FINTECH COLLABORATION

ContentsContents1 INTRODUCTION ........................................................................................... 03

2 DATA SECURITY ........................................................................................... 04

3 OPERATIONAL CONTINUITY ................................................................... 04

4 REGULATORY DEMANDS AND CUSTOMER POLICIES ...................... 04

5 CONCENTRATION AND OVER-RELIANCE RISK ................................ 05

6 COMPETITIVE EDGE AND LOCK-IN ........................................................ 05

7 SIZE AND SCALABILITY ............................................................................. 05

8 THE COLLISION OF FINTECH AND TRADITION ................................ 06

9 CONCLUSION ............................................................................................... 06

There is no doubt that financial technology, or “FinTech”, is one of the fastest growing and most disruptive of all the new technology offerings. Faced with increasing customer choice and the imperative of rapid and real-time customer engagement, financial institutions are looking to leverage the increased choice, agility and innovation these alternatives to the traditional financial offerings bring. However, increased adoption of smaller FinTech products and services can bring different potential risks and pitfalls that financial institutions ought to consider so as to enhance, not jeopardise, customer experience.

INTRODUCTION

DATA SECURITY

Keeping a financial institution’s data secure is a difficult and time consuming task, even when the data is within the confines of the financial institution’s environment. More likely than not, any supplier that will “touch” the data will be subject to a rigorous on-boarding process to assure the financial institution that, operationally, the supplier is a capable and trust-worthy partner. Robust contract provisions, which have been negotiated to ensure that those contract terms reflect the reality of the solution being provided, will inevitably apply. Consequently, entering into contracts in relation to outsourced services with major suppliers, provided it is done correctly, comes with a fairly high degree of comfort as to the level of security that will be afforded to the data.

The decision to partner with a series of smaller FinTech providers is likely to result in an increase in the volume and variety of data flows, rendering that data more susceptible to unwitting manipulation, use or disclosure. FinTech providers can present a challenge as to whether they, as an organisation, have the ability to meet the robust data security requirements expected by financial institutions. For cloud-based solutions, the issues may be exacerbated as the data will be taken outside of the institution’s IT environment and potentially stored in a ‘one to many’/multi-user environment and the cloud provider may wish to provide only its standard commitments regarding the data. Whatever the specific detail of the delivery model, financial institutions may need to be prepared to focus on the ‘must haves’ when it comes to data security, with an emphasis on compliance with core security standards and prompt notification and remediation of breaches. This will probably need to be coupled with an understanding that a greater responsibility will likely sit within the financial institution itself to ensure compliance via its own processes and activities.

OPERATIONAL CONTINUITY

Depending on the business criticality of the FinTech application, operational continuity will be paramount to ensure the financial institution’s customers and reputation are not affected by an outage or diminution in service. Protecting against this possibility is often sought to be addressed via detailed contract terms, such as source code escrow provisions, early warning notices and pre-emptive step-in rights, as well as detailed exit provisions to assure the financial institution that any exit will be carefully planned for and managed. With a smaller FinTech provider, their ability to implement/react to these terms, if actually required, would need to be carefully considered. In reality, the FS business might find it needs to generate a more substantive ‘Plan B’ that can be implemented without reference to the FinTech.

REGULATORY DEMANDS AND CUSTOMER

POLICIES

Financial institutions are subject to increasing regulatory and internal policy requirements in relation to the use of technology within their business. It is usual to seek to flow down these demands to their service providers via detailed contractual obligations (which would include compliance with applicable policies). Given many of these requirements are aligned to ‘traditional’ outsourcing models, it may not be an easy or simple ‘fit’ to apply these to a FinTech provider, who will be very different in both composition and scale to the traditional outsourced providers, as well as a ‘traditional’ outsourced service. Ensuring regulatory compliance will therefore need to be carefully considered at the outset via, for example, more targeted and explicit requirements and/or a more defined analysis of the broader supplier eco-system and how that contributes (but only contributes) to compliance.

