fbpx

AML compliance in the remittance industry

The money remittance industry is growing. In 2018, global remittances reached $689 billion: a figure that is expected to reach $746 billion in 2020. The trend is driven, in part, by digital remittance services, which are expected to see a growth rate of 11.75% between 2019 and 2024. As the remittance industry has developed, so have the methodologies that criminals use to exploit it. In a report on the industry, the Financial Action Task Force (FATF) identified specific vulnerabilities to money laundering and terrorism threats, emphasizing the need for suitable AML compliance in the remittance industry.

Accordingly, when it comes to the risk of AML, remittance firms must ensure their compliance solution can detect and prevent criminal activity and satisfy the relevant regulatory obligations (such as those imposed by FATF) on an ongoing basis.

Money laundering risks in the remittance industry 

Money remittance is an attractive target for criminals for a variety of reasons, including global inconsistencies in regulation and the criminal opportunities offered by digital remittance services. In order to detect and prevent money laundering activities, it is important that compliance teams understand the key risks posed by money remittance:

  • Digital services: The growth of digital remittance services and technology has led to the emergence of new money laundering risks. Online money remittance services are not only harder for the authorities to supervise but make it easier for criminals to circumvent identity verification processes, especially in non-bank remittance firms.
  • Prepaid cards: Some prepaid payment cards can be used to send and receive money and to withdraw cash from ATMs with funds loaded anonymously over the internet. Some open-loop cards are integrated with global ATM networks and can be used to transfer money around the world, pay for goods and services or simply withdraw cash with no face-to-face transaction requirement.
  • Money mules: The anonymity associated with remittance services means that money launderers can engage third parties to conduct transactions on their behalf. These third parties are also known as money mules and may be coerced or financially incentivized to send or receive money via remittance services in order to protect the identity of the launderers.
  • Ownership: Given the proliferation of remittance services, money launderers may seek to obtain ownership of a remittance firm in order to circumvent AML/CFT compliance regulations. Money launderers may set up a remittance firm themselves or by using an agent or may seek to leverage the owner of an existing firm.
  • Regulatory disparity: Regulatory supervision of remittance service providers varies depending on jurisdiction, and money launderers may seek to exploit that disparity by moving illegal funds between territories. The AML risks of that disparity may involve a lack of communication between supervisory authorities in different countries or the efforts of money launderers to avoid, for example, reporting thresholds or suspicious activity reporting requirements.
  • Structuring: In order to better disguise the origin of illegal funds and thwart investigations, money launderers may attempt to engage in multiple remittance transactions using multiple outlets. This practice is known as structuring and makes it harder for both remittance AML compliance teams and financial authorities to track illegal funds.

AML compliance for remittance organizations

FATF requires financial institutions within member countries to implement risk-based AML compliance programs. In practice, this means that firms, including remittance service providers, must conduct risk assessments of their customers to determine the level of money laundering risk that they present. In alignment with FATF recommendations, remittance service providers must put a risk-based AML program in place with the following features:

  • Customer due diligence: Remittance firms should conduct CDD checks to ensure that customers are being truthful about their identities. Customers that present a higher risk of money laundering, such as politically exposed persons (PEPs), should be subject to enhanced due diligence (EDD).
  • Transaction monitoring: Firms should use transaction monitoring tools to check their customers for suspicious activity that might indicate money laundering, including transactions above reporting thresholds, unusual transaction patterns or transactions with high-risk countries.
  • Screening: Firms should screen customers and transactions against international sanctions lists and watchlists. Customers should also be monitored for involvement in adverse media stories.
  • Compliance officer: Remittance firms must appoint a compliance officer with enough authority and expertise to oversee their AML program.
  • Training: As part of AML compliance, remittance employees must receive AML training in order to be able to spot potential money laundering activities.

Certain transactions or types of behavior may indicate that customers are using remittance services to conduct money laundering. These red flags include:

  • Unusually high frequencies of transactions or unusual transaction patterns.
  • Transactions above reporting thresholds.
  • Customers that attempt to conceal their identities.
  • Customers that know few details about the transaction or the payee.
  • Transactions that are connected to other transactions in a manner that might indicate structuring.
  • Transactions involving politically exposed persons or individuals on sanctions lists or adverse media stories involving customers.

Ongoing AML compliance in remittance

In order to deliver ongoing AML compliance in a remittance business quickly and efficiently, service providers should consider implementing smart AML software to handle their data collection and analysis needs. An AML software solution not only adds speed and accuracy to the compliance process but can scale with a firm’s needs and adapt to changes in legislation and emergent criminal methodologies on an ongoing basis.

AML compliance in remittances: Case studies

Global trading remittance firm (Customer A) 

Customer A offers money transfers to over 150 countries in over 70 currencies
Regulated by
  • FCA
  • DNB
  • FINTRAC
  • AMF
  • AUSTRAC
  • Hong Kong Customs and Excise Department
Screening workflow Customer A doesn’t run AML checks at onboarding but instead screens both the payer and beneficiary for every transaction run
Data Sanctions – all lists
Fuzziness setting 20%
Match rate 1-1.5%

Remittance firm (Customer B)

Customer B allows individuals from the UK and US to send money to Africa
Regulated by an FCA-authorized agent working for a payment provider in the UK
Screening workflow Customer B screens its customers at the point of onboarding, via an app used to sign up for its platform. Customers first go through an identification verification process, then AML checks
Data Customer B uses a search profile and has selected: 

  • Sanctions – all lists
  • Warnings – no lists selected
  • Fitness and Probity – no lists selected
  • PEP classes – all 4 classes
  • Adverse Media – no lists selected
Fuzziness setting Exact match
Match rate 4-5%

Global payments firm (Customer C)

Customer C offers B2B payments and individual payments to over 160 countries
Regulated by
  • Central Bank of Ireland
  • FINTRAC
  • FCA
  • AUSTRAC
  • Mexican National Banking and Securities Commission
  • Ministry of Business Innovation and Employment – New Zealand
  • Hong Kong Customers and Excise Department
  • Monetary Authority of Singapore
  • Dubai Financial Services Authority
  • Association Romande Des Intermédiaires Financiers (ARIF)
  • Jersey Financial Services Commission (JFSC)
  • Bank Negara Malaysia
  • FINCEN
Screening workflow Customers are screened at the point of onboarding
Data Customer C has set up a search profile and has picked lists from countries it is operating in: 

  • Sanctions – 72 lists selected
  • Warnings – 765
  • Fitness and Probity – 106
  • PEP’s – all 4 levels
  • Adverse Media – 7 categories
Fuzziness setting 20%
Match rate ~20%

 

The importance of compliance in the remittance industry

It should be no surprise that financial services are among the most heavily regulated industries. Any business that involves the management and transfer of money, particularly across international borders, requires careful monitoring and control. Moreover, as a result of the 2007-2008 financial crisis and the rise of cybercrime, the regulatory environment has become far more stringent.

While banks and other traditional financial organisations have been in the money transfer business a long time and have mature compliance models, there are many new players, and the remittance landscape is now far more diverse and competitive. Money transfer operators have developed quickly thanks to digital technology and are reaching more parts of the world with a wide variety of new services that are fast and convenient. And with the growth of these services comes the fundamental requirement to be safe and secure.

That’s why compliance is a top priority for the remittance industry. Every year, remittance volumes increase, and today’s global money transfer operators are connecting more corridors through sophisticated networks. All organisations are subject to local, national, and international regulations. The remitter is subject to long-standing due diligence and compliance obligations, regardless of whether it is a bank or a money transfer operator. For example, all remitters must be licensed; otherwise, they will be deemed underground and outside the law.

It is a good thing that mobile money and digital technology are transforming transfer infrastructures and remittance flows. It means more people worldwide now have access to versatile and cost-effective remittances. But new technologies and practices bring vulnerabilities as well as opportunities, so compliance must match the pace of change. This is evidenced in the recently enacted second Payment Services Directive (PSD2), which is bringing European payments up to date with online transactions and the mobile revolution.

Compliance means greater operational efficiency and better customer service. Without regulation, there would be no accountability to ensure money moves safely and securely from sender to receiver or to identify and block transactions that are not legitimate. Now that transactions are increasingly digital, regulations such as know your customer (KYC), anti-money laundering (AML), and anti-terrorist financing (ATF) must also extend to the new world of digital remittances. Irrespective of whether a transaction is completed through a mobile app or by a bank, the same levels of compliance are required.

While technology has added to the complexity and demands of compliance, it also offers very effective solutions for compliance. The technological advances powering the remittance industry are also driving big advances in visibility and security. The industry is embracing compliance technologies such as automated identification, real-time transaction scanning, data analytics, data enrichment, and artificial intelligence. Collectively, these and other digital developments provide a more complete understanding of transaction flows and counterparties, which is vital as transfer pathways grow in scope and complexity.

Because online remitters don’t meet clients in person and mobile money is spreading worldwide, KYC is a very important compliance issue. One solution is biometrics, which is growing in popularity as a reliable and frictionless method of verification for financial services. Biometric methods, such as fingerprint IDs stored on phones, are helping to authenticate transaction parties and reduce fraud. This is just one example of how technology can set the rules as well as provide the infrastructure for fast and efficient money transfers.

Compliance is also important because of a trend that could restrict growth in the remittance industry. This is the practice of de-risking, and it means that some financial institutions are assessing the cost-benefit of certain operations and deciding to withdraw from high-risk activities so that they can improve their risk profiles.

The more preferable option is active compliance rather than compliance by cutting commitments because when you remove a financial service, unregulated, non-compliant underground operators may fill the void. In addition, it does nothing to alleviate financial exclusion. Instead of de-risking, it is ideal to focus on prudent risk management. It is important for remittance providers to inspire confidence in their correspondent banking partners, and this is something they can do by demonstrating that they are risk-aware and have robust security and clear audit trails.

The remarkable expansion of the global remittance industry is due to technological progress, which also provides the foundation for greater security. Looking to the future, money transfer operators will continue to use new and emerging technologies to refine their services while ensuring that the latest technologies also keep remittance networks regulated and compliant.

Understanding the Basics of Remittance and Money Transfer Business

The remittance market refers to the global market of money transfers between individuals or businesses across borders. It is a significant and growing market, with an estimated 200 million migrants sending money back to their home countries, according to the World Bank.

