Fintechs must take a good look at compliance considerations as they go through the process of making business-critical technology choices. When evaluating and selecting partners or technologies needed to deliver an innovative client experience, there is a high risk of making mistakes. These mistakes can jeopardize fintech firms’ ability to operate correctly either as regulated firms or as partners of regulated providers. Careful technology review and consideration of fintech compliance outsourcing can mitigate these risks.
Technology lies at the core of financial innovation in today’s world. Financial startups typically bring together a mix of the technology that they build themselves and the technology provided by other companies. In each case, innovators must factor in the compliance considerations related to the technology they use.
When Compliance Affects Technology Choices
Even innovators that do not require licenses to operate and are not classified as regulated entities by any regulatory body need to wrestle with the compliance implications of their technology choices.
They may also need to conform to the requirements of the technology partners they select if those partners provide regulated services (such as banks, broker-dealers, or money transmitters).
Three main scenarios emerge at the intersection of technology and compliance:
- Unregulated firms that must meet the compliance and due diligence requirements of a partner,
- Regulated firms that choose third-party technology to enable their business model, and
- Selecting compliance operations technology to fulfill specific regulatory requirements.
Considerations for Unregulated Firms
Most firms operating in the fintech arena build their offering by establishing strategic partnerships with one or more banks or other regulated entities. Because those partners are regulated, they have strict compliance policies for companies that access or resell their platforms.
Such strict policies result in an intense and rigorous due diligence process so that these regulated entities can meet their regulators’ requirements. During due diligence, a fintech’s regulated partners may impose requirements on the regulatory structure, business processes and practices, and compliance with operational guidelines and records requests.
Meeting the Requirements
An unregulated startup may not have much familiarity with the needs of its regulated partners. Following these five critical steps can help make sense of this potentially confusing process:
- Understand and act on the type of regulatory structure required by a potential new alliance
- Audit and correct areas that would trigger red flags — doing so prior to initial conversations is key
- Approach contract negotiations with a clear view of where there is room to maneuver and what is non-negotiable
- Prepare for and then execute prompt and proper responses to all documents and records requests
- Demonstrate seriousness about deploying products and services in a compliant manner, either in-house or via outsourced fintech compliance.
At InnReg, we guide fintechs through this process from start to finish.
Experience with the nuances of partnerships and alliances and the downstream compliance implications makes an enormous difference in navigating the waters with partners who have significant legal and compliance resources behind them.
Considerations for Regulated Firms
Firms such as digital broker-dealers, investment advisors, and money transmitters must themselves become regulated entities and obtain licensing through appropriate regulatory bodies. From there, they must comply with the oversight, control, and reporting requirements of their regulators.
For technology choices, such requirements mean that the technologies they use to support their operations must also enable compliance.
Compliance-Ready Technology Choices
Every technology selected by a regulated firm must enable or, at minimum, not impede, compliance. Affected technologies include email and standard office tools, marketing platforms, and specific technologies that support core business processes such as account opening, deposits, transfers, withdrawals, clearing, and settlement.
Concerning compliance, all of these technologies must:
- Allow for the appropriate level of recordkeeping and audit
- Conform to rules that govern core business processes
- Respect data usage and privacy regimes where a firm does business
- Provide the necessary security.
The challenge is understanding the exact requirements needed for a firm’s regulatory structure and operating jurisdictions. From there, assuming technologies are compliance-ready, the use of such features must be designed into business workflows with appropriate compliance processes.
Many firms tend to uncover compliance considerations only after they select a particular technology.
InnReg’s approach is to look at these technology decisions holistically and proactively to tie them into an overall plan.
Technology for Compliance Operations
The final category of technology choices ties directly to compliance operations. These technologies include:
- Tools that monitor email and other digital communications
- Tools and databases that support critical compliance activities such as Know Your Customer and Customer Due Diligence (KYC/CDD)
- Systems that allow detection, investigation, and reporting of suspicious activities (SAR)
- Learning Management Systems to make sure staff receive appropriate training and document that they have done so
- Leading-edge automation and AI technology referred to as RegTech
The universe of operational technology for compliance is quite broad. Many solutions exist, and it can be challenging for firms to identify the right platforms for their needs while addressing the interdependencies of how they interact with each other and with other business-critical technology.
InnReg supports clients who wish to carry out all or part of their compliance operations in-house by helping them evaluate operational technologies using many years of experience with the complexities and the pros and cons of the available options.
In addition, when InnReg handles compliance operations on an outsourced basis, we bring a full suite of compliance technologies as part of our overall solution. The plug-and-play approach of fintech compliance outsourcing can help startups go to market correctly and more quickly than building a compliance function from the ground up.