Posts
Banks engage in embedded FinTech to meet consumer expectations
By Hannah Flanders
As competition throughout the banking industry continues to rise and digitalization takes the world by storm, many banks are turning to new opportunities with FinTech providers.
Today, consumers throughout the U.S. seek immediate, safe, and easy solutions in every aspect of their day-to-day lives — from transportation and grocery shopping to banking.
As banks throughout Wisconsin look to best serve consumers, their ability to create innovative, flexible offerings is one of the most important factors to consider in remaining relevant and competitive in their communities.
The Growth of Technology
In 2021, nearly half of all households across the country utilized nonbank online payment services, including peer-to-peer payments (P2P), according to the Federal Deposit Insurance Corporation’s (FDIC) 2021 Survey of Unbanked and Underbanked Households. P2P payment solutions — such as PayPal and Zelle — and other technology innovations, including Uber, DoorDash, and Zoom, have deeply engrained themselves into households across America and become especially important for younger generations to make transactions.
Already, over 1,200 banks around the country, including over 50 in Wisconsin, have begun integrating Zelle — a digital payments service offered by the FinTech provider Early Warning Services, LLC — to help meet the expectations of their customers. However, as banks continue to compete for deposits and new loans, innovation beyond incorporating P2P payments into their online services may become a necessity.
What is Embedded FinTech?

Virginia Heyburn
Virginia Heyburn, director – research, insights, & advocacy at Engage fi and recent keynote speaker at the Wisconsin Bankers Association’s (WBA) 2023 Bank Executives Conference, describes embedded FinTech as a strategy by which traditional banks own the experience and work to build FinTech functionality into their own digital banking experiences. This is comparable to the Banking as a Platform, or BaaP, model that banks may utilize to integrate FinTech solutions into their existing offerings.
Embedded FinTech emphasizes the bank’s possession of the brand, by way of providing the service on their own platform, and the augmentation of FinTech functionality behind the scenes. This process allows banks to strengthen their own offerings, increase customer engagement, and build loyalty rather than provide services to outside users, as is the case with embedded finance or Banking as a Service (BaaS).
What Embedded Fintech Means for Banks
Although 95.5% of all U.S. households were banked in 2021, according to the FDIC’s survey, Heyburn states that it is important that banks continue to deepen their relationships with their retail and commercial customers and offer features that are valuable to them.
By integrating property management capabilities into digital portals for landlords, disbursements for commercial clients, or intelligent budgeting and savings tools for retail customers — banks have the ability, through a partnership with a FinTech servicer, to provide an even greater number of tools and resources for consumers.
As the banking industry evolves faster than ever before, embedding FinTech into their online services will not only allow banks greater flexibility in the products offered, but provide the opportunity for banks to increase their technological capabilities. Early Warning Services, LLC, the FinTech provider of Zelle, highlights that these valuable partnerships permit banks to
utilize technology to consider new ways to attract and engage customers, including cross-selling and engagement with the banking app, as well as reduce costs in other areas such as cash and check management.
“I expect nearly every bank to pursue embedded FinTech strategies within five years,” Heyburn states.
The Challenges
While embracing FinTech solutions may be the next step for a bank, Heyburn says that legacy technology has always made the interoperability of systems challenging. Between delays, a strong reliance on core vendors, and inconsistencies, there are a number of factors to consider when strategizing a frictionless exchange of any internal or external system.
With mobile and online banking being the primary way many consumers interact with their bank, it is critical that banks not only have the personalized products individuals expect, but also can deliver information efficiently.
“Customers are no longer willing to tolerate delays and defects in the FinTech era — they are voting with their fingertips as they choose online banks that offer the speed, ease, and convenience they want,” states Heyburn. “The cost of doing nothing has never exceeded the cost of making a change — until now.”
As Forbes published in a recent article entitled Digital Transformation in Banking, in order to rapidly and cost-effectively design, create, plug in, and deploy new digital products and services, the bank’s digital product platform must be component-based, API-driven, and cloud native.
The Benefits
While less than 60% of all financial institutions currently deploy APIs or cloud computing, according to Forbes, many understand this conversion as a solution to meeting customer needs and expectations. In addition to allowing consumers the ability to connect their accounts across platforms,
engaging with FinTech servicers will provide many banks with the ability to simplify their technology — which in many cases, may be limiting an institution’s ability to roll out new competitive features or service offerings — as well as save on maintenance costs that limit the ability to compete on service price, according to PwC.
By incorporating an open banking system into their digital offerings, banks are able to balance safety and security with the expectations of all consumers. As the industry continues to evolve, and greater emphasis is placed on increasing competition in the marketplace, driving financial inclusion, and creating more consumer choice, partnerships between banks and FinTech providers have the potential to assist banks in not only improving their technological capabilities, but also more effectively serving their customers.
Interested in developing a partnership with a FinTech provider? Learn more about WBA’s upcoming FinTech Showcase at wisbank.com/FinTech.
Engage fi is a WBA Associate Member.
By Rose Oswald Poels
Last week, the Wisconsin Bankers Association (WBA) was pleased to welcome over 500 attendees to our annual Bank Executives Conference. In addition to the many opportunities to gain insight from speakers and network among peers, attendees experienced WBA’s first FinTech Showcase.
The hour-long session, held in conjunction with the conference, was an overwhelming success, and many bankers left the event inspired for the future of their business. As our industry continues to evolve and technology grows increasingly important in the daily operations of banks, the Association is pleased to announce that this April 17, we will host our first full-day FinTech Showcase Event!
