No wiggle room for fintechs: The challenges of risk and compliance management

Compliance and regulation have always been of significant importance for the financial services industry since 1791, when the first operating bank was founded in the U.S. Fast forward to this year, the banking crisis has raised deeper questions around regulatory failures and poor risk management. 

The string of mishaps beginning with SVB has pushed regulators, who have already been zeroing in on fintech operations and bank-fintech partnerships over the past few years, to become stricter and implement tighter oversight. 93% of fintechs say they are struggling to meet increased regulatory requirements. In fact, 86% of them paid more than $50,000 in compliance fines last year, according to a new report by Alloy.

Key challenges facing fintechs in terms of compliance

Different fintechs have different sets of compliance challenges and there is no-one-size-fits-all approach to it.

While a larger, well-established fintech may have a more developed compliance team, its challenges may center more around changes in regulatory requirements, reporting requirements, or managing the tools they use to manage their compliance program. Whereas, earlier-stage fintechs that don’t yet have a compliance officer on staff or a complete team may struggle in the interpretation of various laws and regulations. The Alloy report identifies that lack of access to experts who can understand and implement practices in alignment with laws, external regulations, guidelines, and specifications relevant to a specific business process is one of the key barriers to meeting compliance requirements.

55% of fintechs also say that lack of automation is a roadblock when it comes to following a systematic approach to compliance. In particular, fintechs ranked Suspicious Activity Report (SAR) filings – a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) whenever there is a suspected case of money laundering or fraud – as the most time-consuming part of their compliance process. 

“What is required is not often more work (usually meaning more personnel), but better tools and better data to ensure that an organization is getting the identity of a user right so that they can then manage all of the risks around identity which includes compliance and also fraud,” said Gizelle Barany, general counsel at Alloy.

The financial sector is increasingly investing in technology to keep pace with rules, regulations, and systems to fight financial crime, yet compliance and fraud are two issues that take a lion’s share when it comes to fintech investments. This boils down to the fact that as fraud prevention technology is evolving, so are fraudsters’ tactics. For example, fintechs are using AI/ML tools to create better fraud detection models, but fraudsters are also using them to create more convincing synthetic identities. Additionally, regulators are constantly evaluating and determining new regulations and policies to protect both businesses and consumers. This in turn requires compliance officers to stay up-to-date on regulatory changes, industry standards, and technological advances to manage their compliance programs effectively.

These rapid developments indicate that compliance and fraud prevention issues will likely never go away and new solutions will always be required as technology evolves. According to Barany, having a wide array of data at their disposal is critical to fintechs for the same reason, so that they can always add more tools to their fraud-fighting arsenal.

“Financial institutions with a flexible fraud tech stack will be uniquely positioned to fight the fraudsters of today while deciphering the techniques of fraudsters of tomorrow,” she said.

Smoothing the rough edges

Remaining compliant to avoid fines, maintaining a good reputation in the market, while preventing financial crime, and working toward scaling business in a competitive market – all constitute a significant set of challenges for fintechs, many of which are still not profitable and have a constant need for capital.

The report highlights that around 80% of organizations are putting efforts into place to go above and beyond the minimum requirements in preventing criminal activity, given that the pace of criminal activity outstrips the pace of regulation. 

One way fintechs are actively working on striking a balance between internal controls and external regulations is through automation. Going forward, many fintechs are incorporating AI/ML into their compliance workflows, which can save time in BSA, AML, and KYC processes and eliminate the need for manual reviews. Although manual reviews are still an essential part of the fraud prevention process when it comes to particularly risky transactions, automating a portion of them can save FIs time and money to focus on other business priorities.

Fintechs are increasingly turning toward third-party risk management solutions for compliance, too. 93% of fintechs are using at least one third-party platform. These platforms like BitSight, OneTrust, and Alloy offer products and services that help in tracking specific legislative and regulatory analysis, keeping track of changes to compliance policies, ongoing vendor and partner management, and portfolio analytics. The platforms also enable fintechs to pull and analyze information from data sources to have a holistic view of each applicant and verify KYC, KYB, AML monitoring, sanctions screening, and case management.

Organizations that use one of these third-party platforms for compliance activities are more likely to be able to identify and prevent criminal activities by following the Bank Secrecy Act (BSA) regulations than organizations that use multiple or no third-party platforms.

As new rules and priorities continue to emerge, the compliance landscape is also expected to evolve, too. In addition, financial institutions are anticipated to double down the use of AI/ML in the next 12 months to detect and prevent fraud, according to the report.

Still, fraud and compliance can’t be orchestrated in silos. Compliance, fraud, product, and leadership teams will likely have to work in tandem to build a compliance ecosystem in line with the dynamic landscape of regulation, risk, and fraud.

“It’s less about streamlining processes and more about educating yourself on compliance,” said Barany.