Before You Boldly Go into Partner Banking, Focus on Data and Compliance

A steady stream of enforcement actions continues to flow through the banking as a service and embedded banking space. How can this risk be contained so institutions and nonbank partners can bring innovative services to customers? Banks must take a more active role in compliance by digging into customer and transaction data, no longer assuming that their partner has a good handle on anti-money-laundering and Bank Secrecy Act compliance and other regulatory duties.

It’s rare to find banks actively entering markets where regulators are scaling up enforcement activity. Usually, enforcement actions are a lagging indicator that comes after a rush of market entry. Partner banking, however, currently has increasing enforcement action and market entry. What gives?

Part of the answer is obvious — Klaros data shows that established partner banks were nearly twice as profitable as average community banks in the 2021-2023 period.

Less obviously, market changes are attracting new entrants. Historically, partner banks had to place heavy operational reliance on fintech partners, which they have overseen using traditional third-party risk management techniques. Going forward, the market will also include non-financial companies that see value in embedding banking in their products but want banks to play a larger role in operations. And regulators increasingly expect partner banks to know as much about products offered through partners as they do about their own products.

How Partner Banking is Evolving:

The winners in this new world will be those partner banks that have the data necessary to know what their clients are doing and the systems to use that data to automate testing and inform bank operations.

This article sets out the changes that must occur so partner banks can position themselves for future success.

How the Partner Banking Movement Got Where It is Today

Data limitations have played a part in the current wave of regulatory enforcement and it’s helpful to understand that role.

Partner banking became serious business in the 2000s with the rise of prepaid cards. Fintech pioneers like LendingClub and Simple further expanded the market into the early 2010s. The banks that supported this were generally not technologically sophisticated and lacked vendors focused on partner banking.

As a result, early programs had minimal technical integration with their partner banks. Partners would use a card processor to maintain their ledgers or do it themselves. Funds sat at the bank in a pooled account and the bank relied on the program or its processor to know which customers the underlying funds belonged to. Only the partner had the ability to conduct operational risk and compliance processes such as anti-money-laundering monitoring, Regulation E disputes and reconciliation. Typically, the bank simply didn’t have the data needed to perform such tasks.

As a result, banks evolved oversight practices that reflected the limited data available.

Due diligence relied heavily on whether the partner had policies and procedures in place. Ongoing monitoring focused principally on periodic reporting from the partner, supplemented by approval requirements for changes to the program and periodic testing. Some institutions, especially those like Pathward Financial (formerly Meta Financial Group), WebBank and The Bancorp Bank that learned from early regulatory troubles, became good at compensating for data limitations.

On the whole, however, the industry didn’t have sufficient data to make a good assessment of the risk and compliance outcomes that their programs generated.

Read more: Bankers Say BaaS Turmoil Primes Future Growth

Webinar
REGISTER FOR THIS FREE WEBINAR
Navigating Credit Card Issuing in an Uncertain Economic Environment
Learn how to build a modern credit card strategy that balances profitability and risk, adopts the latest technology and delivers the customization that cardholders demand.
Wednesday, May 8 at 2pm EST
Enter your email address

Where the Partner Banking Industry Stands Now

Banks have made some improvements to their ability to ingest data. About five years ago, pioneers like Sunrise Banks worked out how to gather and analyze partner ledgers and customer files to perform their own automated AML transaction monitoring on customers acquired through partners. Many other partner banks — but not all — have followed suit.

It’s a win-win. Banks (and regulators) have more confidence that their standards are being met. Partners still need to report questionable activity they see, but don’t need to reverse engineer their bank’s transaction monitoring standards.

However, to some extent this simply exacerbated the gaps between the strongest and weakest partner bank risk management programs, with recent increased regulatory scrutiny revealing significant gaps in many partner banks’ oversight. Partner banks represent roughly 3% of U.S. banks, but as the chart shows, they received a disproportionate number of enforcement actions in 2023.

Fintech partner banks growing share of 2023 federal enforcement actions

The regulators’ message is clear. They expect second line of defense functions in partner banks to know as much about, and have as much control over, their clients’ businesses as they do for the bank’s direct-to-customer business. That requires data in a clean, normalized format. (In regulatory parlance, the second line of defense consists of functions like risk management and compliance. Business units constitute the first line of defense and internal audit comprises the third line of defense.)