In an effort to demonstrate the power of FinTech and assist bankers in staying up to date on technology solutions related to the industry, the day-long event will feature two keynote presenters and eight FinTech vendors. Providers will demonstrate their solutions live in 20-minute intervals, and attendees will have the chance to ask questions and network in the Showcase Hall.
I encourage Wisconsin bankers to utilize this opportunity to develop relationships and explore the ways in which their organization can benefit from new efficiencies and solutions. Registration for this inaugural event is now open at wisbank.com/FinTech.
In addition to this new event, WBA has also partnered with the Arizona and Colorado Bankers Associations and CCG Catalyst Consulting, an Associate Member, to create the Bankers FinTech Council. The Council, initiated to help develop new opportunities for financial institutions and selected FinTechs to connect with each other, launched last year.
WBA members will not only enjoy this opportunity to connect with their banking peers from a variety of banks across the state and country, but bankers will also learn of new and emerging FinTech companies looking to connect with the banking industry. The goal of the Council is to meet three or four times a year at different locations with one likely being held in Wisconsin in August.
For those interested in developing strategic partnerships with FinTech providers, or for those simply interested in learning more about the types of technology products available to the banking industry, both the WBA FinTech Showcase in April and the Bankers FinTech Council will help WBA-member banks form the connections and see for themselves how new technological efficiencies will help banks remain competitive.
February 8–10, 2023 | Kalahari Resort & Convention Center, Wisconsin Dells
By Hannah Flanders
The Wisconsin Bankers Association (WBA) is excited to announce that the annual Bank Executives Conference will reconvene at the Kalahari Convention Center in Wisconsin Dells this February 8–10. As the largest gathering of bank leaders in the state, this year’s event will focus on bringing leaders “All In” for the benefit of their bank, community members, and industry.
Executive-Level Education
Each year, WBA’s Bank Executives Conference is regarded as the state’s premier gathering of banking professionals and national experts — the 2023 event
will be no different!
In combining programming tailored to the specific needs of banking leaders in Wisconsin with various trending topics sure to impact our industry, bankers will have the opportunity to arm themselves with the resources and knowledge to remain relevant and resilient for years to come.
This year’s opening general session on February 9 will feature Virginia Heyburn, director of research, insights, and advocacy at Engage fi, LLC. As innovation and technology remain at the forefront of our industry’s efforts to engage individuals in the financial services, Heyburn will highlight the possibilities of FinTech partnerships as banks look to develop new revenue channels and reach customers in today’s world of rapidly changing competition.
After the general session, WBA will host its first FinTech Showcase. Bankers can expect to see eight FinTech products, ranging from solutions for digital banking and artificial intelligence (AI) to security, demonstrated live by various companies including Accrue, La Macchia Group, DocFox Inc., Kapitalwise, Inc., KlariVis, LemonadeLXP, Sequertek, and Zogo Finance. Following short presentations, bankers will have the opportunity to connect with these exhibitors, and more than 60 others, to learn more about their solutions and how FinTech will bring the bank into the future.
On Friday, February 10, four-time bestselling author and renowned futurist, Brett King will present the keynote session “The Big Shift: How Customer Behavior & Technology Will Change the Future of Retail Financial Service.” King, voted as American Banker’s Innovator of the Year in 2012 and a regular contributor to The Huffington Post, will highlight why customer behavior is so rapidly changing and why banks must reinvent themselves or face irrelevancy.
With over ten hours of general and breakout sessions spread across the three days — there will certainly be something of interest for every bank leader. For more details on programming and to view the full agenda, please visit wisbank.com/bec.
Networking
Attendees will also have various opportunities to connect with their banking peers, WBA Associate Members, and WBA staff throughout the conference.
In addition to kicking off the conference on Wednesday evening with a networking reception in the exhibitor Marketplace, bankers are invited to arrive early on February 8 for various “banker-only” peer group discussions. The optional peer groups, beginning at 2:30 p.m., are specifically targeted at CEOs, CFOs, credit and lending professionals, and those in operations.
Recognition
WBA looks forward to recognizing various bankers who have been “All In” for their communities and for their industry — despite the unpredictability of the last several years.
In selecting the unifying theme “All In” for this year’s conference, the Association recognizes that the unity and commitment leaders and bankers across the state have, and will continue to, demonstrate are critical to the prosperity of the industry and communities all WBA-member banks serve. In this, it is important that bankers not only reflect upon their successes of the past year but look ahead to what possibilities are in store.
The conference will feature a special luncheon on February 9 during which several bankers who have dedicated a lifetime of service to the industry will be inducted into WBA’s 50- and 60-Year Clubs. In addition, the Wisconsin Banker Foundation (WBF), the Association’s non-profit arm, will present its prestigious Financial Education Innovation Award to a WBA-member bank that, during the 2021–2022 fiscal year, demonstrated unique efforts to enhance the financial capability of consumers in their community.
That evening, WBA will recognize a bank CEO or president (or an individual who has recently retired from these positions) who has made an outstanding effort throughout their career in service to their bank, to their community, and to the banking profession as the 2022 Banker of the Year.
Registration
Banking leaders regularly prove their commitment to our industry by way of their active involvement, efforts to embrace evolution, and often tenure of service. WBA’s Bank Executive Conference builds upon these important steps by providing bankers with resources, connections, and ideas for action.
