In part two of our FinTech series, "Banking as a Service (BaaS)" we discussed a FinTech (FT) risk management approach and tools which enable robust management of a bank or credit union’s risks relating to its FT partners.
A strong FT Risk Management Framework (RMF) should cover all risk categories including financial, operational (e.g., IT, failed processes), strategic, legal, and regulatory risks. While regulatory and operational risks may be the examples that come to mind naturally, it is important to understand that a bank’s FT partner may subject the bank to other risk exposures that are just as critical in terms of potential impact and likelihood. The framework must be holistic in that it cuts across all risk types to drive awareness and action at the management level.
Here’s a quick example of a FT RMF we use with our clients.
FTs have unique risk profiles that are often intertwined with a bank’s business model and operations in ways not previously seen. These novel and sometimes complicated risks are often not susceptible to classical risk processes.
It is becoming more common for BaaS FTs to originate loans, credit lines, or interest-bearing accounts for new customers, on behalf of the bank. This situation is unique in that we see the FT directly affecting the bank’s balance sheet and creating risks as a result of the newly created accounts or credit-related products. A central notion in this context is credit risk to the bank as a result of the FT’s origination activity. This risk and the appropriate response illustrate how FT risk management frameworks must include new elements which are not found in traditional third-party management programs.
Needless to say, a bank’s risk profile and its current state for FT risk management vary greatly across companies. Nevertheless, the following concepts and sequencing generally apply:
1. Identify and assess risks for the bank’s existing FT partners
2. Design and implement ongoing monitoring capabilities for FT risk management
3. Benchmark the bank’s FT risk management program and create a roadmap to address any gaps
4. Execute indicated improvements from the roadmap and ensure continuous improvement in the risk management program
FT risk should be identified and assessed for each FT individually and from a portfolio view, where risk concentrations, interrelationships, diversification, and correlations across FT risk exposures may be illuminated. Risks of all types should be considered and, when possible, risk quantification and risk mitigation or control effectiveness should be captured to provide a deeper understanding of exposures and risk response.
It is beneficial to have a consistent set of key risk indicators (KRIs) or risk scores that can be produced for all FTs on a quarterly basis, or as needed due to risk events. KRIs can be backward-looking metrics perhaps reporting on actual data or events, or they may be forward-looking measures which aim to assess risk exposure and the potential for downside outcomes.
Ongoing monitoring can benefit from a “FT risk scorecard” which rates FTs on an apples-to-apples basis for risk exposures including financial strength, management quality/experience, credit worthiness, and cyber resilience. As the monitoring program becomes more mature, it is possible to perform trend analysis and other techniques to inform risk insights and increase predictive power for risk assessments of FTs.
The benchmarking and roadmap from steps (3) and (4) measure the bank’s risk program versus leading practice and include policies and processes for vetting potential FT partners as well as ongoing monitoring methods for the bank’s portfolio of existing FTs. The gap assessment and roadmap provide a clear path toward comprehensive and robust FT risk management. With ongoing training, periodic program reviews, and a self-learning mechanism, the bank may ensure continuous improvement in approach and effectiveness.
As discussed in the previous articles, regulatory risk is a significant and evolving exposure for FTs and their banking partners. It is imperative that new or modified regulations are quickly assessed in a legal and risk context so that policies, procedures, tools, and risk-intelligence are up to date. Flow of information and risk management capabilities are key to effective risk response.
Leading practice FT Risk Management typically leverages a software platform or GRC solution. Beyond the obvious benefits of organization and a “single source of truth”, such platforms can produce management level risk reports, increase visibility, assign ownership, and also serve as evidence for risk management processes as required by banking regulators.
The proliferation of FTs and partnerships with banks represents a new frontier with a vast array of potential benefits. As with any business venture, these partnerships come with risks, but an effective FT risk management program allows the bank to reap the rewards while managing the risk levels within the constraints defined by the Board of Directors and Management. As with traditional risk management, FT risk management must strive for a level of retained risk commensurate with expected return.
Connect with us today to learn how we are helping your peers with their FinTech Partner program.