SRA's CEO, Michael Glotz and Chief Risk Officer & FinTech Risk Leader, Al Palmer partnered together to write an article on FinTech Risk Management for GRC Outlook magazine, published on November 1, 2022.
The concept of third-party risk management is, of course, nothing new and has been seen in banking guidance including that from the OCC. However, regulators view the abundance of companies partnering with and using services of Financial Technology (FinTech) organizations as a true risk game-changer. Regulatory expectations for risk management are tightening across the board for third-party usage in financial institutions, but they are perhaps most pronounced in the case of organizations who utilize FinTechs as third parties.
Since 65% of banks and credit unions use at least one FinTech, it is important to understand the additional risks FinTechs bring to their financial institution (FI) partners. FinTechs can be especially risky due to their high failure rate, lack of historical data, and consistent usage of innovative, new technologies.
FinTechs are often “disruptors” with a pioneering spirit and start-up structure. Today’s FIs frequently partner with FinTechs to drive revenue, decrease expenses, and expand their customer base. Because FinTechs can pose significantly higher risk, regulators are watching FI – FinTech partnerships closely and are more likely to warn or fine FIs that haven’t demonstrated careful assessment and management of their FinTech Partner’s risk exposures.
To avoid this exposure, there are some very effective actions FIs can take to mitigate risk and keep regulators happy including: creating a FinTech risk management framework, developing approval criteria, and ensuring continuous risk monitoring of their FinTech partners.
Read the full article on GRC Outlook here.