What Fintechs Should Expect—and How They Can Prepare
Fintechs can expect increased scrutiny from regulatory agencies in the coming years. The good news: those same institutions can use this time to strategize for how they’ll adhere to those new laws.
Members of GDC’s Compliance Advisory Board (CAB) recently gave an interview on how financial institutions can cope with a changing regulatory landscape with concern to anti-money laundering (AML) laws and data privacy. The CAB is comprised of compliance leaders who previously worked for Visa, PayPal, Square, and other global companies.
Some regulators gave financial institutions some leeway during the COVID-19 pandemic, but fintechs shouldn’t expect that to last much longer. Those same regulators want to know the “new normal” is also well managed, says James Philip, a Governance, Risk, and Compliance professional who serves on the CAB.
“We’re seeing regulators coming forward and saying, ‘Look, we’ve given you breathing space to keep your doors open, but we expect you to be able to demonstrate that you’re still doing all of the right things,’” says, Philip, who specializes in enterprise risk management and AML / terrorist financing.
As more stories emerge of institutions failing to do the “right thing”, regulatory bodies will respond by issuing more specific guidance to respond to problems as they become public.
“What we can be sure of is, we will see more breaches,” says Joacim Andersson, a risk management professional and product manager for GDC. “We will see more leaks. We will hear of more scandals, all of which are going to expose flaws—flaws in interpretation of the law, flaws in the control mechanisms, flaws in the law itself—which is going to lead to more scrutiny.”
How can fintechs prepare to operate under greater scrutiny? For starters, they can take a risk-based approach to their operations and fix key areas of weakness.
“If these institutions themselves are working proactively with identifying and mitigating any risks that can stem from money laundering—but even internal things like fraud or financial loss or data leaks—there is very little that can happen from a regulatory standpoint that will change what your risk profile looks like,” Andersson says.
Without a risk-based approach, companies may not fully understand where their biggest areas of liability are. As a result, they might invest their resources in fixing the wrong problems and still leave themselves open to penalties.
“On the success side, they won’t know where the finish line is and could potentially be overinvesting in the wrong parts of their business and compliance program,” Philip says of these companies. “The organization could be putting good money in less risky places, as opposed to focusing on its true existential risks.”
Fintechs have time to prepare to meet new guidance after it’s announced, says Malgorzata Skowronska, who specializes in AML regulatory compliance, CDD, electronic verification, and operational compliance. The European Union, for instance, usually gives a two-year window for institutions to adhere to new regulations after they’re published in a journal.
“As complex and changing as the regulatory landscape can be … those changes don’t happen overnight,” she says. “Quite often, there is a sufficient period to adjust to them, as long as companies don’t delay analysis and implementation”
One thing Institutions might consider to improve regulatory responsiveness is to appoint a “data czar”, responsible for the collection, organization, and protection of data. Having one person in that role will reduce internal conflicts between departments. Phillip believes such a person should be a generalist who also has proven experience in building operations.
“It’s all about the data,” he says. “To inoculate itself and to be more responsive to the changes that are coming, I think financial institutions have an opportunity to identify a data czar—someone who is responsible, from beginning to end, for customer data which is typically siloed or lacks clear ownership by a C-suite leader in most organizations”
GDC founded the Compliance Advisory Board to help current and prospective clients navigate identity verification while complying with AML/CTF, data privacy, and other regulations. Learn more about CAB here.