Crash Course in Sponsor Bank MSAs with Andrew Grant

Show Notes

In this episode of Fintech Layer Cake, Reggie Young presents a crash course on Sponsor Bank MSAs (Master Services Agreements) with Andrew Grant, co-founder of The Runway Group. 

They unpack the complexities of these critical agreements, discuss the latest trends in regulatory expectations, and highlight key strategies for founders and operators to navigate sponsor-bank relationships effectively.

Transcript

Reggie Young:

Welcome back to Fintech Layer Cake, where we uncover secret recipes and practical insights from fintech leaders and experts. I'm your host, Reggie Young, Chief of Staff at Lithic. On today's episode, I chat with Andrew Grant from The Runway Group. Andrew has been advising founders, FIs, and fintechs for over 15 years, and he recently co-founded The Runway Group, which is a legal and consulting firm that specializes in helping financial services companies solve the hard problems efficiently.

Andrew recently published a great guide to fintech bank sponsor MSAs, so I brought him on the podcast to tease out the most important and practical takeaways for founders and operators. Andrew and I cover the most controversial sponsor bank terms, what changes are happening to MSAs based on recent consent order trends, and other key sponsor bank landmines that folks should avoid.

Fintech Layer Cake is powered by the card issuing platform, Lithic. We provide payments infrastructure that enables companies to offer their own card programs. Nothing in this podcast should be construed as legal or financial advice.

Andrew, welcome to the podcast. Excited for our conversation together. We've worked with you as outside counsel before. It's been always awesome. I know you and Peter have some great insights on fintech and a very practical approach, which I appreciate. You've also put together these great guides on MSAs, specifically bank fintech partner MSAs, the key agreement between a fintech and sponsor bank that governs the relationship.

I'm excited about this episode to dig through some of the brass tacks of what those agreements entail and key things that non-lawyers, founders, and operators should know. Maybe the best starting point is what exactly is an MSA?

Andrew Grant:

Well, first of all, thank you for having me. We love Lithic. We love working with companies that want to responsibly move the ecosystem forward. So thank you for having me. For your question, an MSA, it's a master services agreement. It's not my favorite term in the world for what these are. They can also be called program agreements or sponsorship agreements. If I had my druthers, we'd call them something else an MSA, but that's typically what everyone understands.

But put simply, it's a governing contract between the fintech and the bank, or if there's an intermediary involved between the bank and the fintech, BaaS, middleware provider, again, whatever term we're using, consistency of terms in this space can be difficult, then between the fintech and that intermediary.

These are usually long documents. If you're a fintech, if you're a founder, you're a chief operating officer, chief product officer, when you're first seeing this and you get 60 pages, this can be very daunting to be like, wow, what do I need to focus on? But also then if you're a sponsor bank and you're drafting these or you're revising these, you need to balance your legal obligations, your internal risk requirements, plus basically execution velocity. It's a Goldilocks problem. You want the agreement to just be right that creates and captures everything you need without inviting significant pushback, but hopefully allowing for a smooth negotiation execution process.

From my perspective, I view contracts as a conversation. The reason I'm writing the MSAs or writing this guide to demystify them is to help parties have a more productive and efficient conversation when they're discussing this. But what makes the MSA more complex and why I think it's useful for this primer is there's this third party to the conversation, and that's different than your typical SaaS agreements or something like that. Here, that third party is the bank's prudential regulator. That third party greatly impacts the goals of the conversation and negotiation.

For any successful conversation, you have to align on what your goals are. If you're not aligned, there's going to be a lot of friction. For here, understanding that there's a third party out there that's impacting the goals for both parties, not just the banks, but the fintechs too, and understanding how that third party impacts the goals at the outset can really help the negotiation flow, help it be more efficient because you understand the goals of each party are from a compliance and operational perspective before you really start to dig into the nuts and bolts of the agreement.

But what's made this complex is in the past, the regulator's guidance wasn't always clear. Their voice was there. You knew it was there. [Kamaru Kohler] kind of said, maybe it sounds like Charlie Brown's teacher. You hear this voice in the background, but you can't quite interpret what they really mean. For example, they released this guidance last year, third-party risk management guidance. But it didn't differentiate between third parties that directly are consumer facing on the bank's behalf versus those where the bank still owns the consumer-facing relationship. That is a critical distinction in my opinion. I think regulators are coming around to this perspective because we're seeing there's been numerous enforcement. There's always enforcement actions against banks, but disproportionately, the enforcement actions are involving sponsor banks now.

