CFO Banking Relationship Scorecard: 100-Point Renewal Framework

This is for CFOs deciding whether to renew, expand, split, or exit a banking relationship. Fees and rates still matter, but the renewal decision should also test credit capacity, treasury operations, deposit concentration, public bank condition, and any limits created by enforcement actions or third-party risk controls. Fintech founders, credit analysts, financial journalists, and small-bank directors can use the same framework, but the core question is the CFO’s: can this bank support the business when conditions change?

Executive summary: This CFO banking relationship scorecard is a 100-point renewal framework with several pass/fail tests. Use it before a credit renewal, treasury-services review, sponsor-bank launch, board liquidity review, or new RFP. Renew the full relationship only when the bank clears must-pass operating, credit, compliance, and public-condition checks; if it fails one, keep the bank only where it is strong and split the rest before pressure forces the decision.

A useful CFO banking relationship scorecard puts the proposal beside evidence. The proposal shows fees, earnings credit rate, loan spread, treasury pricing, and promised service. The scorecard asks whether the bank can support payroll, wires, ACH, borrowing, liquidity, fraud response, and board-level risk review when conditions change.

Use a 100-point CFO bank renewal scorecard

Start by writing down the bank’s actual job. A company using one bank for operating deposits and a revolving line has a different risk profile than a fintech using a sponsor bank for FBO accounts, meaning accounts held for the benefit of end customers, ACH origination, card issuing, or program-manager oversight. A bank that is fine for basic deposits may be the wrong lead bank if the company needs API-supported reporting, daily reconciliation, borrowing-base work, or a second bank ready to receive payroll files within one business day.

Give each candidate the same 100-point review, but make some items pass/fail. A lower fee quote should not offset a failed backup-contact test, a missing treasury-control workflow, or an active order that restricts new fintech products without regulator non-objection, meaning written or documented regulatory clearance to proceed.

• Operating reliability, 20 points and pass/fail: test ACH, wire, positive pay, payroll, lockbox, and file-transmission cutoffs with the operations team, not only the relationship manager.
• Credit capacity, 20 points and pass/fail: score the renewal calendar, borrowing-base reporting, covenant headroom, collateral-release process, and whether the bank’s credit appetite still matches your revenue, burn rate, or working-capital cycle.
• Treasury controls, 15 points and pass/fail: require dual approval, user entitlements, out-of-band call-back procedures, admin change logs, and a named fraud escalation path for wire recall and ACH return events.
• Deposit structure, 15 points: compare uninsured balances against the FDIC standard insurance limit of $250,000 per depositor, per insured bank, for each account ownership category^[1], then document sweep, reciprocal deposit, collateral, or second-bank plans.
• Sponsor-bank fit, 15 points and pass/fail if relevant: for embedded finance, map who owns BSA/AML, Reg E electronic-funds-transfer duties, Reg DD deposit-disclosure duties, fair lending, complaint handling, ledger reconciliation, and customer communication under the June 2023 interagency third-party risk guidance.^[2]
• Public bank condition, 15 points: review capital, liquidity, deposits, commercial real estate (CRE), past-due loans, charge-offs, and allowance coverage from FFIEC Call Report schedules before treating the bank as a long-term operating partner.

Before the renewal meeting, pull the candidate bank in Deep Digital Ventures bank search and individual bank profiles, then compare the public-data review with the banker’s proposal. If the proposal says “relationship-led service” but the public record shows fast deposit mix changes, elevated CRE concentration, or an unresolved enforcement action, make the banker explain the gap in writing.

Scorecard category	Evidence to request	Decision rule
Operating bank	ACH and wire cutoffs, fraud desk process, backup contacts, treasury user-control report	Must pass. Do not rely on a single relationship manager for payroll, debt service, or daily cash movement.
Credit bank	Term sheet, covenant model, renewal calendar, collateral and borrowing-base requirements	Must pass. Discount unused credit capacity if renewal depends on conditions the company cannot meet under a downside case.
Sponsor bank	Third-party risk policy, compliance owner map, ledger reconciliation process, regulator non-objection status if applicable	Must pass if relevant. Treat onboarding speed as low value if oversight, data, or customer-funds reconciliation is unclear.
Bank condition	Call Report balance sheet, capital, loan mix, past dues, deposits, income, charge-offs, allowances, and average balances	Escalate if public filings show weak capital trends, rising past dues, funding pressure, or CRE concentration above supervisory screening levels.

Use these bands after any pass/fail issues are cleared: 85 to 100 supports full renewal, 70 to 84 supports renewal with limits or a backup bank, 55 to 69 calls for a split relationship or RFP, and below 55 means the bank should not remain the lead operating or credit provider. The practical red flag is not a low score by itself; it is a low score paired with no written mitigation plan.

