Carlin McCrory is joined by Marissa Tartarini of Elliott Davis to explore how banks can build sustainable, scalable fintech partnerships in a shifting regulatory environment.
In this episode of Payments Pros, host Carlin McCrory is joined by Marissa Tartarini of Elliott Davis to explore how banks can build sustainable, scalable fintech partnerships in a shifting regulatory environment. They begin with the foundational risk questions banks should ask before choosing a partner — speed to market, in-house expertise and gaps, strategic fit, and risk appetite — then turn to practical legal and compliance considerations, including staffing, board oversight, and the need for tailored partnership agreements. Marissa and Carlin discuss the challenges of managing multiple fintech programs at once, maintaining up-to-date policies and marketing, and ensuring that growth does not outpace governance and BSA/AML controls. They highlight what separates successful programs from those that fail, lessons from terminated partnerships, and how to prepare for increasingly technical regulatory exams. Carlin and Marissa close the episode with a look at how regulators' and banks' views of fintech partnerships have evolved and what that means for the future of bank-fintech collaboration.
Payments Pros – The Payments Law Podcast — Beyond the Buzzwords: Building Bank-Fintech Partnerships That Survive Exams
Host: Carlin McCrory
Guest: Marissa Tartarini
Aired: 3/18/2026
Carlin McCrory (00:04):
Welcome to another episode of Payments Pros, a Troutman Pepper Locke podcast focusing on the highly regulated and ever-evolving payment processing industry. This podcast features insights from members of our FinTech and payments practice, as well as guest commentary from business leaders and regulatory experts in the payments industry. I'm Carlin McCrory, one of the hosts of the podcast. Before we jump into today's episode, let me remind you to visit and subscribe to our blog, troutmanfinancialservices.com. And don't forget to check out our other podcasts on troutman.com/podcasts. We have episodes that focus on trends that drive enforcement activity, digital assets, consumer financial services, and more. Make sure to subscribe to hear the latest episodes.
Carlin McCrory (00:57):
Today, I'm joined by Marissa Tartarini, a senior manager at Elliott Davis, a leading accounting and consulting firm that provides audit, tax, and advisory services to clients across a range of industries, to discuss the evolving landscape of bank-FinTech relationships, including how institutions are thinking about risk, regulation, and what it takes to build sustainable and scalable partnerships. Marissa brings years of experience in internal audit, regulatory compliance, and risk assurance from her roles at Elliott Davis and earlier positions in the banking industry. Marissa, thanks so much for joining us today.
Marissa Tartarini (01:35):
Thank you for having me, Carlin. I'm excited to be here.
Carlin McCrory (01:38):
Great. Well, we'll go ahead and dive in. And Marissa, let's start with what risk questions should banks ask themselves before even choosing a partner?
Marissa Tartarini (01:48):
That's a great question to start with because the biggest risks actually show up before the bank ever signs an agreement. So I usually encourage leadership teams to begin with three foundational questions, the first being: How quickly can we bring a new product to market? And how fast can we pivot when changes are needed? Be honest about your track record. Look at the last few product launches. Did they take months? Years? FinTechs move fast, and banks need to be able to adapt at a pace that doesn't create partnership friction or regulatory gaps. The next question I'd ask them is: What expertise do you truly have in-house, and where are your gaps? So this would include compliance, AML, technology, finance, operations—any area of the bank where they may need additional staffing or external support to manage a partnership effectively.
Marissa Tartarini (02:42):
The next question would be: Does this partnership align with our long-term strategy and our risk appetite? Not every FinTech model fits every institution. Clarity around the strategic direction you're headed in and the tolerance for innovation-related risks is essential. If a bank gets through all of those questions and feels prepared to keep up with the pace and scale of a FinTech partnership, then the next question for them is narrowing the field within FinTech. So what type of FinTechs make sense for your institution? Is it a deposit-focused platform, lending, payment processing, maybe one that's more consumer versus commercial, or even a platform that onboards other FinTechs? Understanding your target market that you want to reach is really the key to finding the right partner. Carlin, I'm curious, what are things that banks should consider before entering some of these partnerships from a legal perspective?
Carlin McCrory (03:41):
Yeah, so I mean, a lot of these things are things you just mentioned, like staffing, the onboarding, the oversight, being able to have the capacity to review the program. You can't just onboard the program and let it run itself. You have to continue to stay abreast of things that are going on, like marketing that changes. You'll have to remember to modify any of your policies and procedures as applicable to address these relationships if you're new to the FinTech market or starting with a different program, perhaps. You'll need to inform your board so they know that you are onboarding FinTech partners and you've made this strategic decision for the bank. We'll talk about agreements in a little bit, but there will be a specific agreement required that will be generally different than your typical treasury management agreement. And then, Marissa, you brought up a good point about picking your vertical. Is it a deposit program? Is it a lending program? Is it payment processing? So picking your vertical, and then operating at scale. We find that most of the time, it doesn't make sense to just have one FinTech partner. Obviously, if you can get one really large one, perhaps that makes sense.