Recently, a month and a half ago, they released this Request for Comment being like, hey, tell us about bank fintech partnerships. Both of those, the enforcement actions, they're public, unfortunately, but they're public. This comment thing is public. There's also the non-public, which is the examinations that go on. Thankfully, some of this is becoming more public, so it does allow the fintechs insight into what the regulators may be expecting.

With that background of how I view MSAs and why I view regulators as a third party, I think it's useful to just address some of those high-level obligations and concerns that regulators may expect to see in an MSA. That is, who's accountable for this relationship? Banks will always be responsible for complying with applicable law, but this gets back to who's the customer-facing, consumer-facing entity. But if it's a fintech, who's accountable for that?

Reggie Young:

Yep. That's a common theme. I've heard many conversations with folks who have sometimes been in the room with banks negotiating some of these consent orders. The understanding of roles and responsibilities is so important. I think there's a misunderstanding- not a misunderstanding, but folks that tend to be focused on, is the fintech direct to bank? But actually, the big issue is, does everybody in the relationship know what they're responsible for and who is supposed to be doing what? When the answer is, no, we've never actually talked this out, that's where you get a lot of problems because you get dropped balls. One party thought the other was doing the thing. It's an important area.

Andrew Grant:

Exactly. Yeah. I'm sure we'll talk about this in a little bit more detail later. Yeah, it's a hugely important area, and it is what has led to a lot of these enforcement actions because there is a misalignment or a misunderstanding of roles and obligations.

And then how will bank conduct ongoing monitoring and due diligence? And here you get into not only third-party vendor management, but fourth and fifth party. One of the recent enforcement actions mentioned that. Comptroller Hsu mentioned, hey, it's a supply chain. I don't think he's wrong with that analogy. But it is, okay, when you have this, how do you manage that? I think the regulators are going to start to put more prescriptive guidance on that.

Then how can the bank terminate the agreement in the relationship? And then what happens to consumers when that relationship terminates? These are some of the conversations that the regulator is having with the bank and also increasingly publicly. Those conversations inform the bank's MSA, which then informs the conversation between the bank and the fintech.

Reggie Young:

Yeah. I love that whole conversation framing. When I saw the draft of your first MSA piece that mentioned that, I just screenshotted it and sent it to the legal channel with it because I thought it was such a good, interesting practical way to view contracts. For non-lawyers, you can look at a bank partnership agreement, or just any agreement you want to do when working at a fintech, and think like, oh, this is just boring legalese.

Actually, it's setting out your practical operating obligations. It can set out things like, here's the customer support. Here's the responsiveness you're going to provide to the bank. Here's the data you're going to provide. I feel like that's where a good in-house lawyer or outside counsel flag those like, hey, you're agreeing to this obligation, are you sure you want to agree to that in the negotiations? I love that conversation point. Your point about regulators being a hidden third party to the conversation is a super important one, because there's a lot of terms you just can't negotiate in those agreements because they have to be there.

Andrew Grant:

Exactly. At least for me, I like the framing of conversation because it is a contract, so it is legal, but it's a business relationship. Especially for important agreements, non-lawyers, significant people in the organizations, should have an understanding of what's going on with this agreement and not just like, oh, it's a contract, legal deals with contracts.

Reggie Young:

Yep. I think effective bank partnership agreement negotiations I've seen, it's a hugely cross-functional effort internally at a fintech company because you have to talk to your data team, your products team. You figure out the engineering resources needed to meet a lot of the obligations. So it's not a simple you send it to your lawyers and they tell you what to negotiate and then you're done. It's a bit of a bigger lift.

Andrew Grant:

Agreed.

Reggie Young:

What about term sheets? There's this endless debate about what the line between a term sheet and MSA is. I'm curious, in your experience working with fintechs, how you've come to see the balance and draw the line between what's appropriate to put in a term sheet versus MSA. Maybe tease out the difference between those two things, because I feel like this is something that I see non-lawyers hit and get confused at, or it's always a point of debate of like, can we put this in the term sheet? Let's just add this and this and this. Most term sheets at some point, I feel like I have to end up saying like, hold on, let's talk about why we don't put everything in the term sheet. So yeah, would love to hear your thoughts.