Registration for WBA’s annual conference is open now! Please visit wisbank.com/bec to learn more and register today. We look forward to seeing you Wednesday, February 8–Friday, February 10 at the Kalahari Convention Center in Wisconsin Dells!
By Rose Oswald Poels
Every fall, I travel to Washington D.C. with a small group of bankers to visit regulators. During this trip, we nearly always meet with staff from Consumer Financial Protection Bureau (CFPB).
Since CFPB’s inception, we inevitably encourage the CFPB staff during each of these annual visits to focus more on the non-bank financial organizations that operate in the traditional “banking” space. Nearly every time we have this conversation, they nod and share that they provide this type of supervision typically through a complaint-based system. This means that if enough consumers complain about a particular financial organization (not a regulated bank), they will investigate and take whatever action they deem appropriate. Certainly, this has been incredibly frustrating for bankers to hear over the years given that many non-bank actors contributed to the causes of the Great Recession back in 2008 and 2009 and CFPB’s mission is that of protecting consumers. It has been too easy for CFPB to focus on the banking industry through their rulemaking and enforcement authorities since banks are easier to find with traditional brick-and-mortar offices.
I was pleasantly surprised to learn recently, however, that the CFPB has focused some of its attention on the non-bank financial industry by assessing fines to fintech companies for actions that have ultimately harmed consumers. Specifically, CFPB recently levied a $2.7 million fine against lender Hello Digit for a range of issues including misleading marketing claims such as “no overdraft fees.” This claim of no overdraft fees was one of several promises made to consumers by Hello Digit that were, in fact, not always true. Other fintechs have made similar claims regarding no overdraft fees as well, including digital lender Chime, that have turned out to be misleading or only true in a limited set of circumstances.
At the same time, the FDIC recently issued cease and desist orders against five crypto firms for making false or misleading statements suggesting that their digital assets were FDIC-insured. According to the FDIC, each of these companies made false representations on their website and social media accounts stating or suggesting that certain crypto-related products are FDIC-insured or that stocks held in brokerage accounts are FDIC-insured. As we all know, these representations are false and misleading.
There are many fintechs that are working to do the right thing and help improve the financial industry through technological efficiencies, but some reasonable level of regulation and oversight is important for these institutions just like banks. These recent regulatory actions against non-bank financial organizations are good reminders that it is important to continue sharing our concerns with regulatory agencies related to non-bank actors and to continue to stress to our clients and the public how trustworthy banks are.
If you are interested in accompanying me on a future fall regulatory agency trip to D.C., please let me know and I will add you to the list. I try to keep the group small, limited to 12 bankers, to ensure meaningful dialogue with the regulatory agencies. Bankers who have joined me in the past have found this trip to be worthwhile given much of our frustration and burden comes from regulation. In the meantime, WBA will continue to advocate for the members on these and other issues affecting the industry.
By Rose Oswald Poels
I’m pleased to announce that the Wisconsin Bankers Association (WBA) is partnering with state bankers associations nationwide and data provider FedFis to offer access to Bankers Helping Bankers to WBA members.
Bankers Helping Bankers is a bankers only platform for collaboration and research. Through data tools and dynamic user groups, Bankers Helping Bankers provides community bankers with a knowledge base focused on bank technology and emerging Fintech companies, as well as hot topics such as cryptocurrencies, banking as a service, and direct digital banking.
In October 2021, the Independent Bankers Association of Texas (IBAT) was the first state banking association to partner with FedFis, a provider of fintech data analytics and a strategy system which tracks financial, M&A, and vendor data (including technology vendors) on every bank and credit union in the United States. Since then, the exclusive, banker-only platform has been expanding to states across the nation.
Given the rapidly changing landscape of banking technology, it is hard to keep up through in-person events alone. Bankers Helping Bankers provides an additional way for bankers to connect with one another via forums and access a wide range of fintech data.
WBA continues to offer our WBA Connect and CEOnly/CFOnly peer groups that provide in-person and online networking for Wisconsin bankers only. Through the new collaboration with Bankers Helping Bankers, we aim to bring even more value to WBA members by offering an additional opportunity that lets bankers connect with their peers across the country, with a focus on banking technology.
If you or any member of your team would like to take advantage of the Bankers Helping Bankers opportunity, please fill out the form to gain access to the platform. You will receive an email within a couple of weeks with details on how to create your account.
BNPL already making a dent in banks’ profits
By Paul Gores
When Joe Sullivan decided to buy a Peloton home exercise machine, he pulled out a credit card to pay for it. But the salesman stopped him.
“The guy says, ‘Oh no, no. You don’t need that. We can do this. You can pay 0% interest. You can pay over time,’” Sullivan recalled.
The Peloton salesman asked whether Sullivan had a cell phone. When he said yes, the salesman texted a link to his phone — an application that took about 30 seconds to complete.
“It was approved, and within three minutes the loan documents were in my email,” said Sullivan, who is chief executive officer of the consulting firm Market Insights Inc. in Seattle. “I completed this entire transaction on my mobile phone. The whole thing took less than five minutes.”
The speed and ease of that transaction — along with the promise of 0% interest over the payment period — are among reasons banks should pay heed to the rapid rise of Buy Now Pay Later firms, Sullivan said.
