Content Library

Framing Fintech: Navigating the fintech and sponsor bank partnership

Paintbrush founder & CEO Stephen Walter talks about founding a fintech, finding a sponsor bank, and staying compliant as regulatory attention on bank/fintech partnerships intensifies

Stephen walter framing fintech

The FDIC made news earlier this month when they issued a new consent order against Cross River Bank, warning them to increase oversight over their fintech partnerships. This isn’t the first time regulators have started to take closer aim at bank/fintech partnerships. Last October, the Office of the Comptroller of the Currency (OCC) ordered Blue Ridge Bank to tighten their due diligence and oversight of third-party fintech partnerships.

Despite the regulatory attention, it’s no doubt that the bank/fintech partner model has unlocked an industry that previously had some pretty massive barriers to entry — opening it up to new ideas, new products, and ultimately introducing it to new customers.

A few months ago, we caught up with Evolve Bank & Trust to find out how they navigate the increased regulatory scrutiny on their fintech partnerships. Now, we’re chatting with Paintbrush’s founder & CEO, Stephen Walter, to learn more about bank and fintech partnerships from a fintech’s point of view.

At a glance

Launching a fintech company


Before we get started, can you share a bit about your background and what led you to found Paintbrush?


I've had all kinds of jobs over the years. I've been a developer. I've been a lawyer. I've been a small business owner. What really started me on this journey with Paintbrush, though, was my side hobby of being an angel investor.

As an angel investor, it just seemed crazy to me that I’d get pitched on ideas that were really cool by really great people, but they were not ever going to be a good fit for venture capital. It’s a weird problem. You're starting a new business, but it’s so hard to get financing for a new business. Why is that? We know new businesses are risky, but there are ways of creating financial products that are risk-adjusted.

I just got obsessed with this. So I actually would dress up in a nice shirt and khakis, and I would walk into different banks, and try to get a loan to start a new business. Unsurprisingly, all of them said no. They didn't even check my credit. They didn't check my income history. They didn't ask me more than just a few high-level questions about what kind of business I was building.

I just thought it was crazy. How come this doesn't exist? Someone ought to be able to lend to brand-new businesses. Fast-forward two years now, and we've launched, and we're now helping brand new business owners get financing. It's same-day, it's fully automated, and it is transformative for them.


Founding any company is challenging, but what makes founding a company in the financial services industry unique versus other industries?


I've been thinking about this a ton lately because we see our customers using AI tools to code way faster, to develop marketing materials way faster, to solve all kinds of problems way more efficiently. But when I look at Paintbrush and think about how different it would be if I’d started today and had AI at my disposal, the truth is for founding a fintech, there’s a lot AI can’t do yet.

We definitely could have saved some money on coding. We definitely could have saved a little bit of money here and there, but it's just so much more expensive to launch a fintech. It's drastically more expensive. We had to raise two rounds of venture before we could launch a product, because of the legal expenses, the compliance expenses, and the bank expenses. It’s just more expensive and more complicated to launch fintech compared to other software companies.

How to find a partner bank


Yeah, and for your product, you also needed to find a partner bank in order to launch. How did you find potential bank partners? What kinds of things were you looking for in your partner bank, and how did you eventually select one?


The thing we were trying to solve for is to lend in the United States. To do this, you need a license which is state by state. So you can go out and get a lending license in lots and lots of states, but that is extremely cumbersome, it's extremely expensive, and then you have to manage the licenses on an ongoing basis.

So, the alternative was to find a bank to partner with and offer access to loan services through that partnership—that way we can lend anywhere in the United States.

I actually went and found lists of fintechs. And then I would scroll to the bottom of their website, and I would see who their partner bank was, and I just made a huge list of fintechs and their partner banks.

There are probably 60-ish banks who claim they do this. There are probably 20 who actually do it, and I think there are probably four who work with unique lending products like what we were building at Paintbrush. For credit cards, debit cards, and other things that can sit on top of BaaS tools there are a lot of options. Depositing, for example, is really easy to get a sponsor bank because BaaS platforms will just take care of the sponsor bank relationship for you. But we had to develop direct relationships with our bank partners. We had to build our software to directly integrate with those bank partners.

It’s a tiny club of new fintechs who actually get genuine bank sponsorship every year. And it’s getting smaller. We were one of two companies last year that were greenlit by our sponsor bank.

I pitched probably 40 banks. And they all wanted you to have already done tens of millions of loans before they would even consider talking to you and green-lighting a new program. Comparatively, there are a couple of thousand seed funds that invest in early-stage companies.

Meanwhile, sponsor banks have been facing challenges over the last 12 months because the OCC, the FDIC, and the state banking regulators are rightfully suspicious that many sponsor banks and fintechs aren't necessarily minding their p's and q's on compliance. So, it’s a tiny window to get through.


That’s an interesting dynamic because for sponsor banks, working with fintechs is another revenue stream for them. But at the same time, you have to go in to pitch them on it. Can you talk a bit more about that?


