.svg)
Start-ups can get so focused on growth that they can fail to pay enough attention to financial crime risks, panellists at Pay360 suggested, as VIXIO research highlights the real cost of compliance failure to a business.
For years, there has been a boom for fintechs in Europe and regulators have seemingly wanted to encourage this in the promotion of competition and innovation.
However, post-COVID, with increasingly tricky economic headwinds, things have begun to get tougher.
According to VIXIO’s recent survey of compliance professionals, the likely consequence perceived by respondents for poor compliance was loss of reputation (27 percent) and reduced competitive advantage (26 percent).
It is particularly noteworthy that both of these intangible factors were considered more expected consequences than receiving a fine from the regulator (24 percent). Our survey also found that losing competitive advantage was also the most feared consequence of compliance failure, highlighting the deep impact it can have on a business.
For example, promising fintechs such as Railsr have had to face the music of regulators, which has been damaging commercially. In Railsr’s case, it found itself close to collapse before a rescue deal was completed.
When N26 found itself in hot water with German and Italian regulators for anti-money laundering failures, the neobank was given a temporary ban on onboarding new customers and launching new products while it got its house in order.
Solaris Bank too is also reportedly being investigated by the German Federal Financial Supervisory Authority (BaFin).
Speaking at Pay360, panellists appeared to echo this sentiment.
Barclays fintech chief Jenni Himberg-Wild said that she noticed a “real culture of innovation” but questioned whether some firms were considering anti-money laundering and fraud risk as much.
“Think about speed, but what is underneath?” she asked.
Himberg-Wild continued to say that although a product or idea could “look really fantastic” and solve problems for the market, what also needs to be considered is what the underlying risks are.
“Have you thought about the risk, and have you actually created some kind of culture in that organisation that can continually look at that risk?” she said.
This matches with concerns from regulators including the UK’s Financial Conduct Authority (FCA), the Central Bank of Ireland (CBI) and Bank of Lithuania, which have questioned whether payments firms are adhering enough to governance and operational requirements.
The FCA’s recent Dear CEO letter highlighted failures to carry out and/or to evidence adequate know your customer (KYC) and due diligence, failures to review and update risk assessments, and firms being unable to justify and/or verify why their sanction screening solution does not generate alerts against certain names on the UK’s Office of Financial Sanctions Implementation (OFSI) list.
“If you’re a new company or start-up with a crypto platform, what you want to drive here is as many transactions as possible and impress your investors,” said Alan Nagle, chief executive at risk intelligence platform KYP.
“The last thing you want to do is concentrate on compliance where it is stopping transactions taking place,” he noted.
In addition, he added that it is difficult for start-ups to get hold of data from banks, considering that it is a valuable asset.
As start-ups struggle with access to this data and want to make as much money as possible, it can end up being the case that firms think they “can get to that later” when it comes to compliance controls.
This can make these firms a breeding ground for fraudulent activity, he said, adding that fraudsters naturally gravitate towards this area, as they know there is a lack of controls in place, with no data on fraud history.
Himberg-Wild pointed out that it is not always the case that banks do not want to share information.
“There is an awful lot of regulation around the sharing of that information. Be that from financial regulation to data regulation to all sorts of different things. Payments flow cross-border and rules and regulations don’t, so there is an awful lot there that is difficult.”
Fellow panellist Nick Davey of the Payment Systems Regulator suggested that he wanted to see much more data sharing in the industry.
Although cross-border, he acknowledged, is very difficult, a lot of fraud happens domestically and information is not necessarily being shared.
“Lawyers and the ICO [Information Commissioner’s Office] basically said that data protection regulation does not prevent you from sharing data,” he pointed out.
The regulator further agreed that start-ups can be vulnerable to fraudsters. “Quite a lot of these don’t have legacy understanding about fraud and financial crime.”
“Some of these start-ups have got dormant accounts from day one. They don’t know anything about that customer, and then they might be activated two years later,” he said.
These firms need vendors with experience, Davey said, adding that if this is not the case, every time that an innovation takes place, it could end up being vulnerable to fraudulent activity.
