Fintech Focus: Bank-Fintech Partnerships Update: Banking Agencies Finalize Key Risk Management Guidance
On June 6, 2023, federal banking agencies issued final Interagency Guidelines on Third-Party Relationships detailing their expectations for banks in establishing risk management practices with third-parties—including fintechs. This final guidance from the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of Currency (OCC) replaces previously issued general guidance for each agency’s supervised banking organizations. While the guidance addresses all third-party relationships, the banking agencies have voiced specific concerns regarding the proliferation of bank-fintech partnerships.
Key Takeaways for Bank-Fintech Partnerships
- A bank’s participation in a third-party partnership does not diminish the bank’s direct responsibility for ensuring that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.
- Fintech partners of banks are likely to see banks imposing stricter conditions and oversight as their bank partners update third-party risk management processes to meet their own compliance obligations.
- Fintechs and other non-bank service providers may also be subject to supervisory examination by the banking agencies related to partnership programs.
Summary and a “Non-Checklist” Checklist
The guidance provides what the banking agencies describe as a principles-based approach—rather than a rules-based approach or set checklist—to third-party risk management. Specifically, the guidance discusses several examples to support sound risk management at each stage of the third-party relationship life cycle— (1) planning; (2) due diligence and third-party selection; (3) contract negotiation; (4) ongoing monitoring; and (5) termination. Because of the principles-based nature of the guidance, the banking agencies emphasize that it is not endorsing a “one size fits all” model, but rather the guidance should be tailored to the unique circumstances of each third-party relationship.
(1) Planning—banks should evaluate and consider how to manage risks before entering into third-party relationships. Factors may include:
o Understanding the strategic purpose of the business arrangement and how it aligns with the bank’s overall strategic goals and objectives;
o Identifying and assessing benefits and risks of the business arrangement;
o Assessing the potential third-party’s impact on customers, including access to or use of customer information;
o Determining the bank’s ability to provide adequate oversight and management of the proposed third-party relationship.
(2) Due Diligence and Third-Party Selection—banks should assess a third-party’s ability to perform the activity as expected, adhere to the banking organization’s policies, and comply with all applicable laws, regulations, and conduct. Factors may include:
o A third-party’s overall business strategy and goals;
o Legal and regulatory compliance considerations associated with engaging a third-party to appropriately mitigate risks associated with third-party relationships;
o Assessment of a third-party’s financial condition;
o Evaluation of a third-party’s business experience in performing the activity;
o Qualifications of key personnel and other human resources considerations;
o Evaluation of a third-party’s overall risk management, including governance processes;
o Assessment of a third-party’s information security program, including protecting confidentiality, integrity, and availability of a bank’s data.
(3) Contract Negotiation—banks should negotiate contract provisions that will facilitate effective risk management and oversight and specify expectations and obligations of both parties. Factors may include:
o Clearly identifying the rights and responsibilities of each party, including nature and scope of the business arrangement;
o Defined performance measures to evaluate performance of third-parties;
o A third-party’s obligation to retain and provide timely and accurate information to banking organizations to monitor risks and performance;
o Responsibility for compliance with applicable laws and regulations;
o Prohibiting disclosure of non-public information, including the process of disclosing information security breaches or unauthorized intrusions.
(4) Ongoing Monitoring—banks should conduct monitoring on a periodic or continuous basis throughout the duration of the third-party relationship, commensurate with the risk level and complexity of the relationship and the activity performed by the third-party. Monitoring activities may include:
o Review of reports regarding the third-party’s performance and the effectiveness of its controls; periodic visits and meetings with third-party representatives; regular testing of the banking organization’s controls;
o Monitoring the third-party’s business strategy, financial condition, compliance with applicable laws and regulations, and response to incidents and business continuity.
(5) Termination—banks should terminate third-party relationships in an efficient manner when the activities are transitioned to another third-party, brought in-house, or discontinued. Factors may include:
o Options for effective transition of services;
o Managing risks associated with data retention and destruction;
o Managing risks to the banking organization, including impact on customers.
