Taking a Risk-Based Approach to Innovation Partners - Kathlyn L. Farrell
Kathlyn L. (Lyn) Farrell
October 6, 2017
Innovation in financial services has produced many varieties of products and services.
Among them are marketplace lending to consumers and small businesses online; using alternative credit underwriting criteria to increase access to credit; issuing prepaid cards to low- and moderate-income consumers; providing peer-to-peer payment channels, and developing financial health applications.
Traditional banks often like to partner with innovative companies, i.e., fintech firms, to gain access to new markets by funding these startups or to provide their own customers with innovative products or services.
Partnering with a fintech company can be a winning formula for banks as well as fintech companies, but there are a few factors any bank should consider to avoid pitfalls. The key is to weigh the known risks—particularly regulatory risks—against the potential income to be gained.
Start with the product
The first step to finding an effective partner is to determine whether the fintech company is offering a product that dovetails with your bank’s own strategic direction.
If your bank needs loan growth, finding a company that provides loans for purchase makes sense. If your bank wants to make prepaid card products available to its customer base but does not want to issue them, finding an innovative partner that issues these cards would be a strategic fit.
Analyze the culture
Once a bank determines that the product is appropriate for its strategy, it should select a partner with the right risk management culture.
While banks are highly regulated, fintech companies generally receive much less regulatory scrutiny. Often fintech companies have no idea of the regulatory requirements that apply to them, since they are not usually examined for federal financial regulatory compliance.
Finding a partner where the executive management is willing to make the necessary changes to accommodate both your bank and its regulatory agency is key to protecting the bank’s own risk management performance.
If a high-risk partner is chosen, you could regret the choice later if the partner’s bad actions end up tarring your bank’s reputation. Regulated banks have had examiners walk in and ask to see portfolios purchased from certain fintech companies that have garnered negative reputations with the regulatory agency.
Conduct due diligence
If the risk culture seems to be a match, then a thorough due diligence exercise is key. This is the most important step. Fintech companies that are not willing to build the regulatory compliance infrastructure necessary to pass muster with bank examiners are not going to become good partners.
Several things to review during due diligence are:
• Complaints that the company has collected.
• Complaints registered with state government agencies, the Better Business Bureau, and the Consumer Financial Protection Bureau.
• The strength of the company’s risk management structure.
In reviewing the risk management structure, determine if the company has appropriate policies and procedures, particularly for fair lending, if loans are involved, and anti-money laundering (AML), in all cases, as well as a monitoring and testing regime for all applicable regulations.
There should be a working governance structure for risk management, with regular reporting to senior management and the board of directors.
Many fintech companies are unaware of what is needed to be compliant. If the company is deficient in its governance, it must be willing to put in the work to shore up the risk management framework where needed. If it is not willing to put in the work and spend the money for necessary resources, the best course for the bank is to walk away.
Fintech companies with questionable consumer protection practices have subjected their bank partners to special regulatory examinations and additional fair-lending scrutiny. In addition, fintech companies often lack the anti-money laundering (AML) and Office of Foreign Assets Control (OFAC) monitoring required of a depository institution. A fintech’s inadequate AML compliance infrastructure has, in some cases, caused reputational damage that included its bank partner.
Not only should a bank review the company’s risk management programs, if consumer loans are involved, the portfolio should be analyzed for any fair-lending issues. If alternative data is used for credit underwriting, proxies for race, sex, or other factors should be assigned where necessary. Regression analyses should be performed to make sure that the lender is not unintentionally violating fair-lending laws.
In addition to reviewing the consumer protection and AML risk management programs, banks should take a careful look at the company’s data security risk management infrastructure. Data breaches get a lot of media attention and can taint a bank’s reputation by association even if the breach does not involve the bank’s own systems.
Regulatory agencies quickly learn which fintech companies have negative reputations for consumer abuses, AML lapses, and weak data security systems. They have been known to coordinate scrutiny of financial institutions simply due to their association with such fintech companies.
Before finalizing the partnership, your bank should make sure that the company has made—or is well on the way to making— any necessary changes in both internal and customer-facing practices that are problematic. It is worthwhile for a bank to do a quick final review before making the partnership permanent. If the innovation company is not committed to upgrading its practices there is probably too much risk to go forward.
View as PDF
As appeared in: Banking Exchange