Addressing Scale Challenges in Risk and Compliance
SEPTEMBER 5, 2024
By: Tyler Brown
Bank Technology and Data
Operating a robust compliance program gets harder as a financial institution (FI) grows in size and complexity. As we’ve written, those challenges multiply when that FI expands beyond direct channels to third-party partners that are responsible for acquiring and directly overseeing end customers. Amid enforcement actions and proposed regulation, perhaps it’s counterintuitive that a survey from Alloy fielded early this summer found that 61% of 51 respondents from a sample of Banking-as-a-Service (BaaS) sponsor banks with more than $2 billion in assets reported six to ten partnerships and another 27% reported 11 to 20.
These BaaS (referred to in the study as embedded finance) partnerships are a lot for a bank’s risk and compliance teams to handle, particularly in the community-bank segment. Banks that depend on manual processes and the sheer size of their risk and compliance teams to mitigate potential problems introduce fixed costs that a sponsor bank may be unwilling or unable to bear. Suboptimal compliance practices — passing spreadsheets back and forth between the bank and partners, doing manual reviews, and conducting periodic but only occasional audits — cause delays, lag the high growth typical of BaaS partnerships, and introduce additional risk.
Enter the idea of programmatic compliance orchestration. It in theory makes managing partner compliance more efficient and cost-effective (it’s offered by at least several providers, and we’ve touched on it before). From the bank’s perspective, it means real-time oversight of partners’ compliance policies and practices and the ability to adjust and enforce policies in near-real time. It also means that, ideally, a platform doesn’t require programming expertise, and the risk and compliance teams can make changes with little to no back-and-forth with the IT team, avoiding lengthy in-house development cycles.
Risk management and compliance orchestration extends to platform integrations, including the data sources banks use in risk decisioning and point solutions that may provide certain functions, like monitoring for AML compliance or KYC, for example. The outputs flow downstream from the bank to program partners to provide parameters for policies, visibility into outcomes based on those policies, and the ability to make quick changes.
As we’ve written, and as Parilee Wang, chief product officer at Alloy, reiterated in an interview with CCG Catalyst, there’s a balance sponsor banks need to strike between responsible growth and innovation. As the cost of compliance for sponsor banks grows, some will make the right investments in oversight and control. Others that aren’t willing to commit will exit or scale down BaaS, or in the context of new entrants, never start a program. To create a healthy long-term BaaS ecosystem, that’s for the best.
Phone: +1-480-744-2240 • Contact Us