Authentication & Security

Why Is It so Hard to Regulate FinTech?

As we have been exploring the world of FinTech, it became quite obvious that FinTech is rebellious in nature as it blurs international borders with ease and speed. FinTech is free from the regulatory burden the banks have to carry, which is why bright entrepreneurs were able to consolidate so much financial power internationally.

However, the beast has to be tamed at the least cost and that’s where a relatively new segment has emerged—RegTech. The term refers to a set of companies and solutions that address regulatory challenges across industries, including financial services, through innovative technology. RegTech solutions are agile by nature due to the complexity and momentum of regulatory transitions. Traditionally, the technology was developed to be robust. However, RegTech can’t afford the luxury to deliver a solution for static requirements—it has to be a self-learning machine.

Although RegTech has a significant potential of taking away the compliance burden that FinTech may face, there are still certain compliance issues FinTech is anticipated to face and perpetuate across markets.

While traditional financial institutions are certainly aware of particular organizations and laws they need to comply with, the situation is not as clear with FinTech. As Bruce Wallace, Chief Digital Officer of Silicon Valley Bank has shared with the WSJ, there are at least seven national and 50 state regulators passing the legal compliance burden on the banking industry. Among those are Federal Reserve, Consumer Financial Protection Bureau, the Financial Industry Regulatory Authority, Securities and Exchange Commission, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, etc. However, financial institutions can navigate in the infinite list of regulatory requirements and know exactly which agencies are they regulated by. The situation is not as clear for FinTech though.

At a level lower, the case is even more complicated. Each regulatory agency has a set of rules and requirements related to particular aspects of financial services. And for FinTech, it is not always clear which rules within an agency they are supposed to comply with.

Just as an example, the Consumer Financial Protection Bureau alone has an array of acts to take into consideration, including the Truth in Lending Act, Truth in Savings Act, and the prohibition on unfair, deceptive and abusive practices. The agency has a very broad jurisdiction over banks, credit card issuers, payday lenders, check cashers, debt collectors and other financial companies assisting consumers with cash or loans. The jurisdiction requires a significant effort not only to study, but also to apply to a particular company.

New York-based law firm Debevoise & Plimpton cited other examples in its recent report on compliance issues faced by FinTech companies.

FinTech companies operating in the retail securities space are regulated by laws like the Investment Advisers Act of 1940 (the “Advisers Act”), which may require companies offering investment advisory services to register as investment advisors with the Securities and Exchange Commission. This includes advisors to certain types of investment funds, such as those utilizing hedge or private equity strategies. Companies offering brokerage services might have to register with the SEC and FINRA as a broker-dealer.

In addition, with the raise of Internet and mobile, another regulatory complication has emerged. Most of the regulations in banking sector were established in the pre-mobile and even pre-Internet era. Logically, it is difficult to apply those regulations to companies built purely in the Web and mobile-first perspective.

If these problems didn’t seem complex enough, add up the manpower and financial capacity of relatively small FinTech startups operating with teams of five to ten people.

Banks, on contrary, have departments dedicated to compliance and enough financial and political power to lobby their regulatory interests—luxury that is unavailable for a FinTech startup. While RegTech can certainly ease the burden more or less, FinTech operates on a tricky border between technology companies and financial institutions. Tech-minded founders and teams of engineers think of the product/solution first, which may—in the future—bring up a regulatory constraint when a startup reaches a certain stage of growth.

For the regulators, FinTech is that pink elephant in the room, and the last ones are actively looking for ways to tame it. The latest example of a battle won by regulators is BitLicense. As the number of startups working with bitcoin has been growing at a fast pace, it became obvious that the segment is too big to stay loose.

Proposed in 2014, the New York Department of Financial Services (NYDFS) published its final BitLicense regulations for virtual currency businesses in June 2015. As the regulation was accepted, companies engaged in “virtual currency business activity” in New York are required to apply for a BitLicense. From the time the regulation got passed, companies have had 45 days to apply for the license. Applicants for the license are required to have—among other things—AML, KYC, consumer protection and cybersecurity programs.

As Mike Massaro, CEO of Flywire (formerly Peer Transfer), suggested, FinTech needs to have a stronger focus on compliance and transparency in 2016. With the ever-increasing terror threats and the focus on cutting-off financing for nefarious acts, we can expect to see a much greater emphasis on transparency and compliance. Any entity processing large amount of payments will need to be able to verify sources and recipients with increasing precision and certainty; ensure strict compliance with anti-money-laundering laws; and be able to provide detailed transaction reporting.


MEDICI Team is a group of content writers, bloggers, journalists, researchers, and editors from the MEDICI team who collaborate to create FinTech insights.

Apply to Become a Contributor