Using Fintech to Offer New Products- a Three-Part Series Part Three – Partnering with Fintech
As we noted in parts one and two of this series, Fintech companies are designed to disrupt the current business model of banking. For many of the unbanked and underbanked, fintech companies represent a much-welcomed alternative to the use of high cost check cashers and payday lenders. In addition, tech companies such as Zoom, Square and Amazon are making it possible to transfer funds and store funds without actually going into the branch of a bank. Other Fintech companies are changing the way that credit is underwritten
Overall, it is easy to see that Fintech companies have the ability to increase a small institution reach and its overall products and services. As traditional means for profit become more scarce, Fintech opens the possibilities for additional income streams
A few examples of innovations that will continue to impact the banking industry follow:
? Stored Value - A stored-value card is a payment card with a monetary value stored on the card itself, not in an external account maintained by a financial institution. Stored-value cards differ from debit cards, where the money is on deposit with the issuer, and credit cards which are subject to credit limits set by the issuer. A “smart” cellphone is an excellent place to maintain stored value.
? APIs - An open API is a publicly available application programming interface that provides developers with programmatic access to a proprietary software application or web service. APIs are sets of requirements that govern how one application can communicate and interact with another.
? Nationwide Reach- Using data analytics, fintech companies can have access to customer behavior data and assist with marketing opportunities
? Reg Tech: Technologies can offer banks opportunities to outsource regulatory maintenance, monitoring, data collection, and customer due diligence. Regtech looks to enhance all aspects of a bank’s Compliance Management System including customer account alerts and monitoring, customer risk identification, and the fair application of lending practices. (Source: ICBA)
There are a number of software companies that provide a platform for APIs to work so that getting the software to work at your company becomes much easier AND you don’t have to necessarily buy expensive software upgrades to make it work
The “dirty secret” in the industry is that Fintech companies are considered MSBs and therefore they must get licenses in all fifty states. This creates an opportunity for a “win-Win” scenario. Banks can allow Fintech companies to “ride on the back” of their charter and make it possible to reach customers without having to get licenses. When a partnership is formed between a community bank and a fintech, it can be a definite “win-win”. Of course, without the proper procedures in place, such an arrangement can be fraught.
Collaborate with Care
Successful collaboration means having a risk assessment, strategic plan, and most importantly, strong vendor management. The FDIC, the OCC, and the FRB have all issued guidance on the proper way to administer vendor management. While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each. All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks.
One of the considerations that are necessary is about what level of due diligence is required for a third-party contract. The level of due diligence is heavily impacted by determination of whether the activity being considered is a critical activity. The OCC guidance defines a critical activity as:
? Critical activities—significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that could cause a bank to face significant risk if the third party fails to meet expectations;
? Could have significant customer impacts require significant investment in resources to implement the third-party relationship and manage the risk;
? Could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house.[1]
The steps that are necessary for the proper engagement of a third party for a critical activity are discussed in each of the regulatory guidance documents that have been released. The OCC bulletin provides the most comprehensive list that includes:
? Relationship Plan: Management should develop a full plan for the type of relationship it seeks to engage in. The plan should consider the overall potential risks, the manner in which the results will be monitored and a backup plan in case the vendor fails in its duties.
? Due Diligence: The bank should conduct a comprehensive search on the background of the vendor, obtain references, information on its principals, financial condition, and technical capabilities. It is during this process that a financial institution can ask a vendor for copies of the results of independent audits of the vendor. There has recently been a great deal of attention given to the due diligence process for vendors. Several commenters and several banks have interpreted the guidance to require that a bank research a vendor and all of its subcontractors in all cases. We do not believe that this is the intention of the guidance. It is not at all unusual for a third-party provider to use subcontractors. We believe that a financial institution should get a full understanding of how the subcontracting process works and consider that as part of the due diligence, however, it impractical to expect a bank to research the backgrounds of all potential subcontractors before engaging a provider.
? Risk Assessment: Management should prepare a risk assessment based upon the specific information gathered for each potential vendor. The risk assessment should compare the characteristics of the firms in a uniform manner that allows the Board to fully understand the risk associated with each vendor. [2]
? Contract Negotiation: The contract should include all of the details of the work to be performed and the expectations of management. The contract should also include a system of reports that will allow the bank to monitor performance with the specifics of the contract. Expectations such as compliance with applicable regulations must be spelled out.
? Ongoing Monitoring: Banks must develop a program for ongoing monitoring of the performance of the vendor. We recommend that the monitoring program should include not only information provided by the vendor but also internal monitoring including
? Customer complaints: Customer complaints are a direct indication of issues or problems within a program or product offering. A system that tracks complaints and their resolution is a critical component of evaluating the overall effectiveness of a program.
? Oversight and Evaluation: There should be a fixed period for evaluating the overall success and efficacy of the vendor relationship. The Board should, on a regular basis evaluate whether the relationship with the vendor is on balance a relationship with keeping.
***For More Information on FinTech’s and Financial Institutions visit www.VCM4you.com***
[1] OCC BULLETIN 2013-29
[2] Ibid.