The future of fintech innovation and compliance – the next wave of regtech

Financial technology, better known as “fintech,” has evolved quite a bit since the term first burst onto the financial services scene in the beginning of this decade. At first, fintechs and financial institutions were at odds – with many proclamations (usually from the fintech companies themselves) about how new fintech innovation and digitally savvy entrants were going to “disrupt” the marketplace and even put banks and financial institutions out of business.

But the last couple of years have seen an “out with the old, in with the new” mentality change. Indeed, partnerships between financial institutions and fintechs are flourishing,1 as fintechs realize the appeal of working with established companies that already have a built-in customer base. On the flip side, financial institutions can offer their customers technology they may not have the capacity to develop themselves.

Fintech and regulators

It’s safe to say the future of fintech has gone “mainstream.” But with this increased stature has also come increased scrutiny from regulators. Banks and credit unions should be paying close attention to how regulators now view fintech companies going forward.

Initially, regulators had difficulty dealing with fintechs, since they differ so much from traditional banks. Many banks argued that fintechs were under-regulated, but that's beginning to change. Last year, the Office of the Comptroller of the Currency (OCC) issued its long-awaited proposal of a fintech charter, which would allow fintechs to offer full banking services to consumers, but be regulated like banks. Already, it has sharply divided opinions in the industry,2 with some state regulators going as far to say they would defy any federal charter the OCC might create.3

Banks and credit unions should be watching this development closely, as bank-chartered fintechs could provide a whole new segment of competition. In fact, some fintech firms are already moving down this path. Fintech company Social Finance, an online lending company more commonly known as SoFi, has already submitted an application with the Federal Deposit Insurance Corporation (FDIC) for an industrial bank charter. According to the filing, SoFi is seeking to offer its customers FDIC-insured checking accounts and credit card products, and made it clear it will operate as an online-only institution, with no branches or deposit-taking ATMs.4 The application has faced a number of detractors and opponents,5 but banks and credit unions should be paying close attention to how the FDIC eventually rules in this case. It could determine whether the industry starts to see a whole new wave of digital-only entrants in the market.

Already, fintech companies have struggled in how they interact with regulators, and vice versa. Fintechs are figuring out how they fit in with anti-money laundering (AML) statutes that govern the banking industry, which is relevant for banks and credit unions that partner with fintechs in certain areas. Fintechs need to be prepared to comply with AML regulations or risk the consequences. For example, in May 2015, the Financial Crimes Enforcement Network (FinCEN) assessed a $700,000 civil penalty against a digital currency operator for its failure to maintain an adequate AML program.6 Although this fintech company began selling digital currency in August 2013, it did not fully implement its AML compliance program until nearly a year after it began its sales, FinCEN ruled. During that year, they engaged in a series of transactions for which it failed to generate the required Suspicious Activity Reports (SARs).This company already has partnerships with many banks,7 and is designed powering industry-wide payments via the blockchain, making cases such as this even more relevant for financial institutions.

Fintech compliance standards

Many banks and credit unions often partner with online lenders as well; while this can be a good way to offer their customers innovative digital lending products, they also need to be wary that the lender’s technology is in compliance with fair lending laws and other consumer protection statutes. For instance, a fintech lender last year agreed to pay a $6 million fine after reaching a settlement with the Consumer Financial Protection Bureau (CFPB) for violating consumer lending laws. The CFPB ruled that the fintech lender must provide borrowers with $1.83 million in refunds and pay a penalty of $1.8 million for not delivering to borrowers what was promised. The CFPB said the particular lender did not give borrowers the opportunity to improve their credit or get loans at lower rates.8

In this current environment of rampant fraud, increasing cyber threats, and governments putting a big focus on drying up terrorist financing, anti-money laundering and know your customer (KYC) compliance has become an even bigger focus for the financial services industry than in the past. Fintechs also sometimes struggle with the demands of compliance in these areas – on average, customers can submit from five to 100 documents to banks during the onboarding process. Fintechs need to be prepared to handle this massive volume to meet compliance standards; sadly, some cannot as they currently exist.

Future fintech innovation

Fintechs that offer “bank-like products” all may be subject to the same Bank Secrecy Act regulations that the larger financial services industry has been dealing with for the last several decades. This can sometimes be difficult for a start-up firm that lacks the institutional knowledge or appropriate staffing resources to remain compliant. Regulators are asking banks to follow KYC laws and, in turn, bank management is now asking the same question of fintech firms that they partner with. Banks look to them to have an established BSA program, which as we have seen from a few of the examples above is not always the case.

While our focus has largely been on the U.S. market, we are hardly alone in dealing with these issues. Other geographies are grappling with how fintech fits into the larger financial services regulatory compliance landscape. At a meeting earlier this year of the world’s leading economies, the G-20, the host nation, Germany, argued that global financial stability hinges in no small part on fintech regulation. Indeed, the G-20’s Financial Stability Board (FSB) has already begun the process of devising rules that can at once encourage innovation while guarding against abuse, inequity, and risky behavior.9

Indeed, regulators must be able to ensure fintechs are properly compliant without stifling innovation. As one global regulator recently put it, “Regulators need to keep pace with innovation but introducing regulation too early stifles innovation and potentially derails the adoption of useful technology. Regulators must resist the temptation to ‘jump in’.”10 As a solution, some have touted the idea of a “regulatory sandbox,” an approach already tried in several countries where a fintech can experiment with pilot programs in cooperation with a regulator in a controlled environment.

There is also the reputational risk that banks and fintechs must both assuage when partnering. The growing number of bank-fintech partnerships underscores the need for a comprehensive and thoughtful approach to third-party risk management. Yet according to a recent Crowe Horwath LLP/Compliance Week survey, 66 percent of banks and financial services companies responded that their third-party risk management programs are immature or fairly informal; only a handful of respondents said their programs are mature.11 This means both sides have to be better at creating effective risk management frameworks.

Fintech isn’t disappearing anytime soon, so these questions will perhaps only get more complicated going forward. Fintech has in many ways changed how consumers use financial services and made many things easier. It also has the potential to help reach much of the unbanked and underserved areas of the world. Regulators will continue to determine how these new financial services companies fit into the broader landscape moving ahead.



Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.