According to Juniper Research, ​​digital cross-border remittances will grow from $295 billion in 2021 to $428 billion in 2025. With the increase in demand for remittances, there are opportunities for the development of money transfer companies to meet the needs of users. In this article, we consider the basics of the remittance business, and its benefits for payment companies, and present the fintech solution to speed up the money transfer app development process.

What is remittance?

Remittance refers to the transfer of money or funds from one place to another, usually across international borders. This transfer of money is typically made by a person who is working in a foreign country and sending money back to their home country or to their family and friends. Remittance is often used as a way for migrant workers to support their families and loved ones who may be living in a less economically developed country.

Remittances can be sent through various channels such as banks, money transfer companies, and online platforms, and they can be received in various forms such as cash, bank deposits, or mobile wallet balances. The process of sending remittances typically involves a fee or commission that is charged by the service provider, which can vary depending on the amount of money being sent, the destination country, and the method of transfer. Remittances are an important source of income for many families in developing countries, and they can contribute significantly to a country’s economy.

How does remittance work?

The process of sending a remittance usually begins with the sender depositing money into a financial institution, such as a bank or a money transfer service. The recipient then receives the money in their home country, either through a bank account, cash pickup location, or mobile money account. The exchange rate used to convert the funds from one currency to another can have a significant impact on the amount of money received by the recipient.

What is the difference between remittance and money transfer?

The term remittance refers to the money that is sent or transferred by an individual (usually an immigrant) living in one country to another individual (usually a family member) living in a different country. Remittances are often sent to support the financial needs of family members back home, such as paying for education, healthcare, and daily expenses.

Money transfer, on the other hand, refers to the process of moving money from one account to another. This can be done through various means, such as wire transfers, online transfers, or mobile transfers. Money transfer services can be used for a variety of purposes, including paying bills, making purchases, or sending money to friends and family within the same country.

So, while remittance involves sending money across borders to support family members, money transfers can be used for a wider range of purposes and may or may not involve cross-border transactions.

Things to know before starting a remittance or money transfer business

Starting a remittance or money transfer business can be a lucrative venture, but it’s important to do your due diligence and prepare thoroughly before launching your business. Here are some things to consider before starting this type of business:

Regulations and compliance

Research and understand the regulations and compliance requirements for money transfer businesses in your country and any countries you plan to operate. This includes regulations related to anti-money laundering (AML) and Know Your Customer (KYC) requirements.

For example, to start a remittance business in the US and offer your solution to all US residents, you will be required to obtain a money transfer license in all 50 US states. Once you have obtained your license, the next step is to secure a bank account for depositing funds. Additionally, you will need to partner with a payment processing provider that enables end users to fund their accounts using ACH or cards.

Technology and infrastructure

You will need to invest in the right technology and infrastructure to ensure smooth and secure transactions. This includes developing a user-friendly app or website, integrating payment gateways and security measures, and building partnerships with banks and financial institutions.

Fees and pricing

Determine your pricing model and fees carefully, taking into account your costs and the fees charged by competitors. Offering competitive rates and transparent pricing can help you attract and retain customers.

Customer service

Provide customer service and support to build trust and loyalty with your customers. This includes offering multiple channels for customer support and being responsive to customer inquiries and issues.

Ensure a quick response time for customer queries or complaints. This can help mitigate customer frustration and improve overall customer experience. As a result, 24/7 customer support to address urgent queries or issues. This can be achieved through automated chatbots or by outsourcing support to a third-party service provider.

How does the payment business benefit from remittance?

Remittance services are important for payment businesses for several reasons:

Diversification of revenue streams

By offering remittance services, payment businesses can diversify their revenue streams and reduce their reliance on traditional payment processing services. This can help to increase their overall profitability and reduce their exposure to market fluctuations.

Increased customer base

Remittance services attract a diverse range of customers, including migrant workers, expatriates, and individuals who need to send money to family members or friends in other countries. By offering remittance services, payment businesses can tap into a new customer base and expand their reach into new markets.

Cross-border payments

Remittance services allow payment businesses to offer cross-border payment solutions to their customers. This can help to facilitate global trade and commerce, which is becoming increasingly important in today’s globalized economy.

High transaction volumes

Remittance services typically involve high transaction volumes, which can generate significant revenue for payment businesses. This can help to offset the costs of offering these services and provide a stable source of income over time.

Customer loyalty

By offering remittance services, payment businesses can build customer loyalty and trust. This can lead to repeat business and positive word-of-mouth referrals, which can help to grow their customer base over time.

In summary, remittance services are important for payment businesses because they offer a new source of revenue, a diverse customer base, cross-border payment solutions, and high transaction volumes.

Wrapping up

The remittance market is significant and growing, with digital cross-border remittances expected to increase over the next few years. Before starting a remittance or money transfer business, it’s essential to understand the regulations and compliance requirements, choose the right technology and infrastructure, determine pricing models and fees, and provide excellent customer service. FintechPolicies.com can help you speed up the development of the remittance application business model.

How To Start A Money Transfer Business: Everything You Need To Know

Establishing a money transfer business may be quite challenging due to numerous regulations and requirements. That is why it demands meticulous preparation, compliance with regulatory standards, and strategic collaborations. In this guide, you will find out about the fundamentals of money remittance and strategies on how to start a money transfer business.

Overview Of International Money Transfer Industry

Starting and expanding a money transfer business presents a highly profitable opportunity. A substantial amount of money is transferred globally daily, almost $4.8 trillion. Mobile device expansion in recent years has accelerated the global adoption of digital technology for international payments and remittance services. Since digital remittance services offer improved privacy and security along with time and cost savings, consumers are increasingly shifting toward them.

Is the money transfer business profitable? Well, it can be highly profitable, especially considering the substantial growth and transaction volumes observed in the international money transmission sector. With $530 billion in yearly transfers, this sector has expanded significantly since 2000, with a CAGR of 10.4%. Therefore, money transfer services are advantageous to businesses and customers alike, especially considering the significant amounts associated with international financial operations.

Remittance services offer enterprises revenue diversification, an expanded client base, and the ability to provide cross-border payment solutions. With high transaction volumes and opportunities to foster customer loyalty, remittance services become essential to payment operations, offering stable income sources and growth opportunities.


What Is A Money Transfer Business?

This enterprise enables the transmission of funds between individuals or entities through various channels, such as banks, web pages or conventional methods. The purpose of this financial transaction may be sending money to relatives or conducting business transactions across different geographical locations.


What Is A Money Remittance Business And How It Works?

The international money transfer business involves interacting with several participants, each performing different duties. Here is the list of primary players involved in the money exchange system:

  • Sender/Remitter: Initiates transfer of funds.
  • Beneficiary: Acquires money from remitter.
  • Sender’s Bank: Helps to transfer funds.
  • Beneficiary’s Bank: Receives the transferred funds.
  • Money Transfer Operators: Accredited entities facilitating money transfers.
  • Payment Processor: Make it possible for MTOs to carry out transactions via various payment options.
  • Payment Network: Arranges for the settlement of transfers via various networks.
  • Transmitter Platform: Special software like Money Transfer App that handles transfers.
  • KYC: Tool utilized for authentication and verification of IDs.

 


Forms Of Money Transfers

Suppose you are willing to learn how to become a money transfer agent. In that case, you will need to familiarize yourself with various accessible methods for transmitting funds. Below, you will learn about the most common forms of transfers and their characteristics.

Bank Transfer

This process is managed through online banking platforms or mobile apps. Several solutions are accessible in the UK, including CHAPS or Bacs, while SEPA payments are commonly utilized in the European Economic Area.

Wire Transfer

This option is an optimal solution for international money transfers, which involve the seamless movement of funds between two separate bank accounts, typically across different countries or regions. By serving as an intermediary, the bank speeds up the transfer procedure and guarantees a safe and effective money transfer between the sender and the recipient.

In-Person Transfer

Specialized money transmission services, such as Western Union, facilitate this method. It offers a convenient option for individuals who prefer face-to-face transactions and enables recipients who may not have bank accounts to receive funds in cash at adjacent agent locations. 


Types Of Remittance Or Money Transfer Businesses

Several types of money remittance businesses exist, each designed to accommodate different demands and preferences of individuals and companies. Here is a brief outline of them.

Traditional Brick-and-Mortar Services

These services allow users to send money in person through physical places, such as banks or specialized remittance hubs.

Online Money Transfer Platforms

These platforms allow users to manage transactions easily through websites or mobile apps.

Mobile Money Services

These services use mobile phone networks to streamline mobile money transfers, especially in areas where conventional financial services are inaccessible.

Peer-to-Peer (P2P) Payment Platforms

They allow money transactions directly between users by means of bank accounts or online wallets. Peer-to-peer transfers eliminate the need for intermediaries, lowering transaction expenses and enhancing operational efficiency.

Cryptocurrency-Based Remittance Services

These services leverage blockchain technology to ensure secure and decentralized transactions, providing an alternative to conventional methods.


How To Start A Money Transfer Business Step-By-Step

Suppose you are wondering how to open a money transfer business successfully. In that case, you will discover detailed instructions below, which will guide you through every crucial stage and equip you with essential information.

Conduct Thorough Market Research

Before setting up a mobile money transfer business, you must perform an extensive analysis of the current market to define your unique selling proposition (USP) and identify your target audience. Your USP distinguishes your offering from others, and understanding the specific demographic you intend to serve will guide your business strategy.

Establish A Suitable Business Structure

This step entails determining the legal framework for your venture, whether it is a sole proprietorship, collaboration, or corporation. Each structure comes with its own set of pros and cons, and the most suitable option depends on your situation and objectives. For instance, a sole proprietorship might be ideal if you are a sole proprietor seeking simplicity, whereas a corporation could offer better asset protection for multiple owners.

Obtain Required Licenses And Permits

Gather all the papers needed for regulatory compliance, comprising financial invoices, proofs of identity, papers proving business registration, and any other paperwork requested by the regulatory authorities in the countries where you wish to run your business. Acquire the regulatory licenses or registrations required to run your remittance business to navigate the regulatory framework successfully. Adherence to national and international regulations is crucial for maintaining your business’s legality and reputation.

If you are wondering how to start a money transfer business in the USA, you will need to comply with federal, state, and local regulations. This includes filing a FinCEN Form 107 with the US Treasury Department’s Financial Crimes Enforcement Network for fraud prevention. As far as the UK is concerned, the remittance business requires obtaining a Payment Institution license. Businesses can opt for either an SPI or API license based on revenue. SPI licenses cost £500, while API licenses range from £1500 to £5000. Applicants must register on the FCA Connect Platform and provide FRNs and IRNs for processing.

Implement Robust Money Transfer Software

To comply with money transfer business requirements, establish a robust money transfer software infrastructure that includes stringent Know-your-customer (KYC) and Anti-money laundering (AML) protocols. Put compliance first to guarantee user confidence and transaction security. Consider employing compliance-as-a-service for remote and outsourced compliance services.

Additionally, investments in the appropriate infrastructure and technology are crucial to guarantee seamless and safe transactions. This entails creating user-friendly software and websites, incorporating safe payment mechanisms, and forming alliances with banks and other financial organizations.

Establish A Business Bank Account

The next stage in launching a money remittance business is setting up correspondent bank accounts to facilitate easy cash transfers. Choose trustworthy banking or financial service providers aligned with your business goals. Building a solid financial connection and promoting effective transaction flow require transparent interaction.

Determine Competitive Pricing And Fee Structure

Carefully establish your pricing strategy and fees, considering both your expenses and the rates charged by competitors. Providing competitive and transparent pricing models can enhance your ability to attract and retain customers.

Implement Effective Marketing Strategies

This step is crucial for promoting your money transfer business and attracting clients. Utilize various advertising channels, including social media, to appeal to your target audience.

Maintain Regulatory Compliance And Vigilance

Continuously monitor and ensure compliance with applicable laws, financial regulations, and regulatory requirements to uphold the legality and reputation of your business. It involves staying updated on any changes or revisions to regulatory requirements. This may entail regularly reviewing and revising internal policies and procedures to ensure they align with current standards. Also, it is crucial to stay vigilant against fraud and illicit activities by implementing robust compliance measures and monitoring systems.

In addition, give your customers outstanding assistance and treatment to gain their trust and loyalty. This entails providing several options for customer communication and swiftly reacting to problems and inquiries. To reduce customer annoyance and raise overall satisfaction, strive for quick response times. When handling critical issues, consider establishing around-the-clock customer care, using automated chatbots, or outsourcing to outside service providers as needed.


Future Trends And Opportunities In The Remittance Business Market

Innovative technology constantly impacts the remittance business industry, and digital platforms continue to rise in popularity. These platforms offer secure, quick, and effective money transfer services using advanced technology like blockchain and artificial intelligence. Because of this development, traditional operators need to transition to remain viable in the digital market.

The increased emphasis on financial inclusion is a recent development in the money transfer industry. Many people without bank accounts or limited banking access depend on remittance services for financial needs. Market players are examining innovations like mobile money and agent networks to assist them. Businesses have many opportunities to take advantage of this trend to expand into new regions and help achieve the global goal of improving financial inclusion.

The money remittance business sector is likely to face more compliance requirements in the future. Governments and oversight organizations are stepping up their efforts to eliminate money laundering, funding terrorism, and other illegal acts associated with international money transfers. As a result, companies operating in this industry need to maintain a close eye on the regulatory landscape and implement robust compliance protocols to mitigate risks and preserve their image.


Final Thoughts

In summary, the remittance sector has expanded recently. Technology integration into remittance platforms is becoming a top priority for banks worldwide to facilitate more swift and smooth payments. If you are wondering how to become a money transfer agent, remember that before embarking on this business, you will need to grasp the regulations and compliance standards, select suitable technology and infrastructure, establish pricing strategies, and prioritize customer service.

How to start a money remittance or money transfer business

Starting a remittance or money transfer business is a venture that requires careful planning, adherence to regulatory frameworks, and strategic partnerships. In this article, we explore the concepts of money remittance and transfer, examining various types of remittance services. Additionally, we offer a guide outlining the step-by-step process to establish a successful remittance or money transfer business.

What is money remittance?

Money remittance involves sending money from one location to another, typically across borders, to meet financial needs or fulfil payment obligations. This financial service is vital for individuals who must send funds to family members, friends, or others in different regions or countries. Money remittance can occur through various channels, such as banks, dedicated remittance providers, online platforms, or mobile applications.

The sender initiates the transfer by providing necessary details about the recipient and selecting the preferred transfer method. The recipient can access the transferred funds through local financial institutions or designated payout locations. Money remittance is crucial in supporting global financial connectivity and addressing the diverse financial requirements of individuals and businesses worldwide.

These services contribute to financial inclusion by providing accessible and efficient channels for individuals to send and receive money globally, overcoming geographical barriers and enhancing overall economic well-being.

What is a money transfer?

A money transfer refers to moving funds from one individual or entity to another. This financial transaction can occur through various channels, including banks, online platforms, money transfer services, or traditional methods. Money transfers are commonly utilized for diverse purposes, such as sending funds to family members, making payments, conducting business transactions, or meeting financial needs across borders.

The process typically begins with a sender initiating the transfer, specifying the recipient, and selecting a preferred transfer method, such as wire transfers, online transfers, mobile payments, or remittance services. The term ‘money transfer’ also encompasses credit/debit card transfers, where funds move from one card to another credit/debit card, a bank account, or a merchant.

How remittance works

Remittance is a financial process that enables the transfer of money from one location to another. The sender initiates the transaction through a remittance service provider, a traditional brick-and-mortar agency, an online platform, or a mobile application. The sender provides necessary details, such as the recipient’s name, location, and transfer amount.

The remittance service processes the transaction, converting funds into the desired currency if necessary and transfers the money to the recipient. The recipient can then collect the funds through various channels, including cash pickup points, bank accounts, mobile wallets, or even opt for home delivery, depending on the chosen service and the options provided by the remittance provider.

The entire process is facilitated by a network of financial institutions and payment service providers to ensure a secure and efficient transfer of funds across borders.

Forms of money transfers

What are the types of money transfers?

1. Bank Transfer:

Easily facilitated through online banking or apps, bank transfers are common. In the UK, Bacs, CHAPS, or Faster Payments, and in the EEA, SEPA payments support both one-off and regular transfers.

2. Wire Transfer:

Ideal for international transfers, wire transfers move money between two unlinked bank accounts, with the bank serving as an intermediary.

3. In-Person Transfer:

Specialized money transfer services like Western Union facilitate in-person transactions. This method accommodates recipients without bank accounts, allowing them to collect funds in cash at a nearby agent location.

How can money remittance be executed?

Money remittance can be executed through various methods, providing consumers with diverse options to suit their preferences:

1. Through a bank or financial institution:

Funds can be transferred from the sender’s bank account to another using online banking, digital services, a banking app, or visiting a branch. Essential details include the recipient’s account name, sort code, and account number. Customers may need the recipient’s IBAN or SWIFT/BIC code for international transfers.

2. Through a Specialized Money Transfer Company:

Companies like Western Union offer multiple methods for transferring money within many countries. Customers can choose between online transfers or visiting an agent’s location for an in-person transaction. Depending on the transfer type, customers will need the recipient’s details and possibly a government-issued ID for verification, ensuring a swift and secure delivery.

3. Through a Payment App:

Remittance can be provided through a payment app for convenient on-the-go transfers. Customers can seamlessly send money directly to a loved one’s bank account using their debit or credit card. Alternatively, funds can be transferred for pickup at a local or international location.

4. To the Receiver’s Phone:

Money can be sent directly to their phone to provide the recipient with immediate access to funds. Depending on their location and mobile operator, funds can be directed to the recipient’s mobile wallet, allowing for instant spending.

Types of money transfer or remittance businesses

Money transfer or remittance businesses encompass various types, each tailored to meet individuals’ and businesses’ specific needs and preferences. These include:

1. Traditional Brick-and-Mortar Services:

Operating through physical locations such as banks or dedicated remittance centres, these services allow customers to send money in person.

2. Online Money Transfer Platforms:

These platforms have gained popularity, enabling users to initiate transactions through web-based interfaces or mobile applications, providing convenience and accessibility.

3. Mobile Money Services:

Leveraging mobile phone networks, these services facilitate transfers, particularly in regions with limited access to traditional banking.

4. Peer-to-Peer (P2P) Payment Platforms:

Individuals can send funds directly to each other using digital wallets or bank accounts through these platforms.

5. Cryptocurrency-Based Remittance Services:

Utilizing blockchain technology for secure and decentralized transactions, these services offer an alternative to traditional methods.

The diverse landscape of money transfer businesses reflects the financial services sector’s evolving preferences and technological advancements.

Traditional brick-and-mortar remittance services

Traditional brick-and-mortar remittance services have served as the cornerstone of cross-border financial transactions for an extended period. These physical establishments, commonly situated in local communities, serve as a familiar and accessible channel for individuals to send and receive money. Customers typically visit these locations to initiate transactions, relying on face-to-face interactions with service agents. Renowned for their reliability and trustworthiness, these establishments offer a comforting in-person experience, especially for those less familiar with digital transactions. Although lacking the convenience of online platforms, brick-and-mortar remittance services remain indispensable in catering to populations with limited access to technology or those who prefer the tangible and personal nature of in-person transactions.

Online money remittance businesses

Online money remittance businesses have revolutionized the financial landscape, offering individuals a convenient and efficient way to send money globally. These digital platforms utilise web-based interfaces or mobile applications, enabling users to initiate transactions from the comfort of their homes or on the go. With secure and streamlined processes, online remittance services provide speed and accessibility, diminishing the reliance on traditional brick-and-mortar methods. Users can fund transfers using various payment options, including bank accounts, credit cards, or digital wallets. Furthermore, real-time tracking features empower senders and recipients to monitor the status of their transactions. The growth of online money remittance businesses underscores the industry’s commitment to leveraging technology for enhanced financial inclusion and seamless cross-border transactions.

The International Money Transfer Industry Overview

The international money transfer industry is pivotal in facilitating global financial transactions and fostering connections among individuals, businesses, and economies across borders. Technological advancements have significantly reduced traditional barriers, enabling faster, more accessible, cost-effective remittance services.

