The Fintech Founder’s Guide to FinTech Compliance Regulations in 2024
Fintech Policies has been working with companies that provide financial services toward their compliance efforts. In this time, we have studied both FinTech, banking regulations and data protection laws like GDPR. Below are the insights we gained while researching the market and working with our clients.
What is compliance in FinTech?
The Q1 of 2023 was one of FinTech’s biggest wins. The industry secured $45.6 billion in investments (half of the previous year’s total funding). Open Banking APIs and COVID-19 continued to be some of the biggest drivers behind FinTech growth.
The industry is advancing at a rapid pace, presenting ample opportunities for entrepreneurs. Most FinTech startups operate in a “move fast, break things” manner, embracing mistakes as part of the innovation process.
Unlike traditional banks, they rarely have robust risk and compliance management programs. As more FinTechs venture into the spaces occupied by traditional financial institutions, they begin to attract attention from both criminals and regulators. Protecting the industry from fraud and alleviating FinTech security concerns are the main reasons behind the emerging regulations.
Here are some of the key trends that are expected to shape the FinTech industry in 2023:
- The rise of decentralized finance (DeFi): DeFi is a blockchain-based financial system that allows for peer-to-peer transactions without the need for intermediaries. This has the potential to disrupt traditional financial institutions and make financial services more accessible to everyone.
- The continued growth of mobile payments: Mobile payments are becoming increasingly popular, as they offer a convenient and secure way to pay for goods and services. This trend is expected to continue in 2023, as more businesses adopt mobile payment solutions.
- The increasing use of artificial intelligence (AI): AI is being used in a variety of ways in the FinTech industry, such as fraud detection, risk assessment, and customer service. This trend is expected to continue in 2023, as AI becomes more sophisticated and affordable.
The FinTech industry is rapidly evolving, and it is difficult to predict what the future holds. However, the trends mentioned above are likely to play a major role in shaping the industry in the years to come.
Protecting the industry from fraud and alleviating FinTech security concerns are the main reasons behind the emerging regulations.
Not following these laws and regulations leads to non-compliance, which carries serious risks for FinTech companies:
- Regulatory risks represent a major threat in the form of legal action, especially for FinTechs that partner with traditional banks.
- Financial risks affect the company’s bottom line – a fall in share prices due to regulatory action, inability to attract funds, loss of user confidence, and a resulting drop in future profits.
- Business risks can prevent the company from reaching its financial goals. Often, they are a natural outcome of FinTech’s fast-moving nature.
- Reputational risks result from breaching customer trust. A single incident can cause a domino effect that impacts other related products and services.
FinTech regulations around the world
The government agencies attempting to regulate the FinTech sector are lagging considerably behind the fast-moving technology. This means that most countries around the world still lack a unified legal framework to oversee the FinTech sector and have large gaps for new FinTech technologies like Blockchain and cryptocurrencies.
Still, it’s important to understand the complex regulatory landscape that exists in different states to mitigate compliance risks.
The United States
The US is home to more than 30% of the world’s FinTech companies.
Yet, the country still lacks a federal framework to oversee the FinTech sector. Financial startups are regulated by the laws of individual states making it harder to acquire all the necessary permits to operate across the US. In addition to the local regulations, all FinTechs need to understand the federal legislation that governs the financial industry:
- Bank Secrecy Act (BSA) governs Anti-Money Laundering (AML) regulations for FinTech companies. These companies must report all suspicious activities and the acquisition of negotiable instruments (cashier checks and money orders).
- Section 326 of the USA Patriot Act obliges FinTechs to implement Know Your Customer (KYC) procedures. Its Title III obliges FinTechs to implement AML procedures, employ compliance officers for continuous worker training, and assess their KYC/AML programs via third-party audits.
- The Anti-Money Laundering Act of 2020 (AMLA) has among other things amended the BSA to include requirements for FinTechs to develop risk-based programs to prevent money laundering and terrorist funding.
- Fair Credit Reporting Act (FCRA) dictates how financial companies collect consumer credit information.
- Gramm-Leach Bliley Act (GLBA) demands all FinTech companies disclose how they share customer information.
