Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Signing the Dotted Line: A Guide to Landing a Sponsor Bank for Fintechs

Signing the Dotted Line: A Guide to Landing a Sponsor Bank for Fintechs

Expand for full transcript

This guide features expert insights from Lithic's Shawnet Palmer, Matthew Goldman of Totavi, Bryan Mulcahey of FS Vector, and Darin Petty of FinTech Tradecraft. Scroll to the bottom to learn more about them!

You've run through dozens of warm introductions, researched all their big fintech customers, and scrutinized their regulatory examination results, and at last you’ve created your shortlist of sponsor banks. Congratulations! Now comes the challenging part.

Signing a sponsor bank agreement may seem inevitable, but if you’re anything less than extremely well prepared,  then you’re signing up for several months worth of delays. 

Bryan Mulcahey, Managing Partner at FS Vector, explains that initial impressions matter. “Banks frequently employ the term "bank-ready" during their assessment of opportunities,” he says.

“Ensuring a seamless and efficient product launch hinges on maintaining momentum at every stage and consistently demonstrating that you are indeed ready for collaboration with the bank.”

In this guide, we explain in detail just how to fast-track the process of launching with your sponsor bank.

Step 1: Understand the bank’s stage of maturity

Fintechs might think deal-signing roadblocks occur primarily due to a lack of paperwork or organization on their end. However, Darin Petty, Founder of FinTech Tradecraft, says that looking at the other side of the signing equation is also critical.

The maturity of the bank’s sponsorship business gives you clues about where roadblocks may potentially occur and what you can do about them.

Here are the three bank maturity stages according to Petty:

  • Stage one – New to sponsorship and exploring opportunities
  • Stage two – Deep in sponsorship and growing aggressively
  • Stage three – Mature banks rooted in compliance and well-defined processes

Stage one banks usually lack internal guidelines about timelines or implementation. As a result, they underestimate the number of approvals they need — an internal lack of clarity that might seem malicious or deceptive to you.

“They see [what] other banks [are] telling [their] customers and don't realize that they have more internal approvals and battles ahead than they thought,” he says. “This stage can create distrust and can cause issues on many levels.” 

When working with banks that are new to fintech sponsorship, just be aware of the trade that you're making: they may be more willing to work with early-stage fintechs but the risk is that approvals may take longer than promised, and that goalposts may keep shifting. This just has to do with the fact that the banks, too, are learning as they go. 

Stage two banks are more experienced, but they run into hurdles, too. “[These banks] are under pressure to grow volumes, and their solution is to just add as many FinTechs as possible,” Petty says.

The rush to onboard as many clients as possible leads to employees taking shortcuts, particularly in compliance, which puts the bank at risk of violating regulations, creating roadblocks for your partnership.

“Remember, it is the same amount of work to onboard volume producers as it is to onboard non-producers,” Petty says. “This becomes a choking point at banks. Employees find faster ways to get past all the strict steps that take too much time but are critical in the eyes of regulators.”

Try to do your own diligence and reference calls with fintechs that already work with these stage two banks. Check if they have experienced any surprises or expected slowdowns in workflows with these banks. Ideally, avoid getting too far down the line with banks that have grown too fast and gotten ahead of their skis in terms of compliance and oversight capacity. 

This brings us to stage three banks. These banks have seen it all and have figured growth out without violating compliance. Obviously, they’re the ones you should work with, right?

The problem, Petty says, is these banks are few and far between. And that isn’t the only issue.

“[Banks in] this stage are usually much more expensive to Fintechs in terms of pricing, minimums, reserves, due diligence requirements, and more,” he explains. “The roadblocks at this stage happen right up front during initial discussions.”

Unless you already operate at material scale, you might be better off negotiating with stage one and two banks, provided you mitigate the risks previously noted.

“Talk to the banks in the right stage who also have the right approach to your product,” he says. “[This] will reduce overall process [timelines.]”

Step 2: Present your business potential

Bank due diligence begins by evaluating your experience and ability to conduct business. Matthew Goldman, Founder and President of Totavi LLC, explains why a lack of funding or traction in the fintech’s business can pose roadblocks.

Sponsor banks have to show their regulators that they are doing business with valid, ongoing concerns,” he says. “If you launch and then immediately run out of capital, that is a very bad scenario.”

Goldman says sponsor banks typically look for $3-5 MM capital raised or a large user base of many “tens (if not hundreds) of thousands.” 

“The hurdle is very frustrating for startups, but it is part of today's environment,” he says.

