Any company that wants to work directly with a bank must successfully complete the bank due diligence process. This Journal provides an actionable checklist for companies preparing for this process with a bank partner.
August 23, 2022Bank due diligence, also known as bank underwriting, refers to the process commercial banks use to assess the risk of partnering with a company that provides financial products or services.
During this process, companies need to demonstrate to banks that:
The bank due diligence process starts with the company gathering materials that represent its operations to the bank, and in particular, describe the company’s ownership structure, business model, and compliance program.
As we’ve discussed previously in the Journal, there are numerous long-term benefits to sitting in the flow of funds by partnering directly with a bank: more control, visibility, and faster payment processing times. Leveraging these benefits requires successfully completing the bank due diligence process, which may require an upfront investment, especially if this is your first time partnering with a bank.
This six-part checklist outlines some of the questions you are likely to encounter during the bank due diligence process. While by no means exhaustive, our hope is that it helps you better prepare for the underwriting conversation with your partner bank.
You will need to share materials that allow bankers to fully understand your business. These include: basic company information, your company’s financials, your flow of funds, and your product features.
You will need to provide copies of your formation documents (e.g., articles of incorporation and operating agreements) and details for all beneficial owners (typically persons that own more than 25% of the company).
This includes copies of all existing insurance policies owned by your business, such as general liability, professional liability, directors’ and officers’ liability, cyber insurance, and more.
You will need to show the bank that you have the appropriate licenses required for your business (e.g., FinCEN registration, money transmission licenses, state-specific licensing, etc.).
You will need to inform the bank of any pending, threatened, or ongoing investigations or litigation against your company since its founding. You will also need a process for handling Section 314(a) and 314(b) requests.
Some banks may also require you to provide contact details of your legal team, whether in-house or outside counsel.
A compliance program is a set of rules, protocols, and procedures an organization puts in place to comply with government regulations on money movement, such as the Bank Secrecy Act and the Anti-Money Laundering Act of 2020. For bank due diligence, you will need to have a compliance program in place that consists of the requirements listed below.
Banks will want to know your processes for onboarding users to your application. They will also want to see a representation of the user interface (UI) and user experience (UX).
You will need to share your Customer Identification Program (CIP) which is designed to:
You will need to provide evidence of a Customer Due Diligence (CDD) program. This program demonstrates that you understand the nature and purpose of your user relationships. In particular, it affirms that you understand your users’ businesses and professional activities, the sources of their income or assets, and how they plan to use your product and services. You should also be prepared to demonstrate an enhanced diligence process for users that are considered “high risk” as part of bank due diligence.
You will need to show banks a process for monitoring transactions to identify unusual or suspicious activity. This involves risk-based processes that evaluate individual transactions and transaction patterns to classify them as high, medium, or low risk with clear procedures for handling each category.
In some cases, you will need to demonstrate a program for monitoring suspicious activity and filing Suspicious Activity Reports (SARs) to help identify criminal activity. In many cases, this includes documentation such as:
You will need to confirm to the bank that you have a security and compliance training program for your employees according to their role and privileges.
You will need to show banks a documented program outlining your relationships with vendors during bank due diligence. This should include:
All compliance policies should be reviewed and approved by the board and senior committee.
You will need to conduct independent testing of your compliance program via an internal audit function or independent third party to confirm your BSA/AML responsibilities every 12-18 months.
For bank due diligence, you will need to outline your record-keeping process (e.g. for transactions and SARs), and affirm that this process complies with relevant laws.
Banks will want to see documentation for your data privacy programs. In particular, you should have policies that:
In some cases, depending upon your use-case, banks will also ask that you provide materials on your marketing organization and marketing plans. Banks will want to ensure that your marketing materials are within federal and state requirements.
Modern Treasury currently has integrations with more than 30 commercial banks globally, with new banks joining our network every month. In addition to managing the technical complexity of integrating with different banks and payment methods, we also help companies building embedded financial products find the best bank partner for their use case and make it easy to integrate compliance software and payments workflows with our Compliance product. With Modern Treasury, bank due diligence is more streamlined and transparent than before.
To learn more about our platform and how we help with finding a bank partner, reach out today.
See how smooth payment operations can be.