Banks create guide to manage fintech due diligence

As an increasing number of financial institutions enter into partnerships with fintechs and other vendors, a consortium of financial institutions is making an effort to standardize how banks approach third-party due diligence.

The initiative began after Alloy Labs Alliance membership banks noticed firms were implementing regulatory guidance in slightly different ways, Alloy Labs CEO Jason Henrichs said.

As a result, Alloy Labs Alliance and a dozen of the consortium’s member banks spent the past year working on a framework they hope will help serve as a guide for firms navigating the complexities of bank-fintech relationships.

Henrichs, who shared an executive summary of the guide with Banking Dive, said the framework isn’t meant to replace existing regulatory guidance, but rather help banks better implement it.

“The challenge, typically, is translating guidance into the practical, ‘What am I doing day to day?’” he said. “That's why, starting from the same guidance, banks can end up in very different places in how they implement it. Think of this as an implementation guide that builds on top of regulation and guidance.”

Alloy Labs and several member banks created the guide after hosting regular, monthly working sessions with business, operations, risk and compliance executives from roughly a dozen institutions.

The participants were divided into eight groups, covering categories ranging from business continuity, incident reporting, operational resilience and assessment of subcontractors, Alloy Labs said.

Bankers shared knowledge and debated best practices in sessions that were facilitated by public accounting, consulting and technology firm Crowe.

The groups developed a list of seven key questions banks need to address so they can assess the level of risk present in a particular third-party relationship.

Questions include: “How does this partner complement or enhance our strategy and align to our culture?”; “What type of customer interaction or data exposure does this partner have?” and “What monitoring and reporting is necessary for ongoing evaluation of the relationship?”

The questions were used to develop a consensus on the expected level of maturity of a fintech partner, Alloy Labs said.

Based on an assessed level of maturity, the groups established due diligence expectations, requests, ongoing monitoring and triggering events for enhanced due diligence, which the consortium plans to release in subsequent guides throughout 2023.

“This is a bank-driven initiative,” Henrichs said. “Why are we doing this now? Because the banks told us to.”

As bank-fintech partnerships become more prevalent in the industry, the tie-ups have attracted increased regulatory attention.

Michael Hsu, the acting head of the Office of the Comptroller of the Currency (OCC), called out bank-fintech partnerships in September, saying such tie-ups could put the financial system at risk of a crisis if not properly supervised.

The heightened focus means banks need to make sure their deals with fintechs are thoroughly vetted — not only to the satisfaction of regulators, but also to remain competitive.

Fintechs in the market for embedded banking services may become more selective as regulators step up oversight, Jonah Crane, a partner at financial services advisory and investment firm Klaros Group, told Banking Dive last month.

“They may prioritize resilience and stability and a bank who has committed to getting the compliance piece right over speed, whereas previously, speed to market was a big factor for fintechs looking for bank partners,” Crane said.

Helping banks — mainly community and midsize institutions — remain competitive is a central mission for Alloy Labs.

Since launching in 2018, the consortium has sought to leverage collaboration and the collective knowledge of its membership institutions to help them compete with some of the country’s largest banks.

The group in October released a guide focused on defining the roles and responsibilities in banking-as-a-service (BaaS) partnerships. The consortium’s members comprise about 30% of the market share of banks that offer BaaS, according to American Banker.

Alloy Labs also launched its own peer-to-peer (P2P) payments network, CHUCK, last year. It manages the platform in partnership with digital payments company Payrailz.

CHUCK has been touted as a competitor to Zelle, the network owned and operated by Early Warning Services (EWS) — a firm that, in turn, is owned by a group of the nation’s largest banks, including JPMorgan Chase, Wells Fargo and Bank of America.

“Ironically, the biggest banks have done a better job of working together,” said Henrichs, who noted the creation of The Clearing House and Zelle as examples of successful multibank collaborations initiated by the nation’s largest institutions.

But community banks are going through a mindset change, Henrichs added, and efforts like the initiative to standardize best practices for third-party due diligence showcase how smaller firms are “not out of the game when it comes to innovation.”

“They're reinventing what it means to be that community bank,” he said. “Third-party due diligence might seem mundane, but it's a really important step, because if they're not fixing things like that, they're not going to be positioned to do more interesting and innovative things.”