Pub. 8 2020 Issue 3

www.uba.org 14 L ending competition is accelerating as banks implement digital tools and embrace partnerships with financial technology firms (fin- techs). Various industrial banks, in Utah and elsewhere, have created a successful business model working with fintechs to offer a variety of lending products. Now, traditional banks are also looking at accelerating their digital strategies as both businesses and consumers become increasingly comfortable with online lending. Partnering with a fintech can provide enhanced customer experience and accelerate the implementation of your digital strategy without the investment of time and human capital, which can be costly, especially to community banks that may not have substantial information technology and programming budgets. With the many different technologies and third-party partners available in the fin- tech lending space, there are many risks to consider and decisions to be made. If there ever was a time to have a robust vendor management process in place, this is it. A rigorous vetting process will help ensure that your fintech partners will deliver what is promised and expected. What are the best practices for evaluating your potential lending partners? And what are the issues that you, as the entity ultimately responsible for the third-party relationship, need to consider? All the federal banking regulators have issued guidance for managing third-party risk, 1 and bankers should have a good under- standing of those expectations before selecting a fintech lending partner. At a minimum, the selection criteria should include consideration of: 2 • The compatibility of the fintech’s vision and value proposition with that of the bank and the ability to execute: Does the product “ fit ” within the bank’s culture and its customers’ expectations? • The functionality of the system: Can the product parameters be modified to meet the bank’s expec- tations and lending criteria? Is the system compatible with the bank’s current operations? • Service and support: Is the product adaptable as conditions change over time? Does the fintech guar- antee minimum service levels and provide for disaster recovery and business continuity? • Subcontractors, consultants, or oth- er third parties on which the fintech is relying. • Cost/pricing. • The financial stability of the fintech. In addition to these standard criteria that are part of the evaluation of any third-party pro- vider, bank management will want to con- sider the following elements that are more specific to the fintech lending partnership. LENDING EXPERIENCE AND EXPERTISE The functionality of the technology is an important consideration, and that is often the first part of the evaluation process. However, as you execute the due dili- gence evaluation, you will want to look carefully at the experience of the fintech’s management team. They should have a deep understanding of the lending process within the banking environment, the asso- ciated regulatory requirements, and how their particular technology impacts the entire borrower experience. In addition to getting to know the management team, you will want to speak with their existing clients about product adaptability, respon- siveness, integration with current systems, and security. SECURITY AND PRIVACY A cybersecurity breach is one of the most significant risks a lender faces in today’s technology environment. The chief infor- mation officer should be comfortable that customer information maintained by the fintech is safeguarded, and controls are in place to prevent and detect a breach. De- termine who will be hosting the applica- tion and the data collected. Do they fully understand state privacy requirements and the Graham Leach Bliley Act? Is ad- equate cybersecurity insurance coverage in place at the fintech, and how does it interrelate with the bank’s coverage? Beyond the protection of your customers’ information, there is an emerging concern about the use of customer data. Banks have a lot of information about their customers. Is this data going to be shared with the fintech for marketing purposes? How will the data be accessed? How will it be stored? Will the bank’s privacy policies need to be updated to address amended information-sharing practices? REGULATORY COMPLIANCE CONSIDERATIONS The culture of compliance in the fintech industry is shifting. Fintechs realize that to grow and form partnerships, regulatory compliance is a non-negotiable require- ment. Having a compliance culture and all the correct pieces in place is essen- tial. Does your potential partner have experienced compliance personnel with knowledge of banking regulations? Has an effective compliance management system (CMS) been implemented that includes board and management oversight, policies and procedures, training, monitoring or audit, a consumer complaint response, and a third-party service provider management program? Just like your bank’s CMS, the fintech’s CMS should address all relevant BEST PRACTICES FOR CHOOSING A FINTECH LENDING PARTNER By Tracey Levandoski, CRCM, CrossCheck Compliance LLC