A Boardroom Conversation

Not all banks are comfortable taking on the risks of partnerships with startup fintech companies. Mike Butler is the president and CEO of Radius Bank, a $1 billion asset Boston-based bank with three offices, and a national customer base serviced through innovative online and mobile technology. He explains in this edited transcript and video how he handles the risk of doing business with fintech companies.

Q: Can you tell me about a few of your partnerships? You, or your bank, has had five partnerships in the last three years with fintech companies.
MB: Our favorite partnership is with a company called Aspiration. [It is] a robo-advisor out of California. We have been working with them for about two years. On the technology side, we have been working recently with a company called Socure, which has some authentication software, which is very important for us on the verification side.

Q: How many of your vendors have access to sensitive customer information and how do you handle that from a risk perspective?
MB: So, the cybersecurity thing is really important to us. It’s important to us from a regulatory perspective and it’s important to us from a reputational perspective, that we can look at our clients and say we are doing everything to keep their data safe. We start at the top of the house and ask, ‘Do you really need access to our data?’ We always say, ‘Guys, here’s the wall, and let’s do everything outside the wall.’ Over time, with a company like Aspiration, when you get more comfortable with them, sometimes you might open a window or two, and allow them more access to data, so they can work with their customers in a better way and get a better experience. At the board level as well, for a company like us, when we choose to work with a big vendor like Aspiration or a big fintech, we get [the board] involved at the early stages, so this isn’t just a decision I unilaterally make that I’m going to go pick Aspiration. But we have a business case and a checklist we put together to say, ‘Does Aspiration fit the model of a fintech we want to work with?’

Q: When you do take on a new fintech company, what are you looking for in terms of cybersecurity?
MB: This is where a lot of banks struggle. [They] might say, ‘This fintech doesn’t have the right balance sheet; it hasn’t been in business long enough and therefore isn’t a company we’re willing to do business with.’ That’s a box you put yourself in that says ‘I’m never going to do business with a fintech because I just described 90 percent of them.’ What we’ve said is we are going to take some risks in terms of traditional vendor reviews, but we are going to look at some other attributes that are very important. That goes back to the cultural alignment [issue]; [it’s important] to go out and do physical inspections and talk about what they’re doing on the technology front, talk about what systems they put in place, and remember we’ve drawn that line that says you’re not going to get into our systems right away.
Not that we’re still not asking questions about where your capital is coming from, and how well you’re doing and what your long-term sustainability is, but you have to take a look at some other attributes if you are going to be willing to work with fintechs.

Q: How do you get comfortable with the risk mindset of the company you’re dealing with, because you’re used to managing risk? That’s what you do.
MB: We’ll visit them. One of the questions you’ll always ask is, ‘Who is managing compliance on your side?’ If the answer is, ‘I don’t know what you’re talking about,’ then that’s probably not the company for us. If they direct us to their compliance group, that’s a great place to go. We get to meet and talk with them, get their backgrounds, get their resumes, find out how good they are, and look at the software they are using in relation to cybersecurity.

Q: What do regulators expect in terms of your relationships with vendors?
MB: The bar is high. It’s a challenge for us. We have taken a very proactive approach with them. Anytime we go work with a fintech like Aspiration, we will bring that to the regulators ahead of time and put that business case [to them], just like I did before the board, and we’ll ask them to opine on how we’re approaching this, and see if they will give us some thoughts on where some weaknesses are.

Q: Do they ever answer that question?
MB: Yes, they’ve been great. They’ve came back with a pre-launch review of one of our strategic partnerships, and spent some time in our office and said, ‘We think you should do a couple of things to tighten this up.’ We truly want to have that relationship with the regulators and we want to make sure we’re secure.