Andrew Grant:

That's a great point. It's interesting because outside attorneys typically aren't involved in this term sheet process. Here's why. I distinguish between term sheets and MSAs in that they each serve an important but different purpose in the journey. For me, the term sheet is a kind of a road map of the negotiations. It outlines the key terms, the principles, and the intentions of the parties. It helps align this high-level structure, why do we want to partner? What do we want to accomplish? What are the commercial terms? What's the scope? But it's not meant to capture these detailed operational compliance or regulatory obligations that are better set forth in the MSA.

The MSA is where the rubber meets the road. That formalizes the working relationship. It lays out the detailed responsibilities. It lays out the detailed compliance obligations. You were discussing earlier about how multiple parties need to be involved with this because it lays out the operational processes. So it's like, okay, we need to do X, Y, and Z reporting, can we do that? Is how we do that ingestible by the bank? There's a reason why banks partner with fintechs, because they don't always have the most robust tech stack, or they partner with middleware providers to help with that tech stack because that isn't something that they themselves have or their core providers don't have. That's how I draw the line.

I think of it as the term sheet captures the overarching framework. They agree on the basics, and they're aligned on principle, then they can move. For me, at least the practical tip for the term sheet is like, this is where you identify the deal breakers. Is this a partnership that we want to move forward on? Negotiations with MSAs can sometimes be more drawn out than the parties like, but rarely does the relationship crumble because of what's in the MSA. But that's where it does in the term sheet, where it is like, wait a minute, we're not actually aligned on what product, or we want to move in. We're doing X, but in a year, we want to do Y. Oh, we don't support Y right now. We might in three years. So it's like, okay,  this is not a good fit, or this means that there has to be a non-exclusivity in the MSA because what we want to do, you can't do, etc. So it really helps that, should we proceed?

Reggie Young:

Yep. I think that's a great way to look at it, is the term sheets where you find the deal breakers, right? It's a good point. It's funny, too, because most term sheets have something that says like, this isn't binding, this isn't enforceable, we're just hashing out these terms. But in practice, the number of times I've seen negotiations on the full agreement, whether it's a bank sponsorship agreement or not, the other side puts a term in, you're like, wait, that's inconsistent with what you agreed with in the term sheet. And it's funny because the term sheet isn't technically binding, but it gives you negotiating leverage to be like, no, no, no, we do not agree to those economics. We're not going to pay you more than we agreed to in the term sheet, unless there's some new surprise that comes up that warrants it.

It's funny, it's an interesting balancing act because I think that there's always tension with term sheets because you want to try and find all the deal breakers. However, if you spend so much time building out a term sheet for all the possible aspects of the relationship, you can kill the deal, and you can make the other party lose interest. So it's like, well, you don't want to start doing the heavy lifting on an MSA. If there's a landmine, that would have just made it totally moot. But also, if you spend too much time trying to find landmines, you'll never get to the MSA fit. So it's a very, very funny balancing act.

Andrew Grant:

Yeah.It's like a Goldilocks problem again. You have to find the right balance where the parties are aligned. That's a great point about the supposed non-bindingness of them, but it is always disconcerting when you see the economics portion of the agreement, and my client's like, wait a minute, this isn't the economics we agreed to. Thankfully, almost every time, it is like somebody just wasn't informed. That, again, gets to there are so many parties involved with these agreements that making sure everyone is aligned is critical.

Reggie Young:

Yeah. I think that's one of my favorite doc comments to send back, is to say, hey, this is inconsistent with what you agreed to. Usually, they make the change pretty easily after that.

What about some of the top terms? Let's talk about the top two or three terms that you think fintechs or bank sponsors really need to get right in these MSAs? What do you think they are?

Andrew Grant:

For me, the first one, and this might seem very basic and very non-controversial, but it's a reason, unfortunately, more times than I care to count, is actually describing the product accurately. Again, this gets back to just different people handling different parts of the negotiation. Banks may be having a standard MSA and hearing from business, hey, we've agreed to a term sheet with X, Y, Z, send them the MSA and we get it. We look at it and we're like, wait a minute, this isn't the product that you're offering.

