Fintech has emerged as one of the most exciting developments in the financial sector because it enables new services and products while increasing operational efficiency. The response to Fintech has been so positive in the banking and finance sector that regulatory agencies have made it one of their top priorities. While the rules and regulations that need to be created for Fintech usage in the banking and finance sector are still being formulated, there are some official documents that shine a light on the perspective of the regulatory agencies.

Complimentary White Paper - Top 10 Risk Management Trends for 2022

The OCC has been getting so many questions from banks and other institutions on using Fintech without running afoul of compliance and regulatory risk reporting requirements that they published a FAQ (frequently asked questions) document back in 2013. This document has been edited over the years and is one of the best documents available to understand the regulatory perspective. Everyone in the financial sector should read the entire bulletin available on the OCC website. Following are some of the most interesting questions and answers from the publication summarized.

Change in the Way Third-Party Relationships are Perceived

One of the first things addressed in the FAQ is about what a ”business arrangement” means. This may seem like a peculiar thing to prioritize, but it is critical because Fintech changes the meaning of third-party. Third-party is used mainly by businesses for vendors that may provide a service or product used in the supply chain or within the organization itself. Fintech third parties are not just vendors; they do not just offer a single product or service for the supply chain. They often integrate directly within the banking network and provide additional services for customers or the bank itself.

The bulletin provides many examples of ”business arrangements” that encompass much more than pure vendor-business relationships. It includes guidance on banking models that integrate Fintech applications provided by other vendors and may prove to be an essential foundational concept for discussions on the role of Fintech in the banking sector.

Cloud Services

There has been an increase in the adoption and popularity of solutions and storage being provided over the cloud because of the lower costs and better accessibility offered by cloud solutions. The OCC clarifies the risk and compliance requirements when a bank or financial institution uses cloud solutions. According to the OCC, risk management is fundamentally the same for cloud computing services as it is for other third-party relationships. Due diligence and management should be proportionate to the risk associated with storing and running data and activities on the cloud. Bank management should bear in mind that certain technical controls may operate differently in cloud computing settings than in traditional on-premises network setups.

There has been an increase in the adoption and popularity of solutions and storage being provided over the cloud because of the lower costs and better accessibility offered by cloud solutions. Click To Tweet

Limitations in Due Diligence

Banks may sometimes not be able to perform their routine due diligence activities with some Fintech vendors. If a bank gets services from Google, Amazon, or other similar solution providers, then it cannot expect to be able to perform site audits, inspect the infrastructure, or ask for technical information that may be confidential. The OCC suggests that in such a situation, the bank is responsible for getting as much due diligence information as possible from as many sources as it can. The bank should also look at the overall risk exposure from partnering with such a solution provider and account for the heightened risk exposure through controls.

Not all Third Parties are the Same

The OCC also clarifies that the diligence expected from banks depends on its relationship with different third parties. Due diligence and monitoring should be based on the amount of risk and complexity associated with each third-party engagement. The OCC anticipates that due diligence and continuous monitoring for important actions will be thorough, comprehensive, and adequately recorded. Additionally, management should adhere to the bank’s policies and processes for due diligence and continued monitoring for activities determined to be low risk.

Evaluating Fintech Partners

When evaluating the financial condition of a startup or less established fintech company, the bank may consider the company’s access to capital, earnings, funding sources, expected growth, net cash flow, borrowing capacity, and other aspects that may affect overall financial stability. This is critical because most Fintech businesses are startups – which means that they do not have a history in the banking industry. Fintech startups are also operating in a new and volatile domain, making it harder to understand their financial stability.

Assessing changes in the financial position of third parties is a requirement of the life cycle’s continuing monitoring stage. Due to the bank getting little financial information, it should have adequate contingency plans in place if the startup fintech company suffers a business interruption, fails, or declares bankruptcy and cannot undertake the agreed-upon activities or services.

Regulatory Change Management Software

These are just some of the considerations that need to be made by banks as the proliferation of Fintech services increases in the banking sector. Interested in seeing how your organization can work closely with Fintech service providers while ensuring all risk and compliance requirements are met? Get in touch with our experts for a demonstration of Predict360’s Third-Party & Fintech Partner Compliance solution.