There’s no question they cut into banks’ credit card business, and payment systems run by BNPL firms like Affirm (the company used in Sullivan’s 2020 Peloton purchase), Klarna, and Afterpay are especially attractive to millennials and Generation Z, who have learned to do — and expect to do — much of their business on a mobile phone.
“It’s going to be a huge disrupter. It already is,” said Sullivan. “It’s going to hit the traditional providers of consumer credit more. It means less credit card business, it means lost interchange revenue, it means less interest rate and fee income.”
While BNPL firms aren’t new, their growth has been explosive in the last few years. A 2021 report by the consulting firm Accenture said the number of BNPL users in the U.S. had increased by more than 300% since 2018, reaching 45 million active users in 2021 — users who were spending more than $20.8 billion.
“This is equivalent to 2.4% of U.S. online retail and 12% of U.S. online fashion retail,” Accenture stated.
Accenture predicted BNPL transactions would reach 10% of all e-commerce nationally by 2024.
“The growth of Buy Now Pay Later is pretty astronomical,” said Michael Emancipator, vice president and regulatory counsel for the Independent Community Bankers of America.
Emancipator cited the Accenture report as evidence.
“When you see numbers like that, it does make you sit up and take notice. And there are other entities — other startups — that are also taking notice and see that as a growth area,” he said. “I think it stands to reason that it’s only going to grow more as more startups see that as a potentially lucrative opportunity.”
The expansion of BNPL firms has the attention of bank trade associations and regulators, such as the Federal Reserve Bank of Kansas City, which published a new report on the industry in December.
The Kansas City Fed report stated BNPL is “already making a dent in banks’ profits.”
“According to McKinsey’s Consumer Lending Pools data, over the past couple of years banks lost $8 billion to $10 billion in revenue per year to fintechs offering BNPL products,” the Fed reported. The Fed also reported that a survey by C+R Research found 38% of BNPL users said BNPL would eventually replace their credit cards.
The Fed noted: “BNPL products may be more appealing than credit cards. Unlike credit cards, BNPL products can be approved without a full credit check and offer consumers flexible financing options, transparent terms, predetermined repayment schedules, and lower or no interest fees.”
Millennials and Generation Z consumers tend to eschew credit cards, given their general dislike of high-interest debt, the Kansas City Fed said. For those groups, the Fed said, point-of-sale BNPL may be a more attractive option. For merchants, BNPL products offer the ability to settle sales quickly, with BNPL providers assuming the risks of chargebacks and fraud, the Fed said.
BNPL firms already have thousands of partnerships with merchants large and small, and are seeking more. For instance, Amazon said last summer it would join with Affirm to let customers break up purchases of $50 or more into monthly installments. Here in Wisconsin, Dodgeville-based clothing retailer Lands’ End has employed PayPal’s “Pay in 4” system. With Pay in 4, a customer pays a down payment at the time of purchase, followed by three payments, each two weeks apart.
Accenture said BNPL is used most often for purchases of electronics, fashion, home goods, and health and beauty goods, but the potential for growth is huge.
To deal with BNPL’s encroachment on their lending business, some banks have engaged with BNPL fintechs in partnerships of their own, while others are trying to offer similar products to their customers.
Sullivan said no matter a bank’s business model, all banks should be addressing the rise of BNPL.
“They have to know that this is out there and not say, ‘Well, this doesn’t apply to us because we don’t offer credit cards anyway,’” he said. “That’s not the point. What they have to pay attention to is what is it that consumers are really needing, and this ease-of-use idea is really, really critical.”
While large banks with greater resources might find it easier to cope with increasing competition from BNPL firms, community banks also need to be looking into what they can do, Sullivan said.
“It’s definitely more difficult. It’s personnel and technical management. They need different people with different skill sets, they need different technologies, and that’s where community banks are behind,” he said.
Banks will need to have technology through which they can offer merchants the BNPL option, he said. It could come via firms like Amount, which has white label BNPL products that a bank could obtain.
“That’s the key here. There’s white label products for this kind of thing out there that would allow a smaller institution to get into the space,” Sullivan said. “They obviously can’t get into the Amazons and Best Buys and the Targets, but they could collaborate with a good partner to offer these BNPL services.”
Among merchants that could use a community bank’s BNPL service: doctors, dentists, and auto repair shops. Unless the customer were paying with a debit card, larger expenses like those typically would go on a credit card. But a no-interest BNPL transaction might be more appealing, and help customers budget for their larger costs.
Emancipator said his organization is concerned that BNPL is another fintech offering bank-like products without having to comply with regulations and consumer protections banks must follow.
Consumer data privacy is one possible issue, he said. Some research suggests BNPL firms are “offering these products at a loss to pretty much gobble up the consumer data,” he said.
“And then they use that for cross marketing purposes, or just simply selling that to other merchants to get a better sense of the consumers from that perspective,” Emancipator said. “Banks don’t do that.”
Last November, the U.S. House Committee on Financial Services held a hearing titled, “Buy Now, Pay More Later? Investigating Risks and Benefits of BNPL and Other Emerging Fintech Cash Flow Products.” In that hearing, Penny Lee, CEO of the Financial Technology Association, stated that BNPL is a new generation of fintech innovators that offer consumers new payment options that can reduce debt and alleviate budget stress.
“Americans on average pay approximately $1,000 per year in interest on revolving credit card debt, and credit card interest rates are amongst the highest as compared to other major consumer finance product categories,” Lee said.
