Innovative banks of all sizes are partnering with fast-growing FinTechs to increase revenue in today’s competitive, low-margin business environment. A recent Cornerstone Advisors survey revealed, “Nearly two-thirds of banks and credit unions entered into at least one fintech partnership over the past three years, and 35% made an investment in a fintech. Those that have not partnered or invested, 37% plan to partner in 2022 and 18% expect to invest in a fintech in 2022.”

Bank-Fintech Partnerships Enable Growth Opportunities

Especially for community and regional banks, Banking-as-a-Service (BaaS) provides novel opportunities to level the playing field and expand market share beyond traditional boundaries. Consider the flourishing consumer loan fintech market, which originates 38% of U.S. unsecured personal loans now versus 5% in 2013, according to Bloomberg Businessweek.

Banks and FinTechs can enjoy successful partnerships when their strengths combine to create remarkable customer experiences. Whereas consumer lending and depository FinTechs excel at marketing, technology, and user experience, banks provide deep financial expertise, the regulatory approval to loan money, domain knowledge, and the ability to ensure compliance with regulatory requirements are met.

Impact of Bank-Fintech Partnerships on Compliance

I recently spoke with Matthew Gallman, VP Strategic Innovation Officer at Drummond Community Bank. He told me, “Many FinTechs are looking to partner with community financial institutions versus pursuing their own bank charters. In many instances, it is a much better strategy to have FinTechs do what they do best, and banks do what they do best and grow together.”

At 360factors, many of our bank customers have already forged successful FinTech partnerships while others navigate new opportunities in real-time. In this new era, strategic-thinking risk and compliance leaders are transforming the legacy perception of the compliance function from a cost center to a strategic facilitator of revenue growth.

Compliance trends are emerging, especially in consumer lending products, where regulations and compliance vary by state, bringing even more compliance complexity to FinTechs and their banking partners. Expertise and deep domain knowledge in ensuring compliance with the numerous regulatory requirements are necessary for successful bank-FinTech partnerships.

At the same time, FinTech regulations are quickly evolving. Chartered banks entering FinTech partnerships are responsible for managing regulatory compliance. This brings new opportunities for compliance by lending its extensive expertise to fill critical regulatory compliance gaps that FinTechs are not staffed to manage. A bank’s compliance team is well positioned to lead partnership success in four primary areas:

  • FinTech Marketing Compliance
  • Regulatory Change Management
  • Effective, Timely Complaint Handling and Management
  • Managing, Monitoring, and Mitigating Regulatory and Financial Risks

FinTech Marketing Compliance

When FinTechs partner with banks, their marketing practices need to align with the bank’s regulatory obligations. A bank’s compliance team is well positioned to add value to the partnership with its regulatory expertise, experience working with regulators and examiners, and marketing review processes. Because banks bear the ultimate responsibility for compliance, FinTech ad reviews by the bank’s compliance team should be required with approval controls in place to mitigate any third-party or regulatory compliance risk. Additionally, the review and approval workflow should be documented and transparent to the bank, FinTech, and regulators. For example, consider Regulation Z and ECOA: Does the FinTech partner’s advertisement contain the required disclaimers and interest rates where applicable? Does it meet the standards of Regulation?

When a bank is reviewing and approving marketing requests of its FinTech partners, the compliance team must balance review thoroughness with timeliness. To scale, standardized workflows and checklists should be in place and process automated where possible to manage the intake, notification, and reporting steps of the review process – freeing up the compliance teams to analyze the FinTech partner’s marketing assets and provide guidance and approval.

Regulatory Change Management

The bank’s regulatory responsibilities increased when Drummond Community Bank partnered with Upstart, a personal and automotive loan FinTech. “FinTech offers the ability to expand the bank’s presence and geographic footprint beyond existing legacy markets, reaching customers in new areas and outside states,” Gallman said. “With that comes a lot of risk from state-specific requirements. It’s important to evaluate changes in the regulatory landscape across all the states as your responsibility grows along with that scale.”

With 2022 shaping up to be an active year for federal regulatory initiatives, including for banking, FinTech, and cryptocurrency, a bank’s compliance team is vital to identifying regulatory changes, assessing applicability to processes, risks, controls, and documents, implementing project plans, and reporting implementation progress. The good news is that a bank’s compliance team already has a framework and internal or external subject matter expertise for managing the regulatory change process, along with deep insights into regulatory requirements. In contrast, FinTech are far less experienced in proactively identifying and addressing regulatory changes.

The bank’s compliance team should lead the charge to avoid regulatory change pitfalls while becoming a trusted leader in the bank-FinTech partnership. With the right regulatory change people and processes in place, technology and automation can help close efficiency gaps and enable the bank to assess and manage new regulations.

