Build a better Fintech: Invest in compliance

by · October 4, 2022

The US does not have an overarching compliance regime for its fintechs, which makes it difficult to determine which regulations and licenses they must follow at any given time.

The more a fintech grows, expands its marketing, raises its profile and attracts press attention (both positive and negative), the more likely it is to be subject to state and federal scrutiny of its compliance status. Failure to comply can quickly lead to huge fines, prison terms and reputational damage. US fintechs have seen an increase in scrutiny of their compliance status in 2022. If you are one of the 73 percent of fintechs without a dedicated compliance officer, now is the time to get an idea of ​​what you need to know.

Five compliance factors US fintechs need to know right now

Whether they are US-based or working with US clients, fintechs need to know what they want to achieve and have the necessary regulatory coverage to ensure they can operate and meet their goals.

  1. Know the compliance laws

There is a whole alphabet soup of compliance laws at both the state and federal level that every fintech operating in the US must be aware of and follow. These laws ensure that financial transactions proceed smoothly, with safety and security at every stage. They should be a non-negotiable element of any fintech’s business.

Three important federal regulations for fintechs to be aligned with:

Financial Crimes Enforcement Network (FinCEN) – collects information about financial transactions to help prevent and reduce financial crime.

Commodities Futures Trading Commission (CFTC) – regulates US derivatives markets.

Office of the Comptroller of the Currency (OCC) – one of the primary banking regulators in the United States that oversees, regulates and examines chartered banks.

Other key federal regulators:

  • Securities and Exchange Commission (SEC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Federal Trade Commission (FTC)
  • Consumer Financial Protection Bureau (CFPB)
  • Financial Industry Regulatory Authority (FINRA)

But it does not stop there. Fintechs must stay current and compliant with a range of regulations covering data protection, security and chartered banking laws. To add even more complexity, these laws vary from state to state.

Each state may have multiple industry regulators as well as attorney general’s offices that oversee often overlapping parts of the fintech industry. Banking, mortgages, loans, credit cards, insurance, money transfers, checks, consumer protection and privacy are all subject to an individual state’s regulatory authority.

  1. Know about AML

Just as brick and mortar banks have had to comply with strict anti-money laundering (AML) regulations, so do fintechs. In the US, AML compliance is both federally and state regulated, so fintechs need to be up-to-date with AML regulations. Money laundering causes around 2 trillion dollars to be lost to governments and companies annually. As a result, countries around the world have developed AML policies that fintechs are expected to comply with. It is important to have the right program in place to detect and eliminate money laundering.

  1. There are penalties for non-compliance

Failure to comply can land a fintech with heavy fines. These have a negative effect on turnover, share price and future profits. Government regulators and state attorneys general are often very active in going after smaller companies such as fintechs. In 2021, a US-based fintech company was fined $6 million by Consumer Finance Protection Bureau (CFPB) because its lending practices had violated the CFPB’s consumer protection guidelines.

Fintechs, like financial businesses, must have a strong AML program built into their strategy from day one. In 2015, FinCEN imposed a $700,000 penalty against a digital currency operator for not having an adequate AML program. There are many cases where fintechs were fined either for failing to adopt consumer safety compliance or provide user data protection.

In 2021, the San Francisco-based neobank Chime was commissioned by California Department of Financial Protection and Innovation (CADFI) to pay a fine and to cease and desist from using language that the regulator says falsely portrayed the fintech as a bank, in particular to stop using chimebank.com, and to stop using the word ‘bank’ or ‘banking’. This finding has rippled across the industry like a shot across the bow that has put fintechs on notice.

There are penalties for non-compliance that cannot be wiped away with a checkbook. Reputational damage can last for years and negatively affect a fintech’s ability to attract investors and consumers.

Failure to comply can land a fintech with heavy fines. These have a negative effect on turnover, share price and future profits.

  1. Know about KYC

Fintechs are subject to increasingly punitive fines in cases of know-your-customer (KYC) negligence. That is why it is important that all fintechs use due diligence and have KYC compliance processes that are built in and impeccable. Due diligence must be undertaken when onboarding customers to root out fraud, shut down possible terrorist financing and help reduce AML risk.

