Written by Jonah Crane, regulator in residence at the FinTech Innovation Lab. Previously, he served as deputy assistant secretary for financial stability oversight council at the U.S. Department of Treasury.
More than one observer has noted that “move fast and break things” is a motto ill-suited to the heavily-regulated financial services markets. The complexity and breadth of regulation and the need for big banks and insurers to partner with businesses that align with their regulatory and compliance obligations lead to one clear conclusion for fintechs: Regulation and compliance must be a priority from the start. Fintech companies that proactively work to meet their own regulatory requirements and understand the obligations of their potential partners will be positioned to succeed.
For some, this means hiring a chief compliance officer or general counsel earlier in the business life cycle than expected. For others, it means building regulatory compliance into the offering itself. For nearly everyone, it means a change in mindset—from reactive to proactive.
Both industry and regulators can benefit from viewing regulatory compliance as a shared enterprise. And the bar for compliance will only be raised over time, as technology enables more efficient and more effective compliance.
Consumer-facing fintechs building their own financial or insurance products should start by asking: What principles and objectives are driving regulation of my offering? Products should be built to serve the spirit of the law, not just the letter. Even if a product itself is technically compliant, misleading consumers about the benefits and risks will lead to trouble. The Consumer Financial Protection Bureau has brought enforcement actions against Dwolla, a payments company, for misleading consumers about the strength of its data security, and against LendUp for marketing loans in states where they were not available.
For fintechs looking to partner with regulated financial institutions, including Regtech startups, the key is understanding the obligations their potential financial institution customers have to conduct due diligence and ensure their vendors meet basic technical and operational standards.
Gaining sensitivity to regulation is one of the most valuable—and least obvious—rewards of the Fintech Innovation Lab.
Intensive mentoring by the Lab’s financial services sponsors helps fintechs learn to navigate the due diligence process and understand the third-party vendor risk management rules financial institutions must follow. Regtech firms, who are focused on solving regulatory compliance pain points for their customers, are often not directly regulated themselves. Nonetheless, they need to understand information security standards, be prepared with security certifications, and ensure they apply appropriate protections for any personal information. Many regtech solutions are built for the cloud, and financial institutions and regulators have taken a variety of approaches to cloud-hosted applications.
Opportunities widen for fintechs that equip themselves with a working knowledge of financial services regulation.
The most sophisticated solutions may never get to a proof of concept if they get bogged down in the due diligence phase. Understanding and proactively addressing regulatory issues can speed up the diligence process, leading to more proofs of concept and preserving precious venture funding.
Fintechs that fail to familiarize themselves with the relevant rules run potentially existential risks.
This is perhaps especially true in state-regulated businesses like insurance. Insurance underwriting offers a major opportunity for fintechs as the internet of things helps collect information from physical objects and leverages advances in data analytics to improve the speed, accuracy, and sophistication of risk analysis. But with insurers regulated in all 50 U.S. states, a fintech developing insurance solutions needs to be particularly aware of state-to-state regulatory and compliance complexities. Failure to comply with basic licensing requirements, which could be discovered with a Google search, has led to a large fine for one fintech insurance startup.
Financial regulation, like the industry itself, is highly specialized and therefore complex. Regulators are increasingly open to the innovation that entrepreneurs bring in fintech, regtech, and insurance, but they expect companies who want to participate to do their homework.
As regulator-in-residence at the Fintech Innovation Lab, I am focused on getting companies prepared to meet the expectations of consumers, counterparties, and regulators. The Lab provides immersive training, including mentoring from financial services sponsors who know the terrain, and direct interaction with regulators.