The Big Question: Is governance blocking fintech’s growth?
Few would dispute that compliance and regulation are necessary for modern fintech; the long-term well-being of customers, businesses, and, ultimately, society all depend on robust governance. Yet, as fintech becomes gradually more established and the digital arenas within which it operates become more broadly understood, could factors meant to protect a company actually impede its development?
Fintech is achieving feats previously inconceivable for traditional finance, but this strength has the potential to become a weakness: new technologies and operating models take time to understand. If the sector’s growth continues at its present rate, or even accelerates, will regulators implement complex new legislation or simply introduce ‘blanket’ rules? The latter tangibly fails to accommodate the disruptive (i.e. unprecedented) element of fintech, while the former risks alienating those too cautious to navigate inhibitive webs of regulation.
Helping us to discover what the future of fintech governance might look like, the role of technology in evolving global finance, and how companies can prepare themselves culturally are:
Meet the panel
Suchitra Nair (SN), Partner, Deloitte EMEA Centre for Regulatory Strategy
Barnabas Reynolds (BR), Partner, Shearman & Sterling
Q. As finance becomes increasingly digitalised, what regulatory challenges will emerge for fintechs?
SN: We have to think about this over the lifecycle of a tech startup. When they initially mobilise, startups are broadly compliant because they're small, the operations are just coming together, and they don't have many pieces of regulation to comply with.
Three to five years down the line, when they've started building their market share or their balance sheet, suddenly fintechs enter a broader spectrum of regulation. I often see a disconnect between their investment focus on market growth versus compliance, and so this is where the regulatory challenges begin to emerge.
HK: As more financial institutions continue to see the value of partnering with a fintech, expect to see regulators scrutinise operational resilience, especially given the accelerated consumption of digital services due to COVID-19. In particular, look out for more regulatory requirements for some of the most common services, such as real-time transaction monitoring and customer identification.
Q. How can fintechs remain compliant across separate geographies with their own rules on governance?
BR: The thing about fintech is that it's instantly global. Finance was traditionally about growing businesses gradually by serving local customers, but fintech has accelerated that model significantly.
There are many different fintech propositions, and a lot of them require legal debate as to where they're located, where the service is being performed, where the product is, and so on. Essentially, law and regulation can't keep up practically with how people are using these services.
The fact is that it's not possible to write an exhaustive rule book that covers every single permutation, so legislators are constantly trying to get ahead of the market. The EU approach is more prescriptive and takes a ‘blanket’ approach to rules, whereas the UK-US method is more observational and supportive of private businesses, so long as they're not problematic.
HK: In my opinion, the EU’s GDPR is now the strongest data protection regime in the world and will set a ‘gold standard’ for other jurisdictions. It requires companies that process EU citizens’ data to abide by the regulations, regardless of location. Similar regulations could soon be replicated in other countries where there is significant cross border activity.
Q. Is there a ‘war on talent’ for regulation-savvy executives? If so, how can fintechs win it?
BR: Unless the fintech in question is already very successful, I think they're actually going to have to outsource and leverage the knowledge of private companies.
SN: Regulation-savvy executives, especially the more experienced ones, obviously care about reputational risk and are always looking for a culture of accountability. If the CEO has a vision and a commitment to investing time, money, and effort into compliance, then that's a key differentiator for attracting the right people.
A lot of traditional executives from regulation firms now want exposure to new business models and tech solutions, so they are certainly willing to try the fintech sector.
Q. There is a data governance issue at the heart of innovations like Open Finance. How do you envisage this being counternanced?
SN: Data governance is not unique to Open Finance: data is a unique asset at the moment, from which funds are trying to drive strategic value. Previously, one looked at data governance just around regulatory reporting, but now you also need to consider it in the context of artificial intelligence.
The conversation surrounding how to use data ethically presents a big challenge; let's take it right up to board level, get some strategies in place, establish accountability, and control data in the right way.
HK: PSD2 in the EU has opened up countless possibilities for innovation, including direct payment processing from platforms or applications, data analytics on aggregated bank accounts, split payment technology, and enhanced credit risk modelling. They do come with compliance strings attached, but most fintechs are often mindful of this and have built their data stacks to be far more robust than legacy bank systems.
Q. Moving forward, what’s the best way for fintechs and regulators to approach governance?
HK: The growing regulatory environment has created and will continue to create risk management requirements for fintechs. I believe the ability of fintechs to proactively identify and address these risks through effective risk management programmes will significantly impact their success and competitive edge going forward.
BR: Compliance will always be an issue that’s ‘in flux’, but regulators should be subtle and sensitive to business models and only intervene where necessary.
It's intriguing that no one has yet created a ‘global fintech’; I don't see why it couldn’t happen, and companies could even use regulatory compliance as part of their marketing proposition. There just has to be innovative thinking about how such an enterprise could be structured in legal and regulatory terms.
SN: The most successful startups in the regulated space will be those who act like a regulated bank or firm from the start of their business model. Diversity and skill set at board level will also be fundamental; after a fintech has mobilised, its C-suite will need to understand how regulatory requirements impact the company’s technology and shape the solutions it offers.