Pub. 12 2021 Issue 4

Pub. 12 2021 I Issue 4 Winter 25 West Virginia Banker that community banks can consider when exploring relationships with fintech companies: • Business experience and qualifications, including the fintech company’s business strategies and plans and the qualifications and experience of its company directors and principals. This area is important since it may be an indication of the company’s ability to adequately comply with a bank’s regulatory obligations while still providing a satisfying customer experience. • Financial condition of the fintech company, including analysis of the fintech company’s financial reports, funding sources, and market position. A comprehensive understanding of a fintech company’s financial condition is important to ensure that it is and will remain financially healthy and fulfill its obligations to the bank. • Legal and regulatory compliance of the fintech company. Before partnering with a fintech company, banks should assess the company’s knowledge and understanding of the regulatory and compliance environment for banks. Banks should also evaluate any legal or regulatory issues faced by the fintech company and review the company’s compliance strategies and programs relating to consumer protection, privacy, and anti-money laundering. • Risk management and controls of the fintech company. Understanding the fintech company’s risk appetite and its internal risk framework is an essential component of due diligence. In some cases, a bank may learn the fintech company’s risk profile and the bank’s risk tolerance does not align. • Information security, including the fintech company’s information security program and information systems. The ability of a fintech company to protect sensitive customer and bank information is critical in a fintech-bank partnership. Fintech companies should be willing and able to provide comprehensive information about their information security program and information systems. • Operational resilience, including the fintech company’s business continuity planning, incident response plan, and service level agreements. Banks should assess the fintech company’s ability to provide service in the face of technology failures or cyber incidents. Threat detection procedures should also be examined and evaluated. Through partnerships with fintech companies, community banks gain access to innovative technologies that can increase operational efficiencies, improve customer experiences, and bolster competitiveness. However, these partnerships also introduce risks that must be evaluated through an appropriate due diligence investigation. The Guide provides a roadmap for regulatory expectations and issues that should be addressed during the due diligence process. To read the Guide in its entirety, visit: https://www.federalreserve.gov/publications/conducting- due-diligence-on-financial-technology-firms.htm.  Elizabeth Frame is a partner in the Charleston, West Virginia office of Bowles Rice. She advises clients on regulatory and securities work, as well as mergers and acquisitions, and has advised clients on issues regarding the CARES Act, Paycheck Protection Program and Small Business Administration Loan Relief. Contact Elizabeth at (304) 347-1715 or eframe@bowlesrice.com. Drew Proudfoot is an associate attorney in the Morgantown, West Virginia office of Bowles Rice. He focuses his practice on corporate and financial services transactions, including commercial lending, mergers and acquisitions, and business succession planning. Contact Drew at (304) 285-2566 or dproudfoot@bowlesrice.com . Through partnerships with fintech companies, community banks gain access to innovative technologies that can increase operational efficiencies, improve customer experiences, and bolster competitiveness.