MindK has been working for more than 10 years with companies that provide financial services. In this time, we’ve studied both FinTech regulations and data protection laws like GDPR. Below are the insights we gained while researching the market and working with our clients.
Table of contents:
- What is compliance in FinTech?
- FinTech regulations around the world
- How to become compliant?
The Q1 of 2021 was one of FinTech’s biggest wins. The industry secured $22.8 billion in investments (½ the previous year’s total funding). Open Banking APIs and COVID-19 became some of the biggest drivers behind FinTech growth.
The industry is advancing at a huge pace, presenting ample opportunities for entrepreneurs. Most FinTech startups operate in a move fast – break fast manner, welcoming mistakes as a part of the innovation process.
Unlike traditional banks, they rarely have robust FinTech risk and compliance management programs.
As more FinTechs venture into the spaces occupied by traditional financial institutions, they begin to attract attention from both criminals and regulators.
Protecting the industry from fraud and alleviating FinTech security concerns are the main reasons behind the emerging regulations.
Not following these laws and regulations leads to non-compliance, which carries serious risks for FinTech companies:
- Regulatory risks represent a major threat in the form of legal action, especially for FinTechs that partner with traditional banks.
- Financial risks affect the company’s bottom line – a fall in share prices due to regulatory action, inability to attract funds, loss of user confidence, and a resulting drop in future profits.
- Business risks can prevent the company from reaching its financial goals. Often, they are a natural outcome of FinTech’s fast-moving nature.
- Reputational risks result from breaching customer trust. A single incident can cause a domino effect that impacts other related products and services.
Despite being one of the FinTech’s biggest drivers, COVID-19 also presents numerous regulatory challenges
Data source: University of Cambridge
FinTech regulations around the world
The government agencies attempting to regulate the FinTech sector are lagging considerably behind the fast-moving technology. This means that most countries around the world still lack a unified legal framework to oversee the FinTech sector and have large gaps for new FinTech technologies like Blockchain and cryptocurrencies.
Still, it’s important to understand the complex regulatory landscape that exists in different states to mitigate the compliance risks.
The US is home to more than 30% of the world’s FinTech companies.
Yet, the country still lacks a federal framework to oversee the FinTech sector. Financial startups are regulated by the laws of individual states making it harder to acquire all the necessary permits to operate across the US. In addition to the local regulations, all FinTechs need to understand the federal legislation that governs the financial industry:
- Bank Secrecy Act (BSA) governs Anti-Money Laundering (AML) regulations for FinTech companies. These companies must report all suspicious activities and the acquisition of negotiable instruments (cashier checks and money orders).
- Section 326 of the USA Patriot Act obliges FinTechs to implement Know Your Customer (KYC) procedures. Its Title III obliges FinTechs to implement AML procedures, employ compliance officers for continuous worker training, and assess their KYC/AML programs via third-party audits.
- The Anti-Money Laundering Act of 2020 (AMLA) has among other things amended the BSA to include requirements for FinTechs to develop risk-based programs to prevent money laundering and terrorist funding.
- Fair Credit Reporting Act (FCRA) dictates how financial companies collect consumer credit information.
- Gramm-Leach Bliley Act (GLBA) demands all FinTech companies disclose how they share customer information.
- Securities Act of 1933 regulates Initial Coin Offerings (ICOs) for American FinTechs. A precedent known as the Howey Test shapes the legal status of an ICO subjecting it to the Exchange Act and the Securities Act if it meets the threshold requirements.
- Electronic Fund Transfer Act and CFPB Regulation E govern the sphere of payments, requiring FinTechs to resolve transfer errors within 45 days.
- Truth in Lending Act (TILA) lays out the obligations for credit card holders – defend and enhance credit card disclosures, rate increases, payment allocations, and a reasonable amount of time to make payments.
- Jumpstart Our Business Startups (JOBS) Act requires crowdfunding platforms to register with the FINRA and SEC, setting the maximum fundraising sums and other limitations. If you run a peer-to-peer (P2P) lending website that is a partner of a traditional bank, your site is recognized as a third party and the bank becomes responsible for compliance. Yet, if you sell loans as securities, your platform becomes subject to SEC oversight.
- Truth in Savings Act (TISA) includes FinTech requirements on transparent disclosure of fees and interest rates.
- Electronic Signatures in Global and National Commerce (E-Sign) Act regulates electronic documents and signatures. According to the act, FinTechs are required to supply an option for paper copies, disclosures of electronic documents, and how future electronic contact will be made with the customer.
- Numerous regulators are responsible for oversight of payment-related FinTechs. They include local governments, the National Automated Clearing House Association (NACHA), and the planned Department of Treasury’s FinTech Council.
