Internal Oversight | Risk Series

By
iLEX Team

Doing It Right - Part One

Last week we discussed risk, so this week we’re addressing the question:  how do you minimize risk? The first step is to ensure your internal processes are strong, that they meet regulatory requirements, and that they help you to both manage and safeguard your Fintech business. Or, if you are an Issuing Bank Partner, making sure your oversight is helping your Fintech programs achieve the same.

A note to Fintechs - your Issuing Bank Partner wants you to succeed as much as you want to, and a good Issuing Bank Partner is just that, a Partner. To ensure success, your Issuing Bank Partner needs to know what you are doing and how you are doing it.  While your goal is the same - to succeed - what you need to do is a little different. The below lists will get you started, but they are in no way definitive.

Fintech Programs

  • Do you have a plan of your products, what you are building, and software requirements?
  • Have you completed your proformas and projections? If you are already in market, are you reviewing performance against your expectations and making necessary adjustments?
  • Do you have a strong KYC program to minimize onboarding bad actors?
  • Do you have strong AML & Fraud programs?
  • Do you have a full suite of Policies & Procedures? These will need to be approved by your Issuing Bank Partner. And remember, policies and procedures are like vitamins, they don’t help you if you leave them in a drawer. These are active documents that you will live by.
  • Do you have an annual training program in place for all your staff?
  • Do you understand all your reporting requirements and are you meeting them?
  • Do you have a strong Privacy policy? This is a big deal, especially privacy of consumers and even more so if your program includes children. Know the rules and stick to them
  • Do you have all necessary Terms & Conditions (T&Cs) and Disclosures? Are you living by them?
  • Is your staffing adequate and do they have the right skills and attributes?
  • Is your customer service strong and in compliance with your internal documents and regulations?
  • Have you completed Third-Party Vendor Due Diligence on all your third-party vendors?
  • Does your marketing department adhere to regulations to ensure there are no UDAAP and other violations?

Issuing Bank Partner

As an Issuing Bank Partner, you want to know that your Fintech Programs are viable and in compliance with all relevant laws and regulations. This includes understanding the industries they are working in. For this reason, many banks choose programs that are working in areas close to the Bank’s core business. This makes it easier for an Issuing Bank Partner to provide oversight as they are reviewing products they understand. And that oversight is critical. Assuming your Fintech Programs are doing everything right and don’t need your input and oversight is a fast track to problems, from financial loss and Fintech failures to regulatory scrutiny and findings you want to avoid. As we mentioned in our risk article last week, the buck stops with the Bank. Your Fintech Partners are using your banking license and you are the one ultimately accountable to regulators.

Before You Sign on the Dotted Line

  • Do you understand the program and product(s)? 
  • Does the program’s product(s) and ethos fit yours? 
  • What is the program’s leadership team’s depth of knowledge and ability to support their product(s)?
  • Does the program fit within your risk model? 
  • Do you have adequate staffing to oversee the program? 
  • How much money has the program raised? 
  • What is their plan for future investments? 
  • Do you have Board approval?

Onboarding Your Programs

Have you…

  • completed Program due diligence? 
  • received and reviewed documents pertaining to the program’s legal status?  Financials? Insurance? Organizational chart and succession plan?
  • reviewed program details? Account and transaction projections? Product roadmap? 
  • finalized your pricing?
  • put a signed MSA in place?
  • Received, reviewed and understood the Program’s plan outlining their products, what they are building, and software requirements?

Bringing Your Fintech Programs to Market

Have you…

  • scheduled regular (commonly weekly) Processor implementation calls?
  • reviewed and approved the Program’s Funds Flow?
  • reviewed and approved the Program’s Mobile App and website (if applicable)?
  • reviewed and approved the program’s marketing materials?
  • implemented, tested, and confirmed all software is working?
  • been given access to, and oversight of, reporting tools for reconciliation/settlement for customer accounts?some text
    • Note: watch the regulators on this one, some are signaling that required Bank oversight may be stepped up.
  • reviewed and approved the Program’s Policies & Procedures?
  • reviewed and approved the Program’s Risk Assessments?

