en
Fintech companies face major regulatory challenges, because they have to take a major step to transform their innovative, IT-driven business models into resilient banking processes that meet all regulatory requirements. Compliance problems and penalties can arise when rules are violated—regardless of whether a financial company is young and disruptive or old and established. Fintechs today face a number of hurdles, in addition to applying for banking licenses and communicating with regulators.
The reasons for this development: on the one hand, many fintech companies, which once entered into business without a banking license, or together with licensed cooperation partners, are now so successfully positioned and strategically strong that their regulatory obligations are also growing significantly. On the other hand, supervisory authorities are becoming increasingly meticulous in the fast-growing and rapidly maturing fintech sector. Both trends mean that compliance risks for fintech companies and any partners have increased sharply.
“Whether with or without their own banking licenses, fintech company heads can find non-compliance with regulatory requirements very costly.”
In recent years, the European Banking Authority (EBA) has increasingly analyzed the impact of fintech companies on the European financial services market. In 2018, the EBA published four reports—including an analysis of big data and a “Fintech Roadmap”—and more followed in 2019. EBA, BaFin, Bundesbank, ECB, FATF, ESRB—a large number of supervisory authorities are demanding the implementation of new rules, or adjustment of existing rules.
This flood of external requirements creates enormous pressure on all financial institutions to maintain a clear view of internal requirements. Transparency begins with the procurement and evaluation of all relevant documents and ends with the implementation in the institution; a lack of transparency can quickly prove to be an expensive mistake. Compliance problems can cause additional costs—or even severe penalties and/or manager liability.
To ensure that fintech companies also meet compliance requirements in the future, the supervisory authorities require effective procedures for identifying and complying with relevant regulations. Fintech companies need independent compliance departments to mitigate risks that could arise from non-compliance. The role of compliance managers is to establish and account for regulatory compliance procedures. They must continually identify new stipulations for which non-compliance could lead to new risks.
The supervisory authorities act with political backing. Politics has an interest in promoting new business models such as fintech services. But politics is also subject to other constraints—such as the principle of the rule of law. The rules of the game—such as Germany’s money-laundering act (Geldwäschegesetz), the Commercial Code, the General Data Protection Regulation, or the regulation governing large exposures and loans (Gro-MiKV)—apply to all institutions.
Supervisory authorities are focusing on four aspects of fintech companies:
Supervisors are now leaving no room for doubt: Legal requirements and compliance requirements apply to traditional banks and fintech companies alike. For this reason, banks that cooperate with fintechs should increasingly ensure that their partners meet all requirements. Regarding data security, money laundering, cybercrime or customer protection, they have to guarantee the compliance of their fintech partners.
After a description of the current situation, zeb carries out a so-called gap analysis. By comparing the documentation with the daily business practice of the fintech company, gaps between practice and codified intentions can be identified. Then, measures to eliminate these gaps are defined and prioritized—also with a view to their consequences for the institution and any partners. The fintech company then sets out to implement a clear roadmap.
Thanks to its many years of experience, zeb has at its disposal a data set of more than 1,700 supervisory findings that allow important conclusions to be drawn about the focal points of supervisory audits. In addition, zeb has documented many measures initiated by institutions to process findings. As an implementation partner for the minimum requirements for risk management (MaRisk), zeb is very familiar with proportional application, especially for smaller institutions. zeb can thus provide optimum support in the development of farther-reaching measures.
