BankThink

How to Deal with AML Risks from a Fintech Partnership

Consumers today have more ways than ever to make financial transactions. We can secure a loan in minutes, have robots make investment decisions for us, and make payments using our smartphones and new currency types.

In the face of these advancements, banks and fintech companies are starting to collaborate, but that collaboration often fails to effectively address fundamental risks associated with money laundering and other financial crimes.

When a bank partners with a startup firm, the risks related to anti-money-laundering compliance have particularly attracted the attention of global financial services regulators. And all too often, bank leaders are nervous about pursuing a relationship or new account with a fintech company because of the AML and regulatory concerns. Monitoring a fintech partner over time can also amplify overhead spending. For example, internal AML systems often need to be adjusted to account for fintech data and relevant risks, and expanded resources may be needed to effectively perform and document ongoing due diligence of the fintech providers' adherence to AML roles and responsibilities.

Each of a bank's accounts, partnerships and other relationships with fintech companies is unique, and each requires thorough vetting and due diligence before the bank determines whether a fintech company fits into its culture, risk boundaries and strategy.

These three strategies can help banks manage AML concerns of working with a fintech partner.

Define Risk Appetite and Tolerance
AML compliance officers should have discussions with their senior management teams and boards of directors about the impact of fintech on the traditional banking system and strategies related to the consideration of becoming partners with fintech companies. As opposed to establishing a blanket prohibition of certain types of customers, such as those processing third-party payment activity, the bank should consider the attributes, criteria and market compensation that it would find appropriate, and the infrastructure and resources that would be needed to effectively manage the risks associated with such companies.

Each time a new potential fintech relationship or other opportunity arises, it is far easier and more efficient to assess the new business opportunity against an existing board-approved statement of the bank's risk appetite and tolerance than it is for the compliance officer to chase down the personal opinion of key decision-makers throughout a bank.

Be Assertive
Does the bank want access to the fintech company's customer data to better support transaction monitoring, customer risk rating, and sanctions screening? If so, the bank should ask for it directly. Fintech companies generally have a lot of data, and most are more than willing to share permissible information with banks if it means being able to retain a strategic banking relationship.

Better yet, the bank and fintech company should have a contractual agreement about the format, frequency and content of the data the fintech company would provide, and the bank should integrate the data directly into its AML systems. A seamless integration of data within a bank's AML systems can improve both efficiency and assurance that money laundering risks are being appropriately addressed.

Regulate Your Partners
The bank needs to clearly define the AML requirements, roles and responsibilities that are expected of a fintech company that maintains an account with the bank. The two parties should develop a formal agreement stating those roles, and the bank should hold the fintech company to its contractual requirements.

An agreement could include such requirements for the fintech company to meet as retaining qualified AML compliance personnel, undergoing annual AML audits performed by a bank-approved and trusted vendor and supplying ongoing AML metrics related to agreed-upon AML performance or risk indicators. Banks that clearly define such responsibilities – and, more important, monitor adherence to them over time – are more likely to be able to monitor and respond effectively to changing AML risks or deteriorating AML controls in a timely manner.

Ideally, the depth, breadth and frequency of the bank's ongoing due diligence and testing will align with the areas of elevated risk the company presents.

The age of digital disruption in the financial services industry has only begun, but unfortunately many bankers and fintech companies are partnering without addressing the relevant risks. It is time for them to collaborate to tackle the emerging AML risks of the fintech boom.

John Epperson and Arjun Kalra are principals at Crowe Horwath LLP. They can be reached at john.epperson@crowehorwath.com and arjun.kalra@crowehorwath.com.

For reprint and licensing requests for this article, click here.
Bank technology AML Law and regulation
MORE FROM AMERICAN BANKER