In her written testimony, Lee said a survey found that BNPL users are predominantly female and younger, with millennials and Gen Z customers making up the vast majority of users. She said
the user base also includes lower-income consumers, which may reflect a lack of access to traditional forms of credit or bank services.
“BNPL products are structured to have payment terms that require consumers to pay for a purchase in a matter of weeks or a few months,” Lee said. “This contrasts with revolving credit and high interest products that may take years to pay down, blur the cost impact of a purchase, and oftentimes keep consumers in a vicious cycle of debt due to continuous interest charges or rollovers.”
Lee also asserted that the BNPL industry already is subject to “robust regulation.”
“All BNPL products are subject to key consumer protection laws and regulations, including around anti-money laundering, fair lending, credit reporting, debt collection, privacy, fair treatment of customers, and electronic fund transfers,” Lee stated. “They also are subject to similar state consumer protection laws.”
But Emancipator said BNPL firms should have to follow rules similar to the
rules banks face.
“Right now our position is more so to cast a light on these fintech players that are just growing all the time — casting a light that they need to have the same set of rules, abide by the same set of rules, that community banks do,” Emancipator said. “That’s the best way to have fair competition, but it’s also, at the end of the day, the best way that consumers are being protected.”
Sullivan said there are about 170 BNPL firms right now, and some consolidation is probable, with the strongest ones surviving.
“Banks will likely partner with fintech firms to enter the space,” Sullivan said. “And Buy Now Pay Later fintechs are going to rush to partner with banks to comply with new regulations that are undoubtedly probably going to come.”
He said BNPL is “here to stay.”
“Ultimately, regardless of regulation and consolidation, consumer demand for this kind of credit flexibility will fuel growth for years to come,” Sullivan said.
Paul Gores is a journalist who covered business news for the Milwaukee Journal Sentinel for 20 years.
By Rose Oswald Poels
Last week for the first time in two years, I was back in Washington D.C. with a small group of nine bankers from Wisconsin for meetings with banking regulators and a few members of Congress. Joining WBA was a delegation of six bankers and two staff from the Illinois Bankers Association. While our meetings with regulators were still virtual, all meetings were productive affording the smaller group of bankers ample time to ask questions and hear directly from senior officials about a wide variety of issues.
We began the first day in the afternoon with briefings from the FDIC and OCC. FDIC Board Director Martin Gruenberg led the conversation highlighting the fact that while the FDIC anticipated stress in the banking system heading into the pandemic that did not materialize and notably, there have not been any bank failures in 2021. Areas of focus for the FDIC remain on commercial real estate, tailoring climate change risk concerns based on the impact to different markets and/or the size of the institution, and on the impact of non-bank companies to the financial system. OCC Acting Director Michael Hsu led the discussion with bankers emphasizing his support for community banks, his understanding of the need to tailor regulation to the size and complexity of each institution, and robust discussions around both FinTechs and climate change.
The next day featured conversations with FinCEN and CFPB. Naturally, the discussion with FinCEN was largely around the status of their development of a beneficial ownership registry which remains in process. Until one is finally launched, banks will still have to follow the current beneficial ownership rules. A representative from FinCEN’s Financial Intelligence Division indicated that they have seen an increase in all types of crime notably COVID-19 fraud, work at home scams, cyberthreats of all types (e.g. ransomware and account takeovers), and illicit use of cryptocurrency. The primary focus of our conversation and questions with the CFPB was around the upcoming Section 1071, small business data collection proposal. The bankers took turns stressing the hardships of the current proposal and asking for an extension of the comment period deadline so that the industry had adequate time to respond to the many issues raised in the over 900-page document. CFPB staff indicated that they have been in meetings with the core providers on this proposal already to help prep them ahead of time so that data collection would be easier once the proposal is finalized.
These meetings are impactful largely due to the proactive engagement of the bankers in the room. I encourage you to take advantage of these opportunities as they arise and be involved because each regulator we met with unequivocally stated they want to hear directly from bankers about the impact proposals have on their operations. While WBA certainly represents the industry’s concerns, bankers truly make the best advocates in sharing specific examples about the impact on the operations of individual banks.
By WBA Legal
In late August, the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) issued a new resource titled, Conducting Due Diligence on Financial Technology Companies, A Guide for Community Banks (Guide), which was intended to help community banks in conducting due diligence when considering relationships with fintech companies.
Use of the Guide is voluntary, and it does not anticipate all types of third-party relationships and risks. Therefore, a community bank can tailor how it uses relevant information in the Guide, based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity (herein, activities) offered by the fintech company.
While the Guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships. Due diligence is an important component of an effective third-party risk management process, as highlighted in the federal banking agencies’ respective guidance; which, for FRB-regulated banks is SR Letter 13-19, for FDIC-regulated banks is FIL-44-2008, and for OCC banks is Bulletin-2013-29.
During due diligence, a community bank collects and analyzes information to determine whether third-party relationships would support its strategic and financial goals and whether the relationship can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements. The scope and depth of due diligence performed by a community bank will depend on the risk to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence efforts with other resources as appropriate, such as use of industry utilities or consortiums that focus on third-party oversight.
The Guide focuses on six key due diligence topics, including relevant considerations and a list of potential sources of information. The following is a summary of the key due diligence topics within the Guide.