The interagency guidance further identifies three categories of governance to consider throughout the third-party relationship life cycle: (1) oversight and accountability at the board of directors and management levels; (2) periodic independent reviews to assess the adequacy of the bank’s risk management governance; and (3) proper documentation and reporting on the bank’s risk management processes and third-party relationships.
What Does this Mean for Fintechs?
The interagency guidance expands the scope of the banking agencies’ earlier general guidance on third-party risk management and now extends broadly to “any business arrangement between a banking organization and another entity.” While not all third-party relationships may require the same level or type of oversight or risk management, fintech partnerships not covered by previous guidance will likely see increased attention to risk management considerations as banks review their inventories of third-party relationships.
Importantly, the banking agencies’ framework also provides broader scrutiny for fintech companies and other third-party providers that partner with banks—including potentially being the subject of supervisory examinations based on the functions and operations that it performs on behalf of the bank. And as banks evaluate their third-party risk management processes for potential gaps, banks may start to impose additional requirements on their fintech counterparts. For example, fintech partners may see more requests from banks for extensive information on their risk management processes as banks conduct due diligence, increase oversight of subcontractors during the contract negotiation process, and engage in direct testing of fintech controls as part of ongoing monitoring.
Enforcement Outlook—“Mind the Gaps”
Following recent OCC and FDIC enforcement actions against banks involving fintechs, the interagency guidance clarifies that banks are ultimately responsible for ensuring that activities conducted through a third-party are conducted in compliance with applicable laws and regulations. However, the guidance also provides that as banking agencies review banking organizations’ risk management of third-party relationships as part of their standard supervision, the banking agencies may also extend their review to third-party partners when warranted.
Notably, the coordination between banks and fintechs, or other third-parties, can create compliance gaps and expose bank-fintech partnerships to increased enforcement risk. For example, gaps in Anti-Money Laundering (AML) compliance—which is highly-regulated and requires comprehensive compliance operations, transaction monitoring, and the filing of Suspicious Activity Reports (SARs)—can lead to serious penalties and even criminal charges if there are significant deficiencies. Other risk areas include sanctions screening and the handling of customer complaints and inquiries, as regulatory enforcement activity involving Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) claims continues to increase. As bank-fintech partnerships grow, so do the risks of compliance gaps and increased enforcement activity.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Key Takeaways for Bank-Fintech Partnerships
- A bank’s participation in a third-party partnership does not diminish the bank’s direct responsibility for ensuring that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.
- Fintech partners of banks are likely to see banks imposing stricter conditions and oversight as their bank partners update third-party risk management processes to meet their own compliance obligations.
- Fintechs and other non-bank service providers may also be subject to supervisory examination by the banking agencies related to partnership programs.
Summary and a “Non-Checklist” Checklist
The guidance provides what the banking agencies describe as a principles-based approach—rather than a rules-based approach or set checklist—to third-party risk management. Specifically, the guidance discusses several examples to support sound risk management at each stage of the third-party relationship life cycle— (1) planning; (2) due diligence and third-party selection; (3) contract negotiation; (4) ongoing monitoring; and (5) termination. Because of the principles-based nature of the guidance, the banking agencies emphasize that it is not endorsing a “one size fits all” model, but rather the guidance should be tailored to the unique circumstances of each third-party relationship.
(1) Planning—banks should evaluate and consider how to manage risks before entering into third-party relationships. Factors may include:
o Understanding the strategic purpose of the business arrangement and how it aligns with the bank’s overall strategic goals and objectives;
o Identifying and assessing benefits and risks of the business arrangement;
o Assessing the potential third-party’s impact on customers, including access to or use of customer information;
o Determining the bank’s ability to provide adequate oversight and management of the proposed third-party relationship.
(2) Due Diligence and Third-Party Selection—banks should assess a third-party’s ability to perform the activity as expected, adhere to the banking organization’s policies, and comply with all applicable laws, regulations, and conduct. Factors may include:
o A third-party’s overall business strategy and goals;
o Legal and regulatory compliance considerations associated with engaging a third-party to appropriately mitigate risks associated with third-party relationships;
o Assessment of a third-party’s financial condition;
o Evaluation of a third-party’s business experience in performing the activity;
o Qualifications of key personnel and other human resources considerations;
o Evaluation of a third-party’s overall risk management, including governance processes;
o Assessment of a third-party’s information security program, including protecting confidentiality, integrity, and availability of a bank’s data.
