FinTech Risk Management for Financial Institutions
FinTech Risk

FinTech Risk Management for Financial Institutions

Part 3

In part two of our FinTech series, "Banking as a Service (BaaS)" we discussed a FinTech (FT) risk management approach and tools which enable robust management of a bank or credit union’s risks relating to its FT partners.

A strong FT Risk Management Framework (RMF) should cover all risk categories including financial, operational (e.g., IT, failed processes), strategic, legal, and regulatory risks.  While regulatory and operational risks may be the examples that come to mind naturally, it is important to understand that a bank’s FT partner may subject the bank to other risk exposures that are just as critical in terms of potential impact and likelihood.  The framework must be holistic in that it cuts across all risk types to drive awareness and action at the management level.

Here’s a quick example of a FT RMF we use with our clients.

FinTech Risk Maturity Framework

FTs have unique risk profiles that are often intertwined with a bank’s business model and operations in ways not previously seen.  These novel and sometimes complicated risks are often not susceptible to classical risk processes.

It is becoming more common for BaaS FTs to originate loans, credit lines, or interest-bearing accounts for new customers, on behalf of the bank.  This situation is unique in that we see the FT directly affecting the bank’s balance sheet and creating risks as a result of the newly created accounts or credit-related products.  A central notion in this context is credit risk to the bank as a result of the FT’s origination activity.  This risk and the appropriate response illustrate how FT risk management frameworks must include new elements which are not found in traditional third-party management programs.

Needless to say, a bank’s risk profile and its current state for FT risk management vary greatly across companies. Nevertheless, the following concepts and sequencing generally apply:

1.      Identify and assess risks for the bank’s existing FT partners

2.      Design and implement ongoing monitoring capabilities for FT risk management

3.      Benchmark the bank’s FT risk management program and create a roadmap to address any gaps

4.      Execute indicated improvements from the roadmap and ensure continuous improvement in the risk management program

Step One: Identify

FT risk should be identified and assessed for each FT individually and from a portfolio view, where risk concentrations, interrelationships, diversification, and correlations across FT risk exposures may be illuminated.  Risks of all types should be considered and, when possible, risk quantification and risk mitigation or control effectiveness should be captured to provide a deeper understanding of exposures and risk response.

Step Two: Design

It is beneficial to have a consistent set of key risk indicators (KRIs) or risk scores that can be produced for all FTs on a quarterly basis, or as needed due to risk events.  KRIs can be backward-looking metrics perhaps reporting on actual data or events, or they may be forward-looking measures which aim to assess risk exposure and the potential for downside outcomes.  

Ongoing monitoring can benefit from a “FT risk scorecard” which rates FTs on an apples-to-apples basis for risk exposures including financial strength, management quality/experience, credit worthiness, and cyber resilience.  As the monitoring program becomes more mature, it is possible to perform trend analysis and other techniques to inform risk insights and increase predictive power for risk assessments of FTs.

Step Three + Four: Benchmark and Execute

The benchmarking and roadmap from steps (3) and (4) measure the bank’s risk program versus leading practice and include policies and processes for vetting potential FT partners as well as ongoing monitoring methods for the bank’s portfolio of existing FTs.  The gap assessment and roadmap provide a clear path toward comprehensive and robust FT risk management.  With ongoing training, periodic program reviews, and a self-learning mechanism, the bank may ensure continuous improvement in approach and effectiveness.

As discussed in the previous articles, regulatory risk is a significant and evolving exposure for FTs and their banking partners.  It is imperative that new or modified regulations are quickly assessed in a legal and risk context so that policies, procedures, tools, and risk-intelligence are up to date.  Flow of information and risk management capabilities are key to effective risk response.

Leveraging Tech to Enhance FinTech Risk Management

Leading practice FT Risk Management typically leverages a software platform or GRC solution.  Beyond the obvious benefits of organization and a “single source of truth”, such platforms can produce management level risk reports, increase visibility, assign ownership, and also serve as evidence for risk management processes as required by banking regulators.

The proliferation of FTs and partnerships with banks represents a new frontier with a vast array of potential benefits.  As with any business venture, these partnerships come with risks, but an effective FT risk management program allows the bank to reap the rewards while managing the risk levels within the constraints defined by the Board of Directors and Management.  As with traditional risk management, FT risk management must strive for a level of retained risk commensurate with expected return.

Connect with us today to learn how we are helping your peers with their FinTech Partner program.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework


Book an


discovery session

enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.


Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.


watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.

Risk Intel

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework