If you’re operating in finance - any area of finance - then you probably know that as much as it is important to have a good business plan, it is equally important to have high levels of compliance. Even more so if your business is a fintech one – that is to say, if technology is used in order to improve financial services use and delivery to consumers.
The financial services industry has, for the longest time, been at the crosshairs of various regulators and government agencies seeking to enforce consumer protection, reduce fraud, and make sure that the wider financial system is fair and just. This effort has led to exorbitant fines for financial institutions that do not play by the rules – not that rare to the tune of millions of dollars.
It is tough enough as it is for traditional financial companies to navigate the murky sea of financial compliance if your company is in fintech - and it is even more difficult if your company is a fintech.
Fintech Compliance - Compliance 2.0
Why is the time for compliance 2.0 right now?
Fintech companies, being the “hot new thing” for government regulators, have completely reshuffled the deck. With a dynamic approach to a traditionally rigid industry, fintechs tend to change the way the game is played. What’s more, they do it often and fast, which just leads to more trepidation from the regulators.
Operating in such an ambiguous, vague, yet quite highly regulated space, fintechs are in a similar position that a lot of emerging banks were some three decades ago - learning things the hard way as they go along. This means that, what is usually needed for market regulation to take shape, is for a company to cross a line and to be fined by the regulator. Subsequently, all other market players will know what to watch out for and what is considered to be unacceptable business behavior.
In order to avoid this kind of “learning by doing” existence, fintech companies have taken to balance their investment in operational expansion with the simultaneous growth of sophisticated compliance programs. Even more so, since a number of banks have started partnering up with Fintechs and some of that bank weariness has begun to rub off.
Given the intricate web of financial compliance and the fact that there are a lot of regulatory agencies overseeing this area, it would be prudent to always be alert and ready to tune up one’s business. For that reason, let’s take a deeper dive into the specifics of fintech compliance.
Specifics of Fintech Compliance
Fintech Compliance – same, but just a bit different
With the stakes high as they are, developing complex internal compliance programs or seeking outsourcing solutions and acquiring compliance through external vendors has become a norm. Introducing a robust, sound, and grounded approach to ensuring a high level of conformity of corporate operations with legal and regulatory norms is as much a prerequisite for success as is having cutting-edge technology at the ready.
Fintech Risks: Types of Risks to Spot and Mitigate
Firstly, it is important to bear in mind that fintech regulation is, ultimately, that of banking, at least from the point of view of regulatory agencies and lawmakers.
The majority of controls and guidance that traditional banking institutions follow are essentially the same. The key difference is that traditional banking institutions often have a long history, massive experience, and huge teams focused solely on risk.
On the opposite end of the spectrum, fintech companies - especially emerging ones - start out small, with development teams putting a top priority on engineering and product development. Still, fintech compliance ought to be just as important for several key areas of fintech risks that are accentuated in this regard.
- Legal risk. This one probably comes to mind first. As we’ve mentioned already, the fintech sector acts as a kind of a spoilsport for financial regulators due to its dynamic nature. Lack of timely regulatory oversight and guidance from lawmakers only makes it more difficult - and these can take a lot of time to be developed and to enter into force. For all of this, it is very important to be careful with planning out your operation. Make sure that legal risks are clearly identified and that a sound base for fintech compliance is put in place from the get-go, mitigating potential risk as early as possible.
- Reputational risk. Given the exposure of the products in the fintech sphere, reputational risks can occur with each and every product launch. This is only compounded with each client relationship that is carefully developed and the nourishment of which is fostered with every step of development. A critical mistake that can lead to a regulatory fine - and bad publicity – which could tear reputation down rather quickly. Not to mention that this could cascade and affect the bottom line for other products the company develops, as well as its overall image and associated trust.
- Financial risk. It goes without saying that, should a company find itself in breach of any legal statute - fines would have to be paid, which could impact both the war chest at the time and subsequent investments, share prices, ability to raise (additional rounds of) capital, and could also impact investor and consumer confidence.
- Business risks. This category covers all of the other, unforeseen risks. Seeing as how fintechs create business models targeting disruption of the status quo, it is not difficult to imagine an occurrence of a blind spot in risk management. Not to mention that external shocks, like political, market, economic, or social ones, could also force a change in corporate compliance focus.
Compliance Challenges for Fintechs
Given the wide scope of the areas of risk, and the number of regulators and regulations in the field of financial services - how does one move forward safely? Put simply - how to begin effectively meeting ongoing fintech compliance challenges?
Launching a new product, let alone a new company, without a high level of certainty of what policies ought to be followed, is both ridiculously complex and, well, very unfair. For example, two separate firms could be in the business of facilitating similar consumer needs, with similar kinds of services or products - but have a completely different way of, for instance, collecting user data or transferring funds. These shades of grey could make all the difference for what compliance challenges apply to these companies and how well equipped they are to overcome them.
At a high level, as a rule and a good practice, fintechs ought to keep in mind the following:
- Money service business considerations. If your firm operates a mobile payment system, p2p transfer system, or perhaps a digital wallet - then it is likely it will be considered a money service business, or - MSB. In this case, you must comply with the Bank Secrecy Act.
- Money Transmitter Licenses. If at any point of your operational chain, your business facilitates the transfer of money - then it is subject to this license. In the US, the specific requirements vary from one federal state to another, which complicates matters by a factor of, well, 50. Some states, of course, complicate things less, some more, so diligence is warranted.
- Reg A Offerings. Companies that use Reg A to offer securities or alternative investments have less stringent reporting requirements thrust upon them, by way of an exemption to the Securities Act. However, these are limited to USD 50 million for a one-year period. Smaller companies, and private placements, have similar frameworks (such as Reg D). To best ensure your fintech’s compliance in case of security offerings, you’d best keep in mind proper registration requirements prior to launch.
- BitLicense. In case your firm has any virtual currency activities in the state of New York, you’ll want to take a look at a BitLicense. It is issued by the New York State Department of Financial Services and covers both activities in the state and those taken by New York residents.
Of course, even with all of this in mind, until any sort of uniformity is reached in terms of regulatory guidelines in fintech, companies will have to employ a case-by-case approach for each specific product or service they offer. Additionally, general considerations for fintech compliance best practices include, of course, AML and KYC.
Why You Should Listen to the Experts
Between all the agencies, the requirements, the regulations - starting and maintaining a strong, concrete fintech compliance program can be very demanding. The intention is important, but so are follow-through and execution.
Using digital solutions - like those supplied by the RegTech sector - could enable even nascent fintech companies to reach optimal levels of fintech compliance. Utilizing an outside expert to craft a custom compliance solution, like InnReg, will allow your company to win in a multi-dimensional game of revenue and profit maximization while minimizing costs. For starters, it is paramount to map out:
- The best regulatory structure is given all compliance requirements while keeping in mind the competition, and long-term strategy
- The prime business model for your company, while capturing all potential revenue streams
- The supreme operational model to simplify regulatory requirements, while cutting costs
- The optimal cost-benefit structure, while becoming a regulated entity or leveraging to an alternative
RegTech has already reaped benefits for fintechs. Using RegTech solutions helps not only with creating, but also with maintaining and expanding the fintech compliance of your company – all which ultimately leads to the growth and expansion of your products and services.