FinTech Startups and Compliance
There’s been a boom driven by start-ups across the globe in recent years, leading to the genesis of an entirely new industry – Fintech. Some players are using technology to solve age old challenges (peer to peer or crowdfunding connecting providers and users of capital) whilst others open new markets (artificial intelligence, insurance solutions or robo advice). The consumer facing fintechs have proved to be the fastest growing and some of the most profitable new companies, especially in the era post the Financial Crisis in 2008. The trend continues.
There is a more recent trend we see where startups are partnering with large corporates in pursuit of new heights. Larger corporates, on the other hand, have spotted the challenge to traditional approaches and are looking to attract some of the most successful techy companies as partners or as part of their conglomerates. A successful union is possible! However, both parties need to learn each other’s languages, and in the case of startups, due to the nature of the financial services industry the answer is not exciting but it’s the right one –that language is Compliance.
There are six Compliance areas we think fintech startups should be aware of if they decide to start working with large corporates:
The Customer is all
The FCA says customers should be at the heart of your business. Big financial institutions are focussed on treating customers fairly and ensuring there is no possibility of customer detriment. Therefore, compliance teams in large corporates will be interested to know how startups treat customers and whether they have adequate arrangements in place to ensure they act in their best interests. The rules regarding Treating Customers Fairly are deeply enshrined in the FCA principles but it is for firms to interpret them in the context of their business and to align to Corporates’ TCF policies. The FCA policy statements in relation to TCF and the Conduct of Business Sourcebook (COBS) are a good place for startups to look for guidance. In essence, fintech companies should be prepared to think customers first.
Know Your Customer (KYC) and Anti Money Laundering (AML)
Whilst startups may well be familiar with the customer journey, corporates will be more interested to know whether their fintech partners can maintain the regulatory framework surrounding the customer journey. A high risk for corporates when liaising with new businesses is compliance with the COBS rules in relation to KYC and the Money Laundering Regulations 2007. This will require arrangements that enable startups to confirm the identity of their customers, allow for screening for Sanctions, Watchlists, Politically Exposed Persons (PEPs) and Adverse Media, AML proactive ongoing screening, regular due diligence and transactions monitoring. Not all startups will be required to comply with these rules but they should be familiar with them, since corporates will typically expect startups to have robust and well-documented controls in place. If it’s not written down then it doesn’t exist!
Startups tend to think one of the reasons they are growing so quickly is because they are effective. This is often the case since their structure allows for the same person to execute a few roles, bringing additional flexibility and agility to the business. However, large corporates are typically only prepared to work with startups with the right governance arrangements in place, including an organisational and management structure where senior managers have clear line of responsibilities and can ultimately be trusted to lead a mature business in due course. Top managers will also be expected to be sufficiently experienced and prudent. The Senior Management and Certification Regime (SM&CR) that came into force in March 2016 is further extending, and brings additional focus to the senior managers in firms who hold key roles and have the overall responsibility for the firm. Startups should be aware of its implications and the regulators’ purpose for introducing this piece of legislation.
Culture has been one of the regulators’ favourite topics in the last couple of years, which means it has been an important concern for corporates too. Therefore, startups need to ensure their propositions and products are aligned to the culture of potential corporate partners. This requires having a better understanding of a corporates’ purpose, objectives and value statements as well as sufficient knowledge about the role of the regulator and a good grasp of the key issues and thinking regarding to culture. Startups also need to have a clear view what culture means to them and how they can assess it. CEO of the FCA Andrew Bailey’s speeches on Culture are a good starting point for fintechs to understand the regulatory take on the topic.
Regulatory Business Plan and Compliance Monitoring Plan
All regulated companies are required to submit a Regulatory Business Plan as part of their application process. This includes details about mid and long – term strategy, financials, corporate governance, markets, products etc. Large corporates think of this when startups refer to a ’business plan’. Therefore, first and foremost, fintech companies need to have a clear view about their strategy, target markets and products, financials and performance which all need to be considered over at least a five year period. Very often corporates will be interested to know whether startups have mature enough compliance frameworks and compliance monitoring plans so they can execute their strategy in alignment with the regulatory requirements.
The General Data Protection Regulation (GDPR)
The new EU GDPR requirements come into force in May 2018 and will have a major impact on almost every business. As much as corporates need to get compliant with the new rules, they will expect startups to know what this regulation is about and to have thought of what changes they may need to make in their businesses to satisfy the requirements. The first question startups need to ask themselves is whether they will be controlling or processing any personal data. If so, firms are subject to the GDPR legal obligations.
The list above is not meant to be exhaustive or to be formal guidelines; nevertheless it highlights some of the key challenges which fintech startups face when working in a regulated environment and/or when partnering with regulated corporates.
If you have any queries or would like to further explore any of the areas above, please contact Paul Garbutt, Partner at Grant Thornton.
We just sent you an email. Please click the link in the email to confirm your subscription!