Business Experience and Qualifications
The agencies have identified that by evaluating a fintech company’s business experience, strategic goals, and overall qualifications, a community bank can better consider a fintech company’s experience in conducting the activity and its ability to meet the bank’s needs. Review of operational history will provide insight into a fintech company’s ability to meet a community bank’s needs, including, for example, the ability to adequately provide the activities being considered in a manner that enables a community bank to comply with regulatory requirements and meet customer needs.
Review of client references and complaints about a fintech company may provide useful information when considering, among other things, whether a fintech company has adequate experience and expertise to meet a community bank’s needs and resolve issues, including experience with other community banking clients. Review of legal or regulatory actions against a fintech company can be indicators of the company’s track record in providing activities.
When a community bank is considering a third-party relationship, discussing a fintech company’s strategic plans can provide insight on key decisions it is considering, such as plans to launch new products or pursue new arrangements (such as acquisitions, joint ventures, or joint marketing initiatives). A community bank may subsequently consider whether the fintech company’s strategies or any planned initiatives would affect the prospective activity. Further, inquiring about a fintech company’s strategies and management style may help a community bank assess whether a fintech company’s culture, values, and business style fit those of the community bank.
The agencies further instruct that understanding the background and expertise of a fintech company’s directors and executive leadership may provide a community bank useful information on the fintech company’s board and management knowledge and experience related to the activity sought by the community bank. A community bank may also consider whether the company has sufficient management and staff with appropriate expertise to handle the prospective activity.
For example, imagine that a fintech company, its directors, or its management have varying levels of expertise conducting activities similar to what a community bank is seeking. A fintech company’s historical experience also may not include engaging in relationships with community banks. As part of due diligence, a community bank may therefore consider how a fintech company’s particular experiences could affect the success of the proposed activity and overall relationship. Understanding a fintech company’s qualifications and strategic direction will help a community bank assess the fintech company’s ability to meet the community bank’s expectations and support a community bank’s objectives. When evaluating the potential relationship, a community bank may consider a fintech company’s willingness and ability to align the proposed activity with the community bank’s needs, its plans to adapt activities for the community bank’s regulatory environment, and whether there is a need to address any integration challenges with community bank systems and operations.
Financial Condition
Another step the agencies identified is for a bank to evaluate a fintech company’s financial condition to help the bank assess the company’s ability to remain in business and fulfill any obligations created by the relationship. Review of financial reports provide useful information when evaluating a fintech company’s capacity to provide the activity under consideration, remain a going concern, and fulfill any of its obligations, including its obligations to the community bank. Understanding funding sources provide useful information in assessing a fintech company’s financial condition. A fintech company may be able to fund operations and growth through cash flow and profitability or it may rely on other sources, such as loans, capital injections, venture capital, or planned public offerings.
Additionally, information about a fintech company’s competitive environment may provide additional insight on the company’s viability. Review of information on a fintech company’s client base can shed insight into any reliance a fintech company may have on a few significant clients. A few critical clients may provide key sources of operating cash flow and support growth but may also demand much of a fintech company’s resources. Loss of a critical client may negatively affect revenue and hinder a fintech company’s ability to fulfill its obligations with a community bank. A community bank may also consider a fintech company’s susceptibility to external risks, such as geopolitical events that may affect the company’s financial condition.
For example, some fintech companies, such as those in an early or expansion stage, have yet to achieve profitability or may not possess financial stability comparable to more established companies. Some newer fintech companies may also be unable to provide several years of financial reporting, which may impact a community bank’s ability to apply its traditional financial analysis processes. When audited financial statements are not available, a community bank may want to seek other financial information to gain confidence that a fintech company can continue to operate, provide the activity satisfactorily, and fulfill its obligations. For example, a community bank may consider a fintech company’s access to funds, its funding sources, earnings, net cash flow, expected growth, projected borrowing capacity, and other factors that may affect a fintech company’s overall financial performance.
Legal and Regulatory Compliance
The Guide further outlines how in evaluating a fintech company’s legal standing, its knowledge about legal and regulatory requirements applicable to the proposed activity, and its experience working within the legal and regulatory framework, better enables a community bank to verify a fintech company’s ability to comply with applicable laws and regulations.
A bank may want to consider reviewing organizational documents and business licenses, charters, and registrations as such documentation provides information on where a fintech company is domiciled and authorized to operate (for example, domestically or internationally) and legally permissible activities under governing laws and regulations. Reviewing the nature of the proposed relationship, including roles and responsibilities of each party involved, may also help a community bank identify legal considerations. Assessing any outstanding legal or regulatory issues may provide insight into a fintech company’s management, its operating environment, and its ability to provide certain activities.
A bank could also consider reviewing a fintech company’s risk and compliance processes to help assess the fintech company’s ability to support the community bank’s legal and regulatory requirements, including privacy, consumer protection, fair lending, anti-money-laundering, and other matters. A fintech company’s experience working with other community banks may provide insight into the fintech company’s familiarity with the community bank’s regulatory environment. Reviewing information surrounding any consumer-facing applications, delivery channels, disclosures, and marketing materials for community bank customers can assist a community bank to anticipate and address potential consumer compliance issues. Considering industry ratings (for example, Better Business Bureau) and the nature of any complaints against a fintech company may provide insight into potential customer service and compliance issues or other consumer protection matters.