As of 2020, the global remittance market was valued at $701.93 billion, and it is expected to reach $1,227.22 billion by 2030, projecting a Compound Annual Growth Rate (CAGR) of 5.7% from 2021 to 2030. Major players in the remittance market include Bank of America, Citigroup, JPMorgan Chase & Co., MoneyGram International, RIA Financial Services, Wise, UAE Exchange, Wells Fargo, Western Union, and XOOM. These players have implemented diverse strategies to strengthen their market presence, such as expanding product portfolios, engaging in mergers and acquisitions, forming agreements, extending geographical reach, and fostering collaborations.

Money remittance in Africa

Money remittance in Africa is experiencing significant growth, marked by the emergence of numerous companies eager to provide remittance services in this vibrant and dynamic region. Remittances play a crucial role in Africa, with migrants living and working abroad frequently sending money back to support their loved ones.

According to the latest World Bank Migration and Development report, Sub-Saharan Africa received an estimated influx of US$49 billion in remittances in 2021. With a substantial diaspora population, Nigeria leads in remittance inflows, followed by Ghana, Kenya, and Senegal. Conversely, South Africa is the largest sender of remittances to other African nations.

Companies aiming to start their money remittance or money transfer business are seeking comprehensive solutions that encompass core banking software, licensing, or special MSB registration to facilitate these services. Contact FintechPolicies to discover what we can provide for companies looking to offer remittance services to Africa.

What you need to start a digital money remittance or money transfer business

1. Define Your USP and Target Audience:

Defining your unique selling proposition (USP) and identifying your target audience are crucial initial steps before starting a money remittance business. Your USP distinguishes your service from others, and understanding the specific demographic you aim to serve will shape your business strategy.

2. Prepare All Required Documents and obtain Special Registration or License

Prepare all necessary legal and regulatory compliance documents, including business registration documents, identification proofs, financial statements, and any other paperwork required by regulatory authorities in the countries where you intend to operate.

Navigate the regulatory landscape by obtaining the necessary registrations or licenses to operate your remittance business. Compliance with local and international regulations is crucial to establishing the legitimacy and credibility of your operation. Alternatively, you can enlist the assistance of companies to facilitate the licensing process. Contact us to learn how we can support your remittance business plan further.

3. Prepare All Processes, Including Compliance:

Develop a robust framework that includes stringent anti-money laundering (AML) and Know Your Customer (KYC) procedures in alignment with regulatory guidelines. Establishing a solid foundation in compliance is essential for ensuring the security of transactions and building trust among users. Consider leveraging compliance-as-a-service, which provides remote and outsourced compliance services by professionals according to regulatory requirements.

4. Open Correspondent Bank Accounts:

The next step to starting the money remittance business is to ensure the smooth movement of funds by establishing correspondent bank accounts. Select reputable banking or financial services partners that align with your business goals. Transparent communication is key to building a strong financial relationship and ensuring the efficient flow of transactions.

5. Set Your IT System or Core Banking Software:

Invest in a secure, efficient IT system or core banking software. This system will be the backbone of your remittance operations, covering transaction processing, customer management, and data security. Additionally, consider implementing white-label mobile banking or web banking applications to deliver an exceptional experience to your customers.

6. Make Partnerships with Financial Institutions:

Forge strategic partnerships with financial institutions to expand your remittance network. Collaborate with banks, credit unions, remittance providers, or other financial entities to facilitate smoother transactions and extend the reach of your services.

7. Make Required Integrations with Your Main Partners:

Integrate your core banking system with key partners, including banks, payment gateways, or other financial service providers. Seamless integrations ensure interoperability and create a streamlined flow of funds between your remittance company and partnering entities.

Conclusion:

In conclusion, starting a money remittance or money transfer business demands a comprehensive approach that integrates strategic planning, regulatory compliance, and a robust technological infrastructure. By defining your unique value proposition, securing the necessary licenses, prioritizing compliance, and establishing crucial partnerships and integrations, you can position your remittance business for success. This guide serves as a roadmap for entrepreneurs seeking to contribute to the global financial ecosystem while addressing the needs of their target audience.

FintechPolicies at stake:

How can FintechPolicies assist you in launching a money remittance or money transfer business?

Explainer on the Electronic Fund Transfer Act & Regulation E for Fintechs

If you’re launching a card program, you may have heard terms like the EFTA or Reg E being thrown around in legal or compliance discussions.

The Electronic Fund Transfer Act (EFTA) is important to fintechs because it establishes the rights, liabilities, and responsibilities for parties involved in an electronic transaction (like a debit card transaction). It’s what allows consumers to challenge transaction errors (disputes) or get their money back when an investigation reveals a legitimate error or wrongdoing (chargeback).

It also does other import things like setting caps on interchange debit card fees, giving merchants choices on how to route card transactions, and requiring you to provide certain notices and disclosures to consumers.

In this blog, we break down the EFTA and Regulation E.

Founder TL;DR

If you’re launching a debit card product, here’s what you need to know:

  • The EFTA is a federal law that protects consumers when they transfer funds electronically.
  • Every product has its own considerations, so talk to a lawyer!
  • The EFTA establishes certain requirements, like:
  • You need to disclose certain terms.
  • You may be required to provide monthly statements.
  • You may need to give advance notice before you change important terms.
  • You need to address claims there were unauthorized transactions, which may include having to cover the costs of fraudulent transactions.
  • Lithic’s legal team knows many fintech lawyers and we’re happy to point customers to recommendations.

What is the EFTA?

Debit cards and other electronic payment methods are primarily regulated by the EFTA. The law sets a high-level framework, but Regulation E (or Reg E) fills in a lot of the details, so you may hear “EFTA” and “Reg E” used interchangeably.

The EFTA was originally passed to give consumers protections from then-new ATM and electronic payment technologies. But as new tech developed, it evolved to cover much more.

While the requirements may seem like a hurdle, many fintech entrepreneurs can navigate them. So let’s walk through some of the main considerations.

Who does the EFTA apply to?

The EFTA applies to certain financial institutions, including banks. When a fintech that offers cards works with a bank (as is typical in card issuing), the bank delegates much of its EFTA obligations to the fintech. This post focuses on how the EFTA applies to fintech companies that partner with banks to offer cards, though the law applies to many other types of businesses.

What does the EFTA cover?

The EFTA applies to “electronic fund transfer” services, which generally means any transfers by electronic means that debit or credit a consumer’s bank account. However, it does not apply to electronic fund transfers for businesses, just consumers.

Practically, the EFTA applies to transfers via debit cards, prepaid cards, ACHs, ATMs, online payments, point-of-sale (POS) transfers, and other electronic payment methods. While the EFTA covers prepaid and gift cards, those types of cards have special rules, which we’ll discuss in later posts. The EFTA also sets special rules for remittances.

In contrast, credit cards are primarily regulated by a separate law, the Truth in Lending Act.

Disclosures

If the EFTA applies to a product offering, you may need to disclose certain terms, like fees, limits on transfer frequency, liability limits, contact information, and others.

While card providers need to tailor agreements and disclosures to their situation, Lithic is happy to provide basic templates.

Statements and notices

The EFTA requires that companies offering cards and certain other financial institutions provide monthly statements outlining transactions, applied fees, and other account events from the relevant month. You also need to give advance notice if you’re changing important terms like fees or allowed frequency of transfers.

Consumer protections

The EFTA sets limits on how much consumers can be liable for unauthorized transactions (like fraud or card theft):

  • Up to $50 if they notify their card issuing company within 2 business days after learning of the loss or theft of an access device.
  • Up to $500 if they notify their card issuing company between 3 days after learning of the loss or theft of an access device and 60 days after the financial institution sends the monthly statement that includes the unauthorized transaction.
  • After that, they can be fully liable for the unauthorized transactions that happen until they notify their card company that the transfer was unauthorized.

Also, the EFTA requires that companies investigate billing disputes within 10 days of being notified, and must report their findings and correct any errors. The 10-day timeline may be extended if the consumer is provided with provisional credit for any disputed amount.

Network liability policies

While the EFTA gives consumers some liability protections, the card networks Visa and Mastercard have their own “zero liability” policies for unauthorized transactions on certain cards. Those policies offer more protection than the EFTA; cardholders aren’t liable for any amount if they use reasonable care to protect their card and promptly report any loss or theft.

So if there’s a fraudulent charge, in practice this means that the card issuing company (or bank) eats the cost.

Additional resources

For more information, you can check out:

Explainer on Fintech AML Requirements

If you’re in fintech, understanding anti-money laundering laws is crucial.

AML laws require you to have programs and tools in place to detect and prevent money laundering. If you don’t, you can face regulatory scrutiny and hefty fines.

But the scale your AML program needs can vary depending on your company and product(s). To navigate what’s needed, it helps to understand the laws and regulations.

Here’s an explainer on the Bank Secrecy Act and Anti-Money Laundering laws.

Founder TL;DR

If you’re launching a card program, you’ll want to:

  • Get familiar with AML requirements that fintech companies must navigate.
  • Consider whether you need to have AML policies & procedures, a compliance officer, and employee training in place.
  • Establish your KYC/KYB procedures to verify customers’ identities.
  • Determine how you’re monitoring transactions in case you need to report suspicious activity.
  • Talk to a lawyer! Every product has its own considerations and we’re happy to point customers to recommendations.

AML overview & terminology

The Bank Secrecy Act (BSA) establishes the basic framework for AML obligations and has been updated by several laws including the USA PATRIOT Act and the more recent Anti-Money Laundering Act of 2020. Other various laws shape AML requirements depending on the setting, but the BSA and PATRIOT Act are the primary ones that operators in the industry will reference.

We’ll generally refer to all of these as the “AML laws” in this post.

AML laws are structured to form public-private partnerships for financial crimes and intelligence purposes. Under the laws and rules, financial institutions are deputized to collect information about customers and provide financial intelligence to government agencies and law enforcement.

Financial institutions (including fintechs) have paid millions or even billions for failing to fulfill their anti-money laundering (AML) obligations. So if you’re working in fintech, you’ll want to make sure your company complies with AML laws.

Additionally, “AML” is often used to refer to both AML and counter-terrorist financing requirements, though you may hear CTF discussed separately. We’ll generally use “AML” to refer to both.The Financial Crimes Enforcement Network (FinCEN) imposed more than $600 million in fines for anti-money laundering (AML) violations from January 2021 to March 2022.

FinCEN

The Financial Crimes Enforcement Network (FinCEN) is the main U.S. regulator responsible for AML regulations and operations. FinCEN is a bureau within the Department of Treasury, and it works with other U.S. regulators to set rules for banks and other financial companies like money transmitters. FinCEN also maintains a database and employs various analysts to help identify trends and issues that inform policy changes.

FinCEN can pursue civil penalties (e.g., fines) for AML violations, and the Department of Justice can seek criminal penalties. But largely FinCEN is a supportive agency and encourages collaboration with industry participants via its FinCEN Exchange and office hours programs.

Who do AML Laws apply to?

AML laws and related requirements apply to “financial institutions,” which include:

  • Banks
  • Insurance companies
  • Securities and commodities broker-dealers
  • Anyone involved in real estate settlements and closings
  • Money services businesses (MSBs), including money transmitters and companies that offer prepaid cards under their own regulatory structure
  • Various other financial businesses and actors

For fintechs in the payment space, the most relevant categories are banks and MSBs.

Banks’ AML obligations will extend to third-party service providers and certain wholesale customers via contract and certain banking law provisions like 12 USC 1867(c).  Additionally, a fintech may count as a MSB if they’re not careful, which triggers the need to have an AML program, FinCEN registration, and a host of other costly legal requirements.

Basic AML program requirements

AML laws require financial institutions to have AML programs, which generally includes:

  • Written policies and procedures that implement the program
  • Written internal controls and testing mechanisms for the program (e.g., quality control audits)
  • A designated compliance officer who oversees the program
  • An ongoing AML employee training program
  • Reporting suspicious activities, which requires transaction monitoring
  • Identify and verify customers’ identities (i.e., know-your-customer (KYC) and/or know-your-business (KYB)), unless the program fits in an exception.

If this list feels daunting, don’t be discouraged.

FinTechs will often start out as partners to regulated financial institutions versus being directly licensed and regulated. If you’re in this position, we recommend you consult with your BaaS or bank partner to check in on their requirements for your product.

The best BaaS and bank partners can help offer guidance on how to size your internal practices to meet their regulatory needs and the risks presented by your product. And because banks are the regulated entity in these partnerships, they might have tools or resources to help absorb or shoulder some of these responsibilities.

As an example, some bank partners have key FinTech staff attend annual AML training, which can help the bank and FinTech meet their compliance responsibilities.

AML programs in practice

Ideally, early stage fintech companies would have dedicated AML policies and resources.

However, some early stage fintechs may not have full policies, dedicated headcount, or employee training as they’re first getting set up and trying to find product-market fit. Instead, they may rely on their bank partner’s AML policies, and may hire a consultant to advise if they get stuck on issues.

Once fintechs have product-market fit and see meaningful growth, they often designate a compliance officer and build out their own AML policies, internal controls, and employee trainings.

As a best practice, fintechs past the MVP stage with some product-market fit should review their policies regularly to address new risks and products, and should have their boards of directors and senior management approve their AML policies annually.

Overview of compliance fundamentals for fintechs in the US

Introduction

This guide is meant to provide a basic overview of compliance for fintechs in the US and should not be treated as legal advice. In addition, compliance and regulations are constantly evolving, so this guide does not provide an exhaustive overview. Please consult a lawyer and compliance expert when evaluating and creating a compliance program for your fintech.

Startups that offer financial services—such as business expense cards, monetary accounts, and loan access—are governed by a long and complex set of regulatory requirements essential to protect the startup’s business, customers, and the US financial system.

Compliance touches every aspect of a financial product, from marketing to onboarding to account closures. For example, you need to communicate all terms about a financial product (such as fees, interest, payment requirements, and other details) clearly and upfront in your marketing materials. When you are onboarding users, you must properly conduct Know Your Customer (KYC) checks and sanctions screenings, and comply with all fair lending laws if you are extending credit. And if users are delinquent on their repayment of a credit account, you may be required to comply with certain debt collection requirements that govern the frequency and times you may communicate collections reminders. And that covers just a fraction of the compliance regulations you may be required to follow.

The below diagram is for demonstrative purposes only and should not be considered an exhaustive list of fintech compliance requirements.

Common regulations 900w R3

Compliance with various regulations is essential to building a fintech: Fail to get it right, and—at best—you’ll be faced with large fines that can hurt your business. At worst, your business can be shut down.

However, ensuring compliance isn’t just about avoiding fees or legal repercussions. Investing in compliance means that your startup can create safer, more durable products for users while making money movement and financing products safe, which provides a competitive advantage for your business in the long term. In the end, you’re acting in the user’s best interest, helping them get access to a secure, stable, and beneficial product.

This guide provides an overview of how financial services in the US are regulated and what this means for your business. You’ll learn compliance fundamentals, get an overview of the most common compliance regulations, and understand your options for managing compliance for your business.

Compliance guidance and best practices

A common way to offer financial products in the US is by partnering with a bank to power your product. Each bank partner is regulated by a primary regulator (alongside a host of other regulatory bodies) that examines the bank periodically for compliance. For example, the bank may be assessed on whether it is compliant with state and federal statutes that regulate unfair and deceptive acts and practices (UDAP), which require transparent, up-front communication to customers (among other things).

Any fintech company that works with a bank is indirectly accountable to these same regulators as a result of their banking partnership. Your startup will seldom directly interact with the primary bank regulator; instead, the bank will oversee your compliance with banking-related laws and regulations. For example, using the same scenario as above, you would also be assessed by the bank on whether you remain compliant with UDAP through periodic testing engagements and reporting requirements.

Compliance fundamentals 2

In addition, federal regulators who oversee banks (and fintechs) but who do not function as a primary banking regulator include (but are not limited to):

  • The Federal Trade Commission (FTC), enforces laws against deceptive and unfair trade practices as well as unjust methods of competition. The FTC also enforces federal consumer protection laws that prevent fraud, deception, and unfair business practices. For example, the FTC may investigate telemarketing scams, sweepstakes scams, or “bogus health products.”
  • The Consumer Financial Protection Bureau (CFPB), is tasked with ensuring consumers are treated fairly by entities offering consumer financial products. It provides consumer protection across all consumer financial products, whether they’re offered by a bank, a fintech, or any other entity.

Overview of compliance regulations in the US

The specific laws and regulations you must follow greatly depend on your business. For example, certain rules only apply to consumer financial services or businesses extending credit. However, in general, there are a few rules that apply to all businesses:

Laws that apply to all financial services businesses

This section is for demonstrative purposes only and should not be considered an exhaustive list of fintech compliance requirements.

Know Your Customer (KYC) and Know Your Business (KYB) obligations

KYC or KYB is the mandatory process of verifying customer or business identities when they sign up for an account and then continually monitoring transaction patterns to gauge risk. Users must provide proof of their identity and address during your onboarding process to ensure that they are who they say they are.

What this means: Complying with KYC or KYB obligations helps ensure that the money moving through your system is safe and is not involved in money laundering, terrorism financing, or other fraudulent schemes.

Anti-money laundering (AML) rules

AML rules are a set of laws and regulations designed to prevent criminals from engaging in financial crimes and illegal activity—namely, disguising illegal funds as legitimate income. AML rules require banks and other financial service providers to record and report money movement to screen for money laundering and terrorist financing.

What this means: Helps to keep the financial system safe and secure by preventing money laundering and terrorist financing.

The Office of Foreign Assets Control (OFAC) sanctions

OFAC enforces a series of economic and trade sanctions against countries, legal entities such as businesses, and groups of individuals such as terrorists and narcotics traffickers.

What this means: Helps accomplish foreign policy and national security goals by preventing terrorism financing, money laundering, or other fraudulent schemes.

Unfair or Deceptive Acts or Practices (UDAP) and Unfair, Deceptive, and Abusive Acts or Practices (UDAAP)

UDAP and UDAAP laws prevent companies from engaging in any unfair or deceptive (and, in the case of UDAAP laws, abusive) acts or practices, such as failing to disclose fees or misrepresenting a product or service. UDAP is invoked to protect all persons and entities engaged in commerce, while UDAAP laws provide extra protection to consumers using financial products.

UDAP and UDAAP provide similar customer protections, but they differ slightly. UDAAP contains an additional, intentionally vague prohibition against “abusive” acts that is used to capture a wider variety of acts that could result in consumer harm.

What this means: Ensures that you are creating a high-quality and safe user experience by making all your communication transparent and easy to understand.

Red Flag Rules

Red Flag Rules require businesses to adopt and implement a written identity fraud program to detect the warning signs—or red flags—of identity fraud. This program helps companies more easily identify suspicious patterns and trends in their business, take appropriate steps to prevent identity theft and mitigate its damage.

What this means: Helps businesses detect fraud attempts before actual crimes are committed.

Laws that only apply to businesses that extend, support, or collect credit

Many regulations apply to businesses extending, supporting, or collecting credit. For example, you may be subject to the Fair Credit Reporting Act, the Servicemembers Civil Relief Act, the Equal Credit Opportunity Act (ECOA), and others. This guide doesn’t provide an exhaustive list of all lending laws. Instead, we’ll cover two of the most common: fair lending laws and the Truth in Lending Act.

Fair lending laws

Fair lending laws such as ECOA prohibit lenders from considering race, colour, national origin, religion, sex, familial status, or disability when applying for credit. These laws and regulations apply to any extension of credit, including credit for small businesses, corporations, and partnerships. There are also technical communication requirements within federal fair lending laws that require ​creditors to explain why an adverse action was taken against a borrower or an applicant for credit.

What this means: Prevents discrimination and ensures that people of protected classes are offered fair and equal access to credit; provides transparency to the credit underwriting process.

Truth in Lending Act (TILA)

TILA protects consumers against unfair credit billing and credit card practices. It requires lenders to provide loan cost information upfront so consumers can compare different types of loans. TILA primarily applies to consumer loans, but important fraud and dispute procedures also apply to business credit. For example, in certain situations, an employee cardholder can’t be held liable for more than $50 for the unauthorized use of a stolen credit card.

What this means: Protects borrowers from unethical lending practices and improves customer experience by ensuring that users have a clear understanding of credit costs and terms; protects certain borrowers from unauthorized use of stolen credit cards.