Mulcahey notes that, “In a worst-case scenario for a bank, the fintech may exhaust its funds, leading to either a sudden closure of accounts with potential customer harm and [Consumer Financial Protection Bureau] CFPB issues or a transfer of the program to the bank for unwinding, resulting in a substantial financial loss for the bank.”

So expect the bank to scrutinize your financials and request the following:

  • Financial statements
  • Funding sources
  • Access to funds and projected borrowing capacity
  • Net cash flow

Lithic’s Head of Compliance, Shawnet Palmer, also recommends clearly laying out what problem you'll solve and how you'll make money. 

Shawnet, who has prior experience interacting with hundreds of programs at Bancorp, observes that ultimately, "More sophisticated banks are looking for revenue-making opportunities with low risk.”

Make it easy for the bank to figure out your business by clearly listing your offering and the services you'll need. 

For instance, will you need lending licenses? Will you issue cards? And so on.

Petty says a little research into the bank’s concerns goes a long way.

“Avoid terms that are kryptonite to banks at the time you are engaging,” he says. “For example, this past year [2023], "Buy now pay later" became a deal-killer term, even if used as a subset of your product.”

FS Vector’s Mulcahey notes that supportability is important for banks to figure out at this stage. But what does this mean?

“In simpler terms, this entails understanding what the fintech requires from the bank to support its planned product structure and determining whether the bank is ready to facilitate that particular use case,” he explains.

“To navigate this stage successfully, the fintech should arrive prepared with a comprehensive vision for its product structure and a nearly finalized draft outlining the desired flow of funds.”

While banks will collaborate with the fintech to refine that structure to align with their capabilities, that initial vision is important.

“A conversation that is either too high-level or lacks stability in the product's details may hinder the bank's ability to articulate supportability or share next steps, such as a pricing proposal or a diligence request,” Mulcahey says.

Some of the essential documents your bank will review are:

  • Business plan
  • Board and executive bios with business experience
  • Hiring plans
  • Product construct and flow of funds
  • Strategic expansion plans
  • Internal revenue projections
  • List of clients using the services you offer
  • Patents and licenses, if any

Lastly, banks also scrutinize the level of experience your team has. 

Shawnet says, “Most [banks] may pass on a startup regardless of the revenue potential if they feel there is not enough experience at the helm."

She recommends staffing your team with people with relevant industry experience to gain credibility with the bank. The more people you have onboard with industry partnerships, compliance, and risk management experience, the better. 

Petty notes that contracting an expert consultant is a great way of demonstrating your commitment to expertise. “This expert should be someone who has a great reputation in the industry,” he says. “Most banks now either encourage it or require it.”

Given the variety of roles (card network, bank, processor, and program manager/fintech) in the fintech-bank partnership world, which role should you prioritize hiring first?

Petty says someone with experience in all four roles is the best choice. But what if you can’t find someone with a background in all four areas?

“If I had to choose only one of those four to hire from first, find someone that has been at the processor for five to ten years,” he advises. “Preferably [in the] early stages of building a processor.”  

What about company maturity? Should a new startup do things differently compared to a mature one? Goldman says established startups should focus on demonstrating their risk procedures and existing volume.

De Novo startups need to show funding traction and some business traction,” he continues. “That could be signed go-to-market partners, waitlists, or sample marketing tests that provide reasonable guidance to acquisition costs.”

Once the bank reviews all this information, it moves on to your policies and procedures.

Step 3: Demonstrate bank-readiness

You might be a young company, but banks expect certain levels of operational maturity before bringing you on board. As Shawnet puts it, "prove you're a blessing, not a headache."

Mulcahey notes that being proactive at this stage accelerates the due diligence process and helps banks immensely. “Go beyond the initial request and proactively prepare for subsequent inquiries,” he says.

“[The initial due diligence list] serves as the starting point for a series of requests on that topic. After submitting policies, the bank will swiftly seek additional artifacts to confirm your readiness in managing the obligations outlined in each policy.”

Proving operational maturity might seem daunting, but we can break it down into the following categories to better organize what information a fintech must gather:

  • Legal and regulatory compliance
  • Risk management and controls
  • Information security
  • Operational resilience

Let's dive into these categories separately.

Legal and regulatory compliance

Here, a bank aims to discover if you understand the legal and regulatory framework surrounding your activities. The more experience you have (either operationally or through staff experience), the fewer headaches you'll potentially present down the road.

Note that your bank will have different policy requirements depending on your program. 

