8 Questions to Ask Before Signing a Vendor Contract

Written by

There’s no shortage of widgets, services and partners that your institution could use. But there isn’t a universal metric to decide which ones you should use.

The only way you’ll know is to evaluate, based on your institution’s goals, constraints and appetite for growth. In my career, I’ve worked alongside hundreds of financial institutions, listening deeply and learning how they evaluate vendors and tools. I’d like to share eight questions that can help your institution build the right kind of momentum and avoid distraction. I separate these questions between “tool questions” and “vendor questions” — two areas are closely linked but very distinct.

5 Questions to Find Out if a Tool Is Right for Your Institution

1. Does it raise or lower operational risk?
Becoming a successful banker demands a basic grasp of risk management. But too often, I’ve seen successful bankers underestimate the risk of keeping the status quo and overestimate the risk of doing something new. If your institution has a high chance of subsequent growth that outweighs marginal increases in risk, then you could still lower the bank’s overall risk while increasing revenue.

2. Can it increase efficiency for an existing process?
Despite the glorious speed of computers, most banks still have to use some combination of manual work paired with automation to accomplish certain tasks. Banks commonly maintain their escrow and subaccounts on spreadsheets; every month, one or more team members has to print statements and stuff envelopes. There is higher value work for your commercial bankers to focus on. Ask your staff to flag these types of manual processes and then look for tools to eliminate busywork or tedious compliance tasks.

3. Can it allow the team to develop clients in new industry verticals, or confidently approach existing clients to win more of their business?
Your bank can’t be everything to every client, but you can identify the services or product functions that appeal to high-value industries, such as property management, 1031 exchanges, municipalities and healthcare. Even if your institution has previously passed on certain types of clients, consider if the tool in question could reignite those opportunities.

4. What would it cost in time, effort and lost opportunity to develop a similar tool?
I’m a huge believer in banks pursuing in-house innovation. Your institution is much closer to the problem that needs solving than a tech company that helicopters in without any banking know-how. However, there’s no reason to reinvent the wheel. If an externally built tool solves the problem without disrupting your momentum, then your choice is much easier.

5. Will it build momentum towards a top objective in the next 1 to 5 years?
It’s hard to project what the market will look like in 5 years, but thinking 1 year at a time is a bit like steering your car by looking at the road immediately in front of you. One way to hedge against volatility is to look for ways to deepen existing relationships with your clients. By adding value and serving more of their needs, you will benefit from their deposits, loans and genuine trust over the short and long haul.

2 Questions to Learn if a Vendor Is Right for Your Institution

6. Is the company committed to solving unsexy, real-world problems, or are they just waving around software as a cure-all for your challenges?
The line dividing these two scenarios can be blurry. Financial technology is unlocking massive opportunities and changing the way banking is done. Your institution will want to determine if you’re considering a partner with a solution in search of a problem or a firm that has wrestled alligators and knows how to get in and out of the swamp safely.

7. Can you get a warm recommendation?
Ask your network for their thoughts. Check in with your favorite banking association. Make some phone calls and find out if a prospective partner’s existing clients are satisfied. You shouldn’t count on the reputation of current clients alone, but it’s an invaluable part of the due diligence process.

Strong banks are built through consistency, integrity and a willingness to adopt new strategies and tactics before it’s too late. My final question is one I think banks should ask before tackling any of the prior seven questions.

1 Question to Discover if Your Institution Is Ready for a New Solution

8. Is your institution cultivating excellence and a growth mindset within each team member?
The best tools, built by the best companies in the world, won’t compensate for sagging morale and persistent risk aversion among your employees. Encourage your team to look for new opportunities, both from a client perspective and from a vendor perspective. The most valuable commercial banking clients need flexibility and creative problem-solving from their banking partners. With the right tools and attitude, your team can build partnerships that outgrow your expectations.

Considerations for Post-CECL Adoption

Written by

Over the last 10 years, banks have discussed and debated the current expected credit loss, or CECL, accounting standard. Many of the larger banks adopted the standard in 2020, with the majority of smaller banks adopting on Jan. 1, 2023.

While the industry has adopted CECL, here are some items to consider in 2023 to position your institution for success in your next regulatory exam or external audit.

Prepare a CECL Adoption “Package”
When your regulators and auditors arrive in 2023, they will likely ask about your CECL implementation process. One way to address their questions is to prepare a package that  includes:

  • Board-approved allowance for credit losses, or ACL, policy.
  • The initial adoption calculation.
  • The consideration of unfunded commitments, which are recorded as a liability on the bank’s balance sheet, and debt securities, both available-for-sale and held-to-maturity.
  • The bank’s narrative that supports its CECL calculation, which should include a summary of the selected model and methodology, assessment of qualitative factors and forecasting and a summary of any individually evaluated loans.
  • The initial adoption journal entry, a reconciliation to your CECL calculation and documentation of a review and approval of the journal entry.
  • Third-party vendor management documentation and CECL model validation.

Third-Party Vendor Management
If your bank is using a third-party vendor for its CECL calculation, be sure to document the vendor management considerations over this calculation annually in accordance with your bank’s vendor management policies and your primary regulator’s guidance.

Make sure this documentation includes procedures the bank has taken to gain comfort over the third party’s calculation, obtaining a service organization controls (SOC) report for the calculation and a CECL model validation for the third-party calculation. Your institution may need to get support from the vendor to assist with articulating the math behind the calculation and a recalculation of the ACL on an individual loan basis.

Perform Back Testing in 2023
As the bank’s CECL model “ages” in 2023, management should document back testing of the model to verify it is functioning as expected. Back testing can aid the bank in understanding the model and how estimates and varying economic results impact it.

As your bank develops its back testing procedures, consider comparing estimated data points to actual results, including prepayment speeds, loan charge-offs and recoveries, economic data points and loan balances. Additionally, management should consider sensitivity or stress testing of the model, including analysis of various scenarios or assumptions and their impact on loss estimates.

Add CECL to the 2023 Internal Audit Plan
The CECL model, like the historic incurred loss model, should be subject to the bank’s internal audit plan. This internal audit program can include reviewing the policies and procedures, gaining an understanding of the model, reviewing the assumptions in the model for reasonableness and consistency with other assumptions and reviewing the model access. It should also include procedures to verify calculations are appropriately reviewed by management and governance.

CECL Model Validation
As bank regulators discussed in the 2020 interagency policy statement on the allowances for credit losses, model validation is an essential element to a properly functioning process for a bank, and should be completed annually. Validation activities for a bank include evaluating and concluding on the conceptual soundness of the model, including developmental evidence, performing ongoing monitoring activities, including process verification and benchmarking and analyzing model output, according to the interagency statement.

The CECL model validation, which is a frequently overlooked part of CECL implementation, should be performed by an individual or firm that is independent from the model’s design, implementation, operations and ownership. Additionally, the interagency statement states the external auditor of the bank may impair independence if they also perform the CECL model validation.

The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CliftonLarsonAllen) to the reader.

CLA exists to create opportunities for our clients, our people, and our communities through our industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. CLA (CliftonLarsonAllen LLP) is an independent network member of CLA Global. See CLAglobal.com/disclaimer. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.

How Banks Can Leverage Continuous Auditing, Continuous Monitoring

Written by

Continuous auditing and continuous monitoring are one of the most misunderstood and under-utilized concepts in business. While continuous auditing and continuous monitoring, or CA and CM, may be two distinct concepts, they operate under the same development umbrella. When institutions design, build and implement them correctly, both can deliver targeted and dynamic results.

To leverage the power of this methodology, bankers should start by understanding the overlooked differences between the two approaches. Continuous auditing and continuous monitoring are two distinct disciplines.

The first key difference between the two is frequency. A confusing aspect of the CACM methodology is the name. Everyone hears the word “continuous” and believes this type of work goes on forever, without any consideration. That could not be further from the truth. Continuous auditing has a distinct start and finish; in contrast, continuous monitoring can be started and stopped at any time and has no set length of execution.

Like any type of formalized testing, a CA program must contain a time frame in which the work will be performed so a conclusion on the control effectiveness for the same period can be made. Conversely, a CM program can be started, stopped and restarted again for any length of time because it is not being executed to provide a conclusion on the control environment. Rather, it delivers an indication that a specific control or set of controls produces the expected results within acceptable performance limits.

The second key distinction is the testing specifics. The CA approach has detailed control process descriptions that provide information to develop the corresponding steps to be reperformed — in order to confirm the results. In contrast, the CM approach selects a control or controls and verifies the outcomes are within the acceptable limits of the business process requirements. At no time does a CM review, examine or reperform the control steps to validate results. The only information obtained and examined in the CM review is the result. If those results are within the acceptable control parameters, there is no additional verification performed. The CA approach provides a more comprehensive validation of the control environment compared to the CM approach.

Common Uses for the CACM Methodology
One of the most appealing aspects of the CACM methodology is that it can be applied to any business process in any industry. However, there are considerations to include in the evaluation process before selecting your target business processes. The most effective way to communicate these considerations is not by telling you the best business processes to target, but providing you with the business areas that should be avoided when developing your CACM methodology.

This does sound contradictory, but to avoid methodological pitfalls, there are limitations to consider when selecting a target CACM area. While you can apply the CACM methodology to any process, in any industry, it is important to consider using a new methodology to proactively validate your existing control environment and identify potential future challenges.

To do that, there are two areas to avoid when selecting your target CACM business processes: complexity and judgment. Regarding complexity, the methodology is going to ask you to identify the most critical control or controls in the process that directly impact the outcome. It will be difficult, if not impossible, to identify one or two critical controls in any complex business process. With judgment, the process allows for overrides, which potentially creates false positives in the CACM. Even with detailed approval guidelines, the subjective nature of the process makes it a challenging selection for a CACM.

At Baker Tilly, we recommend banks incorporate CACM into their compliance business process. Most compliance processes have very specific, detailed and documented process requirements with almost zero judgment. Compliance rules and regulations do not provide a significant amount of grey area. Those types of processes make it easier to incorporate your CACM process because the business requirements are clear and you will have an easier time selecting the most critical control points.

Continuous auditing and continuous monitoring provides organizations with a proactive review approach that help identify potential control breakdowns. This proactive approach allows organizations to enhance their current control environment, strengthen their compliance processes, mitigate risk and build a stronger business culture to mitigate risk and potentially eliminate future losses.

Risk, Performance and Banking: What Really Matters

Written by

The goal of banks is to create financial stability and profit while building strong relationships with customers, employees and the community. What’s standing between your bank and that goal? Asking that question is the first step to finding out.

Banks measure performance in financial terms: they compare loan rates, customer growth and other key performance indicators (KPIs). But looking at performance in this way only shows how things are going, not why they are going that way or how performance could change in the coming weeks, months or years.

Understanding the “why” requires deeper analysis — an analysis that comes from enterprise risk management, or ERM. ERM is a system for managing risk holistically throughout a financial institution to create value. It’s about identifying, assessing, measuring, monitoring, mitigating and communicating risk — and using that information to build a stronger, more resilient institution.

Why should bank boards care about ERM?

1. Compliance Management. Compliance management is a huge concern for any bank. From federal and state consumer protection and privacy regulations to Bank Secrecy Act/anti-money laundering (BSA/AML) regulation, the number of regulations and the speed of regulatory change can be overwhelming.

Not only can non-compliance hurt individual consumers, it can damage a bank’s ability to offer the best-possible pricing, products and services. Failing to comply can result in costly enforcement actions, fines and lawsuits. It can also lead to limitations on growth.

Banks need to have a strong compliance management system, or CMS. This allows them to identify, measure, monitor and mitigate compliance risk. A CMS can also help banks respond more efficiently to regulatory changes by ensuring they implement changes while minimizing the cost of compliance.

2. Vendor Management. Third-party partners like including vendors, fintech partners and consultants can easily increase the potential risk to a bank or its customers. Data breaches can expose customer data. Outages can prevent customers from accessing the products and services they need. Mistakes can result in compliance violations and consumer harm. Automatic contract renewals can cause the bank to sign long-term contracts with unfavorable pricing.

Managing third-party risk requires a good vendor management program. It’s not just a regulatory requirement; it’s also a best practice. Not only can vendor management help a bank secure lower pricing, this required due diligence and monitoring helps banks identify vendor partners that could help the bank grow and thrive.

3. Findings Management. A bank needs to correct identified problems quickly. But it can be easy to lose track of these problems — whether they are self-identified, examiner or audit findings — with the demands of day-to-day responsibilities.

Every bank should have a findings management program that logs every finding, assigns it to someone responsible for remediation and tracks its remediation. This creates accountability that ensures that no finding is overlooked, whether it’s a consumer complaint, a weakness in a control, a vendor issue or a compliance violation.

Risk Performance Management for High-Performing Banks
Each of these three areas of ERM have the potential to hurt or enhance a bank’s performance. Done well, they can better control costs, strengthen the banks’ resilience and more quickly achieve the board’s strategic goals. One of the most effective ways for a bank to gauge its risk and performance is by leveraging expert solutions that provide the frameworks, tools and knowledge that executives and the board need to maximize the efficiency of the process. These solutions can also serve as an educational primer, showing banks what needs to be done and the best ways to do it efficiently, so the bank can follow a clear, well-informed path forward.

These solutions also make it easy to understand where the threats and opportunities are for an institution. This is especially important as banks try to keep pace with evolving technology and consumer expectations. Having the right risk management tools in place directs the executives and employees to quickly ask the right questions when evaluating new technologies, partners and strategies, and understand what those answers mean.

Whether it’s knowing how regulations impact a new product or service, or assessing the maturity of a vendor’s cybersecurity controls, good risk management means having more information sooner to make better decisions — and that leads to better performance.

4 Reasons to Build a Digital-Only Brand

Written by

Digital transformation offers many long-term benefits for community banks. But it can also pose strategic challenges, such as how to test new products and services without affecting the identity of an institution’s core brand.

One solution is to launch a digital-only brand that is distinct from the bank’s current brand. Developing a digital brand can drive powerful results that might otherwise be inaccessible for community banks that are looking to innovate but may be hesitant to make too many changes too quickly. In this piece, we explore how developing a digital-only brand can benefit banks, and which strategies are key to ensuring their success.

1. Build a New Tech Stack and Test Alternative Providers
The legacy banking technology that community banks typically rely on doesn’t always make it easy to roll out new products or customize offerings. Fortunately, new platforms can streamline the process and give them the power to easily change rates and marketing copy in real time. A digital-only brand is a great way to test out new technologies like online account opening before expanding them to the bank’s core brand.

One community bank in Missouri is doing just that. In 2019, Midwest BankCentre, based in St. Louis, Missouri, launched its digital-only brand, Rising Bank. Rising gave the 115-year-old bank a way to explore new technologies, test digital marketing methods and measure how the market would respond to product changes. In its first five months, Rising Bank experienced:

  • An average conversion rate of 48% on online applications.
  • Average initial deposits of over $55,000.
  • Net-new deposits of more than $100 million.

Launching Rising allowed Midwest to de-risk innovation efforts and test new approaches to digital transformation. The community bank was then able to take these insights and drive similar results for its core brand.

2. Attract Customers in New Markets
The right tools allow community banks to deliver great service, no matter the channel. A digital-only brand can help smaller institutions compete with megabanks’ online offerings and unlock untapped market share. Unlike a brick-and-mortar institution, a digital brand is accessible to customers anytime, anywhere. This means a bank can expand the geographic reach of its business and target new markets without building new branches.

3. Uncover Opportunities for Hyper-Personalization
Hyper-personalization means using data and analytics to develop a deep understanding of customers’ interests, expectations and gaps in service. Using these insights, banks can develop hyper-personalized products that address the needs of specific demographics, communities, profession, and underserved groups. By targeting these audiences, banks can carve out a successful niche and maintain sustainable growth.

Data collected through a digital-only brand — through online interactions, geolocation data, aggregated payments behavior and so forth — will reveal to your bank where the opportunities are. For instance, a bank could launch an online-only brand that caters to healthcare workers or the LGBTQ+ community.

4. Develop New Products Without Fear of Cannibalization
One of the concerns banks may have about developing new banking products or strategies is the potential to cannibalize existing business. It’s key that the digital brand is distinct from the core brand — while still supported by the bank’s experience and brand recognition. When the new brand and existing brand serve different purposes and appeal to different customer bases, the risk of cannibalization is low.

For example, Rising Bank and Midwest BankCentre’s core brand achieve different goals for the institution. As a digital-only brand, Rising appeals to younger demographics and has raised significant deposits from a national customer base, while Midwest is community-focused and excels at building relationships in-market. Further, Midwest and Rising avoid cannibalization given their varying interest rates. Yet both brands have achieved considerable success on digital channels.

“This year alone, Midwest BankCentre’s digital-only brand and our core brand’s online channel held the No. 1 and No. 2 spots, respectively, in most accounts opened across our organization,” says Erin Erhart, Midwest’s executive vice president of bank and digital operations.

A digital-only brand can complement the bank’s core brand in a targeted way. This large-scale digital transformation project may seem overwhelming, but vendors can help banks find the right approach and determine how to achieve the best results with a digital brand.

