How to prepare your compliance department for the future of Fintech
Financial technology (fintechs) is rapidly expanding to all industries, and their products and services will continue to permeate most businesses regardless of size. It is quite clear that Fintech is no longer an innovation that is only reserved for financial services. In fact, almost all organizations will become fintechs in one way or another, in the near future. For example, Verizon and other retailers are creating “neobanks” that will allow customers to open a bank account, while smaller companies are partnering with payment processors to provide customers with their mobile payment options.
With the global fintech market expected to grow at a compound annual growth rate (CAGR) of almost 20% over the next four years, we should anticipate that most organizations will soon have fintech product offerings of some kind. Innovation and customer adoption will drive this growth, but with this new technology there will be increased regulatory scrutiny and compliance pressure, which can be overwhelming for compliance departments that are already overworked and understaffed.
As has been said, with great growth comes great responsibility. Fintechs will need robust compliance departments in place to both anticipate new regulations and address them as they are introduced. Fortunately, you do not have to start from scratch. There are adjustments you can make to existing compliance practices that will address fintech risks without having to create new compliance programs in your organization. Fintech compliance requires a focused and thoughtful approach, but does not require a complete overhaul of compliance features that are already in place.
These are 4 key areas in the compliance program you should prioritize for success in the fintech future.
1. Improve data protection and data security measures
Data privacy and data security are already an important component of all compliance programs, but in order to manage fintech risks, existing measures should be improved. For example, most privacy compliance programs already ensure that consumer data processed directly by the organization is adequately protected. These controls must also be used to evaluate third-party fintech organizations. This will verify that the same privacy exists when fintechs processes consumer data.
Also consider how your collection and / or use of Personally Identifiable Information (PII) may change with your fintech products and / or services. You may need to update your privacy policy and privacy statement accordingly and tighten your privacy controls. It is a good idea to conduct penetration testing to identify technical vulnerabilities that you can address and address from the outset. It is also valuable to improve your existing information security controls (eg access controls and encryption standards).
Initially, fintech increases the risk of privacy and data security, and increasing these protections in your compliance program will be a good time and money spent.
2. Expand risk assessments
Compliance departments already use risk assessments as their primary tool for identifying, capturing and controlling corporate risks. To address fintech risk, update the risk categories and / or questions to identify new products and services and add new processes and applications that may be involved. What new regulations may be affected by the organization’s fintech? An updated risk assessment should also include references to these.
3. Assess compliance budgets and resources
It has long been common wisdom that organizations that prioritize compliance functions are less likely to face penalties. In a recent keynote address at Compliance Week’s national conference, Kenneth Polite Jr., Assistant Attorney General and Head of the Department of Justice’s Criminal Department (and a former Chief of Compliance Officer), emphasized this point by saying: “companies that make a serious investment in improving their compliance programs and internal controls will be seen in a better light by the Ministry of Justice and by my criminal department. ”
When it comes to fintech specifically, compliance managers should ask some additional questions: Does your organization have the right people in place to investigate compliance risks associated with this emerging technology? Do you have people with practical knowledge of financial technology and / or are good at tracking new regulations and requirements? Have you allocated enough budget to develop new internal controls (the need for this may have been identified by your updated risk assessment)?
These types of questions and the conversations they evoke are typical of compliance managers, but should be extended to include fintech risks. As such, compliance officers should determine whether the right number of people are employed and a sufficient budget is devoted to compliance work.
4. Assess strategic partnerships
There are a number of tools available to compliance managers to manage the compliance program. Determining the value of these tools – and how they should be integrated into current processes – has always been the domain of the Chief Compliance Officer and his / her team. It is no different to consider whether regulatory technology (regtech), a class of software applications for managing regulatory compliance, can help with fintech.
There are many factors to consider when considering how and when to evaluate the use of regtech, and in my next column for Forbes I will highlight how regtech can complement an organization’s fintech products / services by streamlining the new compliance processes that required to handle the fintech regulations.