- Securities Act of 1933 regulates Initial Coin Offerings (ICOs) for American FinTechs. A precedent known as the Howey Test shapes the legal status of an ICO subjecting it to the Exchange Act and the Securities Act if it meets the threshold requirements.
- Electronic Fund Transfer Act and CFPB Regulation E govern the sphere of payments, requiring FinTechs to resolve transfer errors within 45 days.
- Truth in Lending Act (TILA) lays out the obligations for credit card holders – defend and enhance credit card disclosures, rate increases, payment allocations, and a reasonable amount of time to make payments.
- Jumpstart Our Business Startups (JOBS) Act requires crowdfunding platforms to register with the FINRA and SEC, setting the maximum fundraising sums and other limitations. If you run a peer-to-peer (P2P) lending website that is a partner of a traditional bank, your site is recognized as a third party and the bank becomes responsible for compliance. Yet, if you sell loans as securities, your platform becomes subject to SEC oversight.
- Truth in Savings Act (TISA) includes FinTech requirements on transparent disclosure of fees and interest rates.
- Electronic Signatures in Global and National Commerce (E-Sign) Act regulates electronic documents and signatures. According to the act, FinTechs are required to supply an option for paper copies, disclosures of electronic documents, and how future electronic contact will be made with the customer.
- Numerous regulators are responsible for oversight of payment-related FinTechs. They include local governments, the National Automated Clearing House Association (NACHA), and the planned Department of Treasury’s FinTech Council.
- There are other consumer protection laws that FinTechs like the Fair Credit Reporting Act, Equal Credit Opportunity Act, and Home Mortgage Disclosure Act.
This list of legislation is monitored by a vast network of regulatory bodies, each providing oversight for a particular type of financial services.
Regulator | Regulation object |
Securities and Exchange Commission (SEC) | Oversees the American securities market – securities exchanges, investment advisors, mutual funds, dealers, and brokers. |
Financial Industry Regulatory Authority (FINRA) | Protects investors. Investment and crowdfunding companies must be registered with FINRA and the SEC |
Federal Trade Commission (FTC) | Watches for “anticompetitive, unfair, or deceptive” actions by B2C companies as well as oversees privacy and data protection responsibilities. |
Federal Deposit Insurance Corporation (FDIC) | Oversees the American deposit insurance scheme and regulates banks that aren’t subject to the Federal Reserve System. |
Consumer Financial Protection Bureau (CFPB) | Regulates B2C financial services and takes actions against deceitful or unfair practices. |
Financial Crimes Enforcement Network (FinCEN) | Administers Anti-Money Laundering (AML) regulations and imposes the terms of AML compliance for financial companies. |
Office of the Comptroller of the Currency (OCC) | Oversees national banks and accepts applications for special purpose charters from FinTechs that manage deposits, cheques, or engage in lending activities. Companies with the charter have the same compliance requirements as national banks. |
Commodity Futures Trading Commission (CFTC) | Regulates commodity exchange markets, oversees trading organizations, intermediaries, and similar companies. |
State legislations | Local regulations vary from state to state. There are some of the attempts being taken at streamlining the complexity of state-level legislation. |
The UK
The UK is one of the leading FinTech countries, with over 1,800 startups fighting for the booming market. Yet, like other countries on our list, the UK doesn’t currently have a unified legal framework for FinTechs. British companies are supervised by different regulators depending on the company’s size and the nature of business.
The primary FinTech compliance regulators in the UK are:
- Prudential Regulatory Authority (PRA); and
- Financial Conduct Authority (FCA) regulates the operation of all lending companies and businesses involved in online payments.
Activities like electronic money, investments, deposits, lending, insurance, and payments all require a license. Although crypto-trading platforms aren’t officially regulated, companies operating in the area might want to acquire certain licenses like the E-Money license.
After the start of the pandemic, the government closely monitors crypto assets to mitigate risks and protect consumer well-being. The lockdowns have only emphasized the importance of alternative financial systems, prompting the government to consider adopting new FinTech legislation.
The European Union
The EU is home to almost 2,400 FinTech companies. Although the pandemic has led to a drop in European FinTech funding, many startups are showing steady growth. As a result, the EU regulators are working hard to modernize the FinTech regulatory framework.
