Compliance with legislation is a basic condition for all businesses. However, few industries are as regulated as the financial sector. Since the financial crisis, the volume of regulations has grown exponentially, and market participants now find themselves operating in a minefield of various legal rules.
The Fourth Anti-Money Laundering Directive, the revised Payment Services Directive and the MiFID II Directive and a range of other rules impose significant compliance requirements on banks and other financial service firms. Among the developments spawning from these new rules has been the growth of the regtech market, which is quickly displacing manual risk and compliance procedures with cutting edge technology such as artificial intelligence, machine learning and blockchain solutions. Benefits are already being seen, with new approaches to anti-money laundering (AML) checks and firms’ ability to automate customer due diligence getting more straightforward.
Naturally, perhaps, compliance departments centre on understanding and making sure that the firm acquiesces with the laws, standards and regulations, and generally speaking the compliance function is limited to risk management. But it doesn’t have to be that way: many companies overlook the fact that there are many opportunities and competitive advantages that can be achieved through a different strategic approach to compliance.
Business development and compliance intersect – which provides a golden opportunity for companies to create value. This is a concept that will be of particular relevance to those operating in the fintech arena.
The General Data Protection Regulation (GDPR) is a perfect example. Fintech firms often act as third parties in a data flow, and therefore have access to customer data via a bank or another financial service provider. And since big data and data-driven decisions play a pivotal role in the burgeoning fintech industry, firms within the space must consider GDPR compliance as part of their culture from the offset.
Equally, GDPR should not be regarded as a problem, but rather an opportunity to create value for fintechs. It may be easier for these companies to obtain GDPR compliance compared to banks, as fintech companies rarely have challenges with slow, legacy IT-systems.
A good starting point for becoming GDPR compliant is to conduct a data flow analysis. While such an analysis is crucial for compliance, it is equally important to ensure that the data the company handles is optimally utilised from a commercial point of view. As such GDPR can be used to create an overview of the personal data processed by the company. This is important, as there will often be value in the personal data for the fintech companies. Once the data has been mapped new opportunities to earn money may arise. For example, it is possible to find patterns in customer behaviour that can be exploited commercially and ultimately become a key to growth. An analysis of this can, for example, provide insight into where the company earns or loses money or what the customers demand. For many fintech firms, it is absolutely necessary to use data in this way in order to meet the customer’s wishes and expectations, and to survive in a new world of data capitalism.
Finally, it’s healthy to clean up a company’s data, as many firms have data floating around without actually having control over it. GDPR provides a good opportunity to get handle on data as well as to get updated – or indeed implement - procedures for processing personal data.
Fintech firms should, for these reasons, consider the tsunami of new regulation as a competitive parameter and not as a burden. In the same way that non-compliance can cause damage, a business-minded approach to compliance can strengthen the company and help boost its reputation.
Compliance does not need to impede on the innovative development or agility of fintech organisations. On the contrary, compliance should be considered as part of a company’s DNA from the beginning – which will help facilitate cooperation between banks and investors. At the same time, this will also be an opportunity to position the company against other fintech firms that do not necessarily have compliance high on the agenda.
GDPR compliance may appropriately be the starting point to ensure an intelligent and secure use of data that ultimately can help boost innovation and earnings and enhance trust from partners and investors.