Stricter bank governance also flows to payments and fintech firms

Register now

As governance and controls expectations for banks crystalize, so too can those expectations flow through to their key business partners.

Bank service providers have long been subject to direct supervision, including via the FFIEC “technology service provider” (TSP) examination program, which encompasses reviews of audit, management, and board governance practices related to information technology.
Other bank partners, including payment and fintech firms, have grown accustomed to having to consent to contract terms that provide audit rights, reps and warranties, and covenants to banks to comply indirectly with bank-like standards, often as part of a third-party risk management construct.

A risk management or internal control breakdown can be the root cause of a serious operational risk issue, flawed credit underwriting, an AML compliance error, or other symptoms that can poison any bank partnership.

Control breakdowns and poor governance can affect fintech partnerships of all types, whether lending, payments, deposit-taking, wealth management, or insurance activities. While the relevant disciplines and focus among these various sub-verticals will necessarily differ, the same core principles of risk management and good governance cut across them all.

Symbiosis (between a bank and its key partners) can lead to osmosis (of bank supervisory concerns). Supervisory emphasis on bank risk management and governance has increased over the past decade.

Supervisory expectations for banks have been signaled by formal guidance, prescribed standards, large bank rating elements, rule proposals, enforcement actions, and escalated supervisory concerns informed by horizontal reviews.

Given the growing emphasis on governance and controls at banks, it behooves every bank partner to consider how its governance and control mechanisms stack up as well.

For reprint and licensing requests for this article, click here.
Compliance Banking Fintech Payment processing ISO and agent