Fintechs are expected to adopt and comply with US laws and regulations, which include Bank Secrecy Act (BSA), Office of Foreign Assets Control (OFAC), and individual state requirements. Fintechs have a duty to maintain AML-related procedures and controls designed to comply with these laws and regulations, to combat financial crime.

  1. Use data protection

Consumer protection and privacy laws are both federally and state regulated, so fintechs need to know how and if they apply to their business. People only want to place their finances in an institution they trust, and fintechs are only as strong as the trust they inspire. People expect their personal data to be secured against fraudsters at all times.

Fintechs, as a bridge between customers and traditional banks, must ensure that there are no data leaks that could affect their customers and breach a bank’s security measures. If this happens, fines, lawsuits, financial losses and reputational damage quickly follow.

Much personal data is lost and compromised through phishing (sending emails pretending to be a reputable company to obtain personal information from individuals). It is the cause of 60 percent of companies’ lost data, with fraudsters gaining access to credentials and personal data such as passwords, usernames and addresses.

Gramm Leach Bliley Act (GLBA) require fintechs to protect consumer data, limit some data sharing, explain their information sharing practices to their customers, and allow consumers to opt out of some sharing. States across the US are tightening their privacy and consumer data protection rules, requiring companies to maintain security plans.

“Valuing and protecting user privacy is an important role for fintech companies, large and small. Fintechs can gain user trust by clearly disclosing what data they collect, how they use it and who they share it with, he says. Lauren Martin, VP for legal affairs Dwolla. “This trust is the foundation of a fintech’s relationship with its users and is critical to helping users find new ways to use the data around their financial lives to improve their financial health. And fintechs can retain user trust by maintaining a robust program to protect the security of the information users have entrusted to them.”

You are part of an ecosystem

Just because you have a legal opinion that says you don’t need to be regulated doesn’t mean Fintechs don’t need to comply. Banks, money services businesses, other fintechs and payment companies will all have a range of requirements that reflect regulatory requirements because they are regulated and will expect the fintechs they work with to adhere to their standards. Each component of the global financial industry plays a different role, and each component will have its own set of requirements that you need to navigate.

Apart from all the legal aspects of compliance, fintechs should embrace:

  1. Awareness and education: know and understand the laws. Get help from internal compliance officers or consult with someone with compliance experience.
  2. Preparation: create a compliance plan. Brainstorm worst case scenarios.
  3. Assets and documents: have compliance policies and procedures in place for your systems and your employees.
  4. Maintain and audit: check that you know compliance is working, build relationships with partners and regulators to stay on top of your compliance strategy.

Josh Ramsey, Head of Compliance, Americas

“Reputation, competence, knowledge, transparency and strategy are the foundations of a compliance program for the financial industry,” says Josh Ramseyhead of compliance, Currencycloud America.

“Fintechs and the financial industry as a whole need compliance people and programs they can trust to balance the ever-changing regulations and obligations of our industry with the short- and long-term demands and expectations of the business. Compliance cannot be a ‘check the box’ exercise you put on a shelf; rather, it must be a cornerstone of your business.”

It’s complicated, but it doesn’t have to be

Fintechs and neobanks are on the rise, and are becoming increasingly popular among consumers. Many have the goal of becoming banks, which is why regulators and legislators will scrutinize the industry closely and intensely.

Fintechs must protect themselves by building their own compliance programs, or partnering with well-established regulatory technology companies. Just like traditional banks, Fintechs should have compliance built into their business strategy.

As a fintech, we have currencycloud, is only as strong as our customers and it also has strict KYC processes and onboarding procedures. Our customers, in turn, benefit from leveraging Currencycloud’s licenses, regulations and compliance processes. Which means they can focus on growing their business, strengthened by the knowledge that they have the right regulations in place.

Currencycloud

Since 2012, Currencycloud has processed more than $100 billion to over 180 countries, working with banks, financial institutions and Fintechs around the world, including Starling Bank, Revolut and Lunar.

Based in London with offices in New York, Amsterdam, Cardiff and Singapore, Currencycloud works with partners including Dwolla, GPS and Mambu to deliver simple, clear cross-border infrastructure solutions for customers. They are regulated in the UK, Canada, USA, Australia and the EU and were acquired by Visa in December 2021.

Contact an expert at [email protected] to find out
out more, and start your safer journey today.

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *