As the financial services industry evolves, financial institutions (FIs) increasingly turn to fintech to meet their needs. For one thing, fintech offers innovative solutions that help FIs deliver new capabilities, respond to changing customer expectations, increase revenue streams, and improve operational efficiency.
However, FIs who have explored or implemented collaboration with fintech have encountered challenges that have derailed their efforts or resulted in less-than-desired outcomes. As a result, FIs must be careful not to fall into common pitfalls that could lead to failure when partnering with fintech companies.
In this article, we will explore eight common pitfalls that can undermine fintech and Financial Institutions’ relationships.
1. Management and Cultural Differences
Differences in management style and corporate culture can create tension between a fintech and FI. A PwC global survey found that more than half of Fintech companies have strained relationships with banks due to differences in management and cultural style.
These differences can include differences in business processes. Most fintech companies are relatively new to the financial service sector, and they want to break traditional norms through innovative ideas. However, FIs usually try to keep some of those norms in place because they have to follow regulatory requirements. As you may already know, FIs are typically more conservative in their approach. They may have long internal processes for approving new products or services, which can slow down the pace of innovation for fintech.
For these differences not to become an issue for the partnership, both parties must understand them ahead of time, so they can work together effectively. Establishing clear business goals and strategies for the relationship will go a long way in bridging the gap between the two parties’ management styles and corporate culture.
2. Non-compliance with Regulations
Non-compliance, or failure to comply with regulatory requirements, is a perennial problem for financial institutions when dealing with fintech organizations. The consequences of non-compliance can be severe. Fines, loss of business and reputation damage are top of the list.
To avoid non-compliance pitfalls, FIs need to do due diligence on fintech companies before they work with them in any capacity. They must ensure that the fintech has proof or history of adhering to compliance guidelines set out by regulators such as the Financial Crimes Enforcement Network (FinCEN) or Office of Foreign Assets Control (OFAC). If fintech companies don’t seem familiar or comfortable with these rules and regulations, think twice before partnering up. FI also need to stay compliant themselves, as no Fintech company with a partner with a non-compliant FI. Our regulatory compliance service could be your go-to for this.
3. Cybersecurity Breaches
Cybersecurity is a massive concern for both fintech and FIs. A fintech should be able to communicate its security plan to the financial institutions and explain how they are protecting the data they hold. As a rule of thumb, FIs will look at a fintech’s ability to protect customer information as an indicator of its ability to protect its systems. They want to know that your fintech has a solid security plan in place so that their customer’s data is protected (and their reputations are not sullied by being associated with an organization that has suffered from data breaches).
If you don’t have an adequate cybersecurity system in place, then you risk being rejected by FI because of a lack of control. So fintech must demonstrate this capability from the outset to avoid a strained relationship.
Here are some common pitfalls that can lead to cybersecurity breaches and eventually damage the relationship between both parties :
- A lack of proper security protocols and training for employees who deal with sensitive customer information (e.g., account managers or salespeople).
- Too-wide access permissions for employees who don’t need them (e.g., allowing staff members from other departments access to customer data).
- Failing to keep up with new technologies (e.g., not knowing about new features available in your security software). The 2017 data breach at Equifax is a case in point. The personal information of over 143 million customers of the bank was hacked majorly because of the failure of the bank to update its security software).
4. Bank Secrecy Act/ Anti-money laundering (BSA/AML)
The BSA/AML laws require FIs to implement robust policies and procedures to prevent illegal money laundering and terrorist financing. They must not be found wanting.
Fintech startups are often unfamiliar with these regulations, which may be understandable because it doesn’t apply to certain fintech companies. However, to avoid complicated relationships, FIs must conduct due diligence on all their suppliers, including fintech. This means they must ensure that their fintech partners are not involved in any illegal activity. This may not be easy working with fintech companies because some products have been built on open-source technology or software development tools from third parties.
RADD has a team of consultants who are experts in helping financial institutions establish a BSA/AML compliance program. Under RADD’s BSA/AML services, FIS can determine when and how to apply the critical business system and processes to exercise all the due diligence required.
5. Violation of Intellectual Property Rights (IPR)
IPR violations can have a significant impact on both parties. For example, if you’re not careful, your business may face legal action for using a competing app or a website’s code without permission. This can include coding that has been modified and re-used in your application and any technology that is not adequately secured with licenses.
Understanding the potential for IPR violations and how to avoid them is crucial, especially when creating proprietary technology solutions through partnerships with fintech.
How do you avoid intellectual property rights violations? The short answer is to understand your IPR rights strategy before launching any new endeavour into the fintech space to prevent inadvertently violating someone else’s IP rights.
6. Insufficient Information Security Controls
Ensuring information security controls is a critical component of fintech-financial institution relationships. When a fintech company fails to acknowledge data privacy, security, protection or confidentiality requirements, they risk irreparable damage to their reputation, the loss of valuable customers and a strained relationship with financial institutions.
The following guidelines will help ensure your organization has sufficient information security controls:
- Create a robust IT governance framework that includes policies and procedures related to data privacy, security and protection measures.
- Make sure employees understand what their responsibilities are regarding these policies and procedures.
- Ensure you have the proper security controls to protect your data and systems. This includes firewalls, anti-virus software, intrusion detection systems (IDS), etc.
- Develop an incident response plan that can be implemented if a breach occurs or if there is an attempted breach by hackers.
- Perform regular penetration testing of your systems to identify any potential holes in security.
7. Third-party Mismanagement
Third-party mismanagement is a common pitfall among FIs, particularly those with multi-channel strategies. For example, if a bank works with multiple third parties to deliver customer experiences, it can be difficult to manage their relationships.
The best way to avoid third-party mismanagement is by being transparent and open when approaching FIs about new fintech products and services. Fintech firms must also understand that Fis are not just clients with whom they do business. Instead, they are partners with whom they share common goals and interests. Therefore, fintech firms need to develop strong relationships with their partners and ensure that both sides understand each other’s expectations.
Another way to prevent this pitfall is to have a solid vendor management program. This should include policies and procedures that define your expectations for third-party services, whether as a FI or fintech. It also means clearly understanding your vendors’ capabilities, limitations, and service level commitments.
8. Inadequate Due Diligence
Due diligence is integral to all relationships, whether you’re considering a new employee, selecting a vendor or bank, or entering into a joint venture with another company. Because fintech firms are often startups, they can be particularly vulnerable to this pitfall. Regardless, if a fintech does not do enough due diligence, it can be easy for the FI to see them as a potential risk.
Fintech must also understand that a relationship with a FI will require an appropriate level of due diligence on their part and the part of the FI. Both parties must do their homework before making any commitments or entering into agreements, so everyone knows what’s expected from both sides.
The following are some things that should be included when exercising due diligence:
- Company structure, ownership and management team
- Corporate governance and risk management policies
- Business operations and financial results, including risk appetite, credit quality standards and capital plan
- Technology infrastructure (e.g., data centre location)
This list of pitfalls is not exhaustive but gives you a good starting point for improving your fintech-financial institution relationship. If any of this is an area you find challenging, we can help with our expertise in FI and fintech services.
RADD LLC helps FIs to formulate strategies to navigate the regulatory environment, from initial planning through implementation. Whether you want an Interim Compliance Officer or are interested in a project basis, we can serve as a compliance watchdog to help you avoid violations of state, federal or international regulations.
Schedule a free consultation with us today to learn how our comprehensive compliance program can benefit your business.