Rize: Compliance Do’s and Don’ts for a fintech startup

Fintech founders face a fundamental quandary: How do you innovate and move fast in a highly regulated industry like financial services?

For much of the first decade of fintech, there was an impression among founders that either you could move fast or you could be compliant but you could not do both. Given the temperament of most startup founders, when faced with that choice, the answer was clear: move fast and deal with compliance further down the road.

Justin Howell is the co-founder and CEO of Rize a fintech infrastructure platform that provides fintechs and non-financial companies access to all of the tools they need to efficiently build, launch, and scale new financial products and services via one API. Prior to founding Rize, Howell divided his time between the startup and finance worlds. He started his career in strategy consulting at Bain & Company before moving into private equity at Bain Capital and then managing the illiquid investment portfolio for Perry Capital.

On the startup side, he has served as the VP of Corporate Development for Soleil Securities, an early fintech startup backed by Bessemer Ventures and Bain Capital Ventures. He was also the co-founder of TripUp, a social network focused on frequent travelers, which was sold to SideStep.com.

Howell spoke to The Fintech Times about his experience dealing with compliance and shared advice on what he believed startups should be doing:

Fintech startups are eager to get ahead of the pack with their innovations in order to secure the funding and marketability before anyone else in their niche space, but looking before you leap is critical when it comes to compliance. With any new technology in the financial services space comes new regulations and regulators are keeping a watchful eye on the fintech space especially for those who may be lacking in the compliance aspect of their business. Regulators are also stepping up their game and making it increasingly clear that the ‘move fast and break things’ mentality of Silicon Valley will not cut it going forward, as evidenced by their increasing willingness to bring enforcement actions against fintechs and the regulated institutions they work with. For example:

Ripple, a global payment solution platform, was fined $700,000 for a failure to register with FinCEN and for failure to maintain a sufficient anti-money laundering program within their platform.

Recently, Robinhood was given $70million in penalties by the Financial Industry Regulatory Authority for a number of supervisory failures in critical elements of its business.

Consumer Financial Protection Bureau this month announced that it halted LendUp from creating new loans and collecting on existing outstanding loans due to a violation of an agency order, and in the process, specifically called out some of LendUp’s venture capital backers

As the importance of compliance continues to increase in the fintech sector, here are some lessons that we have learned at Rize about how to approach compliance as fintech startup based on our experience over the last five years, first as consumer-facing fintech and now as a “fintech-as-a-service” infrastructure platform that serves other fintech builders around their core infrastructure needs (including compliance).

Don’t: Be afraid of compliance. 

Compliance isn’t a mystery and it’s not the bogeyman, it is simply a set of rules that need to be followed. They may be complicated and confusing and written in an era that never even contemplated the internet, but they are still just rules that can be broken down, digested, and incorporated into code or business processes. Don’t be afraid of them, instead;

Do: Embrace compliance as a source of strength and competitive differentiation

As a fintech founder, instead of thinking about compliance as a constant thorn in your side that is holding you back, try reframing it as a complicated design constraint that if incorporated correctly can actually be a big source of differentiation. Compliance is one of those things that is much easier to deal with if you take the time and effort to get right up front and weave it into the fabric of your product so that they can scale together, as opposed to having to shoehorn it in after the fact. And actually having good compliance and controls in place can save you an immense amount of money by keeping bad actors out of the system and minimising fraud. Go slow to move fast.

Do: Learn the basics and then get expert help

Most fintech founders understandably want to spend all their time on product, but you will do yourself a big favour if you learn the basics about what laws and regulations apply to your product. The various laws and regulations and regulators themselves can vary widely depending on which financial vertical you operate in. You don’t have to become a lawyer and understand every little nuance, but if you understand the broad brush strokes then you are in a much better position to bring in the right experts who can help you craft a compliance program that is appropriate for your product and to fill in all the details.

Don’t: Take generic compliance materials off the shelf.

One of the keys to doing compliance correctly as an early-stage startup is to do what the law says you need to do, but not more than that. Treading that line correctly requires that you customise things like policies and procedures manuals to your actual product. If you grab something generic off-the-shelf to simply check a box, you may end up with a document containing a lot of stuff that actually isn’t relevant to your product. But when the regulators come knocking, they won’t have much sympathy. They’ll point to that document and say, ‘Relevant or not, show us that you’ve followed all these policies and procedures to the letter.’

Do: Embrace uncertainty.

The reality is that a lot of the laws and regulations that govern financial services are hopelessly out of date, and while it would be nice to have clean bright lines about what you can and can’t do in your particular vertical, the very fact that you are innovating often means you will be operating in a grey area where the regulators simply haven’t caught up to the technology. But be careful not to cut corners here. Instead, consult the right experts, understand the risks involved and mitigate them as much as possible, and then make a business judgment that you could argue straight-faced directly to a regulator

Don’t: Ignore the importance of choosing good infrastructure providers.

Fortunately, one way to help navigate these issues is to look at organisations providing fintech as a service (FaaS) as the launching point for your new fintech venture. From neobanks to embedded finance options for existing financial institutions, partnering with a FaaS platform to launch your new financial tech venture is a much safer and more efficient way to break into the space. There are platforms that offer the building blocks to many different fintech avenues such as checking, brokerage, and enterprise accounts, without the hassle of having to hire a whole team of compliance specialists to build your platform from scratch. By eliminating the need to reinvent the wheel, companies can spin up their fintech service in under 30 minutes now which may have in the past taken 18-24 months.

Do: Keep your customer in mind.

As I said before, compliance is a complicated design constraint, and it’s important, but don’t let it drive the bus. You are the keeper of the product vision, you alone know what your customers want and how best to serve them with an amazing new product. Serving your customers in a compliant fashion may cause you to rethink things a few times, but if you always keep your customers’ needs as your true north, you can find a way to meet your compliance requirements without sacrificing their user experience.

We have a ways to go, but compliance is getting easier to handle

As an industry, we have to make it easier to be compliant, we have to completely remove that tradeoff between moving quickly and being compliant. We’re getting there – more and more compliance capabilities are getting built directly into the infrastructure – but for now, as a fintech builder, embrace your role as the first line of compliance defense. The regulators, your investors, and ultimately your customers will thank you. 

Related News