-versed in consumer deposit lending regulatory risk, and that they have well-established risk and compliance functions. Many do not. They may be less than fully aware of their own obligations and of the many ways they can support you in meeting yours.

Financial institutions tend to assume that fintechs are well-versed in consumer deposit lending regulatory risk, and that they have well-established risk and compliance functions. Many do not.

Ask fintechs about their current compliance program, adherence to state regulations, as well as any available risk assessments, policies, procedures, training programs, and audit programs. Determine how these will evolve into the compliance function you (and your regulators) need to see. Make sure the fintech understands their role and how they can help you address any regulatory examiner concerns.

A fintech, for example, may already have a risk management program in place that addresses risks posed by Anti-Money Laundering (AML) regulations, General Data Protection Regulation (GDPR), and other local or international regulations. It’s unlikely, though, that their risk management program includes financial regulatory compliance requirements. Not all fintechs have been able to support banks, for instance, in meeting the requirements of the Electronic Fund Transfer Act. The regulation provides guidelines for consumers and financial institutions on electronic funds transfers, and is designed to ensure timely resolution (and prompt refunds, if needed) in the case of unauthorized transactions in a bank account. Some fintechs’ inability to support banks in meeting this obligation has left some customers unaware of the appropriate channels for resolution and often as a result, out of pocket.

Risk mitigation is key to success

Many financial institutions believe their organization’s future depends critically on the kind of technology support that fintechs can provide. But many risks attend such relationships, which are necessarily complex, deeply interdependent, and require strong regulatory oversight. These exposures must be carefully mitigated, not only to avoid missteps but to maximize the chances of partnership success.

Related Thinking

Group of coworkers in a business meeting.
March 21, 2023

Turning risk into opportunity: Five questions to ask

Article 8 min read
Banking buildings seen from below
April 9, 2019

Financial institution regulations and fintech compliance: A two-fold approach to risk management

Article 5 min read
Business professional checking the multifactor authentication code on their cell phone.
November 1, 2024

Preparing for the inevitable: Navigating third-party tech failures

Article 7 min read