You may ask, though, why is this important? This is hugely important because this drives literally every other obligation in the agreement. If you're [inaudible], hey, we're offering you a deposit account. The MSA that comes back to you is more of a transactional account where the funds aren't intended to sit for any extended period of time. Everything else flows from that. Or if you offer a card product, it is for consumers, but you get commercial terms, or even worse, if it's for commercial and you get consumer terms, there's a whole wide range of additional obligations on you.

I can imagine a scenario where they actually agree to this. And the MSA frames it- they agree to the deposit account, they frame it as a transactional account. Then you're going to have compliance headaches. You're going to have possibly customer confusion. And then as we've seen from quite a few of these enforcement actions, they're like, hey, go back and actually review the agreements that you've entered into and make sure that the parties are complying with their obligations. And if you read it, it's like, oops, this product doesn't match what they're doing. That's a huge headache. It's not necessarily a difficult thing to do, but it's integral because it impacts everything else that flows from the agreement and then the rest of the relationship that flows from that. That's, for me at least, the table stakes basic, like you have to accurately describe the product.

Next is also flowing from that, and what we spoke about earlier with some of the enforcement actions, is clearly identifying the roles and responsibilities. Again, so you clearly identify the product. That will help you then identify what roles and responsibilities will the parties undertake. If the fintech is a consumer-facing, which they almost always are, you're going to want clear obligations about, okay, you're the one giving all legally required disclosures. The bank will have to sign off on these, etc.

But then it gets into, okay, how do we do marketing? Does the bank have to sign off on every single piece of marketing? Is it just a template? Is that unclear? One of the interesting things that I'm seeing, I'm probably guessing you're seeing too, is the use of AI in compliance. Actually, I've seen a bunch of demos but never actually seen it integrated, but lots of cool products out there where like, hey, we're going to scan this fintech's website, all their socials, everything. If there's a thing that comes through Twitter, so just call it Twitter, something that comes through LinkedIn, or if something on their website changes, we're going to notify you of that change.

Reggie Young:

It's a very hot area, a lot of folks trying to start companies in the space right now.

Andrew Grant:

And so if the MSA doesn't clearly define what these roles and responsibilities are, there can be confusion over who's authorized to do what and when, who's responsible if they don't do it, etc. So yeah, so that's something that I think is integral. It is something we're seeing improvement over the years in clearly delineating these roles and responsibilities. To your point as well, this gets back to, for the non-lawyers, it's like, okay, this is what you have to do. Can you do this? Are you capable of doing this stuff? And how are you going to manage that? Then finally, termination of wind-down provisions.

Reggie Young:

Yep. This has been mentioned more and more and more in consent orders. Not clearly articulated,

I think, in a lot of arrangements that's causing a lot of problems.

Andrew Grant:

Yeah. There was this case that, at least in my opinion, really flew under the radar. It was between Global Rewards and Bancorp in March ‘23. It was in Delaware. It was Delaware Chancery Court. Global Rewards alleged that Bancorp did not provide a sufficient time frame to wind down their card program and they saw injunctive relief. I'm sure as you know, working at Lithic, transitioning a card program is an exceedingly complex process. If you're just transitioning deposit accounts, okay, that's more straightforward. But transitioning your card program requires coordination along the networks, issuing processors, a whole bunch of different parties.

Reggie Young:

Yeah. If folks are curious, at Lithic, some of my colleagues have put out guides on this, there's so many factors. Sometimes you might need regulatory approval to move things, to move certain card programs. So if any folks are looking at BIN migration, they give you such BIN migration in Lithic, you should get some good guides. There's a lot of potential landmines if you're not careful.

Andrew Grant:

Exactly. I only know the request for injunctive relief, it's settled, so I don't really know what ultimately happened. But they quoted that they said the MSA was silent on transition or wind-down. It said the MSA does not establish a process or procedure for the off-boarding of accounts in the event of termination. When I saw that, I was shocked. I was like, Bancorp is a very large bank in this space. Global Rewards is a fairly large player in this space. They didn't have, what happens if we terminate and you wind down, how do you off-board or transition customers?

Happy to share that case with anybody you reach because it's hard to get Delaware Chancery cases. But it's a good read to just really understand the importance of why having this in the MSA is important. It doesn't need to be super prescriptive. It isn't like you have to have this five-page detailed wind-down program. But you should know like, oh, we're operating a card program, we need at least six months to transition. That should be the bare minimum for the time frame. And then how do you agree to the actual then parameters? Okay, so we're terminating, we need to mutually agree on a wind-down plan. How is that done? This doesn't need to be an extensive provision, but it does need to set the parameters.

