dark modedark modedark mode
light modelight modelight mode
Our fintech expertise
chevronchevronchevron
Services
About us
chevronchevronchevron
Company
Who we are
Impact on clients, communities, and our people
Careers
Boost your career, boost global innovation
How we work
Discover our formula for your success
globeglobeglobe
Looking for UK-specific content?
Visit UK website
Our fintech expertise
Services
About us
Company
Who we are
Impact on clients, communities, and our people
Careers
Boost your career, boost global innovation
How we work
Discover our formula for your success
dark modedark modedark mode
light modelight modelight mode
Light mode
Contact us
arrowarrowarrow
Last updated: Nov 9, 2022

Regulatory compliance for fintech startups

Thomas_Morgenroth-2
Senior Copywriter
arrowarrowarrow
What's inside
Share:

Key takeaways

  • Fintechs have long thrived in a relatively unregulated environment, but are now facing increased scrutiny and strict compliance with anti-money laundering (AML) and know-your-customer (KYC) laws.

  • Key risks in fintech include data breaches, cyberattacks, and money laundering, which makes compliance crucial for operational security and customer trust.

  • Financial regulations vary greatly by region and specific fintech services, so companies should align their compliance strategies with their unique business models and operational scopes.

Players in the fintech space have enjoyed a bit of a wild west environment over the past two decades, with some successful players operating under the radar and evading the attention of regulators and legislators. But recently the public and government agencies have become more acquainted with the benefits and services that fintech provides — and of just how slippery some parts of the industry are.

You’ve heard it before, but it’s worth repeating: With increased attention comes more scrutiny and new rules.

What does compliance mean for fintechs?

Fintech regulatory compliance is the observance of and adherence to any and all laws, rules, restrictions, and regulations that apply to a fintech company. What it means in practice, however, differs for every company — and it can seem like a daunting labyrinth of law and protocol to find your way through.

No matter how pesky it can be, financial regulatory compliance is an absolute necessity for any company operating in the fintech space: It protects the company and its clients and customers and helps avoid expensive — sometimes ruinous — penalties for failure to meet regulatory standards.

Fintech compliance requires an understanding of the financial laws set out by local and international government regulators — and that’s no small feat. Sometimes getting it fully in hand requires a compliance expert or team at your side.

Threats and risk

As is the case with financial services as a whole, there are three major threats that fintech regulations are designed to police: data leaks, cyberattacks, and money laundering.

Data leaks

Fintechs often deal with a huge amount of personal data, which can range from financial information like account numbers and security info to personal data such as names, contact info, and social security numbers. IBM’s 2022 Data Breach Report found that 83 percent of organizations studied had suffered a data breach. If firms don’t impose adequate protections, a single breach can result in enormous amounts of data being stolen or compromised — and a company’s reputation going out the window.

Cyberattacks

Whether by stealing, altering, disabling, or destroying system functions and data, cyberattacks are responsible for unauthorized access to mountains of private data every year. A cyberattack doesn’t inherently have to target data. Some forms of cyberattack specifically target the destruction of a system itself or restrict access to the system until a ransom is paid.

Money laundering

The UN states that $800 billion to $2 trillion is laundered every year — a fuzzy figure given the nature of the activity — roughly equal to up to 5 percent of the global GDP. To reduce this illegal activity, countries institute laws and regulations aimed at detection and prevention known as anti-money laundering (AML) policies aimed at staunching the flow of illegally acquired assets converted into other assets, or transferred between financial accounts, in an attempt to conceal their origin from investigators.

On the subject of the next phase of compliance, Mary Kopczynski, CEO of RegAlytics, a US-based regtech, has this to say: “Future challenges will be based on the next market shock, whatever it is. You see another ‘Robinhood’ type scandal and all entities of that type will suddenly be in deepwater,” referring to the stock-trading app’s decision to halt trading on certain high-volatility stocks. That action cost the company $70 million in regulatory fines alone, just weeks before the company’s planned submission of an IPO prospectus.

Regulatory agencies

Regulations require an enforcer. And for a fintech operating in the US, there are five relevant agencies that handle enforcement.

FinCEN

The Financial Crimes Enforcement Network, known as FinCEN, is a bureau of the US Department of the Treasury. It’s responsible for collecting and assessing data relevant to criminal investigations, such as analyzing financial transactions, with the intention of identifying both domestic financial crime as well as international money laundering.

FTC

The Federal Trade Commission protects consumers and preserves a competitive business environment by weeding out what its mission statement calls “anticompetitive, deceptive, and unfair business practices.” The FTC has the authority to issue federal regulations and monitor businesses for compliance. As regulators begin to more closely evaluate tech-driven financial services, new regulations for the industry will be created largely by the FTC. (If you’re looking for something to read over lunch, the FTC’s cases and proceedings pair well with a burrito.)

