Even federal banking agencies can be a due diligence resource. In 2021, Conducting Due Diligence of Financial Technology Companies: A Guide for Community Banks was published. Despite being targeted at smaller banks, the content generally applies to any business considering a strategic fintech partnership. The content put forward these six key topics to consider during a due diligence evaluation: 1. Business Experience and Qualifications • Company overview • List of client references • Ownership information 2. Financial Condition • Financial statements and auditors’ opinions • Annual reports • Market information on competitors 3. Legal and Regulatory Compliance • Organizational documents and business licenses • Outgoing legal and regulatory issues 4. Risk Management and Controls • Policies, procedures, other documentation • Self-assessments • Key risk indicator reports 5. Information Security • Information security control assessments • Incident management and response policies • Incident reports 6. Operational Resilience • Business continuity, disaster recovery, incident response plans • Service-level agreements • Outsourcing policies Source: Conducting Due Diligence of Financial Technology Companies: A Guide for Community Banks, available at https://www.federalreserve.gov/publications/files/conducting-due-diligence-on-financial-technology-firms-202108.pdf TRUST BUT VERIFY Although a fintech partner may perform duties or provide services on an institution’s behalf, it is the institution’s responsibility to properly oversee that relationship. That is a fundamental tenet of third-party risk management. Partnering with a fintech could raise or lower your company’s existing risk profile due to changes in credit, market, liquidity, reputational, operational, regulator and compliance risks. Proper due diligence of a fintech partner considers how the relationship could alter your risk profile. Your organization should trust but verify the information provided to you. There are some critical areas to analyze and confirm: established business relationships, financial performance, compliance program performance, reputation and litigation research, risk controls and technologies used. One crucial aspect of due diligence that should not be overlooked is the need for ongoing analysis once a fintech is integrated into your organization. No matter what service the fintech provides, your institution is responsible for confirming that the fintech meets its contractual and service-level responsibilities throughout the life of the relationship. Failure to identify and address inherent and developing third-party vendor risks could reduce a company’s revenue stream, cost the organization valuable time and resources, jeopardize the safety of customers’ personally identifiable information (PII), damage the organization’s public reputation and increase regulatory scrutiny. CONCLUDING THOUGHTS The recent failure of several high-profile fintech partnerships suggests a lack of effective due diligence at some juncture in their relationships. The guidelines and information presented here are designed to help your institution avoid the same fate. Common sense dictates that any type of new business relationship, fintech or otherwise, should be fully vetted and understood before it begins. The due diligence journey is endless, but you do not have to go it alone. Turn to those who are ready to help you along the way. 26 | INDEPENDENT REPORT
RkJQdWJsaXNoZXIy MTg3NDExNQ==