Why Fintech Compliance Should be Top-of-Mind for VCs

Prioritizing fintech compliance and risk management needs to be a new necessity for growth, not just an afterthought, says QED Investors Partner Amias Gerety.
Angela Bao
Angela Bao
July 19, 2023
Why Fintech Compliance Should be Top-of-Mind for VCs

In a down market for startups and for fintech in particular, there’s a natural inclination to think that growth = survival, and anything that doesn’t directly support growth should be a target for cost cuts. As a result, fintech compliance may not be the top priority for VC portfolio companies — but it should be. Especially in the current environment, getting to revenue faster and more efficiently through embedded finance requires early and sustained investment in compliance. 

“Startups tend to focus on pleasing the customer first, which is why they are winning customers, and worrying about compliance later,” says Amias Gerety, partner at venture capital firm QED Investors. “Whereas with any banking product, you have to build the system first, and then sell it to clients. New guidance and pressure on partner banks have made it increasingly clear that fintechs simply can’t secure bank partnerships or launch products without flipping their mindset.”

VCs and fintech compliance

Here are the key takeaways:

  • Consumer and financial regulations inevitably apply to fintechs and embedded finance companies too — whether directly or as part of bank partnerships
  • Have your portfolio companies do compliance now, not later
  • Regulatory compliance is foundational to growth and partnership, not something that can be built “later”

Importance of fintech compliance for startups

VCs invest in tech companies because they’re disrupting said industries and have high growth potential, but in context of financial services and products that innovation cannot be achieved by ignoring laws or avoiding the systems necessary to comply. Specifically, the space and industry at large precipitates a greater regulatory responsibility because it involves people’s money and people’s data. Numerous fintech startups and neobanks have had to shut down or pay hefty fines due to fintech regulatory noncompliance. If investors want to see that return on investment, then it’s in their best interest to ensure their portfolio companies are complying with regulations. The message is clear: compliance and growth need to go hand in hand, and both are achievable and even synergistic when approached appropriately.

Banking regulations DO affect fintechs

Increasing pressure on bank-fintech partnerships has been brewing for several years, with public enforcement actions on both banks and fintechs.

Now, the Federal Reserve, FDIC, and OCC have released new guidance on how banks should manage their third-party risk, especially with fintech companies, specifying that bank oversight must apply to all fintech partnerships and any customer that the bank serves.

“In the short term, what you'll see is more regulatory supervision and enforcement,” says Gerety. “Once they see what the consistent issues are, that’s when we’ll see more rulemaking.”

While policy changes through supervision are not visible to the public — both examiners and banks are governed by strict confidentiality in their supervisory relationships — the extra scrutiny for fintech relationships will be felt throughout the industry. Even if these actions don’t immediately lead to visible fines or enforcement actions, for fintechs the economic cost of partnership challenges and delays will be palpable.

The guidance does make clear that banks are responsible for actions taken by their fintech partners. This will lead to banks prioritizing partners that put compliance at the heart of their efforts, as demonstrated by the systems and culture they have in place. That’s why your fintech companies need to stay on top of things by developing their own compliance program.

Watch our on-demand webinar on how to create a culture of compliance within a company 

‍Protect your enterprise value

Noncompliance is risky. Your portfolio company may be one of the fastest-growing and most innovative companies you’ve ever seen, but that doesn’t mean much if they aren’t complying with regulations. 

Often, startups will think that maintaining compliance is too expensive, especially in their early stages, but the truth is, noncompliance is even costlier. It can lead to expensive fines, lowered valuations, early sales, and — at worst — failure.

“Allowing someone else to ‘handle compliance’ is a false choice — our laws and regulations simply don’t work that way. Plenty of fintechs have failed because they thought they could build compliance later,” says Gerety.

Having your portfolio companies develop compliance programs early on is in every VC’s best interest. You have to protect their enterprise value, which, for any company that provides financial services, means working directly with their bank partner or partners and understanding which regulations apply to them. Developing a compliance program may be a gradual, evolving endeavor that grows and scales as your business grows and scales. At the heart of an appropriate framework is ensuring controls and risk management efforts mirror an organization’s risk profile, measured by its size, complexity of use case, and type of customers.

Regulatory compliance = sustainability

Contrary to popular belief, regulatory compliance is key to sustainability and long-term success. It keeps fintechs on the right track by avoiding regulatory pitfalls. Put simply, without strong compliance programs, bank partnerships are difficult to achieve and impossible to keep.

One of the biggest issues for both banks and regulators is the distance between the bank and the end user, says Gerety.

Say your fintech decides to add a new feature to a product offering. That feature could trigger a whole new set of compliance requirements that your fintech may be unaware of. If your fintech doesn’t directly communicate these changes to the bank partner, it’s probably violating its agreement with the bank and risks having the whole program turned off. Product and engineering teams simply don’t have the capacity to judge when a new obligation might be triggered. That’s why these systems must be built from the start.

Prioritize true collaboration with banks and embedded banking partner Treasury Prime

Most businesses will work with a banking as a service (BaaS) provider to develop a financial program because it’s faster and less expensive to integrate with a bank. The issue, says Gerety, is that most BaaS providers will act as an intermediary of all communication between the fintech and the bank. A more prudent path would be to work with an embedded banking software platform like Treasury Prime that will facilitate open communications between the company and the bank so that the two can work together to stand up a compliance program that can withstand regulatory scrutiny. 

One distinguishing feature is that Treasury Prime facilitates a direct relationship between the company and the bank for smoother integration and quicker problem-solving.

“One of the things that differentiated Treasury Prime is that their fintech customers are actually talking to the banks directly,” says Gerety. “The CEO of the fintech can have a real relationship with the CEO of the bank, and that can be really important for any type of scale, for adding new products, and for communicating any issues and how they’re going to fix it.”

Integrate fintech compliance directly into embedded finance program

All banks have to follow Bank Secrecy Act and Anti-Money Laundering regulations and guidance, which includes KYC (Know Your Customer) reviews, sanctions monitoring, and transaction monitoring. The exact set of responsibilities is something that every fintech needs to work through with their team and their partners, and it’s a landscape that can only be navigated with expertise and experience.

Although compliance is ultimately in the hands of the fintech in collaboration with its bank partner, an embedded banking platform should work directly with them to build out a suitable program. Ideally, they will also provide a broad array of tools and a partner marketplace of fraud and compliance vendors to help the company tailor the compliance program to their needs.

Another failsafe is integrating tools to meet the bank’s regulatory requirements directly into the embedded finance program so that any potential risks are caught immediately. 

“If you’re a startup, it’ll be a lot harder to make a mistake because Treasury Prime and their network of bank partners have already set up the processes and checklists to help a fintech get on the right track. Often bank compliance rules can even be enforced automatically through the Treasury Prime API,” says Gerety. “The fintech and the bank can forge a direct partnership through Treasury Prime’s systems, that's a really powerful thing.”

Companies get into fintech and embedded finance to change people’s financial lives — they just have to do so with a safe and compliant approach. 

“That doesn't mean those fintechs can't grow fast. It just means that they have to do things the right way from the start instead of figuring it out later,” says Gerety.

Related embedded finance content:

How Embedded Finance Can Benefit Portfolio Companies

Don’t Offload Compliance to a BaaS Provider

5 Things Companies Need to Know About Compliance

← Back to blog