The regulation of FinTech: what’s on the horizon, and who’s doing it well?

The TLA FinTech group was delighted to host a panel discussion followed by drinks and networking @ Rise London on 25 September 2017.

The event was the second collaboration between TLA FinTech and Rise as we continue to look for ways for us to engage with the wider FinTech community to learn, share experiences and network.

We had a fantastic panel, made up of: James Neville, CEO at Citizen; Stuart Lacey, CEO at Trunomi; Vic Arulchandran, COO at Nivaura; Simon Toms, Partner at Allen & Overy; and Daniel Morgan, Director, Policy and Regulation at Innovate Finance. The session was moderated by Rose Hall, Head of BD at Allen & Overy and a co-chair of the TLA FinTech Group.

We started by exploring what areas of regulation our panellists were particularly watching. Not surprisingly, the panel identified vertical industry regulation such as PSD2 and MIFID II, but the new European General Data Protection Regulation (GDPR), which takes effect from May next year, was also something on everyone’s mind. Among other things, GDPR brings expanded territorial reach, introduces new (and quite onerous) accountability obligations on both data controllers and data processors and mandates data breach notification. Very significantly, the GDPR establishes a tiered approach to penalties for breach which enables data protection authorities to impose fines for some infringements of the higher of 4% of annual worldwide turnover and EUR20 million.

Panellists noted however that it wasn’t the scope of one individual piece of regulation that kept them awake at night, but rather the cumulative effect of working in a sector with a deep and complex matrix of regulations that were also subject to frequent change.

Panellists spoke about the interplay between compliance, ethics and trust — and this was a theme that we returned to several times during the session. The discussion suggested that “tick box” compliance and thinking about regulation in a piecemeal way was not sufficient, and that success depends on an organisation’ ability to build compliance into its DNA. Making compliance something that many business stakeholders felt they had shared responsibility for was also seen as a way to future proof organisations from the uncertainty of regulatory change: the value of lots of bright minds thinking about the problem and having a multi-faceted take on impacts and opportunities.

Panellists also agreed that compliance failures were a sure way to lose trust, “a reputation can take years to build but seconds to ruin” said one.

The panel members were very keen to stress that regulation presents huge opportunities as well as possible headaches. For example, PSD2 provides opportunities to give consumers more information and choice and lowers the barriers to entry for new payments providers. For RegTechs, meanwhile, it’s the promise of offering solutions to deal with the increase in regulatory complexity that has helped them become one of the most high profile segments of the FinTech market.

Selling regulatory compliance is also not just a case of just focusing on meeting the black letter of the law, said our panel. They were excited by the idea of making regulatory compliance a competitive differentiator and something with a real potential for return on investment. The team spoke about elevating compliance from a cost that the compliance officer was responsible for into a strategic discussion about wider benefits that would resonate with the C-suite. Our panel stressed the importance of a “culture of compliance” flowing from management and the need to appreciate that, beyond the immediate risk of fines, there are much greater risks at stake, including loss of reputation and potential loss of business. Even more importantly, our panellists pointed out the multiple positive benefits that can come from embracing compliance and investing in RegTech solutions, including improvements in net promoter score and customer retention and conversion.

Thinking about how best to engage with regulators, one panellist stressed the need for domain expertise and the ability to bring technical and operational insights into regulatory discussions. All our panellists saw merit in engaging with regulators early on, even while they accepted that the process of getting authorised was a long one. They welcomed the levels of interest that some regulators have shown in discussing new business models and engaging with start ups. The FCA’s regulatory sandbox in particular was warmly regarded by the panel, which noted also that 23 versions of different sandboxes now exist across the globe. In a plea to regulators worldwide, our panel talked about how we should be striving towards “regulatory interoperability”. The group noted that many FinTechs may have relatively niche products which they scale by expanding internationally — making cooperation between regulators highly desirable. For that same reason, the U.S. market — though still the place where capital is most plentiful — “ was seen as very challenging because of the number of regulatory regimes and difficulties of navigating who regulates what.

Fundamentally we concluded that regulation was often necessary and also inescapable, but that it is very limiting to only see compliance as a technical exercise and not to recognise the opportunities it presents. Regulatory compliance is one of many elements that FinTechs need to focus on to scale businesses that are built to last.

TLA FinTech would very much like to thank Amina Ahmad and the rest of the team at Rise London for hosting this event.