Financial technology (“fintech”) companies engaging in banking activities, such as underwriting and originating loans, are often required by their partner banks to have a compliance management system (“CMS”). The CMS should be structured similarly to that of a bank’s CMS, and should allow for proactive compliance risk management. While often not federally regulated, fintechs are under increasing scrutiny by their bank partners (who are federally regulated entities), state attorneys general, and other oversight bodies as it relates to consumer compliance. As such, banks with fintech partnerships are increasing their oversight and due diligence of their fintech partners’ CMS’ and relevant compliance controls.

Asurity Advisors leveraged subject matter experts to execute the CMS design and operating effectiveness review. Asurity requested and reviewed hundreds of documents, participated in walkthroughs of key processes, and conducted interviews of key personnel such as the Chief Risk Officer and the Chief Compliance Officer. Asurity concurrently performed transactional testing of nearly 1,000 transactions, covering a significant amount of the federal regulatory landscape that governs the banking activities conducted by the fintech.

Upon the conclusion of the review, Asurity developed a findings and observations log which contained all the preliminary findings (and their associated risk ratings), observations (non-risk-rated enhancement suggestions), and recommendations. Asurity worked with the fintech to perform factual accuracy vetting of all findings and observations and developed a comprehensive report detailing Asurity’s CMS review.

Ultimately, the fintech and their bank partners received independent assurance as to the adequacy of the fintech’s CMS. The report provided ample detail on the fintech’s CMS during the scope period and positioned the fintech and their bank partners to, respectively, perform and oversee any necessary remediation ahead of the next independent review.