Episode 14: FinTech Risk Management is Like Vendor Management on Steroids

In the rapidly evolving landscape of financial technology (FinTech), risk management has taken on a new level of complexity. A recent episode of the Risk Intel podcast, hosted by Ed Vincent, delved into this intriguing subject with Michael Glotz, the CEO and Co-founder of Strategic Risk Associates (SRA). The conversation revolved around the nuanced differences between FinTech risk management and traditional vendor management, shedding light on the regulatory shifts and practical strategies needed to navigate this dynamic space.

Understanding the Regulatory Evolution:

The episode commenced by tracing the regulatory journey. In previous stages, regulatory guidelines primarily focused on vendor relationships. However, as Glotz highlighted, the emergence of FinTechs has ushered in a fresh wave of considerations that set the stage for how banks should approach third party risk management.

Distinguishing FinTech Risk Management from Traditional Vendor Management:

One of the central questions addressed was the distinction between FinTech management and traditional vendor management. Glotz pointed out that while vendor management practices remain well-established, FinTechs introduce an entirely new dimension due to their direct engagement with customer accounts. This crucial difference triggers a cascade of heightened regulatory expectations for FinTechs after the initial guidance was released back in 2021 and again most recently in 2023.

On June 6, 2023, the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), and the Comptroller of the Currency (OCC) collectively issued final joint guidance on third-party relationships, which includes Banking as a Service (BaaS) banks and FinTech partnerships. SRA experts analyzed the 68 page document and summarized the key-insights for our customers to help banks better manage risks associated with third-parties, including BaaS and FinTech relationships. The summary can be found here.

Shifting Regulatory Landscape and the FinTech Impact:

A pivotal juncture occurred when this specialized regulatory guidance for third-party relationships and FinTechs was introduced. Notably, the guidelines for vendor management remained relatively consistent, while FinTechs faced a marked increase in regulatory scrutiny. This change underscores the authorities' growing concern over non-regulated technology companies interfacing with customers and potentially posing risks to the financial ecosystem.

Glotz dissected the regulatory lens through which FinTechs are viewed. He clarified that regulators become particularly vigilant when external technology companies engage in activities like originating customer loans, managing deposits, processing payments, or affecting customer account balances. This precise definition lays the foundation for the intensified regulatory focus on the FinTech sphere.

Regulators' motives for ramping up guidance were further explored. Glotz' position is that regulators aim to strike a delicate equilibrium between fostering FinTech innovation and upholding the stability and security of the banking system.

"The augmented guidance serves as a mechanism to temper the rapid proliferation of FinTech-bank collaborations, ultimately enhancing the overall safety and soundness of the financial sector." - Michael Glotz

Practical Measures for Effective FinTech Risk Management:

The conversation transitioned to pragmatic strategies for managing FinTech-related risks. Glotz advocated for a clear differentiation between vendors and FinTechs, recommending the creation of an approved list of technology partners directly impacting customer accounts. Additionally, he stressed the importance of a robust risk maturity framework aligned with heightened regulatory expectations.

Comprehensive Compliance and Ongoing Monitoring:

As the podcast drew to a close, the focus shifted to comprehensive compliance. Glotz underscored the need for meticulous evaluation of FinTech partners against the comprehensive regulatory guidelines. This evaluation should encompass a broad spectrum of key risk indicators, with diligent tracking and continuous monitoring playing a pivotal role in maintaining a secure and resilient financial ecosystem. This engaging conversation underscores SRA's unwavering commitment to bolstering the safety and stability of the financial and enterprise sectors.

For more thought-provoking discussions and insights, be sure to explore the Risk Intel podcast series.