We had the privilege to talk to one of the leading attorneys in negotiating fintech-banking deals (SaaS as well as BaaS). Here are some of her insights.
What are your best tips for helping fintech and bank relationships work together successfully?
Fintech/bank relationships can be more successful if both parties make mutual efforts. Fintechs need to understand more about how their bank customers are highly regulated, that these banks go through a major auditing process every year, and that many of the contractual terms that they seem to “unreasonably” demand are actually in response to auditor expectations.
Banks, in turn, need to be educated about and more proactive in addressing the key contract issues that their regulators are expecting in order for them to protect the end-users/customers.
In addition, some fintechs often try to “bully” their customer/banks by refusing to accept any revisions or counterproposals to the vendor agreement. Banks need to know that they shouldn’t give in to these tactics at the expense of their end-users/customers and of increasing the scope of their legal risks and liabilities. A well-known fintech even threatened to charge one of my clients $6,000 to bring in their fintech legal counsel for some proposed revisions.
And lastly, both fintechs and banks should always hold “real time” (virtual or in-person face-to-face) meetings to work through seemingly hard legal issues. I recently negotiated a fintech deal in which the customer/bank insisted that its fintech could not in any way have its offshore people access the customer/bank data, and the fintech insisted that it has had its offshore people access such data for its other clients for years.
Both parties brought in their technology and businesspeople for several meetings, figured out a mutually acceptable way for limited offshore access to occur, and then incorporated appropriate legal language to reflect this compromise.
What are the top 2 or 3 elements in a good Fintech agreement for either SaaS or BaaS platforms?
Whether you’re a fintech or bank customer, the top 3 elements in your fintech deal are the contractual terms that cover customer data, each party’s duties and obligations (aka, scope of services and payment), and support (aka, the SLA).
Most of the time, a fintech’s product or service will access and/or store the customer’s confidential data (including PII and NPI).
A good fintech agreement should address how such access and storage will occur, including where (and how long) the data will be stored, from what location (within the US or outside) will the data be accessed, and whether and how the data will remain with or be deleted from the fintech systems after the contract ends.
As with any business contract, each party’s duties and obligations in a SaaS or BaaS agreement must be described with specificity. The customer will want to make sure it’s paying for certain services, as well as deliverables, and the fintech will want to make sure its fees don’t cover any expanded services and deliverables (aka, scope creep).
The third important element is the SLA. The bank customer needs support and maintenance of the technology it is paying for, so this means the fintech should provide in the SLA an established uptime for its system and a response and resolution framework for operational errors experienced by the customer, as well as service level credits and termination rights for systemic problems.
Bank customers should be the ones pushing on SLA issues, but it should be equally important to fintechs since their reputation may be at risk for providing poor SLA support.
Is there a section in fintech contracts that customers don’t give enough attention to?
Definitely. Customers often don’t give enough attention to acceptance procedures and the SLA. Yes, in “real life,” customers will always be able to “test and accept” the SaaS, BaaS or other deliverables completed by the fintech; however, it’s important to set up a legal framework that the parties can follow in case things go wrong. The same situation applies to SLAs.
Another important section that customers often fail to spend time on is the dreaded “limitation of liability” sections. These are the terms that fintechs rely on to limit their liability, including direct and indirect damages and often statute of limitations.
For example, fintechs never want to be liable for consequential damages; however, there are standard exceptions to this general prohibition that customers should expect. The most common ones relate to a fintech’s breach of confidentiality, data security and privacy obligations, gross negligence or willful misconduct and infringement of third party IP claims made against a customer.
Yvenne King is counsel to the Kennedy Sutherland law firm. She’s a seasoned technology and intellectual property business attorney who combines strategic business and legal acumen to represent clients in negotiating complex technology and data licensing transactions. She also works with clients on issues pertaining to technology, privacy, data and cyber security, digital and data products and services, vendor management and intellectual property.