Do banks and fintechs need to rethink their partnerships?

When he evaluates fintechs as potential partners, for instance for banking-as-a-service or embedded banking, Josh Williams asks three questions. 

The first: Is what the fintech is trying to do technically possible, and can it work with all layers of the bank technology stack, meeting all know-your-customer, data management and other requirements? The second: Is it legal? This includes a review of fair lending, UDAAP principles, Reg Z and other rules that might apply. The third: Can we all make money? 

"There have to be economics that support this," said Williams, who is executive vice president, chief banking officer and head of partnerships at Seattle Bank, which has $712 million of assets.

Josh Williams at Seattle Bank and Franklin Garrigues at TD Bank Group
Josh Williams, executive vice president, chief banking officer and head of partnerships at Seattle Bank (left), and Franklin Garrigues, vice president of external ecosystems at TD Bank Group, both said this week that regulators' fresh focus on bank-fintech partnerships has not changed the way they choose partners.

In these conversations, Williams and his team figure out if the fintech has the culture and commitment or stamina to work through those questions together. 

"Pretty quickly we find out if a fintech is not a good partner for us, and we can move on from there," said Williams, who spoke on a panel at the Finovate conference in New York this week. Williams' method of vetting fintechs mirrors the practices of many other banks.

There's been a spotlight on fintech vetting in recent weeks, as regulators have signaled that they have begun scrutinizing bank-fintech partnerships. 

In a speech last week, the acting comptroller of the currency, Michael Hsu, described bank-fintech partnerships as a potential systemic risk because so much complexity is being brought into the financial ecosystem. 

"The growth of the fintech industry, of banking as a service, and of big tech forays into payments and lending is changing banking, and its risk profile, in profound ways," he said. Several questions must be asked and answered about this, he said: Who is responsible for what when things break? How might confidence be lost in a banking services supply chain disruption and what would it take to regain it?  How do banks and their third parties view and treat customers in bank-fintech arrangements — when do customers go from being the client to becoming the product and how are consumer protections maintained? How vulnerable are banking services to stress at fintechs? What happens when fintechs fail? How are bank and fintech business models changing and how are incompatibilities reconciled?  

These are the right questions for regulators to be asking, Williams said.

"And I don't think that anyone on the banking side is surprised to hear those questions asked," he said.

The questions regulators are asking are things banks should already have been considering, evaluating, and managing throughout, Brian Graham, partner at Klaros Group, said in an interview. 

"It's been clear for decades that the regulators look at banks that are partnered with nonbanks and hold the bank accountable for what their vendors and partners are doing," he said. "That's not news. That puts the bank partner in effect into a role as the regulator of their fintech partners. So that bank needs to do everything it would do as if those fintechs were its employees, as if it were managing that business and the risk associated with it, as if the bank itself were directly responsible for it." 

What is new, he said, is that the regulators are increasingly focused on this area and increasingly enforcing those longstanding expectations.

"For banks that are in this business, or thinking about it, that haven't made the investments to meet those expectations, there's a challenge ahead," Graham said.

In late August, the OCC also took action against Blue Ridge Bank, a small bank in Charlottesville, Virginia, that provides banking as a service to fintechs. The bank agreed to monitor its fintech partners more closely, and ensure Bank Secrecy Act compliance. 

"What the OCC wrote out in that written agreement is exactly what you would expect the regulators to demand of any bank that's working with a fintech," Graham said. "There's no surprise that the bank is responsible for BSA or KYC or consumer disclosures."

Some of the small banks being scrutinized by the OCC are relatively new to working as partners to fintechs. Banking as a service has become an appealing option to banks with less than $10 billion of assets, which are not subject to the cap on interchange income that large banks are, under the Durbin amendment to the Dodd-Frank Act. 

"The fact that community banks are the ones that are best suited to be partners with fintech is a wonderful opportunity for a sector of the banking industry that otherwise doesn't see a lot of opportunities these days," Graham said. "It's this great situation where they can tap into cutting-edge technology, they can tap into a revenue pool that isn't available to the big guys and where the big guys don't just kind of eat their lunch right away. So it's a fabulous opportunity if done well." 

But the "if done well" part is really important, he said. Banks engaged in banking as a service need to take a hard look at the way they're managing the risks associated with fintech relationships.

"Have they invested in the technology and the people and the risk management necessary to do that well, and to a high standard that the regulators will accept?" Graham said. "If they haven't, they should, because they're going to be examined closely. And if they have problems, they're so much better served by getting ahead of them and identifying them themselves than waiting in the vain hopes that their exam team won't notice."

Regulators are starting to look at bank-fintech partnerships as a source of systemic risk, but the real problem is the lack of consistent prudential rules outside of banking.

September 13
John Heltman
American Banker

Some may have to make some changes. 

"Anytime the regulators focus on an area, particularly an area that is completely dominated by small banks, there will be issues," Todd Baker, senior fellow, Richman Center at Columbia University and managing principal at Broadmoor Consulting, said in an interview. "It's meaningful and it's real. And it means the cost of being a partner bank is going to be significantly higher. Because you've essentially got to live up to all the standards set out in that agreement."

Banks will have to hire more lawyers, compliance experts and consultants to make sure their policies and procedures are in good shape, he said.

Regulators are trying to push banks to "do more due diligence and exercise more oversight over the activities of fintechs," Baker said. 

Fintechs need to do more due diligence as well, he said. 

"If you're a fintech, in the past your view would've been, I just want whatever bank can get me on the fastest and with the least hassle," Baker said. Now fintechs have to wonder what they're going to do if their partner bank gets in trouble. 

"Now you need to do due diligence on your partner bank to see that their policies and procedures are appropriate for the activities that you are undertaking," he said. "So it's going to lead to a general increase in the strengthening of the risk management parameters and for some very small banks that may make it not worthwhile."

Williams sees the regulators' emphasis on fintech partnerships as helpful.

"Providing more clarity around what the expectation is, is only going to be helpful in terms of making sure that all parties have more realistic expectations coming into a partnership," Williams said. 

For reprint and licensing requests for this article, click here.
Fintech Technology Financial regulations
MORE FROM AMERICAN BANKER