Banks are more motivated by compliance than they are by returns. So if you want to secure a bank sponsorship, you obviously have to have a good forecast on how much money they're going to make on partnering with you, but more importantly, they need to be really confident that you are going to live up to your compliance obligations.

They're very onerous, daily reports, weekly reports, all marketing material has to be approved by them. It's a really high bar. You would think it would be more straightforward because you're like, “If I'm making money, you're making money.” But they would way rather make less money or no money and not put their charter at risk than make a ton of money and put their charter at risk.

Fintechs should be really cautious about which sponsor bank they work with, too. Because if one of your sponsor bank’s other fintech partners gets caught in some compliance snarl, the regulator can actually shut down the program for all of its partners who are being compliant. It's happened before, and it will probably happen again in the future.

It's really, really high vendor risk. It's really scary to build on top of somebody. So there has to be a ton of mutual trust that you're going to live up to your compliance obligations, and I'm going to live up to mine.


You mentioned there were really only about four options of sponsor banks that were a good fit for Paintbrush, but how did you end up selecting Continental Bank?


Our partner, Continental Bank, is a new entrant into the space. They hired from banks who have been in the space for a while, so that's how we were able to get in with a partner who is not so busy that they don't greenlight anything.

On the other hand, they look at hundreds of startups a year, and they'll green-light two or three. The other couple of banks in the space, like Celtic, WebBank, and Cross River, they look at thousands, and they’ll greenlight five or six. So it's still extremely challenging odds.


It sounds pretty competitive to get a sponsor bank. What advice would you give a fintech that is trying to pitch sponsor banks?


Yeah, much more competitive than getting a venture round, way more competitive.

The number one piece of advice I would give is to lead with compliance. Show that you are compliance-first. Show that you've hired correctly for compliance, show that you understand compliance.

Then number two, you need to put forward a really strong case for your business. That's going to have some similarities to pitching venture, but it's going to be a lot more granular on the sort of fundamental business model. Venture funds look at things like, big swings, and outsized returns. Banks like businesses that grow nice and steady and aren't going to rock the boat.

Then number three, they expect you to fundraise. They know that you're going to have to do a lot of venture fundraising. So, showing them that you can do that and that you will do that is important as well.

Regulatory obligations for bank/fintech partnerships


Fintechs typically are not regulated directly, but they have contractual agreements with their partner banks to follow certain regulations. What are some of those obligations that you have with your partner bank?


We have an agreement called a marketing partnership agreement and an agreement called a loan sale agreement. They are extremely complex, a few-hundred-page contracts, and they outline that the bank will continue to be the lender of record, and in exchange, we will market and manage the interactions with the customers.

Their obligations are to live up to all of the state and federal laws of what it means to be a bank and to be a lender. There are truly like dozens and dozens of state and federal laws that they have to live up to. Some of them are a little bit more straightforward, and some of them are less clear. So it takes time, money, and an inordinate amount of patience to work through all those problems to make sure that the bank, its council, its compliance team, its board, and you and your team are all comfortable with whatever you lay out.

I’ll give you a couple of examples. We have to do an annual financial audit with an accounting firm. It's expensive. It's time-consuming. No early-stage company that I've ever worked with does a full-on audit, but Paintbrush needs to so that we can show to our bank partners that we are not only managing our finances correctly, but also managing all of our compliance requirements successfully.

We also have to run full vendor approvals for every single vendor we work with, including people like AWS or Amex. I'm a tiny little startup. It's really hard for me to get someone at Amex to pick up the phone and say, “Sure, we'll give you all of our vendor risk documentation.” It's these weird little things that make it challenging and time-consuming.

I would say to get launched, we conservatively spent $250,000 on legal bills with multiple different law firms, and we will spend more to continue to keep up with our pace. I practiced law many years ago, and that has come in handy. I genuinely don't understand how people who don't have a legal or compliance background can launch a fintech with a direct bank sponsor partnership. At one point, Paintbrush had more lines of legal docs than we had lines of code. You know, that's just a weird reality of building in this space.


There's obviously a lot of increased regular regulatory scrutiny on bank/fintech partnerships — just a few weeks ago, the FDIC issued a new consent order against Cross River, requiring them to tighten the oversight of their fintech partnerships. How are you and Continental Bank navigating this increased regulatory attention?


Not much has changed for Paintbrush. We set our bar really high to begin with, intentionally. As we started our program, we were already looking over our shoulder thinking it's no longer going to be acceptable to regulators to be sort of half-hearted about your compliance with these bank partners.

I think the bigger challenge will be for fintechs who were used to lax compliance. Switching gears into high compliance is going to be very challenging for them. But they're going to have to do it, and if their bank isn't making them do it, they should probably be scared and go find a bank that's going to make them do it. It's like physical therapy: it's painful, but if you don't do it, you will simply be crushed when it comes time to survive an audit, FDIC exam, OCC exam, etc.


Paintbrush is an Alloy client. How does Alloy fit into the mix of Paintbrush helping the sponsor bank remain compliant?