(3) Contract Negotiation—banks should negotiate contract provisions that will facilitate effective risk management and oversight and specify expectations and obligations of both parties. Factors may include:
o Clearly identifying the rights and responsibilities of each party, including nature and scope of the business arrangement;
o Defined performance measures to evaluate performance of third-parties;
o A third-party’s obligation to retain and provide timely and accurate information to banking organizations to monitor risks and performance;
o Responsibility for compliance with applicable laws and regulations;
o Prohibiting disclosure of non-public information, including the process of disclosing information security breaches or unauthorized intrusions.
(4) Ongoing Monitoring—banks should conduct monitoring on a periodic or continuous basis throughout the duration of the third-party relationship, commensurate with the risk level and complexity of the relationship and the activity performed by the third-party. Monitoring activities may include:
o Review of reports regarding the third-party’s performance and the effectiveness of its controls; periodic visits and meetings with third-party representatives; regular testing of the banking organization’s controls;
o Monitoring the third-party’s business strategy, financial condition, compliance with applicable laws and regulations, and response to incidents and business continuity.
(5) Termination—banks should terminate third-party relationships in an efficient manner when the activities are transitioned to another third-party, brought in-house, or discontinued. Factors may include:
o Options for effective transition of services;
o Managing risks associated with data retention and destruction;
o Managing risks to the banking organization, including impact on customers.
The interagency guidance further identifies three categories of governance to consider throughout the third-party relationship life cycle: (1) oversight and accountability at the board of directors and management levels; (2) periodic independent reviews to assess the adequacy of the bank’s risk management governance; and (3) proper documentation and reporting on the bank’s risk management processes and third-party relationships.
What Does this Mean for Fintechs?
The interagency guidance expands the scope of the banking agencies’ earlier general guidance on third-party risk management and now extends broadly to “any business arrangement between a banking organization and another entity.” While not all third-party relationships may require the same level or type of oversight or risk management, fintech partnerships not covered by previous guidance will likely see increased attention to risk management considerations as banks review their inventories of third-party relationships.
Importantly, the banking agencies’ framework also provides broader scrutiny for fintech companies and other third-party providers that partner with banks—including potentially being the subject of supervisory examinations based on the functions and operations that it performs on behalf of the bank. And as banks evaluate their third-party risk management processes for potential gaps, banks may start to impose additional requirements on their fintech counterparts. For example, fintech partners may see more requests from banks for extensive information on their risk management processes as banks conduct due diligence, increase oversight of subcontractors during the contract negotiation process, and engage in direct testing of fintech controls as part of ongoing monitoring.
Enforcement Outlook—“Mind the Gaps”
Following recent OCC and FDIC enforcement actions against banks involving fintechs, the interagency guidance clarifies that banks are ultimately responsible for ensuring that activities conducted through a third-party are conducted in compliance with applicable laws and regulations. However, the guidance also provides that as banking agencies review banking organizations’ risk management of third-party relationships as part of their standard supervision, the banking agencies may also extend their review to third-party partners when warranted.
Notably, the coordination between banks and fintechs, or other third-parties, can create compliance gaps and expose bank-fintech partnerships to increased enforcement risk. For example, gaps in Anti-Money Laundering (AML) compliance—which is highly-regulated and requires comprehensive compliance operations, transaction monitoring, and the filing of Suspicious Activity Reports (SARs)—can lead to serious penalties and even criminal charges if there are significant deficiencies. Other risk areas include sanctions screening and the handling of customer complaints and inquiries, as regulatory enforcement activity involving Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) claims continues to increase. As bank-fintech partnerships grow, so do the risks of compliance gaps and increased enforcement activity.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Related Attorneys
Related Articles
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
On June 6, 2023, federal banking agencies issued final Interagency Guidelines on Third-Party Relationships detailing their expectations for banks in establishing risk management practices with third-parties—including fintechs. This final guidance from the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of Currency (OCC) replaces previously issued general guidance for each agency’s supervised banking organizations. While the guidance addresses all third-party relationships, the banking agencies have voiced specific concerns regarding the proliferation of bank-fintech partnerships.
