Are FinTechs prepared for increased due diligence from community banks?

Are FinTechs prepared for increased due diligence from community banks?

October 08, 2021

The relationship between community banks and financial technology companies (“FinTechs”) is generally one of mutual benefit. Community banks can benefit from new or innovative technologies offered by FinTechs that enable them to provide more digital products and services, enhance efficiency, reduce costs, and improve competitiveness. Innovative Fintech solutions, however, come with their own risks and challenges, especially for heavily regulated community banks that must ensure their Fintech partners undergo thorough due diligence to identify and mitigate potential risks. For the FinTechs that provide these solutions, it is imperative to be fully prepared.

To address the unique risks and challenges of dealing with FinTechs, joint agency guidance entitled “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks” (“Guidance”) was released on August 31, 2021. The Guidance details regulatory expectations for community banks and, more importantly, provides a roadmap for FinTechs on what their community banking partners will be asking from them and affords an opportunity to be proactive and prepare accordingly. FinTechs that provide products and services for community banks should have prepared a comprehensive due diligence package that details, at a minimum, the following:

Business Experience and Qualifications - Credentials, experience of management, and sound strategic plans

  • Business experience
  • Business strategies and plans
  • Qualifications of Directors and Principals

Financial Condition - Financial Strength, stability

  • Financial analysis
  • Market information

Legal and Regulatory Compliance - Knowledge of regulatory framework and ability to comply

  • Legal
  • Regulatory compliance

Risk Management and Controls - Risk management to operate business in a safe sound manner

  • Risk management
  • Risk appetite

Information Security - Controls to protect sensitive information and prevent exploitation of vulnerabilities

  • Security program
  • Information systems and infrastructure

Operational Resilience - Controls to prevent and respond to operational disruptions

  • Business continuity and incident response
  • Service level agreements
  • Subcontractor due diligence


Compiling this information can be a daunting task, especially for Fintech start-ups or those growing quickly. Furthermore, putting together a comprehensive due diligence package is one thing—doing it right, is another—the latter frequently requires having banking experience to anticipate what community banks will be looking for.

So, how can FinTechs prepare for the due diligence that they will be subject to? Leaders of FinTechs should assess now how to strengthen governance and risk management processes and controls that are the focus of community bank due diligence requests.

Stout’s Regulatory Compliance & Financial Crimes Services Team Can Help

Stout’s team is uniquely qualified to help. Our team regularly works with FinTechs of all types, including non-bank financial institutions, and also has extensive experience with community banks. Our highly specialized and experienced financial professionals include Certified Public Accountants (CPA), Certified Fraud Examiners (CFE), individuals Certified in Financial Forensics (CFF), Certified Anti-Money Laundering Specialists (CAMS), Certified Anti-Money Laundering & Fraud Professionals (CAFP), Certified Internal Auditors (CIAs), Certified Information Systems Auditors (CISA) Accredited Payments Risk Professionals (APRP), former regulators, former bankers, and financial services auditors.

Our help includes, but is not limited to:

  • Anti-Money Laundering (AML) program development, benchmarking, enhancement, testing, and/or remediation
  • Documenting payments risk management programs to comply with network and regulatory requirements
  • Performing risk-based internal audits of governance, risk management, and compliance processes
  • Performing information technology and cyber risk and controls assessments
  • Performing data privacy assessments based on Gramm Leach Bliley Act, California, and other state specific data privacy regulations
  • AML and other program staff augmentation

Contact a member of our Regulatory Compliance & Financial Crimes Services team for more information about how we can help.