Fintech Flash
April 16, 2024

15 Questions Fintechs Should Ask Potential Bank Partners in Due Diligence

Out of recent banking agency focus on fintech-bank partnership arrangements, we’ve had a number of fintech clients inquire about the questions they should ask potential bank partners in due diligence. This Fintech Flash features a number of questions we recommend.

Before we get to the questions, a few preliminary points should be made. First and overarching, we often hear anecdotally from fintech clients that there is close cooperation with their partner banks and that program camaraderie develops between the parties. Both parties treat these arrangements as true partnerships relationship-wise, recognizing that each party needs information from the other to evaluate the opportunity, commit to the arrangement, and launch and grow the program. To have a successful program, each party must have good results, and that begins with mutual cooperation in due diligence.

Second, we find that a fintech gets more out of oral responses from the bank to questions posed by the fintech on a video conference. So don’t send across a list of questions and expect fulsome written responses. When a bank is asked to respond in writing to a list of questions, it is more likely to assert that the information sought is privileged or confidential. More on this point in the “Regulator Actions” questions section below.

And, third, don’t send over the questions word-for-word before the video conference. Of course, send a list of topics you’d like to cover so the bank has some heads-up and can involve the right subject matter experts.  Below, you’ll see we separate out the questions by a subject heading and provide some context for, or commentary around, the questions. Send along the subject headings as topics, not the questions. If you provide the exact questions prior to the conference, in our experience, you’re more likely to get scripted, limited responses. You get fuller, more candid information in spontaneous responses to real-time questions.

Bank’s Due Diligence and Onboarding Process. It’s good to start with an “easy” question to get the dialogue flowing. Naturally, the bank knows its onboarding process cold and can hold forth on this topic. Plus, it’s important for the fintech to learn about onboarding requirements, milestones, and timing.

Question 1: Tell us about the bank’s due diligence and onboarding process. What are the major milestones and timing?  

Needless to say, for every question, be prepared to ask follow-up questions. Here are a couple for this one:

  • What makes for a smooth onboarding?
  • On a no-names basis, tell us about an onboarding that didn’t go well and why.

    You’ll see that we suggest questions around program failures. You can learn a lot from failures, and it’s good to hear how the bank deals with them.

Bank’s Program Controls. The bank must control the program, so it’s good to get a grasp up front on what controls the bank will put in place. Controls include reporting, bank audits, independent third-party compliance, AML and IT audits, vendor management audits, third-party validation of any credit decisioning model used in a lending program, annual audited financials, and quarterly unaudited financials. The program agreement the bank serves up will contain all the controls. 

Question 2: How does the bank approach its control of the program through reports, exams, audits, etc.?

Some potential follow-ups to this question include:

  • What types of annual third-party audits do you require partners to undertake (e.g., compliance, IT, credit decisioning model for loan programs)?
  • Generally, in your programs, what are the biggest things that come up in exercising control that require attention or remediation by the fintech partner? What types of compliance issues?
  • Will you require us to have a dedicated compliance officer before launch?
  • Will you require us to have a compliance management system in place before launch?

Other Programs Suspended or Terminated by Bank. Question 4 could be the most important one of all. Every bank will have programs that don’t go well. However, it’s important you hear about them directly from the bank to get a feel for the bank’s tolerance and how it works through problems.

Question 3: How many current programs does the bank have by program type (e.g., credit, deposits)?

Question 4: In the past two years, has the bank terminated or suspended any of its programs? If so, on a no-names basis, tell us about the circumstances.

Bank’s Current Types of Programs and Plans for Them, and Other New Program Types Planned in the Future. It’s vital to know whether the bank plans to expand, and dedicate more resources to, the types of programs you are interested in partnering with it on, or whether they will be de-emphasized.  Also, it would be helpful to know other types of programs the bank plans to roll out in the future that may be on your other financial products and services road map. 

Question 5: What are the bank’s future plans for the type of program we would enter into with you? Does it plan to expand, and dedicate more resources to, this type of program?

Question 6: What other new types of programs does the bank plan to offer in the future?

Bank’s Compliance Function. Although most of the compliance scrutiny will be on the fintech in due diligence, asking questions about the bank’s and its current programs’ compliance is fair game, especially because each consent order noted in the next section calls out bank compliance issues.

Question 7: Tell us about your chief compliance officer and the compliance function at the bank. How many dedicated compliance professionals do you have?

Question 8: Also, tell us about your AML program and AML officer. How will our program obligations fit into the bank’s AML program?

Question 9. Are there any compliance areas at the bank or for your partners in focus for enhancement?

If you have a lending program, it would be a good idea to ask drill-down questions on fair lending compliance.

Regulatory Actions. The consent orders entered into by Piermont, Sutton, Blue Ridge, Choice, and Cross River can be found on bank regulators’ websites. In due diligence, you should review the websites of the bank’s regulators to see if there any public consent orders involving your potential bank partner. If there are, you should ask questions about them, principally whether the order would limit or impact in any way your program.