- There are other consumer protection laws that FinTechs like the Fair Credit Reporting Act, Equal Credit Opportunity Act, and Home Mortgage Disclosure Act.
This list of legislation is monitored by a vast network of regulatory bodies, each providing oversight for a particular type of financial services.
|Securities and Exchange Commission (SEC)||Oversees the American securities market – securities exchanges, investment advisors, mutual funds, dealers, and brokers.|
|Financial Industry Regulatory Authority (FINRA)||Protects investors. Investment and crowdfunding companies must be registered with FINRA and the SEC|
|Federal Trade Commission (FTC)||
Watches for “anticompetitive, unfair, or deceptive” actions by B2C companies as well as oversees privacy and data protection responsibilities.
|Federal Deposit Insurance Corporation (FDIC)||Oversees the American deposit insurance scheme and regulates banks that aren’t subject to the Federal Reserve System.|
|Consumer Financial Protection Bureau (CFPB)||Regulates B2C financial services and takes actions against deceitful or unfair practices.|
|Financial Crimes Enforcement Network (FinCEN)||Administers Anti-Money Laundering (AML) regulations and imposes the terms of AML compliance for financial companies.|
|Office of the Comptroller of the Currency (OCC)||Oversees national banks and accepts applications for special purpose charters from FinTechs that manage deposits, cheques, or engage in lending activities. Companies with the charter have the same compliance requirements as national banks.|
|Commodity Futures Trading Commission (CFTC)||Regulates commodity exchange markets, oversees trading organizations, intermediaries, and similar companies.|
|State legislations||Local regulations vary from state to state. There are some of the attempts being taken at streamlining the complexity of state-level legislation.|
The UK is one of the leading FinTech countries, with over 1,800 startups fighting for the booming market. Yet, like other countries on our list, the UK doesn’t currently have a unified legal framework for FinTechs. British companies are supervised by different regulators depending on the company’s size and the nature of business.
The primary FinTech compliance regulators in the UK are:
- Prudential Regulatory Authority (PRA); and
- Financial Conduct Authority (FCA) that regulates the operation of all lending companies and businesses involved in online payments.
Activities like electronic money, investments, deposits, lending, insurance, and payments all require a license. Although crypto-trading platforms aren’t officially regulated, companies operating in the area might want to acquire certain licenses like the E-Money license.
After the start of the pandemic, the government closely monitors crypto assets to mitigate risks and protect consumer well-being. The lockdowns have only emphasized the importance of alternative financial systems, prompting the government to consider adopting new FinTech legislations.
The EU is home to almost 2,400 FinTech companies. Although the pandemic has led to a drop in European FinTech funding, many startups are showing steady growth. As a result, the EU regulators are working hard to modernize the FinTech regulatory framework.
- The European Securities and Markets Authority (ESMA) is the chief regulator that oversees the initiatives aimed at boosting FinTech investments.
- Some European countries have local regulators for domestic and foreign companies (for example, Autorité des marchés financiers, AMF, in France, and the Federal Financial Supervisory Authority, BaFin, in Germany).
Since 2020, all cryptocurrency trading platforms, mobile wallet providers, and startups that manage virtual currency exchange are coming under closer scrutiny. The trading platforms now have to register with relevant authorities and implement due diligence procedures for AML/KYC compliance.
The European regulators are planning to improve financial technology regulations by 2024 in all member states. Among the plans are new frameworks for cryptocurrencies, Blockchain, digital identities, and so on.
- Switzerland is a FinTech powerhouse with full-on government support for the sector. The country’s primary regulator is the Swiss Financial Market Supervisory Authority (FINMA). During the COVID-19 pandemic, the government unveiled a new type of license for FinTech startups that is less strict than the ones for the traditional companies.
- Australia is home to the Australian Prudential Regulatory Authority (APRA) and Australian Securities and Investments Commission (ASIC) which are the industry’s chief regulators. They oversee financial services, crowdfunding, and consumer lending. To take part in such activities, your startup will need to obtain an Australian Financial Service License. Any Australian neobanks must be registered as an Authorized Deposit-Taking Institution. And if you’re dealing with any kind of credit activities, your company will also have to earn an Australian Credit License.
- China is a powerful FinTech market. Although the government and the People’s Bank of China take an active part in overseeing the sector, the country has no unified FinTech regulatory framework. In 2019, the government started a pilot sandbox mode for 7 cities including Beijing.
Compliance is a complex and costly matter, so it’s critical to ask for legal advice before you make any important decision. Book an appointment in advance with a competent lawyer to learn about the regulatory FinTech requirements your company will face and how to fulfill them.