Key Takeaways for Bank-Fintech Partnerships
- A bank’s participation in a third-party partnership does not diminish the bank’s direct responsibility for ensuring that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.
- Fintech partners of banks are likely to see banks imposing stricter conditions and oversight as their bank partners update third-party risk management processes to meet their own compliance obligations.
- Fintechs and other non-bank service providers may also be subject to supervisory examination by the banking agencies related to partnership programs.
Summary and a “Non-Checklist” Checklist
The guidance provides what the banking agencies describe as a principles-based approach—rather than a rules-based approach or set checklist—to third-party risk management. Specifically, the guidance discusses several examples to support sound risk management at each stage of the third-party relationship life cycle— (1) planning; (2) due diligence and third-party selection; (3) contract negotiation; (4) ongoing monitoring; and (5) termination. Because of the principles-based nature of the guidance, the banking agencies emphasize that it is not endorsing a “one size fits all” model, but rather the guidance should be tailored to the unique circumstances of each third-party relationship.
(1) Planning—banks should evaluate and consider how to manage risks before entering into third-party relationships. Factors may include:
o Understanding the strategic purpose of the business arrangement and how it aligns with the bank’s overall strategic goals and objectives;
o Identifying and assessing benefits and risks of the business arrangement;
o Assessing the potential third-party’s impact on customers, including access to or use of customer information;
o Determining the bank’s ability to provide adequate oversight and management of the proposed third-party relationship.
(2) Due Diligence and Third-Party Selection—banks should assess a third-party’s ability to perform the activity as expected, adhere to the banking organization’s policies, and comply with all applicable laws, regulations, and conduct. Factors may include:
o A third-party’s overall business strategy and goals;
o Legal and regulatory compliance considerations associated with engaging a third-party to appropriately mitigate risks associated with third-party relationships;
o Assessment of a third-party’s financial condition;
o Evaluation of a third-party’s business experience in performing the activity;
o Qualifications of key personnel and other human resources considerations;
o Evaluation of a third-party’s overall risk management, including governance processes;
o Assessment of a third-party’s information security program, including protecting confidentiality, integrity, and availability of a bank’s data.
(3) Contract Negotiation—banks should negotiate contract provisions that will facilitate effective risk management and oversight and specify expectations and obligations of both parties. Factors may include:
o Clearly identifying the rights and responsibilities of each party, including nature and scope of the business arrangement;
o Defined performance measures to evaluate performance of third-parties;
o A third-party’s obligation to retain and provide timely and accurate information to banking organizations to monitor risks and performance;
o Responsibility for compliance with applicable laws and regulations;
o Prohibiting disclosure of non-public information, including the process of disclosing information security breaches or unauthorized intrusions.
(4) Ongoing Monitoring—banks should conduct monitoring on a periodic or continuous basis throughout the duration of the third-party relationship, commensurate with the risk level and complexity of the relationship and the activity performed by the third-party. Monitoring activities may include:
o Review of reports regarding the third-party’s performance and the effectiveness of its controls; periodic visits and meetings with third-party representatives; regular testing of the banking organization’s controls;
o Monitoring the third-party’s business strategy, financial condition, compliance with applicable laws and regulations, and response to incidents and business continuity.
(5) Termination—banks should terminate third-party relationships in an efficient manner when the activities are transitioned to another third-party, brought in-house, or discontinued. Factors may include:
o Options for effective transition of services;
o Managing risks associated with data retention and destruction;
o Managing risks to the banking organization, including impact on customers.
The interagency guidance further identifies three categories of governance to consider throughout the third-party relationship life cycle: (1) oversight and accountability at the board of directors and management levels; (2) periodic independent reviews to assess the adequacy of the bank’s risk management governance; and (3) proper documentation and reporting on the bank’s risk management processes and third-party relationships.
