<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=552770&amp;fmt=gif">

Risk Management & Regulatory Compliance, Change Management, Governance & Policy

5 minute read

Want to work with fintechs? Here’s a primer on the risks to weigh in any relationship.

Mar 2, 2022

Written by: Elizabeth Snyder

The skyrocketing expansion of fintechs delivering inventive products and services is impressive, and it’s only natural that traditional banks want to seize a bit of that action. After all, many of these startups have identified a specific consumer pain point – often something that has long troubled a bank – and applied cutting-edge technology to solve it. Along the way, fintechs are carving out an entirely new market while also expanding their reach to previously unbanked or underbanked consumers.

Remember, the traditional banking industry was built differently from startups, leading to potential culture clashes when organizations of different origins come together. Fintechs are known for innovation and a faster pace of change because they often encounter less of the red tape that governs bank operations. Conflicts can arise as banks turn to fintech opportunities, so they need to consider the risk management frameworks they need to have in place as those partnerships launch and evolve. Don’t underestimate the change management hurdles that need to be tackled as well.

The banking industry, as we all know, remains heavily regulated – with the promise of more consumer protection regulation on the way, but fintechs still operate outside much of that oversight. Be sure to go in with your eyes open, as any risk and compliance teams in place at a fintech are likely not as mature and will require extra time to train, nurture and oversee. You’ll need strong controls to mitigate the risks posed by these complex relationships.

In the coming months, Spinnaker will share additional insights on issues and opportunities in bank-fintech partnerships. Through our blog, we’ll explore open banking and lessons banks can learn from the simplicity of fintechs, recommend updates to a bank’s governance structure to account for the unique risks of fintech partnerships, and delve into what fintechs should be considering as regulatory overnight draws nearer.

To start, we’re looking at the basic risk management tactics banks must leverage in their due diligence as they consider one of three main types of fintech partnerships.

Different Relationships for Different Needs

Beyond the fundamental vendor vetting, each third-party relationship presents slightly different concerns for a bank. Investing the appropriate time and attention up front – that all-important due diligence – is essential before partnering with any fintech. Make sure your assessment also includes looking in the mirror to see if you truly can handle this relationship and the added responsibilities of IT system support and resource capacity across all three of your lines of defense.

Here are a few things to consider before you move forward:


    What this means: This is a fintech’s bread and butter: offering a unique solution or technology that a financial institution might not be able to develop on its own. We’re seeing this more and more with smaller banks, which might view this as an easy way to introduce another revenue stream. This also can allow a small- or mid-sized bank to stay competitive by going to market faster or rapidly expand its geographic reach.

    What you must consider: Step back and look at what each side is bringing to the table. In general, large banks bring a big customer base and never-to-be-discounted regulatory expertise, while fintechs bring innovative ideas that can be implemented quickly. In the case of your particular bank, is there balance, or do you run the risk of being overrun in the partnership? With the potential for a larger footprint due to new offerings, are you assessing market risk, weighing the implication of potential rapid growth and readying your organization to accommodate it?

    If your organization wants to seize the innovation of a fintech, you’ll need to have the proper controls in place. To start, consumers are very protective of who accesses their money and their information. When you bring a fintech into your consumers’ lives, you assume the consequences, which means you carry the risk of that relationship. Don’t be so dazzled by the solution that you shortchange your due diligence around the fintech’s cybersecurity and data privacy practices. In fact, we suggest conducting extra research in this space because you’re opening the door to your most important asset: customer data. 

    That cutting-edge technology fintechs administer contributes to very complex algorithms and models, often highly more sophisticated than any a bank (particularly a community or regional operation) already has or could envision. Do you have a line of sight into how those automated systems are behaving? Are they treating your customers fairly?

    Be mindful of your data governance and model risk considerations. In July, for example, the Consumer Finance Protection Bureau ordered GreenSky, an intermediary in the lending space, to pay a $2.5 million fine for booking loans without consumers’ authorization; interestingly, that didn’t preclude its purchase by Goldman Sachs later in the year. In another example, Visa is under a harsh regulatory light for possible antitrust violations in its partnerships with Square, Stripe and PayPal.

    After all, onboarding a fintech is much like onboarding any other vendor, such as a contact center, and you hold responsibility for ensuring that partner plays by the rules. This is third-party risk management at its most complex level.


    What this means: By their very nature, fintechs still are largely startups, with about 500 new companies opening each year, and their business ideas and strategies are perhaps the most sophisticated part of their makeup. They simply don’t have the back-office operational rails of a traditional bank. Fintechs are turning to more comprehensive institutions to handle that part of their business, which they white-label with their branding. Another scenario might be a fintech that offers consumer loans, but they need a bank with a balance sheet to support them.

    What you must consider: Why does a fintech need a bank to help run its business? For one, a bank charter often is the door they must walk through to make loans. You’re opening up the risk of your bank charter to let them enter, particularly if their fundamental practices aren’t up to the caliber expected by a regulatory agency. Banks are tempted by this new revenue source, but the underlying need for the fintech is to use your charter to access systems and processes they wouldn’t otherwise be able to use.

    A related risk comes with the overall acceptance of fintech products. An increasing number of retailers no longer accept digital bank cards due to risk. If there’s risk within the heart of the fintech business, that risk then logically becomes a problem for you – from not getting paid to taking a reputational ding. And if, on the other hand, your customers are extremely pleased, you could be in for a loyalty struggle.


    What this means: Fintechs need financial institutions with the spectrum of services and products required to run the business. This starts with your due diligence and knowing the customer, which is the proper moment to identify the risks posed with a relationship and to determine the process you’ll need in place to monitor those risks on a regular, ongoing basis. Additionally, be sure you don’t base your decision purely on the fintech’s innovation: Assess its long-term strategy, mission statement and key leadership to determine if it’s a fit with your organization.

    What you must consider: Validate that the fintech is delivering on its stated business strategy and mission, because you’re staking your reputation on theirs. Just look back to Summer 2020 and the social justice uprisings. Banks – along with other businesses – came under the microscope for who they were providing financial services to.

    That kind of scrutiny extends outward to your consumers, who want to know what your bank stands for. 

    Be aware of a fintech that leads first with its product, because these startups are significantly profit driven. Make sure to review its balance sheet carefully. If they take any missteps that result in the collapse of the company, your bank will bear the brunt on its income statement.

Choosing the Right Relationship

Even if regulatory oversight is still looming and fintechs present a new type of competition, banks are recognizing that fintechs are here to stay, especially as they gain market share. Indeed, nearly half of American financial services companies plan to lean on fintech partnerships for growth, further underscoring that these startups are positioned for deals that leapfrog them long past that infant stage. While it’s certainly one strategy for elevating your bank, you’ll need to confirm that achieving that goal must be countered with understanding the risk you might be taking on in the process.

The most critical decision should come long before you sign onto any fintech relationship. Engage your risk and compliance team members, who have the knowledge and expertise on what your regulators are going to expect. We’re already seeing larger banks exploring the value of creating specialized teams focused on the unique risk and compliance considerations of fintech relationships.

Save your organization time, energy and money by gaining their insight on the best way to approach and structure a fintech relationship and apply your existing risk management practices. The Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency recently co-published a guide for community bankers to follow in assessing fintechs, with steps that any banking leader should embrace. And our Spinnaker consultants are here to help you understand the risks involved in any fintech relationship – along with how to navigate them so you can gain optimal return with minimal impact on your core business.

Spinnaker consultant Laurent Robert contributed to this blog post.