Look beyond the relationship manager

A strong relationship manager is useful, but the bank’s systems, risk appetite, and regulatory status decide what the relationship can actually do. The June 2023 interagency third-party guidance covers planning, due diligence, contract negotiation, ongoing monitoring, and termination.^[2] For fintech founders and sponsor-bank boards, those are not abstract governance words. They define who can approve a new program, who sees end-user complaints, who reconciles FBO balances, and who can shut down a risky partner.

Public orders show why the scorecard needs a regulatory-status line. Blue Ridge Bank’s 2022 formal agreement required a written program for third-party fintech relationship risk management.^[3] Cross River Bank’s 2023 FDIC consent order addressed fair-lending compliance, internal controls, information systems, and credit underwriting practices.^[4] Lineage Bank’s 2024 FDIC consent order addressed third-party risk management and fintech partners.^[5] Evolve Bank & Trust’s 2024 Federal Reserve action addressed anti-money laundering, risk management, and consumer compliance programs.^[6]

The CFO takeaway is direct: if an order limits new products, new fintech partners, brokered deposits, growth, capital distributions, or board approvals, the scorecard should not treat promised capacity as available capacity. Ask the banker for the written boundary, the remediation owner, and the expected public termination path before giving credit for future expansion.

For sponsor-bank relationships, add one more question: what happens if the middleware provider fails? The CFPB’s Synapse Financial Technologies action states that Synapse filed for chapter 11 bankruptcy protection on April 22, 2024 and alleged a shortfall between partner-bank funds and Synapse records of $60 million to $90 million.^[7] That was not a normal bank failure. It was a ledger, reconciliation, and customer-access problem, which is exactly the type of risk a bank relationship scorecard should force into the open.

Use regulator databases directly when a candidate bank matters to payroll, credit availability, or customer funds. Search FDIC, OCC, and Federal Reserve enforcement pages, then verify whether any order changes what the bank can actually deliver.^[8][9][10] Verification belongs after the business case is clear: first decide what the bank must do, then confirm whether public records support that role.

Include bank health as a scorecard category

CFOs do not need to become bank examiners, but they should know where the public evidence lives. The FFIEC Central Data Repository is the starting point for Call Report data.^[11] Use FDIC BankFind and the Federal Reserve’s National Information Center to confirm the legal institution, regulator, ownership chain, and active status before comparing banks.^[12][13] Do not score a brand name when the legal bank behind it is the actual counterparty.

Build the bank-health section from schedules, not adjectives. The Call Report balance sheet, regulatory capital schedule, loan-mix schedule, past-due and nonaccrual schedule, deposit schedules, income statement, charge-off schedules, allowance schedules, and average-balance schedules show whether the bank’s public profile fits the role you want it to play. CECL, short for current expected credit losses, is the accounting framework behind the allowance schedule and comes from FASB ASU 2016-13, Topic 326.^[14]

Use thresholds as screens, not automatic verdicts. The December 2006 Interagency CRE Concentration Guidance says supervisors may give closer review when construction, land development, and other land loans equal or exceed 100 percent of total capital, or when total CRE loans equal or exceed 300 percent of total capital and the CRE portfolio has grown 50 percent or more during the prior 36 months.^[15] Those numbers do not prove a bank is unsafe, but they tell the CFO what to ask next: property type, geography, tenant concentration, risk-rating migration, stress testing, and capital planning.

For larger OCC-supervised banks, 12 CFR Part 30 Appendix D is another useful benchmark because it expects a written risk governance framework, a risk appetite statement, concentration limits, and risk data aggregation suited to the bank’s size and complexity.^[16] A CFO does not need the bank’s confidential exam rating. The public question is narrower: does the bank’s public profile fit the role you want it to play?

Use this four-step workflow before renewing the lead relationship. First, identify the legal bank in FDIC BankFind or NIC, not just the brand on the website. Second, pull the latest Call Report and score capital, asset quality, liquidity, deposit mix, earnings, and loan concentration. Third, search FDIC, OCC, and Federal Reserve enforcement pages for orders, agreements, civil money penalties, or terminations. Fourth, put the evidence beside the proposal and decide whether to renew, split services, add a backup bank, or run a new RFP.

