Speaker Blog Post: How to Manage Fintech Contract Negotiations

8/2/2021

Blog Post Authors: Sarah Sargent & Andrew Spillane from Godfrey & Kahn

The benefits of start-up financial technology companies partnering with established market participants, such as banks, credit unions, and finance companies, are endless. Yet, the conservative and risk-averse nature of financial institutions and the agencies regulating them can hinder innovative partnerships with fintech. In contrast to a software developer’s typically more nimble approaches, a regulated financial institution’s project plan can be thorough, lengthy, and cautious:

significant upfront diligence;
formal risk assessments in which a financial institution’s stakeholders identify all the ways a new program can go wrong and procedures to prevent or mitigate those dangers;
a carefully planned and timed project plan to implement the new product with intimate legal, compliance, and enterprise risk management involvement; and
ongoing compliance monitoring and management oversight.

While the risk governance functions and regulatory oversight often prompt exasperation from outside parties (and even sales and marketing groups within financial institutions), innovation is not impossible. The path forward comes down to each party doing their homework and being prepared to tackle the high-risk issues. Below, we outline the five main issues that tend to arise
when negotiating financial technology contracts and strategies to resolve them. Tackling each issue will help fintech and financial intuitions forge successful partnerships.

Clearly Define Expectations

This issue gets to the core issues of how the relationship will be conceptualized and implemented. The agreement should address issues such as:

Which party will have customer contact?
Which party will deliver what aspect of the product?
Which party owns the customer relationship?
Will there be a software and web-based interface, a call center, or interaction through physical standalone channels like ATMs or branch offices, and if so, when can the parties expect they will be available for customer use?
When the service is down or a force majeure event occurs, what business continuity or disaster recovery procedures can be expected to be implemented?
What party will be responsible for implementing compliance procedures, like customer due diligence under the anti-money laundering statutes and regulations, disclosure delivery, and complaint reporting and resolution?

From the institution’s perspective, the agreement must clearly specify their responsibilities so gaps in the customer experience are avoided and the right party is held accountable if they occur. From the fintech company’s perspective, the responsibilities must be consistent with their own business model and capabilities. We have seen many examples of fintech providers successfully modifying the periphery of their program to comply with the agreement, while maintaining the core structure of their business model. Other fintechs may take opportunities to create new programs to serve different clients in addition to existing programs, such as lead generation relationships with some institutions and loan sale and servicing relationships with others.

Confidentiality and Information Security are Critical

When handling customer information, confidentiality and information security will be critical. Regulators have started emphasizing the value of the FFIEC cybersecurity assessment tool (“CAT”), with some examiners requiring their institutions to meet specified maturity levels. Even for digitally native fintech companies, these requirements can be highly perspective. With
the right negotiation approach, fintech companies can sell the institution on what protocols they currently have in place and the means by which the protocols are tested, and then the institution can make a risk-based decision regarding the security procedures to prioritize.

Determine Appropriate Ownership and Permissions around Intellectual Property

The parties will need to document the ownership and use of intellectual property. Typically, the fintech company owns the intellectual property and the institution has a limited license to use it. But, when fintech solutions are jointly developed, this discussion becomes more complicated. A fintech company, particularly a smaller, less diversified startup, will need to retain ownership or other rights in the intellectual property to ensure freedom to market the product to others. The institution, by contrast, will see resale of the jointly developed intellectual property as an opportunity for their competitors to benefit from their investment or, if the fintech retains ownership, an opportunity to prevent the institution from marketing a similar product to its customer after the contract ends. The parties may therefore negotiate exclusivity provisions with reasonable boundaries around time, geography, and scope and license provisions with specific permissions around use.

Negotiate Appropriate Risk Allocations

The parties will need to negotiate appropriate risk allocations. This can be done through warranties, limits on liability, and indemnification provisions. This is especially important when a fintech company is providing a product the institution then markets to its customers. Since the institution is ultimately responsible for the acts of its third party service providers in the eyes of the regulators, it will look to its service providers to share in the responsibility should issues arise. At the same time, liability exposure can result in revenue recognition issues or, worse, the potential for a single customer relationship to put the company’s long-term viability at risk. Well-drafted warranties, limits on liability provisions, and indemnification provisions can protect the fintech company, while providing protection to the financial institution for certain higher risk priorities, like intellectual property infringement, security breaches, and serious instances of misconduct.

Don’t Underestimate the “Check the Box” Provisions

Typically, institutions include routine, “check the box” issues under institutions’ vendor management policies that are not often controversial. These provisions often include language that the fintech company will comply with ongoing due diligence monitoring requests, submit to the oversight and information requests of an institution’s examiners, and in the case of banks
acting as federal contractors, equal opportunity clauses. These miscellaneous provisions are important from a regulatory perspective and should not be overlooked.

These issues, and more, will be discussed in-depth by Andrew Spillane and Sarah Sargent at their 2021 U.S. Fintech Symposium session titled, "How To Get To Yes: Managing Contract Negotiation in Fintech."

Blog Post Authors:
Sarah Sargent & Andrew Spillane

Attorneys at Godfrey & Kahn

1 Comment