Out-Law / Your Daily Need-To-Know

Solutions to barriers to bank-fintech collaboration

Out-Law Analysis | 22 Aug 2022 | 11:21 am | 4 min. read

Customers in the financial services sector now demand 24/7 access to digital services from their banks. Those demands have only increased as a consequence of the pandemic and its impact on consumer habits.

To compete, banks need access to the latest digital technologies quickly and commonly find it more efficient and effective to procure technology from third parties than to develop it themselves.

Bank and fintech partnerships are now top of the agenda in bank boardrooms. However, modernising the most heavily regulated and scrutinised industry is no easy feat and given that businesses and consumers alike are dependent on banking infrastructure, the stakes are high.

Burdensome procurement processes, cultural differences, and risk-averse attitudes are creating protracted onboarding processes and remain significant barriers to successful collaboration between banks and fintechs at a time when digitisation in financial services is vital.

Attitudes to risk can vary between banks and fintechs, and fintechs can find themselves subject to significant requirements through entrenched procurement processes that reflect the substantial regulation facing banks. Further issues can arise in relation to financial due diligence, data and contractual rights. Together this means that, while collaboration is desirable, the process of reaching a deal can be problematic.

The problem of digital transformation in the financial services sector is certainly not a new one, but after two years of accelerated innovation brought on by the pandemic, solutions are emerging aimed at evaluating and endorsing fintechs. These solutions may eventually overcome the challenges of collaboration between banks and fintechs. However, as fintechs wait for new initiatives to mature and evolve, they must consider what they can do in practice to offer comfort to the banks they seek to work with in the face of an evolving regulated space.

Emerging solutions

Banks are increasingly recognising the burdens fintechs face in completing their procurement and supplier assurance processes. Some have committed to the UK fintech pledge, which was developed by Tech Nation’s fintech delivery panel and has UK Treasury support.

Madeleine Barratt

Pinsent Masons

Fintechs are more likely to be able to provide comfort to banks in this space if they increase their knowledge of the financial services regulatory landscape

The pledge is designed "to set globally leading standards for the establishment of efficient and transparent commercial partnerships between banks and fintech firms". A number of the top UK banks have signed the pledge, committing, among other things, to providing “clear guidance to technology firms on how the onboarding process works” as well as to providing clear progress reports during the process.

Additionally, third party providers are seeking to commercialise the de-risking and fast-tracking of the adoption of technology in financial services. Some providers enable tech suppliers to measure their resilience and sustainability against criteria mapped to recognised standards as, well as regulatory requirements and guidance, such as the European Banking Authority’s (EBA) guidelines on outsourcing and requirements around operational resilience set by the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) in the UK.

Some providers offer services to support fintechs prepare to engage with the procurement processes of large financial institutions. Some specialise in supporting fintechs in testing and bolstering their information and cybersecurity measures, while others are exploring the potential of a fintech ‘passport’.

Such certification and ‘passporting’ initiatives offer promise to fintech companies seeking a streamlined way in which to demonstrate their standing based on the information available. Without the endorsement of banks, though, these initiatives may be of limited benefit to participants.

In theory, the fintech passport would enable fintechs to demonstrate that they meet standardised measures around things like resilience, maturity and ESG requirements that banks would endorse, reducing the need for fintechs to complete the banks’ onerous diligence and procurement processes. However, while banks have partially engaged in these conversations, they are yet to get behind such an initiative in a meaningful way. In order for a passporting initiative to be successful, it needs to be endorsed by banks, who ideally should be involved at a grassroots level.

Actions for fintechs now

The fact that new solutions are emerging and that there is growing awareness and appreciation of the barriers fintechs face in completing banks’ onboarding processes is welcome, but fintechs should not wait for a silver bullet to arrive if they want to be able to win contracts with banks now. There are practical steps fintechs can take to give banks comfort on the risks they are seeking to manage.

On security, fintechs should be looking to the government-backed Cyber Essentials initiative and other certification schemes operated by the industry as a means by which to bolster their cybersecurity measures and demonstrate their compliance with recognised standards. A robust approach to encryption and the adoption of multi-factor authentication system access controls are among the security measures banks will expect fintechs to have in place.

To be attractive to banks, fintechs should have robust business continuity and disaster recovery measures in place to minimise disruption, and ultimately losses, in the event of an outage or a stressed exit scenario. Fintechs should ensure that those plans are developed and tested in accordance with the PRA/EBA outsourcing requirements.

On data, fintechs should ensure that they can demonstrate a good understanding of data locations and data flows. Working from home arrangements need to be taken into account.

Fintechs may rely on third parties of their own for handling or storing data, or for other functions of their operations. Banks will require fintechs to be able to show that their contractual arrangements with third parties provide banks with the desired oversight of sub-contracting arrangements and that their dependence on third parties has been factored into fintechs’ business continuity and disaster recovery plans.

In respect of contractual oversight, given that the banks’ position is sustained by regulation, fintechs do need to accept that banks will have a higher degree of control over their activities and supply chain than the average customer. However, there are compromises to be made in this space that are within the realms of regulation and banks should be prepared to make these if they want to avoid protracted negotiations.

Many of the expectations of banks are derived from regulation and guidance to which they must comply when it comes to outsourcing and engaging other third parties, such as the EBA’s and PRA’s outsourcing guidelines or operational resilience requirements set by the FCA. Fintechs are more likely to be able to provide comfort to banks in this space if the fintechs increase their knowledge of the regulatory landscape.

Our experience to date is that some fintechs are unaware of, or are only vaguely familiar with, these regulatory frameworks. It is important, therefore, given that they place an additional burden on contracting in the financial services sector, that fintechs familiarise themselves with the relevant regulations. The forums and services provided by industry bodies provide one avenue to assist fintechs in achieving this.

Written by Madeleine Barratt of Pinsent Masons. A longer version of this article was first published by Finextra.

Rewiring financial services
Digital transformation is accelerating in the financial services sector, particularly in the wake of the global pandemic. We investigate the legal and regulatory landscape in financial services technology and highlight the opportunities for change.
Rewiring financial services
We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.