As an increasing number of financial institutions enter into partnerships with fintechs and other vendors, a consortium of financial institutions is making an effort to standardize how banks approach third-party due diligence.
The initiative began after Alloy Labs Alliance membership banks noticed firms were implementing regulatory guidance in slightly different ways, Alloy Labs CEO Jason Henrichs said.
As a result, Alloy Labs Alliance and a dozen of the consortium’s member banks spent the past year working on a framework they hope will help serve as a guide for firms navigating the complexities of bank-fintech relationships.
Henrichs, who shared an executive summary of the guide with Banking Dive, said the framework isn’t meant to replace existing regulatory guidance, but rather help banks better implement it.
“The challenge, typically, is translating guidance into the practical, ‘What am I doing day to day?’” he said. “That’s why, starting from the same guidance, banks can end up in very different places in how they implement it. Think of this as an implementation guide that builds on top of regulation and guidance.”
Alloy Labs and several member banks created the guide after hosting regular, monthly working sessions with business, operations, risk and compliance executives from roughly a dozen institutions.
The participants were divided into eight groups, covering categories ranging from business continuity, incident reporting, operational resilience and assessment of subcontractors, Alloy Labs said.
Bankers shared knowledge and debated best practices in sessions that were facilitated by public accounting, consulting and technology firm Crowe.
The groups developed a list of seven key questions banks need to address so they can assess the level of risk present in a particular third-party relationship.
Questions include: “How does this partner complement or enhance our strategy and align to our culture?”; “What type of customer interaction or data exposure does this partner have?” and “What monitoring and reporting is necessary for ongoing evaluation of the relationship?”
The questions were used to develop a consensus on the expected level of maturity of a fintech partner, Alloy Labs said.
Based on an assessed level of maturity, the groups established due diligence expectations, requests, ongoing monitoring and triggering events for enhanced due diligence, which the consortium plans to release in subsequent guides throughout 2023.
“This is a bank-driven initiative,” Henrichs said. “Why are we doing this now? Because the banks told us to.”
As bank-fintech partnerships become more prevalent in the industry, the tie-ups have attracted increased regulatory attention.