The relevance of regulation-specific policies is contingent on factors such as the product type, program setup, and focus on consumer vs. commercial customers,” Mulcahey says. 

At a high level, he advises fintechs focus on crafting and refining the following:

  • Policies that need a vendor to be operationalized (e.g., anti-money laundering and sanctions)
  • Policies that play a pivotal role in shaping the functionality of the product (e.g., funds availability or fair lending)
  • Policies that define how you’ll establish day-to-day operations (e.g., complaint management)

One good way to prepare for this step is to use legal templates from your issuer processor and work with fintech consultants to guide you. You can also tap into your network and ask existing fintech programs how they built their compliance policies and procedures.

“The cost of remedying issues in a compliance program is significantly higher than making an initial investment to ensure it is correct,” Mulcahey notes. “Anticipate that compliance and risk management is an ongoing journey, not a destination.”

Based on its reviews, your bank may propose some mitigatory processes like periodic compliance audits and customer complaint logging.

Risk management and controls

Goldman explains that banks are fundamentally risk management operations and are not looking to dramatically increase their risk exposure.

“Onboarding and money-in/money-out risk management procedures should be priority #1,” Goldman says. “It's not that hard to build a core PCI or disaster recovery policy, but the specifics of onboarding and how money moves are usually unique per product.”

He believes these policies are a great opportunity for a fintech to show the bank it knows what it’s doing. Their reviews of your risk management policies and controls occur in this context.

Here are some documents your bank will ask you to provide at this step:

  • Risk and compliance staffing records
  • Dispute resolution processes
  • Chargeback handling processes
  • Transaction monitoring policy and procedures
  • Exception handling workflows
  • Controls review schedules

A common question that fintechs have at this step is: What if your information is proprietary and sharing it will materially affect your business? Banks are usually willing to accommodate these situations, but it's a tricky balance since so much depends on the bank's risk appetite and regulatory obligations that are upstream of them. 

Information security

No bank wants to be exposed to a regulatory or reputational nightmare because you suffered a data breach so expect to treat InfoSec with the gravity it deserves.

Here are some documents your bank will ask for:

  • Cybersecurity control reports
  • Backup management processes
  • Security policies and access controls
  • Privacy law compliance controls

As with the previous categories, prepare for your bank to propose mitigatory controls if they feel your systems aren't as mature as they'd like. 

The bank may propose growth milestones when you must conduct Governance, Resilience, and Compliance (GRC) audits for frameworks like SOC 2, PCI DSS, or NIST 800-171.

Operational resilience

As we previously discussed, banks have well-defined risk appetites. Understanding how (and whether) you can operate through a disruption is critical to their due diligence process.

“Banks will seek evidence that the fintech is prepared for launch and has operationalized its responsibilities going beyond the mere existence of policies,” Mulcahey says.

Here are a few documents that prove your operational resilience:

  • Business continuity plans
  • Incident response plans
  • Insurance policies and proofs
  • System backup schedules
  • Security audit reports
  • List of subcontractors and third-party professionals
  • Subcontractor certifications

Based on the bank's risk appetite, it may propose conducting resilience tests periodically. Also, be prepared to answer questions about how you'll handle potential bankruptcy disrupting your ability to service customers.

Step 4: Contracting and Negotiating

This step is all about negotiating commercial agreements and service-level agreements (SLAs) with your sponsor bank. Operationally mature banks will usually have templates you can use as a starting point.

“Fintech companies often focus on economics, which is important, but look for exclusivity terms, wind down and program transfer rights, and how economics are calculated,” Goldman says.

Goldman adds that specifying the details of interchange shares is critical. “Pay close attention to where that split [the interchange split] is made,” he says. “Is it a flat rate? Is it 70/30 but before bank fees or after bank fees? The definition of "net interchange" can change a lot.”

Each bank has a slightly different process. Lithic’s Reggie Young and Matt Janiga discussed a few popular banks' processes in this FinTech Layer Cake podcast episode.

Mulcahey cautions that this step can run for far too long if you are not careful. He advises fintechs to avoid a situation where the bank shares economic terms and a letter of intent only after completing due diligence.

“[This] disrupts the alignment with other bank conversations [you’re having,]” he says. “Instead, request an economic understanding and/or a signed letter of intent prior to kicking off the full due diligence process. Following an initial agreement on economic terms, [Master Service Agreement] MSA redlining and compliance diligence should run concurrently.”

