7 Red Flags that Scare Financial Institution Partners Away from Fintechs
The only thing worse than getting in trouble for making a mistake is getting in trouble when somebody else makes a mistake. That’s the situation financial institutions face when a fintech acting on its behalf doesn’t comply with laws and regulations.
Banks, credit unions, and mortgage companies are terrified of compliance risk—and go out of their way to ensure the fintechs they partner with take compliance as seriously as they do.
Fintechs that want to partner with financial institutions need to survive the due diligence process. Want to up your odds of making the cut? Avoid these 7 red flags that suggest your fintech is an elevated compliance risk.
1. Not following applicable laws, regulations, ethical standards, or internal policies and procedures. When it comes to compliance, there is no such thing as an unimportant rule. If a financial institution learns that your company isn’t following every compliance rule or policy, that’s a sign there may be a bigger problem.
2. Evidence of unfair, deceptive, or abusive products or services. This is a compliance violation, so technically it falls under bullet point #2. But this is one area that deserves a line item of its own. UDAAP violations are one of the most common—and costliest—sources of enforcement actions. The regulatory agencies are on the lookout for UDAAP violations (and so are the financial institutions they regulate.) That means you need to be too.
3. Non-compliance with BSA and OFAC. Just like UDAAP, Bank Secrecy Act (BSA) and anti-money launder regulations are a common source of enforcement actions. If there’s a possibility that your fintech isn’t following BSA/AML rules to the letter of the law, there’s increased risk. Transactions must be monitored for compliance risk.
4. You aren’t reviewing third-party vendors (i.e. subcontractors) and their products, services, and systems for compliance. When it comes to vendor compliance, ignorance isn’t bliss. Regulators will hold your financial institution partners accountable for your actions—and your vendors’ actions.
Fourth-party risk is a real concern for financial institutions. Not only do they have to trust that you are doing the right thing, but they also have to trust that you have a strong enough vendor management program to ensure your vendors are also doing the right thing.
If your company doesn’t have the resources to dedicate to vendor management, especially of critical vendors, doing business with you is a compliance risk.
5. Conducting business in foreign countries. Compliance risk is increased when conducting business activities in a foreign country or customer and employee data is transmitted to foreign countries. Foreign countries may have different economic, social, and political conditions that could result in non-performance or data loss. This increased risk (known as country risk) can be mitigated if your company can demonstrate substantial due diligence and oversight, including monitoring the government policies and legal and social conditions in foreign locations.
6. Conflicts of interest aren’t appropriately managed. Financial institutions need to be sure fintech partners are giving them objective advice and performing to the best of their abilities. They want partners that look out for their interests, and not just the partner’s own.
Financial institutions watch for signs that their best interests may not be a high priority. Is the contract written in a way that financially penalizes the financial institution for leaving but creates no accountability for your non-performance? Will their proprietary information be held in confidence? Is your CEO married to the CEO of the financial institution’s biggest competitor? Does your board have a financial interest in a competitor? Does your company prioritize larger clients or industries over others? Financial institutions want to see that you have and adhere to an ethics program.
7. Insufficient data security controls. Financial institutions don’t want to work with fintech partners with weaknesses in their data security controls. You need to be able to demonstrate your IT security controls are effective and regularly monitored and updated. Sensitive data must be protected.
Developing a culture of compliance helps fintechs create safe, sustainable partnerships with financial institution.