Regulatory authorities have applied a higher level of scrutiny over fintech companies in recent times, prompting those who operate in this innovative field to be more vigilant. As a result, a focus on compliance and regulations needs to be a core priority at the same level as product development, especially in the early stages.
However, traditionally, fintechs lack an internal risk management framework and sufficient compliance resources to match growing compliance requirements. Prioritizing risk management and compliance from the get-go is crucial, especially as fintechs become more interconnected with traditional financial services and, thus, more visible to regulators and subject to the same regulations as banks.
To shed some light on the challenges, we have prepared an overview of fintech startups regulations.
Who Regulates Fintechs in the U.S.
Because there is no dedicated fintech regulation yet in place, the U.S. regulatory landscape for such businesses is extremely complicated, forcing them to register with multiple regulatory authorities at both the Federal and State level.
At a high level, the key regulatory bodies governing fintechs in the U.S. are the following:
- Financial Crimes Enforcement Network (FinCEN), responsible for collating transaction information in order to uncover and prevent financial crimes
- Office of the Comptroller of the Currency (OCC), responsible for overseeing businesses to make sure they are compliant with relevant banking regulations and laws
- Consumer Financial Protection Bureau (CFPB), responsible for the fair treatment of consumers by banks, lenders, and other financial institutions
- Securities Exchange Commission (SEC), responsible for providing overarching regulatory oversight of all companies that engage in the sale of securities, as well as for providing guidance on reporting and disciplinary requirements.
Additionally, several key regulations impact fintechs. These include, among others:
- The Gramm-Leach-Bliley Act (GLB), also known as the Financial Modernization Act, seeks to ensure that financial organizations maintain personal data confidentiality, provide their customers with privacy policies, and allow for opt-outs for personal data disclosure.
- The Fair Credit Reporting Act (FCRA) establishes safeguards for consumer reporting businesses.
- The Bank Secrecy Act (BSA) primarily seeks to prevent money laundering by mandating proper monitoring of dubious activities and the reporting of any potentially problematic transactions.
- The Patriot Act regulates standards for customer identification as well as know-your-customer (KYC) policies.
- The Electronic Fund Transfer Act (EFTA) regulates practices that apply to online monetary transaction authorizations.
- The Truth in Lending Act (TILA) covers credit cardholder protection rules aimed at improving credit card disclosures, rate increases, payment allocations, and a reasonable length of time to complete payments.
The above list is not exhaustive, and there is additional relevant legislation (e.g. the E-Sign Act, the TISA, as well as the federal Red Flags and Affiliate Marketing rules) that has the potential to impact fintechs’ operations and business models. Furthermore, it is important to note that, given fintechs’ focus on innovation and product development, the specific nature of a fintech company’s activity will determine the specific regulations and licenses it requires to operate.
FinTech Compliance Checklist
Fintech compliance procedures and policies must take into account operational aspects that accomplish several goals: make an effort to prevent money laundering, provide the company with valuable insights on partners and vendors, seek to protect data integrity and privacy, and keep a check on customer relations. To that end, key fintech compliance checklist is:
- Anti-Money Laundering (AML) – Protecting customers through a fully scalable and comprehensive AML program should be a key step on the path to compliance for any fintech company. Money laundering represents annual losses worth up to $2 trillion globally, which is why AML compliance is a priority for regulators.
- Know your Customer (KYC) and Customer Due Diligence (CDD) – KYC standards regulate customer identification procedures at the outset of a relationship. In parallel, CDD regulations require fintechs to deploy and maintain processes that, among others, include ongoing customer verification, customer risk profile development, verifying the identity of company account owners, and monitoring of suspicious transactions. In this way, fintechs can check each action their customers perform against potential risks and proceed accordingly. Adhering to these rules ensures the prevention of the likes of fraud and tax evasion and is an ongoing area of focus for traditional banks and fintechs alike.
- Data Security and Privacy – Any company dealing with international payment systems should be aware of the Payment Card Industry Data Security Standard (PCI DSS). This standard contains 12 security requirements designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure data protection environment. Additionally, be wary of the fact that data privacy laws and regulations have surged in recent times – the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) both have a far reach and could lead to steep fines in case of breaches.
Additionally, the regulatory landscape remains fragmented and is changing on an ongoing basis. Fintechs must be always vigilant and remain agile in their compliance efforts at all times.
Best Practices for Fintech Compliance
A risk-based approach to all business activities ensures that fintechs are prepared to react to any and all threats quickly. Implementing frequent risk assessments limits the potential for data breaches or financial crimes. Regular monitoring of the regulatory and legislative landscape and adjusting corporate behavior leads to robust fintech compliance and risk management.
Furthermore, fintechs should focus efforts on knowing their market—who they are, as well as their rights. With many regulatory organizations paying close attention to consumer rights compliance, and the degree of KYC and AML regulatory oversight, fintechs should be on the ready. Be mindful that your compliance program will likely have to be expanded as fintech regulations evolve.
Finally, nota bene—it is important to strike the optimal balance between product development and compliance management to balance profit maximization and risk minimization.
Adjusting to the New Landscape for Fintech Compliance
Regardless of how fintech companies approach regulated activities, they can improve their chances of success by putting solid risk management measures in place. A compliant company safeguards its reputation by not breaking any laws and receiving any lousy publicity, thus safeguarding its reputation.
Additionally, maintaining high levels of compliance could also provide reassurance to a range of stakeholders, who would benefit from increased transparency in risk management methods, and any regulatory bodies who may be interested in the company. Ultimately, this could lead to an increased market share and revenue for the company.
Given that innovative technologies are an essential strategic advantage, it is all the more prudent for fintech’s to engage outside experts help to alleviate the weight of dealing with potential compliance implications.
InnReg is well-positioned to provide support and guidance to players in the fast-moving fintech market. If you have questions about your compliance requirements and readiness while regulation is still developing, we are here to support you with practical guidance on compliance and risk considerations related to bank fintech partnerships.