Reggie Young:

A lot of important project management. The BIN migration piece that was mentioned, there are landmines, you can navigate them. It can be smooth. Fortunately, we've got a lot of folks here who do a good job of thinking about these sorts of things to ensure there aren't issues. But if you're not careful, there's just so many parties involved. There's the current bank. There's the new bank. There's the networks. There's regulators. There's all your existing agreements. Would you need to update cardholder agreements? Probably. It’s myriad considerations. All doable, can be very smooth if you're working with the right folks.

Awesome. What about the most negotiated terms? What do you think are the most heated parts, maybe top two most heated parts of clauses in bank MSAs?

Andrew Grant:

One will come as no surprise. It's the most negotiated one generally, indemnification of liability, risk allocation. But the reason why I think it's different from an MSA perspective between a bank and a fintech is, again, where the regulator's voice can be heard, which makes them, in my opinion, different than standard indemnification, limitation of liability, risk allocation clauses because they include regulatory penalties, data breaches, reputational harm.

From the bank's perspective, they typically want the fintechs to take on a significant portion of the risk since we're the ones directly interacting with the consumers. And they may push for broad indemnification clauses where the fintech agrees to cover any losses for activities, compliance failures, customer disputes, things of that nature. But the fintechs, their goal is to narrow this, obviously. They want limitations on indemnification. They may want to exclude indirect or consequential damages, or they may want to set their overall cap on liability. They also may seek carve-outs for items that they just can't control, like if there are regulatory changes, or if there's something that's the bank's own operational failures that cause this harm. These are controversial because they ultimately reflect balance of power and risk tolerance for the parties. And regulators-

Reggie Young:

They're interesting. This is a term I feel that has shifted in the past 18 months, the sorts of terms that fintechs have to agree to, indemnification as the consent order regulatory market, as banks have gotten more stringent and higher expectations. I think the indemnification clause is actually a really interesting one to see. What's the current pulse of the market, of the power dynamic?

Andrew Grant:

As you know, the market is shifting. One of the regulators' concerns has been, who needs which party more?

Reggie Young:

That's fascinating. You mentioned the request for comment that regulators put out about a month ago from when we were recording this, I believe. That's a huge part of the releases, this kind of awareness that, hey, if a fintech has way too much power for a bank, they may have the ability to kind of push the bank into terms that they might not want to for prudential reasons. Or the bank may be able to push the fintech into some optimal terms, which I think regulators are probably less worried about the bank being the more powerful one in that relationship. But I think it was interesting to see that very explicitly acknowledged by regulators.

Andrew Grant:

Yeah. That's obviously, again, not unexpected for being one of the most controversial ones, and different parties have different reasons. But those are some of the rationales for why and what each party's goal is to achieve when they do this.

The second one is adjacent to ancillary to the wind-down, and that's what leads to it. It's the termination rights. Wind-down deals with the aftermath. Termination focuses on the conditions that lead to that. This can be contentious because the parties, they ultimately want to have fair, transparent, and predictable pathways, but their incentives often don't always align. The banks, they typically want very broad termination rights if the fintech fails to meet various compliance standards, if there's changes in regulatory landscape, as well as fairly squishy terms, vague terms like reputational risk. They also might want to seek termination for convenience if there are business plan changes. And they're like, okay, we no longer want to serve this market.

In fintech, they want a more restricted set because this is in many ways existential for them. They don't want to be subject to a prop or arbitrary termination. So they may want specific definitions of what is a material breach, or we want to have fairly generous churn periods that allow us to do this and not just something like a standard, it's like, oh, you have 30 days to churn. Some breaches can't be churned in 30 days. You're inherently not going to be able to do so. So it's like, okay, we want something that allows us to, this is a significant breach and it'll take longer. We're going to do it. We're going to come up with a plan. We're going to show you our plan, but we need more time. Don't terminate this agreement because of this.

From their perspective, again, it's more existential. As I'm sure you're aware, probably a few other questions too, should we have backup banks? Should we have bank redundancy? And that's hard to get. If you're a very large fintech, sure. Otherwise, finding the appropriate partner and paying them just on this off chance, that doesn't necessarily make sense. You don't want your existing bank to terminate you for reasons that you feel you could have fixed. That's another element that can be fairly contentious depending on how aggressive either party is in your ask here.