For example, some fintech companies may have limited experience working within the legal and regulatory framework in which a community bank operates. To protect its interests, community banks may consider including contract terms requiring (a) compliance with relevant legal and regulatory requirements, including federal consumer protection laws and regulations, as applicable; (b) authorization for a community bank and the bank’s primary supervisory agency to access a fintech company’s records; or (c) authorization for a community bank to monitor and periodically review or audit a fintech company for compliance with the agreed-upon terms. Other approaches could include (1) instituting approval mechanisms (for example, community bank signs off on any changes to marketing materials related to the activity), or (2) periodically reviewing customer complaints, if available, related to the activity.
Risk Management and Controls
The agencies have also identified that by banks evaluating the effectiveness of a fintech company’s risk management policies, processes, and controls, such review helps a community bank to assess the company’s ability to conduct the activity in a safe and sound manner, consistent with the community bank’s risk appetite and in compliance with relevant legal and regulatory requirements.
Banks should consider reviewing a fintech company’s policies and procedures governing the applicable activity as it will provide insight into how the fintech company outlines risk management responsibilities and reporting processes, and how the fintech company’s employees are responsible for complying with policies and procedures. A community bank may also use the information to assess whether a fintech company’s processes are in line with its own risk appetite, policies, and procedures. Information about the nature, scope, and frequency of control reviews, especially those related to the prospective activity, provides a community bank with insight into the quality of the fintech company’s risk management and control environment. A community bank may also want to consider the relative independence and qualifications of those involved in testing. A fintech company may employ an audit function (either in-house or outsourced). In these cases, evaluating the scope and results of relevant audit work may help a community bank determine how a fintech company ensures that its risk management and internal control processes are effective.
Banks should also consider the findings, conclusions, and any related action plans from recent control reviews and audits as the information may provide insight into the effectiveness of a fintech company’s program and the appropriateness and timeliness of any related action plans. Evaluating a fintech company’s reporting helps a community bank to consider how the fintech company monitors key risk, performance, and control indicators; how those indicators relate to the community bank’s desired service-level agreements; and how the fintech company’s reporting processes identify and escalate risk issues and control testing results. A community bank may also consider how it would incorporate such reporting into the bank’s own issue management processes. Review of information on a fintech company’s staffing and expertise, including for risk and compliance, provide a means to assess the overall adequacy of the fintech company’s risk and control processes for the proposed activity.
Information on a fintech company’s training program also assists in considering how the fintech company ensures that its staff remains knowledgeable about regulatory requirements, risks, technology, and other factors that may affect the quality of the activities provided to a community bank.
For example, a fintech company’s audit, risk, and compliance functions will vary with the maturity of the company and the nature and complexity of activities offered. As a result, a fintech company may not have supporting information that responds in full to a community bank’s typical due diligence questionnaires. In other cases, a fintech company may be hesitant to provide certain information that is considered proprietary or a trade secret (for example, their development methodology or model components). In these situations, a community bank may take other steps to identify and manage risks in the third-party relationship and gain confidence that the fintech company can provide the activity satisfactorily.
For example, a community bank may consider on-site visits to help evaluate a fintech company’s operations and control environment, or a community bank’s auditors (or another independent party) may evaluate a fintech company’s operations as part of due diligence. Other approaches could include (a) accepting due diligence limitations, with any necessary approvals and/or exception reporting, compared to the community bank’s normal processes, commensurate with the criticality of the arrangement and in line with the bank’s risk appetite and applicable third-party risk management procedures; (b) incorporating contract provisions that establish the right to audit, conduct on-site visits, monitor performance, and require remediation when issues are identified; (c) establishing a community bank’s right to terminate a third-party relationship, based on a fintech company’s failure to meet specified technical and operational requirements or performance standards. Contract provisions may also provide for a smooth transition to another party (for example, ownership of records and data by the community bank and reasonable termination fees); or (d) outlining risk and performance expectations and related metrics within the contract to address a community bank’s requirements
Information Security
In understanding a fintech company’s operations infrastructure and the security measures for managing operational risk, a community bank may better evaluate whether the measures are appropriate for the prospective activity. A community bank may evaluate whether the proposed activity can be performed using existing systems, or if additional IT investment would be needed at the community bank or at the fintech company to successfully perform the activity. For example, a community bank may evaluate whether the fintech company’s systems can support the bank’s business, customers, and transaction volumes (current and projected). A fintech company’s procedures for deploying new hardware or software, and its policy toward patching and using unsupported (end-of-life) hardware or software, will provide a community bank with information on the prospective third party’s potential security and business impacts to the community bank.
For example, fintech companies’ information security processes may vary, particularly for fintech companies in an early or expansion stage. Community banks may evaluate whether a fintech company’s information security processes are appropriate and commensurate with the risk of the proposed activity. Depending on the activity provided, community banks may also seek to understand a fintech company’s oversight of its subcontractors, including data and information security risks and controls.
For a fintech company that provides transaction processing or that accesses customer data, for example, community banks may request information about how the fintech company restricts access to its systems and data, identifies and corrects vulnerabilities, and updates and replaces hardware or software. The bank may also consider risks and related controls pertaining to its customers’ data, in the event of the fintech company’s security failure. Also, contractual terms that authorize a community bank to access fintech company records can better enable the bank to validate compliance with the laws and regulations related to information security and customer privacy.
Operational Resilience
A community bank may evaluate a fintech company’s ability to continue operations through a disruption. Depending on the activity, a community bank may look to the fintech company’s processes to identify, respond to, and protect itself and customers from threats and potential failures, as well as recover and learn from disruptive events. It is important that third-party continuity and resilience planning be commensurate with the nature and criticality of activities performed for the bank.
