In my last post, I discussed the top challenges faced by high-growth organisations to build an effective compliance function and shared four tips on how they can build a strong people pillar to sustain their compliance programme
Today, I’ll bring ideas on how to work your process and technology pillars, based on insights shared by Ade Haffner from PensionBee, Anna O’Shaughnessy from Griffin, Anna Velvet from RegTech Canada, Olus Kayacan from bpost bank, and Shelley Schachter from Mode during our recent webinar.
Processes and technology are increasingly intertwined and achieving cost-efficiency across different businesses and functions usually requires the use of some sort of technology. It wouldn’t be different when you’re trying to establish and scale up an effective compliance programme for a FinTech.
Building a compliance programme from scratch represents a great opportunity, as you’ll have a blank sheet of paper to build upon. Ultimately, you’ll get to define the risk management governance framework and will have the chance to get it right the first time. That can be done in a matter of weeks, while fixing it when it’s been in place already is probably a 2-3 year project for a medium-sized organisation. But that doesn’t mean it’s a simple task.
Learnings from other FinTechs
Here are 6 expert tips, from compliance professionals who have stepped up to the challenge:
1. Automate prompts and controls, and embed them within the systems that are being built for the first line team. At this stage, you can’t afford the luxury of having a big team to manually check things are being done properly. In companies that started pre-RegTech or in its early days, the business gets increasingly frustrated with yet another checklist from compliance. They decide not to use it because it’s not intuitive. Automate as much as possible, and provide handy prompts, such as “give the customer this info now”, or “don’t forget to upload this document here”. Not having to come out of what they’re doing to find the checklist prepared for them - that often goes unused, will make their lives easier, and yours too. Here you can learn more about RegTech best practices and use cases across high-growth organisations.
2. Prioritise your RegTech investments. As much as we’d all like to have it all in place from the start, it is realistically impossible to find the budget to do it, so it means you’ll have to choose what to do first. There is a permanent cost vs. return conversation happening so you’ll have to prioritise what will benefit you the most if brought in at the start, or what will create a bigger problem if not implemented early on. There are different aspects you can consider when doing it: if you know where your biggest compliance risks are, anywhere tech can help you reduce the level of risk could be a priority. Another aspect is: “where does my team spend most of their time”? Helping your team be more effective is always a good reason to invest in technology. In a nutshell, you should consider what will help you mitigate risks and/or save costs and create efficiencies.
3. Don’t wait until the eleventh hour. Try to plan for your RegTech needs and gain executive buy-in for new software before you are drowning. Be proactive and think ahead. You will need time to figure out the best way to implement software. Adoption also takes time. Don’t wait until you’re in trouble to start this discussion. Strategically building your RegTech stack will be a key differentiator when the company starts to scale up, expand into new markets, or create new products that will require compliance agility.
4. Build vs. buy? Previously, you had to build technology yourself to be a financial institution. Now, with the wide adoption of software as a service in the banking industry, you can outsource much of it. You’re still responsible from a regulatory point of view but can transfer out some of the leg work and the heavy lifting to organisations who are specialised in delivering the compliance services that start-ups just don’t have the appetite - or resources - to build and refine from day one. As an example, the process of reporting to investors, regulators and internal teams should be automated because it’s time-consuming and if you get it wrong there’s clear implications to the company, so why not partner with a vendor? There are three aspects you should consider when making a business case for purchasing RegTech. It should be easy to use, bring cost-efficiency and a competitive advantage.
5. Choose your RegTech partners wisely. Picking the right vendor is as important as deciding what to do first, if not more. Make sure that:
- They are a reliable business that will still be there for you 5 years on. Establishing a durable partnership will be beneficial for both companies. Check who they are working with and ask for referrals, if need be. Reputation is key!
- They follow strict processes and won’t represent an operational risk. As you are ultimately responsible from a regulatory standpoint, ensuring they have all the measures in place to prevent data breaches, cybersecurity and personal data violations, for example, will save you a lot of headache.
- Working with them will bring good ROI to the business. Ask them for stats observed by customers with similar profiles and tangible benefits achieved with the implementation of their solution. Each business is different but this information can provide you a benchmark on what to expect.
- They have regulatory expertise, not just technical. When you work with a company that is solely focused on technology, there is a disconnect and translation is needed when outlining requirements and outcomes you’re trying to achieve. If they don't understand what the driver is for compliance, whether that is money laundering or payment services regulations, you will have to put much more time and effort into the project.
- They understand you are a start-up and agree on a flexible fee model, with modular elements - start small and grow. FinTechs have high-growth expectations and want long-term partnerships, based on the outcome they want to achieve, with a solution designed with this in mind. Pick a partner who can offer you that.
6. Scope your RegTech project according to your actual needs. Too many configuration options can freeze a project. Go back to the first step and ask yourself these questions: “What would I be doing from my desk? What needs to be done to achieve my goals? Yes, systems can do more but do I actually need it? Is it effectively going to reduce risk/improve results?” If the answer to the latter is no, think twice!
I know we’re all tired of speaking about COVID and its impacts but reality is, with remote working here to stay and life going increasingly digital, you will definitely need to build a strong mix of software, human aspect and processes in order to establish a robust compliance programme. It is a 3-way solution and these three pillars need to be equally constructed and catered for.
Compliance officers need to be prepared to ride the digital transformation wave and take advantage of it, instead of getting buried into the challenges it can bring to those who are not ready for it. Read our eBook on 10 key trends that will shape compliance in 2022 and stay ahead of the curve!