How to Create Resilient Banking as a Service Partnerships
For "debanked FinTechs," having to find a new bank partner leads to inconvenience, friction, and limited access to financial services for consumers - all of the things that FinTechs should be fixing.
Read our CRO's latest guide on how debanking is completely avoidable by establishing a strong relationship with a bank partner.
⏰ | 6 minute read
Chief Risk Officer
Mitchell is ensuring Bank <> FinTech partnerships remain strong on Synctera's platform by helping lead due diligence, risk assessment, and oversight.
I'm an avid customer of many FinTechs, and I recently received notice that one of my FinTech accounts was being transitioned to a new sponsor bank. Here’s a breakdown of the processes I had to manage:
I would receive a new account, routing number, and debit card - all with new numbers
I was asked to switch any auto-bill payments, like my Netflix subscription, to the new account
If I had a direct deposit set up, I would need to update it
And if I didn’t agree to this new account or move my money elsewhere by a specified date, the sponsor bank would mail me a paper check with the remaining funds
As the Chief Risk Officer of a company helping FinTechs find bank partnerships to launch their products, I understood why this might have needed to take place. But as a consumer, this was definitely not a fun exercise.
Why does the “debanking process” cause so much disruption to consumers? It’s because a FinTech's customer accounts actually lie with its sponsor bank. If a FinTech needs to switch to a new sponsor bank, they are forced to uproot their customers’ funds and payment methods and move them to an entirely new bank account – even though the FinTech’s app or interface remains the same. While a sponsor bank and its FinTech handle the operational burden required to make these changes in the background, the resulting impact to customers is incredibly disruptive. More inconvenience, more friction, and limited access to financial services - ironically, all of the things that FinTechs today promise to fix.
As the Banking as a Service (BaaS) industry continues to change, more of these switches will occur for various reasons. But there’s one item that can prevent unplanned debanking switches from happening: the level of risk and compliance readiness of sponsor bank and FinTech partnerships.
Traditionally, in their rush to get to market fast, FinTechs have not paid as much attention to this area as they should. But partnerships that do not have the right level of readiness will eventually force the sponsor bank to de-risk or slow down their BaaS programs (by choice or not), requiring unexpected bank switches for FinTech partners and potential loss of operations. While speed to market will always be important, the resiliency of partnerships between banks and FinTechs will be a critical piece to success.
<div class="rt-btn-wrap"><a href="https://synctera.com/contact-us" class="button yellow w-button">Have a question about connecting to a bank partner? Our experts can help </a></div>
Three core principles: oversight, reliability, and fairness
What does “partnership resiliency” entail? To me, this translates to three core principles:
Banking products offered by FinTechs need bank-grade risk and compliance oversight
Banking experiences offered by FinTechs - including money movement and access to deposits - must be reliable
Banking products offered by FinTechs must be offered fairly including how they are structured and how they are marketed to consumers
Recently, I shared my belief that these partnerships can resemble a traditional bank “line of defense” structure that makes the FinTech responsible for risk and compliance as a “first line of defense.” The first line FinTech is similar to a bank business unit where the unit’s team owns the customer relationship, product roadmap, and manages the risks it generates such as fraud.
Meanwhile, the sponsor bank is accountable for risk and compliance as a “second line of defense” - approving and monitoring policies, limits, and conducting periodic reviews. This relationship can help promote products that are reliable and fair to the customer, but it requires active risk and compliance work on the part of both parties to ensure their partnership remains strong.
Bank regulators (who sponsor banks must answer to) have also provided guidance and speeches that have hinted at their expectations for how banks and FinTechs should establish partnerships, which I discussed in a blog last August. One of the more noteworthy remarks came from acting Comptroller of the OCC Michael Hsu in November 2021. In his speech, he labeled certain FinTechs as “synthetic banking providers”:
“We need to remove the disparity between the rights and obligations of banks and the rights and obligations of synthetic banking providers [SBPs] by holding SBPs to banking standards. At the same time, we need banks, FinTechs, and crypto firms to step up and make the business of handling other people’s money an ultra-high trust endeavor, where the needs of all customers are met in a reliable and consistently safe, sound, and fair way.”
While FinTechs may not need to deal directly with bank regulators, they won’t be shielded when it comes to consumer issues. More recently, the Consumer Financial Protection Bureau (CFPB) invoked a “dormant authority” to examine nonbanks including FinTechs. Put plainly, the CFPB is also focused on ensuring FinTech products meet the standard of banking products:
“Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to. This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads.”
Despite the increase in oversight around BaaS, regulators are aware that relationships such as BaaS partnerships can foster more innovation, including financial access and health to the economy that our traditional system has failed to deliver. This power does come with responsibility as these innovations directly impact people’s financial lives.
Consequently, regulators will continue to evaluate this industry as it grows. I expect them to focus on appropriate partnership oversight, reliability, and fairness to the consumer. It will be crucial for sponsor banks and their FinTech partners to both proactively manage these issues and address regulatory feedback.
The stakes are high, and the need to revisit the best BaaS risk and compliance practices for all parties will remain top-of-mind.
