Brave new digital world

What regulators and partners expect from fintechs 

  • Legal requirements and compliance requirements apply to traditional banks and fintech companies alike
  • Supervisors at fintech companies focus on four aspects: under-capitalization, lack of risk-conscious management, deviation from business plans and underestimation of regulatory requirements
  • Transparency and adherence to communication and compliance requirements are core success factors


A major step

Fintech companies face major regulatory challenges, because they have to take a major step to transform their innovative, IT-driven business models into resilient banking processes that meet all regulatory requirements. Compliance problems and penalties can arise when rules are violated—regardless of whether a financial company is young and disruptive or old and established. Fintechs today face a number of hurdles, in addition to applying for banking licenses and communicating with regulators.

The reasons for this development: on the one hand, many fintech companies, which once entered into business without a banking license, or together with licensed cooperation partners, are now so successfully positioned and strategically strong that their regulatory obligations are also growing significantly. On the other hand, supervisory authorities are becoming increasingly meticulous in the fast-growing and rapidly maturing fintech sector. Both trends mean that compliance risks for fintech companies and any partners have increased sharply.

“Whether with or without their own banking licenses, fintech company heads can find non-compliance with regulatory requirements very costly.

Dirk Queisner, Partner, zeb

EBA, BaFin, Bundesbank, ECB have been looking at fintechs for a while

In recent years, the European Banking Authority (EBA) has increasingly analyzed the impact of fintech companies on the European financial services market. In 2018, the EBA published four reports—including an analysis of big data and a “Fintech Roadmap”—and more followed in 2019. EBA, BaFin, Bundesbank, ECB, FATF, ESRB—a large number of supervisory authorities are demanding the implementation of new rules, or adjustment of existing rules.


Currently, about 300 rules per year are relevant for fintechs, regarding implementation.

This flood of external requirements creates enormous pressure on all financial institutions to maintain a clear view of internal requirements. Transparency begins with the procurement and evaluation of all relevant documents and ends with the implementation in the institution; a lack of transparency can quickly prove to be an expensive mistake. Compliance problems can cause additional costs—or even severe penalties and/or manager liability. 

To ensure that fintech companies also meet compliance requirements in the future, the supervisory authorities require effective procedures for identifying and complying with relevant regulations. Fintech companies need independent compliance departments to mitigate risks that could arise from non-compliance. The role of compliance managers is to establish and account for regulatory compliance procedures. They must continually identify new stipulations for which non-compliance could lead to new risks.

The supervisory authorities act with political backing. Politics has an interest in promoting new business models such as fintech services. But politics is also subject to other constraints—such as the principle of the rule of law. The rules of the game—such as Germany’s money-laundering act (Geldwäschegesetz), the Commercial Code, the General Data Protection Regulation, or the regulation governing large exposures and loans (Gro-MiKV)—apply to all institutions.

Supervisory authorities are targeting four critical issues

Supervisory authorities are focusing on four aspects of fintech companies:

  1. Fintechs can quickly suffer from undercapitalization as a result of rapid growth or sustained losses.
  2. They often focus too much on developing new business models rather than risk-consciously managing existing structures.
  3. They often deviate from their initial business plans and therefore ...
  4. underestimate supervisory communication and compliance efforts. And they often have heads with little or no banking experience, at least initially.

Supervisors are now leaving no room for doubt: Legal requirements and compliance requirements apply to traditional banks and fintech companies alike. For this reason, banks that cooperate with fintechs should increasingly ensure that their partners meet all requirements. Regarding data security, money laundering, cybercrime or customer protection, they have to guarantee the compliance of their fintech partners.

Fintech companies need a compliance check-up

In order to avoid problems, unforeseen costs or even penalties, fintech companies have to undergo a compliance check-up. At fintechs with a banking license, zeb examines the regulatory requirements. In the case of fintechs working with an established bank, even more requirements have to be observed: Both the fintech company and the cooperation partner have obligations to the supervisory authorities. zeb can identify critical issues and develop solutions together with the fintech company and the partner company.

After a description of the current situation, zeb carries out a so-called gap analysis. By comparing the documentation with the daily business practice of the fintech company, gaps between practice and codified intentions can be identified. Then, measures to eliminate these gaps are defined and prioritized—also with a view to their consequences for the institution and any partners. The fintech company then sets out to implement a clear roadmap. 

Thanks to its many years of experience, zeb has at its disposal a data set of more than 1,700 supervisory findings that allow important conclusions to be drawn about the focal points of supervisory audits. In addition, zeb has documented many measures initiated by institutions to process findings. As an implementation partner for the minimum requirements for risk management (MaRisk), zeb is very familiar with proportional application, especially for smaller institutions. zeb can thus provide optimum support in the development of farther-reaching measures.