How to handle compliance for your business

Manage compliance yourself

Common regulations 900w R3

You or your in-house compliance team may be able to work directly with a bank to manage compliance, but it is often expensive and time-consuming. For example, this involves building a full-time compliance team from scratch, hiring lawyers, compliance experts, finance managers, and others.

To approve your in-house compliance management program, banks expect you to apply the same level of rigour that they apply to their own programs. To satisfy bank expectations, you will need to leverage your team of in-house and external legal and compliance professionals to implement and operate a resource-intensive set of program components on an ongoing basis. These components include your foundational compliance policies, risk assessment methodologies and matrices, independent testing plans and workflows, compliance training content and assessments, various compliance procedures and controls, ongoing “state of compliance” reporting, and compliance issue program management. They would evaluate you and your team for subject matter expertise, reporting capabilities, program policies, issues and risk management, internal training curriculum, and more. We recommend that you speak with a compliance professional and a lawyer to fully understand what you need to do to make this program viable.

Work with third-party advisors

Image4 ThirdParty

In addition to managing compliance by yourself, you could hire an external compliance consultant to design your policies, review materials, and test your user flows to make sure you are compliant with applicable laws.

However, not only are external consultants very expensive, but they are also compliance experts—not product experts. While they have a deep understanding of regulations, they may not be able to effectively marry that understanding with your specific product.

Offload elements of compliance to a banking-as-a-service (BaaS) solution

The below diagram represents the elements that Stripe, as the BaaS provider, oversees and/or manages, and may not apply to all BaaS providers.

Image5 Baas Oversees

A successful fintech is made up of both product excellence and compliance expertise. While third-party consultants can only advise on half of that equation (the compliance expertise), a BaaS provider can do both. A BaaS solution offers both the full suite of embedded finance needs in addition to the infrastructure for financial partnerships and compliance. This allows you to use one system for building your fintech offering, growing your feature set, and managing a compliance system, reducing the complexity required to go to market and saving internal costs.

The best BaaS offerings assign you a compliance program manager that partners directly with banks on a range of important topics including compliance, risk, reporting, marketing, disputes, and contracts—so you don’t have to.

Sometimes, your BaaS provider may build solutions directly within the product that help you adhere to the bank’s compliance requirements. For example, the best providers offer prebuilt funds flows and user onboarding elements that match the bank’s specific compliance needs and also have an in-house testing program that tests and audits your user flows on behalf of the bank.

In other cases, the compliance program manager works directly with you to outline the requirements you must adhere to, reviews and approves your entire user experience and periodically audits your compliance controls.

Even when working with a BaaS provider, your business will still be responsible for implementing certain compliance responsibilities. For example, your business will always need to ensure that all your customer-facing assets and user interfaces go through the BaaS provider’s approval process and report any user complaints to the BaaS provider (e.g., by enabling your customer service team to tag complaints so that the BaaS provider can investigate whether any are indicative of a broader compliance issue and send reports to your BaaS provider each month).

How to evaluate a BaaS provider for compliance

The best BaaS providers don’t just offer APIs to help you integrate financial services into your product—they also offer compliance as part of their product. To that end, as you’re looking for a BaaS provider, make sure to evaluate them specifically on how they help you manage compliance. For example, ask for copies of their compliance policies and sample requirements that they would ask you to implement, and compare those to other providers.

While there is no one-size-fits-all approach when evaluating a BaaS provider, we recommend asking about the following criteria during the discovery phase:

  • Relationships with multiple banking partners to ensure reliable solutions with redundancy measures.
  • Demonstrated ability to enforce compliance requirements. Ask the BaaS provider for a recent example of how they’ve modified their program to adapt to evolving compliance requirements.
  • Level of detail needed in use case supportability and onboarding. A BaaS provider that asks for more details when onboarding fintechs suggests that they have a robust compliance program.
  • The number of full-time employees working on compliance and the number of years/experience working in compliance.
  • Demonstrated ability to support multiple types of companies across industries and business models.
  • Demonstrated ability to support businesses in getting started and operating at scale (since compliance and support needs vary by company size).

A simple guide to PCI compliance

Payment Card Industry Data Security Standards (PCI DSS) sets the minimum standard for data security. Here’s a step-by-step guide to maintaining compliance.

Since 2005, over 11 billion consumer records have been compromised from over 8,500 data breaches. These are the latest numbers from The Privacy Rights Clearinghouse, which reports on data breaches and security breaches impacting consumers dating back to 2005.

To improve the safety of consumer data and trust in the payment ecosystem, a minimum standard for data security was created. Visa, Mastercard, American Express, Discover, and JCB formed the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to administer and manage security standards for companies that handle credit card data. Before the PCI SSC was established, these five credit card companies all had their own security standards programs—each with roughly similar requirements and goals. They banded together through the PCI SSC to align on one standard policy, the PCI Data Security Standards (known as PCI DSS) to ensure a baseline level of protection for consumers and banks in the internet era.

Understanding PCI DSS can be complex and challenging

If your business model requires you to handle card data, you may be required to meet each of the 300+ security controls in PCI DSS. There are more than 1,800 pages of official documentation, published by the PCI Council, about PCI DSS, and more than 300 pages just to understand which form(s) to use when validating compliance. This would take over 72 hours just to read.

To ease this burden, the following is a step-by-step guide to validating and maintaining PCI compliance.

Overview of PCI Data Security Standard (PCI DSS)

PCI DSS is the global security standard for all entities that store, process, or transmit cardholder data and/or sensitive authentication data. PCI DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. It applies to any organization that accepts or processes payment cards.

PCI DSS compliance involves three main components:

  1. Handling the ingress of credit card data from customers; namely, that sensitive card details are collected and transmitted securely
  2. Storing data securely, which is outlined in the 12 security domains of the PCI standard, such as encryption, ongoing monitoring, and security testing of access to card data
  3. Validating annually that the required security controls are in place, which can include forms, questionnaires, external vulnerability scanning services, and third-party audits (see the step-by-step guide below for a table with the four levels of requirements)

Handling card data

Some business models do require the direct handling of sensitive credit card data when accepting payments, while others do not. Companies that do need to handle card data (e.g., accepting untokenized PANs on a payment page) may be required to meet each of the 300+ security controls in PCI DSS. Even if card data only traverses its servers for a short moment, the company would need to purchase, implement, and maintain security software and hardware.

If a company does not need to handle sensitive credit card data, it shouldn’t. Third-party solutions securely accept and store the data, whisking away considerable complexity, cost, and risk. Since card data never touches its servers, the company would only need to confirm 22 security controls, most of which are straightforward, such as using strong passwords.

Storing data securely

If an organization handles or stores credit card data, it needs to define the scope of its cardholder data environment (CDE). PCI DSS defines CDE as the people, processes, and technologies that store, process, or transmit credit card data—or any system connected to it. Since all 300+ security requirements in PCI DSS apply to CDE, it’s important to properly segment the payment environment from the rest of the business to limit the scope of PCI validation. If an organization is unable to contain the CDE scope with granular segmentation, the PCI security controls would then apply to every system, laptop, and device on its corporate network…

Annual validation

Regardless of how card data is accepted, organizations are required to complete a PCI validation form annually. The way PCI compliance is validated depends on several factors, which are outlined below. Here are three scenarios in which an organization could be asked to show that it is PCI compliant:

  • Payment processors may request it as part of their required reporting to the payment card brands.
  • Business partners may request it as a prerequisite to entering into business agreements.
  • For platform businesses (those whose technology facilitates online transactions among multiple distinct sets of users), customers may request it to show their customers that they are handling data securely.

The latest set of security standards, PCI DSS version 3.2.1, includes 12 main requirements with more than 300 sub-requirements that mirror security best practices.

BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS

  • 1. Install and maintain a firewall configuration to protect cardholder data.
  • 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

PROTECT CARDHOLDER DATA

  • 3. Protect stored cardholder data.
  • 4. Encrypt transmission of cardholder data across open or public networks.

MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

  • 5. Protect all systems against malware and regularly update anti-virus software.
  • 6. Develop and maintain secure systems and applications.

IMPLEMENT STRONG ACCESS CONTROL MEASURES

  • 7. Restrict access to cardholder data by business need to know.
  • 8. Identify and authenticate access to system components.
  • 9. Restrict physical access to cardholder data.

REGULARLY MONITOR AND TEST NETWORKS

  • 10. Track and monitor all access to network resources and cardholder data.
  • 11. Regularly test security systems and processes.

MAINTAIN AN INFORMATION SECURITY POLICY

  • 12. Maintain a policy that addresses information security for all personnel.

To make it “easier” for new businesses to validate PCI compliance, the PCI Council created nine different forms or Self-Assessment Questionnaires (SAQs) that are a subset of the entire PCI DSS requirement. The trick is figuring out which is applicable or whether it’s necessary to hire a PCI Council–approved auditor to verify that each PCI DSS security requirement has been met. In addition, the PCI Council revises the rules every three years and releases incremental updates throughout the year, adding even more dynamic complexity.

A step-by-step guide to PCI DSS v3.2.1 compliance

1. Know your requirements

The first step in achieving PCI compliance is knowing which requirements apply to your organization. There are four different PCI compliance levels, typically based on the volume of credit card transactions your business processes during 12 months.

Compliance level

Applies to

Requirements

Level 1

  1. Organizations that annually process more than 6 million transactions of Visa or Mastercard, or more than 2.5 million for American Express; or
  2. Have experienced a data breach; or
  3. Are deemed “Level 1” by any card association (Visa, Mastercard, etc.)

  1. Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)—also commonly known as a Level 1 onsite assessment—or internal auditor if signed by an officer of the company
  2. Quarterly network scan by Approved Scan Vendor (ASV)
  3. Attestation of Compliance (AOC) for Onsite Assessments–there are specific forms for merchants and service providers

Level 2
Organizations that process between 1–6 million transactions annually

  1. Annual PCI DSS Self-Assessment Questionnaire (SAQ)—there are 9 SAQ types shown briefly in the table below
  2. Quarterly network scan by Approved Scan Vendor (ASV)
  3. Attestation of Compliance (AOC)—each of the 9 SAQs has a respective AOC form

Level 3

  1. Organizations that process between 20,000–1 million online transactions annually
  2. Organizations that process fewer than 1 million total transactions annually
Same as above

Level 4

  1. Organizations that process fewer than 20,000 online transactions annually; or
  2. Organizations that process up to 1 million total transactions annually
Same as above

For Levels 2–4, there are different SAQ types depending on your payment integration method. Here’s a brief table:

SAQ

Description

A

Card-not-present merchants (ecommerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS–compliant third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.

