FinTech – Use Financial Regulation to Your Advantage!
By: Kurt Kicklighter
Whether your FinTech company is in payments, lending platforms, or financial information aggregation, a big concern of your investors is going to be getting the regulatory compliance piece right. As great as your app or GUI is, one way or another you will be touching regulations that in many cases have not been updated for more than 100 years.
Having a robust, commanding approach to financial regulation is important for several reasons:
• At its absolute worst, the regulations can affect your business model – which may survive just fine with some tweaks, but you won’t know until you check. Don’t spend a lot of investor money until you have this part really nailed down because it can bite you in the you-know-where.
• Sophisticated FinTech investors will expect you to have considered and dealt with financial regulation as part of your planning, and it will help show your internal systems and controls are up to snuff.
• Other technology partners will definitely have the same expectations of financial regulatory compliance because they are under the same microscope. If a technology partner does not think regulation is important, this is a red flag to YOU that they may get you in trouble.
• Any financial services companies you do business with will expect a compliance mindset – they have seen a lot of FinTech crash and burn when the product gets to their legal compliance people, so will want you to be fully ready.
So, what types of regulations should you beef up on so you are going to stand out against the competition, and create that big buzz that you need with these audiences?
There are two main areas for you to be concerned with:
1. Direct financial regulation – regulations that apply to you because of your business model.
2. Third Party financial regulation – regulations that apply to you because your business involves other parties that are subject to financial regulation.
Direct Financial Regulation
Depending on your business model, there are any number of state and federal regulations that might apply to you.
Ask yourself these questions:
• Do we participate in collecting or retaining consumer or business information for any purpose? (consumer privacy, data privacy, cybersecurity, credit bureau and credit reporting)
• Are we involved in moving money – digital or otherwise – from place to place? (money transmission, money exchange, anti-money laundering, know your customer (“KYC”))
• Are we involved in any of the steps related to lending money? (lending licenses, consumer credit disclosure regulation, credit reporting, debt collection, anti-discrimination lending regulation)
• Are we involved in collecting or managing money for investment or deposit? (deposit broker, securities broker, investment advisor, business opportunity broker)
Third Party Financial Regulation
If your business model involves doing business with federally-insured banks or credit unions (we’ll call them “banks” for ease of reference), then you will be subject to the bank’s regulation. I know that sounds harsh, but that is the direction of all of the prudential bank regulators (FDIC, FRB, OCC, FFIEC, NCUA, state regulators).
You can expect that a bank will do a lot of due diligence up front on everything from ownership and funding to your IP and your cybersecurity management. This is especially true if you have access to either bank customer information or bank systems. Expect a bank to want access to your critical IP in the event there is an interruption in service or you shut down – it is often essential to the bank that it retain the ability to serve customers regardless of what happens to you.
Banks will also be tough in negotiating your contract obligations in areas related to regulation. Expect banks to demand audit and inspection rights in several areas for both them and their regulators, and to build in termination provisions related to regulatory compliance. Your lawyers can push back on a lot of these things, but they cannot be eliminated entirely. If you fight too hard on these issues a bank will think you are not serious about regulatory compliance. This means you need to build into your pro forma financial planning, additional management and expense associated with bank contracts or relationships, to account for dealing with the bank’s regulatory compliance demands.
Remember, bankers are rarely rewarded directly for business success (and now bank regulators are clamping down on direct incentives to bank employees). However, they are often punished for non-compliance. The more you can satisfy the bankers that you have thought about what they are most worried about, the better your relationship will be.
You can stand out as best in class if you are well-versed in your regulatory environment and can show third parties you are on top of it!