Any bank or credit union that has spent years working with fintech partners knows of a software launch that didn’t work out as planned. So why spend months or years going through due diligence and risk management only to find out the software won’t work?
John Behringer, the national financial institutions sector leader for RSM US, says banks and credit unions have been working with fintechs outside their core for more than a decade. But he still sees financial institutions suffering when software projects don’t go as planned. Some institutions have to ask themselves if the return on investment is worth it once they figure out how many of their internal processes need to be changed to make the software work.
“There’s always a risk,” he says. “Anytime you’re introducing a technology to your ecosystem, you’re creating unintended problems.”
Each bank and credit union has variables within its data set and environment that make it hard for the fintech and the institution to know how the software will work in deployment.
Enter sandboxes, the software world’s solution to fintech dating risk. Software developers have used sandboxes, also known as dev portals, for many years, taking advantage of their isolated walled-off environments to test and develop new code. Minneapolis-based U.S. Bancorp is among the banks that are using sandboxes to test a potential fintech partner’s software functionality with mock or anonymized data, says David Ness, senior vice president of fintech partnerships and investments. Ness spoke on this and other technology topics on Tuesday, May 14, at Bank Director’s Experience FinXTech.
Not all financial institutions have the time and money to maintain such a sandbox. U.S. Bancorp has $683.6 billion in assets and Ness’ full-time job is fintech partnerships. The financial institutions that have developers on staff may have built sandboxes, but that may not be the case at many smaller institutions. According to Bank Director’s 2023 Technology Survey, only 13% of respondents said their institution has developers or programmers on staff.
IncredibleBank, for example, doesn’t have any developers. To test out new fintechs, Phil Suckow, the vice president of innovation for the $2 billion bank in Wausau, Wisconsin, turns to his core, Jack Henry & Associates’ Banno digital platform. Banno uses application programming interfaces to help financial institutions tap into a variety of fintech offerings; any fintech that wants to work with IncredibleBank can test out the software for free in Jack Henry’s sandbox, says Joshua Jordan, the digital engagement director for Jack Henry. The core calls this developer environment “Garden Bank.”
“We’ve done a lot of work with our brand,” Suckow says. “And our brand and our voice are very important to us. And so, when you’re doing [a demo] in this environment, it validates how I’m going to deliver it to my customers. What I found in working with a lot of fintechs, sometimes the flexibility of their system isn’t there and it drastically changes how their product is going to even function.”
IncredibleBank used the Garden Bank sandbox to test out a direct deposit switch software that taps into a variety of payroll providers to move a new customer’s direct deposit over to the institution. The sandbox was the institution’s first step before going through more due diligence, saving time and headaches.
For Ness, sandboxes serve a similar goal. “The hard part [for a demo] is most people want it to be their data or an anonymized version of their data,” he says. “You actually need to have a hosting environment to be able to drop that data into, for them to run stuff over.” U.S. Bank still goes through third-party risk management, vendor security and pilot testing — all of which takes time — but the sandbox speeds up the process by testing the software first.
CSI, a core processor that specializes in community banks, allows fintechs to sign up and use its sandbox for free, according to Shanda Purcell, senior director of open banking. Fintechs and community banks on the CSI platform can know whether there are gaps in the data that will hinder functionality and cost extra to manually produce. Fintechs charge financial institution customers for integration work, so the sandbox saves time and money and helps the tech firms come up with a correct statement of work, or terms, for the institution to review.
Even without a sandbox, Behringer thinks the first questions a financial institution should ask are: “Do I have the data I need to make this work the way they say it’s going to work? But then part two is, is this going to work in my current environment? Is it going to work with my core? Is it going to work with the add-ons that I put on to my core to create my customer experience?”
Behringer says any software provider is going to need financial institution data to make their product work — but where is that data housed? For example, what 25 data fields, or more, does the software need? Does the financial institution capture that in the core? Or is some of it in the core, some on paper and some in cold storage? The risk that a fintech’s software won’t work is higher with banks and credit unions that have immature data governance programs, Behringer says.
He suggests financial institutions rely on trusted advisors to figure out if a particular software or partnership makes sense given the bank’s maturity level. “Everybody’s data hygiene could be better,” he says. “To me that data hygiene is really, really critical.”