Co-sourcing or outsourcing certain internal audits is nothing new to the internal audit department of a bank. In the 1980s, IT/MIS (Management Information System) functions became more mature. All banks except the largest banks outsourced IT auditing. The functions of the confidentiality law are also becoming more mature, exceeding the capabilities of most banks' internal audit departments, and annual independent audits are increasingly being outsourced. The reason is simple: the AI departments of most banks have difficulty finding and maintaining the talent and expertise needed to take these exams at the level that experts expect.
Fintech companies experienced explosive growth in the early 2010s, and since then, the growth trajectory will only accelerate. Nowadays, banks of all sizes are fintech banks, and this relationship is far from homogenous. Therefore, we are facing the situation that not only the financial technology relationship of the bank is new, but there are no two identical relationships.
It is difficult for the bank’s artificial intelligence department to find expertise among existing employees to examine the bank’s fintech business at the level expected by experts. Answer an old question "What do street bank auditors do?
The auditor cannot log on to the posting board and use the auditor to check the relationship between the bank and financial technology. Chartered accountants cannot participate in meetings that examine the relationship between banks and financial technology. The banking-fintech cooperation industry is so new that not many people sit down and ask: "How should we test this?
Everything and every step in the audit process may be new and written by the auditor from scratch - the best way is to let the auditor fully understand what the banking and financial technology transactions or risks look like.
What is the relationship between banking and financial technology, and what kind of control is needed? This knowledge is likely to come from people who have been engaged in fintech business for a period of time, who have a clear understanding of the structure of fintech bank accounts and the way funds flow. It is difficult to find these people who also possess auditing skills; in other words, it is now a small group.
The best way for banks participating in fintech transactions is to hire or outsource audit activities related to fintech businesses. When outsourcing, make sure that the provider obtains advice from other financial technology banks.
Cost accounting can take two different forms:
After choosing an audit method, decide whether to conduct a thorough bank/financial audit, including financial, operational, and compliance risks, or whether the financial/tax audit should be conducted separately from the compliance audit. In the relationship between banks and fintech, compliance officers are likely to be micro-experts different from financial/tax auditors.
Mostly, Bank/Fintech compliance reviews cover a full range of "compliance areas", including BSA/AML/OFAC, fraud, consumer compliance, and data protection. Auditors should anticipate that the relationship between banks and fintech may have a different structure. In the planning and scoping phase, auditors need to understand the relationship between banks and financial technology, and most importantly, understand the flow of funds between the two. Then, the auditor needs to understand which party "owns" the compliance function. This includes interviews with bank and financial technology managers, reading agreements and reading practices.
Once this knowledge is obtained, the auditor can identify the relevant regulations and proceed with the scope of the audit. For sample selection, the auditor can select a sample of the banking / fintech relationships to be audited if the bank has many fintech relationships, but these auditors could wait for each banking / fintech relationship to be included in the audit. Even if the sample is selected based on risk, over time this can result in certain fintech relationships never being audited. This can be dangerous as the risk is low. it doesn't mean there is no risk.