Reggie Young:

You mentioned this a little bit. It's funny how much- this is where regulators' voice can come in a lot in the termination clauses. It's a funny negotiating situation because banks will always want something like, we can terminate if there's a regulatory reason. It's like, okay, well, what does a regulatory reason mean? Is it because a regulator told us to, or is it because we think it poses regulatory risk? Well, who's deciding that risk? It's a very squishy- the bank is always going to want a regulatory out. A fintech is going to have to eat that, but the specific degree of how it's phrased is where I think the magic of that power dynamic manifests.

Andrew Grant:

Yeah. I'm not trying to dispute that like, oh no, this shouldn't be in there from the bank. It 100% should be in there from the bank's perspective, but there's a way of phrasing it in a way of giving some hopefully greater clarity around what this actually means that hopefully isn't just- even if there is no termination for convenience, effectively operates as a termination for convenience because you don't really have to demonstrate any sort of potential regulatory harm. You're just like, okay, regulatory risk, what risk?

Reggie Young:

I think it's one of those funny examples, too, where if you approach it from a pure theoretical example, I think non-lawyers can get spooked by that sort of stuff. But if you're the lawyer, you're like, this needs to be here. The bank needs this, and it doesn't say that they don't trust us. It's something they just need for regulatory reasons to have these sorts of outs in. I feel like that's a conversation I've had dozens and dozens of times with non-lawyers around like, don't read too much into this. This has to be here. We have to talk about termination. Nobody wants to when they're starting a fintech program. Nobody wants to talk about the ugly potential termination situation, but it's important to hash out. And it says nothing about what the other party actually expects from the relationship. It's always a funny dance.

Andrew Grant:

Yeah. That's the same thing with the wind-down. No one at the beginning of a relationship- everyone's happy, like, oh, this is going to be great. No one wants to think, well, what happens if something goes wrong? No one wants to think about that. But unfortunately, it is something that, especially in financial services, you really do need to contemplate.

Reggie Young:

We chatted briefly earlier, like indemnification, we're seeing some changes in light of recent enforcement action, the power dynamic shifting, but what are some of the other key changes that you've seen in MSA terms that either fintechs or banks have been adding in the light of the recent regulatory focus?

Andrew Grant:

One that I've seen, which may become moot to some degree, solely because it's now going to become a regulatory obligation, is this insight into account balances reconciliation. One large reason for the rise of fintechs is it's very expensive to open a bank account from the core providers. And so, okay, we're going to have this vast provider, usually, not the fintech. They have the technology capable and we're going to open- everyone says FBOs, and I know it's a controversial word now. It has many different flavors and means many different things. It could be a true FBO. It could be an account with sub-accounts, where it is meant to be an actual deposit account, etc. But either way, the fintech or the intermediary is the one that has the ledger for that.

The bank doesn't because they just don't have the tech for that, their corporate provider doesn't have the tech for that, it's cheaper to operate this way.

And so for the longest time, agreements didn't really address any sort of feedback of data transfer for, how are we going to reconcile this? How are we going to have visibility into what your ledger says? And so I have seen this. I haven't seen, and if I expect to see, what happens if there's a discrepancy? How is that addressed? But there has been a push to be more transparent with, hey, we need either daily access to your records for this, or we need real-time connections. But again, the real-time connections comes down to- this may require the bank to improve its tech stack to allow this. So they may be forced to get read-only access because they don't yet have the ability to get this real-time API connection for the ledger. But I've certainly seen that. But again, so recording this on the 19th, the 17th, the FDIC released its proposed rule on basically requiring direct, continuous, and unrestricted access to records, and even including file formats that these should include.

Reggie Young:

It's funny. I wrote a note down to touch on the file format point because it's such an interesting- folks like to complain that regulators haven't provided enough specific guidance. But this is the downside, if you ask for more specific guidance, is they might dictate the exact file format that you need to share and provide. Do you really want that? Do you really want more clarity and specificity? Not always, it's not necessarily always a great thing.

