Compliance, risk, and fraud are all important concepts when it comes to onboarding new customers. They are also easily confused concepts. Ignoring compliance, risk, and fraud, or focusing too much on just one of the three, can cause big problems for a financial business in the long run.
Let’s explore what we mean by “compliance,” “risk,” and “fraud” and why your company should focus on all three.
The differences between compliance, risk, and fraud
For many businesses, compliance, risk, and fraud become all bundled together in a bucket labeled “important stuff to deal with.” But it’s vital to understand the definition of each term in order to handle it correctly in your company.
Compliance - The process of adhering to rules, regulations, laws and other guidelines relevant to the financial industry. Complying means you are meeting regulatory requirements for law-abiding, fair, safe, and ethical financial practices.
Compliance example: conducting KYB and KYC checks
Credit Risk - Danger to your company due to internal failings, within or beyond your business’s control. Risk managers look within a financial organization to mitigate risks that might cause the business to fail.
Examples of risk: a stock market crash, borrower defaults or lack of liquidity
Fraud - Deliberate deception by bad actors to unlawfully use your financial entity to gain access to funds.
Examples of fraud: identity theft, embezzlement
To sum it up, compliance is the process of adhering to external rules and regulations for the financial industry. Risk management protects the company by monitoring internal decisions and processes. Fraud prevention protects the company by monitoring and combating external threats.
What fintechs are getting wrong about compliance, risk, and fraud
Ask any fintech CEO about fraud prevention, and they can likely point to a team dedicated to combating fraud. But ask about compliance and risk, and you may be referred to a lawyer, or partner bank, or a checklist they checked off in the early days of the business.
Fintechs are built to grow. Their investors count on it. Product and engineering are tasked with getting a viable product to market as quickly as possible. Compliance and risk management, often at the behest of a bank partner, throw hurdles into a speedy go-to-market plan. That’s why, in most cases, fintechs in the early growth stage do the bare minimum of box-ticking when it comes to compliance and risk.
There’s always a tension between a lean, mean low-headcount team and keeping the sponsor bank or regulatory body happy with strict regulatory compliance. Pressure to go-to-market with a low number of employees means that fintechs rarely mark in-house compliance expertise as an early “must hire.” Because of this, in-house teams rarely start with compliance expertise, and often overlook or even push back on the importance of risk assessment when onboarding those first clients.
But merely checking boxes when it comes to compliance can lead to big trouble as a fintech grows. For example, Chime ran afoul of the California Department of Financial Protection and Innovation for advertising themselves as a “bank.” The incident ended in a settlement agreement.
Fintechs who fail to take risk and compliance into account alongside fraud can be blindsided by unknown regulatory requirements or unrecognized risk within the company’s own operations.
How fintechs can improve compliance and risk management
Fintechs can avoid the compliance pitfalls that inevitably occur with growth by adopting a “compliance-first” culture from the start. This means dedicating headcount to compliance experts and scaling the compliance team as the company grows in size and complexity. A compliance team is not an unnecessary expense, it’s your line of protection from exposure to regulatory fines, penalties and reputational loss.
As a fintech matures, the compliance team should be able to take ownership of the business’s regulatory compliance. For example, an early-stage fintech’s first relationship with a sponsor bank may simply involve completing the sponsor bank’s regulatory checklist. But as the fintech grows, you'll likely want to work with multiple banks and financial partners. From here, your compliance team should build up the necessary skills and confidence to conduct internal compliance reviews without relying on sponsor banks.
As the company grows, compliance should be involved in developing the product. This can be done by creating compliance checklists, conducting risk assessments, and providing feedback on product updates. If compliance is built into the DNA of the company, it doesn’t have to slow growth or innovation.
Fintechs should also rely on automation and third-party vendors to scale compliance and risk management. Companies like Middesk can leverage data to better understand customer businesses during onboarding, surfacing financial red flags from underwriting like liens, bankruptcies, and litigation history. Robust data collection and risk modeling allows for more accurate customer risk profiles. By thoughtfully evaluating these entity risk categories and risk reviews, fintechs can target areas representing the highest fraud vulnerabilities.
A compliance-first culture shouldn’t be seen as extra expense or stumbling blocks in a fintech’s go-to-market plan. Focusing on compliance and risk from the start sets a fintech up for success, independence, a stellar reputation and long-term operational stability.