04 | Fintech Collaboration

CONCENTRATION AND OVER-RELIANCE RISK

In a ‘traditional’ outsourcing with a major vendor, a financial institution is more likely to be one of several large customers outsourcing services of a similar nature to the vendor. There are also likely to be other service providers that would provide a similar service, if required.

Whilst the size and agility of FinTech providers has played a key part in the rise of FinTech, their size and the size or make-up of their client base could present an increased concentration and over-reliance risk. This risk could manifest in two ways: 1) if it results in the FinTech provider’s business being overly dependent upon a single or small number of major clients or 2) if the FinTech service or product is particularly niche and the client is dependent upon it to run its business. In both scenarios, adverse impacts on the FinTech provider’s viability could present a real and rapidly occurring risk of material disruption. If the service was suddenly withdrawn, the financial institution would be faced with a material disruption as well as an unexpected and potentially significant cost increase in sourcing an alternative solution.

Financial institutions will need to monitor closely their reliance on a single FinTech provider, and plan any action it would take in the event the FinTech provider fails, so as to mitigate any impact on its ability to conduct its business.

COMPETITIVE EDGE AND LOCK-IN

The treatment of IP in relation to a FinTech application can be especially tricky. A key reason for using the application will likely be the novel solution it provides and, of course, the application will truly be the provider’s most valuable asset. The application might well be developed and enhanced through its use by the FS business (either because of the contribution of ideas and improvements, or because the application itself ‘learns’ and improves itself via its AI or RPA attributes). As such, the provider will naturally be keen to retain this IP as part of its ability to enhance the value of its own business. Conversely, the FS business will be nervous to ensure that its own proprietary processes, business rules and way of working (especially those that

might give it a competitive advantage) do not become inappropriately incorporated into a tool or application that is made available to competitors or challengers.

SIZE AND SCALABILITY

It is not unusual for a customer to ‘start small’, particularly when contracting services based on developing technologies with a proof of concept or an initial user base, with a view to scaling up following a successful initial period and/or to meet increasing demand. Whether or not a particular FinTech provider or product is capable of providing such flexibility should be carefully considered by examining not only the current capability but also the ability to scale to meet future growth. The possibility of such growth needs to be considered early and contracted for as early as is practical so that the parties can move forward without undue delay.

www.dlapiper.com | 05

THE COLLISION OF FINTECH AND TRADITION

One major development is traditional vendors seeking to position themselves as FinTech providers, whilst there is an ever increasing customer driven requirement to combine traditional offerings with FinTech solutions. Customers are more consistently expecting more open supplier platforms are imposing demands for more open platforms and expressly mandating of the use of FinTech solutions within a more traditional outsourcing service.

As such, it is important to consider the potential use of FinTech solutions not just when engaging with a FinTech but also when looking at “traditional” deals or deals that might appear, at the outset, to be “traditional”. In doing so, it is key to assess and, if relevant, include provisions relating to collaboration, the sharing of knowledge and the ability to ‘plug and play’ different applications into that traditional model. It will also be important to assess this, not just from a customer’s perspective (who might well be excited by the flexible opportunities this brings),

but also the two providers, by considering the impact on the outsourced service provision and the ‘balance of power’ between the outsourced service provider and the FinTech provider.

CONCLUSION

The FS market is already reaping the benefits of the FinTech ecosystem and the innovation, agility and cost saving it can bring. But contracting for FinTech providers brings unique challenges that need to be looked at differently from a traditional perspective and, borrowing from the use of FinTech itself, with a more innovative approach. Doing this properly can help to truly harness and gain the undoubted benefits whilst also enhancing the market overall.

If you would like to discuss any issues raised in this paper or relating to collaboration with FinTechs, please do contact your usual DLA Piper contact.

06 | Fintech Collaboration

www.dlapiper.com

DLA Piper is a global law firm operating through various separate and distinct legal entities. Further details of these entities can be found at www.dlapiper.com.

This publication is intended as a general overview and discussion of the subjects dealt with, and does not create a lawyer-client relationship. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. DLA Piper will accept no responsibility for any actions taken or not taken on the basis of this publication. This may qualify as “Lawyer Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Copyright © 2018 DLA Piper. All rights reserved. | JUN18 | 3312786