Alloy does KYB, KYC, and underwriting for us. Alloy makes sure that our underwriting is seamless, and because it’s seamless, we don't fall afoul of any lender laws or regulations. So, they ensure that we're handling fair lending laws, Equal Credit Opportunity Act (ECOA), Office of Foreign Assets Control (OFAC) sanctions — all the laws and regulations. With Alloy, we can build exactly the kind of program that we have agreed to with our partner bank, ensuring that we don't accidentally go against any of our obligations.

If it were up to us to manually process and underwrite or build it ourselves, there's a really high likelihood that we would unintentionally make a mistake, and compliance is something fintechs cannot make mistakes on.

It’s one of those things that you measure twice, cut once. I'm really confident that Alloy is going to get it correct every time because we built it perfectly, we tested it like crazy, and now that it's in production, we're very confident that we’re always doing it the right way.

Building a good relationship with your partner bank


What advice would you give first-time fintech founders based on what you’ve learned through the whole process of looking for a partner bank, landing one, and developing a good working relationship with them?


If you're lucky enough to have options of who to work with as a sponsor bank, the number one thing I would do is just make sure that they are people that you like working with, because you're going to work with them a lot. You can work with lawyers, accountants, and PR people who you probably wouldn't hire. But you work so tightly with your bank partner that I communicate with some of them more than full-time team members, and if you don't like working with them, it’s going to be tough.

Banks are not all the same. They treat the rules and regulations differently. They interpret them differently. They have risk appetites that are different from each other. And so, finding one that matches up with your belief on risk, compliance, marketing, etc., is extremely important for your long-term success.


You mentioned earlier that it’s really important to have a trusting relationship with your sponsor bank. Do you have any advice for how banks and fintechs can build that trust?


It’s a lot of common sense communication principles, like over-communicate, communicate early. Catch problems before they become problems. Solve problems before they become problems.

A bank is a full-time partner; they're not a casual partner. Showing them that you're taking compliance as seriously — or more seriously than them — will always put you in good footing with them.

Making sure that they are confident that you're on top of it — that they're not catching things that you didn't catch — is critical when working with the bank sponsor.

There's no special sauce to it. I communicate with my venture investors basically on a monthly cadence. I communicate with my bank on almost a daily cadence. It takes up a ton of time, but the alternative is worse.

Trends to keep an eye on: increased regulatory scrutiny and the use of AI in lending


Are there any trends in the regulatory space that you’re keeping your eye on?


I think there's going to continue to be more scrutiny on these partnerships because there have been bank partners who were being less than scrupulous on who they worked with, and those fintech partners didn't know anything about compliance. Some of them maybe have been willfully ignorant. But some of them were just like, “I mean, no one's told me I can't do this.” Which is still illegal, but no one told them. So they're just building, shipping, and selling and that kind of thing. There's going to be more scrutiny, and for fintechs, that means cost — it's just going to be expensive.

The other thing I’m interested in is AI underwriting. That’s a really interesting challenge because, clearly, the capacity is there to make interesting underwriting, but making sure that your AI model is correctly following all of these laws and regulations would probably defeat the whole purpose of having AI run it. Right now, you can build all these decision tree models, and you can battle test it to make sure it works correctly inside of Alloy, but the whole idea of building something that's much more fluid and modular and responsive using AI for lending, just seems like a really hard challenge.

We've already implemented some tiny AI into our application cycle, but it's really only just sort of chipping away. It's not a fundamental re-shift on our underwriting. It could be, I just don't know how the regulatory framework would work in that. AI has the potential to discriminate. It would be really hard to teach it not to.

But we're starting to tool around with it; it's really fun, and it's working. We just have to keep it to things that won't unintentionally run afoul of any lending obligations.


Yeah, it's almost like at the end of the day, you'll always need at least some human oversight over it.


Exactly. I mean, that will always be the case because it's 100% true that banks are manually audited by humans, and that means they need a human on the other side of the table to respond to those audits. Which means those bank employees need somebody at the fintech who is also manually auditing, managing, and double, and triple checking that all of the stuff has been done correctly. It's never done. It’s just ongoing.

Even if you are looking at just historicals, it's never going to be good enough. You're never going to trust the AI 100% to not make mistakes, but It will probably be a huge supplementary tool for people managing these fintechs and banks.

If auditors were savvy, they would probably start using the tools as audit assistance. It would be as unfathomable as not using email. To not use one of these tools to help you do your job.

Maybe I'm too small-minded, but the idea that you could completely get away from having a human checking all this work and reporting it back correctly is unfathomable.


Thanks again for taking the time to chat with me today. Any final thoughts?


Just that it's not impossible. It feels impossible sometimes, but it's not. I did it!

Alloy helps fintechs get and stay compliant amidst growing regulatory scrutiny.

Related content

7 min read 
Framing fintech: chatting with fintech founder & investor, Aaron Frank, pt 2
Framing Fintech is a blog series where our GM of Fintech, Charley Ma, interviews leaders in the industry. In part two of Charley Ma's conversation with Aaron Frank, Aaron unpacks the key customer lifecycle events for credit cards, areas where credit card companies get it wrong, and types of fraud that credit card companies should be looking out for.
Read more