Not applicable to face-to-face channels.

A-EP

Ecommerce merchants who outsource all payment processing to PCI DSS–validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of cardholder data on merchant’s systems or premises.

Applicable only to e-commerce channels.

B

Merchants using only:

  • Imprint machines with no electronic cardholder data storage, and/or
  • Standalone, dial-out terminals with no electronic cardholder data storage.

Not applicable to e-commerce channels.

B-IP

Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor with no electronic cardholder data storage.

Not applicable to e-commerce channels.

C-VT

Merchants who manually enter a single transaction at a time via a keyboard into an internet-based, virtual payment terminal solution that is provided and hosted by a PCI DSS–validated third-party service provider. No electronic cardholder data storage.

Not applicable to e-commerce channels.

C

Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.

Not applicable to e-commerce channels.

P2PE

Merchants using only hardware payment terminals included in and managed via a validated, PCI SSC–listed point-to-point Encryption (P2PE) solution, with no electronic cardholder data storage.

Not applicable to e-commerce channels.

D

SAQ D FOR MERCHANTS: All merchants are not included in descriptions for the above SAQ types.

SAQ D FOR SERVICE PROVIDERS: All service providers defined by a payment brand as eligible to complete an SAQ.

2. Map your data flows

Before you can protect sensitive credit card data, you need to know where it lives and how it gets there. You’ll want to create a comprehensive map of the systems, network connections, and applications that interact with credit card data across your organization. Depending on your role, you’ll probably need to work with your IT and security team(s) to do this.

  • First, identify every consumer-facing area of the business that involves payment transactions. For example, you may accept payments via an online shopping cart, in-store payment terminals, or orders placed over the phone.
  • Next, pinpoint the various ways cardholder data is handled throughout the business. It’s important to know exactly where the data is stored and who has access to it.
  • Then, identify the internal systems or underlying technologies that touch payment transactions. This includes your network systems, data centers, and cloud environments.

3. Check security controls and protocols

Once you map out all the potential touchpoints for credit card data across your organization, work with IT and security teams to ensure the right security configurations and protocols are in place (see the list of 12 security requirements for PCI DSS above). These protocols are designed to secure the transmission of data, like Transport Layer Security (TLS).

The 12 security requirements for PCI DSS v3.2.1 stem from best practices for protecting sensitive data for any business. Several overlap with those required to meet GDPR, HIPAA, and other privacy mandates, so a few of them may already be in place in your organization.

4. Monitor and maintain

It’s important to note that PCI compliance is not a one-time event. It’s an ongoing process to ensure your business remains compliant even as data flows and customer touchpoints evolve. Some credit card brands may require you to submit quarterly or annual reports, or complete an annual on-site assessment to validate ongoing compliance, particularly if you process more than 6 million transactions each year.

Managing PCI compliance throughout the year (and year over year) often requires cross-departmental support and collaboration. If this doesn’t already exist, it may be worthwhile to create a dedicated team internally to properly maintain compliance. While every company is unique, a good starting point for a “PCI team” would include representation from the following:

  • Security: The Chief Security Officer (CSO), Chief Information Security Officer (CISO), and their teams ensure the organization is always properly investing in the necessary data security and privacy resources and policies.
  • Technology/Payments: The Chief Technology Officer (CTO), VP of Payments, and their teams make sure that core tools, integrations, and infrastructure remain compliant as the organization’s systems evolve.
  • Finance: The Chief Financial Officer (CFO) and their team ensure that all payment data flows are accounted for when it comes to payment systems and partners.
  • Legal: This team can help navigate the many legal nuances of PCI DSS compliance.

For more information about the complex world of PCI compliance, head to the PCI Security Standards Council website. If you only read this guide and a few other PCI docs, we recommend starting with these: prioritized approach for PCI DSS, SAQ instructions and guidelines, FAQ about using SAQ eligibility criteria to determine onsite assessment requirements, and FAQ about obligations for merchants that develop apps for consumer devices that accept payment card data.

Conclusion

Assessing and validating PCI compliance usually happens once a year, but PCI compliance is not a one-time event—it’s a continuous and substantial effort of assessment and remediation. As a company grows so will the core business logic and processes, which means compliance requirements will evolve as well. An online business, for example, may decide to open physical stores, enter new markets, or launch a customer support center. If anything new involves payment card data, it’s a good idea to proactively check whether this has any impact on your PCI validation method and re-validate PCI compliance as necessary.

The Fintech Founder’s Guide to FinTech Compliance Regulations in 2024

Fintech Policies has been working with companies that provide financial services toward their compliance efforts. In this time, we have studied both FinTech, banking regulations and data protection laws like GDPR. Below are the insights we gained while researching the market and working with our clients.

What is compliance in FinTech?

The Q1 of 2023 was one of FinTech’s biggest wins. The industry secured $45.6 billion in investments (half of the previous year’s total funding). Open Banking APIs and COVID-19 continued to be some of the biggest drivers behind FinTech growth.

The industry is advancing at a rapid pace, presenting ample opportunities for entrepreneurs. Most FinTech startups operate in a “move fast, break things” manner, embracing mistakes as part of the innovation process.

Unlike traditional banks, they rarely have robust risk and compliance management programs. As more FinTechs venture into the spaces occupied by traditional financial institutions, they begin to attract attention from both criminals and regulators. Protecting the industry from fraud and alleviating FinTech security concerns are the main reasons behind the emerging regulations.

Here are some of the key trends that are expected to shape the FinTech industry in 2023:

  • The rise of decentralized finance (DeFi): DeFi is a blockchain-based financial system that allows for peer-to-peer transactions without the need for intermediaries. This has the potential to disrupt traditional financial institutions and make financial services more accessible to everyone.
  • The continued growth of mobile payments: Mobile payments are becoming increasingly popular, as they offer a convenient and secure way to pay for goods and services. This trend is expected to continue in 2023, as more businesses adopt mobile payment solutions.
  • The increasing use of artificial intelligence (AI): AI is being used in a variety of ways in the FinTech industry, such as fraud detection, risk assessment, and customer service. This trend is expected to continue in 2023, as AI becomes more sophisticated and affordable.

The FinTech industry is rapidly evolving, and it is difficult to predict what the future holds. However, the trends mentioned above are likely to play a major role in shaping the industry in the years to come.

Protecting the industry from fraud and alleviating FinTech security concerns are the main reasons behind the emerging regulations.

Not following these laws and regulations leads to non-compliance, which carries serious risks for FinTech companies:

  • Regulatory risks represent a major threat in the form of legal action, especially for FinTechs that partner with traditional banks.
  • Financial risks affect the company’s bottom line – a fall in share prices due to regulatory action, inability to attract funds, loss of user confidence, and a resulting drop in future profits.
  • Business risks can prevent the company from reaching its financial goals. Often, they are a natural outcome of FinTech’s fast-moving nature.
  • Reputational risks result from breaching customer trust. A single incident can cause a domino effect that impacts other related products and services.

FinTech regulations around the world

The government agencies attempting to regulate the FinTech sector are lagging considerably behind the fast-moving technology. This means that most countries around the world still lack a unified legal framework to oversee the FinTech sector and have large gaps for new FinTech technologies like Blockchain and cryptocurrencies.

Still, it’s important to understand the complex regulatory landscape that exists in different states to mitigate compliance risks.

The United States

The US is home to more than 30% of the world’s FinTech companies.

Yet, the country still lacks a federal framework to oversee the FinTech sector. Financial startups are regulated by the laws of individual states making it harder to acquire all the necessary permits to operate across the US. In addition to the local regulations, all FinTechs need to understand the federal legislation that governs the financial industry:

  • Bank Secrecy Act (BSA) governs Anti-Money Laundering (AML) regulations for FinTech companies. These companies must report all suspicious activities and the acquisition of negotiable instruments (cashier checks and money orders).
  • Section 326 of the USA Patriot Act obliges FinTechs to implement Know Your Customer (KYC) procedures. Its Title III obliges FinTechs to implement AML procedures, employ compliance officers for continuous worker training, and assess their KYC/AML programs via third-party audits.
  • The Anti-Money Laundering Act of 2020 (AMLA) has among other things amended the BSA to include requirements for FinTechs to develop risk-based programs to prevent money laundering and terrorist funding.
  • Fair Credit Reporting Act (FCRA) dictates how financial companies collect consumer credit information.
  • Gramm-Leach Bliley Act (GLBA) demands all FinTech companies disclose how they share customer information.
  • Securities Act of 1933 regulates Initial Coin Offerings (ICOs) for American FinTechs. A precedent known as the Howey Test shapes the legal status of an ICO subjecting it to the Exchange Act and the Securities Act if it meets the threshold requirements.
  • Electronic Fund Transfer Act and CFPB Regulation E govern the sphere of payments, requiring FinTechs to resolve transfer errors within 45 days.
  • Truth in Lending Act (TILA) lays out the obligations for credit card holders – defend and enhance credit card disclosures, rate increases, payment allocations, and a reasonable amount of time to make payments.
  • Jumpstart Our Business Startups (JOBS) Act requires crowdfunding platforms to register with the FINRA and SEC, setting the maximum fundraising sums and other limitations. If you run a peer-to-peer (P2P) lending website that is a partner of a traditional bank, your site is recognized as a third party and the bank becomes responsible for compliance. Yet, if you sell loans as securities, your platform becomes subject to SEC oversight.
  • Truth in Savings Act (TISA) includes FinTech requirements on transparent disclosure of fees and interest rates.
  • Electronic Signatures in Global and National Commerce (E-Sign) Act regulates electronic documents and signatures. According to the act, FinTechs are required to supply an option for paper copies, disclosures of electronic documents, and how future electronic contact will be made with the customer.
  • Numerous regulators are responsible for oversight of payment-related FinTechs. They include local governments, the National Automated Clearing House Association (NACHA), and the planned Department of Treasury’s FinTech Council.
  • There are other consumer protection laws that FinTechs like the Fair Credit Reporting ActEqual Credit Opportunity Act, and Home Mortgage Disclosure Act.

This list of legislation is monitored by a vast network of regulatory bodies, each providing oversight for a particular type of financial services.