What Does this Mean for Fintechs?
The interagency guidance expands the scope of the banking agencies’ earlier general guidance on third-party risk management and now extends broadly to “any business arrangement between a banking organization and another entity.” While not all third-party relationships may require the same level or type of oversight or risk management, fintech partnerships not covered by previous guidance will likely see increased attention to risk management considerations as banks review their inventories of third-party relationships.
Importantly, the banking agencies’ framework also provides broader scrutiny for fintech companies and other third-party providers that partner with banks—including potentially being the subject of supervisory examinations based on the functions and operations that it performs on behalf of the bank. And as banks evaluate their third-party risk management processes for potential gaps, banks may start to impose additional requirements on their fintech counterparts. For example, fintech partners may see more requests from banks for extensive information on their risk management processes as banks conduct due diligence, increase oversight of subcontractors during the contract negotiation process, and engage in direct testing of fintech controls as part of ongoing monitoring.
Enforcement Outlook—“Mind the Gaps”
Following recent OCC and FDIC enforcement actions against banks involving fintechs, the interagency guidance clarifies that banks are ultimately responsible for ensuring that activities conducted through a third-party are conducted in compliance with applicable laws and regulations. However, the guidance also provides that as banking agencies review banking organizations’ risk management of third-party relationships as part of their standard supervision, the banking agencies may also extend their review to third-party partners when warranted.
Notably, the coordination between banks and fintechs, or other third-parties, can create compliance gaps and expose bank-fintech partnerships to increased enforcement risk. For example, gaps in Anti-Money Laundering (AML) compliance—which is highly-regulated and requires comprehensive compliance operations, transaction monitoring, and the filing of Suspicious Activity Reports (SARs)—can lead to serious penalties and even criminal charges if there are significant deficiencies. Other risk areas include sanctions screening and the handling of customer complaints and inquiries, as regulatory enforcement activity involving Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) claims continues to increase. As bank-fintech partnerships grow, so do the risks of compliance gaps and increased enforcement activity.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Key Takeaways for Bank-Fintech Partnerships
- A bank’s participation in a third-party partnership does not diminish the bank’s direct responsibility for ensuring that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.
- Fintech partners of banks are likely to see banks imposing stricter conditions and oversight as their bank partners update third-party risk management processes to meet their own compliance obligations.
- Fintechs and other non-bank service providers may also be subject to supervisory examination by the banking agencies related to partnership programs.
Summary and a “Non-Checklist” Checklist
The guidance provides what the banking agencies describe as a principles-based approach—rather than a rules-based approach or set checklist—to third-party risk management. Specifically, the guidance discusses several examples to support sound risk management at each stage of the third-party relationship life cycle— (1) planning; (2) due diligence and third-party selection; (3) contract negotiation; (4) ongoing monitoring; and (5) termination. Because of the principles-based nature of the guidance, the banking agencies emphasize that it is not endorsing a “one size fits all” model, but rather the guidance should be tailored to the unique circumstances of each third-party relationship.
(1) Planning—banks should evaluate and consider how to manage risks before entering into third-party relationships. Factors may include:
o Understanding the strategic purpose of the business arrangement and how it aligns with the bank’s overall strategic goals and objectives;
o Identifying and assessing benefits and risks of the business arrangement;
o Assessing the potential third-party’s impact on customers, including access to or use of customer information;
o Determining the bank’s ability to provide adequate oversight and management of the proposed third-party relationship.
(2) Due Diligence and Third-Party Selection—banks should assess a third-party’s ability to perform the activity as expected, adhere to the banking organization’s policies, and comply with all applicable laws, regulations, and conduct. Factors may include:
o A third-party’s overall business strategy and goals;
o Legal and regulatory compliance considerations associated with engaging a third-party to appropriately mitigate risks associated with third-party relationships;
o Assessment of a third-party’s financial condition;
o Evaluation of a third-party’s business experience in performing the activity;
o Qualifications of key personnel and other human resources considerations;
o Evaluation of a third-party’s overall risk management, including governance processes;
o Assessment of a third-party’s information security program, including protecting confidentiality, integrity, and availability of a bank’s data.
