Regulators are imposing new and amended regulations on financial organisations to effectively fight financial crimes such as fraud, money laundering, and terrorist financing. But compliance is no longer ‘just’ about meeting regulatory requirements; it is also about demonstrating the overall good business conduct that is expected in today’s digital world. Accelerated by the COVID-19 pandemic, the explosive growth of digital transactions is presenting financial organisations with the even bigger task of establishing trust-based relationships with their customers, partners, employees, and investors. Therefore, it comes as no surprise that the cost of compliance as a share of revenue is increasing – and many organisations are rapidly approaching their limits. To sustain the growth curve, they need to implement a compliant-by-design operating model that can manage the constant changes effectively. But what does ‘compliant by design’ mean, exactly?
The complex compliance landscape aimed at fighting financial crime will continue to evolve in the years to come. A few of the key developments include:
Parts of the existing AML Directive will be turned into a regulation, making it directly applicable in the Member States. EU-level supervision will be implemented by an EU-wide AML authority, which will develop regulatory technical standards to improve harmonisation. The full rulebook, including the technical standards, is expected to be in force by the end of 2025. All organisations will be required to review their AML controls, with limited room for flexibility.
The EU Digital Identity Wallet, building upon the existing eIDAS regulation, will allow Europeans to store identity-related data and official documents – such as driving licences and educational qualifications – in electronic format. These documents can then be used as digital proof of identity when accessing public and private services.
Whereas the extent to which regulations affect financial organisations was previously largely determined by the risk profile and impact on the financial system, the Digital Finance Strategy introduces a new ‘same activity, same risk, same rules’ principle. This means that all entities involved in a specific regulated activity should be subject to the same rules, regardless of their nature or legal status.
On top of complying with the regulations, a growing number of organisations are self-regulating, meaning they are asking more from their partners than the regulator does. This is aimed at minimising their own risks since they have realised that their reputation is only as strong as the weakest link in the chain.
Customers are also increasingly aware of how their data is used, and they expect organisations to handle their data and privacy with care. This is driving demands for transparency and accountability on corporate values.
We believe that these developments are likely to have a disproportionate impact on fintechs for the following four reasons:
Fintechs have grown organically and tend to lack a clearly defined organisational structure. As they increase in size, they need to overcome the loss of social coherence by implementing a sustainable operating model.
Having outgrown their startup status, they need to settle into their new position in the ecosystem. They are now expected to perform just as reliably as their more established competitors, with a mature organisation and stable performance.
Fintechs tend to have fewer financial assets and resources, making it harder for them to bear the cost of compliance.
Shareholders and investors expect a rapid return on their investments, whereas trust and compliance require fintechs to play the long game.
What we often see when working with fintechs is that compliance requirements tend to be addressed via point solutions. This soon results in a big stack of inefficient and incoherent (and often manual) controls. The organisation quickly loses its ability to scale up and execute its strategy, leading to rapid growth in both complexity and the cost of compliance as a share of the revenue.
A compliant-by-design operating model to fix the problem
We advise fintechs to embed compliance capabilities across their organisation and to embrace a compliant-by-design operating model that enables them to implement new compliance requirements efficiently and effectively – without losing the ability to scale up, execute their strategy and capitalise on future growth.
“A compliant-by-design organisation is structured in such way that it can implement new compliance requirements efficiently and effectively, without losing its ability to scale up and execute its strategy”
A company’s operating model details how it is internally organised to deliver the agreed strategy and envisioned value. It is the representation of all the relevant structures that constitute an organisation and contribute to its success. The operating model is made up of eight elements, as visualised in Figure 1.
Figure 1: Examples of compliance-by-design operating model choices. Source: INNOPAY, Crosslinx ®
Let’s take a closer look at how compliance can be embedded in the various operating model elements, and how this drives organisational performance:
Figure 2: Overview of how compliance capabilities drive organisational performance. Source: INNOPAY, Crosslinx ®
Organisations that view a compliance requirement in isolation are actually only taking a short-term ‘band-aid’ approach which will hold back their growth in the long term. When organisations have a holistic view and understanding of the interrelationships between all the operating model elements, they can turn the elements into concrete levers to achieve their ambitions. For example, when working with fintechs and scaling organisations, we see that they often make compliance the responsibility of a single staff function. However, if you want to embed compliance as a value driver in your modus operandi, it must also be fully embedded in your culture, tools & technology, processes, governance, and ways of working. It is only by addressing all the elements in the operating model that you can build a sustainable compliance capability that allows you to manage requirements and convince the ecosystem that you’re committed and able to live up to expectations.
Fintechs that are bold enough to make the necessary investment in the short term will enjoy diminishing compliance costs as a share of revenue in the long term. Besides enabling them to fight financial crime in line with the regulations, in a broader perspective, a compliant-by-design operating model also helps them to meet the expectations of their ecosystem and build trusted relationships. This will lead to strategic advantage, improved competitive positioning, and better shareholder value. Figure 3 lists the characteristics of a ‘Best in Class’ compliant-by-design organisation.
To remain successful, fintechs must stop viewing compliance as a cost burden and start seeing it as a potential value driver. If they don’t have a clear view of their operating model and how the various components work together, they will continue to rely on point solutions. Therefore, they need a pragmatic, future-proof solution that can grow with them and continue to keep all their stakeholders happy. By developing a compliant-by-design operating model, fintechs will remain scalable – enabling them to capitalise on future growth – and be able to save costs in the long term. Perhaps even more importantly in this era of digital transactions, the model will facilitate the development of trust within their ecosystem.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Josje Fiolet
Abou Marnix de Kroon
Marnix is Senior Consultant at INNOPAY. Through various projects, he gained broad knowledge in the banking, pensions, and insurance sector. He has a strong background in strategy execution projects, incl. complex regulatory implementations (eg BASEL, ECB requirements).
About INNOPAY
INNOPAY is an international consultancy firm specialised in digital transactions. We help companies anywhere in the world to harness the full potential of the digital transactions’ era.
We do this by delivering strategy, product development and implementation support in the domain of Digital Identity, Data Sharing, and Payments. Our services capture the entire strategic and operational spectrum of our client’s business, the technology they deploy, and the way they respond to local and international regulations.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now