Established FinTech developers and entrepreneurs know regulatory compliance is one of the most difficult aspects of bringing a new product or service to market. Newcomers to the FinTech field typically expect regulatory challenges, but rarely comprehend how immense the challenges awaiting them actually are.
This is one of the main reasons tech entrepreneurs see financial service firms as old, stodgy organizations, begging for disruption. But regulators are deeply wary of any product or service that could put consumers at risk.
Anyone planning to develop an application or introduce a new product or service to the FinTech market needs to familiarize themselves with a complex regulatory landscape. The ability to adapt to this constantly shifting environment is key to success in the sector.
FinTech Regulations Overview: The 3 Faces of Compliance
It’s easy for first-time FinTech developers to make the mistake of assuming government regulations are the only ones they need to comply with.
Government regulation is just one aspect of the compliance environment. FinTech apps must also comply with regulations stipulated by the companies running the application’s underlying infrastructure. No FinTech startup exists in a vacuum. If you want to access Visa or Mastercard cards for a digital wallet, you need to play by Visa’s and Mastercard’s rules.
Similar requirements exist for every single third-party component and interface the application uses. Even for a small, modest FinTech application, compliance requirements can quickly pile up. Familiarize yourself with some of the most important regulatory frameworks that FinTech developers need to face today . . .
1. Know Your Customer
FinTech apps have to deal with a regulatory bottleneck during customer onboarding. Any FinTech application must verify each user’s identity in order to address any potential risks of forming a business relationship with them. The goal of Know Your Customer (KYC) is to prevent FinTech and other financial firms from being used, intentionally or not, for money laundering and other illegal activities.
KYC compliance consists of a series of data-driven processes. The goal of KYC is to verify the identity of any customer seeking to open an account using documentary and non-documentary verification. Specifically you will need to:
- Compare the customer’s name against the government’s list of known or suspected terrorists
- Provide customers with adequate notice of the requirements for customer identification
KYC processes for FinTech organizations include the identification and flagging of users, according to risk. These can range from potential money launderers to politically exposed persons. You have to implement processes for verifying nearly every aspect of your user accounts — from names and addresses to the properties, sizes, and structures of the organizations they represent.
This means that in some environments, it is not possible to create a quick, efficient onboarding experience for customers. If a FinTech application makes its service available without a KYC process (either independent or reliant on a third party) , it will invariably find itself in regulators’ sights and potentially subject the company and its executive leadership to significant civil and criminal penalties.
2. Data Governance
The fact that FinTech businesses need to collect user data in order to verify customer identities brings up another challenging dimension in the development process — FinTech organizations have to responsibly govern user data and their own private data.
Certain privacy-related obligations that have popped up in recent years, such as the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), shine a light on the necessity of proper data governance. The amount of personal information and employee data that flows between a business’s operational system is vast, and these regulations have been instilled to maintain the protection of all that information.
Operational data governance is also key. Users, investors, and regulators all want to know what information is in your governance log, what triggers alerts, who monitors activity and gathers reports, and more.
No FinTech startup will be able to cover 100 percent of their data governance risks, but the best will make a good-faith effort that is well-documented and regularly maintained. This will broadcast competence and security to government and financial service regulators.
3. Cybersecurity and Identity Theft Protection
Today’s FinTech applications need to take a security-first approach to implementing new processes. Data encryption and reliable multi-factor authentication are non-negotiable.
Most FinTech developers are aware of these cybersecurity requirements. However, newcomers have a responsibility to implement scalable security solutions that outperform today’s regulatory requirements to ensure their platforms remain viable well into the future.
For instance, multi-factor authentication through SMS is enough to pass regulatory muster as of 2019. But cybersecurity experts already know that SMS is not secure, so any FinTech application that relies on this authentication method may soon be non-compliant.
Follow Both the Letter and the Spirit of the Law
Many FinTech startups wrongly assume that strictly adhering to regulatory requirements is enough. For government regulators, this is often true — but it is not enough. Users and institutional investors take their expectations one step further.
Users automatically equate a new FinTech application with its nearest competitors and expect the same security, functionality, and user experience (UX). Banks, financial institutions, and investors often ask new FinTech companies to adhere to regulations that don’t strictly apply to the space in question, simply out of cautiousness.
In order to succeed in the world of FinTech application development, startups need to be ready to adapt to unexpected rules and processes at a moment’s notice. The rules will change over time, but the need for robust processes and structural agility will remain constant.
Like this article? Share it with your network!
Sila provides Banking and Payments Infrastructure-as-a-Service for teams building the next generation of financial products and services. Our banking API replaces the need for integrating with legacy financial institutions saving you months of development time and thousands in legal and regulatory expenses.