Articles & E-Books


Banks are from Mars, fintechs are from Venus

Jun 23, 2020

Bridging the matchmaking gap

If you can’t beat ‘em, join ‘em. Traditionally, fintechs have been founded to create and sell products directly to consumers. Over time, however, this focus has shifted toward partnering or even merging with financial institutions instead of trying to compete with them.

Both parties recognize the value of working together, especially in this era of rapid change, accelerated by COVID-19. Yet bankers and fintech executives alike are still expressing frustration with nearly every step of the acquisition process. 

A study by the Fintech Innovation Lab of New York may explain why. It found that 60% of polled bankers cite regulatory, compliance or security issues as “major stumbling blocks” in purchasing technology. Fintech executives identified budgeting issues, competition with internal products and perceived risk of displacing internal teams or negating past expenditures as their top concerns. The friction, it appears, stems from a fundamental misunderstanding; a simple failure to recognize the other party’s perspective.  

Fintechs don’t fully understand what risk management looks like from a bank’s perspective. Often established by a small team of IT professionals, former executives and investors, fintechs focus majority of their time on creating a viable product instead of creating comprehensive due-diligence packages. Financial institutions, on the other hand, are looking for evidence of a stable business structure, continuity and/or security of the product. Absence of these features is a major red flag for bankers.

At the same time, banks are relatively new to navigating the world of risk management, much less vendor risk management involving highly complex technologies. Fintechs, for example, may consider mobile banking an “old-school” offering while financial institutions are still trying to wrap their heads around how to securely deliver the concept. Advancements like blockchain and cloud-based application programming extend beyond most banks’ technological comfort zone. 

Then there’s the issue of reporting. Federal and state regulators are scrutinizing banks now more than ever. Regulators require risk-appetite statements and periodic IT audits from banks. In turn, these standards trickle down to fintechs.

Regulators, for instance, generally require banks to have contingency plans to get services back online within 72 hours of an outage. Banks expect fintechs to complete their portion of the puzzle, essentially outlining all the steps they would take to ensure services are available to customers, regardless of how an outage occurred. Additionally, fintechs will be required to provide relevant Service Organization Control reports, security controls and their own internal and external IT audits to validate the controls. All of this should be part of a pre-defined due-diligence package, but it often isn’t.

Fintechs can also find themselves subject to direct regulatory scrutiny, depending on the services they provide. Unfortunately, these exams often uncover lax standards that can deter bankers from working with them in the future. In situations such as these, the best way for fintechs to address regulatory issues is to ensure they meet the applicable requirements under the Federal Financial Institutions Examination Council’s guidelines for supervising technology service providers – before examiners arrive. If issues are noted by regulators, then a fintech would need to create a response plan for aggressively addressing deficiencies in a timely manner to reassure their customers.

In addition to regulatory scrutiny, bank customers have become more critical of financial institutions. Risk of reputational damage is ever-present and even more significant for banks today. As the industry continues to consolidate, there is little room for error. For fintechs, this means taking extra steps to demonstrate their commitment to not only helping the financial institution improve operations, but also to ensure the integrity of any data shared between the organizations.

To overcome these differences, bankers should set expectations early in discussions with fintechs, before delving too deeply into sales and demo processes. Costs matter for startups, and time spent with one institution is time not spent with another. If a bank has only cursory interest in a product, then there are likely other, more established vendors for them to seek out.

Exploring these differing perspectives and finding ways to bridge them is crucial for banks and fintechs. The better these two groups understand each other, the better they’ll be able to collaborate.


Terry Ammons, CPA, CISA, CTPRP
View Profile