- The European Securities and Markets Authority (ESMA) is the chief regulator that oversees the initiatives aimed at boosting FinTech investments.
- Some European countries have local regulators for domestic and foreign companies (for example, Autorité des marchés financiers, AMF, in France, and the Federal Financial Supervisory Authority, BaFin, in Germany).
Since 2022, all cryptocurrency trading platforms, mobile wallet providers, and startups that manage virtual currency exchange have been coming under closer scrutiny. The trading platforms now have to register with relevant authorities and implement due diligence procedures for anti-money laundering (AML) and know-your-customer (KYC) compliance.
The European regulators are planning to improve financial technology regulations by 2024 in all member states. Among the plans are new frameworks for cryptocurrencies, blockchain, digital identities, and so on.
Here are some of the specific regulations that are being considered:
- A licensing regime for cryptocurrency exchanges and other crypto-related businesses.
- Requirements for cryptocurrency exchanges to collect and store customer data.
- Restrictions on the use of cryptocurrencies for anonymous transactions.
- Measures to prevent the use of cryptocurrencies for money laundering and terrorist financing.
The European regulators are also considering the development of new technologies, such as blockchain, to improve the regulation of financial services. Blockchain is a distributed ledger technology that can be used to record transactions in a secure and transparent way. The regulators believe that blockchain could be used to create a more efficient and secure system for monitoring and enforcing financial regulations.
The proposed regulations are still in the early stages of development, but they are likely to have a significant impact on the cryptocurrency industry in Europe. The regulations are intended to protect consumers and investors, and to prevent the use of cryptocurrencies for illegal activities. However, they could also stifle innovation in the industry.
Other countries
- Switzerland is a FinTech powerhouse with full-on government support for the sector. The country’s primary regulator is the Swiss Financial Market Supervisory Authority (FINMA). During the COVID-19 pandemic, the government unveiled a new type of license for FinTech startups that is less strict than the ones for traditional companies.
- Australia is home to the Australian Prudential Regulatory Authority (APRA) and Australian Securities and Investments Commission (ASIC) which are the industry’s chief regulators. They oversee financial services, crowdfunding, and consumer lending. To take part in such activities, your startup will need to obtain an Australian Financial Service License. Any Australian neobanks must be registered as an Authorized Deposit-Taking Institution. And if you’re dealing with any kind of credit activity, your company will also have to earn an Australian Credit License.
- China is a powerful FinTech market. Although the government and the People’s Bank of China take an active part in overseeing the sector, the country has no unified FinTech regulatory framework. In 2019, the government started a pilot sandbox mode for 7 cities including Beijing.
How to become compliant?
#1 It is recommended that you seek legal advice prior to taking any action.
Compliance is a complex and costly matter, so it’s critical to ask for legal advice before you make any important decision. Book an appointment in advance with a competent lawyer to learn about the regulatory FinTech requirements your company will face and how to fulfill them.
Compliance is a complex and costly matter. It is critical to seek legal advice before making any important decisions.
Schedule a consultation with a qualified lawyer to learn about the regulatory requirements your FinTech company will face and how to comply with them.
Here are some of the specific benefits of seeking legal advice for FinTech compliance:
- A lawyer can help you understand the relevant laws and regulations.
- A lawyer can help you develop a compliance program that is tailored to your specific business.
- A lawyer can help you avoid costly fines and penalties.
- A lawyer can help you protect your company from legal liability.
If you are a FinTech company, it is important to take compliance seriously. By seeking legal advice, you can protect your company and avoid costly mistakes.
#2 Evaluating Your Service Offerings and Data Collection Strategies
There is no single, clear path to FinTech and compliance. Until governments implement a unified legal framework, financial companies have to take the case-by-case approach regarding the licenses they need to acquire:
- Money Transmitter License (MTLs) is a must-have for any US company engaging in selling/issuing payment instruments/stored value, and/or receiving money for transmission. The process and the rules vary from state to state and can take a lot of time and money.
- Money service business (MSB) registrations are typically required for e-wallets, peer-to-peer transfer, and mobile payment platforms. These companies have to register with the Treasury Department, implement an AML program, prepare Currency Transaction Reports, and Suspicious Activity Reports.
