Bank-fintech partnerships have transformed the financial services landscape, creating new opportunities and challenges for traditional banking institutions and innovative technology companies alike.

In a typical arrangement, a technology company delivers innovative approaches to help banks offer regulated products and services. From referral agreements to application programming interface-powered wallets, investing and credit products, and embedded finance integrations, a fintech company and a bank leverage their comparative advantages to lower costs, increase convenience, and expand financial opportunities for consumers. 

The compliance environment for these bank-fintech partnerships is rapidly evolving. In particular, the regulatory focus on the anti-money laundering (AML) compliance in such arrangements has intensified, with recent enforcement actions, consent decrees, and federal guidance underscoring the risks to both banks and fintech providers. 

In light of the more robust scrutiny, banks are increasingly requiring fintech partners meet stricter standards, including requiring them to implement more intensive AML policies and procedures than would otherwise be required of nonbank entities. Partnership agreements frequently give banks the right to review and audit the compliance procedures of their fintech partners—and regulators have made clear, through the recent spate of enforcement actions, that they expect banks to exercise that right. Fintech partners should be prepared for such reviews and audits to occur with increased frequency and stringency. 

Top 5 Things to Know

1. Banks are under pressure to manage third-party risk—especially with fintech offerings. Guidance from the federal banking regulators in recent years has made clear that banks can’t outsource AML or Bank Secrecy Act (BSA) compliance to their fintech partners. The federal bank regulators have steadily built out guidance and examination criteria focused on banking organizations’ ability to effectively manage risks associated with third-party relationships in general and fintech partnerships in particular. As a result, banks are being more selective in choosing fintech partners and are tightening oversight of existing fintech relationships, including by enforcing their contractual rights to audit or approve fintech compliance programs—especially for partners involved with AML-relevant functions.
2. AML expectations now frequently go well beyond what’s legally required. Many early-stage fintechs aren’t directly subject to the BSA, but banks are more frequently requiring that their fintech partner’s AML program align with bank standards. Even fintechs that are money services businesses (MSBs) have less-robust BSA obligations than banks, which are subject to the highest degree of compliance obligations under the BSA. Whatever is required of your fintech under the law is not the end of the story in today’s environment. That’s because your banking partners may refuse to continue working with you unless your AML program and procedures are up to snuff.
3. Bank audits are happening more frequently. Many agreements between fintechs and their banking partners give the bank the right to audit their partners’ compliance programs. With growing regulatory pressure to oversee fintech partnerships, banks are enforcing those contractual provisions more frequently. Bank audits of their fintech partners are also more robust than ever.  
4. Recent enforcement actions show what’s at stake. Regulatory action against Evolve Bank, Blue Ridge Bank, and others demonstrate how gaps in oversight and AML controls can disrupt entire bank-fintech partnerships. This recent wave of bank regulatory enforcement has set new expectations and caused banks that work with fintechs to revisit prior practice. Banks that work frequently with fintechs are on high alert and are seeking to tighten up BSA/AML compliance to minimize the risk of regulatory scrutiny.
5. Your compliance posture can be a competitive advantage. In light of the above-described regulatory scrutiny, some banks are proactively withdrawing from partnerships with fintechs altogether, citing the burdens of meeting evolving regulatory standards. Indeed, recent banking industry reporting suggests that it is becoming more difficult for fintechs to find partner banks as more exit the space. Even those banks remaining in the space are becoming more discerning. A right-sized, documented AML program is increasingly part of what earns—and keeps—a seat at the table.

What to Do Now

• Reevaluate your current policies and revisit your contractual obligations. Assess whether your policies and procedures are aligned with your bank partner’s compliance expectations—and whether your contracts reflect current regulatory norms. Ensure your AML program is properly tailored to the risks associated with your specific products, services, customer types, and transaction volumes, and includes sufficient risk assessment, due diligence, monitoring, and reporting mechanisms that satisfy your bank partner’s requirements. 
• Make sure your policies are actionable. A written policy isn’t enough—make sure it’s actionable and aligned with your operations. Build out internal processes and documentation that can withstand bank audits or requests for compliance testing. Establishing clear channels of communication and responsible parties within your organization can greatly improve oversight. 

The Bottom Line

Fintechs who depend on bank partnerships need to understand that AML expectations have changed. Startups that take AML compliance seriously will be better positioned to grow, partner, and raise capital in today’s environment.

Read our full alert for more information on bank-fintech partnerships under scrutiny.