Skip to Content
Banking buildings seen from below

Financial institution regulations and fintech compliance: A two-fold approach to risk management

April 9, 2019 / 5 min read

Financial technology, or fintech, companies are revolutionizing the services offered by financial institutions. However, innovation isn’t without risk. We break down the risks and how to approach your risk management program for all parties.

Fintech companies are on the rise and rapidly replacing traditional banking functions with smart technology. Banks and credit unions are collaborating with fintech companies to offer customers quick and convenient access to an array of banking services, including automated online payments, fund transfers, personal loans, investments, and more. Fintechs make these services available by leveraging new technologies that automate and optimize banking methods. Although bank and credit union partnerships with fintechs create a more convenient experience for customers, there are many variables for both banks and fintechs to consider when deciding to join forces.

Three major risks both banks and fintechs should consider:

1. Reputational risk

Whether you’re a financial institution or a fintech company, you face reputational risk when a new product is brought to market. Financial institutions and fintechs both invest significant time and resources into customer relationships — and just one misstep can destroy your customers’ trust. Reputational damage could impact your credibility across the board, affecting the bottom line for additional products and your business as a whole.

2. Regulatory risk

Regulatory risk is an immediate concern for financial institutions that partner with fintech companies. Fintech products are changing the game for the financial services industry at an incredible rate, and lawmakers cannot keep up. Since it could take years to modify banking regulations to accommodate fintech products, regulators are carefully examining fintech relationships to ensure financial institutions are still in compliance with traditional banking regulations. It’s critical for banks to build a strong compliance foundation at the start of a fintech partnership to prepare for increased scrutiny from regulators.

Though fintechs aren’t currently subject to federal examinations, it doesn’t mean they won’t be in the future. The Office of the Comptroller of the Currency (OCC) has already proposed a special-purpose national bank charter specifically for fintech companies. Many state attorney generals have expressed concern or interest in providing regulatory “sandboxes” for fintechs where future regulations are to be developed.

3. Unexpected and unforeseen risks

As with any new product, unforeseen risks are ever-present. The biggest risk is the one nobody notices because it hasn’t happened yet. The opposing dynamics of fintech companies and financial institutions create the perfect storm of risk. Fintech companies have limited experience dealing with both regulations and regulators. And, banks and credit unions aren’t accustomed to the fast-paced, changing environment in which fintech companies operate. It’s not hard to imagine how these opposing weaknesses could overlap and contribute to a significant risk management blind spot.

It’s critical for banks to build a strong compliance foundation at the start of a fintech partnership to prepare for increased scrutiny from regulators.

How banks and credit unions should approach a fintech partnership

Understand the fintech’s risk management program

A fintech may already have a risk management program in place that addresses risks posted by Anti-Terrorist Financing (ATF) regulation, General Data Protection Regulation (GDPR), and other international regulations. However, it’s likely that financial regulatory compliance requirements haven’t been incorporated into the fintech’s existing risk management program. Ask about their current compliance program and personnel in place, as well as any available risk assessments, policies, procedures, training programs, and audit programs. You should also explore how these will evolve into the compliance function you (and your regulators) need to see.

Build a robust risk management program that includes banking compliance

If your fintech partner’s risk management program isn’t tailored to a financial institution relationship, create a plan of action to build out a robust banking compliance program. Make sure the fintech understands their role and how they can help you address any regulatory examiner concerns. With a trusted risk management advisor, they can collaborate with the fintech to design and implement strong internal controls and build a compliance culture.

How fintechs should prepare for bank compliance

Lay the groundwork for current and future bank regulations

Building or strengthening your regulatory compliance program requires time and energy. Look beyond your current product offerings and consider what products you want to offer in certain time frames like six months, two years, and five years. Identifying these products and services and a timeline for implementation will help you predict the types of regulatory pressures you will face. Building a compliance infrastructure is like building a house: If you lay the foundation correctly, you will avoid the cost of rebuilding in the future. Take the time to articulate future regulatory risks and incorporate them into your risk management program.

Prepare for new fintech regulatory requirements

Unlike the tech industry, regulation is a major factor in the world of financial institutions. As more bank-fintech partnerships form, more regulations will come into play for both parties. At the very least, you need to understand how existing financial regulations will shape your relationships with banking partners. In order to build a truly successful regulatory compliance function, take your organization one step further and anticipate what regulators could be asking for in the years ahead, both from financial partners and from fintechs themselves.

Control compliance costs and resources

The idea of building a compliance program might create concerns of staff augmentation, arduous processes, and exorbitant costs. But the truth is, implementing a compliance program doesn’t have to dismantle your business. When new products and services are in their infancy, the volume of transactions and incoming revenue doesn’t warrant hiring more resources most times. Regulatory compliance risk management experts can help you build and maintain a compliance program on an as-needed basis. Knowing that resources are available to your organization — whether it’s an initial compliance program buildout, periodic staff augmentation, or performing periodic compliance audits — can help you achieve compliance success without breaking the bank.

Building a compliance infrastructure is like building a house: If you lay the foundation correctly, you’ll avoid the cost of rebuilding in the future.

Risk is inherent in any type of new venture, but the regulatory risks that result from new fintech and bank partnerships should never restrict innovation. By leveraging the expertise of risk management consultants, financial institutions and fintechs alike can go beyond simply addressing regulatory compliance risk for new joint ventures. They can also add value to their own organizations by adding or strengthening internal controls related to risk management. For more information or to discuss how we can help, please contact us today.

Related Thinking

three business men analyzing documents
July 31, 2023

Optimize your internal audit function with a quality assurance review

Article 4 min read
Group of business professionals discussing segregation of duties.
July 28, 2023

Ready for strategic risk management? Start with our interactive segregation of duties matrix

Article 1 min read
Group of coworkers discussing the importance of cybersecurity.
June 28, 2023

The cybersecurity discussion you’re not having: Download our guide

Assessment 2 min read