9 Common Compliance Challenges for Fintech Apps

9 Common Compliance Challenges for Fintech Apps

Fintech, or the use of technology to encourage financial innovation, is a relatively new market that has spurned the innovation of new businesses, applications, products, and processes, each aimed at improving financial markets and institutions and providing financial services to both consumers and businesses. 

Naturally, this new market is still working through many of the regulatory challenges that any new market with sensitive data might face. 

Globally, Fintech is a competitive sector, but it still experiences many risks in data, information technology, and financial sectors, including the underestimation of creditworthiness, market risk non-compliance, cyber-attacks, and fraud detection. 

This blog aims to provide a general overview of some common compliance challenges the fintech sector faces. For the sake of simplicity, this blog refers primarily to the challenges faced by fintech app businesses.

Data Privacy, Data Security, and Technical Vulnerabilities

Financial technology products rely on two aspects: the use case of financial needs and technology. This means that fintech products experience challenges related to data privacy, data security in protecting sensitive banking data, and other technical vulnerabilities. 

Not all apps have the ability to provide the security needed for providing financial services, so businesses need to stay sharp when sourcing this aspect of their product/service. The greatest challenge lies in the business that aims to develop the app solely on its own, with limited technical and financial support for data security, and with too many app vendors and multiple pathways of app aggregation.

Poor Compliance Fostered Into the App Development

Compliance should be built into the core infrastructure and built-in at app development. This includes basic security principles but also how your product operates. For example, fintech company Sila uses Plaid for bank account linking

With their own Plaid AUTH account, each customer enables this secure third-party to access customer bank account data so that this portion of data security (see above) and compliance is offloaded to the team at Plaid who are well equipped for handling bank account data. 

For things like this, businesses should hire a legal team for consultation–yes, even in the development stage. If you don’t go this route, you’ll need to bring on a team like Sila who provides embedded compliance features into the powerful API technology provided.

No Compliance Synchronicity When Adding Apps

Compliance synchronicity is broken whenever new products or processes are added to an already existing fintech app. Therefore, a major compliance challenge exists when businesses on their own are adding products and understandably fail to include compliance considerations across all apps products. At this point, it will be necessary to have the compliance team on hand to assist you when adding products or apps.

Luckily, this type of consideration is second-nature to Sila, who has their pre-approved team of financial products through the Fintech Marketplace. With these partners, Sila users can easily add products to their already existing Sila offerings with minimal re-engineering.

Lack of Financial Support for Maintaining Governmental Regulations

A number of governmental regulations exist to protect the overlapping jurisdictions and features of fintech applications. Businesses in the financial services industry may need to follow:

  • Licensing. Most fintech businesses will have to be licensed at the state and federal levels and are subject to regulation and supervision by each regulatory body. The required licenses vary but may include consumer lending, money transmission, and virtual currency licenses. This is also the case where the fintech might need licensing and supervision across multiple states. 
  • The Consumer Financial Protection Bureau (CFPB). The CFPB has jurisdiction over providers of financial services to consumers. Many businesses provide products to consumers, so the CFPD has the ability to enforce consumer protection laws (such as consumer ending laws and anti-discrimination laws).
  • The Commodity Future Trading Commissions (CFTC) or SEC. Depending on the activities of the product, the fintech provider may be required to register for these agencies and be subject to their enforcement.
  • FinCEN, BSA, AML. It is most likely that fintech companies will need to register with FinCEN and comply with Bank Secrecy Act (BSA) and anti money laundering (AML) laws and regulations. 
  • OCC. The Office of the Comptroller of the Currency, the primary federal bank regulator for national banks announced in 2018 that they would accept special purpose national bank charter applications from fintech companies who receive deposits, lend money, and paycheques. So if you choose to apply for this, then you’ll also be subjected to the OCC regulations and supervision.

Of each, fintech startups may be required to register for the regulation, maintain registration, submit audits and supervision, and pay fees. These can amount to hundreds of thousands of dollars each year. Without the financial support, most bootstrapped fintech agencies cannot proceed with even basic governmental regulatory compliance on their own and must rely on a bank agent or fintech partner like Sila.

Lack of Advisory Support When Partnering With a Bank Agent

There are a number of paths fintech firms can take to launch. Depending on the level of features that you want to provide to users, your financial app may involve:

  • Becoming a bank agent with a verified financial institution
  • Anti-money laundering (AML) licensing
  • And sourcing, building and testing different banking APIs on an API aggregator

Starting a financial app with the ability to offer high-interest checking accounts with FDIC insurance, debit cards, credit cards, smart cash transfers, eBilling, loyalty programs, and more can be done, and you don’t need to be a full-fledged institutional bank to do it. If you want to build a full banking experience platform or provide financial services, you have a few options:

  • Working solely with financial institutions, banks, and credit unions
  • Becoming a financial institution, bank, or credit union
  • Banks and middleware (like APIs)
  • Or financial technology platforms like Sila

And quite frankly, when you go the bank route or bank + middleware route, you still will need advisory support for compliance. This is where Sila’s support comes in. Our bank agent status with Evolve Bank & Trust means that you have two powerhouse companies working on your behalf to keep your product functional. While Sila is not a compliance consultant, we do provide many advisory services for our fintech clients. 

Blockchain and AI

More fintech companies are bringing in blockchain features and robo-advisers for banking support and improved customer experience. Unfortunately, each brings about two very risky areas of fintech evolution. Primarily, robo-advisers assume the same risk factors as big data and machine learning. 

Big data analytics have regulatory requirements that exist and apply to automation and machine learning, but some are still unrealized. Experts consider the following to be included: (i) compliance risk—mismatch between expected and actual investment risk class; (ii) market risk—the likelihood that adverse movements and volatility in financial markets, either traditional or new (crypto markets) cause unexpected losses in investors’ portfolios.

The compliance challenges and risks of blockchain are well documented and relate to the nature of anonymous transactions typical in blockchain networks and operational risks. Since financial networks rely on identity verification to limit territory funding and money laundering-type activities, the use of blockchain is perceived to be supporting more potential opportunities for growth in fraud markets. 

Credit and Fraud Risk

Credit risk management is one of the key risks associated with borrowers and P2P lending, and this crops up in a number of fintech use cases and contributes to systemic risk. Risk and fraud management are a requirement for Automated Clearing House (ACH) payments and staying compliant with the Federal Reserve system and interconnected US financial payments systems.

Unknown Risks or Undeveloped Asset Management Procedures

Unknown banking risks include those risks that are not yet developed and are a key function of asset management procedures in the average fintech organization. 

One issue associated with unknown risks is the use of automated advice, which may be part of the decision-making process but unable to make decisions due to lack of information or limitations within the decision. 

This is one area in which RegTech companies can offer relief.

Challenging Consumer Markets

Certain banking verticals or “industries” also carry their own level of risk and compliance complexity. We think of the gambling industries and blockchain. 

Got questions about compliance in fintech? Reach out to our Sila team or sign up for our demo to learn more.