Andrew Grant:

Yeah. I know this is kind of outside what we're talking about, 1033, I like that they delegated to the standard setting body to allow for evolution of data formats and standards. And I know that there's been a push in the fintech ecosystem to try and come up with some sort of governing, non-governmental, some type of oversight body, credentialing body, etc. And I think that would probably be better suited. I'm guessing some of the feedback probably will be about, hey, this format may not be applicable for all instances. It may become dated, etc. We need flexibility here. But I also think that incumbent on the industry to step up to be like, here's how we're going to solve for this.

Reggie Young:

Yeah, it's fascinating. There's this high-level theoretical debate in law of like, are rules better or are standards better. I think this data format is like, do you want a rule? It's a good example. I think an example of a standard would just be safety and soundness. This is high level, super vague, really squishy, hard to follow. But also, if you exercise your best judgment, you're probably okay. Or do you want really specific rules where you know that you're okay, but also, you're going to have to follow the specific file format. It's one of the endless theoretical debates that I find fascinating.

Andrew Grant:

Yeah. We're in consumer financial services, so yeah.

Reggie Young:

What about some of the top landmines that you think fintechs and banks most often set themselves up for failure within MSAs? What do you think are some of the top items there are?

Andrew Grant:

We've already discussed some of the larger ones, the insufficient wind-down provisions, the inaccurate descriptions of the program that lead to misalignment of roles and responsibilities. So I'm going to talk about one that may be a little unexpected but definitely can impact the fintech down the line. This is limitations on assigning the agreement.

Many assignment provisions limit the right to assign any rights, duties, or obligations without the bank's consent. It's usually some vague standard not to be unreasonably withheld. From the bank's perspective, this makes sense. They have safety and soundness concerns. They have prohibited business risks. They have reputational risk and the like. But the reason why this potentially limits or hurts fintechs is it can prevent them from selling without the bank's consent, and you don't really have a clear standard on what withholding without reasonable means, without reasonable justification.

And so fintechs, if they're expecting a lengthy relationship with the bank, they would like to, at some point, sell, working to revise this to give some sort of greater predictability about when they can withhold consent. So something along the lines of, we can withhold consent if this presents us a safety and soundness risk. You're selling to a prohibited party, say they do business in the marijuana industry, and a marijuana company wants to buy them, etc. Or doing so would violate applicable law, like trying to put some guardrails around this because any decent diligence will immediately unearth, oh, the bank has complete control. And this is a very squishy we can withhold our consent not to be unreasonably withheld.

Reggie Young:

It's one of those boilerplate clauses, which I think we'll talk about in a second. It's a boilerplate clause that I think is often overlooked, but I have seen it practically come up in several instances, including some where it's another company seeking our consent, not an MSA bank, MSA situation, but just like, oh, we have a vendor agreement with this vendor. All of their terms say that they can't assign it without our consent, and now they got acquired. And now they have to go to all of their 400 customers and get consent. The logistical headache of doing that is fast versus, oh, we just need to give notice that we've been acquired. I was dealing with this a week and a half ago, which is why I feel so impassioned about it.

We're on the receiving end for getting one of these requests, but it isn’t very practical, like, oh, if you're a founder running a company, let's say you have multiple products, one reaches good scale, you want to sell it off for money to invest in the others, whatever, you can't sell that with all of its contracts associated. It's part of the M&A process of now we need to go get consent, and hey, if you don't get consent, you may not be able to sell.

Andrew Grant:

Exactly. The bank, maybe for whatever reason, just has a vague hesitation. And they're like, okay, we don't like this. Again, like you noticed, safety and soundness is a standard. That does give them some latitude, but it's not unbounded. And so at least, again, putting some better guardrails or some better predictability into what limitations the bank will actually reject the deal. Now, I'm not saying the bank doesn't need to consent. They obviously do. It's their product, so they obviously need it. But like you said, it's a boilerplate clause that may just be glossed over without founders thinking about it, but it may impact your ability to sell down the line. It may cause unnecessary friction, etc. This deal may still get done, it just may take longer, etc. So just something to be aware of with what your goals are when you're entering into the contract.

Reggie Young:

Last thing I'd love to jam on for this episode is something you mentioned in the first part of the MSA series, which is the toll and framework. It's going to be a little like a lawyer dorking out for a second, but I promise for non-lawyers, I actually think this is a useful framework for thinking about what are the important things to negotiate and to focus your attention.

