FinTechs are known for being agile, fast-paced and quick to market with new payment products that delight customers. But is it these same factors that make them attractive targets for terrorists and money launderers? How well equipped are FinTechs to combat financial crime?
Recently we visited the Royal United Services Institute (RUSI) – a think tank which advises the UK Government on security and defence – to discuss the potential impact of FinTech on the fight against money laundering and terrorist financing at their briefing,“Defining FinTech: actors, challenges, opportunities, and financial crime”. Ahead of the event, we sent a pulse survey out to our network to help get a picture of AML and CTF challenges facing the FinTech community – from the perspective of both FinTechs and traditional financial institutions. We found:
- FinTechs are confident that their leadership teams understand AML/CFT requirements but the outside view from traditional financial services is much more negative
- FinTechs are evenly split on whether they think they themselves have sufficient AML/CFT tools and procedures in place, but traditional financial services think FinTech firms have worrying gaps
- FinTech compliance teams are concerned about the lack of scale and depth of experience within their teams.
We presented these findings to kick off the discussion at RUSI, with highlights below:
What are the biggest AML & CTF challenges facing FinTechs?
Knowledge & expertise
Our survey showed that one of the biggest challenges facing the FinTech community is the lack of understanding and training in financial crime across an organisation. Further, their smaller teams don’t always have the depth and expertise of a big bank. Established financial institutions have an ‘organizational memory’ of what has gone wrong but younger FinTechs may not. What’s more, attracting experienced people can be hard – start-up environments tend to be fast paced and chaotic which is not always a good fit with industry compliance veterans. And for both sides – the global makeup of financial crime means working with other national and regional regimes is a challenge.
By nature, FinTechs are often able to rapidly shift course to capitalise on new market opportunities. And in this fast-paced development environment – the tech team can build things that are not yet compliant, leaving the compliance team to ‘catch-up’ and fix it. There are also concerns about the risks introduced by rapid transaction speeds and the high degree of automation in FinTech products and services. Speaking at RUSI’s event, Laurence Twelvetrees, Head of Risk and Compliance at Revolut, a global money transfer app agreed, saying that retaining a superior customer experience is a huge focus for them, and there is often tension with trying not to disrupt this. This is, after all, why customers choose them over traditional financial institutions.
Michael Ruck, Senior Associate from law firm Pinsent Masons said younger FinTechs face a difficult job to balance commercial and regulatory demands. The bottom line is start-ups need to survive. On a weekly basis, they may need to prioritise the tech development queue for revenue generating activity over the need to reduce AML risk.
Gemma Rogers, Director at risk management consultancy, FINTRAIL said that the immediacy of FinTechs makes them perfect targets for financial crime with criminals on the look out to test things that can be done with new financial services products. They have seen some firms hit early on in their development of control frameworks. Twelvetrees added that FinTech’s may not know where risks are with new products so there is higher risk at the early stages.
Culture, planning, and information sharing
When discussing what FinTechs can do to rise to these challenges, Twelvetrees said that for Fintechs it’s really up to founders to set the right tone and culture of compliance in the early stages of the business – it’s very easy for it to be a back thought. Early risk assessment and looking forward to what products will be offered will save pain down the road.
Preparation and insight
So FinTechs need to proactively look at new risks to find trends and prepare for future attacks. To do this, Twelvetrees says it’s critical to understand your core business and manage risks around what your customers really need. He added that you don’t want to take risks on something only 2% of your customer base wants. In Revolut’s efforts to understand user behaviour, he said they sometimes look to the marketing team for insights. Marketing knows the customer (user) and buying behaviours very well and can spot unusual behaviour in the transaction history. Engagement overall between departments is a good thing and will help FinTechs spot anomalies.
For Revolut and likely many FinTechs, the emphasis is on using technology where you can and minimising manual processes or human input. FINTRAIL says Fintechs are well placed for this, with no legacy systems to deal with, and they can avoid the mistakes of banks.
To strengthen financial crime expertise in not just the FinTech but the wider financial services industry, FINTRAIL called for a public – private partnership and more cross-sectoral engagement, where firms, regulators, and law enforcement could work together and share information – such as in industry forum. This could involve staff mentoring – where FinTechs spend time in bigger financial institutions or law enforcement spending time with FinTechs.
All firms, not just FinTechs, want to know what everyone else is doing and better information frameworks are needed. But does this risk a ‘herd mentality’ – following others without thinking what’s best for them? All firms would need to ensure they apply their own risk-based approach.
Reputation too important to risk
Ultimately customers need to trust financial firms. This is especially critical for new FinTechs who have less brand credibility and cannot afford the reputational damage of letting something slip through the net. A tick box approach to compliance is not sustainable long term for garnering faith in their fight against financial crime – but a risk-based approach will help foster this necessary trust with customers. The key principles to understand and control are still there for FinTechs – just as they are with traditional financial institutions – know your customer, know your market, know your risks.