Leah Campbell, Counsel; Jera Bradshaw, Counsel, Bradley Arant Boult Cummings LLP

Below is an insight into what can be expected from Leah and Jera’s session at Vendor & Third Party Risk USA 2023.

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.

What is changing with how prudential regulators view fintech partnerships? How is this affecting financial institutions TPRM programs?

Prudential regulators appear to be acknowledging the role that fintech partnerships have in the marketplace, both to expand banking services to previous unbanked/underbanked populations, and to allow smaller, regional banks to develop new markets for their services. The main question they appear to be focusing on is what types of risks are created when banks turn over their direct accountholder contacts to fintech providers. Are banks supervising the fintechs as they would other third party providers? How can banks keep up with the potential growth in accountholders? Are BSA/AML standards being upheld?

These are all questions that the banks and regulators faced in the last decade around technology outsourcing and off and near-shoring. How do the principles developed in that context meet the current environment?

Prudential regulators have been adapting their views on fintech partnerships as the landscape evolves.  They acknowledge that fintech partnerships can drive technological advancements, improve financial services, and enhance customer experiences. Many prudential regulators have established regulatory sandboxes or innovation hubs to facilitate and support fintech partnerships. Regulators are collaborating more often with fintech firms and banks to understand emerging technologies, monitor risks, and shape regulatory frameworks. They are becoming more proactive in engaging with fintechs and banks to foster collaboration and exchange information.

While the prudential regulators recognize that bank-fintech partnerships are expanding the financial services offerings for many customers, they continue to be increasingly concerned about the accompanying risks to financial institutions. Prudential regulators place a strong emphasis on risk management and consumer protection in the context of fintech partnerships. They expect banks to have robust risk management frameworks in place when partnering with fintech companies.

The dynamics of fintech partnerships have affected third-party risk management programs in various ways. Financial institutions have had to enhance their due diligence frameworks to account for the unique risks associated with fintech partnerships, such as intellectual property concerns, technology dependencies, and potential reputational risks. Fintech partnerships involve complex technology solutions and innovative business models that require specialized knowledge and expertise. A bank’s TPRM program must incorporate the specialized knowledge needed to properly assess the risks associated with these partnerships, such as cyber threats, data privacy and compliance risks. Financial institutions have had to develop new contractual agreements and provisions that are specific to fintech partnerships, which may include provisions related to data sharing, data ownership and dispute resolution. Monitoring and oversight now often involves real-time monitoring of transactions, expanded access to systems and data, and more frequent periodic assessments of the vendor’s security controls. Exit strategies and contingency planning have become increasingly important in a TPRM program to mitigate potential impacts on a bank’s operations and customers.

What are the main benefits to banks to have fintech’s as partners? How does this help an institutions TPRM program?

The main benefit to banks is potential growth in deposits and fees. I think an established TPRM is the right framework for evaluating fintechs. There will be nuances, but if the relationship is framed in that context using the established third party due diligence, onboarding/contracting, service levels, and audit standards, the bank will be in better position to manage the risks of fintech partnerships.

Fintech partnerships can help banks reduce costs and improve operational efficiency, and fintech solutions often leverage automation, artificial intelligence, and data analytics to streamline processes and reduce manual work. In this manner, fintech capabilities may be integrated in a TPRM program to optimize workflows and use tools to enhance operational efficiencies.

Where do financial institutions stand currently? What types of products can be leveraged?

Some banks are making fintech partnerships their central value propositions. Others are adapting financial technology to enhance current products, or to market new products to existing customers using data analysis. Institutions also use fintechs to break into new product lines, such as unsecured point of sale lending in specific consumer sectors.

Fintechs that specialize in regulatory technology can assist banks in meeting complex regulatory requirements. Through partnerships, financial institutions can leverage fintech solutions for enhanced risk management with tools that enable them to monitor and mitigate risks more effectively. Regulatory technology solutions can be leveraged to assist with know-your-customer (KYC) processes, anti-money laundering (AML) compliance, fraud detection, risk assessments and reporting.

Where do you see the future of fintech partnerships heading? What do you recommend?

There is a risk of the concept “banking as a service” going the way of “no doc loans” leading up the last financial crisis. What I mean by that is: that business will grow out of a concept that is, at its base, mis-aligned, and the risks will not be managed.

The services that banks provide are deposit-taking, lending, and transaction banking. When banks “partner” with fintechs, the fintech is the service provider to the bank – not the other way around. If banks lose sight of that, they may not be managing the risk appropriately.

The future of fintech partnerships with banks holds significant potential for further collaboration and innovation in regulatory compliance and security. With the increasing importance of regulatory compliance and data security, fintech partnerships should prioritize solutions that address these concerns. RegTech solutions can be integrated to streamline compliance processes, monitor regulatory changes, and enhance risk management. Security-focused fintechs may collaborate with banks to strengthen cybersecurity measures, data protection, and fraud prevention.