It is safe to say that the US FinTech market has hit its stride. Global FinTech funding soared past $34 billion last year, and the US makes up around half of the global FinTech market. More and more consumers are turning to FinTech products to transform the way they manage their finances, paychecks, loans and insurance. With COVID-19 keeping us all socially distanced for the time being, the move toward digital finance is only going to pick up more steam.
But the FinTech sector isn’t built on standalone infrastructure. As Banks attempt to stay on the forefront of innovation and as FinTechs seek the regulatory and compliance infrastructure they require, FinTech/Bank partnerships have become the new normal. This has been particularly important for the growing internationalization of FinTechs - as successful European FinTechs seek to cross the pond, having a legacy partner helps them gain a foothold.
These partnerships can take a variety of different forms - though for the sake of this piece, we’re going to focus on community banks that handle the banking back end of FinTech products, such as holding FinTech customer deposits and ensuring they are FDIC-insured or offering for benefit of (FBO) accounts to FinTech MSBs. As part of these relationships, FinTechs end up not directly regulated, and it’s up to the partner to ensure the FinTech remains compliant with BSA regulations. This means that banks have to be careful to select the right possible FinTech partners, and the same goes for FinTechs! Wirecard’s recent collapse, which has sent FinTechs all over the world scrambling for new partners, particularly highlights the level of overall due diligence and care that is needed when forming and sustaining a banking partner relationship.
What Happens When It Doesn’t Work Out?
We’ve seen first hand how FinTechs and their partners are pushing forward to innovate not just on customer-driven financial services, but also on financial crime prevention. However, the risks of getting partnerships wrong still need to be taken seriously and inform a firm’s approach to stakeholder management.
So what does it look like when things go wrong?
For some FinTechs, it means not getting very far. US partner banks tend to have steep compliance requirements and expectations - that means being able to demonstrate your BSA/AML compliance capability up front through risk assessments, policies and procedures, training, and effective control integration. Partner banks like Cross River weed out the majority of prospective FinTech partners due to the amount of compliance required. For FinTechs, failing to get a partner bank relationship set up can mean the difference between a successful funding round and going back to the drawing board. For European FinTechs and other international players with their eyes set on the US market, failing to obtain a banking partner due to compliance reasons could potentially shut off millions of new customers and dramatically set back scaling plans.
A few bad actors could also risk the current environment of strong partnerships. Across-the-board de-risking of correspondent banking illustrates what can happen when the difficulties managing AML/CTF controls within a partner relationship cannot be prudently resolved.
The picture isn’t great for partner institutions either. Building out relationships with the FinTech sector is becoming a profitable lifeline for institutions looking for ways to innovate and reach new client segments outside of their traditional stomping grounds; turning off the taps can obviously have an impact. And on the compliance side, as FinCEN expects financial institutions to ensure the compliance of their FinTech partners, failure to do so could risk steep fines and penalties.
In fact, one of the most frustrating obstacles to successful partner bank/FinTech relationships can be the current regulatory landscape, according to Robin Garrison, VP of Compliance at MainStreet Bank, who presented on making the most of partner bank relationships at the FinTech FinCrime Exchange (FFE). Certain regulators can hold traditional and sometimes out-of-date perspectives on risk and financial crime - and the absence of a unified approach between different US regulators (the Office of the Comptroller of Currency (OCC), for instance, has been much more proactive in supporting FinTech innovation than some of their counterparts), can only add complication. To really get the regulator onboard, Robin added, it’s important for FinTechs and their partner banks to work together to ensure appropriate testing has been done to evidence to the regulator that any financial crime risks are being appropriately mitigated.
Even if a FinTech and partnering bank do succeed in getting a relationship off the ground, poor relationship management can hinder positive efforts to prevent financial crime. High volumes of manual work, a lack of knowledge on how the other party is operating, and long delays in communication can mean that even if a partnership looks successful on the outside, it may still be struggling with balancing financial crime compliance and customer experience.
How Do You Make It Work?
Looking at the risks involved with setting up a successful partnership, it’s no wonder that it can be difficult for a startup to break into the FinTech space or for a legacy institution to take the leap into a new relationship in a digital world. But there are plenty of examples of where partnerships have taken off. What are they getting right?
1. They set a strong foundation.
This is something that features in all of the industry reading on how to make the most of a partner bank relationship. And that really is relevant here too! If you don’t have a strong, open, and transparent partnership in other parts of the business - such as making sure your financials are sorted and growth strategies are aligned - then it’s going to be difficult to build a relationship that allows you to successfully fight financial crime. In fact the best approach to building a positive relationship is to ensure that BSA/AML compliance isn’t segregated. From day one, compliance should be considered as an integral building block in wider relationship management efforts. This will ensure it doesn’t come back to bite once the relationship progresses on the commercial side.
Strong, positive foundations also go beyond shared values. Robin left FFE members with an important message about selecting the best banking partner. “Don’t go with the first partner bank willing to accept you. It can be very difficult to ensure that your data can be fed into and processed by your partner bank, so think about how well your technical systems will integrate when picking your banking partner.” Without aligned systems, anti-financial crime processes become a greater operational burden, and it becomes far more difficult for the partner bank to have the information they need in order to conduct robust assurance on the activity of their FinTech partners.