- BitLicense is a requirement for virtual and crypto currencies. It is granted by the New York State Department of Financial Services (NYSDFS) for businesses that work with NY state residents.
- Offerings through Reg A for businesses that offer securities or alternative investment options are subject to less strict reporting requirements. Reg D outlines similar rules for private placements and smaller businesses, reducing the complexity of SEC reporting. FinTechs that go through funding rounds are obliged to register with relevant authorities and follow these requirements before the launch.
#3 Implement Anti-Money Laundering and CFT procedures from day one
AML programs must be developed well before you start providing financial services. In 2020, Financial institutions around the world were fined $10.4 billion due to violations in AML, KYC, and due diligence. As FinTechs tend to start small and innovate quickly, they might create a gap for unmonitored transactions which leaves them open for regulatory sanctions.
P2P lending platforms, in particular, should ensure their services are protected from criminal activity. According to the US government, more than $100 million of stolen funds have been laundered in 2020 via America’s top four P2P investment platforms. So it’s crucial to implement AML procedures to protect your business from reputational fallout.
#4 Build a scalable compliance program
Fast-growing FinTechs need to ensure their compliance programs are keeping up with the increase in transaction volumes. KYC procedures are essential because your customer base might expand quickly to include new types of users with different requirements. The increased transaction volume requires changes to reporting and dispute processing.
KYC procedures should be applied to transactions of any size to prevent the funds from going to illegal or terrorist activities. Avoiding this responsibility is sure to result in quick regulatory action.
Employing a dedicated compliance officer is another good practice to have in your company from the very beginning.
And remember – compliance isn’t a one-off task, so ensure you have enough resources to handle it continuously.
#5 Consider RegTech partnerships
In some situations, it might be reasonable to partner with an established company that has already obtained all the relevant licenses.
Regulatory Technology (RegTech) is one of the top FinTech trends that shape the industry. This industry applies the Software as a Service principle to FinTech compliance practices. RegTech companies provide advisory and guidance services focusing on the biggest risk areas in FinTech:
- Online libraries of compliance regulations.
- Software for planning compliance activities, gathering resources, and reacting to new regulations.
- Tools for monitoring and auditing transactions for suspicious activity.
- Automated risk assessment and reporting tools to determine the risk exposures and asset qualities.
- Online due diligence and data security tools to prevent data leaks and fraud.
- KYC tools for managing customer identities.
- Regular AML checkpoints for high-value and politically exposed clients.
- Real-time dashboards for monitoring the company’s current state of compliance.
RegTech companies can become valuable partners for early-stage FinTechs that need to navigate the complex regulatory landscape. As your startup matures, however, it becomes important to have all the required compliance expertise in-house.
#6 It’s important to be mindful of what lies ahead.
FinTech regulations are still in their infancy and evolving at a rapid pace. As governments around the world are working to produce unified FinTech standards, businesses will have to keep their eyes peeled for any changes in regulations.
Some countries like the UK have implemented the so-called regulatory sandboxes that allow FinTechs to experiment in regulated test environments. This allows government agencies to get a deeper understanding of FinTech while providing detailed regulatory guidance to the participating business.
Although a similar practice is yet to be established in the US, there are already some steps in the right direction.
In 2018, The Treasury and the Consumer Financial Protection Bureau (CFPB) published independent reports that propose the creation of sandboxes. The same year saw Arizona pass the first state-level sandbox law. In 2019, Wyoming followed suit together with West Virginia, Nevada, and Utah. At the time, Washington DC is actively considering the sandbox legislature.
Conclusion
The article provides a short, yet comprehensive overview of FinTech compliance regulations around the world. The path to compliance is difficult. Yet, it is within your reach if you do your homework.
The landscape is shifting constantly, so it’s important to stay updated on the latest changes in regulations. As governments around the world are working to create a better legal framework, there’s a big hope for simpler compliance among FinTech founders.
Fintech Policies has been working with financial companies, helping them jumpstart their compliance process with policy templates as well as RFP templates for software acquisitions. So if you need some advice or a team of experts to implement your project, we’ll be happy to assist you. Just fill out the contact form and we’ll arrange a free consultation with our team of consultants.