Banking’s Single Pane of Glass

Written by

Imagine looking at all the elements and complexities of a given business through a clear and concise “single pane of glass: one easily manageable web interface that has the horizontal capability to do anything you might need, all in one platform.”

It may sound too good to be true, but “single pane of glass” systems could soon become a reality within the mortgage industry. Underwriters, processors, loan originators and others who work at a mortgage or banking institution in other capacities must manage and maintain a plethora of different third-party software solutions on a daily basis.

It’s complex to simultaneously balance dozens of vendor solutions to monitor services, using different management console reports and processes for each. This cumbersome reality is one of the most significant challenges bankers face.

There are proven solutions and approaches to rationalizing these operational processes and streamlining interactions with customers, clients and new accounts. In the parlance of a technologist, these are called “single panes of glass,” better understood as multiple single panes of glass.

That does exist if you’re talking about a single product. Herein lies the problem. Heterogenous network users are using single third-party platform solutions for each service they need, with a result that one would expect. Too many single panes of glass — so much so that each becomes its own unique glass of pain.

How can banks fix this problem? Simply put, people need a single view of their purposed reality. Every source of information and environment, although different, needs to feed into a single API (application program interface). This is more than possible if banks use artificial intelligence and machine learning programs and API frameworks that are updated to current, modern standards. They can unify everything.

Ideally, one single dashboard would need to be able to see everything; this dashboard wouldn’t be led by vendors but would be supported by a plethora of APIs. Banks could plug that into an open framework, which can be more vendor-neutral, and you now have the option to customize and send data as needed.

The next hurdle the industry will need to overcome is that the panes of glass aren’t getting any bigger. Looking at pie charts and multiple screens and applications can be a real pain; it can feel like there isn’t a big enough monitor in the world to sift through some data spreadsheets and dashboards effectively.

With a “single pane of glass” approach, banks don’t have to consolidate all data they need. Instead, they can line up opportunities and quickly access solutions for better, seamless collaboration.

Focusing on one technology provider, where open-source communication can make integration seamless, might be a good adoption route for bank executives to consider in the short term while the industry adapts to overcome these unique challenges.

Staff Shortages Snarl Fraud Oversight

Written by

For some community banks, workforce attrition and hiring pressures could be adding an extra layer of difficulty to their ability to combat fraud. 

Concurrent with the Great Resignation, financial institutions have been fending off fraud of all kinds, from spear phishing attacks to account takeovers to check fraud, sometimes with a digital twist. In response, boards should understand where their organizations might be vulnerable and what kinds of proactive measures they might take. 

“That intersection of increasing fraud attacks with the strain on the workforce — I would say that is the biggest thing that we are seeing our clients struggle with,” says Vikas Agarwal, financial crimes unit leader at PwC. 

Specialized anti-fraud talent is in high demand, and prospective employees can command higher wages than they could before.

Seventy-eight percent of the senior executives and directors who responded to Bank Director’s 2022 Compensation Survey in March and April say that it’s been harder to attract and retain talent in the past year. Forty-one percent indicate that their bank increased risk and compliance staffing in 2021, and 29% expect to fill more of these positions in the year ahead. 

Attrition in the risk and compliance functions can eventually lead to a backlog of alerts to work through, experts say. 

“With turnover, you lose institutional knowledge and some efficiencies with how to run a risk and compliance department. As you have turnover, backlogs may build up,” says Kevin Toomey, a partner with the law firm Arnold & Porter. “Backlogs are a scary concept for banks, but also for the boards of banks. It could mean that not everything is running like a well-oiled machine.”  

Higher turnover could also make an institution more vulnerable to phishing and spear phishing attacks, says Ron Hulshizer, managing director at the accounting firm FORVIS. Those are both types of email impersonation attacks, used to install malware or gain access to information; spear phishing tends to be targeted to a specific individual. Noting that his firm has seen an increase in ransomware and extortion attacks against banks, Hulshizer says phishing attempts often give fraudsters a foot in the door.  

“It’s typically a phishing email that comes in, somebody falls for something, eventually, [and] the really bad malware gets installed,” he says. “Then it starts doing its thing and destroying files.”  