Post Launch

Do you have…

  • an audit program (internal and external) in place? 
  • open lines of communication with your Programs both ad hoc and planned?
  • a plan to review and approve (or not) any changes to the Program?
  • a process to keep your Board of Directors informed? 

Technology and Data

Both Fintech Programs and their Issuing Bank Partners  have technology and data requirements. As noted previously, the list below is not definitive but will get you started.

  • Do you have a low-cost development and low-cost administration centralized data warehouse similar to Snowflake or other cloud platforms?
  • Do you have a set of policies, processes, and tools that ensure data is secure, accurate, and usable throughout its lifecycle (data governance)? 
  • Do you have a process to reconcile data being exchanged between you and your vendors? Between you and your sponsoring FI(s)?
  • Do you collect all necessary data points to satisfy regulatory requirements such as BSA/AML, KYC/KYB, Consumer Protection, Disclosure and Transparency?
  • Do you have proper reporting tools in place to always stay on top of what is going on with your customers and answer your partners requests for information timely?

Finally, remember bad things happen when you don’t get this right

While we don’t want to be raining on your parade, the reality is pretty simple. While a Fintech can survive some mistakes, as long as they make timely corrections, one serious mistake, or the culmination of many smaller mistakes, can kill a Fintech. This in turn impacts the Program’s Issuing Bank Partner - financially, reputationally, through consent orders, and other regulatory consequences.

How can things go wrong? Let us count the ways…

  • Bedeviled into insolvency through fraud. Fraud will happen, it is inevitable. Your job is to build a strong fraud detection program to mitigate the risk and to catch events early.
  • Lawsuits. While hopefully no one will decide to sue you, it can happen and can be instigated by unhappy customers, partners, and/or regulators. 
  • Audit failures due to not complying with laws and regulations.
  • Failure of technology due to business process misalignment, paving the cow paths (using new software to automate old and inefficient processes), data migration deficiencies, software integration failures, lack of software and user acceptance testing.
  • High volumes of customer complaints direct to your program, on social media, and reported elsewhere.
  • Your bank decides to drop your Program - this doesn’t happen often but that doesn’t mean it can’t. And while it is not always the Program’s fault, it is more likely if you are not performing well. What is your back up plan to continue business if your bank drops you?
  • Loss of key staff. Make sure you have a plan for this too.

Just to round things out, and to not leave you on a negative note, if you - Fintechs and Banks alike - build strong, transparent partnerships and manage your businesses well, working together can be rewarding, bringing new meaningful products to market and adding another successful business line to Issuing Bank Partners. The work to get this right is worth it!

Check in next week for a dive into external oversight.

This is the second in a series of collaborative articles by iLEX Consulting Group and iDENTIFY

About iLEX

Since 2012, iLEX Group LLC has been a leader in delivering expertise in the FinTech industry, with a robust background in compliance, operations, and client management. We bring our client’s visions to life with our ingenuity, partners, resources, and leadership.

About iDENTIFY  iDENTIFY has become a leading fintech software company by providing banks with the tools necessary to unify their customer data. With several years of providing solutions for the banking industry, our vision is to streamline internal operations, create convenience for our clients, and give banks faster-to-market solutions. 

Tags
iLEX
Risk Series
No items found.
Stay Updated

Stay updated with our
latest news & offers

Sign up to get our Newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Latest Posts

Operations | Risk Series
External Oversight | Risk Series
Data Management with iDENTIFY
Back to Blog
For ambitious banks around the world, we are looking to partner! Let's grow together.
Products
iDENTIFY
Fintech Map
iDENTIFY Ai
Services
Data Engineering
Data Cloud
Data Analytics
Resources
Contact
Clients
FAQ
Our Tech
Team
Company
About
News
Blogs
Pricing
© 2024 iDENTIFY, Inc. All rights reserved.
Privacy Policy  |  Terms of Service