Dear Fintech Leaders, Invite Compliance to the Conversation, Early & Often

As a growing number of fintech companies come to grips with a changing regulatory reality — like the proactive stance the Consumer Financial Protection Bureau (CFPB) is taking on Buy Now Pay Later short-term lenders — it’s become even more critical for the chief compliance officer to have a voice in the room. 

The role of compliance has evolved, and it’s become a foundational part of building a sustainable business. Too often, compliance lacks a voice in the product development process at the earliest stages, leading to delays or future regulatory issues. By establishing thoughtfully rigorous standards and inviting compliance teams to the conversation before they’ve headed toward hypergrowth, companies can avoid potentially costly mistakes down the road.

The mathematics at play are clear: compliance can be expensive, but it’s a drop in the bucket compared to noncompliance. According to the Ponemon Institute, the average cost of building a robust compliance program is about $5.5 million, while the average cost of noncompliance is nearly $15 million, and the average cost of noncompliance has risen more than 45% in 10 years. 

What do these penalties entail? Companies can face substantial fines from regulatory bodies for failure to comply with laws and regulations, not to mention legal fees from defending against regulatory actions and lawsuits. 

Noncompliance can also be costly on the product development front. When regulatory issues are identified late in the process, companies may need to halt production, adjust roadmaps or go back to earlier stages of the process to address these issues. Additionally, addressing failures in compliance often requires significant resources, including hiring additional employees, investing in new technologies or overhauling existing compliance systems.

Aside from financial impact, compliance missteps can result in reputational damage for years to come. Customers may lose trust in a company if it is found to be noncompliant with regulations, especially those related to data protection and privacy. This can lead to decreased customer loyalty and lost business, in addition to negatively affecting employee morale. There also may be market implications for public companies, resulting in more scrutiny from investors and companies potentially being labeled as more risky investments.

Financial Services

How Will New CFPB Rule Affect Short-Term Lenders?

by Leo Patching

September 3, 2024

Buy Now, Pay Later industry facing rules similar to credit card issuers

Read more

The communication bridge

How can fintech compliance help mitigate these risks? One of the key roles of the compliance team is to act as a translator between external regulators and the rest of the company. This includes everything from delivering disclosures effectively to ensuring that all team members understand regulatory expectations.

By maintaining open lines of communication, compliance can help the company navigate the regulatory landscape more smoothly and avoid missteps with third-party risk management. The impact of third-party risks and financial crime goes beyond just financial loss; it has tangible effects on human lives in the form of terrorism, human trafficking and other terrible circumstances or events. Effective compliance programs can help mitigate these risks by seeking to put consumers at the center of control design and ensuring that all third-party interactions are thoroughly vetted and monitored.

Just as technical debt can accumulate when shortcuts are taken during software development, compliance debt can build up when quick fixes are used to meet regulatory requirements. Many companies, for example, may start out conducting disclosure manually before finding that as they attempt to scale, maintaining spreadsheets becomes untenable. Compliance teams in the finance sector must be part of the conversation early enough that they can help product teams see down the road to understand what regulatory compliance will require.

Compliance as a partner in innovation

There’s a common misconception that compliance stifles innovation by introducing obstacles and friction into a process. However, when compliance is involved from the earliest stages of product development, it can actually facilitate innovation. Through active listening and balanced guidance, compliance teams can help steer the company away from paths that might lead to significant regulatory issues down the road without being seen as blockers.

In the creative process of product development, compliance is there to listen and provide insights, not to introduce complexity prematurely or act as a roadblock. If compliance sees potential regulatory implications, they should raise the issues early, research how competitors have handled similar issues, and work collaboratively to find creative — if not innovative — solutions.

Integrating compliance into the governance process means establishing checkpoints where compliance considerations are reviewed. This approach allows for continuous oversight and ensures that regulatory implications are considered at every stage of product development.

It’s important for companies to recognize that standing up an effective compliance program or implementing controls does not necessarily require substantial monetary investment. Simply committing to the principle of “compliance design” can drive better outcomes in the long run, for them, their shareholders and the consumers they serve. 

Great compliance is a journey, not a destination; programs are built through many small investments and iterations, not large checks. As the saying goes, little by little, a little becomes a lot.

By allowing compliance teams to be active partners in the room from the start, fintech companies can build better products that meet regulatory requirements and achieve their business goals. Early involvement of compliance not only helps avoid regulatory pitfalls but also contributes to building a more innovative and sustainable business that will thrive regardless of the regulatory environment.