Compliance is one of the most important aspects of growing a fintech company. If you have to ignore or skip it, you’re in for some serious trouble. But compliance doesn’t have to be an overwhelming burden, especially if you take the time and effort to set up a solid compliance program from the very beginning.
Financial institutions are required to comply with all federal and state laws. If a company fails to comply, it may be placed on an entity list, preventing it from doing business with certain financial institutions in the future. Furthermore, being out of compliance may result in heavy fines, which could destroy their business model by default if their capital requirements are not met or if they are unable to provide collateral for certain instruments due to regulatory uncertainty. If you are not in compliance with reporting and privacy regulations, your business models based on the sharing of data about your customers with third parties may be jeopardized. There is also the risk of regulatory scrutiny, which could make it much more difficult to attract new customers and funding in the future.
Maintaining compliance could mean going through a fairly arduous process of auditing each contract you have with your customers, complying with reporting and privacy regulations, having antivirus software installed on all machines, and third-party integrations that you rely on to get business. It also means that you need to maintain certain security protocols while uploading customer data onto your system so that the information is not stolen by hackers. However, complying with all these regulations is not a one-time thing. It could mean constantly keeping records of every update that you make to your systems so that you are self-auditing and maintaining compliance across different systems at each step.
This could be a very heavy burden to maintain if your business is growing rapidly, as it is likely that you will have more and more processes to maintain, audit and stay compliant with the regulations. For example, if there are regulatory changes in the US that affect your business model, it may mean going through the process of changing your business model or making some significant amendments so that you can meet the new compliance requirements. Another example: if you are storing files on a cloud like Google Drive or Dropbox, these services may at some point be forced to change their terms of service because of regulatory changes. Dropbox, for example, was hit with a class action lawsuit in 2011 and 2012, alleging that it violated wiretap laws. As a result, Amazon no longer hosts the consumer version of Dropbox, and the company was forced to rewrite its terms of service in order to comply with regulatory requirements.
As proven by numerous recent headline-making cases, mistakenly thinking that your company is too small or it won’t grow quickly enough for IT restrictions to matter is not a good strategy for avoiding regulatory scrutiny. In other words, complacency will lead providers toward disaster. If you’re one of those larger firms that’s looking to start up an automated lending platform, don’t ignore compliance; it’s crucial to your success. The biggest problem with many small lending startups is that they don’t realize they need to conduct compliance checks much earlier than their customers do. Many fintech startups may not even have a compliance officer yet, since they started out as glorified IT departments. But the moment they start to send credit alerts and emails to borrowers, their staff will need to be trained in anti-money laundering (AML) and fraud-detection strategies.
While there is no way to completely stay ahead of regulations in today’s world, there are some measures that you can take to avoid being hit by them in the future. Compliance has many sides to it. It should be managed holistically rather than in isolation. It’s exactly why many fintech companies have been waiting to employ compliance officers—not because they’re not making money hand over fist, but because they didn’t know how much it would take to do so.
There is no doubt that compliance will be a significant future cost for some fintech companies, but it’s also the road to serious growth for others. For those of you who are ready for this road, now is the best time ever to start working on your compliance program, but get started early.