(3) Contract Negotiation—banks should negotiate contract provisions that will facilitate effective risk management and oversight and specify expectations and obligations of both parties. Factors may include:
o Clearly identifying the rights and responsibilities of each party, including nature and scope of the business arrangement;
o Defined performance measures to evaluate performance of third-parties;
o A third-party’s obligation to retain and provide timely and accurate information to banking organizations to monitor risks and performance;
o Responsibility for compliance with applicable laws and regulations;
o Prohibiting disclosure of non-public information, including the process of disclosing information security breaches or unauthorized intrusions.
(4) Ongoing Monitoring—banks should conduct monitoring on a periodic or continuous basis throughout the duration of the third-party relationship, commensurate with the risk level and complexity of the relationship and the activity performed by the third-party. Monitoring activities may include:
o Review of reports regarding the third-party’s performance and the effectiveness of its controls; periodic visits and meetings with third-party representatives; regular testing of the banking organization’s controls;
o Monitoring the third-party’s business strategy, financial condition, compliance with applicable laws and regulations, and response to incidents and business continuity.
(5) Termination—banks should terminate third-party relationships in an efficient manner when the activities are transitioned to another third-party, brought in-house, or discontinued. Factors may include:
o Options for effective transition of services;
o Managing risks associated with data retention and destruction;
o Managing risks to the banking organization, including impact on customers.
The interagency guidance further identifies three categories of governance to consider throughout the third-party relationship life cycle: (1) oversight and accountability at the board of directors and management levels; (2) periodic independent reviews to assess the adequacy of the bank’s risk management governance; and (3) proper documentation and reporting on the bank’s risk management processes and third-party relationships.
What Does this Mean for Fintechs?
The interagency guidance expands the scope of the banking agencies’ earlier general guidance on third-party risk management and now extends broadly to “any business arrangement between a banking organization and another entity.” While not all third-party relationships may require the same level or type of oversight or risk management, fintech partnerships not covered by previous guidance will likely see increased attention to risk management considerations as banks review their inventories of third-party relationships.
Importantly, the banking agencies’ framework also provides broader scrutiny for fintech companies and other third-party providers that partner with banks—including potentially being the subject of supervisory examinations based on the functions and operations that it performs on behalf of the bank. And as banks evaluate their third-party risk management processes for potential gaps, banks may start to impose additional requirements on their fintech counterparts. For example, fintech partners may see more requests from banks for extensive information on their risk management processes as banks conduct due diligence, increase oversight of subcontractors during the contract negotiation process, and engage in direct testing of fintech controls as part of ongoing monitoring.
Enforcement Outlook—“Mind the Gaps”
Following recent OCC and FDIC enforcement actions against banks involving fintechs, the interagency guidance clarifies that banks are ultimately responsible for ensuring that activities conducted through a third-party are conducted in compliance with applicable laws and regulations. However, the guidance also provides that as banking agencies review banking organizations’ risk management of third-party relationships as part of their standard supervision, the banking agencies may also extend their review to third-party partners when warranted.
Notably, the coordination between banks and fintechs, or other third-parties, can create compliance gaps and expose bank-fintech partnerships to increased enforcement risk. For example, gaps in Anti-Money Laundering (AML) compliance—which is highly-regulated and requires comprehensive compliance operations, transaction monitoring, and the filing of Suspicious Activity Reports (SARs)—can lead to serious penalties and even criminal charges if there are significant deficiencies. Other risk areas include sanctions screening and the handling of customer complaints and inquiries, as regulatory enforcement activity involving Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) claims continues to increase. As bank-fintech partnerships grow, so do the risks of compliance gaps and increased enforcement activity.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Related Attorneys
Related Articles
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
News and Insights
Podcasts
Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast
Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.
July 15, 2026
Publications
Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report
Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.
July 14, 2026
Publications
Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law
Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.
July 7, 2026
Publications
In New York Law Journal, The True Lender Doctrine and the OppFi Decision
Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.
July 1, 2026
Event
Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference
On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.
July 1, 2026