Between January 13th, 2018 and September 14th, 2019 PSD2 gradually began entering mainstream fiscal infrastructure. This new regulation for electronic payment services has been conceived and initiated to make electronic payments more secure across Europe, promote innovation and help banking services to adapt to new technologies.
The advent of PSD2 demonstrates the increasing emphasis and importance of Application Program Interfaces (APIs) across different financial sectors.
Yet another example of how financial sectors are embracing fintech to optimise direct payments, gather data and aggregate bank accounts, it’s clear that mainstream adoption of these technologies and the myriad of benefits they promote is ubiquitous.
However, what does an evolving financial sector mean for regulatory fintech compliance. Here are the answers to the key questions.
The Background Summarised
The 2008 financial crash and subsequent economic fallout has promoted the financial sector to develop compliance systems at pace. Such innovations have included tools that analyse behavioural anomalies to those that track and map changing financial regulation, there has been a determination to confine manual, error-prone systems to the past.
One particular area of innovation that has experienced significant growth since 2008 is regulatory change management. Historically, managing regulatory change was a manual process, one that was managed by a team of people working with innumerable spreadsheets.
As you might expect this is laborious and time consuming and difficult. The administrative burden was vast. Manually mapping regulatory changes to existing policies, processes and controls was fraught with issues, the least of which was that it wasn’t exactly cost-effective.
However, 2021 is now here, regulatory compliance stands at a precipice. Regulatory change management programmes, including those centred around fintech compliance are primed for automation. Spearheaded by sophisticated technologies, including Robotic Process Automation (RPA), Machine Learning (ML), and Deep Learning (DL), not to mention big data analytics, a wholesale revolution of financial sectors is on the horizon.
The Advent of PSD2
Now let’s be honest, traditionally, fintech compliance probably won’t energise your average fintech employee. It’s just not as exciting as developing new, cool digital platforms that make their roles easier. However, not factoring compliance is something that financial professionals should consider at their peril.
Although PSD2 does allow fintech’s the chance to participate in the money flow as traditional banks do, regulatory compliance must be considered, the most obvious related to anti-money laundering (AML) and countering the finance of illegal activities, such as terrorism (CFT).
This results in the development and implementation of dynamic policies and procedures to address fintech compliance issues.
So, in the interest of streamlining the many variables of how fintech’s can help businesses to overcome specific challenges and become PSD2-compliant without feeling overwhelmed or, worse, dismissive of compliance, we’re going to look at the positive impact PSD2 can have on a persistent problem that must be addressed: anti-money laundering.
PDS2-Compliance and the Cost
It’s not uncommon for fintech companies to underestimate the cost of being PDS2-compliant. This is especially true of businesses with high-volume, low margin business models. Why? Well, obviously the cost of compliance can impact profits.
Let’s not forget too that many of the tech and data companies who provide fintech solutions tend to work with larger, more established companies who can offset the cost of compliance easily. Fintech start-ups are often shocked to learn that the simple transaction monitoring prices or the completion of customer due diligence can often account for their first round of funding.
Now, typically fintech companies explore customer due diligence solutions or transaction monitoring when they’re completing or have just completed the PDS2 compliance process. However, it’s much more prudent to start exploring possible solutions as early as possible. Why? This ensures the validity of your application. This can help accomplish the following:
- The identification and relevance of cost-effective AML solutions and technology
- Validation of the assumption of your fintech compliance application
Now, companies who are startled by the cost of third-party products, like fintech, decide to develop their customer due diligence or transaction monitoring solutions in-house. On the surface, this makes sense as many fintech’s often have highly skilled, vastly knowledgeable developers working for them. But is this the best answer?
In short, not always. Fintech companies are, by their very nature, dynamic. This is especially true in the early stages of development. Then there’s the issue that goals or even entire business models can change overnight.
When this is combined with the ever-present work pressure, this fluidity can delay or postpone fintech compliance intentions. Furthermore, fintech employees tend to prioritise exciting development work over compliance which is often considered to be a drain on expertise, energy, and ambitions.
It’s for these reasons that regulatory compliance work, be that for AML or CFT, is best addressed by a third-party. Better still, collaboration gives fintech’s the opportunity to identify the best system or platform – one that can adapt to changes and scale efficiently within a business.
The Lack of Implementation
Having the right documentation completed diligently is critical to obtaining a PSD2 licence. However, what should not be discounted is operationalising policies and procedures.
Believe it or not, this is often where fintech’s struggle. Policies are procedures are typically developed by top-level decision-makers which can make it difficult for decisions to be made. Why? In many cases a comprehensive understanding, often period of education is required.
This has an often-unforeseen consequence: lack of implementation. In fact, it’s common for policies and procedures to be decided, but not swiftly implemented. What good is paper trail if it does not apply to daily operations?
Businesses who want to mitigate risks that can jeopardise a PSD2 licence need to adopt the following:
- Policy and goal alignment – understanding why such policies have been created and making sure that they align with business goals
- Practical policies – this should include guidance of various aspects of attaining a PSD2 licence, including risk assessment methodology, monitoring scenarios and various data points
- The knowledge of a policy expert – making sure that policies are written by someone who understands regulatory fintech compliance, intended policies and the technical implementation
The bottom line? Companies should consider automating as many policies and procedures as possible – as early as possible.
Getting employee buy-in is also paramount. Training programs should be initiated, and documentation made available to make sure that everyone fully understands why changes are being made and how such changes affect roles.
Fintech and Regulatory Compliance
It may not be the most scintillating of subjects, but regulatory fintech compliance is something that must be managed well if businesses want to establish themselves as a major player in the financial market.
Now, this is quite a broad topic and one that requires the insight of learned, experienced financial services business to help guide you through. If you’d like to learn more about regulatory compliance in the fintech sector, or any other services, get in touch with Northern Provident today on 02896 001616.