What about nonpublic actions, or investigations, and enforcement actions that are ongoing and not public, that could limit or impact your program if adversely determined against the bank? You should ask if there are any of these.

Question 10: Are there any public or nonpublic actions that have been taken or entered into with your regulators that could limit or impact our program with you in any way?

Question 11: Are there any ongoing public or nonpublic inquiries, investigations, or enforcement actions with your regulators that could limit or impact our program with you in any way if adversely determined against the bank?

Question 12: In the past two years, has the bank received any formal or informal communication from its regulators, including through examination, expressing concern about any of its programs?

A bank might refuse to answer these questions on grounds that the requested information is privileged or constitutes confidential supervisory information. “Confidential supervisory information” is a broad term that generally refers to information that was created or obtained in furtherance of a banking agency’s supervisory, investigatory, or enforcement activities relating to a bank it supervises. While the scope of this term and whether a bank has merit in asserting it when refusing to respond is beyond the scope of this Flash, we note that a bank’s inability to answer “no” to these questions or its refusal to answer them may raise a yellow flag.

There are other ways to phrase questions to sidestep confidential supervisory information claims and get at the concern. Alternatively, you could ask whether regulator approval is needed for the program. If approval is required, special regulatory circumstances might exist. Where approval is required, don’t put too much effort into the arrangement until you’ve determined why approval is required, what obtaining the approval might entail, and whether you wish to wait until the approval is in hand.

You should ask similar questions about any ongoing or threatened class-action litigation.

Indemnification Claims Under Other Program Agreements. The indemnification section in a fintech-bank program agreement contractually allocates program losses between the fintech and the bank. Indemnifiable losses can result from third-party claims (e.g., regulator actions, customer class-action lawsuits) and, if the agreement is so drafted, claims between the parties for breaches of the program agreement and other agreed-upon indemnification grounds (e.g., security breaches). Getting a sense of any indemnification claims the bank has made against any of its fintech partners will give you an idea of some of the risks and losses shouldered by other fintechs under the bank’s programs.

Question 13: In the past two years, have you made any claims for indemnification against fintech companies under any of your program agreements? If so, on a no-names basis, tell us about the nature and amount of the claims.

Marketing Other Products and Services to Customers. Fintechs should be free to market other non-program products and services to its customers. Every so often we see a bank take an off-market position seeking to have an approval right over marketing other financial products and services. It would be good to hear whether the bank plans to try to hold such approval rights or ask for a right of first offer to provide other financial products and services that may be on your road map. It would also be good to understand whether the bank is going to require exclusivity over the program products and services.

Question 14: Down the road, we may offer other financial products and services not covered by this program, and we want to confirm we would be free to market other financial products and services to our customers. Is that right?

Bank Approval of Marketing and Other Program Materials. The bank and fintech work closely together to launch and run the program. Because the bank must control the program, it will need to approve many elements of the program, including product or service terms, fees and charges, underwriting/approval criteria, customer agreements and disclosures, and marketing materials, as well as changes to any of these. Fintechs move fast and are interested in knowing the bank’s approval process and timing.

Question 15: We understand that the bank must approve many elements of the program, such as product or service terms, fees and charges, underwriting/approval criteria, customer agreements and disclosures, and marketing materials. Can you tell us about the bank’s approval process and timing? 

Anything Else? Absolutely, but this is a good start. If you have a lending program, you should ask questions about most favored lender/interest rate exportation and true lender — the former to make sure the interest rate and charges planned to be charged on the loan product can be supported, and the latter to get a feel for how the bank addresses one of the biggest risks in a fintech-bank lending partnership.  Certainly, do your own compliance workup on these two issues because the risk around them could be allocated to you in the program agreement depending on how the agreement is drafted and negotiated. Finally, the questions offered here are geared to direct relationships with banks. If you are considering a platform arrangement with a nonbank company, such as Unit or Treasury Prime, tailor your questions to those types of arrangements.

Goodwin’s Fintech Team

We practice in every fintech vertical, including lending, alternative finance (e.g., merchant cash advances, earned wage access, and factoring), payments, deposits, insurance, broker-dealers, and investment advisers. In addition to doing product and service development regulatory work, we assist our fintech clients that choose to deliver their solutions through banks in entering into bank partnership and platform agreements.

About the Author

Mike Whalen is a Goodwin lifer, having practiced at the firm for his entire 25-year legal career. Mike’s first assignment as a first-year associate was working on a receivables purchase agreement for a department store credit card program. With these practice roots, Mike is a major proponent of fintech-bank partnerships and has seen the big benefits these arrangements have brought to the market, including greater consumer access to financial products and services, lower costs, better customer service, and more customer rewards.


This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.