Which financial institutions do the best job managing fintech relationships? How do they work with third-party fintech partners that aren’t necessarily experts on financial services and consumer finance regulation?
The Fed’s spilling the tea on fintech risk management in its December 2019 Consumer Compliance Supervision Bulletin. The agency’s insights into consumer compliance activities are all about sharing examiners real-world observations and practical advice for avoiding common missteps.
Avoiding Unintended Consequences
Step one is managing the risk of a fintech collaboration by identifying and mitigating risks. It sounds basic, but the Fed finds it a real problem. “…we have found that when the risks are not identified and mitigated in advance, the unintended consequences may harm consumers, result in legal violations, and be costly for the bank to resolve, both from a monetary and reputational perspective.”
Got Strong Vendor & Risk Management? You’re in Luck.
While fintech partnerships may be new, current best practices for managing risk in traditional third-party vendor products and services are up to the job of managing fintech risk, the Fed says. This includes risk and vendor management basics like:
- Board & senior management oversight
- Policies, procedures & training
- Risk monitoring
- Third-party oversight
Common Mistake: Online Banking & UDAP Risk
Online and mobile banking platforms can increase the risk of unfair or deceptive practices (UDAP) violations, the Fed notes. One of the most common violations is failing to provide consumers accurate account information and disclosures.
UDAP violations have stemmed from:
- Failing to disclose the finance charges or late fees related to an overdraft line of credit on its mobile banking platform
- Failing to disclose past due amounts or late fees with the minimum payment amount on installment loans on its mobile and online platforms are two examples of real-world UDAP violations
These failures caused consumer harm in the form of finance charges, late fees or negatively impacting their credit report. They could have been avoided with controls like:
- Comparing disclosures across platforms to ensure they are consistent and accurate
- Monitoring and managing complaints
- Ensuring consumers and the institution both understand how the product works
Other common risks include failure to evaluate and validate online and mobile banking platform modifications and failure to monitor its compliance risk management systems.
Still Have Fed-Specific Fintech Risk Management Questions?
The Fed is expected to unveil its Innovation Policy Office next year just like other banking supervisory agencies have already done with their offices of innovation. Already the agency launched a section of its website dedicated to fintech innovation and announced plans to hold a series of “fintech innovation office hours” across the country.
Banks and fintech firms will meet one-on-one with Federal Reserve staff members. The first session will be February 26 at the Federal Reserve Bank of Atlanta.