Managing partnership resilience
The following are three areas that both sponsor banks and their FinTech partners should be proactive on:
Compliance and fraud
Security and operational resilience
FinTech due diligence involves the sponsor bank gathering information to understand the potential FinTech partner, including its business model, management team, financial condition, and products.
This is a key oversight step to forming a partnership, and regulators generally expect a thoughtful process to be in place. I often encourage FinTechs to be as transparent as possible in this stage - surprises later on will only cause delays to a launch.
More importantly, upfront information sharing is a critical part of developing a trusted partnership - this goes both ways. I have spoken about how FinTechs have inquired about certain aspects of their sponsor bank, which is fair game.
Here’s how banks and FinTechs should approach the due diligence process to establish their relationship:
Compliance and fraud
Banks and FinTech partners are required to meet specific rules and regulations depending on the product and customer.
This includes anti-money laundering (AML) rules, bank customer identification rules, and consumer regulations on topics such as transaction disputes, fraud, and fair lending. Oftentimes, these rules are intended to address fairness of the product. The more complex the product or service is, the more the FinTech might invest in legal and compliance resources early on to oversee issues and inform product design.
On both sides, clear communication about compliance policies, rules, and resources about their products will save a lot of back-and-forth:
Security and operational resilience
A FinTech’s product reliability is a key expectation of banks, customers, and regulators. For instance, a customer’s secure access to their deposits for withdrawals or payments should be reliable. This means appropriate investments in technology, but also ensuring testing, ledger reconciliation, and other controls are in place.
Sometimes, independent certification and testing (e.g. SOC 2, PCI-DSS) is required of a FinTech depending on their use case and especially as the partnership scales.
Synctera Cases, Ground Control, and the Synctera team
We’ve been called a FinTech helping FinTechs, or a group of builders building products that help builders, build. That’s a mouthful.
But today, we have unique and innovative approaches that FinTechs and banks can both utilize to ensure their relationships remain resilient.
Technology like Synctera Cases and our Personally Identifiable Information (PII) Vault
Our case management system, Synctera Cases, allows both banks and FinTechs to manage their “relationship” workflows in an efficient, accurate way, and gives sponsor banks extensive oversight of their FinTech partners. Synctera Cases helps:
Track and manage compliance and fraud issues
Allow for banks to oversee customers, accounts, and transactions in real time
Provide for more streamlined issue escalation with an audit trail
Reduce manual reconciliation of ledger transactions
In addition, Synctera Cases has undergone SOC 2 Type 2 testing and is PCI-DSS compliant for secure storage of customer information and card data. Customer data is stored in the Synctera PII Vault as a component, helping to abstract FinTechs from some of the SOC and PCI requirements while keeping customer data safe and secure.
Ground Control is a program for FinTechs that helps address the challenge of having appropriate fraud and compliance expertise early in their journey. These resources will help FinTechs address foundational issues by:
Increasing speed to market by avoiding the bottleneck of getting banking and compliance operations functions completely in place before they launch
Providing peace of mind that an app is compliant from day one
Minimizing disruptions to customer experiences by having efficient processes to resolve disputes and KYC, BSA/AML, and fraud issues
Giving time to build the appropriate back office teams, partnerships, processes, and expertise into a business
The Synctera team includes risk and compliance professionals with backgrounds at FinTechs, banks, and regulatory agencies. The team can help support banks and FinTechs alike on a number of core areas:
Due diligence - Providing diligence requirements to FinTechs, gathering information of the FinTechs, performing initial risk assessments, and sharing information with potential sponsor banks to support the matching process
Compliance and fraud - Providing consultation on compliance requirements including policy and disclosure templates, assisting with initial limit setting and fraud questions
Operational resilience - Providing consultation on requirements of the FinTech including insurance, pen testing, third party risk management assessments, and business continuity / disaster recovery planning
Referrals - Suggesting potential vendors that may help the FinTech or Sponsor Bank with legal, risk, and compliance issues
Still have questions?
Feel free to reach out to me and our expert group of colleagues at Synctera to figure out how we can set you up for success.
<div class="rt-btn-wrap"><a href="https://synctera.com/contact-us " class="button yellow w-button">Talk with our experts</a></div>
Subscribe to newsletter
Subscribe to receive the latest blog posts to your inbox every week.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Great FinTech apps get built and scaled on Synctera’s end-to-end platform.
Get started to learn how Synctera can bring your product vision to life
Synctera and featured clients are financial technology companies and not a bank. Banking services are provided by Synctera's partner banks who are Member FDIC. Mastercard® Debit Cards are issued by Synctera's partner banks pursuant to a license from Mastercard® and may be used everywhere Mastercard® debit cards are accepted.
Synctera Canada is a registered Money Service Business with FINTRAC. Synctera Canada is not a financial institution. Banking services are provided by Synctera Canada’s partner banks who are CDIC members. Mastercard® Prepaid Cards are issued by Synctera’s partner banks pursuant to a license from Mastercard® and may be used everywhere Mastercard® is accepted.