Stay ahead of bank-fintech partnership risks in 2024

Tamara Kolb, Mary Harbaugh, Katie Renz

Crowe specialists offer predictions and considerations to help mitigate financial crime risks for banks and fintechs.

As fintech companies continue to transform the banking landscape, 2024 is shaping up to be a pivotal year for bank-fintech partnerships. Regulators are intensifying scrutiny and releasing new guidance that puts governance and risk management squarely in the spotlight. Staying informed on key trends, considerations, and best practices can help reduce risk in these partnerships, especially amid heightened regulatory pressure.

Navigating the challenges and nuances of bank-fintech partnerships can be tricky

Having experienced guidance can help.

Explore our services

Predictions and considerations for bank-fintech regulations in 2024

The nature of fintech partnerships continues to evolve, with increasing pressure on governance and strategic considerations. Guidance on risk management issued by the Federal Deposit Insurance Corp. (FDIC), the Board of Governors of the Federal Reserve, and the Office of the Comptroller of the Currency (OCC) in June 2023 is expected to play a fundamental role in shaping the trajectory of these partnerships.

Regulators are intensifying their scrutiny on controls within bank-fintech partnerships, leading to a heightened focus on risk management and governance over the entire third-party relationship life cycle. This life cycle encompasses planning, due diligence, third party selection, contract negotiation, ongoing monitoring, and termination of third-party relationships. Banks are expected to have governance controls in place for each stage of this life cycle to allow adequate oversight of their fintech partnerships.

The regulatory emphasis is translating into an increase in requests for Bank Secrecy Act (BSA) and anti-money laundering (AML) audits as well as independent testing reviews on nonregulated fintech entities. Notable trends include heightened pressure on bank sponsors to understand their fintech partners’ compliance programs and improve alignment across organizations. Fintech partners are incurring increased scrutiny during regulatory exams, necessitating thorough oversight and risk identification throughout the partnership life cycle.

When conducting BSA audits, outsourced financial crime specialists dive deep into a bank’s BSA controls as they relate to their fintech partnerships. This proactive approach aims to help banks identify and address gaps in their third-party oversight controls before regulators intervene, underscoring the importance of a thorough and preemptive strategy. As partnership dynamics evolve, considerations such as international regulatory impact, technological integration challenges, and innovation in product development become essential factors in shaping the future of bank-fintech collaborations.

Avoiding common obstacles in bank-fintech partnerships

Effectively mitigating complex, multifaceted financial crime risks inherent in bank-fintech partnerships requires a proactive approach from the bank’s side of the relationship. Proactive strategies can help banks and fintechs avoid obstacles that commonly occur in heightened regulatory environments.

One primary obstacle stems from bank employees lacking a comprehensive understanding of fintech operations and red flags associated with fintech customers’ activities. This knowledge gap can hinder effective oversight and risk identification. Additional challenges might arise if the bank's existing transaction monitoring system proves inadequate in the oversight of fintech customer activities, emphasizing the need for a robust monitoring infrastructure.

A second critical obstacle is the inadequacy of the contract when outlining BSA, AML, and Office of Foreign Assets Control (OFAC) responsibilities of each party. Clarity in these responsibilities is essential to establish a strong foundation for compliance. Lack of adequate monitoring of the fintech partner’s BSA, AML, and OFAC controls, unclear customer and activity monitoring processes (inclusive of suspicious activity reporting), and the absence of established procedures for screening fintech customer bases against sanction lists further contribute to potential obstacles.

The greater focus placed on the bank’s side of the partnership highlights the need for banks to identify BSA, AML, and OFAC risks early in the relationship. Risk assessment takes center stage here, emphasizing how important it is for banks to identify risks posed by a potential partnership and establish adequate controls for the initial evaluation and ongoing oversight of fintech processes throughout the relationship.

A third obstacle is a lack of ongoing monitoring of fintech controls that help successfully oversee and identify weaknesses within the fintech partnership. Such monitoring might involve periodic quality control testing and required independent testing of the fintech partners’ BSA, AML, and OFAC programs to determine alignment with regulatory requirements and best practices and conformance with the established contractual agreement.

