Sep 21, 2024 By Aldrich Acheson
Federal Reserve, FDIC, and OCC published Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks. The Guide is aimed at community banks, but fintechs can also learn from it. In addition to helping banks, the bank guidance helps fintechs understand what information and documentation they need and how to contact banks.
Fintech companies develop strategic plans focused on third-party relationships with banks, highlighting their staff's experience and qualifications. They are prepared to demonstrate long-term financial stability and develop comprehensive internal control. This article will discuss six key areas for banking fintech due diligence.
The Guide, like the Proposed Guidance and other Agencies guidance, emphasizes due diligence as an important component of an effective third-party risk management process. When a community future bank fintech (or other banking institution) conducts due diligence, it collects and evaluates information to figure out if an association with a third party could assist it in achieving its financial and strategic objectives and if so, how to carry out the partnership safely and peacefully while following all the rules and regulations.
The bank's risk and the relationship's importance should determine the diligence process's extent and depth. Fintech companies wishing to build and maintain healthy business relationships with banks should structure their presentation to and documentation for banks in a manner informed by the Guide to increase their chances of success.
A fintech's expertise in delivering similar services or products can indicate its potential to support a bank guide in a way that meets regulatory standards and satisfies clients. Banks should analyze client references and complaints, which show a fintech's capacity to please clients and handle concerns, as well as any legal or regulatory measures against it. Fintechs should explore how to demonstrate client happiness and regulatory compliance.
A bank can determine if a fintech's senior management has the knowledge and experience needed for the relationship by reviewing its background and competence. Thus, fintech companies will seek to highlight their management and staff experience and establish strategies to demonstrate their resources to serve the future bank fintech.
Financial reporting and financing sources affect a fintech's viability and duties. Depending on its stage of development and business model, a fintech can fund operations and growth using cash flow or outside capital. Fintechs should clarify how they will be supported throughout the partnership, regardless of funding source.
A fintech's legal standing, track record of compliance with regulations and cooperation with regulators, and knowledge of the legal and regulatory landscape applicable to the contemplated activity help a bank determine if it can serve the bank guidance in accordance with all relevant laws and regulations.
Fintechs may be unfamiliar with bank legal and regulatory environments. In such cases, a bank may use adapted contract terms, supervisory checks and audits, processes requiring bank approval for certain changes, and frequent analysis of FinTech companies' client comments and complaints to ensure compliance.
Financial institutions should comprehend a fintech's internal risk management structure to determine if it can undertake the proposed activity within the bank's risk appetite. This framework's maturity and a fintech's capacity to supply related documentation may depend on its development stage. In addition, a fintech may not share trade secrets or confidential information.
In such cases, the bank guidance and fintech may benefit from on-site visits to evaluate the fintech's operations and controls, use of the independent party or bank's auditors to assess the same, contract provisions that allow on-site visits, audits, and other performance monitoring and require remediation of identified issues, and contract provisions that outline risk and performance. Whatever its strategy, a fintech should show that its risk management framework, control environment, and risk appetite match the bank's.
Understanding the fintech's internal procedures, rules, management duties, and reporting processes benefits banks. In relation to the projected activity, banks should evaluate a fintech's control reviews and internal or outsourced audit functionality's type, scope, frequency, quality, and findings. In addition, FinTech's internal reporting shows how it monitors important risks, performance, and control indicators, as well as staffing expertise and training programs. Fintech companies should offer detailed information about their internal review procedures, risk management framework, current internal and external review, audit reports, and control plans.
Protecting a bank's and its clients' sensitive data is crucial. Thus, banks must evaluate a fintech's data management and security policies in light of the connection and activity. Banks should know whether and how the fintech trains and tests employees and subcontractors, how it restricts access to systems and customer data, how it finds and fixes vulnerabilities, and how it updates and replaces hardware and software.
Banks should evaluate FinTech information security strategies by reviewing internal control assessments and testing, training programs, privacy rules, and incident response and notification procedures. Fintechs should disclose their information security, incident management, and security controls assessments and their comprehensiveness and efficacy.
Information systems
Future bank fintech diligence also considers fintech information systems infrastructure. Banks should examine if the fintech's present and projected systems can handle the connection and activity or if additional investment is needed. The fintech's patching and end-of-life hardware and software policies will also be important.
Banks should assess a fintech's resilience to technology failures, human error, cyberattacks, pandemics, and natural calamities. This audit considers the fintech's processes for identifying, managing, mitigating, and recovering from threats and failures to itself and its clients. The relationship and activity's nature and criticality should inform resilience planning and capabilities. Banks may assess the fintech's capacity to satisfy recovery expectations after a disruption and seek contract parameters that reflect their recovery timetables and goals.
The number and type of subcontractors fintech companies use are crucial to evaluating its resilience and recovery capabilities. Fintechs should discuss and explain their subcontractor vetting and engagement processes, especially if subcontractors have access to fintech systems that are crucial to the relationship and activity.
Explore the main factors affecting Consumer Sentiment and business confidence from inflation to legislation and world stability
You will need to contact your state's Department of Motor Vehicles (DMV) or a similar agency to obtain a copy of your driving record. You can request a copy online, by mail, or in person. You may be required to provide personal information, such as your name, date of birth, and driver's license number. There may also be a fee for obtaining a copy of your driving record. It is essential to keep a copy of your driving record for your records, as it can be helpful for various purposes, such as applying for car insurance or a job that requires you to drive.
Banks evaluate business experience, strategic planning, and IT security for FinTech due diligence. Community bank guidance provides key insights.
Where can I get the check numbers? There are three sets of numbers at the bottom of a check. The first set identifies your bank's routing information, the second your account information, as well as the third your check number. Knowing where to look for these numbers when filling out documents related to activities like direct deposit or setting up automated payments for monthly bills is helpful.