2. They establish clear roles and responsibilities.
Establishing clear roles and responsibilities is important for any business relationship, but it’s especially important from a financial crime perspective. When laying out the contractual arrangement, FinTechs and partner banks should try to agree up front and in writing who will be responsible for which part of the BSA/AML control framework and who the key points of contact are.
For example, does the partner bank need to review all KYC files on a FinTech’s new customers before they onboard, or will the partner bank perform assurance on the KYC process through periodic (e.g. quarterly) spot checks? If the FinTech is managing KYC, who should they talk to about trialling a new ID verification provider? Who will be responsible for OFAC screening at onboarding, throughout the business relationship, and for customer screening? To what extent should the FinTech establish their own transaction monitoring tool? Or will they be able to rely on the TM system offered by the partner bank?
There may be circumstances where the partner bank and FinTech relationship is so intertwined that setting rigidly defined roles and responsibilities just isn’t feasible. Anthony Jerkovic, Head of Data & Risk at Bank Novo, explained that, in Bank Novo’s partner banking relationship, roles and responsibilities often require a certain level of flexibility in order to effectively address the dynamic problems faced day-to-day. “If everyone touches a case, it is hard to precisely draw the lines of responsibility. Instead, we focus on close communication and working together and try to see them as an extension of our own team.”
If partnering firms aren’t able to develop a close working relationship or meaningfully outline roles and responsibilities, problems will inevitably arise. At best, it may take longer for both parties to process financial crime-related tasks, such as the investigation of unusual or suspicious activity, but at worst, serious financial crime cases could go undetected, as no one was formally designated as being responsible for identifying red flags.
3. They have a clear escalation process.
As part of laying out a clear delineation of roles and responsibilities, partner banks and FinTechs should also work together to establish clear escalation paths. The goal is to determine when the hand off happens and how. A lot of this will come down to the partner bank’s risk appetite, as they are the ones ultimately liable for any financial crime activity that occurs. But depending on the relationship, there may be certain activities that the FinTech can respond to without immediately escalating to their partner bank.
For example, one partner bank may be comfortable with a FinTech making a decision on whether to accept a customer with an adverse media finding against them, while another partner bank may require all adverse media hits to be escalated to their compliance team for review.
Let’s look at another example, which illustrates how escalation and communication paths work both ways. For instance, if a FinTech is doing their own customer screening, they may be expected to escalate all confirmed PEPs to the partner bank for approval prior to the start of any business relationship but only do so after clearing the alert and requesting necessary due diligence documents on source of wealth and source of funds. By contrast, if the partner bank does the customer screening, they may have to reach out to the FinTech to communicate with the customer to obtain EDD documentation.
Without getting the escalation process right, FinTechs and partner banks will run into the same problems as with roles and responsibilities - difficulty maintaining BSA/AML compliance and operating effectively.
4. They regularly communicate on all things fincrime.
The whole goal of outlining roles and responsibilities as well as escalation paths is to ensure that communication on financial crime issues remains robust throughout the partnership. This is especially important when both parties are closely involved in day to day financial crime operations. Without close communication, unusual customer activity can’t be investigated quickly, leaving funds suspended in a way that can damage a customer’s experience if they’re innocent. Given how quickly funds can move in and out of a FinTech account, without close cooperation, a partnership may fail to stop significant volumes being laundered through an account.
Samuel Peters, BSA Manager at Middlesex Federal, Bank Novo’s partner bank, highlighted that “especially when dealing with those in traditional banking, communication is key.” Depending on the nature of the relationship, frequent and regular touchpoints may be needed, even multiple times per week. Though, Samuel also flagged that it was important to ensure that both FinTechs and their partner banks understood that there would always be some level of risk involved in the arrangement. “Traditional banks and FinTechs are going to have different risk appetites; regular and open communication is the best way to help close the gap.”
Of course, there are also regulatory expectations with regards to reporting. Partner banks are currently expected to file a suspicious activity report (“SAR”) within 30 days of the initial detection of the suspicious activity, provided there’s a suspect. This means that the FinTech has to move quickly to escalate any unusual activity and work closely to support any investigation from the partner bank in order to meet the deadline.
Even in cases where FinTechs are given a good degree of autonomy, they should still work closely with their partner bank to ensure that both remain on the same page in terms of risk appetite. This means keeping the partner bank up to date on any new product developments, target customer segments, and geographic expansion plans, as all of these would impact the FinTech’s financial crime risk profile.
What Next?
FinTech relationships with partner banks aren’t going away and do come with their share of risks. But through successful stakeholder management efforts taken with a fincrime focus, both parties can work together to stop criminals exploiting the US financial ecosystem.
We have experience working on both sides of the table to help FinTechs and their partner banks manage financial crime risks. If you’d like to discuss this more, please contact our US team or email us at: contact@fintrail.co.uk