Finding	Scorecard action	Practical decision
The bank is below both CRE supervisory screens and has stable deposit detail.	Keep bank-health risk neutral, then focus on service, credit, and treasury execution.	Renew if pricing and operations also clear the must-pass tests.
The bank exceeds the 100 percent construction-and-land screen or the 300 percent CRE screen with 50 percent growth over 36 months.	Ask for management’s CRE concentration explanation, capital plan, and stress assumptions.	Do not make that bank the only operating liquidity provider without a second-bank plan.
The bank has an active order limiting new fintech partners, new products, growth, or compliance remediation.	Score promised expansion as conditional until the bank shows written regulator status or public termination.	Use the bank only for the products it can actually deliver under the order.
The company will routinely hold uninsured operating balances above the FDIC insurance limit.	Document sweep, reciprocal deposit, collateral, or same-day transfer procedures.	Keep payroll and debt-service funding at a backup bank if the treasury team cannot move cash quickly.

The decision rule is simple: renew the full relationship only when the bank clears the must-pass operating, credit, compliance, and public-condition checks. If it fails one must-pass item, keep the relationship where it is strong, but split deposits, credit, treasury, or sponsor-bank exposure before the next renewal date forces the decision under pressure.

FAQ

How often should a CFO run the scorecard?
Run a light version each quarter after Call Reports update, and run the full version before a credit renewal, sponsor-bank launch, merger announcement, enforcement action, major treasury-system change, or board liquidity review.

Should the lowest-fee bank ever win?
Yes, but only after the bank clears the pass/fail items. A low treasury fee is not useful if the bank cannot support payroll timing, fraud escalation, credit renewal, deposit liquidity, or required third-party oversight.

Which public filing should a non-bank specialist read first?
Start with the Call Report schedules for balance sheet size, capital, deposit structure, loan mix, past dues and nonaccruals, income, charge-offs, and allowances. Then compare those numbers with the role the bank is being asked to play.

Does FDIC insurance solve platform-account risk?
No. FDIC insurance addresses insured-bank failure up to the applicable ownership-category limit. It does not by itself solve nonbank failure, ledger mismatch, fraud, customer-record gaps, or delayed reconciliation between a fintech, middleware provider, and sponsor bank.

Sources

1. FDIC deposit insurance resources: https://www.fdic.gov/resources/deposit-insurance/
2. June 2023 Interagency Guidance on Third-Party Relationships: Risk Management: https://www.fdic.gov/news/financial-institution-letters/2023/fil23029.html
3. OCC Blue Ridge Bank formal agreement announcement, August 29, 2022: https://www.occ.gov/news-issuances/news-releases/2022/nr-occ-2022-130.html
4. FDIC Cross River Bank consent order FDIC-22-0040b, March 8, 2023: https://orders.fdic.gov/sfc/servlet.shepherd/document/download/0693d000007xEStAAM
5. FDIC Lineage Bank consent order FDIC-23-0041b, January 29, 2024: https://orders.fdic.gov/sfc/servlet.shepherd/document/download/0693d00000BrElHAAV
6. Federal Reserve Evolve Bancorp, Inc. and Evolve Bank & Trust enforcement action, June 14, 2024: https://www.federalreserve.gov/newsevents/pressreleases/enforcement20240614a.htm
7. CFPB Synapse Financial Technologies enforcement action: https://www.consumerfinance.gov/enforcement/actions/synapse-financial-technologies-inc/
8. FDIC enforcement decisions and orders database: https://orders.fdic.gov/
9. OCC enforcement actions page: https://www.occ.gov/topics/laws-and-regulations/enforcement-actions/
10. Federal Reserve enforcement actions page: https://www.federalreserve.gov/supervisionreg/enforcementactions.htm
11. FFIEC Central Data Repository Public Data Distribution: https://cdr.ffiec.gov/public/
12. FDIC BankFind: https://banks.data.fdic.gov/bankfind-suite/bankfind
13. Federal Reserve National Information Center: https://www.nic.federalreserve.gov/
14. FASB ASU 2016-13, Topic 326, credit losses and CECL framework: https://storage.fasb.org/ASU_2016-13.pdf
15. December 2006 Interagency CRE Concentration Guidance: https://www.federalreserve.gov/frrs/guidance/interagency-guidance-on-concentrations-in-commercial-real-estate-lending-sound-risk-management-practices.htm
16. 12 CFR Part 30 Appendix D risk governance standards: https://www.ecfr.gov/current/title-12/chapter-I/part-30/appendix-Appendix%20D%20to%20Part%2030
17. FDIC March 2026 Call Report materials and instructions: https://www.fdic.gov/bank-financial-reports/current-quarter-call-report-forms-instructions-and-related-materials
18. FDIC FIL-45-2024 joint statement and request for information on bank-fintech arrangements: https://www.fdic.gov/news/financial-institution-letters/2024/fil24045.html
19. FDIC 2024 FIL index, including FIL-42-2024 on AML/CFT program requirements: https://www.fdic.gov/news/financial-institution-letters/2024

Continue reading→