The Due Diligence Journey The discovery process starts with internal decision-makers and how they respond to the foundational questions, which are designed to help shed light on the pros and cons of a potential partnership: 1. What benefit(s) will we achieve by partnering with the third-party fintech? 2. What are the estimated savings and/or revenues we can expect over 1-5 years? 3. How much will it cost to establish and maintain the partnership over 1-5 years? 4. What kind of risk management program does the fintech partner possess? 5. Can our infrastructure and staffing handle the activity generated by the partnership? 6. Is the fintech’s risk culture and business approach compatible with ours? 7. Does the fintech have a good business reputation based on online research and discussions with current business partners? A company can deepen the effectiveness of due diligence by tapping into or creating additional resources. For example, your company’s existing third-party risk management team should help evaluate a potential fintech partner. A cross-disciplinary team could be assigned to other essential tasks, such as identifying critical risks and creating a partnership implementation plan. Even federal banking agencies can be a due diligence resource. In 2021, “Conducting Due Diligence of Financial Technology Companies: A Guide for Community Banks“ was published. Despite being targeted at smaller banks, the content generally applies to any business considering a strategic fintech partnership. The content put forward these six key topics to consider during a due diligence evaluation: 1. Business Experience and Qualifications • Company overview. • List of client references. • Ownership information. 2. Financial Condition • Financial statements and auditors’ opinions. • Annual reports. • Market information on competitors. 3. Legal and Regulatory Compliance • Organizational documents and business licenses. • Outgoing legal and regulatory issues. 4. Risk Management & Controls • Policies, procedures, other documentation. • Self-assessments. • Key risk indicator reports. 5. Information Security • Information security control assessments. • Incident management and response policies. • Incident reports. 6. Operational Resilience • Business continuity, disaster recovery, incident response plans. • Service-level agreements. • Outsourcing policies. Source: Conducting Due Diligence of Financial Technology Companies: A Guide for Community Banks, available at https://www.federalreserve.gov/publications/files/conducting-due-diligence-on-financial-technology-firms-202108.pdf Trust But Verify Although a fintech partner may perform duties or provide services on an institution’s behalf, it is the institution’s responsibility to properly oversee that relationship. That is a fundamental tenet of third-party risk management. Partnering with a fintech could raise or lower your company’s existing risk profile due to changes in credit, market, liquidity, reputational, operational, regulator and NEBRASKA INDEPENDENT BANKER 19
RkJQdWJsaXNoZXIy MTg3NDExNQ==