4 min read

Banking as a Service: 7 Best Practices for Bank-Fintech Partnerships

Image of mobile phone with applications and computer code flowing in and out to represent fintech

Have you ever wondered what it's like for a traditional financial institution to partner with a fintech? In our latest AML Voices webinar, industry leaders Danny Schneider and Paul Achman, candidly share the realities of these collaborations. Drawing from their insightful conversation, here are seven best practices to build controls, create a safe environment, and successfully navigate the dynamic and disruptive Banking as a Service (BaaS) space: 


1. Assemble a Fintech-Experienced Team 

It's worth investing in a compliance team with fintech-specific experience. While this might seem like an obvious statement, many fintechs looking to partner with more traditional players in the space are predominantly heavy on startup energy, but usually not as much on the advanced understanding of compliance obligations front. 

Having individuals on your team who are experienced and understand the potential risks, as well as how to manage and mitigate them, serve as an invaluable internal gatekeeping function. 


2. Look Out for Red Flags 

“This industry is a very difficult industry to begin with, and you're going to want to align yourself with someone that's working in parallel with you – Paul Achman, BSA Officer, BankProv. 

Is your fintech partner looking for compliance-in-a-box? Do they have a culture of compliance? Is compliance at the forefront of their mind? Will they ask for permission, not forgiveness?  

These are some common red flags to address and establish before onboarding a fintech partner. However, a fintech's cultural makeup and alignment to your organization is the single most important thing you can do when evaluating these partnership opportunities.  


3. Have a Formal (Airtight) Process  

“These are really living and breathing relationships that require a lot of evaluation, analysis, and documentation” – Paul Achman, BSA Officer, BankProv. 

Each fintech is unique, with different circumstances and experience levels that require individual policy and oversight procedures. You need to start at the beginning and build a bank from the bottom up, developing a comprehensive infrastructure and approach to ensure you have the right foundation and ongoing oversight for each fintech partnership. 

Onboarding should be taken seriously; your partner's program, governance, policies, customer base, and business duration, all count, along with the review of multiple risk disciplines involved to boot. Everything must be outlined and agreed on upfront – what's their responsibility, what's yours, and what is the recourse if those expectations aren't met? And, of course, this must be documented and legally bound.  

When it comes to post-onboarding, fintechs require continuous monitoring and evaluation. The fintech model can rapidly shift and evolve over short periods, so it's essential for your organization to have controls in place that can be fluid enough to accommodate these changes.  

Likewise, a modularized approach to offering banking-as-a-service doesn't work. When assessing your risk on offering BaaS, you need to be thorough and comprehensive in evaluating each aspect of the business it's going to touch upon. The worst thing would be a surprise during your annual risk assessment. No one likes surprises like that. Instead, the ongoing maintenance of these relationships should be so fluid that annual risk assessments are a simple extension of the work you've already done. 


4. Get Ready for a World Full of Interaction   

“I’ve never had so much customer-facing contact in my entire AML/CFT career” – Danny Schneider, Director of Financial Crimes/BSA Officer, Lead Bank. 

Traditionally, AML/CTF professionals are siloed; sharing analysis or documentation outside of the department is not commonplace. Yet, with BaaS relationships, you do a lot of that, both internally and externally.  

Internally, it could be credit, information security, consumer compliance, operational risk management, operations themselves, or information technology. Externally, you’re going to be directly interacting with your fintech partners. So, not only do you need to be prepared for a lot of interaction, but you also need to ensure all documentation is in an easy, digestible format to limit communication barriers between stakeholders involved.


5. The Devil's in the Details: Read Consent Orders Issued to Partner Banks  

“There's nothing better to gauge the health and hygiene of your own program than to see what other people have done wrong or just haven't done well. Those who don't learn from history are doomed to repeat it” – Danny Schneider, Director of Financial Crimes/BSA Officer, Lead Bank. 

Reading consent orders has long been a best practice for any BSA officer. However, BaaS is a sector in the financial services industry where subject matter expertise and regulations are often unclear, resulting in many grey areas. As such, it becomes increasingly crucial to pay close attention to the details in these consent orders and enforcement actions for legal clarity. You should understand how they apply to your institution, and decide how and when to make any necessary course corrections for your program. 

These valuable insights allow you to be proactive rather than reactive.  

Additionally, if you need more resources or new software, consent orders can serve as powerful tools and compelling evidence to advocate for and justify these requests to your CRO, board, or president. 

Top Tip: Consult your informal or formal peer groups for advice and guidance on consent orders.  


6. Be Prepared for Lengthy, Robust Examinations  

“You really can't miss a beat as it relates to any of your policy, procedure, or program elements, and the things that maybe would not have been identified as potential issues in a traditional bank setting may have more scrutiny in the banking as a service space” – Paul Achman, BSA Officer, BankProv.  

In traditional banking, there will often be a theme for each exam cycle, with two or three specific focal points. Whereas in the BaaS space, regulators will conduct rigorous, exhaustive examinations that cover all aspects of your program.  

Regulators will remain involved for a substantial period and have numerous inquiries. Be prepared to meticulously explain every facet of your program inside and out – including precisely what the product is, who the customer base is, and how you manage and monitor the product. Supporting documentation is also vital. 

Top Tip: Harness and develop relationships with your regulators and update them often; remember, they are learning alongside you. 


7. POSITIONED FOR THE BEST, But Prepared for the worst  

“Fintechs, even if they are doing exactly what they’re supposed to be doing with your institution, can go out of business overnight – Danny Schneider, Director of Financial Crimes/BSA Officer, Lead Bank. 

Over the past couple of years, the market has shifted – from high-profile regulatory failings to challenging funding environments – with many fintechs caught off-guard, halting business activities. Exit clauses in fintech banking agreements are therefore crucial for flexibility and risk mitigation; likewise, they safeguard your institution from legal disputes or financial complications. 


Want to hear directly from our expert panel? Access the full webinar here.  

Or, if you are a fintech who needs help establishing or auditing your existing program, our team of seasoned financial advisors are ready to help, simply fill out our contact form, and let's start the conversation. 

Connect with our Panelists 

chuck taylor headshot
Chuck Taylor
EVP - Financial Crime Advisory, AML RightSource 
Danny Schneider
Director of Financial Crimes/BSA Officer,  Lead Bank 
Paul_Achman_Gradient Stroke Circle
Paul Achman
BSA Officer, BankProv