Removing The Risk From Bank-Fintech Partnerships
~7 min read
It's a worldwide phenomenon: instead of competing in a zero-sum game with emerging fintech firms, banks are forming partnership with fintechs to provide modernized services for customers.. From Google Pay and Venmo to China’s AliPay and WeChat Pay, legacy financial institutions are increasingly forming strategic partnership with fintech firms to leverage cutting-edge technology. Meanwhile, fintechs benefit from partnership with banks by gaining access to bigger markets and a broad customer base. However: the partnership model is relatively new and untested, and without effective regulation, this new "best of both worlds" approach could prove risky.
The Role of The Regulator
All revolutions arrive with challenges. As much as the emerging partnerships between legacy banks and fintech firms is changing the way financial services are provided, there is an increasing awareness from consumers that such partnerships are jeopardizing their privacy and data security. According to a PwC Survey, some 56 percent of respondents identified data security and privacy as formidable concerns arising due to the growth of the fintech industry. Unlike traditional banks, which are in general heavily regulated by governments and central banks, a relative regulatory vacuum exists in the burgeoning fintech industry (though one notable exception may be the fintech-friendly regulatory sandbox approach, which is growing in popularity).
Regulatory flexibility has enabled fintech entrepreneurs to grow and prosper quickly. But as much as policymakers recognize the benefits of flexibility for the fintech industry at large, they are also conflicted about how bank-fintech partnerships should be regulated to address new risks which could arise specifically due to partnerships. It was amidst these rising questions that the Central Bank of Nigeria recently issued regulations pertaining to indirect participants within the country’s payment system. Indirect participants refer to payments service provider that are non-clearing financial institutions that settle their payment obligations through clearing banks.
The Nigerian Central Bank’s move raises the question: should regulators in other countries follow suit and explicitly regulate the entities who partner with banks, or is that outside of their purview? It remains to be seen. But no matter what regulations come to pass, banks have the unique responsibility to perform due diligence on their partners. Careful vetting preserves customer data and privacy, but also protects the bank from the added risk associated with partnerships.
Are Two Banks Better Than One?
When a bank enters a partnership with another, separate entity, that entity is often referred to as a "non-bank". “Non-banks” include all financial institutions that are not regulated like the banks but engage in bank-like activities. Examples are investment banks, mortgage lenders, insurance companies, hedge funds, and fintechs. Banks partner most frequently with fintech companies, however, in order to provide tech-enabled products and services like Apple Pay and Samsung Pay to existing customers.
Banks have warmed up to collaborating with fintechs in recent years in order to take advantage of the tech which fintechs bring to the table. The world is becoming more digitized and banks are facing pressure to keep up, but massive, multi-billion-dollar institutions are generally slow to embrace and deploy technological change internally, in part because of legacy organizational hierarchies. Without a new paradigm, these legacy firms would likely struggle to adapt to new customer expectations, so it should come as no surprise that they're entertaining new avenues to evolution. According to a recent survey, 81 percent of traditional bank executives believe that collaborating with fintech partners is the best strategy to achieve digital transformation.
Meanwhile, fintech companies also derive significant benefits from forming partnerships with traditional banks. Having a bank as a partner can provide fintech companies with a large volume of loyal bank clients and access to their data, plus overall wider exposure for their products. Additionally, fintechs can depend on bank partners when it comes to handling complex regulations and working in highly regulated environments, where banks are generally much more comfortable than startups. In a nutshell, partnerships can help fintechs reach new markets and scale up quicker while improving brand reputation and attracting new investors.
Pros, Cons, & Break-evens
As banks and fintech companies continue to form new partnerships around the world, regulatory risk is becoming an area of concern for both parties. When a traditional bank partners with a non-bank, the bank should be aware that the partnership may lead to a gap in consumer protection, as the fintech industry is still relatively nascent and difficult to regulate. Inauspiciously, fintech companies have been associated with various data breach scandals in recent years. For instance, in 2014, Venmo customers found themselves exposed to lapses in data security, which a legacy bank with more risk, regulatory, and compliance expertise probably would not have allowed.
Meanwhile, fintech companies who partner with banks become exposed to an unfamiliar and relatively complex regulatory environment. For these smaller firms, making sure that all of their partnership activities are in compliance with traditional banking regulations can often be time-consuming and costly. While banks have entire teams tasked with regulation and compliance, smaller fintechs often do not have the necessary resources to actually remain compliant.
Clearly, compliance guidelines for third party relationships could help both banks and non-banks. In fact, banks and non-banks alike actually crave a clearer regulatory environment regarding their partnership, for customers' sake if nothing else. Particularly, traditional banks aren't well-equipped to deal with additional cybersecurity risks which can arise when working with fintech partners - a risk which puts customers squarely in the crosshairs.
