What’s at stake with compliance? Everything. Here are 5 things your fintech needs to know
Why would a fintech ever want to own compliance? Why not leave that up to other parties — especially when so many services offer to handle compliance for you?
These are fair questions. The answer is that your needs are unique, and the stakes are high.
Compliance is never one size fits all, so no single solution will work for every company. Leaving any of your company’s core compliance needs uncovered can impact your most important relationships: with your bank, with your customers, and yes — with regulators, too.
“You really can't get away with offloading this, the nature of the products and services at issue here are just way too important and regulated,” said Associate General Counsel, VP of Compliance Solutions Sheetal Parikh.
Without the right compliance approach, you could let in bad actors, which can make you susceptible to fraud and ultimately impact your branding. Your problems become problems for your bank, straining that relationship. And all these things add up to a rough experience for your customers.
None of this is to say you should do it all on your own. Compliance is complicated, and getting it right requires expert support. But your fintech needs to be involved at every step of the way. In this webinar, Parikh goes over the five critical elements of compliance for fintechs. Here are the highlights.
For more details, watch our on-demand seminar, "The 5 Critical Elements of Compliance for Fintechs."
Element 1: Pillars of an AML Program
Banks are all required to have anti-money laundering (AML) programs in place to prevent criminals from using their platforms to make money from illegal sources appear legal. While fintechs aren’t directly held to or regulated by these standards, the pillars provide a blueprint into the bank’s psyche and approach towards a compliance program. The way you will often encounter AML processes is through your bank’s expectations of you.
Parikh breaks down bank AML programs into five pillars:
- Policies and Procedures (Internal Controls)
- Designation of Compliance Officer
- Effective Training
- Independent Testing
- Customer Due Diligence (CDD) Rule (Beneficial Ownership)
That probably sounds intimidating. How is a small, nimble, early-stage fintech supposed to keep up with those processes and components? The answer is this is an attenuated process such that you need to keep up only where your company actually encounters risk — so it’s not as scary as it sounds.
“This provides a glimpse into the types of standards that the banks are going to be asking you for, by delegation, because this is how they're examined. This is how they're audited. And this is really how they have to establish that they have an effective AML program,” said Parikh.
Element 2: Know Your Customer (KYC)
Know your customer (KYC) — also sometimes called “know your client” — refers to processes banking and financial institutions use to verify a customer’s legal identity. KYC standards are dictated by law — specifically, by the 2001 US Patriot Act.
“KYC, in its most kind of basic form, is your first touchpoint with the customer. This is going to shape the compliance journey. So it's at the heart of the program,” said Parikh. “It's what information are you collecting? How are you interacting with the customer? And what are you collecting to verify that the customer is who he or she purports to be?”
While the requirements can sound daunting to fintechs, investing in a solid approach ultimately saves time, headaches, and money.
“We see invariably that programs that don't have robust KYC are the programs that get hit financially,” said Parikh.
Element 3: Transaction Monitoring
Transaction monitoring is important for detecting fraud. A fintech’s role when it comes to monitoring is to look for anomalies. Does the transaction align with the types of transactions the customer in question tends to make, or does it stand out in a major way?
“Transaction monitoring is one where we see there's so much confusion. A lot of fintechs think that transaction monitoring is this affirmative responsibility to stop transactions,” said Parikh.
But typically, transaction monitoring happens after the transaction has taken place. Only when you see a concerning pattern — the bank keeps flagging transactions of the same type for the same person, for example — do you need to consider preemptively blocking that customer.
“While it may seem daunting at first blush, I think in reality, my suspicion is a lot of fintechs are already really engaging in this level of review of transactions and customers,” said Parikh.
Element 4: FBO (For Benefit Of) Accounts Structure
An FBO account is an umbrella account that a fintech opens on a bank’s core that pools funds “for benefit of” customers. The fintech then issues virtual accounts to customers from the FBO. Treasury Prime enables fintechs to open both FBO and on-core accounts for their customers.
When a fintech opts for the FBO route, it needs to use transaction monitoring tools to ensure its partner bank maintains visibility into the virtual accounts.
“With banking APIs, the bank loses visibility into some of those transactions. Whether it's the bank doing it or the FinTech helping out, transaction monitoring is creating visibility into that individual ledger’s transactions,” said Parikh.
Element 5: UDAAP & Consumer Protection
UDAAP, or “Unfair, Deceptive, or Abusive Acts or Practices,” refers to certain illegal, harmful practices by financial services providers. These practices are defined under the Dodd-Frank Act.
Avoiding problems with UDAAP comes down to ensuring your communication with customers is transparent and honest. The consequences for failing to do this can be expensive fines.
“What is the fine print? And how is an average consumer going to interpret that? And if there is any potential of adverse consumer impact, a regulator is going to scrutinize the program,” said Parikh. She said the right approach comes down to just “being cognizant” of how regulators will view things.
If you didn’t catch our webinar, you can still watch a recording of Sheetal’s presentation on “The 5 Critical Elements of Compliance for Fintechs” to learn more about the fundamentals of compliance.
Disclaimer: the contents of this post should not be construed as legal advice. To the extent you have specific questions related to the risks and structure of an FBO account, you should engage counsel to provide a legal opinion.