Here are a few critical points you must clarify:

  • Establish clear SLAs connected to routine workflows like reviewing and approving marketing materials.
  • Pin down issue escalation and clarification timelines.
  • Define responsibilities for compliance and risk management with indemnifications for breaches or issues leading to financial loss. 
  • Define responsibilities (including monetary ones) associated with particular regulatory violations. For example, determining Regulation E monetary penalty responsibilities depends on the structure of the partnership.
  • Clarify contract duration and termination rights.
  • Establish collateral requirements and financial covenants. Agreements that tie up an excessive amount of cash hinder growth. Evaluate whether you can meet financial covenants related to runway given your fundraising plans.
  • Get a full list of fees:
  • Milestone fees
  • Delayed launch fees
  • Maintenance fees
  • Product sponsorship fees
  • New vendor diligence and onboarding fees
  • Monthly minimums
  • Miscellaneous fees

Mulcahey says that negotiations around indemnification provisions can be the longest part of the process.

“To expedite this process, engage experienced fintech counsel and share comprehensive details of the program structure and your own risk tolerance so they can be an effective and efficient advocate throughout the process,” he advises.

He also counsels fintechs to avoid long-term exclusivity with one bank. 

“At a certain scale, it's prudent to contemplate introducing redundancy in partner banks,” he says. “Consider replacing exclusivity with a percentage of volume and assess the feasibility of redirecting a substantial volume to an alternative bank in your product structure, along with the attractiveness of such an arrangement to the future banks.”

At the end of this step, you'll be ready to sign on the dotted line and begin to prepare for your launch!

Step 5: Maintain your relationship

A resilient sponsor-bank relationship helps you grow and prevents headaches for your business or your customers down the road. Be as transparent as possible and proactive with any issues you find.

"Be responsive, open-minded, willing to negotiate and compromise," says Shawnet. "The key to a great partnership is open communication and honesty. If you need advice, ask for it. If you have an idea to improve a process, say something. Keep the lines of communication open."

“Good rapport”, says Mulcahey, “is a healthy criterion to optimize for.”

Keep your options open

Despite the extensive preparation needed, Goldman cautions that bank deal signings often take longer than expected. “Be prepared for the process,” he says. “Much like the fundraising journey, be prepared to have a lot of meetings that don't go anywhere!”

FinTech Tradecraft’s Petty offers some straight advice for founders. “I have noticed that most fintech founders are used to being smarter than most people around them,” he says. “They sometimes have a hard time believing that they need help from someone who knows what they are doing specifically with banks, processors, and networks.” 

“Taking a ‘move fast and break things’ approach that founders are used to rubs the bank the wrong way and will result in delays and problems.”

Lastly, remember that sponsor-bank relationships are absolutely critical to your success and at the same time a single bank may not be able or willing to support all products, so keep your options open. Per Mulcahey, “This one may be a surprise, but rarely is it the case that the bank will ultimately support multiple products from the same partner. Instead, it will be wise to pursue diversity and redundancy in the arrangement of bank partners.”

If you’d like to learn more about establishing a relationship with a sponsor bank and launching a card program, get in touch and speak with one of our experts. Lithic has worked with over a dozen different sponsor banks to support over 100 fintech programs. We’d be happy to help you sign a deal with the perfect sponsor bank for your product.

Expert Bios

Bryan Mulcahey

Bryan Mulcahey is the Managing Partner of FS Vector, an advisory and public policy firm for fintechs and partner banks. 

Bryan and his team have partnered with hundreds of clients on a range of initiatives including launching new products, establishing bank partnerships, acquiring state licenses, and building compliance and risk management programs.

Matthew Goldman

Matthew is the founder of Totavi and a lifelong serial entrepreneur. He has started five businesses, raised over $30MM in capital from leading investors, and successfully participated as a founder or executive in four exits worth more than $1.6 billion.

He started his payments journey in 2006 and has led programs, BAAS platforms, and personal finance marketing platforms, providing a unique operator’s perspective from multiple viewpoints.

Darin Petty

Darin Petty is the founder of Fintech Tradecraft, and has held leadership positions at several banks, a certified processor, and a major card network; he has also built several FinTech companies. 

Darin is a certified Six Sigma Black Belt and uses his skills in technology, banking, product development, business planning, and operations excellence to build the trust of FinTech Tradecraft’s clients.

Shawnet Palmer

Shawnet Palmer is the Head of Compliance at Lithic Inc. She has over 17 years experience in the banking industry working in a variety of roles including Operations, Product Implementation, Client Risk and Issues Management, Relationship Management as well as Marketing, AML and Regulatory Compliance.