FDIC

The Federal Deposit Insurance Corporation is charged with the majority of regulation for banks, including mobile banks. It not only insures bank deposits but determines if a bank qualifies for that insurance.

SEC

The US Securities and Exchange Commission handles compliance and regulation for all business activity related to the stock market. Its role is to protect both investors and the market itself. The SEC inspects companies for honest disclosure regarding the risk and value of the securities they’re offering. It also monitors securities brokerages to ensure fairness in their dealings with investors. (Speaking of a good read: the SEC’s press releases, there’s just no drama like stock market drama.)

OCC

The Office of the Comptroller of the Currency, known as OCC, monitors banks for compliance with federal consumer protection laws, rules governing lending practices, and broader financial regulations that apply to most financial institutions. Where the FDIC provides the insurance needed to protect consumers, OCC keeps a close eye on banks to make sure they comply with the standards needed to qualify for insurance. (Worth perking your ears up: The OCC is opening an Office of Financial Technology in early 2023.)

Fintech_Regulatory_Compliance_01

How to stay compliant

There’s no one-size-fits-all, universal framework for fintech compliance. With so much variation among fintech businesses, companies can follow a number of paths to compliance. For example, a company that facilitates mobile payments is going to need to contend with different regulations than a robo-advisor investment company. (And yes, we can’t get over how cool it is that ‘robo-advisors’ are a thing either.)

There, however, are strategies that can set you up for success no matter what corner of the fintech world your business occupies.

Fit your compliance strategy to your business

Many aspects of compliance are fairly static: Your niche — whether that’s payment processing, online banking, or any tech-based financial service — likely has a certain set of transparent regulations that every company within needs to comply with. It’s the businesses themselves that vary — in things like size, scope of work, customer base, and funding source.

The first step to achieving compliance is sussing out the compliance needs of your business; not someone else’s. Ensuring that you’re ticking the boxes that apply to you — and not ticking the ones that don’t — not only provides you with the protection of being in compliance but also heads off wasting resources on adherences that you don’t need.

Find the talent

You’ve looked at your business, you have an idea of your budget and your structure and now you’re ready to start building your own, custom-made compliance framework tailored to the needs of your business.

So, what are your options now? The two most popular choices for fintech startups consist of hiring an in-house compliance expert or outsourcing your compliance needs. Again, the right choice depends on your business.

  • Hiring a designated compliance expert. Adding a compliance expert to your in-house team allows for the development of a comprehensive understanding of how your company maintains compliance. It also puts you on track to institutionalized archiving of those processes and the ability to course-correct. You gain a go-to expert you can get advice and implementation tailored to your business.
  • Outsource your compliance solution. As a cost-effective way to ensure your company has skilled and experienced compliance experts, bringing in an outside compliance firm is especially popular with newer startups. External compliance solutions let companies stay lean and keep costs low while also guaranteeing the job is handled by expert talent.

Integrate technology solutions

Modern compliance has seen a huge boom in software aimed at making the process easier and, in some cases, automatic, and that’s changed the compliance dramatically. “KYC and AML have become the main checkpoints for financial services organizations and electronic money movement in general,” says Andrew Haines, Global Head of Fintech at Vention. “Manual processes like checking your customer and identity verification used to take days. Now, with AI and ML, it can take seconds.”

What next?

You’ve taken two big steps towards regulatory compliance: first, understanding why it’s important, and second, learning how to find a person or team who knows how to make compliance happen for your company. From there, achieving compliance is a matter of incorporating the solutions that your compliance officer or compliance service proposes in a bunch of ways, including into your software.

The continuing debate over how governments will regulate digital platforms means that how and where a fintech operates are open to potential tidal shifts in the coming years, whether that’s due to new global regulations or operating in regions with differing rules in the case of the EU enacting the Digital Markets Act or the creation of entirely new agencies, like the OCC’s Office of Financial Technology we mentioned. This means that — after establishing a compliance process — for fintechs, adaptability needs to be a guiding principle in compliance strategy.

Keep reading:

Fintech_Acquisitions_00_hero
The strategy behind fintech acquisitions
When a bank scoops up a startup, it’s likely aiming to gain the business of tech-savvy consumers.
Jan 19, 2023
How Long Does it Take to Become a Unicorn__00_hero
The path to joining the club: How long it takes to become a unicorn
Racking up a $1B or more valuation is still possible, but the expectations are changing in favor of long term profitability over short term accolades.
May 29, 2023
53_How_big_data_is_transforming_banking_2400kh1440_thumbnail
How big data is transforming banking
Now that banks and financial institutions have the capabilities to capitalize on big data, what are some of the ways it is being used?
Sep 13, 2021