Scams, account takeovers and synthetic identity fraud are among the more common forms of fraud that community banks are dealing with right now. A LexisNexis Risk Solutions study published earlier this year identified synthetic ID as a big driver of fraud losses and also noted a rise in phishing scams during the pandemic. Scams have gotten particularly sophisticated, says Christina Williams, financial crimes consulting manager at the accounting and consulting technology firm Crowe. In some cases, she says, scammers have spoofed a financial institution’s 800-number to fool customers into giving up information that is then used to gain account access. 

But fraud seldom ever goes extinct, and some financial institutions have seen a resurgence in various types of check fraud since the pandemic began. Many businesses still rely on paper checks and physical mailboxes, both of which can be compromised, says Williams. Remote deposit capture tools can also be vulnerable to check fraud. Williams says that in some cases, fraudsters have been able to make a phony deposit using the image of a check on another device. Often, the scammer will stick to amounts under $1,000 or $5,000 to avoid triggering a review before the fraudster is able to withdraw the money. 

“A lot of the automated systems don’t necessarily pick up on it,” Williams says, emphasizing the importance of having adequate staff to carry out those reviews. “The fraudsters are aware of this; they still are trying to operate under dollar amounts where they believe there won’t be a secondary review.” 

Debit card fraud has also been a perennial pain point for community banks, Hulshizer says. 

Though the board doesn’t need to get involved in day-to-day fraud oversight, directors should know enough to ask the right questions of senior management. In the first place, that means understanding the organization’s baseline: how many and what type of fraud attempts does it experience in a given period, and how much of that fraud is stopped? 

“Do they understand, month to month, is it trending up or is it trending down?” says Agarwal. “Oftentimes, we find that people don’t have simple metrics that help them gauge if their risk to fraud is increasing as an institution or decreasing.” 

Agarwal adds that it’s worth asking whether the bank can contract a third-party firm in the event of a staffing shortage. 

Boards can ask whether management is looking into any new fraud-mitigating technologies, like biometric features meant to curb password fraud, says Hulshizer. 

And make sure that existing technology is regularly updated. “When technology gets old, over time, it ends up not being supported,” Hulshizer says. “When we do audits, we’ll find old operating systems that Microsoft no longer supports.”  

Not only should directors ask about trends in fraud and risk, but they should also be prepared to question senior management about trends in the bank’s staffing and resources, says Toomey. 

“What directors were asking a year ago may be different than what they’re asking 6 months from now,” says Toomey. “And to effectively exercise their oversight responsibilities, they need to start asking these questions now, to assure that their bank isn’t one of the ones that you read about in the papers.” 

5 Considerations When Vetting Fintech Partnerships

Written by

Fintech collaborations are an increasingly critical component of a bank’s strategy.

So much so that Bank Director launched FinXTech, committed to bridging the gap between financial institutions and financial technology companies. Identifying and establishing the right partner enables banks to remain competitive among peers and non-bank competitors by allowing them to access modern and scalable solutions. With over 10,000 fintechs operating in the U.S. alone, finding and vetting the right solution can seem like an arduous task for banks.

The most successful partnerships are prioritized at the board and executive level. Ideally, each partnership has an owner — one that is senior enough to make decisions that dictate the direction of the partnership. With prioritization and owners in place, banks can consider fintech companies at all stages of maturity as potential partners. While early-stage companies inherently carry more risk, the trade-off often comes in the form of enhanced customization or pricing discounts. These earlier-stage partnerships may require the bank to be more involved during the implementation, compliance or regulatory processes, compared to working with a more-mature company.

There is no one-size-fits-all approach, and it’s important for banks to evaluate potential partners based on their own strategic plan and risk tolerance. When conducting diligence on fintechs of any stage or category, banks should place emphasis on the following aspects of a potential partner:

1. Analyze Business Health. This starts with understanding the fintech’s ability to scale while remaining in viable financial conditions. Banks should evaluate financial statements, internal key performance indicator reports, and information on sources of funding, including major investors.

Banks should also research the company’s competitive environment, strength of its client base and potential expansion plans. This information can help determine the fintech’s capability to sustain operations and satisfy any financial commitments, allowing for a long-term, prosperous partnership. This analysis is even more important in the current economic environment, where fresh capital may be harder to come by.

2. Determine Legal and Compliance. Banks need to assess a fintech’s compliance policies to determine if their partner will be able to comply with the bank’s own legal and regulatory standards. Executives should include quarterly and annual reports, litigation or enforcement action records, and other relevant public materials, such as patents or licenses, in this evaluation.