To your point, you get a bank MSA, it's 60 pages, you're like, holy crap, I don't have time to review that this week. I'm just going to send it to outside counsels. No, no, there actually are important provisions that you need for all the cross-functional team input stuff that we talked about, you actually need to look at this stuff. So the key is like, how do you navigate looking at what's the priorities in the agreement. I think that the toll and framework that you mentioned is a great way to, I don't know, help non-lawyers maybe look at a contract and better prioritize what matters. What exactly is that framework, and what are maybe an example or two of each kind of category?

Andrew Grant:

This reminds me, at least to me- there's a very funny tweet a couple years ago. It went something like, my boyfriend's in law school taking a contracts class, but he hasn't gotten to the point where he learns whether a contract is good or not. I sometimes ask him to review contracts I had to review for work, and all he can tell me is, yep, this is a contract.

Reggie Young:

Yep. It's very funny. I think a lot of law school students take contracts in their first year law school and never read a single contract. You just read lawsuits about contracts. It's pretty funny.

Andrew Grant:

And so that's why I like this framing. Basically, he wrote for lawyers here, if you do anything with tech contracts, I highly recommend his book, the tech contracts guidebook. But he goes through, and he breaks it up into- there's a different hierarchy of clauses. We've got prime clauses. We've got general clauses. We've got boilerplate clauses. So he had his framework for tech contracts. And I was like, I think that's a very useful framework for thinking of MSAs. It's probably also if your company has its own MSA for its products, etc., that it’s selling, I think it's useful for you to train your business people, your salespeople to understand this because the less you have legal involved as a lawyer, usually the better. And so you watch your non-legal people to understand what's in the agreement, what the purpose behind provisions are, why they're there, why you might get pushback, when it's okay for you to accept the pushback, when it's like, okay, now this presents risk, etc.

We spoke about quite a few of these already. So I'll share how I've categorized it. For prime clauses, those to me are fundamental clauses to the MSA. They should be reviewed carefully always. We spoke about termination rights, indemnification of liability, etc.

Reggie Young:

The economics of the deal, it's kind of the bread and butter of why does this contract matter.

Andrew Grant:

Exactly. And then you have, what is this product about? What are the roles and responsibilities, etc.? Those are the types of elements that I generally consider to be prime clauses. Then there's the general, which are in many contracts, but they have a slightly different intonation maybe for bank MSAs. Those are things like, say, insurance requirements, like how you do subcontractors? How is that done? What are the service level agreements? The assignment clause that we spoke about before, that's in all agreements, but it may have particular relevance in the fintech industry. 

Last is just boilerplate clauses. These are in all agreements. Not saying they should be skipped. They should certainly be reviewed because there can be “landmines” in them. But these are things like force majeure, what constitutes the entire agreement, choice of law. Choice of law can definitely be one because there are parties that are like, I want my choice of law to be here and the venue is going to be here, I will not compromise. I'm from Colorado. I know these laws. You don't. This gives me, I think, an advantage, so the disputes arise. Those are boilerplate, but it's good to understand where they're coming from and at least be aware of.

Notice is another one. Some banks will say, we're not going to accept notice via email. And it's like, we're doing everything. We're negotiating this electronically.

Reggie Young:

Notice is a very, very funny clause, one of those again that only the lawyers tend to wade into. The number of times there's a physical address notice that is actually where the business was four offices ago or where the bank used to have an office. It's so funny, happens regularly.

Andrew Grant:

Yeah. It's just like, wait, do you really not accept notice via email? They're like, no. It's like, okay. You have to operationally be prepared. Okay, we got this thing and the agreement says we have to give notice. And yeah, you emailed your partner or your relationship manager or whoever. But if, say, something arises because of that, they can be like, oh, we never actually technically received notice. So it's one of those dot the I's, cross the T's type of thing for how you give notice.

Reggie Young:

Awesome. Well, Andrew, this has been a great conversation. I appreciate the crash course in bank fintech MSAs for our listeners. If folks want to learn more about Runway or get in touch, where should they go?

Andrew Grant:

You can go on LinkedIn, go to our website, rnwy.group. I'm on Twitter. I'm terminally online, Twitter. Speaking of notice, you can give notice to me via- never accepted carrier pigeon, but somebody wanted to send me something. So yeah, pretty easily found.

Reggie Young:

Amazing. Awesome. Thanks so much for coming on.

Andrew Grant:

Thank you so much for having me, Reggie. This was great.