Regulator Regulation object
Securities and Exchange Commission (SEC) Oversees the American securities market – securities exchanges, investment advisors, mutual funds, dealers, and brokers.
Financial Industry Regulatory Authority (FINRA) Protects investors. Investment and crowdfunding companies must be registered with FINRA and the SEC
Federal Trade Commission (FTC) Watches for “anticompetitive, unfair, or deceptive” actions by B2C companies as well as oversees privacy and data protection responsibilities.
Federal Deposit Insurance Corporation (FDIC) Oversees the American deposit insurance scheme and regulates banks that aren’t subject to the Federal Reserve System.
Consumer Financial Protection Bureau (CFPB) Regulates B2C financial services and takes actions against deceitful or unfair practices.
Financial Crimes Enforcement Network (FinCEN) Administers Anti-Money Laundering (AML) regulations and imposes the terms of AML compliance for financial companies.
Office of the Comptroller of the Currency (OCC) Oversees national banks and accepts applications for special purpose charters from FinTechs that manage deposits, cheques, or engage in lending activities. Companies with the charter have the same compliance requirements as national banks.
Commodity Futures Trading Commission (CFTC) Regulates commodity exchange markets, oversees trading organizations, intermediaries, and similar companies.
State legislations Local regulations vary from state to state. There are some of the attempts being taken at streamlining the complexity of state-level legislation.

The UK

The UK is one of the leading FinTech countries, with over 1,800 startups fighting for the booming market. Yet, like other countries on our list, the UK doesn’t currently have a unified legal framework for FinTechs. British companies are supervised by different regulators depending on the company’s size and the nature of business.

The primary FinTech compliance regulators in the UK are:

Activities like electronic money, investments, deposits, lending, insurance, and payments all require a license. Although crypto-trading platforms aren’t officially regulated, companies operating in the area might want to acquire certain licenses like the E-Money license.

After the start of the pandemic, the government closely monitors crypto assets to mitigate risks and protect consumer well-being. The lockdowns have only emphasized the importance of alternative financial systems, prompting the government to consider adopting new FinTech legislation.

The European Union

The EU is home to almost 2,400 FinTech companies. Although the pandemic has led to a drop in European FinTech funding, many startups are showing steady growth. As a result, the EU regulators are working hard to modernize the FinTech regulatory framework.

Since 2022, all cryptocurrency trading platforms, mobile wallet providers, and startups that manage virtual currency exchange have been coming under closer scrutiny. The trading platforms now have to register with relevant authorities and implement due diligence procedures for anti-money laundering (AML) and know-your-customer (KYC) compliance.

The European regulators are planning to improve financial technology regulations by 2024 in all member states. Among the plans are new frameworks for cryptocurrencies, blockchain, digital identities, and so on.

Here are some of the specific regulations that are being considered:

  • A licensing regime for cryptocurrency exchanges and other crypto-related businesses.
  • Requirements for cryptocurrency exchanges to collect and store customer data.
  • Restrictions on the use of cryptocurrencies for anonymous transactions.
  • Measures to prevent the use of cryptocurrencies for money laundering and terrorist financing.

The European regulators are also considering the development of new technologies, such as blockchain, to improve the regulation of financial services. Blockchain is a distributed ledger technology that can be used to record transactions in a secure and transparent way. The regulators believe that blockchain could be used to create a more efficient and secure system for monitoring and enforcing financial regulations.

The proposed regulations are still in the early stages of development, but they are likely to have a significant impact on the cryptocurrency industry in Europe. The regulations are intended to protect consumers and investors, and to prevent the use of cryptocurrencies for illegal activities. However, they could also stifle innovation in the industry.

Other countries

  • Switzerland is a FinTech powerhouse with full-on government support for the sector. The country’s primary regulator is the Swiss Financial Market Supervisory Authority (FINMA). During the COVID-19 pandemic, the government unveiled a new type of license for FinTech startups that is less strict than the ones for traditional companies.
  • Australia is home to the Australian Prudential Regulatory Authority (APRA) and Australian Securities and Investments Commission (ASIC) which are the industry’s chief regulators. They oversee financial services, crowdfunding, and consumer lending. To take part in such activities, your startup will need to obtain an Australian Financial Service License. Any Australian neobanks must be registered as an Authorized Deposit-Taking Institution. And if you’re dealing with any kind of credit activity, your company will also have to earn an Australian Credit License.
  • China is a powerful FinTech market. Although the government and the People’s Bank of China take an active part in overseeing the sector, the country has no unified FinTech regulatory framework. In 2019, the government started a pilot sandbox mode for 7 cities including Beijing.

How to become compliant?

#1 It is recommended that you seek legal advice prior to taking any action.

Compliance is a complex and costly matter, so it’s critical to ask for legal advice before you make any important decision. Book an appointment in advance with a competent lawyer to learn about the regulatory FinTech requirements your company will face and how to fulfill them.

Compliance is a complex and costly matter. It is critical to seek legal advice before making any important decisions.

Schedule a consultation with a qualified lawyer to learn about the regulatory requirements your FinTech company will face and how to comply with them.

Here are some of the specific benefits of seeking legal advice for FinTech compliance:

  • A lawyer can help you understand the relevant laws and regulations.
  • A lawyer can help you develop a compliance program that is tailored to your specific business.
  • A lawyer can help you avoid costly fines and penalties.
  • A lawyer can help you protect your company from legal liability.

If you are a FinTech company, it is important to take compliance seriously. By seeking legal advice, you can protect your company and avoid costly mistakes.

#2 Evaluating Your Service Offerings and Data Collection Strategies

There is no single, clear path to FinTech and compliance. Until governments implement a unified legal framework, financial companies have to take the case-by-case approach regarding the licenses they need to acquire:

  • Money Transmitter License (MTLs) is a must-have for any US company engaging in selling/issuing payment instruments/stored value, and/or receiving money for transmission. The process and the rules vary from state to state and can take a lot of time and money.
  • Money service business (MSB) registrations are typically required for e-wallets, peer-to-peer transfer, and mobile payment platforms. These companies have to register with the Treasury Department, implement an AML program, prepare Currency Transaction Reports, and Suspicious Activity Reports.
  • BitLicense is a requirement for virtual and crypto currencies. It is granted by the New York State Department of Financial Services (NYSDFS) for businesses that work with NY state residents.
  • Offerings through Reg A for businesses that offer securities or alternative investment options are subject to less strict reporting requirements. Reg D outlines similar rules for private placements and smaller businesses, reducing the complexity of SEC reporting. FinTechs that go through funding rounds are obliged to register with relevant authorities and follow these requirements before the launch.

#3 Implement Anti-Money Laundering and CFT procedures from day one

AML programs must be developed well before you start providing financial services. In 2020, Financial institutions around the world were fined $10.4 billion due to violations in AML, KYC, and due diligence. As FinTechs tend to start small and innovate quickly, they might create a gap for unmonitored transactions which leaves them open for regulatory sanctions.

P2P lending platforms, in particular, should ensure their services are protected from criminal activity. According to the US government, more than $100 million of stolen funds have been laundered in 2020 via America’s top four P2P investment platforms. So it’s crucial to implement AML procedures to protect your business from reputational fallout.

#4 Build a scalable compliance program

Fast-growing FinTechs need to ensure their compliance programs are keeping up with the increase in transaction volumes. KYC procedures are essential because your customer base might expand quickly to include new types of users with different requirements. The increased transaction volume requires changes to reporting and dispute processing.

KYC procedures should be applied to transactions of any size to prevent the funds from going to illegal or terrorist activities. Avoiding this responsibility is sure to result in quick regulatory action.

Employing a dedicated compliance officer is another good practice to have in your company from the very beginning.

And remember – compliance isn’t a one-off task, so ensure you have enough resources to handle it continuously.

#5 Consider RegTech partnerships

In some situations, it might be reasonable to partner with an established company that has already obtained all the relevant licenses.

Regulatory Technology (RegTech) is one of the top FinTech trends that shape the industry. This industry applies the Software as a Service principle to FinTech compliance practices. RegTech companies provide advisory and guidance services focusing on the biggest risk areas in FinTech:

  • Online libraries of compliance regulations.
  • Software for planning compliance activities, gathering resources, and reacting to new regulations.
  • Tools for monitoring and auditing transactions for suspicious activity.
  • Automated risk assessment and reporting tools to determine the risk exposures and asset qualities.
  • Online due diligence and data security tools to prevent data leaks and fraud.
  • KYC tools for managing customer identities.
  • Regular AML checkpoints for high-value and politically exposed clients.
  • Real-time dashboards for monitoring the company’s current state of compliance.

RegTech companies can become valuable partners for early-stage FinTechs that need to navigate the complex regulatory landscape. As your startup matures, however, it becomes important to have all the required compliance expertise in-house.

#6 It’s important to be mindful of what lies ahead.

FinTech regulations are still in their infancy and evolving at a rapid pace. As governments around the world are working to produce unified FinTech standards, businesses will have to keep their eyes peeled for any changes in regulations.

Some countries like the UK have implemented the so-called regulatory sandboxes that allow FinTechs to experiment in regulated test environments. This allows government agencies to get a deeper understanding of FinTech while providing detailed regulatory guidance to the participating business.

Although a similar practice is yet to be established in the US, there are already some steps in the right direction.

In 2018, The Treasury and the Consumer Financial Protection Bureau (CFPB) published independent reports that propose the creation of sandboxes. The same year saw Arizona pass the first state-level sandbox law. In 2019, Wyoming followed suit together with West Virginia, Nevada, and Utah. At the time, Washington DC is actively considering the sandbox legislature.

The road to fintech compliance

Conclusion

The article provides a short, yet comprehensive overview of FinTech compliance regulations around the world. The path to compliance is difficult. Yet, it is within your reach if you do your homework.

The landscape is shifting constantly, so it’s important to stay updated on the latest changes in regulations. As governments around the world are working to create a better legal framework, there’s a big hope for simpler compliance among FinTech founders.

Fintech Policies has been working with financial companies, helping them jumpstart their compliance process with policy templates as well as RFP templates for software acquisitions. So if you need some advice or a team of experts to implement your project, we’ll be happy to assist you. Just fill out the contact form and we’ll arrange a free consultation with our team of consultants.