Achieve Risk & Compliance readiness
    • 24 Jun 2022
    • PDF

    Achieve Risk & Compliance readiness

    • PDF

    Article summary

    Risk and Compliance readiness will ensure that you are prepared to launch your BaaS program on the Synctera platform.


    Stakeholders within the process consist of your BaaS program team members. Make sure you include members of cross-functional teams in these activities so everyone has insight into the compliance and risk management requirements that you will need to meet.

    Please provide the following policies and disclosures, where available. It will allow Synctera to incorporate bank-specific disclosures for its FinTech partners and to understand the bank’s general existing policy requirements and any existing card or payment limits (these may be adjusted by the Sponsor Bank for its BaaS program).


    • Organizational chart and contact info for the Sponsor Bank’s risk & compliance personnel focused on the BaaS program
    • Account Closure Policy
    • Escheatments Policy
    • BSA/AML/OFAC Policy
    • Credit Policy (for Sponsor Banks interested in supporting lending products)
    • E-Sign Policy
    • Funds Availability Policy
    • Infosecurity Policy
    • Merchant Category Code Policy / Restrictions
    • Payments Risk Policy and any associated limits (e.g. card and ACH limits)
    • Third Party Risk Management or Vendor Management Policy
    • Bank customer disclosures, privacy policy/notices, and account agreements

    Review Synctera due diligence process

    Synctera’s FinTech due diligence process is designed to assist the bank in collecting and documenting initial diligence information on each FinTech. This allows a Sponsor Bank to understand the FinTech’s business model, product/customer base, management team, financial condition, and initial risk and compliance gaps. Synctera also creates a “baseline assessment,” which summarizes the FinTech’s information and identifies inherent risks.


    The initial diligence process should assist the Sponsor Bank in determining whether they intend to move forward in partnering with a FinTech, but is not intended to collect all due diligence information for a launch. While the FinTech may begin partnering with the Sponsor Bank based on the initial diligence, it is still subject to a full risk and compliance implementation that ultimately requires the Sponsor Bank’s approval to launch with live customers. Please review Synctera’s FinTech Due Diligence Policy in Exhibit G for more information.

    Review and approve standard policy and procedure templates

    Synctera’s full implementation process includes working with the FinTech to build key risk and compliance policies, procedures and disclosures such as the FinTech’s BSA/AML policy, Reg E policy, and operational resilience information such as a business continuity plan. These items are based on templates to facilitate the implementation.


    These templates in Exhibit G need to be approved by you as these will be used with all your incoming FinTech partners to help them ensure they are completing all of the compliance requirements at the right times to continuously move through the process.

    Review anti-money laundering scenarios

    Specifically designed for bank/FinTech partnerships, Synctera AML helps prevent financial crime by enabling banks and FinTechs to streamline their AML programs, from transaction monitoring to case management and report filing. You must review the AML scenarios in Exhibit H.

    Review fraud scenarios

    Synctera offers Synctera Fraud to FinTechs for transaction monitoring, and fraud cases are managed in Synctera Cases. While fraud losses are ultimately the FinTech’s responsibility, no bank wants to be used as a vehicle for fraud. Thus, the default rule set provided with Synctera Fraud can be customized by both the FinTech and by you, according to your needs. You must review the default Feedzai Fraud Rules in Exhibit I

    Review KYB scenarios

    [content coming soon]

    Review KYC scenarios

    Banks expect their FinTech partners to meet KYC compliance requirements in adherence to the Bank Secrecy Act (BSA). Synctera’s KYC streamlines compliance processes using automated workflows. Our solution is purpose-built for bank/FinTech partnerships and pre-configured to meet the unique regulatory requirements of community banks. You must review the KYC scenarios in Exhibit K.


    Meeting your Third and Fourth Party Risk Management Requirements

    As a third party to the Sponsor Bank, Synctera recognizes that the Sponsor Bank must meet specific risk and regulatory requirements pertaining to Third Party Risk Management. Synctera conducts diligence and ongoing assessments of all of its key third parties such as the vendors that are integrated into the Synctera platform and key service providers to Synctera. These can also be known as fourth parties to the Sponsor Bank. Synctera documents its assessments and gathers all supporting information to evidence these assessments. Please see Synctera’s Third Party Risk Management and Outsourcing Oversight Policy in Exhibit G for more detail.




    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.