Accessing financial services has never been this easy. Today, you can simply click a photo of your check to deposit it without having to leave your home. This change is largely driven by the technological shift in the financial industry named "Fintech". Fintech Business Compliances are technology-powered and hence better positioned to weather the storms like Covid-19. This allows these companies to more easily adapt to fintech business compliances.
A recent research by Beauhurst states that in the UK only 1% of the fintechs are critically affected and 2% are severely affected by the global pandemic. The numbers are very low if compared to other industries where 17% of the high-growth companies face the negative impact of the pandemic.
Due to improved operational efficiency and customer convenience, the financial business model backed by technology has more shock absorption capacity than traditional financial model. But, with this greater efficiency comes greater responsibility to protect the customer’s financial and personal data. The industry compliances enable the fintechs to ensure that their customer data is safe.
So if you are a financial institution or a startup trying to achieve financial technology compliances, this article is for you.
What are Fintechs?
Industrial experts often debate about whether Fintech business is entirely a new industry or it is simply a natural progression of the financial industry. In both the cases, the experts agree that the term “Fintech” refers to the companies that make use of technology to deliver financial services to their customers.
Cryptocurrencies and eWallets are the most popular examples of Fintech business in action. The internet, cloud computing, financial software, and handheld devices like smartphones are the ones that create a base for the fintech revolution.
Fintech Business Compliances and Regulations
Regulating fintech business is a balancing act between ensuring the safety of the customer data and money, whilst not inhibiting the growth of the fintech sector. One of the challenges in regulating fintech operations occurs due to the peer-to-peer (P2P) nature of financial transactions.
Unlike a few of the traditional financial business structures, fintechs expand the number of financial participants and hence, developing and enforcing realistic guidelines is challenging. In the current scenario, regulations for fintechs are enforced in piecemeal fashion and the fintechs themselves carry the burden of determining which rules apply to them. Below, I’m mentioning a few of the fintech business compliances that you should consider if you operate under the fintech industry.
GDPR - General Data Protection Regulation Act (GDPR) went into effect for all the EU members from May 2018. GDPR compliances focus on deciding who controls what data. In broader terms, the GDPR compliances enable the consumers to control who and how their data will be used. GDPR applies to any organisation using the data of EU citizens even if the company is a non-EU based entity.
JOBS Act - Also known as Jumpstart Our Business Startups Act established as an internet-based intermediary to make the online monetary funding safer. The act was passed in the United States in 2012. The goal of the act is to ease out funding for small businesses via crowdfunding. Consequently, the act requires all such fintechs to register with securities and exchange commission (SEC). The JOBS Act is very favourable for innovative lending methods, many of which make their way to the fintech revolution. Some highlights of the act are:
- The act put ceilings on the amount an individual can offer depending on their net worth.
- Regarding peer-to-peer lending, if the lending platform partners with a bank, the platform will be considered as third-party and the bank will hold the responsibilities related to the regulations.
- If the lending platform sells loans as securities, it will be subject to securities and exchange commission oversight.
Payment Platforms – This regulation was passed by the National Automated Clearing House Association (NACHA) in 2019 in the United States. The NACHA is responsible for developing rules and standards for the payment industry. The act gives the states, federal government, and industrial associations power to regulate Fintech payment platforms, which makes it difficult for fintechs to stay on top of the compliances as there is no one or two line of authority. Although the payments act is still in its early stages, it is already focusing on establishing a Fintech Council.
E-Sign Act – The Electronic Signatures in Global and National Commerce Act went into effect in 2000. The act outlined policies for e-documents and signatures in the USA as well as outside. The act asks companies to provide the customers with detailed options for paper copies (if required) of disclosures of the electronic documents. The company needs to make sure that the consumer will be able to submit a request for hard copies of the documents. It is true that with fintechs, the customers will prefer to have a paperless experience, but sometimes, it is necessary to submit hard copies of documents. In such cases the financial companies are required to strive for transparency when it comes to requesting documents like electronic transaction records.