Carlin McCrory (04:57):
But usually what we see are the financial institutions operating at scale, such that the plan is to onboard several FinTech partners to make sure the profitability makes sense with any increased staffing and other costs related to onboarding a FinTech. Marissa, I'm interested to see what are some of the compliance challenges that banks face when they're trying to scale these programs.
Marissa Tartarini (05:25):
Banks face many compliance challenges all the time, but the main challenge with FinTech partnerships specifically is trying to manage those multiple programs at once, just like you've been saying. So ensuring each partnership meets those regulatory and operational standards, especially since they're evolving quickly. Making sure that you as an institution are keeping your own policies, procedures, disclosures, marketing efforts up to date, and then turning around and making sure that the FinTech is keeping the same pace with you. So balancing that innovation with the regulatory expectations to make sure that the growth of the FinTech doesn't outpace the governance structure that you have put in place to monitor it. And certainly throughout the life cycle of the FinTech partnership, making sure that you document how that level of risk is changing and what you're doing to mitigate the risk is crucial to make sure that you have that clear, defensible, written oversight that you could hand over to any of your regulators if needed.
Carlin McCrory (06:35):
And then what separates the banks that successfully scale these FinTech partnerships from those that perhaps struggle with scaling?
Marissa Tartarini (06:45):
That's a great question. The banks that succeed are often the ones that approach FinTech partnerships systematically. They build a tiered, repeatable, and scalable oversight framework rather than treating each FinTech like a one-off project. They invest early on in strong third-party risk management, often in a software. They ensure their teams have the resources that they need to keep all of those policies, the monitoring, and controls current. These banks also strike a thoughtful balance between innovation and regulatory expectations. They grow, but they don't grow faster than their governance structures can support. And one piece of FinTech that is intriguing to me is they can code all of these controls into their own software, so definitely having stronger controls in place has been helpful. And above all—I'll probably repeat this a few times throughout the episode—but they document how that risk is evolving over time, and the transparency of that helps them stay ahead of issues and maintain good credibility with the examiners.
Carlin McCrory (07:59):
That makes a lot of sense. And I also want to touch on the agreements that we see in this space and what those typically include, which are a plethora of things. So I'll just hit the highlights here. But generally, we need some sort of description of the nature and scope of the business arrangement, right? Are we going down that lending vertical? Is this a deposit program? Is it payment processing? Some sort of performance measures or benchmarks are generally in these agreements to make sure we have a successful partnership. Obviously, data safeguards and controls and privacy and things like who owns data and who has access to data and who we can share that data with is of the utmost importance. The banks always have audit rights over the program, so they can basically pull any information to see what the FinTech is doing. Then a lot of times, the agreements will discuss the use of subcontractors. So the FinTech will want to say, outsource BSA/AML obligations. Well, as the bank, you may want either approval rights over who they select as the BSA/AML vendor or some sort of assurance that that vendor will perform its obligations appropriately.
Carlin McCrory (09:22):
And if they don't, you can require the FinTech to select a different vendor. To the extent you are onboarding customers under the program, we need to address customer complaint resolution and how that will work. And then, of course, just general things like reps and warranties, limitations of liability, indemnification. And then last but certainly not least would be the ledger, which is very important. So we always need to know as a bank who is owed what money in these pooled FBO, for the benefit of, accounts. So Marissa is owed $50, Carlin is owed $100. So it's very important that the FinTech keeps a continuous record that the bank has access to over the ledger. And as part of the agreements, Marissa, kind of dovetailing off of that, how do you prepare your institution for regulatory exams in the context of these FinTech partnerships? Obviously, the agreement is part of that and it sets the structure, but then from the practical standpoint, how does that look on your end?
Marissa Tartarini (10:34):
Most of the time, we help through performing audits, and sometimes we work more on the consulting side and helping people prepare for these exams. When we're consulting, normally we'll start with a staffing and resource analysis. We make sure to go through the risk assessment with them, any results of control testing, identify any gaps, you know, put a management action plan in place if needed. Ensuring all of that governance and documentation is complete and current, reviewing the due diligence and ongoing monitoring to address any open items—usually more than 30 days, we'd want to see that a management action plan is in place and there's progress on those steps rather than just stagnant risk management. And we also look at the volume and risk profile of each partner to make sure that the bank is prepared to speak to some of those higher-impact programs. Sometimes the higher impact means a larger number of consumers that are on it. Other times, it means balance-based, or it even could be transaction volume-based. But making sure that the bank has a full understanding of that FinTech partnership, how it's changed, and what they've done to prepare for evolving risks of that specific program.
Marissa Tartarini (11:58):
And then last but certainly not least, demonstrating that the board is informed and actively involved. The regulators want to see that the bank isn't just participating in these programs, but managing them very thoughtfully. And I've had the privilege of seeing some very good programs and very bad programs in my experience. So I'm curious from the legal perspective what you see as problems and how things go awry in some of these partnerships.
Carlin McCrory (12:30):
Yeah, so there's a lot of overlap, right, with what you just said. So board oversight—I mean, that was a common notation in many of the enforcement actions of prior years. Adequate staffing, ledgering, as I previously discussed. But another thing I really want to hit is the compliance with the Bank Secrecy Act when applicable. So that includes timely SAR reporting, automated transaction flagging, updating the risk assessment—so it's not just the risk assessment on the front end, but updating it, which you've mentioned—having those internal controls. And then we've seen from some of the enforcement actions that the properly reporting all flagged activity that was suspicious. And so while we are in a different regulatory environment today, the compliance with Bank Secrecy Act, I think, will always be a top priority for regulators, and that's not going anywhere. So it's something that you should make sure that you're properly doing, perhaps while there is this federal regulatory lull, so to speak.
Marissa Tartarini (13:50):
Absolutely. I couldn't agree more.
Carlin McCrory (13:52):
So Marissa, you mentioned you've seen the good and the bad from partnerships, and I'm very interested to hear the lessons that you have learned from the compliance side of terminated partnerships.
Marissa Tartarini (14:06):
To echo your point from earlier, the main theme that we see are issues surrounding the AML program, which often build up and the bank has a hard time getting everything filed in a timely manner. So BSA/AML is the number one consumer compliance issue. And then moving to consumer protection gaps, whether that's in disclosures or marketing oversight or even sometimes complaint handling. We often see that partnerships may not work out because of the misalignment in the risk appetite. So partners are wanting to scale faster or change products in ways that the bank isn't quite comfortable with yet. Another issue that we see and that you've spoken to earlier are those staffing challenges. And sometimes that occurs on the FinTech side and other times on the bank side. Either way, I think it's important to make sure that you have a third party lined up to help you catch up on anything that might have fallen behind. And the last item I would list is some of those post-termination cleanups that you wouldn't think of until after the partnership is over. So this would include making sure that the FinTech removes all references to your bank on its website and social media after the partnership is terminated so that they're not representing you past the day of the contract.
Marissa Tartarini (15:31):
And I think all of these issues really underscore the importance of how important a strong governance framework is from the start.
Carlin McCrory (15:40):
And to piggyback on that, Marissa, also a strong agreement, right? So when you're signing that agreement, you don't want to think about divorce on the front end, but it's important that you think about the wind-down and how long will it take to find a new bank partner and to transition these accounts, and do we need to provide notice to any consumers that the account may change—things like that that all need to be thought of before the termination. And then, Marissa, the last question that I want to ask you is: There's obviously been a change in the regulatory environment, but what has changed the most in how regulators and banks view FinTech partnerships over the last few years?
Marissa Tartarini (16:22):
It is certainly an interesting time to be in FinTech. Under the current administration, it's nice that we're not seeing as many enforcement actions overall. I think this is largely due to all of the lessons that this industry has got to learn over the last few years. There's definitely been more of an openness towards emerging technologies as these new leadership teams shift priorities. At the same time, I don't think the regulators have taken their foot off of the gas. Many partner banks are seeing more on-site visits with examiners asking deeper and more technical questions about specific FinTech partners. These are unscheduled, non-exam visits that they're bringing multiple examiners to with the idea that this is for gathering information, training the exam teams, and building a common supervisory approach that they can share with other agencies. Another important shift is the growing interest among FinTechs in pursuing their own limited-purpose or full charters, which is beginning to truly reshape the industry. As more FinTechs explore becoming regulated institutions themselves, the dynamic of bank-FinTech partnerships is certainly evolving and creating more competitive pressures and opportunities for collaboration. So while the tone may feel softer in 2026, the scrutiny remains very real, and the ecosystem itself is still continuing to mature.
Carlin McCrory (17:58):
Yeah, I think that makes a lot of sense, Marissa, because when the industry first started, we had players in the industry who didn't know what they were doing. They didn't do all of these things, things that we're talking about today, and we didn't have any sort of clear guidance or expectations from the regulators. So now I feel like the bad players have kind of weeded themselves out. We also have better regulatory clarity at this point. But to your point, it'll be interesting to see where things go with the boom, so to speak, in national trust charters and things of that nature.
Marissa Tartarini (18:35):
Absolutely. It's been very rewarding to watch how the banks and FinTechs have been training each other because banks bring that rich regulatory knowledge and FinTechs bring an incredible technology and really large developer teams that can help even banks revolutionize what they're doing. So it is a great time to be in FinTech, and I'm really excited to see how all of this evolves.
Carlin McCrory (19:01):
Well, Marissa, thank you so much for joining us today, and thank you to our audience for listening to today's episode. Don't forget to visit our blog and subscribe so you can get the latest updates. Please make sure to also subscribe to this podcast via Apple Podcasts, Google Play, Stitcher, or whatever platform you use. We look forward to next time.
Copyright, Troutman Pepper Locke LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper Locke. If you have any questions, please contact us at troutman.com.
DISCLAIMER: This transcript was generated using artificial intelligence technology and may contain inaccuracies or errors. The transcript is provided “as is,” with no warranty as to the accuracy or reliability. Please listen to the podcast for complete and accurate content. You may contact us to ask questions or to provide feedback if you believe that something is inaccurately transcribed.