There is no single, clear path to FinTech and compliance. Until governments implement a unified legal framework, financial companies have to take the case-by-case approach regarding the licenses they need to acquire:
- Money Transmitter License (MTLs) is a must-have for any US company engaging in selling/issuing payment instruments/stored value, and/or receiving money for transmission. The process and the rules vary from state to state and can take a lot of time and money.
- Money service business (MSB) registrations are typically required for e-wallets, peer-to-peer transfer, and mobile payment platforms. These companies have to register with the Treasury Department, implement an AML program, prepare Currency Transaction Reports, and Suspicious Activity Reports.
- BitLicense is a requirement for virtual and crypto currencies. It is granted by the New York State Department of Financial Services (NYSDFS) for businesses that work with NY state residents.
- Offerings through Reg A for businesses that offer securities or alternative investment options are subject to less strict reporting requirements. Reg D outlines similar rules for private placements and smaller businesses, reducing the complexity of SEC reporting. FinTechs that go through funding rounds are obliged to register with relevant authorities and follow these requirements before the launch.
AML programs must be developed well before you start providing financial services. In 2020, Financial institutions around the world were fined $10.4 billion due to violations in AML, KYC, and due diligence. As FinTechs tend to start small and innovate quickly, they might create a gap for unmonitored transactions which leaves them open for regulatory sanctions.
P2P lending platforms, in particular, should ensure their services are protected from criminal activity. According to the US government, more than $100 million of stolen funds have been laundered in 2020 via America’s top four P2P investment platforms. So it’s crucial to implement AML procedures to protect your business from reputational fallout.
Fast-growing FinTechs need to ensure their compliance programs are keeping up with the increase in transaction volumes. KYC procedures are essential because your customer base might expand quickly to include new types of users with different requirements. The increased transaction volume requires changes to reporting and dispute processing.
KYC procedures should be applied to transactions of any size to prevent the funds from going to illegal or terrorist activities. Avoiding this responsibility is sure to result in quick regulatory action.
Employing a dedicated compliance officer is another good practice to have in your company from the very beginning.
And remember – compliance isn’t a one-off task, so ensure you have enough resources to handle it continuously.
In some situations, it might be reasonable to partner with an established company that has already obtained all the relevant licenses.
Regulatory Technology (RegTech) is one of the top FinTech trends that shape the industry in 2021. This industry applies the Software as a Service principle to FinTech compliance practices. RegTech companies provide advisory and guidance services focusing on the biggest risk areas in FinTech:
- Online libraries of compliance regulations.
- Software like neupart for planning compliance activities, gathering resources, and reacting to new regulations.
- Tools for monitoring and auditing transactions for suspicious activity like Analyze N Control.
- Automated risk assessment and reporting tools like DDIQ to determine the risk exposures and asset qualities.
- Online due diligence and data security tools like like Arachnys to prevent data leaks and fraud.
- KYC tools for managing customer identities like Alacra.
- Regular AML checkpoints for high-value and politically exposed clients.
- Real-time dashboards for monitoring the company’s current state of compliance like GAN Integrity.
- Automated regulatory reporting companies like Alessa, etc.
RegTech companies can become valuable partners for early-stage FinTechs that need to navigate the complex regulatory landscape. As your startup matures, however, it becomes important to have all the required compliance expertise in-house.
FinTech regulations are still in their infancy and evolving at a rapid pace. As governments around the world are working to produce unified FinTech standards, businesses will have to keep their eyes peeled for any changes in regulations.
Some countries like the UK have implemented the so-called regulatory sandboxes that allow FinTechs to experiment in regulated test environments. This allows government agencies to get a deeper understanding of FinTech while providing detailed regulatory guidance to the participating business.
Although a similar practice is yet to be established in the US, there are already some steps in the right direction.
In 2018, The Treasury and the Consumer Financial Protection Bureau (CFPB) published independent reports that propose the creation of sandboxes. The same year saw Arizona pass the first state-level sandbox law. In 2019, Wyoming followed suit together with West Virginia, Nevada, and Utah. At the time, Washington DC is actively considering the sandbox legislature.
The article provides a short, yet comprehensive overview of FinTech compliance regulations around the world. The path to compliance is difficult. Yet, it is within your reach if you do your homework.
The landscape is shifting constantly, so it’s important to stay updated on the latest changes in regulations. As governments around the world are working to create a better legal framework, there’s a big hope for simpler compliance among FinTech founders.
So now might be your best time if you think about starting a FinTech company.
MindK has been working with financial companies for more than 10 years, helping them build awesome web and mobile FinTech solutions. So if you need some advice or a team of experts to implement your project, we’ll be happy to assist you. Just fill the contact form and we’ll arrange a free consultation with our development team.