In July, we discussed the proposal from federal bank agencies to harmonize their respective orientations in terms of risk management. At the time, we underlined three passages of the proposal concerning the due diligence that banking organizations must exercise with regard to third parties:
- In some cases, a banking organization may not be able to obtain the desired due diligence information from the third party. For example, the third party may not have a long operational history or demonstrated financial performance.
- In order to facilitate or supplement the due diligence of a banking organization, a banking organization may use the services of utilities or industry consortia, including development organizations, consult with other banking organizations, or engage in joint efforts to perform due diligence to meet its established evaluation criteria. .
- In situations where it is difficult for a banking organization to negotiate the terms of the contract, it is important for the banking organization to understand the resulting limitations, determine whether the contract can still meet the needs of the banking organization, and to determine if the contract would entail an increased risk to the banking organization.
The new guide
Undoubtedly, these challenges resonate strongly with traditional community bankers, who struggle to stay competitive and meet increasing demands for better technology, but who lack the greater resources of their larger peers or the know-how. FinTech from some newer banking competitors. Recognizing these difficulties, the federal banking agencies — Federal Reserve Board (Board), Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation — have published Conducting Due Diligence on FinTech Companies, A Guide for Community Banks (To guide).
The Guide, which is voluntary and does not establish any new risk management requirements, is “intended to be a resource for community banks when performing due diligence on potential relationships with FinTech companies.” It is organized in the form of a table of descriptions and practical tips for each of the six due diligence topics with several sub-topics.
Due diligence topics in the guide
- 1. Business experience and qualifications
- Commercial experience
- Business strategies and plans
- Qualifications and backgrounds of the directors and officers of the company
- 2. Financial situation
- Financial analysis and financing
- Market information
- 3. Legal and regulatory compliance
- Regulatory conformity
- 4.Risk management and controls
- Risk management and control process
- 5. Information security
- Information security program
- Information system
- 6. Operational resilience
- Business continuity planning and incident response
- Service Level Agreements
- Dependence on subcontractors
The user-friendly guide provides a description of what a community bank should look for when evaluating a potential FinTech provider against each of the six topics. For example, as part of the review of the risk management and control processes of the FinTech company, the bank should ask if the company has reports from an audit function and “may also consider how it would integrate these. reports in the bank’s problem management processes ”.
The agencies understand that community banks may not have extensive experience in conducting this type of due diligence, and for each topic, the Guide provides a list of potential sources of information that a community bank could use. In the legal subtopic, for example, the Guide suggests requesting organizational documents and reputable certificates from a potential supplier, researching lawsuits, settlements and enforcement actions, and reviewing the company’s 10-K and 10-Q deposits.
The Guide usefully provides illustrative examples for each of the six main due diligence topics. These examples provide realistic assumptions to help community banks determine what to include in their due diligence process. The illustrative example under Information Security demonstrates this practical approach, such as the inclusion of this tip:
The bank can also take into account the risks and associated controls relating to its customers’ data, in the event of a security failure for the FinTech company. In addition, contractual terms that allow a community bank to access FinTech company records may better enable the bank to validate compliance with laws and regulations relating to information security and customer privacy.
Additional resources and comments
Shortly after the Guide’s joint publication by federal agencies, the Council released a document titled Community bank Access to innovation through partnerships (Paper). The document summarizes insights gathered by the board of directors during several outreach discussions with community bankers. The aim of this document is to facilitate the sharing of experiences between banks that are used to meeting the challenges of establishing FinTech partnerships.
Community bankers may find the description of the different types of FinTech partnerships particularly useful. The document describes three main types of partnerships: operational technology, customer oriented, and front end FinTech partnerships, including the benefits, risks and challenges of each.
The document then discusses the key elements for the implementation of an effective FinTech strategy, based on the experience of community bankers. Based on their first-hand experiences, community bankers reported that:
[F]intech partnerships were most effective when three elements [are] here: a commitment to innovation through the community bank; alignment of priorities and objectives the community bank and its fintech partner; and a thoughtful approach to making technical connections between the parties, including the bank, fintech and the bank’s core service provider.
Finally, the document also shares the specific concerns of community bankers, including:
Some community bankers expressed reluctance to be the first to engage in a relationship with a less established fintech, with many participants articulating a strategy of being ‘on the cutting edge’ rather than ‘on the cutting edge’. For some community bankers, this reluctance to engage with less established fintechs reflected concerns about creditworthiness and a potential partner’s ability to remain in business while their products were developed or implemented.
Community bankers will certainly relate to a number of opinions and difficulties shared by those who participated in the Council discussions. The information in the document will prove useful as more community banks engage FinTech partners.
The document is consistent with other recent initiatives by federal banking agencies that highlight the importance of traditional community banks in the FinTech train. In a speech on Local banks and digital innovation in June this year, Patrick Harker, president and CEO of the Federal Reserve Bank of Philadelphia, highlighted the importance of responsible financial innovation and discussed the opportunities and challenges it presents for community banks .
This year too, in his article, Technological innovation is key to the future of community banking in America, Board Governor Michelle Bowman, former community banker and state banking supervisor, stressed the importance for community banks to successfully implement effective FinTech solutions. While Governor Bowman acknowledges the difficulties encountered by community banks in “identifying[ing] a technologically compatible partner who aligns with their overall strategy and their appetite for risk ”, she urges them to take up this challenge because“ community banks are falling behind. . . run the risk of being at a competitive disadvantage or failing to meet the needs of the communities they serve. ”
Customer demand and competition will continue to push community banks to adopt more complex and sophisticated FinTech products and services, and in some cases, riskier. Unlike their larger or more tech-savvy counterparts, most traditional community banks do not have the means to either develop FinTech in-house or to comprehensively monitor potential suppliers.
The two new federal bank agency resources, the Guide and the Paper, will help community bankers focus their due diligence on FinTech providers and better understand the risks and mitigation strategies associated with FinTech partnerships.