Ultimately, bank-fintech partnerships will only survive if the benefits outweigh the costs. Overly stringent regulation of bank-fintech partnerships could become costly, which would discourage partnerships in the first place. Banks might fear that compliance requirements would double if a partner came onboard, and non-banks might worry that partnership would be more trouble than it was worth. As such, both parties in the partnership would have to decide whether additional compliance requirements are a suitable price to pay for the benefits of a collboration.
Systems of Control
Policy advocates of the ‘regulatory sandbox’ approach to fintech innovation argue that non-banks shouldn't be so heavily regulated, since their partner banks are already strictly regulated to ensure consumer and merchant protection. This viewpoint claims that in a bank-fintech partnership, each partner should focus on their core competencies, according to Rich Nichols of the American Bankers Association: “fintech firms can keep up with the latest technological advances and inject new ideas; banks can continue to provide core competencies in compliance, risk management, funding, trust and cybersecurity.”
Policymakers in China have taken exactly this approach. In China, the regulatory environment surrounding the emerging fintechs is less constraining than in the U.S. or other developed nations, which has allowed Chinese bank-fintech partnerships to proliferate since the 1990s. Thanks to the lax regulatory environment, it took less than a decade for companies like Alipay by Ant Financial Services Group and Tencent Holdings’s WeChat Pay to dominate China’s mobile payment market by quickly forming efficient partnerships to scale up and address a market of previously unbanked users.
Although Alipay and WeChat Pay are the most famous examples, Chinese fintech firms are going beyond ordinary partnerships to provide simple payment services. Earlier this year, China’s Lexin Fintech formed a partnership with 19 banks and consumer finance companies to help match borrowers with creditors in real time, proving that bank-fintech partnerships can create value in more diverse forms than previously thought.
On the other side of the debate, regulators in the U.S. tend to argue that non-bank partners should be regulated via close monitoring and improved oversight. One common argument is that because banks often apply decades-old risk management strategies to cyber risk management efforts, partnership inherently leads to additional risks of the sort that banks can't address. Also, fintechs tend to only deal with data lapses after the fact, which is not acceptable from most banks' security standards. According to a Carnegie Mellon University study, banks who experience data scandals see both customer loyalty and stock prices tumble in the aftermath.
In the U.S., some policymakers adopt this stricter approach, either because of the existing conditions that make it difficult to adopt a ‘regulatory sandbox’ approach regarding such bank-fintech partnerships, or simply because there have been so many data breach scandals in the U.S. in recent years. As Claudia Ng of Harvard Kennedy School argues, “It is considerably more difficult to set up a sandbox in the US because of the diverse range and sheer quantity of regulatory agencies that would have to be involved.” In addition, the endless list of data lapse scandals in the recent years, including the JPMorgan Chase scandal in 2014, the Wells Fargo scandal in 2017, and Capital One's scandal in 2019, are making policymakers more anxious to enact regulations.
Be The Bigger Partner
As regulators around the world carve out formal rules to address the additional risks that arise from bank-fintech partnerships, banks do bear some early responsibility to ensure that partnerships do not expose consumers to additional risks.
Banks should ensure that any partnership agreement is written in such a way that allows the bank themselves to hold the fintech accountable for noncompliance. Similarly, banks should also reserve the right to conduct regular audits to maintain proper oversight of partner organizations, as regular examinations can be an effective way to prevent data lapse scandals. Finally, banks should ensure that agreements are structured such that they may immediately terminate the relationship with a non-bank without penalty in the event of a data breach or other compliance-related shortcoming.
In some cases, banks are also investors in the actual fintech companies whom they form partnerships with. For instance, many U.S. banks, such as Goldman Sachs, JP Morgan Chase&Co, and Citigroup are active fintech investors, and they often partner with fintech firms. In such scenarios, there are additional incentives for the investor banks to ensure that the partnership is a success so that the fintech partner can attract new clients and grow quickly. Correspondingly, such investor banks bear the heavier burden of ensuring that additional risks that arise from partnership are appropriately managed.
Since we are still in the early days of increasing bank-fintech partnerships, it remains to be seen what type of regulatory environment will form around this model. While there is a general consensus that partnerships can be mutually beneficial for traditional banks seeking digitalization and fintechs looking to scale, meeting additional compliance requirements could be the biggest challenges for both banks and non-banks entering into partnerships.
Ultimately, the net benefits of bank-fintech partnership is equal to the total benefits of partnership for both parties minus the inherent risks that the partnership introduces. If the latter outweighs the former and the partnership is net-negative overall, such partnerships aren't long-lived.
Image courtesy of Charles PH
Click here to subscribe and receive a weekly Mondato Insight directly to your inbox.
The Inclusion Illusion: Financial Health in Kenya
Brazil: Digital Finance at the Speed of Light