(As published in ABA Risk & Compliance magazine, May/June 2025 issue)
To stay competitive and meet evolving customer expectations, traditional banks are investing in digital transformation and forging fintech partnerships to enhance their digital services. These collaborations help integrate financial solutions such as digital wallets, peer-to-peer payments and advanced lending solutions—blurring the distinction between financial institutions (FIs) and fintechs.
Banks that partner with fintechs benefit from innovation, agility, cost efficiency and customer-centric services. In the area of customer service, fintechs excel in creating user-friendly solutions and superior digital experiences. With these partnerships, FIs can more quickly adapt to market changes, reduce operational costs, and avoid heavy investments required for in-house development.
While fintech partnerships offer many benefits, they also present challenges for FIs, including integration complexity, differing corporate cultures, and regulatory compliance risks. Banks must ensure that fintech partners uphold high security and compliance standards to maintain customer trust while also managing partner dependency and navigating an increasingly complex regulatory landscape—particularly when multiple fintech providers are involved.
The use of artificial intelligence (AI) continues to be a key interest in the financial services industry, as banks are cautiously looking for innovative ways to enhance decision making and operational efficiency while also leveraging technology to comply with regulatory requirements. For banks with multi-country operations, the use of AI facilitates handling complex, multi-jurisdiction reporting and different regulatory requirements. (For more information, see "Keeping pace with AI: Third-party risk management" and "Insights on strategy, risk and regulation in bank-fintech partnerships"1 in the March–April 2025 issue.)
As banks deepen their engagement with fintechs, they must navigate various partnership models, regulatory expectations, and risk considerations. The following sections outline common fintech partnership structures, key compliance challenges, and best practices for building strong governance frameworks.
Bank-fintech partnership models
Common partnership structures include:
- Banking-as-a-Service (BaaS). BaaS is a model in which FIs provide access to their core banking functions through application programming interfaces (APIs) —technology that allows different software systems to communicate and exchange data seamlessly. This enables third parties to build their own financial products without needing to become banks themselves.
- Embedded finance partnership model. Similar to the BaaS model, embedded finance is the integration of financial services technology into platforms outside of the financial sector. By leveraging APIs, these platforms —such as e-commerce sites or ride-sharing apps—can offer services such as payments, loans, or insurance, enhancing the customer experience.
- Bank model partnership. Here, the bank acts as the lender or account issuer, integrating with fintech systems. The fintech acts as the servicer of the bank.
- Referral partnership model. The fintech interacts directly with a bank’s customers for certain services, acting as lead generators, while the bank handles transactions.
- Fintech as a vendor model. In this model, the fintech provides technology solutions that banks adopt and incorporate into their solution sets to expand or improve their services.
- Private/white-label model. Here, banks sell fintech products under their own brand, managing customer relations and branding.
- Hybrid model. This approach combines elements of other models, where the fintech offers technology solutions and refers customers to banks.
The evolution of these partnerships has been influenced by several factors, including mobile adoption, remote work, regulatory modernization and changing customer expectations. Today, bank customer segments now include more and more digital natives, who expect to transact through smart devices. Boomers and GenX are digital migrants, whereas Millennials, GenZ and beyond were born into an electronic and digitized world.
In 2024, several partner banks reconsidered or exited their partnerships due to regulatory issues. The main reasons ranged from insufficient due diligence and ineffective management of their third-party relationships, to a lack of robust commercial agreements and ongoing oversight. Looking ahead in 2025, regulatory scrutiny of bank-fintech partnerships is expected to intensify. Meanwhile, the fintech space continues to grow more competitive, with traditional banks investing heavily in digital transformation to differentiate their products and services offering.
Regulatory scrutiny and compliance challenges
A recent survey2 of compliance professionals in bank-fintech partnerships shows that 90 percent of sponsor banks struggle with compliance. Key issues include a lack of control and auditability over fintech partners' policies, difficulties applying consistent compliance across jurisdictions, misalignment between internal policies and fintech partners, and unclear regulatory expectations. Regulators have increased scrutiny of bank-fintech partnerships, prompting banks to oversee their fintech partners more effectively. As an example of regulatory focus over the past two years, agencies have issued joint statements on bank-fintech partnerships, including:
Joint Statement on Banks’ Arrangements with Third Parties to Deliver Bank Deposit Products and Services3
On July 25, 2024, the FDIC, Federal Reserve, and OCC issued a joint statement to outline potential risks in the delivery of bank products and services. The joint statement discussed potential risks related to arrangements between banks and third parties to deliver bank deposit products and services to end users. The statement also highlighted examples of risk management practices implemented by banks to manage such risks.
Request for Information (RFI) on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses4
On July 31, 2024, the same agencies released an RFI soliciting input on the nature of bank-fintech partnerships, effective risk management practices pertaining to these arrangements, and other implications of such partnerships.
Final Interagency Guidance on Third-Party Relationships.5
In June 2023, the federal banking agencies released guidance on managing risks in third-party relationships, including those with fintech companies. The guidance discusses the importance of due diligence, ongoing monitoring, and clear contractual agreements.
A review of enforcement actions issued by regulatory agencies during 2024 reflect common areas of violations, including weaknesses in board and management oversight, failures in the third-party risk management program and the oversight of fintech partners, deficiencies in the BSA/AML compliance programs, and non-compliance with consumer protection regulations. (See adjacent chart, 2024 Enforcement Actions Main Areas.)