Fintechs need to balance customer acquisition and financial crime compliance requirements
There isn’t a blanket opinion across the industry on what this balance should be – the viewpoint varies from firm to firm and also depends on the maturity of the business. There is greater resistance in more ‘high volume’ Fintech segments, although there is a much better understanding than there was 10 years ago of the requirements. Perception is reality though, and to some extent there are tricky choices to be made. The solution is to try to bake in compliance as early as possible and embed in your customer journeys to ensure a smooth customer experience.
Look for a mixture of personality and key skills in your MLRO
Working as an MLRO in a Fintech is not for everyone. There are a certain set of skills and qualities that are important:
- Personality & attitude – a willingness to get your hands dirty and get involved in all areas of the business, as well as being flexible and open to new ideas;
- Generalist over specialist – someone who is competent across all key risk areas with sufficient levels of experience;
- Authority – the ability to have authority and influence at the top table to ensure that compliance has a voice in all business conversations.
Selecting a RegTech vendor is like recruitment process
Start with your requirements and wish list of features, as well as your evaluation criteria. For example, will this ensure we are compliant? Will this help us be best-in-class? Will it enhance our onboarding process?
You should always test out the capabilities and aim to speak to other customers privately to get a reference. The Fintech Innovation Network can also help with your initial research on potential solutions.
Focus on building out the technology that is critical for your core business, rather than building specialist compliance solutions
Fintechs shouldn’t be trying to build out specialist compliance solutions as this is a distraction from other areas which require technology build. It is far more cost effective to buy and integrate, rather to build and maintain.
Your job as a Fintech is to select the right set of providers, integrate these together and build any additional elements to ensure your ‘system’ holistically is effective for your business.
Review Enterprise Wide Risk Assessments annually and more regularly based on trigger events
You should think about doing EWRAs in a proportionate way related to the size of the business. Most Fintechs are starting with an MVP and one product, so this can be relatively small to start with. Founders should certainly be involved in these assessments early on and continue to be as the Fintech grows.
You can use tooling but you need to be able to hand over output to banking partners or regulators so word or excel can work equally well.
Think about refreshing your EWRA on an annual basis, as a minimum, and reviewing them at relevant trigger points, such as offering a new product or moving into a new geography. Ensure this is a ‘living’ document and that risk considerations are brought into the conversation early.
Don’t forget to include two key considerations when completing your assessment:
- Outsourcing (of tech or services) – what is your AML risk, but also your operational risk if the partner is unable to deliver? Will that stop us from bringing on customers, or processing payments?
- Risk appetite – this needs to be documented. The business needs to understand the risks and accept them – and that need to come from the Founders.
Aim to get things ‘right first time’ when registering with the regulator
Aim to be as transparent as possible during this process and aim to get things right first time, otherwise you’re already building up ‘debt’ before you’ve started. Conversely, you shouldn’t provide too much information e.g. if the regulator asks for 10 things, don’t provide 11. This will inevitably invite more questions and lead to further work for you.
Leverage strong experience and ‘generalist’ FCC skillsets in your compliance team
Early on, you should look for strong experience coupled with a broad breadth of knowledge across FCC i.e. ‘generalists’. These people need to have your typical compliance skills (investigative, diligent etc.) as well as being agile and open with a willingness to have multiple roles.
As you grow, you need to consider whether you are going to outsource, and if so, what are the implications of this decision. It can be beneficial if you need to service a 24/7 business model, but there can be implications around things like training, particularly influenced by the business’ risk appetite, along with broader outsourcing risk considerations.
In human vs tech…a balance is key
First and foremost, you should look at things from a regulatory, risk and business perspective and from there, you will design your policies, processes and procedures. You can then understand what technology can do to support your processes and controls. Digitise wherever possible, but ultimately people are the gatekeepers here and need to remain in control of managing the risk and the decisions,
One key piece of advice for MLROs…understand your specific business and risk appetite
Look at your business as a whole and then consider how compliance needs to flow through the whole business. And be creative about how you implement your compliance measures.
To find out more the partners who can help you combat financial crime, visit the Fintech Innovation Network.