Embracing Partnerships for Credit Unions and Fintechs

Though fintechs and credit unions are both beginning to recognize the value of working closer together, there are still some issues (and frustration) on both sides when it comes to establishing a true partnership. Much of this friction could come down to broad disconnects between the two types of organizations. For example, a recent study by the Fintech Innovation Lab of New York suggested that while 60% of the financial institution respondents cited regulatory compliance and security as major areas for concern, less than 20% of the polled fintechs listed these as issues. Instead, fintechs identified budgeting, internal competition and sunken costs of legacy technology as their top concerns.

The honest truth is that fintechs oftentimes do not have a full understanding of how risk management and compliance work within a credit union. Many tend to be focused on creating a viable product, rather than the regulatory issues and security concerns that credit unions keep top-of-mind. The same study above showed that while more than 60% of surveyed fintechs said they consult with financial companies on regulatory issues, 38% said that they are not currently addressing any regulatory issues at all.

That could be a big problem. Depending on their services, fintechs can themselves be subject to direct regulatory scrutiny, which can sometimes uncover poor or lax standards on their part. A good way for fintechs to address issues such as this is to ensure they meet the requirements under the FFIEC’s Supervision of Technology Service Providers guidelines prior to any visit from examiners. This means ensuring the proper controls and safeguards are in place prior to working with an institution and establishing a rigorous, detailed response plan to resolve any potential problems or issues that may arise.

Additionally, it’s important to keep in mind that many credit unions are new to navigating risk management in a digital, 21st century environment. Something like mobile banking may be considered mainstream and fairly innocuous from a fintech’s perspective, but for a local credit union, may be an entirely new technology. As is often the case, diligent planning and early strategy is the best practice. Initial discussions should have both sides focused on a clear understanding of not only the end goals, but also the expectations, well before getting into such details as sales figures or processes.

Fintechs should adopt a similar approach when it comes to reporting. With increased scrutiny from both federal and state regulators, fintechs should come to the table prepared with a pre-defined due diligence package (which is too often not the case) outlining their business contingency plan, SOC reports, security controls and internal IT audits to validate the security of its operations. Likewise, they should also be prepared to offer quarterly and yearly reports to the credit union to reiterate their commitment to security, as well as to ensure regulatory compliance.

Though these partnerships are becoming more attractive, increased regulatory scrutiny along with the worry of reputational damage has many of today’s credit unions looking at their own processes as well as those of potential partners with a much more critical eye. Fintechs interested in pursuing these partnerships should ensure they are doing everything possible to show their due diligence and commitment to their prospective partners, and protecting the integrity of any data that is shared between the respective organizations.

Terry Ammons is a Systems Partner for Porter Keadle Moore. He can be reached at tammons@pkm.com.