Balancing build with buy: how to approach compliance

Will Staples, Money Laundering Reporting Officer at Currencycloud

 

A strong and robust compliance process is one area that scaling fintechs need to get right from day one. Founders, however, can find approaching compliance daunting. While many will have had past experiences with it, the chances are that relatively few will be from a compliance background and have been dealing with it on a day-to-day basis. This is compounded by the fact that the potential fallout from getting it wrong can be catastrophic for a fledgling business: the Financial Conduct Authority (FCA) handed out almost £568 million in fines in 2021.

But it’s not just fines. VCs will want to know you have strong compliance processes in place – without it, funding opportunities will dry up. Similarly, banking partners won’t approve you.

All in all, of all the things to absolutely get right from the start, compliance is it!

There are three key considerations that founders need to keep front of mind when it comes to building a function that is fit to deal with the challenges of modern fintech: people, product, and providers.

 

People

People are the cornerstone of compliance, and must be the number one factor in determining a company’s approach to it. Having an in-house compliance team is non-negotiable; it is a must for all fintechs. The size of the compliance team and the extent to which the company uses in-house development teams to build it, versus how much they are able to outsource, is dependent on the complexity of the business and its longer term goals, but be in no doubt – an internal compliance team will go a long way in helping to avoid the potential of fines from the FCA, or other financial regulator.

There is, however, scope for variation in the size and scale of a fintech’s compliance team, and a key factor fintech leaders need to consider when working out their approach is the human resources at their disposal.

While many fintechs will have the right blend of staff to build a compliance offering from the ground up – namely a mix of compliance, product, and engineering professionals – the question is whether they want them to be consumed by this timely task.

There is an opportunity cost when it comes to pushing people into working on compliance from other areas of responsibility, for example dragging engineers away from product development to focus on compliance, and many leaders would rather avoid this if possible. The same question occurs when maintaining your compliance system, too, and is a vitally important consideration when thinking about how a compliance function will operate on a day-to-day basis.

Well-resourced fintechs with complex compliance needs might opt for a hybrid approach that brings third party providers in while also keeping core staff very close to the build. For example, some of their engineering or product leaders might have elements of the build as a specific responsibility in addition to their other duties. Similarly, a compliance lead might be responsible for project managing the build and looking after its integration into the overall compliance process.

 

Product

Once you understand the scale and skill of your human resources, product is the next item you need to consider. One of the starting points for a fintech looking at its compliance build should be to think about its core product offering and the sector it is operating in. For example, some businesses like neo-banks have extremely complex needs when it comes to regulation. Businesses like this who deal with multiple products and layers of regulation often think about building their own solutions from the ground up, bringing in a dedicated full-time team focusing on design, development and subsequent maintenance and management of the compliance stack. However, for fledgling organisations with limited funding this is not always feasible.

On the other hand, some early-stage fintechs are focused on building momentum in one product category in one market, which reduces the regulatory burden significantly. In instances like these, it might make sense for an organisation to lean more heavily on external providers to build and maintain their compliance proposition. In this circumstance bringing in dedicated resource for a build can take valuable funding and resources away from other areas that might be more deserving.

 

Providers

Once a fintech has assessed its personnel and product and decided upon the extent to which it will build and the extent to which it will buy, the next step is to think about who the third-party providers that it wants to bring in are. The reality is that, in most cases, creating a compliance function will involve multiple providers – the product rarely comes as a complete off-the-shelf service.

However, the number of providers that an organisation opts for is highly variable and dependent on a company’s specific needs. As mentioned, for smaller organisations with more straightforward compliance needs, bringing in one principal provider rather than working with a small number of sub-providers might be a simple and cost-effective solution.

On the other hand, a multi-product fintech with extensive compliance needs might need to look at bringing in a broader range of providers to build a more sophisticated offering. Those in this position should look at each area of their compliance needs and try to find the provider that is most suited to meeting them. There are a huge number of third parties who have excellent track records in specialised areas like KYC and monitoring, and by bringing these providers together an organisation with complex needs can create a truly bespoke solution.

 

Getting it right

Whichever compliance option fintechs pursue, it is vital that they put their business’ needs front and centre and think their options through comprehensively. They should go for an option which will both grow with the business and help create a platform for further commercial growth and success. This encompasses not only commercial performance, but also how teams might change and evolve. There’s no single correct answer but doing nothing in an age of increasing complex risks is not an option.

 

spot_img

Explore more