Transcript
[0:00:00] [Music]
[0:10:00] A Banking Service Agreement
Hi, I’m Brent Farley with Farley Law. Today, I wanted to talk about banking as a service offerings and banking as a service agreements. Over the past year or so, we’ve seen a lot of attention, both negative and positive, paid to banking as a service offerings and to fintech types of businesses. Today I want to talk about how agreements can be put together and how risk can be managed and how compliance can be managed to keep those source of relationships positive between banks and fintech partnerships. To get started, I want to talk a little bit about what I mean by banking as a service. It means a lot of things to different people.
[0:49:18] Fintech Partnership with a Bank
For today, we’re going to talk about it in the realm of embedded finance and in the realm of taking banking services and offering them as a suite of financial non-financial products, or similar sorts of arrangements. To get started, when we’re looking at a banking as a service agreement or fintech partnership with a bank, one of the first things that we try to define and determine is: what are the different parties going to be doing, because then everything else in the agreement and the arrangement flows from that idea. Usually what happens is, the bank can offer certain services that other entities either cannot, or they find it very difficult to do so. Those services are usually money transmission. They’re lending and they’re taking deposits. And so usually what happens is you have an agreement where the bank is agreeing to take on deposits or to make loans or to do some money transmission activities while the other party is taking on a very heavy role on the marketing side and on the customer facing customer servicing side in producing platform to use and producing ways for the services to be offered in kind of a novel way. When you look at it that way, what ends up needing to happen is that the agreement needs to very carefully describe the services and activities that the bank will take on to make sure that it is taking on the regulated activities. And on the flip side, the agreement needs to be very careful about defining what the fintech partner can and can’t do, and what might need to be done with the approval of the financial institution. Just by nature of this sort of arrangement, there are some very interesting compliance risks that arise and then there are some interesting other risk management topics that you need to cover.
[2:49:08] Compliance
First on the compliance side, and then risk management. On compliance, what usually needs to happen is the bank and fintech need to sit down and talk about the different types of compliance obligations that will exist in the arrangement. This is because the fintech partner may or may not have a full handle on the full extent of compliance obligations that they’re taking on in their new role, and a lot of that needs to go into the agreement. Oversight also needs to go into the agreement to make sure that the fintech partner and the bank on ongoing basis are adequately implementing their compliance obligations and they’re monitoring them. In the agreement you’ll see things like bank’s ability to oversee policy and procedure, to look at policy procedure, to see compliance audits and testing to require additional compliance burdens. You might think about it like a bank examiner comes in for a compliance exam and imposes the requirements on the bank. You might, as a bank, want to try to play bank examiner for your fintech client. That might be a good way to look at it. You may not need to go quite as far. In some cases, you may need to go that far and further, but that’s a good way to think about compliances you need to bring to the surface. What are all the compliance obligations? Make sure everybody understands the full extent of them, and then put some policies and procedures and monitoring and governance in place, so everybody can see what’s happening and understand. And then make sure that it’s moving forward, it’s being implemented on ongoing basis. You also need to put some mechanisms in place to deal with regulatory changes where both parties are looking at how process procedures need to change and align the new regulations and new regulatory obligations.
[4:43:18] Risk Management Part I
For the last one, let’s talk just a little bit about risk management. This is a big topic. There’s no way we can cover the full topic in a short video like this, but a few things, maybe to pull out, observing the marketplace in the past year or so is, you really need to understand the industry that you’re getting into. Early on in 2023, we saw some major issues where deposits, funding sources that are typically stable, became very, very unstable for some institutions, and we saw running off of deposits in very large amounts. When you’re looking at a relationship with the fintech provider, and you’re looking at bringing on deposits as a funding source, or for other reasons for the bank, you need to look at it and test out your assumptions or try to test out your assumptions that traditionally, bank deposits are very stable. If you change the environment in which they’re gathered, that stability assumption may not be valid, so you want to be very careful about how you’re looking at deposits and funding sources from this arrangement. Another thing you might look at on the lending side is, in a fintech or bass arrangement, a lot of times, the lending program is very low touch. There may not necessarily be a human looking at every bass loan that’s made, and so, you want to be very careful about setting parameters for the loan and writing that into the agreement, to make sure that the bank is controlling its exposure, and it’s controlling the risk profile for the portfolio and then on the back side you’ll want to, very carefully, control the overall exposures, and make sure that you’re watching the performance. Maybe, set some performance covenants and obligations between you and the fintech partner, so that way, during the onboarding of the loans and the new lending relationships, and through the performance of the portfolio, you can see and monitor and understand and control the overall risk that’s presented by that.
[6:56:15] Risk Management Part II
Last thing on the risk management topic. One thing that we see a lot of, it’s not a brand-new type of risk, but it may be more apparent in a fintech-sort-of-relationship, is in the in the payment space, if you introduce another partner between the bank and the customer, there tends to be less visibility for the bank on what types of customers are coming in the front door and on what types of payments are being made. From a bank secrecy act and an anti-money laundering perspective, you need to build in enough reporting and visibility into the relationship to be able to see what types of transaction activity are really coming across and to be able to monitor, to halt, or to slow down, or to control the aggregate volumes of payments activity that are coming across. This can be done through reporting. It can be done through the way the relationship is set up between the bank and the fintech partner and the end user. The general idea is that you really want to understand who it is that you’re servicing and understand the flow of payments that are coming through the bank. All these risk management topics, we can take those, and we can write very much of it into a banking as a service agreement, usually in terms of representations and warranties compliance obligations and also in covenants and other measures and enforcement measures that we can put into an agreement.
[8:24:14] Conclusion
If you’re looking at a banking as a service offering, this year, I hope you take a careful look at those aspects, and we’ll talk to you next time. Thanks.
[8:28:14] [Music]