Issue link: https://digital.shearman.com/i/1394543
24 Diligence of FinTech partners should, at minimum, cover legal entity status and foundational documentation, financial information and stability, insurance (e.g., cyber insurance), management qualification, examinations (i.e., audits, testing) and reports, applicable licensing, and policies and procedures (e.g., BSA/AML, OFAC, Record Retention, Cybersecurity, Privacy). In some bank-FinTech partnerships, banks may expose their internal operating systems, customer information, or both to potential weaknesses of a partner FinTech company. Banks should pay particular attention to cyber security, data privacy, disaster recovery, and business continuity risks of the FinTech company. With increased innovation in FinTech also comes more sophisticated bad actors who attempt to illegally access data, defraud customers and companies, and launder money. The ability to detect and prevent fraud and other financial crimes should also be scrutinized. Additional diligence of a FinTech company will be necessary depending on the nature of the partnership and the services the FinTech company will provide the bank. Banks entering into FinTech partnerships should address the regulatory risks posed by such relationships. Of particular importance is a partner- FinTech company's compliance with laws and regulations applicable to its business and activities (of which a bank should have an independent understanding), the company's relationship with its regulators, and maintenance of appropriate licenses, registrations, or certifications in order to ensure the company's own regulatory risks do not affect the bank's commercial relationship with it or, even worse, become imputed upon the bank. The U.S. state and federal financial regulators have developed, at times consistent and other times conflicting, positions on bank-FinTech partnerships, which presents a potentially complicated array of considerations for banks when engaging FinTech companies. State-level financial regulation in the U.S. presents a patchwork of 50 potential regulatory schemes to which a FinTech company and, by extension, its partnering bank may be subject. DUE DILIGENCE REGULATORY SCRUTINY