What is less intuitively obvious is there are also strong business reasons for partner banks to focus on improving their data capabilities:

1. The more a bank can ingest data to offer a standard set of controls to new clients, the quicker it can onboard them.

2. Partners hate manual reporting and ad hoc information requests. A bank with real-time, normalized data can automate testing. This can reduce or even eliminate associated manual reporting.

3. Embedded finance use cases need additional data connectivity to be able to provide risk- and operations-as-a-service capabilities to a client base that wants to focus only on the customer interface.

4. A bank with strong data analytical capabilities has the potential to provide actionable data insights to its clients.

Read more: Maybe BaaS Is Absolutely the Last Strategy Your Bank Should Be Looking At

What These Developments Imply for the Future of Partner Banking

What does all this mean in practice? In short, a lot of work.

Getting this right will require new means of connectivity between partner banks and their partners, as well as robust processes for data normalization. Normalization will be particularly challenging for scaled partner banks whose partners all have their own data lexicons. Both parties will have to develop new testing protocols and processes for dealing with exceptions and foster a cultural willingness to adapt. (“Normalization” refers to the process of standardizing data so it can be interpreted consistently at both companies.)

In addition, banks will have to determine how they want to handle data transfer and testing. For some purposes, it may be most efficient to install a widget within a partner’s environment to do automated testing and send results back to the bank. In others, the bank will need normalized data either to perform testing or to feed into its own controls (as with the AML monitoring example above).

This all may sound like a daunting prospect for partner banks, but the good news is that (unlike the early days) there are service providers that can help:

  • Banking as a Service platforms that facilitate information flows across a variety of data types and are increasingly seeing banks (not fintechs) as their primary customers.
  • Subject-specific service providers focused in areas like risk assessment, Know Your Customer, transaction monitoring, fraud and marketing materials are building partner bank interfaces that can provide banks with normalized data and conduct automated testing.
  • Connectivity service providers, ranging from generalist software focused on multi-tenancy data to a small but growing number of service providers building specifically for partner banks.

You Can't Outsource Responsibility:

Although it's good news for partner banks that they won't have to go it alone, don't misunderstand things. There are no silver bullet solutions out there.

Getting this right requires investment from incumbents and new entrants alike. Data-driven partner banking will also require partner banks to acquire new skill sets. Five years ago, it would have seemed eccentric for a partner bank to hire data engineers or product managers with responsibility for client interface. Both will likely become table stakes.

It will be critical for banks to make their goals clear to regulators and set realistic expectations, since they won’t meet those goals overnight. Smart prioritization will help. Based on a combination of regulatory and partner pain points, good places for partner banks to start include:

  • Assuring the effectiveness of partner BSA/AML and sanctions controls.
  • Getting data to conduct fair lending testing (consumer lending).
  • Testing ongoing Reg E compliance (consumer deposits/payments).
  • Validating that partners have provided all customers with all necessary disclosures and collected all necessary authorizations.
  • Ensuring that published marketing materials reflect content approved by the bank.
  • For banks building risk- and compliance-as-a-service, provision of data and reporting for follow-up needed for partners (e.g. outcomes of Reg E disputes).

Read more:

Is Partner Banking’s Return Worth the Effort?

Does this add up to an opportunity for new entrants? Yes, as long as they have a clear vision of the business they are seeking to build and the patience to build it right. Indeed, there are some advantages to building this from scratch relative to adapting legacy processes, especially in comparison to those incumbents currently under regulatory enforcement.

Is this worth the effort? Yes again, not only for the sake of the profits that successful partner banks generate but also for society as a whole, since partner banking is the best vehicle we have to allow responsible innovators to get to market within the safeguards and protections of the traditional banking system.

Banks that get this right will make money while improving the financial health of consumers and small businesses. It doesn’t get much better than that.

About the Author
Adam Shapiro is a partner and co-founder at Klaros Group. He is a veteran consultant, banker and financial regulator.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.