Solutions to barriers to bank-fintech collaboration
The pledge is designed “to set globally leading standards for the establishment of efficient and transparent commercial partnerships between banks and fintech firms”. A number of the UK’s top banks have signed the pledge, committing among other things to providing “clear guidance to technology firms on how the onboarding process works” as well as providing clear progress reports during the process.
In addition, third-party providers seek to commercialize risk reduction and fast-track the adoption of technology in financial services. Some providers make it possible for technology providers to measure their resilience and sustainability against criteria mapped to recognized standards, as well as regulatory requirements and guidance, such as the European Banking Authority’s (EBA) outsourcing guidelines and operational resilience requirements set by the Prudential Regulation Authority (PRA). and the Financial Conduct Authority (FCA) in Great Britain.
Some providers offer services to support fintechs preparing to engage in the procurement processes of large financial institutions. Some specialize in supporting fintechs in testing and strengthening their information and cyber security measures, while others explore the potential of a fintech passport.
Such certification and “passporting” initiatives hold promise for fintech companies seeking a streamlined way to demonstrate their status based on available information. However, without approval from banks, these initiatives may be of limited benefit to participants.
In theory, the fintech passport will enable fintechs to demonstrate that they meet standardized measures around things like robustness, maturity and ESG requirements that banks will support, reducing the need for fintechs to complete banks’ burdensome due diligence and procurement processes. But even if the banks have partially engaged in these conversations, they have not yet gotten behind such an initiative in a meaningful way. For a passport initiative to succeed, it must be approved by banks, which should ideally be involved at grassroots level.
Actions for fintech now
The fact that new solutions are emerging and that there is increasing awareness and understanding of the barriers fintechs face in completing banks’ onboarding processes is welcome, but fintechs should not wait for a silver bullet if they want to be able to win contracts with banks now . There are practical steps fintechs can take to give banks comfort with the risks they seek to manage.
When it comes to security, fintechs should look to the government-backed Cyber Essentials initiative and other industry-driven certification schemes as a means of strengthening their cyber security measures and demonstrating compliance with recognized standards. A robust approach to encryption and the use of access controls for multi-factor authentication systems are among the security measures banks expect fintechs to have in place.
To be attractive to banks, fintechs should have robust business continuity and disaster recovery measures in place to minimize disruption, and ultimately loss, in the event of disruption or a stressed exit scenario. Fintechs should ensure that these plans are developed and tested in accordance with PRA/EBA outsourcing requirements.
On data, fintechs should ensure that they can demonstrate a good understanding of data locations and data flows. Work from home must be taken into account.
Fintechs may rely on their own third parties for the handling or storage of data, or for other functions of their operations. Banks will require fintechs to demonstrate that their contractual arrangements with third parties provide the banks with the desired oversight of subcontracting agreements, and that their reliance on third parties has been factored into the fintechs’ business continuity and disaster recovery plans.
When it comes to contractual oversight, given that banks’ position is maintained by regulation, fintechs must accept that banks will have a higher degree of control over their activities and supply chain than the average customer. However, there are compromises that need to be made in this area that are within the regulatory areas, and banks should be prepared to make these if they want to avoid protracted negotiations.