Banks may also want to consider reviewing the fintech’s relationship with other financial institutions, as well as the firm’s risk management controls and regulatory compliance processes in areas relevant to the operations. This can give bank executives greater insight into the fintech’s familiarity with the regulatory environment and ability to comply with important laws and regulations.

3. Evaluate Data Security. Banks must understand a fintech’s information and security framework and procedures, including how the company plans to leverage customer or other potentially sensitive, proprietary information.

Executives should review the fintech’s policies and procedures, information security control assessments, incident management and response policies, and information security and privacy awareness training materials. In addition, external reports, such as SOC 2 audits, can be key documents to aid in the assessment. This due diligence can help banks understand the fintech’s approach to data security, while upholding the regulator’s expectations.

4. Ask for References. When considering a potential fintech partnership, executives should consult with multiple references. References can provide the bank with insight into the company’s history, conflict resolution, strengths and weakness, renewal plans and more, allowing for a deeper understanding of the fintech’s past and current relationships. If possible, choose the reference you speak with, rather than allowing the fintech to choose.

5. Ensure Cultural Alignment. The fintech’s culture plays an important role in a partnership, which is why on-site visits to see the operations and team in action can help executives with their assessment. Have conversations with the founders about their goals and speak with other members of the team to get a better idea of who you will be working with. Partners should be confident in the people and technology — both will create a mutually successful and meaningful relationship.

Despite the best intentions, not all partnerships are successful. Common mistakes include lack of ownership and strategy, project fatigue, risk aversion and unreasonable expectations. Too often, banks are looking for a silver bullet, but meaningful outcomes take time. Setting expectations and continuing to re-evaluate the success and performance of these partnerships frequently will ensure that both parties are achieving optimal results.

Once banks establish partnerships, they must also nurture the relationship. Again, this is best accomplished by having a dedicated partner owner who is responsible for meeting objectives. As someone who analyzes hundreds of fintechs to determine quality, viability and partner value, I am encouraged by the vast number of technology solutions available to financial institutions today. Keeping a focused, analytical approach to partnering with fintechs will put your bank well on its way to implementing innovative new technology for all stakeholders.

10 Fraud Prevention Tips to Help Protect Your Institution

Written by

According to a recent study, organizations lose 5% of revenue to fraud each year — a staggering statistic. In an effort to help institutions decrease this percentage, here are 10 fraud prevention tips.

1. Confidential Hotline
This is the single most cost-effective anti-fraud action an institution can take. Tips via hotlines are the No. 1 way that frauds are detected, according to the ACFE 2020 Report to the Nations; most tips come from employees. We encourage banks to set up a confidential hotline operated by a third party and advertise it internally to all of their employees.

2. Fraud Awareness Training
Awareness training for employees can result in shorter duration for prospective fraudulent activities and lower losses. Institution-wide awareness is critical: Turn your employees and managers into fraud detectors and take advantage of all those eyes and ears.

3. Vendor Controls
Vendor fraud is very common because of the large number of payments going out to different companies and entities. Every company has vendors/suppliers, so it’s an easy place to perpetrate fraud. Some items to consider:

    • New vendor selection:
      1. Who can select?
      2. How are they selected?
    • Due diligence on new vendors:
      1. Is the vendor real?
      2. Is their pricing reasonable?
      3. Is the vendor related to an employee?
    • Periodically reassess vendor relationships.
    • Reduce or eliminate conflicts of interest.

4. Implement Good HR Practices
Conducting checks on candidates before they walk in the door can go a long way in preventing fraud. Additionally, having exit interviews can be a very useful tool in finding out about fraud, waste and abuse in your institution. Without the interview, exiting employees may not bother to tell you what they know.

5. Implement Mandatory Vacations
You know those employees who never take a vacation day, and if they do, they check in the whole time? It may not be because they are super dedicated. Many problems are identified during perpetrator vacations, because someone must fill in for them and perform their duties. Implementing mandatory vacations or job rotations can help identify fraudulent activities.

6. Credit Card, Expense Reimbursement Policies
Purchase and credit cards are a very common and convenient tool for committing fraud. Closely monitoring with strong controls in place is essential to reducing the risk of this type of fraud. Start with a clearly defined policy on what is and is not acceptable. Card use for “business purposes” is not good enough.

    • What types for expenses do you really want to be paying?
    • What types of expenses are not acceptable?
    • What documentation is required?

