- 24 Jun 2022
- Print
- PDF
Achieve Risk & Compliance readiness
- Updated on 24 Jun 2022
- Print
- PDF
Risk and Compliance readiness will ensure that you are prepared to launch your BaaS program on the Synctera platform.
Stakeholders within the process consist of your BaaS program team members. Make sure you include members of cross-functional teams in these activities so everyone has insight into the compliance and risk management requirements that you will need to meet.
Provide existing BaaS-related policies, disclosures, and limits
Please provide the following policies and disclosures, where available. It will allow Synctera to incorporate bank-specific disclosures for its FinTech partners and to understand the bank’s general existing policy requirements and any existing card or payment limits (these may be adjusted by the Sponsor Bank for its BaaS program).
- Organizational chart and contact info for the Sponsor Bank’s risk & compliance personnel focused on the BaaS program
- Account Closure Policy
- Escheatments Policy
- BSA/AML/OFAC Policy
- Credit Policy (for Sponsor Banks interested in supporting lending products)
- E-Sign Policy
- Funds Availability Policy
- Infosecurity Policy
- Merchant Category Code Policy / Restrictions
- Payments Risk Policy and any associated limits (e.g. card and ACH limits)
- Third Party Risk Management or Vendor Management Policy
- Bank customer disclosures, privacy policy/notices, and account agreements
Review Synctera due diligence process
Synctera’s FinTech due diligence process is designed to assist the bank in collecting and documenting initial diligence information on each FinTech. This allows a Sponsor Bank to understand the FinTech’s business model, product/customer base, management team, financial condition, and initial risk and compliance gaps. Synctera also creates a “baseline assessment,” which summarizes the FinTech’s information and identifies inherent risks.
The initial diligence process should assist the Sponsor Bank in determining whether they intend to move forward in partnering with a FinTech, but is not intended to collect all due diligence information for a launch. While the FinTech may begin partnering with the Sponsor Bank based on the initial diligence, it is still subject to a full risk and compliance implementation that ultimately requires the Sponsor Bank’s approval to launch with live customers. Please review Synctera’s FinTech Due Diligence Policy in Exhibit G for more information.
Review and approve standard policy and procedure templates
Synctera’s full implementation process includes working with the FinTech to build key risk and compliance policies, procedures and disclosures such as the FinTech’s BSA/AML policy, Reg E policy, and operational resilience information such as a business continuity plan. These items are based on templates to facilitate the implementation.
These templates in Exhibit G need to be approved by you as these will be used with all your incoming FinTech partners to help them ensure they are completing all of the compliance requirements at the right times to continuously move through the process.
Review anti-money laundering scenarios
Specifically designed for bank/FinTech partnerships, Synctera AML helps prevent financial crime by enabling banks and FinTechs to streamline their AML programs, from transaction monitoring to case management and report filing. You must review the AML scenarios in Exhibit H.
Review fraud scenarios
Synctera offers Synctera Fraud to FinTechs for transaction monitoring, and fraud cases are managed in Synctera Cases. While fraud losses are ultimately the FinTech’s responsibility, no bank wants to be used as a vehicle for fraud. Thus, the default rule set provided with Synctera Fraud can be customized by both the FinTech and by you, according to your needs. You must review the default Feedzai Fraud Rules in Exhibit I.
Review KYB scenarios
[content coming soon]
Review KYC scenarios
Banks expect their FinTech partners to meet KYC compliance requirements in adherence to the Bank Secrecy Act (BSA). Synctera’s KYC streamlines compliance processes using automated workflows. Our solution is purpose-built for bank/FinTech partnerships and pre-configured to meet the unique regulatory requirements of community banks. You must review the KYC scenarios in Exhibit K.
Meeting your Third and Fourth Party Risk Management Requirements
As a third party to the Sponsor Bank, Synctera recognizes that the Sponsor Bank must meet specific risk and regulatory requirements pertaining to Third Party Risk Management. Synctera conducts diligence and ongoing assessments of all of its key third parties such as the vendors that are integrated into the Synctera platform and key service providers to Synctera. These can also be known as fourth parties to the Sponsor Bank. Synctera documents its assessments and gathers all supporting information to evidence these assessments. Please see Synctera’s Third Party Risk Management and Outsourcing Oversight Policy in Exhibit G for more detail.