Banks/FinTech — The Long And Winding (Regulatory) Road

In an age where FinTech upstarts, payments companies and banks vie for the same customers, might regulations force them to collaborate?

In an interview with PYMNTS’ Karen Webster, John Epperson, a Risk Consulting principal with Crowe Horwath LLP, said that change is coming to financial services on a scale and timeframe that might make firms rethink the way they navigate the playbooks and rulebooks.

He said that for banks and other firms, changes in payments and technology are “so different and so unique…. People are just trying to keep pace with the rapid changes in the way we do business,” which drives the way they must address regulatory and compliance issues.

And as Webster and Epperson agreed, dealing with those issues requires for more than just, as Webster termed it, “checking the boxes.” Simply put, the risk surface is quite different than it was even 15 years ago.

“The banks are still struggling to keep up with all the regulatory and technological changes,” said Epperson, but he noted that one benefit has come through the hiring of dedicated staff to work with compliance issues directly.

In payments and FinTech, he said, “their lifeline or even their business structure is so contingent on their retention or the collaboration or the maintenance of a bank account.” These companies “are having to think the same way as banks, with a fraction of the capital, with a fraction of the resources and without the history of regulatory response and requirements enabling organizations to establish a strong compliance culture. Some of them are not even directly subject to certain laws and regulations. However, FinTechs are being held to the same requirements (including BSA/AML obligations and certain consumer protection regulations) in order to maintain a banking account and to give that partner assurance that they, as a third party, are not increasing the risk of the bank.”

Webster said that many of these young companies have put significant investments into becoming compliant, where product development is even influenced by compliance issues, perhaps even, as she said, making an effort to “check all the boxes on a state-by-state basis.”

A national charter may make compliance efforts easier for companies and also reduces complexities tied to satisfying mandates state by state, though likely introduces additional risks that are not currently present.

Turning attention to AML, the pair defined it as a “hot-button issue.” But on Capitol Hill, some things may have shifted, and “we hear a lot of different data points … from a lot of different people,” said Epperson, and “we are not really sure where it is going to go. We are not really sure where we want to invest time and money or infrastructure … whether we are going to have to comply with a whole new set of rules and regulations.”

There are examples of legislation and standards (such as in New York state) taking shape, said Epperson. “There is an evolution,” he said of the process and “what is needed in the market is guidance and clarity.” With evolution comes improvements on rules and regulations, he added.

“When I think about guidance, one of the big challenges for a lot of organizations regardless of their type … is complying with regulatory expectations…. What is even more complicated is that when you are not a traditional bank or when you are not a remittance company or within the money service business space, it becomes even grayer. If I am in the money service business, I have a 150-page examination manual that says how I am going to be supervised. But if I am … bitcoin, or a prepaid card program manager, or an issuer of a number payments platforms, that becomes even more difficult in understanding [regulations and their expectations].”

Webster noted that the U.K. has set up more stringent watchdogs to monitor possible loopholes and money-laundering activities in that region of the world. Against that backdrop, Epperson said such stepped-up oversight (and self-directed oversight) remains a step in the right direction. He stated that along with his continuing work with diversified financial institutions, “banks have almost become a de facto regulator,” with an eye on the aforementioned all-important bank accounts.

What about cash businesses? Cannabis stands out as an example, stated Webster, with friction in payments say, in paying employers and suppliers but also the potential for “bad stuff to happen” and skirting regulations and oversight. Though it may indeed be profitable for financial services firms to get a foothold in this world, the devotion of time, effort and money to keep track of such activities may prove challenging, especially when asked by regulators to provide evidence of what, in Webster’s words “they see and suspect in response to an investigation.”

More information must flow between corporates, agencies and law enforcement, and also, he noted, companies must examine their resiliency in the face of “adverse news and adverse information.”

Looking at identities, the duo discussed the conundrum of, as Epperson stated, “how do you balance customer acquisition and customer experience with the nuances of compliance? You have to perform identification, you have to collect certain information, you have to verify it … and it is a good fundamental way of doing business.”

The key is to develop systems and methods across biometrics and other conduits of monitoring the risks associated with doing business with those customers and how you can authenticate those customers “on an ongoing basis,” said Epperson. In addition, those data flows can be leveraged across relationships between banks and FinTechs.