7. Fraud Risk Assessment
Similar to going to the doctor for a checkup, banks should conduct a fraud risk assessment annually or biannually. The bank changes, and with those changes come different risks. A periodic fraud risk assessment can help adapt to those changes, allow executives to understand their institution’s fraud risks and focus their efforts. This assessment should be performed by someone who looks at fraud issues on a regular basis.

8. Segregation of Duties
This can be difficult for small or growing institutions that have controls that have not kept pace with their growth. Segregating duties is not a new concept, but it’s just as critical today as any time in the past.

A few places to focus on:

      • A/P access to signed checks.
      • A/P clerks who can set up vendors.
      • Payroll clerks who can set up new employees.

9. Code of Conduct
These can seem like “soft” controls, but it is critical that an institution has these in place so employees cannot claim “ignorance” that what they were doing was wrong. Policies to consider implementing include:

    • Anti-fraud policy.
    • Conflict of interest policy.
    • Policy related to gifts and gratuities.

10. Create the Right Culture
Culture is a critical component to fraud prevention. If leadership demands and displays integrity and transparency, it typically permeates through an institution.

    • Tone is set at the top: Management must “walk the walk.”
    • Create a positive workplace environment.
    • Establish a culture of honesty and high ethics.
    • Put an emphasis on doing the right thing.

Decades of experience have taught us that even if a bank implements all the tips above, it could still become a fraud victim. Fraudsters are infinitely creative with their schemes; detecting or preventing those schemes is a never-ending task. But when taken together, these top 10 tips can still go a long way in helping your institution mitigate its fraud risk.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

Rethinking the Core with Nimble Digital Banking Technology

Written by

When it comes to the core, banks spend years evaluating their systems and making sure they align with the current and future needs of customers.

From personal financial management tools to card controls, customers select banks that offer the highest tech and robust options. This can be a challenge for banks, especially on the smaller side or those with a limited budget. But when a bank’s core can no longer keep up with the demands of digital banking trends, the cost, expense and risk of a total core conversion is often too high for institutions to justify making a wholesale change.

Instead, banks are bolting on a variety of tools that attempt to provide the functionality they need to meet customer demands and run efficiently behind the scenes. This can be a challenge for many banks, especially those that are light on staff and are assigned to manage multiple vendors. Vendor management is can be a meticulous and time-consuming task, as there are many separate and segmented parts that need coordination in order to run smoothly with close monitoring. This may require additional staff or additional tasks for executives that already wear many hats.

The future in core banking
As they look ahead at the future of digital banking, bankers are seeking ways to work around the core and still have comprehensive banking capabilities. These systems must be robust and fully run through the cloud while maintaining security. This explains the rise of challenger and neo banks that focus more on technology and security, rather than the brick and mortar. What also sets these companies apart is the way they utilize their core — it goes beyond the legacy systems that require many additional outside services for simple banking needs.

The modern core needs to evolve into a hub that serves as the foundation for digital banking, embedded banking and other customer-focused capabilities, working seamlessly across channels while also giving consumers individualized services.

How customers prefer to utilize banking
Bank customers are continuing to seek options that are tailored to their needs. Hyper-personalized services have continued gaining momentum as customers seek services that match their differentiated and unique situations.

Different customer segments have different needs and requirements; a small business owner’s needs will look different compared to a college student. The small business owner may look for options that can better track purchases or need loans for his or her business. The college student may be looking at more options like P2P payments and card controls to monitor their financial behaviors. Hyper-personalization means cores need to be more flexible and adaptable, with streamlined processes that make updates to technology and features seamless.

The pandemic has challenged and complicated some customers’ ability to work with their banks, given that branches have undergone significant changes to operations to ensure the safety of staff and customers. In response, customers have had to rely more on customer service options in a digital environment — which can be a turn off for many. Many customers avoid using a chat function or calling a helpline at all costs, as they believe it will be a time suck or it will not resolve the issue. So in addition to building in hyper-personalized services, banks must also take these preferences into consideration as they assist customers by offering methods that best suit their preferences.

Nimble and robust from the bottom to the top
As banks continue working toward their goals for 2021, it is important they examine their current offerings against their roadmap for the future. By working with technology partners that create a one-stop shop for services, they can eliminate the need for multiple vendors and moving parts while tightening their security measures through nimble cloud-based solutions. Now is the time for banks to make the switch and evaluate how they can provide the highest level of banking for their customers.