EFTA – The Electronic Fund Transfer Act, also known as Regulation E, was established in 1979 to address the growing usage of electronic devices and payment methods such as computers, mobile phones, and magnetic strip credit cards. Since then, the technology has only developed and the EFTA act has kept up to the pace up. The act gives the customers the right to challenge transaction errors within 45 days. Direct deposits, ATM, UPI transfer, online services, debit/credit cards, and all other electronic transactions fall under the protection of EFTA act. The act also includes how the customer will limit their liability when their cards or accounts are jeopardised.
Best Practices For Fintech Business Compliances
As the fintech industry grows, it is possible that more industries verticals will overlap with fintech companies and we’ll also see some partnerships happening. As a result, it will be very important for fintechs to adapt and comply with regulations for several other industries. This decentralization will make it difficult for fintechs to identify relevant regulations. I recommend the following 6 practices for fintechs:
1. Stay abreast of Digital-only Banking
Banks are turning into digital-only banking institutions and the regulatory authorities are still trying to figure out how to identify and enforce new compliances in this changing banking environment. The online-only fintechs will be required to develop their customer interaction plan as well as the security policy.
2. Have an AML policy
Similar to the traditional banking infrastructure, the fintech companies should incorporate anti-money laundering (AML) into their security procedures. Even if you are considering merger or acquisition of an existing fintech company, do check if their AML checks are in place. Especially the digital currency is very vulnerable to money laundering as it allows anonymous cross-border transactions. To address digital currency AML, some nations even track digital wallet addresses and device identifiers. The technological implementation can help fintechs in keeping up with the AML compliances. Blockchain and Machine Learning are the two major technologies that are helping fintechs fight issues like money laundering.
3. Build Consumer Awareness
In the last few years the Consumer Financial Protection Bureau (CFPB) has shifted their attention to fintechs. Fintech companies, especially leanders, should ensure that their CFPB standards are carried out within their operations. For instance, the fintech institutions dealing in money lending will have to ensure that the customers are given enough opportunities to be considered for discounted loans or loans at low rates. The CFPB has released a list of code for federal regulations which helps fintechs know which regulations apply to their company’s operations. Although, the list doesn’t include the name “fintech” but it is authorised to regulate companies which falls under the financial institutional purview.
4. KYC Compliance
KYC applies to every financial institution that directly deals with the end customer. It means that all the regulations that deal in onboarding and managing digital customers identity will be applicable for fintechs. Some of those regulations are Fair and Accurate Credit Transaction Act (FACTA), Dodd-Frank Reforms, Customer Due Diligence Final Rule. KYC can be considered as a tool to enforce AML with the goal to mitigate fraud by effectively monitoring customer activity. Under the KYC compliance, the fintechs are supposed to flag suspicious activities. For both big and small financial institutions, KYC is necessary.
5. Customer Identity Protection
The fintech industry is ever-growing and the security concerns will continue to rise. Thus, the fintechs are supposed to protect the personal and financial information of their customers. It is certainly the fintechs’ responsibility as they are the data receiver.
6. Restrict Access to Data
Not most of but a very significant amount of cyberattacks happen from within companies. Most of the fintech companies have a lot of their business processes outsources which makes them vulnerable to data theft. The worst part is that when the data theft happens within the organization, it is very difficult to identify the source.
Being a fintech company, you should restrict the access to the data and should keep an account of the individuals and companies who request access to the data. Also, the outsourcing companies that you partner with, for example, your IT service provider should be GDPR compliant. Nimble AppGenie is a GDPR compliant IT service provider, contact us here if you’re looking for an IT support service provider for your fintech.
Envision the Future of Fintech Business Compliances
By no means, the fintech industry is stagnant. It is ever-evolving and will keep expanding at a rapid pace. Likewise, the fintech regulations will continue to change and it is very crucial for companies to remain compliant to the changing regulatory environment and standards or even help regulators create new standards.