The number of fintechs seeking lending partnerships is growing, and lenders are coming to terms with the risks and rewards of such alliances. Fintechs offer great opportunities, including reaching new customers, improving customer service, automating manual processes, reducing costs and improving service in the way consumers obtain financing.
These opportunities also bring risks associated with trusting third parties with critical aspects of a lender’s business. Lenders are experienced with routine vendor management and understand the regulatory expectations associated with employing such vendors. However, lenders should be aware that fintechs can — and often do — operate differently than traditional financial services vendors.
Below are key questions lenders should ask their fintech partners to differentiate those ready for the rigor of the regulatory scrutiny placed upon lenders, and those that are not.
“What do you do with customer data, and what do you say you do?”
Fintechs often innovate through, and rely on, the collection of significant amounts of consumer data. Lenders should be concerned on two levels. First, lenders should make sure they understand how their fintech partners use and retain consumer data. Second, lenders should be careful to ensure that the fintech partner’s representations regarding consumer data are accurate and that they match the lender’s own data use and representations.
“Do you understand the laws that apply to you, and do you follow them?”
A well-run fintech understands the laws that apply to its activities and has typically engaged counsel to ensure compliance with those requirements. Lenders should be careful to make sure that their fintech partners understand and adhere to these obligations.
“How secure are your systems, and how secure do you say they are?”
One benefit of partnering with fintechs is that their software engineering talent is often at a very high level compared with traditional financial services companies. However, this software expertise does not make fintechs perfect at data protection. Due to the online nature of most fintech operations and the scale of the data that is gathered, data security is extremely important in this context. Lenders should be careful to ensure that data security representations made in disclosures match actual data protection practices. By way of example, the Consumer Financial Protection Bureau took action against a prominent fintech based upon what it alleged were misrepresentations regarding the level and breadth of the company’s data security practices.
“How do you control and monitor product iteration?”
Fintechs were founded by innovators seeking to restructure the delivery of consumer financial goods and services. However, innovators tend to value experimentation and the “fail fast” mentality. In many circumstances, regulatory agencies that examine lenders would not look fondly on failures that impact consumers in a negative manner or that can result in the breach of a legal requirement. Lenders should understand and have control over a fintech partner’s operations and iteration process to ensure compliance with applicable law.
Robert Savoie is a Member (Partner) in McGlinchey Stafford’s Consumer Financial Services Compliance group, based in Cleveland. He can be reached at [email protected] or (216) 455-5065. McGlinchey Stafford is the Compliance Partner of Auto Finance Excellence (AutoFinanceExcellence.org), a sister service of Auto Finance News.