Evaluating a fintech company’s business continuity plan, incident response plan, disaster recovery plan and related testing can help a community bank determine the fintech company’s ability to continue operations in the event of a disruption. Also, evaluating a fintech company’s recovery objectives, such as any established recovery time objectives and recovery point objectives, helps to ascertain whether the company’s tolerances for downtime and data loss align with a community bank’s expectations. A community bank that contemplates how a fintech company considers changing operational resilience processes to account for changing conditions, threats, or incidents, as well as how the company handles threat detection (both in-house and outsourced) may provide a community bank with additional information on incident preparation. Discussions with a fintech company, as well as online research, could provide insights into how the company responded to any actual cyber events or operational outages and any impact they had on other clients or customers.
Understanding where a fintech company’s data centers are or will reside, domestically or internationally, helps a community bank to consider which laws or regulations would apply to the community bank’s business and customer data. Another matter for a community bank to consider is whether a fintech company has appropriate insurance policies (for example, hazard insurance or cyber insurance) and whether the fintech company has the financial ability to make the community bank whole in the event of loss.
Service level agreements between a community bank and a fintech company set forth the rights and responsibilities of each party with regard to expected activities and functions. A community bank may consider the reasonableness of the proposed service level agreement and incorporate performance standards to ensure key obligations are met, including activity uptime. A community bank may also consider whether to define default triggers and recourse in the event that a fintech company fails to meet performance standards.
A fintech company’s monitoring of its subcontractors (if used) may offer insight into the company’s own operational resilience. For example, a community bank may inquire as to whether the fintech company depends on a small number of subcontractors for operations, what activities they provide, and how the fintech company will address a subcontractors’ inability to perform. A community bank may assess a fintech company’s processes for conducting background checks on subcontractors, particularly if subcontractors have access to critical systems related to the proposed activity.
For example, as with previous due diligence scenarios, fintech companies may exhibit a range of resiliency and continuity processes, depending on the activities offered. Community banks may evaluate whether a fintech company’s planning and related processes are commensurate with the nature and criticality of activities performed for the bank. For example, community banks may evaluate a fintech company’s ability to meet the community bank’s recovery expectations and identify any subcontractors the fintech company relies upon for recovery operations. A fintech company may have recovery time objectives for the proposed activity that exceed the desired recovery time objectives of a community bank. If a fintech company can meet the community bank’s desired recovery time objectives, the bank may consider including related contractual terms, such as a contract stipulation that the community bank can participate in business continuity testing exercises and that provides appropriate recourse if the recovery time objective is missed in the event of an actual service disruption.
A community bank may also consider appropriate contingency plans, such as the availability of substitutable service providers, in case the fintech company experiences a business interruption, fails, or declares bankruptcy and is unable to perform the agreed-upon activities. In addition to potential contractual clauses and requirements, a community bank’s management may also consider how it would wind down or transfer the activity in the event the fintech company fails to recover in a timely manner.
Conclusion
The agencies have outlined a number of relevant considerations, non-exhaustive lists of potential sources of information, and illustrative examples to assist community banks with identifying strengths and potential risks when considering relationships with fintech companies. The voluntary Guide helps provide a starting point for banks with their due diligence efforts. The Guide may be viewed here.
Highlighted Special Focus From the October 2021 Compliance Journal
To date, while some federal agencies have made public statements, Congress has not exercised its constitutional power under the commerce clause to regulate cryptocurrencies and blockchain technology to the exclusion of the states. This means that the states remain free to enforce their own legislation. Sixteen states have enacted legislation related to virtual currency or cryptocurrencies and nine states have enacted or adopted laws that reference blockchain technology.
To help assist lawmakers (and the general public), the State of Wisconsin Legislative Reference Bureau (LRB) created a summary that highlights the responses of major economic players as well as innovative practices on cryptocurrency and blockchain technologies. The report is designed to help gain a broad perspective of the current global regulatory market and the breadth of proposals for further policy and legislative guidance. Cryptocurrency, a subset of digital currency, is held up by some as the "currency of the future," and the technology that allows its existence could revolutionize business and government.
As cryptocurrency becomes more mainstream, governments around the world have taken the first steps toward regulation; however, advances in technology frequently outpace legislation. The LRB report describes the principal characteristics of cryptocurrencies and the underlying technology that enables its existence-decentralized, distributed ledgers based on blockchains. The report then details recent developments in regulations in the United States by various federal regulatory and enforcement agencies and the most relevant case law. Finally, the report explores developments at the state level and summarizes the global regulatory landscape of international responses to the regulation of cryptocurrency.
How Blockchains Work: A Sample Case Study
- Charlotte and Susie download digital wallets, providing the encryption keys necessary for the transaction.
- Charlotte creates a message requesting a $15 transaction to repay Susie for dinner. The message is encrypted using Susie's public key, ensuring that only Susie can decrypt the message using her private key. The message also includes Charlotte's private key to validate her status as the initiating entity.
- The message is broadcast to a peer-to-peer (P2P) network consisting of private computers, or nodes.
- The network validates the transaction and Charlotte's user status, then records and time-stamps it to verify that the cryptocurrency has changed possession.
- The transaction is combined with other transactions to create a new block of data for the ledger.
- The new block of data is added to the existing blockchain in a way that is permanent and unalterable.
If you'd like to read the full LRB report please visit www.banconomics.com.
By, Amber Seitz