Proactive identification of financial crime risks, clear contractual delineation of responsibilities, and ongoing monitoring mechanisms are fundamental components for banks to navigate the complexities of a successful and compliant bank-fintech partnership.

BSA, AML, and OFAC program considerations for banks

When adapting a BSA, AML, and OFAC program and controls for bank-fintech partnerships, a holistic and proactive approach is key. This program serves as the foundational framework for compliance with regulatory requirements and mitigating financial crime risks.

From customer identification to transaction monitoring and collaborative training, the following considerations touch on the multifaceted elements that collectively contribute to the program’s efficacy, fostering a secure and compliant environment for the partnership:

Customer identification program (CIP). Establishing responsibilities between the fintech and the bank is crucial for a compliant customer identification program. Implementation of quality control and oversight processes can boost the efficacy of the controls for identifying and verifying fintech customers’ identities.
Customer due diligence. The onboarding process and acceptance criteria must be clearly defined. Fintech-specific AML requirements and contractual obligations should be incorporated into the due diligence framework.
Customer risk rating (CRR). Assessing how fintech end users can be integrated into an automated CRR model is vital. This assessment involves understanding and managing the risk associated with different categories of end users.
Enhanced due diligence. Identifying and understanding higher risk end users allows for tailored enhanced due diligence procedures.
OFAC, special measures, and 314(a) list screening. Determining respective responsibilities for screening and clearing potential matches is critical. Quality control and oversight processes should be in place to enhance the effectiveness of screening mechanisms.
Suspicious activity identification, monitoring, investigation, and reporting. Incorporating fintech end users into an automated monitoring system enhances vigilance. Having a clear method for referrals from the fintech to the bank facilitates collaborative investigation and reporting.
Sufficient training. Fintech business operations and red flags specific to the fintech should be integral parts of the bank’s BSA and AML training program. Employees should be well equipped to identify and address potential compliance issues.

This comprehensive approach to BSA, AML, and OFAC considerations helps banks and fintech partners collaboratively navigate compliance challenges, thereby fostering secure and resilient partnerships.

Anticipating common pitfalls while forging bank-fintech partnerships

In bank-fintech partnerships, being able to see upcoming pitfalls and address them early can enable seamless collaboration. To proactively manage potential challenges, several considerations should be at the forefront of these partnerships, such as:

Goals and communication. Successful bank-fintech partnerships are built on clear goals and open channels of communication. Lack of clarity and closed communication can lead to chaotic problems, so it is essential that both partners are aligned in purpose and highly communicative.
Customer and technology integration. Integrations can pose unique challenges for these partnerships, especially in issues related to identifiers when integrating fintech customers into a bank environment. Additionally, technological integration itself can also present issues that require careful consideration on the front end of the relationship.
Safe and secure data transfer. This universal concern requires organizations to find strategic and cost-effective methods to promote smooth, compliant collaboration.
Customer onboarding processes. These processes come with an array of complexities that can differ between organizations and include matters like the collection of CIP data, waterfall approval, and verification procedures.
Customer IDs and views. An area prone to issues is creating singular, unique customer IDs and views, so it is particularly important to avoid challenges in this aspect by aligning with bank onboarding policies.

Documenting a consensus is a key preventive measure that can significantly reduce complications in the future. Documentation includes agreements on technology and customer integration between both organizations. Optimizing available technology (without duplicating efforts), evaluating data on the back end, and addressing the often overlooked documentation piece in customer onboarding processes are other important steps.

Proactively addressing considerations like these can help bank-fintech partnerships ultimately pave the way for successful collaboration.

Minimizing risk and unlocking vast potential in bank-fintech partnerships

In an era of exponential fintech growth, proactively managing risk is fundamental for banks exploring partnerships in 2024. As regulations emerge to guide these collaborations, governance, risk assessment, and compliance take precedence.

By following best practices regarding customer and technology integration, communication, documentation, and oversight, banks and fintech partners can preemptively tackle obstacles. With a robust risk management strategy and emphasis on compliance, banks can forge the path ahead in bank-fintech partnerships – ultimately supporting innovation while maintaining stability.

As the fintech landscape evolves, banks that take a proactive and prudent approach can be better positioned to unlock the full potential of these partnerships.

Related insights