FinXTech Intel 2023 report final 2 - Flipbook - Page 16
DOING THE DILIGENCE
By: Kiah Lau Haslett
Due diligence is a crucial exercise for bank
management teams, as they balance the benefits
of working with fintechs against the potential risk
and complexity these partnerships create.
Likewise, bank regulators have the authority to provide over-
While fintech partnerships can expand a bank’s products, ser-
partner. “The activities performed on behalf of the [bank] by
vices, capabilities or customer base, they are not without risk.
a fintech firm or other third-party would be subject to the
Adding additional layers of technology, reporting and connec-
laws and regulations applicable to the [bank] and subject to
tivity adds risk — which banks ultimately own. Regulators
supervision and examination by the [bank]’s federal regula-
expect banks to have appropriate third-party risk manage-
tor,” the Treasury report authors wrote.
ment programs in place that inform how they conduct due
diligence on a potential partner. Additionally, due diligence
of these partnerships is a continuous obligation that includes
ongoing oversight. Initial due diligence of a fintech vendor is
a time for a bank to learn more about their prospective partners, ascertain how the company is funded, how it approaches
topics like privacy and cybersecurity and how the partnership
will manage important operational issues.
Regulatory Expectations
sight and supervise bank activities, whether or not they’re
conducted fully internally or with the assistance of a fintech
These expansive relationships can contribute to a “complex
operating environment,” wrote the Office of the Comptroller
of the Currency in its fall 2022 semiannual risk perspective.
In response, the agency expects the banks it supervises to
strengthen their third-party risk management approaches.
Fintech partner due diligence is an excellent time for a bank
to revisit its own policies, procedures and approaches to
determine if they’re appropriate for current and future risks
“Community banks do not view innovation as an isolated
the bank may take. These programs should reflect the bank’s
or risk-free initiative,” said the Federal Reserve Board
size, complexity and risk profile, but also incorporate “the
in its 2021 white paper on “Community Bank Access to
level of risk and number of … third-party relationships”
Innovation Through Partnerships.” “They instead consider
it has or wants to engage in, according to 2021 proposed
responsible innovation as part of their overall strategy and
updates to bank regulators’ third-party risk management
risk management framework. They identify and implement
guidance. The proposed guidance includes six guiding princi-
solutions tailored to the needs of their customers, while
ples for each stage of the relationship. They are as follows,
maintaining sound banking operations and appropriate con-
excerpted from the guidance:
sumer protections.”
1. Developing a plan that outlines the banking organization’s strategy, identifies the inherent risks of the activity with the third party, and details how the banking
Keep in Mind: Banks Cannot Outsource Their Risk
Banks are ultimately responsible for managing the banking
activities they conduct, either directly or through a third-party fintech relationship, the U.S. Treasury wrote in a November
organization will identify, assess, select, and oversee the
third party.
2. Performing proper due diligence in selecting a third
party.
2022 report titled “Assessing the Impact of New Entrant
Non-Bank Firms on Competition in Consumer Finance.” That
means they must identify and control the risks that arise
3. Negotiating written contracts that articulate the rights
and responsibilities of all parties.
from these activities, as if the entire activity was conducted
within the bank itself.
14 | FINXTECH INTELLIGENCE REPORT
POWERED BY BANK DIRECTOR