Financial technology, or fintech, refers to the broad set of financial innovations that apply new technologies to a financial service or product. Although potential competition from fintech companies initially raised concerns for the banking industry, as consumer and regulatory demand for better technology increased, banks quickly recognized and adapted to the changing market. Today, banks have implemented fintech solutions for both back-end processes (monitoring of account activity) and consumer-facing products (applications to apply for loans and pay bills online). Many community banks now partner with fintech companies, often through their core processing service providers, to provide modern platforms and services to their customers, obtain data about their customers, provide individualized products and services, and increase security.
The COVID-19 pandemic also forced banks and customers to innovate, often changing how banking transactions were conducted. Banks rushed to provide solutions to open accounts and close loans remotely. These critical fintech solutions heightened banks’ awareness of the need to analyze their fintech strategy, including the processes and products that need to be changed and the best model to pursue that change.
Recognizing that innovation and evolving customer preferences are changing the financial services landscape, in August, the Federal Reserve Board, the OCC and the FDIC (the “Agencies”) jointly published Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks (the “Guide”). Intended to assist community banks in assessing the risks when partnering with fintech companies, the Guide draws on existing regulatory requirements and supervisory guidance on third-party relationships. It is consistent with recent proposed interagency guidance on how banks should manage the risk inherent in their third-party relationships. More importantly, the Guide likely signals that management of this risk will receive increased scrutiny and focus in the bank examination process.
The Guide emphasizes that “[e]valuating a fintech[’s] business experience, strategic goals, and overall qualifications allows a community bank to consider a fintech[’s] experience in conducting the activity and its ability to meet the bank’s needs.” The scope and the depth of the diligence process should be properly calibrated based on the degree of risk posed to the bank and the nature and criticality of the contemplated relationship. Although the Guide specifically addresses community banks (i.e., banks with less than $10 billion in assets), the Agencies note that it can provide useful guidance to banks of all sizes.
The Guide provides relevant considerations and helpful examples of how community banks may identify and mitigate risks through appropriate due diligence. Specifically, the Guide covers six areas of due diligence that community banks can consider when exploring relationships with fintech companies:
- Business experience and qualifications, including the fintech company’s business strategies and plans and the qualifications and experience of its company directors and principals. This area is important since it may be an indication of the company’s ability to adequately comply with a bank’s regulatory obligations while still providing a satisfying customer experience.
- Financial condition of the fintech company, including analysis of the fintech company’s financial reports, funding sources, and market position. A comprehensive understanding of a fintech company’s financial condition is important to ensure that it is and will remain financially healthy and fulfill its obligations to the bank.
- Legal and regulatory compliance of the fintech company. Before partnering with a fintech company, banks should assess the company’s knowledge and understanding of the regulatory and compliance environment for banks. Banks should also evaluate any legal or regulatory issues faced by the fintech company and review the company’s compliance strategies and programs relating to consumer protection, privacy, and anti-money laundering.
- Risk management and controls of the fintech company. Understanding the fintech company’s risk appetite and its internal risk framework is an essential component of due diligence. In some cases, a bank may learn the fintech company’s risk profile and the bank’s risk tolerance does not align.
- Information security, including the fintech company’s information security program and information systems. The ability of a fintech company to protect sensitive customer and bank information is critical in a fintech-bank partnership. Fintech companies should be willing and able to provide comprehensive information about their information security program and information systems.
- Operational resilience, including the fintech company’s business continuity planning, incident response plan, and service level agreements. Banks should assess the fintech company’s ability to provide service in the face of technology failures or cyber incidents. Threat detection procedures should also be examined and evaluated.
Through partnerships with fintech companies, community banks gain access to innovative technologies that can increase operational efficiencies, improve customer experiences, and bolster competitiveness. However, these partnerships also introduce risks that must be evaluated through an appropriate due diligence investigation. The Guide provides a roadmap for regulatory expectations and issues that should be addressed during the due diligence process.
To read the Guide in its entirety, visit:
Elizabeth Frame is a partner in the Charleston, West Virginia office of Bowles Rice. She advises clients on regulatory and securities work, as well as mergers and acquisitions, and has advised clients on issues regarding the CARES Act, Paycheck Protection Program and Small Business Administration Loan Relief. Contact Elizabeth at (304) 347-1715 or firstname.lastname@example.org.
Drew Proudfoot is an associate attorney in the Morgantown, West Virginia office of Bowles Rice. He focuses his practice on corporate and financial services transactions, including commercial lending, mergers and acquisitions, and business succession planning. Contact Drew at (304) 285-2566 or email@example.com.