Effective, Timely Complaint Handling and Management

Effective complaints management is the third area where a bank’s compliance experience excels in bank-FinTech partnerships. Banks with a robust complaints management framework can not only ensure that they are meeting regulatory obligations but also address root causes to identify larger risks and initiate initiative-taking changes. FinTechs often lack mature complaints management programs and timely reporting processes. The CFPB recently reported that complaints in the “money transfer, virtual currency or money services” category increased 184% year over year in the first quarter of 2021.

Because the bank’s compliance team is accustomed to managing complaints to meet regulatory and customer service standards, it should lead the charge in ensuring that its FinTech partners are meeting the same obligations accordingly. To manage scale, compliance requires a consistent approach to handling, tracking, and managing issues across the organization and its external partners. Ideally, complaints can be mapped to associated risks, controls, regulatory requirements, or policy and procedure documentation. This enables compliance to identify patterns and processes where issues may be lurking before they create larger problems.

Managing, Monitoring, and Mitigating Regulatory and Financial Risks

When a bank succeeds at managing its internal and partner compliance risks and controls, it can harness risk and compliance metrics to scale more effectively while avoiding unnecessary business and regulatory risks. And when risk and compliance data is shared across the organization, teams can develop insights to analyze future opportunities to gain experience, their revenue and optimize their profits while minimizing risks.

As Gallman described, “The biggest challenge with implementing an ERM program is lack of buy-in from various departments. When people are not coordinated, we are not using the same risk assessments and not looking at the same information.”

“Square one is getting everyone to look at the same information and use the same scoring mechanism. To understand the level of risk in any given area, we have one risk register within our bank that everything ties into. Part of our success is having compliance, risk, and business professionals using the same system, looking at things from the same risk lens.”

In addition to managing the bank’s existing risk, a unified approach enables Drummond Community Bank to assess and identify the future bank and FinTech opportunities using this risk and compliance data.

“It gives you the framework to add clarity where there’s uncertainty and avoid ‘phantom’ risks when the organization is hesitant to go into a new project because the risk has not been measured and is unknown.”

“Any time you can help manage and measure uncertainty, you’re able to take more action, and it provides a way to find opportunities where there is maximum upside potential and less downside potential. It also helps filter out projects where there is not that upside potential, but significantly more downside potential gives you a lens to view future projects holistically and focus on the right growth opportunities,” Gallman said.

Streamlining Internal and Partner Compliance with Technology

Bank-FinTech partnerships that include a foundation of compliance skill and risk management insight can help achieve successful business outcomes for both parties and is a unique value-add that banks can bring to partnerships with FinTech. From partner evaluation through project execution, compliance has an opportunity to shape how internal and external risks and controls are evaluated, executed, and managed between the bank and FinTech.

To be able to scale risk and compliance to take on the additional responsibilities associated with bank-FinTech partnerships, modern technologies such as artificial intelligence, robotic process automation, machine learning, and workflow automation can streamline many of the routine compliance tasks while providing a unified business view via business intelligence analytics – freeing up compliance to do what they do best and minimizing risks to both parties while optimizing profits. One example is managing regulatory changes. Compliance evaluates multiple sources (from email-based notifications to RSS feeds to third-party applications) and then determines applicability. If action is required, kick off a series of tasks to ensure the process, documentation, and training are up to date. This is often a laborious process involving email threads, spreadsheets, and document versioning. With workflow automation enhanced by artificial intelligence, technology can consolidate all sources into a single feed, automatically determine if the regulatory alert applies to the bank and include an audit history of when the assessment was performed, by whom and whether the change applies to the organization.

Artificial intelligence can summarize what actions need to be taken based on the wording in the regulatory text and determine what artifacts within the bank and their FinTech partners may be impacted by those changes, such as policies and procedures, training, risks, controls, assessment checklists, monitoring and testing activities, audits, and other compliance activities related to the regulation such as marketing advertisements. Risk assessments can be updated in real-time to quantify and report on the status of the regulatory risk.


For banks analyzing FinTech opportunities that will expand the bank’s geographical footprint and responsibilities, compliance can analyze potential regulatory impacts and risks to the bank while providing real-time insights as opportunities are evaluated and projects initiated. Compliance is no longer just a cost center. Instead, it is an integral part of the bank’s value-add to the partnership and key to growing the bank’s revenue while optimizing its profitability.

In the fast-moving banking-as-a-service environment, where community and mid-size banks have more opportunities to compete and grow revenue by partnering with FinTechs, compliance must lead with its unique regulatory analysis and expertise. This is an exciting time in banking and an opportunity for innovative risk and compliance professionals to transform the legacy perception of compliance as a “no” team to a “yes, and here’s how” team.